2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
41 #include <asm/system.h>
42 #include <asm/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
48 #ifndef CONFIG_BT_HCI_CORE_DEBUG
53 /* Handle HCI Event packets */
55 /* Command Complete OGF LINK_CTL */
56 static void hci_cc_link_ctl(struct hci_dev *hdev, __u16 ocf, struct sk_buff *skb)
59 struct hci_conn *pend;
61 BT_DBG("%s ocf 0x%x", hdev->name, ocf);
64 case OCF_INQUIRY_CANCEL:
65 case OCF_EXIT_PERIODIC_INQ:
66 status = *((__u8 *) skb->data);
69 BT_DBG("%s Inquiry cancel error: status 0x%x", hdev->name, status);
71 clear_bit(HCI_INQUIRY, &hdev->flags);
72 hci_req_complete(hdev, status);
77 pend = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
79 hci_acl_connect(pend);
86 BT_DBG("%s Command complete: ogf LINK_CTL ocf %x", hdev->name, ocf);
91 /* Command Complete OGF LINK_POLICY */
92 static void hci_cc_link_policy(struct hci_dev *hdev, __u16 ocf, struct sk_buff *skb)
94 struct hci_conn *conn;
95 struct hci_rp_role_discovery *rd;
96 struct hci_rp_write_link_policy *lp;
99 BT_DBG("%s ocf 0x%x", hdev->name, ocf);
102 case OCF_ROLE_DISCOVERY:
103 rd = (void *) skb->data;
110 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rd->handle));
113 conn->link_mode &= ~HCI_LM_MASTER;
115 conn->link_mode |= HCI_LM_MASTER;
118 hci_dev_unlock(hdev);
121 case OCF_WRITE_LINK_POLICY:
122 sent = hci_sent_cmd_data(hdev, OGF_LINK_POLICY, OCF_WRITE_LINK_POLICY);
126 lp = (struct hci_rp_write_link_policy *) skb->data;
133 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(lp->handle));
135 __le16 policy = get_unaligned((__le16 *) (sent + 2));
136 conn->link_policy = __le16_to_cpu(policy);
139 hci_dev_unlock(hdev);
143 BT_DBG("%s: Command complete: ogf LINK_POLICY ocf %x",
149 /* Command Complete OGF HOST_CTL */
150 static void hci_cc_host_ctl(struct hci_dev *hdev, __u16 ocf, struct sk_buff *skb)
154 struct hci_rp_read_voice_setting *vs;
157 BT_DBG("%s ocf 0x%x", hdev->name, ocf);
161 status = *((__u8 *) skb->data);
162 hci_req_complete(hdev, status);
165 case OCF_SET_EVENT_FLT:
166 status = *((__u8 *) skb->data);
168 BT_DBG("%s SET_EVENT_FLT failed %d", hdev->name, status);
170 BT_DBG("%s SET_EVENT_FLT succeseful", hdev->name);
174 case OCF_WRITE_AUTH_ENABLE:
175 sent = hci_sent_cmd_data(hdev, OGF_HOST_CTL, OCF_WRITE_AUTH_ENABLE);
179 status = *((__u8 *) skb->data);
180 param = *((__u8 *) sent);
183 if (param == AUTH_ENABLED)
184 set_bit(HCI_AUTH, &hdev->flags);
186 clear_bit(HCI_AUTH, &hdev->flags);
188 hci_req_complete(hdev, status);
191 case OCF_WRITE_ENCRYPT_MODE:
192 sent = hci_sent_cmd_data(hdev, OGF_HOST_CTL, OCF_WRITE_ENCRYPT_MODE);
196 status = *((__u8 *) skb->data);
197 param = *((__u8 *) sent);
201 set_bit(HCI_ENCRYPT, &hdev->flags);
203 clear_bit(HCI_ENCRYPT, &hdev->flags);
205 hci_req_complete(hdev, status);
208 case OCF_WRITE_CA_TIMEOUT:
209 status = *((__u8 *) skb->data);
211 BT_DBG("%s OCF_WRITE_CA_TIMEOUT failed %d", hdev->name, status);
213 BT_DBG("%s OCF_WRITE_CA_TIMEOUT succeseful", hdev->name);
217 case OCF_WRITE_PG_TIMEOUT:
218 status = *((__u8 *) skb->data);
220 BT_DBG("%s OCF_WRITE_PG_TIMEOUT failed %d", hdev->name, status);
