2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
26 * BlueZ L2CAP core and sockets.
28 * $Id: l2cap.c,v 1.15 2002/09/09 01:14:52 maxk Exp $
32 #include <linux/config.h>
33 #include <linux/module.h>
35 #include <linux/types.h>
36 #include <linux/errno.h>
37 #include <linux/kernel.h>
38 #include <linux/major.h>
39 #include <linux/sched.h>
40 #include <linux/slab.h>
41 #include <linux/poll.h>
42 #include <linux/fcntl.h>
43 #include <linux/init.h>
44 #include <linux/skbuff.h>
45 #include <linux/interrupt.h>
46 #include <linux/socket.h>
47 #include <linux/skbuff.h>
48 #include <linux/proc_fs.h>
49 #include <linux/list.h>
52 #include <asm/system.h>
53 #include <asm/uaccess.h>
54 #include <asm/unaligned.h>
56 #include <net/bluetooth/bluetooth.h>
57 #include <net/bluetooth/hci_core.h>
58 #include <net/bluetooth/l2cap.h>
62 #define BT_DBG( A... )
65 static struct proto_ops l2cap_sock_ops;
67 struct bluez_sock_list l2cap_sk_list = {
68 lock: RW_LOCK_UNLOCKED
71 static int l2cap_conn_del(struct hci_conn *conn, int err);
73 static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent);
74 static void l2cap_chan_del(struct sock *sk, int err);
75 static int l2cap_chan_send(struct sock *sk, struct msghdr *msg, int len);
77 static void __l2cap_sock_close(struct sock *sk, int reason);
78 static void l2cap_sock_close(struct sock *sk);
79 static void l2cap_sock_kill(struct sock *sk);
81 static int l2cap_send_req(struct l2cap_conn *conn, __u8 code, __u16 len, void *data);
82 static int l2cap_send_rsp(struct l2cap_conn *conn, __u8 ident, __u8 code, __u16 len, void *data);
84 /* ----- L2CAP timers ------ */
85 static void l2cap_sock_timeout(unsigned long arg)
87 struct sock *sk = (struct sock *) arg;
89 BT_DBG("sock %p state %d", sk, sk->state);
92 __l2cap_sock_close(sk, ETIMEDOUT);
99 static void l2cap_sock_set_timer(struct sock *sk, long timeout)
101 BT_DBG("sk %p state %d timeout %ld", sk, sk->state, timeout);
103 if (!mod_timer(&sk->timer, jiffies + timeout))
107 static void l2cap_sock_clear_timer(struct sock *sk)
109 BT_DBG("sock %p state %d", sk, sk->state);
111 if (timer_pending(&sk->timer) && del_timer(&sk->timer))
115 static void l2cap_sock_init_timer(struct sock *sk)
117 init_timer(&sk->timer);
118 sk->timer.function = l2cap_sock_timeout;
119 sk->timer.data = (unsigned long)sk;
122 /* -------- L2CAP connections --------- */
123 static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, __u8 status)
125 struct l2cap_conn *conn;
127 if ((conn = hcon->l2cap_data))
133 if (!(conn = kmalloc(sizeof(struct l2cap_conn), GFP_ATOMIC)))
135 memset(conn, 0, sizeof(struct l2cap_conn));
137 hcon->l2cap_data = conn;
140 conn->mtu = hcon->hdev->acl_mtu;
141 conn->src = &hcon->hdev->bdaddr;
142 conn->dst = &hcon->dst;
144 spin_lock_init(&conn->lock);
145 conn->chan_list.lock = RW_LOCK_UNLOCKED;
147 BT_DBG("hcon %p conn %p", hcon, conn);
153 static int l2cap_conn_del(struct hci_conn *hcon, int err)
155 struct l2cap_conn *conn;
158 if (!(conn = hcon->l2cap_data))
161 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
164 kfree_skb(conn->rx_skb);
167 while ((sk = conn->chan_list.head)) {
169 l2cap_chan_del(sk, err);
174 hcon->l2cap_data = NULL;
181 /* -------- Socket interface ---------- */
182 static struct sock *__l2cap_get_sock_by_addr(__u16 psm, bdaddr_t *src)
185 for (sk = l2cap_sk_list.head; sk; sk = sk->next) {
186 if (sk->sport == psm && !bacmp(&bluez_pi(sk)->src, src))
192 /* Find socket with psm and source bdaddr.
193 * Returns closest match.
195 static struct sock *__l2cap_get_sock_by_psm(int state, __u16 psm, bdaddr_t *src)
197 struct sock *sk, *sk1 = NULL;
199 for (sk = l2cap_sk_list.head; sk; sk = sk->next) {
200 if (state && sk->state != state)
203 if (l2cap_pi(sk)->psm == psm) {
205 if (!bacmp(&bluez_pi(sk)->src, src))
209 if (!bacmp(&bluez_pi(sk)->src, BDADDR_ANY))
213 return sk ? sk : sk1;
216 /* Find socket with given address (psm, src).
217 * Returns locked socket */
218 static inline struct sock *l2cap_get_sock_by_psm(int state, __u16 psm, bdaddr_t *src)
221 read_lock(&l2cap_sk_list.lock);
222 s = __l2cap_get_sock_by_psm(state, psm, src);
223 if (s) bh_lock_sock(s);
224 read_unlock(&l2cap_sk_list.lock);
228 static void l2cap_sock_destruct(struct sock *sk)
232 skb_queue_purge(&sk->receive_queue);
233 skb_queue_purge(&sk->write_queue);
238 static void l2cap_sock_cleanup_listen(struct sock *parent)
242 BT_DBG("parent %p", parent);
244 /* Close not yet accepted channels */
245 while ((sk = bluez_accept_dequeue(parent, NULL)))
246 l2cap_sock_close(sk);
248 parent->state = BT_CLOSED;
252 /* Kill socket (only if zapped and orphan)
253 * Must be called on unlocked socket.