222 BT_DBG("%s: OCF_WRITE_PG_TIMEOUT succeseful", hdev->name);
226 case OCF_WRITE_SCAN_ENABLE:
227 sent = hci_sent_cmd_data(hdev, OGF_HOST_CTL, OCF_WRITE_SCAN_ENABLE);
231 status = *((__u8 *) skb->data);
232 param = *((__u8 *) sent);
234 BT_DBG("param 0x%x", param);
237 clear_bit(HCI_PSCAN, &hdev->flags);
238 clear_bit(HCI_ISCAN, &hdev->flags);
239 if (param & SCAN_INQUIRY)
240 set_bit(HCI_ISCAN, &hdev->flags);
242 if (param & SCAN_PAGE)
243 set_bit(HCI_PSCAN, &hdev->flags);
245 hci_req_complete(hdev, status);
248 case OCF_READ_VOICE_SETTING:
249 vs = (struct hci_rp_read_voice_setting *) skb->data;
252 BT_DBG("%s READ_VOICE_SETTING failed %d", hdev->name, vs->status);
256 setting = __le16_to_cpu(vs->voice_setting);
258 if (hdev->voice_setting != setting ) {
259 hdev->voice_setting = setting;
261 BT_DBG("%s: voice setting 0x%04x", hdev->name, setting);
264 tasklet_disable(&hdev->tx_task);
265 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
266 tasklet_enable(&hdev->tx_task);
271 case OCF_WRITE_VOICE_SETTING:
272 sent = hci_sent_cmd_data(hdev, OGF_HOST_CTL, OCF_WRITE_VOICE_SETTING);
276 status = *((__u8 *) skb->data);
277 setting = __le16_to_cpu(get_unaligned((__le16 *) sent));
279 if (!status && hdev->voice_setting != setting) {
280 hdev->voice_setting = setting;
282 BT_DBG("%s: voice setting 0x%04x", hdev->name, setting);
285 tasklet_disable(&hdev->tx_task);
286 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
287 tasklet_enable(&hdev->tx_task);
290 hci_req_complete(hdev, status);
293 case OCF_HOST_BUFFER_SIZE:
294 status = *((__u8 *) skb->data);
296 BT_DBG("%s OCF_BUFFER_SIZE failed %d", hdev->name, status);
297 hci_req_complete(hdev, status);
302 BT_DBG("%s Command complete: ogf HOST_CTL ocf %x", hdev->name, ocf);
307 /* Command Complete OGF INFO_PARAM */
308 static void hci_cc_info_param(struct hci_dev *hdev, __u16 ocf, struct sk_buff *skb)
310 struct hci_rp_read_loc_version *lv;
311 struct hci_rp_read_local_features *lf;
312 struct hci_rp_read_buffer_size *bs;
313 struct hci_rp_read_bd_addr *ba;
315 BT_DBG("%s ocf 0x%x", hdev->name, ocf);
318 case OCF_READ_LOCAL_VERSION:
319 lv = (struct hci_rp_read_loc_version *) skb->data;
322 BT_DBG("%s READ_LOCAL_VERSION failed %d", hdev->name, lf->status);
326 hdev->hci_ver = lv->hci_ver;
327 hdev->hci_rev = btohs(lv->hci_rev);
328 hdev->manufacturer = btohs(lv->manufacturer);
330 BT_DBG("%s: manufacturer %d hci_ver %d hci_rev %d", hdev->name,
331 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
335 case OCF_READ_LOCAL_FEATURES:
336 lf = (struct hci_rp_read_local_features *) skb->data;
339 BT_DBG("%s READ_LOCAL_FEATURES failed %d", hdev->name, lf->status);
343 memcpy(hdev->features, lf->features, sizeof(hdev->features));
345 /* Adjust default settings according to features
346 * supported by device. */
347 if (hdev->features[0] & LMP_3SLOT)
348 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
350 if (hdev->features[0] & LMP_5SLOT)
351 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
353 if (hdev->features[1] & LMP_HV2)
354 hdev->pkt_type |= (HCI_HV2);
356 if (hdev->features[1] & LMP_HV3)
357 hdev->pkt_type |= (HCI_HV3);
359 BT_DBG("%s: features 0x%x 0x%x 0x%x", hdev->name,
360 lf->features[0], lf->features[1], lf->features[2]);
364 case OCF_READ_BUFFER_SIZE:
365 bs = (struct hci_rp_read_buffer_size *) skb->data;
368 BT_DBG("%s READ_BUFFER_SIZE failed %d", hdev->name, bs->status);
369 hci_req_complete(hdev, bs->status);
373 hdev->acl_mtu = __le16_to_cpu(bs->acl_mtu);
374 hdev->sco_mtu = bs->sco_mtu;
375 hdev->acl_pkts = __le16_to_cpu(bs->acl_max_pkt);
376 hdev->sco_pkts = __le16_to_cpu(bs->sco_max_pkt);
378 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
383 hdev->acl_cnt = hdev->acl_pkts;
384 hdev->sco_cnt = hdev->sco_pkts;
386 BT_DBG("%s mtu: acl %d, sco %d max_pkt: acl %d, sco %d", hdev->name,
387 hdev->acl_mtu, hdev->sco_mtu, hdev->acl_pkts, hdev->sco_pkts);
390 case OCF_READ_BD_ADDR:
391 ba = (struct hci_rp_read_bd_addr *) skb->data;
394 bacpy(&hdev->bdaddr, &ba->bdaddr);
396 BT_DBG("%s: READ_BD_ADDR failed %d", hdev->name, ba->status);
399 hci_req_complete(hdev, ba->status);
403 BT_DBG("%s Command complete: ogf INFO_PARAM ocf %x", hdev->name, ocf);
408 /* Command Status OGF LINK_CTL */
409 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
411 struct hci_conn *conn;
412 struct hci_cp_create_conn *cp = hci_sent_cmd_data(hdev, OGF_LINK_CTL, OCF_CREATE_CONN);
419 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
421 BT_DBG("%s status 0x%x bdaddr %s conn %p", hdev->name,
422 status, batostr(&cp->bdaddr), conn);
425 if (conn && conn->state == BT_CONNECT) {
426 if (status != 0x0c || conn->attempt > 2) {
427 conn->state = BT_CLOSED;
428 hci_proto_connect_cfm(conn, status);
431 conn->state = BT_CONNECT2;
435 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
438 conn->link_mode |= HCI_LM_MASTER;
440 BT_ERR("No memmory for new connection");
444 hci_dev_unlock(hdev);
447 static void hci_cs_link_ctl(struct hci_dev *hdev, __u16 ocf, __u8 status)
449 BT_DBG("%s ocf 0x%x", hdev->name, ocf);
452 case OCF_CREATE_CONN:
453 hci_cs_create_conn(hdev, status);
458 struct hci_conn *acl, *sco;
459 struct hci_cp_add_sco *cp = hci_sent_cmd_data(hdev, OGF_LINK_CTL, OCF_ADD_SCO);
465 handle = __le16_to_cpu(cp->handle);
467 BT_DBG("%s Add SCO error: handle %d status 0x%x", hdev->name, handle, status);
471 acl = hci_conn_hash_lookup_handle(hdev, handle);
472 if (acl && (sco = acl->link)) {
473 sco->state = BT_CLOSED;
475 hci_proto_connect_cfm(sco, status);
479 hci_dev_unlock(hdev);
485 BT_DBG("%s Inquiry error: status 0x%x", hdev->name, status);
486 hci_req_complete(hdev, status);
488 set_bit(HCI_INQUIRY, &hdev->flags);
493 BT_DBG("%s Command status: ogf LINK_CTL ocf %x status %d",
494 hdev->name, ocf, status);
499 /* Command Status OGF LINK_POLICY */
500 static void hci_cs_link_policy(struct hci_dev *hdev, __u16 ocf, __u8 status)
502 BT_DBG("%s ocf 0x%x", hdev->name, ocf);
507 struct hci_conn *conn;
508 struct hci_cp_sniff_mode *cp = hci_sent_cmd_data(hdev, OGF_LINK_POLICY, OCF_SNIFF_MODE);
515 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
517 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
520 hci_dev_unlock(hdev);
524 case OCF_EXIT_SNIFF_MODE:
526 struct hci_conn *conn;