255 static void l2cap_sock_kill(struct sock *sk)
257 if (!sk->zapped || sk->socket)
260 BT_DBG("sk %p state %d", sk, sk->state);
262 /* Kill poor orphan */
263 bluez_sock_unlink(&l2cap_sk_list, sk);
270 static void __l2cap_sock_close(struct sock *sk, int reason)
272 BT_DBG("sk %p state %d socket %p", sk, sk->state, sk->socket);
276 l2cap_sock_cleanup_listen(sk);
282 if (sk->type == SOCK_SEQPACKET) {
283 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
284 l2cap_disconn_req req;
286 sk->state = BT_DISCONN;
287 l2cap_sock_set_timer(sk, sk->sndtimeo);
289 req.dcid = __cpu_to_le16(l2cap_pi(sk)->dcid);
290 req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);
291 l2cap_send_req(conn, L2CAP_DISCONN_REQ, L2CAP_DISCONN_REQ_SIZE, &req);
293 l2cap_chan_del(sk, reason);
299 l2cap_chan_del(sk, reason);
308 /* Must be called on unlocked socket. */
309 static void l2cap_sock_close(struct sock *sk)
311 l2cap_sock_clear_timer(sk);
313 __l2cap_sock_close(sk, ECONNRESET);
318 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
320 struct l2cap_pinfo *pi = l2cap_pi(sk);
325 sk->type = parent->type;
326 pi->imtu = l2cap_pi(parent)->imtu;
327 pi->omtu = l2cap_pi(parent)->omtu;
328 pi->link_mode = l2cap_pi(parent)->link_mode;
330 pi->imtu = L2CAP_DEFAULT_MTU;
335 /* Default config options */
336 pi->conf_mtu = L2CAP_DEFAULT_MTU;
337 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
340 static struct sock *l2cap_sock_alloc(struct socket *sock, int proto, int prio)
344 if (!(sk = sk_alloc(PF_BLUETOOTH, prio, 1)))
347 bluez_sock_init(sock, sk);
351 sk->destruct = l2cap_sock_destruct;
352 sk->sndtimeo = L2CAP_CONN_TIMEOUT;
354 sk->protocol = proto;
357 l2cap_sock_init_timer(sk);
359 bluez_sock_link(&l2cap_sk_list, sk);
365 static int l2cap_sock_create(struct socket *sock, int protocol)
369 BT_DBG("sock %p", sock);
371 sock->state = SS_UNCONNECTED;
373 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
374 return -ESOCKTNOSUPPORT;
376 if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
379 sock->ops = &l2cap_sock_ops;
381 if (!(sk = l2cap_sock_alloc(sock, protocol, GFP_KERNEL)))
384 l2cap_sock_init(sk, NULL);
388 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
390 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
391 struct sock *sk = sock->sk;
394 BT_DBG("sk %p, %s %d", sk, batostr(&la->l2_bdaddr), la->l2_psm);
396 if (!addr || addr->sa_family != AF_BLUETOOTH)
401 if (sk->state != BT_OPEN) {
406 write_lock_bh(&l2cap_sk_list.lock);
407 if (la->l2_psm && __l2cap_get_sock_by_addr(la->l2_psm, &la->l2_bdaddr)) {
410 /* Save source address */
411 bacpy(&bluez_pi(sk)->src, &la->l2_bdaddr);
412 l2cap_pi(sk)->psm = la->l2_psm;
413 sk->sport = la->l2_psm;
414 sk->state = BT_BOUND;
416 write_unlock_bh(&l2cap_sk_list.lock);
423 static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
425 struct l2cap_chan_list *l = &conn->chan_list;
426 write_lock(&l->lock);
427 __l2cap_chan_add(conn, sk, parent);
428 write_unlock(&l->lock);
431 static int l2cap_do_connect(struct sock *sk)
433 bdaddr_t *src = &bluez_pi(sk)->src;
434 bdaddr_t *dst = &bluez_pi(sk)->dst;
435 struct l2cap_conn *conn;
436 struct hci_conn *hcon;
437 struct hci_dev *hdev;
440 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst), l2cap_pi(sk)->psm);
442 if (!(hdev = hci_get_route(dst, src)))
443 return -EHOSTUNREACH;
445 hci_dev_lock_bh(hdev);
449 hcon = hci_connect(hdev, ACL_LINK, dst);
453 conn = l2cap_conn_add(hcon, 0);
461 /* Update source addr of the socket */
462 bacpy(src, conn->src);
464 l2cap_chan_add(conn, sk, NULL);
466 sk->state = BT_CONNECT;
467 l2cap_sock_set_timer(sk, sk->sndtimeo);
469 if (hcon->state == BT_CONNECTED) {
470 if (sk->type == SOCK_SEQPACKET) {
472 req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);
473 req.psm = l2cap_pi(sk)->psm;
474 l2cap_send_req(conn, L2CAP_CONN_REQ, L2CAP_CONN_REQ_SIZE, &req);
476 l2cap_sock_clear_timer(sk);
477 sk->state = BT_CONNECTED;
482 hci_dev_unlock_bh(hdev);
487 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
489 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
490 struct sock *sk = sock->sk;
497 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_l2)) {
502 if (sk->type == SOCK_SEQPACKET && !la->l2_psm) {
511 /* Already connecting */
515 /* Already connected */
528 /* Set destination address and psm */
529 bacpy(&bluez_pi(sk)->dst, &la->l2_bdaddr);
530 l2cap_pi(sk)->psm = la->l2_psm;
532 if ((err = l2cap_do_connect(sk)))
536 err = bluez_sock_wait_state(sk, BT_CONNECTED,
537 sock_sndtimeo(sk, flags & O_NONBLOCK));
544 int l2cap_sock_listen(struct socket *sock, int backlog)
546 struct sock *sk = sock->sk;
549 BT_DBG("sk %p backlog %d", sk, backlog);
553 if (sk->state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
558 if (!l2cap_pi(sk)->psm) {
563 sk->max_ack_backlog = backlog;
565 sk->state = BT_LISTEN;
572 int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
574 DECLARE_WAITQUEUE(wait, current);
575 struct sock *sk = sock->sk, *nsk;
581 if (sk->state != BT_LISTEN) {
586 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
588 BT_DBG("sk %p timeo %ld", sk, timeo);
590 /* Wait for an incoming connection. (wake-one). */
591 add_wait_queue_exclusive(sk->sleep, &wait);
592 while (!(nsk = bluez_accept_dequeue(sk, newsock))) {
593 set_current_state(TASK_INTERRUPTIBLE);
600 timeo = schedule_timeout(timeo);
603 if (sk->state != BT_LISTEN) {
608 if (signal_pending(current)) {
609 err = sock_intr_errno(timeo);
613 set_current_state(TASK_RUNNING);
614 remove_wait_queue(sk->sleep, &wait);
619 newsock->state = SS_CONNECTED;
621 BT_DBG("new socket %p", nsk);
628 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
630 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
631 struct sock *sk = sock->sk;
633 BT_DBG("sock %p, sk %p", sock, sk);
635 addr->sa_family = AF_BLUETOOTH;