527 struct hci_cp_exit_sniff_mode *cp = hci_sent_cmd_data(hdev, OGF_LINK_POLICY, OCF_EXIT_SNIFF_MODE);
534 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
536 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
539 hci_dev_unlock(hdev);
544 BT_DBG("%s Command status: ogf LINK_POLICY ocf %x", hdev->name, ocf);
549 /* Command Status OGF HOST_CTL */
550 static void hci_cs_host_ctl(struct hci_dev *hdev, __u16 ocf, __u8 status)
552 BT_DBG("%s ocf 0x%x", hdev->name, ocf);
556 BT_DBG("%s Command status: ogf HOST_CTL ocf %x", hdev->name, ocf);
561 /* Command Status OGF INFO_PARAM */
562 static void hci_cs_info_param(struct hci_dev *hdev, __u16 ocf, __u8 status)
564 BT_DBG("%s: hci_cs_info_param: ocf 0x%x", hdev->name, ocf);
568 BT_DBG("%s Command status: ogf INFO_PARAM ocf %x", hdev->name, ocf);
573 /* Inquiry Complete */
574 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
576 __u8 status = *((__u8 *) skb->data);
577 struct hci_conn *pend;
579 BT_DBG("%s status %d", hdev->name, status);
581 clear_bit(HCI_INQUIRY, &hdev->flags);
582 hci_req_complete(hdev, status);
586 pend = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
588 hci_acl_connect(pend);
590 hci_dev_unlock(hdev);
594 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
596 struct inquiry_data data;
597 struct inquiry_info *info = (struct inquiry_info *) (skb->data + 1);
598 int num_rsp = *((__u8 *) skb->data);
600 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
607 for (; num_rsp; num_rsp--) {
608 bacpy(&data.bdaddr, &info->bdaddr);
609 data.pscan_rep_mode = info->pscan_rep_mode;
610 data.pscan_period_mode = info->pscan_period_mode;
611 data.pscan_mode = info->pscan_mode;
612 memcpy(data.dev_class, info->dev_class, 3);
613 data.clock_offset = info->clock_offset;
616 hci_inquiry_cache_update(hdev, &data);
619 hci_dev_unlock(hdev);
622 /* Inquiry Result With RSSI */
623 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
625 struct inquiry_data data;
626 int num_rsp = *((__u8 *) skb->data);
628 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
635 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
636 struct inquiry_info_with_rssi_and_pscan_mode *info =
637 (struct inquiry_info_with_rssi_and_pscan_mode *) (skb->data + 1);
639 for (; num_rsp; num_rsp--) {
640 bacpy(&data.bdaddr, &info->bdaddr);
641 data.pscan_rep_mode = info->pscan_rep_mode;
642 data.pscan_period_mode = info->pscan_period_mode;
643 data.pscan_mode = info->pscan_mode;
644 memcpy(data.dev_class, info->dev_class, 3);
645 data.clock_offset = info->clock_offset;
646 data.rssi = info->rssi;
648 hci_inquiry_cache_update(hdev, &data);
651 struct inquiry_info_with_rssi *info =
652 (struct inquiry_info_with_rssi *) (skb->data + 1);
654 for (; num_rsp; num_rsp--) {
655 bacpy(&data.bdaddr, &info->bdaddr);
656 data.pscan_rep_mode = info->pscan_rep_mode;
657 data.pscan_period_mode = info->pscan_period_mode;
658 data.pscan_mode = 0x00;
659 memcpy(data.dev_class, info->dev_class, 3);
660 data.clock_offset = info->clock_offset;
661 data.rssi = info->rssi;
663 hci_inquiry_cache_update(hdev, &data);
667 hci_dev_unlock(hdev);