636 *len = sizeof(struct sockaddr_l2);
639 bacpy(&la->l2_bdaddr, &bluez_pi(sk)->dst);
641 bacpy(&la->l2_bdaddr, &bluez_pi(sk)->src);
643 la->l2_psm = l2cap_pi(sk)->psm;
647 static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg, int len, struct scm_cookie *scm)
649 struct sock *sk = sock->sk;
652 BT_DBG("sock %p, sk %p", sock, sk);
655 return sock_error(sk);
657 if (msg->msg_flags & MSG_OOB)
660 /* Check outgoing MTU */
661 if (len > l2cap_pi(sk)->omtu)
666 if (sk->state == BT_CONNECTED)
667 err = l2cap_chan_send(sk, msg, len);
675 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char *optval, int optlen)
677 struct sock *sk = sock->sk;
678 struct l2cap_options opts;
688 opts.imtu = l2cap_pi(sk)->imtu;
689 opts.omtu = l2cap_pi(sk)->omtu;
690 opts.flush_to = l2cap_pi(sk)->flush_to;
692 len = MIN(sizeof(opts), optlen);
693 if (copy_from_user((char *)&opts, optval, len)) {
697 l2cap_pi(sk)->imtu = opts.imtu;
698 l2cap_pi(sk)->omtu = opts.omtu;
702 if (get_user(opt, (__u32 *)optval)) {
707 l2cap_pi(sk)->link_mode = opt;
719 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char *optval, int *optlen)
721 struct sock *sk = sock->sk;
722 struct l2cap_options opts;
723 struct l2cap_conninfo cinfo;
726 if (get_user(len, optlen))
733 opts.imtu = l2cap_pi(sk)->imtu;
734 opts.omtu = l2cap_pi(sk)->omtu;
735 opts.flush_to = l2cap_pi(sk)->flush_to;
737 len = MIN(len, sizeof(opts));
738 if (copy_to_user(optval, (char *)&opts, len))
744 if (put_user(l2cap_pi(sk)->link_mode, (__u32 *)optval))
749 if (sk->state != BT_CONNECTED) {
754 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
756 len = MIN(len, sizeof(cinfo));
757 if (copy_to_user(optval, (char *)&cinfo, len))
771 static int l2cap_sock_shutdown(struct socket *sock, int how)
773 struct sock *sk = sock->sk;
776 BT_DBG("sock %p, sk %p", sock, sk);
782 sk->shutdown = SHUTDOWN_MASK;
783 l2cap_sock_clear_timer(sk);
784 __l2cap_sock_close(sk, 0);
787 err = bluez_sock_wait_state(sk, BT_CLOSED, sk->lingertime);
793 static int l2cap_sock_release(struct socket *sock)
795 struct sock *sk = sock->sk;
798 BT_DBG("sock %p, sk %p", sock, sk);
802 err = l2cap_sock_shutdown(sock, 2);
809 /* --------- L2CAP channels --------- */
810 static struct sock * __l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, __u16 cid)
813 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
814 if (l2cap_pi(s)->dcid == cid)
820 static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, __u16 cid)
823 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
824 if (l2cap_pi(s)->scid == cid)
830 /* Find channel with given SCID.
831 * Returns locked socket */
832 static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, __u16 cid)
836 s = __l2cap_get_chan_by_scid(l, cid);
837 if (s) bh_lock_sock(s);
838 read_unlock(&l->lock);
842 static __u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
846 for (; cid < 0xffff; cid++) {
847 if(!__l2cap_get_chan_by_scid(l, cid))
854 static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
859 l2cap_pi(l->head)->prev_c = sk;
861 l2cap_pi(sk)->next_c = l->head;
862 l2cap_pi(sk)->prev_c = NULL;
866 static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
868 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
870 write_lock(&l->lock);
875 l2cap_pi(next)->prev_c = prev;
877 l2cap_pi(prev)->next_c = next;
878 write_unlock(&l->lock);
883 static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
885 struct l2cap_chan_list *l = &conn->chan_list;
887 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
889 l2cap_pi(sk)->conn = conn;
891 if (sk->type == SOCK_SEQPACKET) {
892 /* Alloc CID for connection-oriented socket */
893 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
894 } else if (sk->type == SOCK_DGRAM) {
895 /* Connectionless socket */
896 l2cap_pi(sk)->scid = 0x0002;
897 l2cap_pi(sk)->dcid = 0x0002;
898 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
900 /* Raw socket can send/recv signalling messages only */
901 l2cap_pi(sk)->scid = 0x0001;
902 l2cap_pi(sk)->dcid = 0x0001;
903 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
906 __l2cap_chan_link(l, sk);
909 bluez_accept_enqueue(parent, sk);
913 * Must be called on the locked socket. */
914 static void l2cap_chan_del(struct sock *sk, int err)
916 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
917 struct sock *parent = bluez_pi(sk)->parent;
919 l2cap_sock_clear_timer(sk);
921 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
924 /* Unlink from channel list */
925 l2cap_chan_unlink(&conn->chan_list, sk);
926 l2cap_pi(sk)->conn = NULL;
927 hci_conn_put(conn->hcon);
930 sk->state = BT_CLOSED;
937 parent->data_ready(parent, 0);
939 sk->state_change(sk);
942 static void l2cap_conn_ready(struct l2cap_conn *conn)
944 struct l2cap_chan_list *l = &conn->chan_list;
947 BT_DBG("conn %p", conn);
951 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
954 if (sk->type != SOCK_SEQPACKET) {
955 l2cap_sock_clear_timer(sk);
956 sk->state = BT_CONNECTED;
957 sk->state_change(sk);
958 } else if (sk->state == BT_CONNECT) {
960 req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);
961 req.psm = l2cap_pi(sk)->psm;
962 l2cap_send_req(conn, L2CAP_CONN_REQ, L2CAP_CONN_REQ_SIZE, &req);
968 read_unlock(&l->lock);
971 /* Notify sockets that we cannot guaranty reliability anymore */
972 static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
974 struct l2cap_chan_list *l = &conn->chan_list;
977 BT_DBG("conn %p", conn);
980 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
981 if (l2cap_pi(sk)->link_mode & L2CAP_LM_RELIABLE)
984 read_unlock(&l->lock);
987 static void l2cap_chan_ready(struct sock *sk)
989 struct sock *parent = bluez_pi(sk)->parent;
991 BT_DBG("sk %p, parent %p", sk, parent);
993 l2cap_pi(sk)->conf_state = 0;
994 l2cap_sock_clear_timer(sk);
998 * Wake up socket sleeping on connect.
1000 sk->state = BT_CONNECTED;
1001 sk->state_change(sk);
1003 /* Incomming channel.
1004 * Wake up socket sleeping on accept.
1006 parent->data_ready(parent, 0);
1010 /* Copy frame to all raw sockets on that connection */
1011 void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1013 struct l2cap_chan_list *l = &conn->chan_list;
1014 struct sk_buff *nskb;
1017 BT_DBG("conn %p", conn);
1019 read_lock(&l->lock);
1020 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1021 if (sk->type != SOCK_RAW)
1024 /* Don't send frame to the socket it came from */
1028 if (!(nskb = skb_clone(skb, GFP_ATOMIC)))
1031 if (sock_queue_rcv_skb(sk, nskb))
1034 read_unlock(&l->lock);
1037 static int l2cap_chan_send(struct sock *sk, struct msghdr *msg, int len)
1039 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1040 struct sk_buff *skb, **frag;
1041 int err, hlen, count, sent=0;
1044 BT_DBG("sk %p len %d", sk, len);
1046 /* First fragment (with L2CAP header) */
1047 if (sk->type == SOCK_DGRAM)
1048 hlen = L2CAP_HDR_SIZE + 2;
1050 hlen = L2CAP_HDR_SIZE;
1052 count = MIN(conn->mtu - hlen, len);
1054 skb = bluez_skb_send_alloc(sk, hlen + count,
1055 msg->msg_flags & MSG_DONTWAIT, &err);
1059 /* Create L2CAP header */
1060 lh = (l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1061 lh->cid = __cpu_to_le16(l2cap_pi(sk)->dcid);
1062 lh->len = __cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1064 if (sk->type == SOCK_DGRAM)
1065 put_unaligned(l2cap_pi(sk)->psm, (__u16 *) skb_put(skb, 2));
1067 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
1075 /* Continuation fragments (no L2CAP header) */
1076 frag = &skb_shinfo(skb)->frag_list;
1078 count = MIN(conn->mtu, len);
1080 *frag = bluez_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1084 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count)) {
1092 frag = &(*frag)->next;
1095 if ((err = hci_send_acl(conn->hcon, skb, 0)) < 0)
1105 /* --------- L2CAP signalling commands --------- */
1106 static inline __u8 l2cap_get_ident(struct l2cap_conn *conn)
1110 /* Get next available identificator.
1111 * 1 - 199 are used by kernel.
1112 * 200 - 254 are used by utilities like l2ping, etc
1115 spin_lock(&conn->lock);
1117 if (++conn->tx_ident > 199)
1120 id = conn->tx_ident;
1122 spin_unlock(&conn->lock);
1127 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1128 __u8 code, __u8 ident, __u16 dlen, void *data)
1130 struct sk_buff *skb, **frag;
1135 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d", conn, code, ident, dlen);
1137 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1138 count = MIN(conn->mtu, len);
1140 skb = bluez_skb_alloc(count, GFP_ATOMIC);
1144 lh = (l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1145 lh->len = __cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
1146 lh->cid = __cpu_to_le16(0x0001);
1148 cmd = (l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1151 cmd->len = __cpu_to_le16(dlen);
1154 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1155 memcpy(skb_put(skb, count), data, count);
1161 /* Continuation fragments (no L2CAP header) */
1162 frag = &skb_shinfo(skb)->frag_list;
1164 count = MIN(conn->mtu, len);
1166 *frag = bluez_skb_alloc(count, GFP_ATOMIC);
1170 memcpy(skb_put(*frag, count), data, count);
1175 frag = &(*frag)->next;
1185 static int l2cap_send_req(struct l2cap_conn *conn, __u8 code, __u16 len, void *data)
1187 __u8 ident = l2cap_get_ident(conn);
1188 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
1190 BT_DBG("code 0x%2.2x", code);
1194 return hci_send_acl(conn->hcon, skb, 0);
1197 static int l2cap_send_rsp(struct l2cap_conn *conn, __u8 ident, __u8 code, __u16 len, void *data)
1199 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
1201 BT_DBG("code 0x%2.2x", code);
1205 return hci_send_acl(conn->hcon, skb, 0);
1208 static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1210 l2cap_conf_opt *opt = *ptr;
1213 len = L2CAP_CONF_OPT_SIZE + opt->len;
1221 *val = *((__u8 *) opt->val);
1225 *val = __le16_to_cpu(*((__u16 *)opt->val));
1229 *val = __le32_to_cpu(*((__u32 *)opt->val));
1233 *val = (unsigned long) opt->val;
1237 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1241 static inline void l2cap_parse_conf_req(struct sock *sk, void *data, int len)
1243 int type, hint, olen;
1247 BT_DBG("sk %p len %d", sk, len);
1249 while (len >= L2CAP_CONF_OPT_SIZE) {
1250 len -= l2cap_get_conf_opt(&ptr, &type, &olen, &val);
1256 case L2CAP_CONF_MTU:
1257 l2cap_pi(sk)->conf_mtu = val;
1260 case L2CAP_CONF_FLUSH_TO:
1261 l2cap_pi(sk)->flush_to = val;
1264 case L2CAP_CONF_QOS:
1271 /* FIXME: Reject unknown option */
1277 static void l2cap_add_conf_opt(void **ptr, __u8 type, __u8 len, unsigned long val)
1279 register l2cap_conf_opt *opt = *ptr;
1281 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1288 *((__u8 *) opt->val) = val;
1292 *((__u16 *) opt->val) = __cpu_to_le16(val);
1296 *((__u32 *) opt->val) = __cpu_to_le32(val);
1300 memcpy(opt->val, (void *) val, len);
1304 *ptr += L2CAP_CONF_OPT_SIZE + len;
1307 static int l2cap_build_conf_req(struct sock *sk, void *data)
1309 struct l2cap_pinfo *pi = l2cap_pi(sk);
1310 l2cap_conf_req *req = (l2cap_conf_req *) data;
1311 void *ptr = req->data;
1313 BT_DBG("sk %p", sk);
1315 if (pi->imtu != L2CAP_DEFAULT_MTU)
1316 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
1318 /* FIXME. Need actual value of the flush timeout */
1319 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
1320 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
1322 req->dcid = __cpu_to_le16(pi->dcid);
1323 req->flags = __cpu_to_le16(0);
1328 static inline int l2cap_conf_output(struct sock *sk, void **ptr)
1330 struct l2cap_pinfo *pi = l2cap_pi(sk);
1333 /* Configure output options and let the other side know
1334 * which ones we don't like.