670 /* Extended Inquiry Result */
671 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
673 struct inquiry_data data;
674 struct extended_inquiry_info *info = (struct extended_inquiry_info *) (skb->data + 1);
675 int num_rsp = *((__u8 *) skb->data);
677 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
684 for (; num_rsp; num_rsp--) {
685 bacpy(&data.bdaddr, &info->bdaddr);
686 data.pscan_rep_mode = info->pscan_rep_mode;
687 data.pscan_period_mode = info->pscan_period_mode;
688 data.pscan_mode = 0x00;
689 memcpy(data.dev_class, info->dev_class, 3);
690 data.clock_offset = info->clock_offset;
691 data.rssi = info->rssi;
693 hci_inquiry_cache_update(hdev, &data);
696 hci_dev_unlock(hdev);
699 /* Connect Request */
700 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
702 struct hci_ev_conn_request *ev = (struct hci_ev_conn_request *) skb->data;
703 int mask = hdev->link_mode;
705 BT_DBG("%s Connection request: %s type 0x%x", hdev->name,
706 batostr(&ev->bdaddr), ev->link_type);
708 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
710 if (mask & HCI_LM_ACCEPT) {
711 /* Connection accepted */
712 struct hci_conn *conn;
713 struct hci_cp_accept_conn_req cp;
716 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
718 if (!(conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr))) {
719 BT_ERR("No memmory for new connection");
720 hci_dev_unlock(hdev);
724 memcpy(conn->dev_class, ev->dev_class, 3);
725 conn->state = BT_CONNECT;
726 hci_dev_unlock(hdev);
728 bacpy(&cp.bdaddr, &ev->bdaddr);
730 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
731 cp.role = 0x00; /* Become master */
733 cp.role = 0x01; /* Remain slave */
735 hci_send_cmd(hdev, OGF_LINK_CTL,
736 OCF_ACCEPT_CONN_REQ, sizeof(cp), &cp);
738 /* Connection rejected */
739 struct hci_cp_reject_conn_req cp;
741 bacpy(&cp.bdaddr, &ev->bdaddr);
743 hci_send_cmd(hdev, OGF_LINK_CTL,
744 OCF_REJECT_CONN_REQ, sizeof(cp), &cp);
748 /* Connect Complete */
749 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
751 struct hci_ev_conn_complete *ev = (struct hci_ev_conn_complete *) skb->data;
752 struct hci_conn *conn, *pend;
754 BT_DBG("%s", hdev->name);
758 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
760 hci_dev_unlock(hdev);
765 conn->handle = __le16_to_cpu(ev->handle);
766 conn->state = BT_CONNECTED;
768 if (test_bit(HCI_AUTH, &hdev->flags))
769 conn->link_mode |= HCI_LM_AUTH;
771 if (test_bit(HCI_ENCRYPT, &hdev->flags))
772 conn->link_mode |= HCI_LM_ENCRYPT;
774 /* Get remote features */
775 if (conn->type == ACL_LINK) {
776 struct hci_cp_read_remote_features cp;
777 cp.handle = ev->handle;
778 hci_send_cmd(hdev, OGF_LINK_CTL,
779 OCF_READ_REMOTE_FEATURES, sizeof(cp), &cp);
782 /* Set link policy */
783 if (conn->type == ACL_LINK && hdev->link_policy) {
784 struct hci_cp_write_link_policy cp;
785 cp.handle = ev->handle;
786 cp.policy = __cpu_to_le16(hdev->link_policy);
787 hci_send_cmd(hdev, OGF_LINK_POLICY,
788 OCF_WRITE_LINK_POLICY, sizeof(cp), &cp);
791 /* Set packet type for incoming connection */
793 struct hci_cp_change_conn_ptype cp;
794 cp.handle = ev->handle;
795 cp.pkt_type = (conn->type == ACL_LINK) ?
796 __cpu_to_le16(hdev->pkt_type & ACL_PTYPE_MASK):
797 __cpu_to_le16(hdev->pkt_type & SCO_PTYPE_MASK);
799 hci_send_cmd(hdev, OGF_LINK_CTL,
800 OCF_CHANGE_CONN_PTYPE, sizeof(cp), &cp);
802 /* Update disconnect timer */
807 conn->state = BT_CLOSED;
809 if (conn->type == ACL_LINK) {
810 struct hci_conn *sco = conn->link;
813 hci_add_sco(sco, conn->handle);
815 hci_proto_connect_cfm(sco, ev->status);
821 hci_proto_connect_cfm(conn, ev->status);
825 pend = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
827 hci_acl_connect(pend);
829 hci_dev_unlock(hdev);
832 /* Disconnect Complete */
833 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
835 struct hci_ev_disconn_complete *ev = (struct hci_ev_disconn_complete *) skb->data;
836 struct hci_conn *conn;
838 BT_DBG("%s status %d", hdev->name, ev->status);
845 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
847 conn->state = BT_CLOSED;
848 hci_proto_disconn_ind(conn, ev->reason);
852 hci_dev_unlock(hdev);
855 /* Number of completed packets */
856 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
858 struct hci_ev_num_comp_pkts *ev = (struct hci_ev_num_comp_pkts *) skb->data;
862 skb_pull(skb, sizeof(*ev));
864 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
866 if (skb->len < ev->num_hndl * 4) {
867 BT_DBG("%s bad parameters", hdev->name);
871 tasklet_disable(&hdev->tx_task);
873 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
874 struct hci_conn *conn;
877 handle = __le16_to_cpu(get_unaligned(ptr++));
878 count = __le16_to_cpu(get_unaligned(ptr++));
880 conn = hci_conn_hash_lookup_handle(hdev, handle);
884 if (conn->type == SCO_LINK) {
885 if ((hdev->sco_cnt += count) > hdev->sco_pkts)
886 hdev->sco_cnt = hdev->sco_pkts;
888 if ((hdev->acl_cnt += count) > hdev->acl_pkts)
889 hdev->acl_cnt = hdev->acl_pkts;
895 tasklet_enable(&hdev->tx_task);
899 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
901 struct hci_ev_role_change *ev = (struct hci_ev_role_change *) skb->data;
902 struct hci_conn *conn;
904 BT_DBG("%s status %d", hdev->name, ev->status);
908 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
912 conn->link_mode &= ~HCI_LM_MASTER;
914 conn->link_mode |= HCI_LM_MASTER;
917 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
919 hci_role_switch_cfm(conn, ev->status, ev->role);
922 hci_dev_unlock(hdev);
926 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
928 struct hci_ev_mode_change *ev = (struct hci_ev_mode_change *) skb->data;
929 struct hci_conn *conn;
931 BT_DBG("%s status %d", hdev->name, ev->status);
935 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
937 conn->mode = ev->mode;
938 conn->interval = __le16_to_cpu(ev->interval);
940 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
941 if (conn->mode == HCI_CM_ACTIVE)
942 conn->power_save = 1;
944 conn->power_save = 0;
948 hci_dev_unlock(hdev);
951 /* Authentication Complete */
952 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
954 struct hci_ev_auth_complete *ev = (struct hci_ev_auth_complete *) skb->data;
955 struct hci_conn *conn;
957 BT_DBG("%s status %d", hdev->name, ev->status);
961 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
964 conn->link_mode |= HCI_LM_AUTH;
966 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
968 hci_auth_cfm(conn, ev->status);
970 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
972 struct hci_cp_set_conn_encrypt cp;
973 cp.handle = __cpu_to_le16(conn->handle);
975 hci_send_cmd(conn->hdev, OGF_LINK_CTL,