1336 if (pi->conf_mtu < pi->omtu) {
1337 l2cap_add_conf_opt(ptr, L2CAP_CONF_MTU, 2, pi->omtu);
1338 result = L2CAP_CONF_UNACCEPT;
1340 pi->omtu = pi->conf_mtu;
1343 BT_DBG("sk %p result %d", sk, result);
1347 static int l2cap_build_conf_rsp(struct sock *sk, void *data, int *result)
1349 l2cap_conf_rsp *rsp = (l2cap_conf_rsp *) data;
1350 void *ptr = rsp->data;
1353 BT_DBG("sk %p complete %d", sk, result ? 1 : 0);
1356 *result = l2cap_conf_output(sk, &ptr);
1360 rsp->scid = __cpu_to_le16(l2cap_pi(sk)->dcid);
1361 rsp->result = __cpu_to_le16(result ? *result : 0);
1362 rsp->flags = __cpu_to_le16(flags);
1367 static inline int l2cap_connect_req(struct l2cap_conn *conn, l2cap_cmd_hdr *cmd, __u8 *data)
1369 struct l2cap_chan_list *list = &conn->chan_list;
1370 l2cap_conn_req *req = (l2cap_conn_req *) data;
1372 struct sock *sk, *parent;
1373 int result = 0, status = 0;
1375 __u16 dcid = 0, scid = __le16_to_cpu(req->scid);
1376 __u16 psm = req->psm;
1378 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
1380 /* Check if we have socket listening on psm */
1381 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
1383 result = L2CAP_CR_BAD_PSM;
1387 result = L2CAP_CR_NO_MEM;
1389 /* Check for backlog size */
1390 if (parent->ack_backlog > parent->max_ack_backlog) {
1391 BT_DBG("backlog full %d", parent->ack_backlog);
1395 sk = l2cap_sock_alloc(NULL, BTPROTO_L2CAP, GFP_ATOMIC);
1399 write_lock(&list->lock);
1401 /* Check if we already have channel with that dcid */
1402 if (__l2cap_get_chan_by_dcid(list, scid)) {
1403 write_unlock(&list->lock);
1405 l2cap_sock_kill(sk);
1409 hci_conn_hold(conn->hcon);
1411 l2cap_sock_init(sk, parent);
1412 bacpy(&bluez_pi(sk)->src, conn->src);
1413 bacpy(&bluez_pi(sk)->dst, conn->dst);
1414 l2cap_pi(sk)->psm = psm;
1415 l2cap_pi(sk)->dcid = scid;
1417 __l2cap_chan_add(conn, sk, parent);
1418 dcid = l2cap_pi(sk)->scid;
1420 l2cap_sock_set_timer(sk, sk->sndtimeo);
1422 /* Service level security */
1423 result = L2CAP_CR_PEND;
1424 status = L2CAP_CS_AUTHEN_PEND;
1425 sk->state = BT_CONNECT2;
1426 l2cap_pi(sk)->ident = cmd->ident;
1428 if (l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT) {
1429 if (!hci_conn_encrypt(conn->hcon))
1431 } else if (l2cap_pi(sk)->link_mode & L2CAP_LM_AUTH) {
1432 if (!hci_conn_auth(conn->hcon))
1436 sk->state = BT_CONFIG;
1437 result = status = 0;
1440 write_unlock(&list->lock);
1443 bh_unlock_sock(parent);
1446 rsp.scid = __cpu_to_le16(scid);
1447 rsp.dcid = __cpu_to_le16(dcid);
1448 rsp.result = __cpu_to_le16(result);
1449 rsp.status = __cpu_to_le16(status);
1450 l2cap_send_rsp(conn, cmd->ident, L2CAP_CONN_RSP, L2CAP_CONN_RSP_SIZE, &rsp);
1454 static inline int l2cap_connect_rsp(struct l2cap_conn *conn, l2cap_cmd_hdr *cmd, __u8 *data)
1456 l2cap_conn_rsp *rsp = (l2cap_conn_rsp *) data;
1457 __u16 scid, dcid, result, status;
1461 scid = __le16_to_cpu(rsp->scid);
1462 dcid = __le16_to_cpu(rsp->dcid);
1463 result = __le16_to_cpu(rsp->result);
1464 status = __le16_to_cpu(rsp->status);
1466 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
1468 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1472 case L2CAP_CR_SUCCESS:
1473 sk->state = BT_CONFIG;
1474 l2cap_pi(sk)->dcid = dcid;
1475 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
1477 l2cap_send_req(conn, L2CAP_CONF_REQ, l2cap_build_conf_req(sk, req), req);
1484 l2cap_chan_del(sk, ECONNREFUSED);
1492 static inline int l2cap_config_req(struct l2cap_conn *conn, l2cap_cmd_hdr *cmd, __u8 *data)
1494 l2cap_conf_req * req = (l2cap_conf_req *) data;
1500 dcid = __le16_to_cpu(req->dcid);
1501 flags = __le16_to_cpu(req->flags);
1503 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
1505 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
1508 l2cap_parse_conf_req(sk, req->data, cmd->len - L2CAP_CONF_REQ_SIZE);
1510 if (flags & 0x0001) {
1511 /* Incomplete config. Send empty response. */
1512 l2cap_send_rsp(conn, cmd->ident, L2CAP_CONF_RSP, l2cap_build_conf_rsp(sk, rsp, NULL), rsp);
1516 /* Complete config. */
1517 l2cap_send_rsp(conn, cmd->ident, L2CAP_CONF_RSP, l2cap_build_conf_rsp(sk, rsp, &result), rsp);
1522 /* Output config done */
1523 l2cap_pi(sk)->conf_state |= L2CAP_CONF_OUTPUT_DONE;
1525 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
1526 sk->state = BT_CONNECTED;
1527 l2cap_chan_ready(sk);
1528 } else if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
1530 l2cap_send_req(conn, L2CAP_CONF_REQ, l2cap_build_conf_req(sk, req), req);
1538 static inline int l2cap_config_rsp(struct l2cap_conn *conn, l2cap_cmd_hdr *cmd, __u8 *data)
1540 l2cap_conf_rsp *rsp = (l2cap_conf_rsp *)data;
1541 __u16 scid, flags, result;
1545 scid = __le16_to_cpu(rsp->scid);
1546 flags = __le16_to_cpu(rsp->flags);
1547 result = __le16_to_cpu(rsp->result);
1549 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x", scid, flags, result);