976 OCF_SET_CONN_ENCRYPT, sizeof(cp), &cp);
978 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
979 hci_encrypt_cfm(conn, ev->status, 0x00);
984 hci_dev_unlock(hdev);
987 /* Encryption Change */
988 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
990 struct hci_ev_encrypt_change *ev = (struct hci_ev_encrypt_change *) skb->data;
991 struct hci_conn *conn;
993 BT_DBG("%s status %d", hdev->name, ev->status);
997 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1001 conn->link_mode |= HCI_LM_ENCRYPT;
1003 conn->link_mode &= ~HCI_LM_ENCRYPT;
1006 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1008 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1011 hci_dev_unlock(hdev);
1014 /* Change Connection Link Key Complete */
1015 static inline void hci_change_conn_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1017 struct hci_ev_change_conn_link_key_complete *ev = (struct hci_ev_change_conn_link_key_complete *) skb->data;
1018 struct hci_conn *conn;
1020 BT_DBG("%s status %d", hdev->name, ev->status);
1024 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1027 conn->link_mode |= HCI_LM_SECURE;
1029 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1031 hci_key_change_cfm(conn, ev->status);
1034 hci_dev_unlock(hdev);
1037 /* Pin Code Request*/
1038 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1042 /* Link Key Request */
1043 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1047 /* Link Key Notification */
1048 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
1052 /* Remote Features */
1053 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1055 struct hci_ev_remote_features *ev = (struct hci_ev_remote_features *) skb->data;
1056 struct hci_conn *conn;
1058 BT_DBG("%s status %d", hdev->name, ev->status);
1062 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1063 if (conn && !ev->status) {
1064 memcpy(conn->features, ev->features, sizeof(conn->features));
1067 hci_dev_unlock(hdev);
1071 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
1073 struct hci_ev_clock_offset *ev = (struct hci_ev_clock_offset *) skb->data;
1074 struct hci_conn *conn;
1076 BT_DBG("%s status %d", hdev->name, ev->status);
1080 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1081 if (conn && !ev->status) {
1082 struct inquiry_entry *ie;
1084 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst))) {
1085 ie->data.clock_offset = ev->clock_offset;
1086 ie->timestamp = jiffies;
1090 hci_dev_unlock(hdev);
1093 /* Page Scan Repetition Mode */
1094 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
1096 struct hci_ev_pscan_rep_mode *ev = (struct hci_ev_pscan_rep_mode *) skb->data;
1097 struct inquiry_entry *ie;
1099 BT_DBG("%s", hdev->name);
1103 if ((ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr))) {
1104 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
1105 ie->timestamp = jiffies;
1108 hci_dev_unlock(hdev);
1112 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
1114 struct hci_ev_sniff_subrate *ev = (struct hci_ev_sniff_subrate *) skb->data;
1115 struct hci_conn *conn;
1117 BT_DBG("%s status %d", hdev->name, ev->status);
1121 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1125 hci_dev_unlock(hdev);
1128 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
1130 struct hci_event_hdr *hdr = (struct hci_event_hdr *) skb->data;
1131 struct hci_ev_cmd_complete *ec;
1132 struct hci_ev_cmd_status *cs;
1133 u16 opcode, ocf, ogf;
1135 skb_pull(skb, HCI_EVENT_HDR_SIZE);