1551 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1555 case L2CAP_CONF_SUCCESS:
1558 case L2CAP_CONF_UNACCEPT:
1559 if (++l2cap_pi(sk)->conf_retry < L2CAP_CONF_MAX_RETRIES) {
1562 It does not make sense to adjust L2CAP parameters
1563 that are currently defined in the spec. We simply
1564 resend config request that we sent earlier. It is
1565 stupid :) but it helps qualification testing
1566 which expects at least some response from us.
1568 l2cap_send_req(conn, L2CAP_CONF_REQ,
1569 l2cap_build_conf_req(sk, req), req);
1573 sk->state = BT_DISCONN;
1574 sk->err = ECONNRESET;
1575 l2cap_sock_set_timer(sk, HZ * 5);
1577 l2cap_disconn_req req;
1578 req.dcid = __cpu_to_le16(l2cap_pi(sk)->dcid);
1579 req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);
1580 l2cap_send_req(conn, L2CAP_DISCONN_REQ, L2CAP_DISCONN_REQ_SIZE, &req);
1588 /* Input config done */
1589 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
1591 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
1592 sk->state = BT_CONNECTED;
1593 l2cap_chan_ready(sk);
1601 static inline int l2cap_disconnect_req(struct l2cap_conn *conn, l2cap_cmd_hdr *cmd, __u8 *data)
1603 l2cap_disconn_req *req = (l2cap_disconn_req *) data;
1604 l2cap_disconn_rsp rsp;
1608 scid = __le16_to_cpu(req->scid);
1609 dcid = __le16_to_cpu(req->dcid);
1611 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
1613 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
1616 rsp.dcid = __cpu_to_le16(l2cap_pi(sk)->scid);
1617 rsp.scid = __cpu_to_le16(l2cap_pi(sk)->dcid);
1618 l2cap_send_rsp(conn, cmd->ident, L2CAP_DISCONN_RSP, L2CAP_DISCONN_RSP_SIZE, &rsp);
1620 sk->shutdown = SHUTDOWN_MASK;
1622 l2cap_chan_del(sk, ECONNRESET);
1625 l2cap_sock_kill(sk);
1629 static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, l2cap_cmd_hdr *cmd, __u8 *data)
1631 l2cap_disconn_rsp *rsp = (l2cap_disconn_rsp *) data;
1635 scid = __le16_to_cpu(rsp->scid);
1636 dcid = __le16_to_cpu(rsp->dcid);
1638 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
1640 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1642 l2cap_chan_del(sk, 0);
1645 l2cap_sock_kill(sk);
1649 static inline int l2cap_information_req(struct l2cap_conn *conn, l2cap_cmd_hdr *cmd, u8 *data)
1651 l2cap_info_req *req = (l2cap_info_req *) data;
1655 type = __le16_to_cpu(req->type);
1657 BT_DBG("type 0x%4.4x", type);
1659 rsp.type = __cpu_to_le16(type);
1660 rsp.result = __cpu_to_le16(L2CAP_IR_NOTSUPP);
1661 l2cap_send_rsp(conn, cmd->ident, L2CAP_INFO_RSP, sizeof(rsp), &rsp);
1665 static inline int l2cap_information_rsp(struct l2cap_conn *conn, l2cap_cmd_hdr *cmd, u8 *data)
1667 l2cap_info_rsp *rsp = (l2cap_info_rsp *) data;
1670 type = __le16_to_cpu(rsp->type);
1671 result = __le16_to_cpu(rsp->result);
1673 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
1678 static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
1680 __u8 *data = skb->data;
1685 l2cap_raw_recv(conn, skb);
1687 while (len >= L2CAP_CMD_HDR_SIZE) {
1688 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
1689 data += L2CAP_CMD_HDR_SIZE;
1690 len -= L2CAP_CMD_HDR_SIZE;
1692 cmd.len = __le16_to_cpu(cmd.len);
1694 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd.len, cmd.ident);
1696 if (cmd.len > len || !cmd.ident) {
1697 BT_DBG("corrupted command");
1702 case L2CAP_COMMAND_REJ:
1703 /* FIXME: We should process this */
1706 case L2CAP_CONN_REQ:
1707 err = l2cap_connect_req(conn, &cmd, data);
1710 case L2CAP_CONN_RSP:
1711 err = l2cap_connect_rsp(conn, &cmd, data);
1714 case L2CAP_CONF_REQ:
1715 err = l2cap_config_req(conn, &cmd, data);
1718 case L2CAP_CONF_RSP:
1719 err = l2cap_config_rsp(conn, &cmd, data);
1722 case L2CAP_DISCONN_REQ:
1723 err = l2cap_disconnect_req(conn, &cmd, data);
1726 case L2CAP_DISCONN_RSP:
1727 err = l2cap_disconnect_rsp(conn, &cmd, data);
1730 case L2CAP_ECHO_REQ:
1731 l2cap_send_rsp(conn, cmd.ident, L2CAP_ECHO_RSP, cmd.len, data);
1734 case L2CAP_ECHO_RSP:
1737 case L2CAP_INFO_REQ:
1738 err = l2cap_information_req(conn, &cmd, data);
1741 case L2CAP_INFO_RSP:
1742 err = l2cap_information_rsp(conn, &cmd, data);
1746 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
1753 BT_DBG("error %d", err);
1755 /* FIXME: Map err to a valid reason */
1756 rej.reason = __cpu_to_le16(0);
1757 l2cap_send_rsp(conn, cmd.ident, L2CAP_COMMAND_REJ, L2CAP_CMD_REJ_SIZE, &rej);
1767 static inline int l2cap_data_channel(struct l2cap_conn *conn, __u16 cid, struct sk_buff *skb)
1771 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
1773 BT_DBG("unknown cid 0x%4.4x", cid);
1777 BT_DBG("sk %p, len %d", sk, skb->len);
1779 if (sk->state != BT_CONNECTED)
1782 if (l2cap_pi(sk)->imtu < skb->len)
1785 /* If socket recv buffers overflows we drop data here
1786 * which is *bad* because L2CAP has to be reliable.