1137 BT_DBG("%s evt 0x%x", hdev->name, hdr->evt);
1140 case HCI_EV_NUM_COMP_PKTS:
1141 hci_num_comp_pkts_evt(hdev, skb);
1144 case HCI_EV_INQUIRY_COMPLETE:
1145 hci_inquiry_complete_evt(hdev, skb);
1148 case HCI_EV_INQUIRY_RESULT:
1149 hci_inquiry_result_evt(hdev, skb);
1152 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
1153 hci_inquiry_result_with_rssi_evt(hdev, skb);
1156 case HCI_EV_EXTENDED_INQUIRY_RESULT:
1157 hci_extended_inquiry_result_evt(hdev, skb);
1160 case HCI_EV_CONN_REQUEST:
1161 hci_conn_request_evt(hdev, skb);
1164 case HCI_EV_CONN_COMPLETE:
1165 hci_conn_complete_evt(hdev, skb);
1168 case HCI_EV_DISCONN_COMPLETE:
1169 hci_disconn_complete_evt(hdev, skb);
1172 case HCI_EV_ROLE_CHANGE:
1173 hci_role_change_evt(hdev, skb);
1176 case HCI_EV_MODE_CHANGE:
1177 hci_mode_change_evt(hdev, skb);
1180 case HCI_EV_AUTH_COMPLETE:
1181 hci_auth_complete_evt(hdev, skb);
1184 case HCI_EV_ENCRYPT_CHANGE:
1185 hci_encrypt_change_evt(hdev, skb);
1188 case HCI_EV_CHANGE_CONN_LINK_KEY_COMPLETE:
1189 hci_change_conn_link_key_complete_evt(hdev, skb);
1192 case HCI_EV_PIN_CODE_REQ:
1193 hci_pin_code_request_evt(hdev, skb);
1196 case HCI_EV_LINK_KEY_REQ:
1197 hci_link_key_request_evt(hdev, skb);
1200 case HCI_EV_LINK_KEY_NOTIFY:
1201 hci_link_key_notify_evt(hdev, skb);
1204 case HCI_EV_REMOTE_FEATURES:
1205 hci_remote_features_evt(hdev, skb);
1208 case HCI_EV_CLOCK_OFFSET:
1209 hci_clock_offset_evt(hdev, skb);
1212 case HCI_EV_PSCAN_REP_MODE:
1213 hci_pscan_rep_mode_evt(hdev, skb);
1216 case HCI_EV_SNIFF_SUBRATE:
1217 hci_sniff_subrate_evt(hdev, skb);
1220 case HCI_EV_CMD_STATUS:
1221 cs = (struct hci_ev_cmd_status *) skb->data;
1222 skb_pull(skb, sizeof(cs));
1224 opcode = __le16_to_cpu(cs->opcode);
1225 ogf = hci_opcode_ogf(opcode);
1226 ocf = hci_opcode_ocf(opcode);
1229 case OGF_INFO_PARAM:
1230 hci_cs_info_param(hdev, ocf, cs->status);
1234 hci_cs_host_ctl(hdev, ocf, cs->status);
1238 hci_cs_link_ctl(hdev, ocf, cs->status);
1241 case OGF_LINK_POLICY:
1242 hci_cs_link_policy(hdev, ocf, cs->status);
1246 BT_DBG("%s Command Status OGF %x", hdev->name, ogf);
1251 atomic_set(&hdev->cmd_cnt, 1);
1252 if (!skb_queue_empty(&hdev->cmd_q))
1253 hci_sched_cmd(hdev);
1257 case HCI_EV_CMD_COMPLETE:
1258 ec = (struct hci_ev_cmd_complete *) skb->data;
1259 skb_pull(skb, sizeof(*ec));
1261 opcode = __le16_to_cpu(ec->opcode);
1262 ogf = hci_opcode_ogf(opcode);
1263 ocf = hci_opcode_ocf(opcode);
1266 case OGF_INFO_PARAM:
1267 hci_cc_info_param(hdev, ocf, skb);
1271 hci_cc_host_ctl(hdev, ocf, skb);
1275 hci_cc_link_ctl(hdev, ocf, skb);
1278 case OGF_LINK_POLICY:
1279 hci_cc_link_policy(hdev, ocf, skb);
1283 BT_DBG("%s Command Completed OGF %x", hdev->name, ogf);
1288 atomic_set(&hdev->cmd_cnt, 1);
1289 if (!skb_queue_empty(&hdev->cmd_q))
1290 hci_sched_cmd(hdev);
1296 hdev->stat.evt_rx++;
1299 /* Generate internal stack event */
1300 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
1302 struct hci_event_hdr *hdr;
1303 struct hci_ev_stack_internal *ev;
1304 struct sk_buff *skb;
1306 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
1310 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
1311 hdr->evt = HCI_EV_STACK_INTERNAL;
1312 hdr->plen = sizeof(*ev) + dlen;
1314 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
1316 memcpy(ev->data, data, dlen);
1318 bt_cb(skb)->incoming = 1;
1319 __net_timestamp(skb);
1321 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
1322 skb->dev = (void *) hdev;
1323 hci_send_to_sock(hdev, skb);