1787 * But we don't have any other choice. L2CAP doesn't
1788 * provide flow control mechanism */
1790 if (!sock_queue_rcv_skb(sk, skb))
1797 if (sk) bh_unlock_sock(sk);
1801 static inline int l2cap_conless_channel(struct l2cap_conn *conn, __u16 psm, struct sk_buff *skb)
1805 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
1809 BT_DBG("sk %p, len %d", sk, skb->len);
1811 if (sk->state != BT_BOUND && sk->state != BT_CONNECTED)
1814 if (l2cap_pi(sk)->imtu < skb->len)
1817 if (!sock_queue_rcv_skb(sk, skb))
1824 if (sk) bh_unlock_sock(sk);
1828 static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
1830 l2cap_hdr *lh = (l2cap_hdr *) skb->data;
1831 __u16 cid, psm, len;
1833 skb_pull(skb, L2CAP_HDR_SIZE);
1834 cid = __le16_to_cpu(lh->cid);
1835 len = __le16_to_cpu(lh->len);
1837 BT_DBG("len %d, cid 0x%4.4x", len, cid);
1841 l2cap_sig_channel(conn, skb);
1845 psm = get_unaligned((__u16 *) skb->data);
1847 l2cap_conless_channel(conn, psm, skb);
1851 l2cap_data_channel(conn, cid, skb);
1856 /* ------------ L2CAP interface with lower layer (HCI) ------------- */
1858 static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 type)
1860 int exact = 0, lm1 = 0, lm2 = 0;
1861 register struct sock *sk;
1863 if (type != ACL_LINK)
1866 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
1868 /* Find listening sockets and check their link_mode */
1869 read_lock(&l2cap_sk_list.lock);
1870 for (sk = l2cap_sk_list.head; sk; sk = sk->next) {
1871 if (sk->state != BT_LISTEN)
1874 if (!bacmp(&bluez_pi(sk)->src, &hdev->bdaddr)) {
1875 lm1 |= (HCI_LM_ACCEPT | l2cap_pi(sk)->link_mode);
1877 } else if (!bacmp(&bluez_pi(sk)->src, BDADDR_ANY))
1878 lm2 |= (HCI_LM_ACCEPT | l2cap_pi(sk)->link_mode);
1880 read_unlock(&l2cap_sk_list.lock);
1882 return exact ? lm1 : lm2;
1885 static int l2cap_connect_cfm(struct hci_conn *hcon, __u8 status)
1887 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
1889 if (hcon->type != ACL_LINK)
1893 struct l2cap_conn *conn;
1895 conn = l2cap_conn_add(hcon, status);
1897 l2cap_conn_ready(conn);
1899 l2cap_conn_del(hcon, bterr(status));
1904 static int l2cap_disconn_ind(struct hci_conn *hcon, __u8 reason)
1906 BT_DBG("hcon %p reason %d", hcon, reason);
1908 if (hcon->type != ACL_LINK)
1911 l2cap_conn_del(hcon, bterr(reason));
1915 static int l2cap_auth_cfm(struct hci_conn *hcon, __u8 status)
1917 struct l2cap_chan_list *l;
1918 struct l2cap_conn *conn;
1923 if (!(conn = hcon->l2cap_data))
1925 l = &conn->chan_list;
1927 BT_DBG("conn %p", conn);
1929 read_lock(&l->lock);
1931 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1934 if (sk->state != BT_CONNECT2 ||
1935 (l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT)) {
1941 sk->state = BT_CONFIG;
1944 sk->state = BT_DISCONN;
1945 l2cap_sock_set_timer(sk, HZ/10);
1946 result = L2CAP_CR_SEC_BLOCK;
1949 rsp.scid = __cpu_to_le16(l2cap_pi(sk)->dcid);
1950 rsp.dcid = __cpu_to_le16(l2cap_pi(sk)->scid);
1951 rsp.result = __cpu_to_le16(result);
1952 rsp.status = __cpu_to_le16(0);
1953 l2cap_send_rsp(conn, l2cap_pi(sk)->ident, L2CAP_CONN_RSP,
1954 L2CAP_CONN_RSP_SIZE, &rsp);
1959 read_unlock(&l->lock);
1963 static int l2cap_encrypt_cfm(struct hci_conn *hcon, __u8 status)
1965 struct l2cap_chan_list *l;
1966 struct l2cap_conn *conn;
1971 if (!(conn = hcon->l2cap_data))
1973 l = &conn->chan_list;
1975 BT_DBG("conn %p", conn);
1977 read_lock(&l->lock);
1979 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1982 if (sk->state != BT_CONNECT2) {
1988 sk->state = BT_CONFIG;
1991 sk->state = BT_DISCONN;
1992 l2cap_sock_set_timer(sk, HZ/10);
1993 result = L2CAP_CR_SEC_BLOCK;
1996 rsp.scid = __cpu_to_le16(l2cap_pi(sk)->dcid);
1997 rsp.dcid = __cpu_to_le16(l2cap_pi(sk)->scid);
1998 rsp.result = __cpu_to_le16(result);
1999 rsp.status = __cpu_to_le16(0);
2000 l2cap_send_rsp(conn, l2cap_pi(sk)->ident, L2CAP_CONN_RSP,
2001 L2CAP_CONN_RSP_SIZE, &rsp);
2006 read_unlock(&l->lock);
2010 static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, __u16 flags)
2012 struct l2cap_conn *conn = hcon->l2cap_data;
2014 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
2017 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
2019 if (flags & ACL_START) {
2024 BT_ERR("Unexpected start frame (len %d)", skb->len);
2025 kfree_skb(conn->rx_skb);
2026 conn->rx_skb = NULL;
2028 l2cap_conn_unreliable(conn, ECOMM);
2032 BT_ERR("Frame is too short (len %d)", skb->len);
2033 l2cap_conn_unreliable(conn, ECOMM);
2037 hdr = (l2cap_hdr *) skb->data;
2038 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
2040 if (len == skb->len) {
2041 /* Complete frame received */
2042 l2cap_recv_frame(conn, skb);
2046 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
2048 if (skb->len > len) {
2049 BT_ERR("Frame is too long (len %d, expected len %d)",
2051 l2cap_conn_unreliable(conn, ECOMM);
2055 /* Allocate skb for the complete frame including header */
2056 conn->rx_skb = bluez_skb_alloc(len, GFP_ATOMIC);
2060 memcpy(skb_put(conn->rx_skb, skb->len), skb->data, skb->len);
2061 conn->rx_len = len - skb->len;
2063 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
2065 if (!conn->rx_len) {
2066 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
2067 l2cap_conn_unreliable(conn, ECOMM);
2071 if (skb->len > conn->rx_len) {
2072 BT_ERR("Fragment is too long (len %d, expected %d)",
2073 skb->len, conn->rx_len);
2074 kfree_skb(conn->rx_skb);
2075 conn->rx_skb = NULL;
2077 l2cap_conn_unreliable(conn, ECOMM);
2081 memcpy(skb_put(conn->rx_skb, skb->len), skb->data, skb->len);
2082 conn->rx_len -= skb->len;
2084 if (!conn->rx_len) {
2085 /* Complete frame received */
2086 l2cap_recv_frame(conn, conn->rx_skb);
2087 conn->rx_skb = NULL;
2096 /* ----- Proc fs support ------ */
2097 static int l2cap_sock_dump(char *buf, struct bluez_sock_list *list)
2099 struct l2cap_pinfo *pi;
2103 read_lock_bh(&list->lock);
2105 for (sk = list->head; sk; sk = sk->next) {
2107 ptr += sprintf(ptr, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d 0x%x\n",
2108 batostr(&bluez_pi(sk)->src), batostr(&bluez_pi(sk)->dst),
2109 sk->state, pi->psm, pi->scid, pi->dcid, pi->imtu, pi->omtu,
2113 read_unlock_bh(&list->lock);
2115 ptr += sprintf(ptr, "\n");
2119 static int l2cap_read_proc(char *buf, char **start, off_t offset, int count, int *eof, void *priv)
2124 BT_DBG("count %d, offset %ld", count, offset);
2126 ptr += l2cap_sock_dump(ptr, &l2cap_sk_list);
2129 if (len <= count + offset)
2132 *start = buf + offset;
2143 static struct proto_ops l2cap_sock_ops = {
2144 family: PF_BLUETOOTH,
2145 release: l2cap_sock_release,
2146 bind: l2cap_sock_bind,
2147 connect: l2cap_sock_connect,
2148 listen: l2cap_sock_listen,
2149 accept: l2cap_sock_accept,
2150 getname: l2cap_sock_getname,
2151 sendmsg: l2cap_sock_sendmsg,
2152 recvmsg: bluez_sock_recvmsg,
2153 poll: bluez_sock_poll,
2154 socketpair: sock_no_socketpair,
2155 ioctl: sock_no_ioctl,
2156 shutdown: l2cap_sock_shutdown,
2157 setsockopt: l2cap_sock_setsockopt,
2158 getsockopt: l2cap_sock_getsockopt,
2162 static struct net_proto_family l2cap_sock_family_ops = {
2163 family: PF_BLUETOOTH,
2164 create: l2cap_sock_create
2167 static struct hci_proto l2cap_hci_proto = {
2169 id: HCI_PROTO_L2CAP,
2170 connect_ind: l2cap_connect_ind,
2171 connect_cfm: l2cap_connect_cfm,
2172 disconn_ind: l2cap_disconn_ind,
2173 recv_acldata: l2cap_recv_acldata,
2174 auth_cfm: l2cap_auth_cfm,
2175 encrypt_cfm: l2cap_encrypt_cfm
2178 int __init l2cap_init(void)
2182 if ((err = bluez_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops))) {
2183 BT_ERR("Can't register L2CAP socket");
2187 if ((err = hci_register_proto(&l2cap_hci_proto))) {
2188 BT_ERR("Can't register L2CAP protocol");
2192 create_proc_read_entry("bluetooth/l2cap", 0, 0, l2cap_read_proc, NULL);
2194 BT_INFO("BlueZ L2CAP ver %s Copyright (C) 2000,2001 Qualcomm Inc", VERSION);
2195 BT_INFO("Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>");
2199 void l2cap_cleanup(void)
2201 remove_proc_entry("bluetooth/l2cap", NULL);
2203 /* Unregister socket and protocol */
2204 if (bluez_sock_unregister(BTPROTO_L2CAP))
2205 BT_ERR("Can't unregister L2CAP socket");
2207 if (hci_unregister_proto(&l2cap_hci_proto))
2208 BT_ERR("Can't unregister L2CAP protocol");
2211 void l2cap_load(void)
2213 /* Dummy function to trigger automatic L2CAP module loading by
2214 other modules that use L2CAP sockets but do not use any other
2219 EXPORT_SYMBOL(l2cap_load);
2221 module_init(l2cap_init);
2222 module_exit(l2cap_cleanup);
2224 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>");
2225 MODULE_DESCRIPTION("BlueZ L2CAP ver " VERSION);
2226 MODULE_LICENSE("GPL");
projects / linux-2.4.git / blob