2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth L2CAP core and sockets. */
27 #include <linux/config.h>
28 #include <linux/module.h>
30 #include <linux/types.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/sched.h>
34 #include <linux/slab.h>
35 #include <linux/poll.h>
36 #include <linux/fcntl.h>
37 #include <linux/init.h>
38 #include <linux/interrupt.h>
39 #include <linux/socket.h>
40 #include <linux/skbuff.h>
41 #include <linux/proc_fs.h>
42 #include <linux/seq_file.h>
43 #include <linux/list.h>
46 #include <asm/system.h>
47 #include <asm/uaccess.h>
48 #include <asm/unaligned.h>
50 #include <net/bluetooth/bluetooth.h>
51 #include <net/bluetooth/hci_core.h>
52 #include <net/bluetooth/l2cap.h>
54 #ifndef CONFIG_BT_L2CAP_DEBUG
61 static struct proto_ops l2cap_sock_ops;
63 static struct bt_sock_list l2cap_sk_list = {
64 .lock = RW_LOCK_UNLOCKED
67 static int l2cap_conn_del(struct hci_conn *conn, int err);
69 static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent);
70 static void l2cap_chan_del(struct sock *sk, int err);
72 static void __l2cap_sock_close(struct sock *sk, int reason);
73 static void l2cap_sock_close(struct sock *sk);
74 static void l2cap_sock_kill(struct sock *sk);
76 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
77 u8 code, u8 ident, u16 dlen, void *data);
79 /* ---- L2CAP timers ---- */
80 static void l2cap_sock_timeout(unsigned long arg)
82 struct sock *sk = (struct sock *) arg;
84 BT_DBG("sock %p state %d", sk, sk->sk_state);
87 __l2cap_sock_close(sk, ETIMEDOUT);
94 static void l2cap_sock_set_timer(struct sock *sk, long timeout)
96 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
97 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
100 static void l2cap_sock_clear_timer(struct sock *sk)
102 BT_DBG("sock %p state %d", sk, sk->sk_state);
103 sk_stop_timer(sk, &sk->sk_timer);
106 static void l2cap_sock_init_timer(struct sock *sk)
108 init_timer(&sk->sk_timer);
109 sk->sk_timer.function = l2cap_sock_timeout;
110 sk->sk_timer.data = (unsigned long)sk;
113 /* ---- L2CAP connections ---- */
114 static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
116 struct l2cap_conn *conn;
118 if ((conn = hcon->l2cap_data))
124 if (!(conn = kmalloc(sizeof(struct l2cap_conn), GFP_ATOMIC)))
126 memset(conn, 0, sizeof(struct l2cap_conn));
128 hcon->l2cap_data = conn;
131 conn->mtu = hcon->hdev->acl_mtu;
132 conn->src = &hcon->hdev->bdaddr;
133 conn->dst = &hcon->dst;
135 spin_lock_init(&conn->lock);
136 rwlock_init(&conn->chan_list.lock);
138 BT_DBG("hcon %p conn %p", hcon, conn);
142 static int l2cap_conn_del(struct hci_conn *hcon, int err)
144 struct l2cap_conn *conn;
147 if (!(conn = hcon->l2cap_data))
150 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
153 kfree_skb(conn->rx_skb);
156 while ((sk = conn->chan_list.head)) {
158 l2cap_chan_del(sk, err);
163 hcon->l2cap_data = NULL;
168 static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
170 struct l2cap_chan_list *l = &conn->chan_list;
171 write_lock(&l->lock);
172 __l2cap_chan_add(conn, sk, parent);
173 write_unlock(&l->lock);
176 static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
180 /* Get next available identificator.
181 * 1 - 128 are used by kernel.
182 * 129 - 199 are reserved.
183 * 200 - 254 are used by utilities like l2ping, etc.
186 spin_lock(&conn->lock);
188 if (++conn->tx_ident > 128)
193 spin_unlock(&conn->lock);
198 static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
200 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
202 BT_DBG("code 0x%2.2x", code);
207 return hci_send_acl(conn->hcon, skb, 0);
210 /* ---- Socket interface ---- */
211 static struct sock *__l2cap_get_sock_by_addr(u16 psm, bdaddr_t *src)
214 struct hlist_node *node;
215 sk_for_each(sk, node, &l2cap_sk_list.head)
216 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
223 /* Find socket with psm and source bdaddr.
224 * Returns closest match.
226 static struct sock *__l2cap_get_sock_by_psm(int state, u16 psm, bdaddr_t *src)
228 struct sock *sk = NULL, *sk1 = NULL;
229 struct hlist_node *node;
231 sk_for_each(sk, node, &l2cap_sk_list.head) {
232 if (state && sk->sk_state != state)
235 if (l2cap_pi(sk)->psm == psm) {
237 if (!bacmp(&bt_sk(sk)->src, src))
241 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
245 return node ? sk : sk1;
248 /* Find socket with given address (psm, src).
249 * Returns locked socket */
250 static inline struct sock *l2cap_get_sock_by_psm(int state, u16 psm, bdaddr_t *src)
253 read_lock(&l2cap_sk_list.lock);
254 s = __l2cap_get_sock_by_psm(state, psm, src);
255 if (s) bh_lock_sock(s);
256 read_unlock(&l2cap_sk_list.lock);
260 static void l2cap_sock_destruct(struct sock *sk)
264 skb_queue_purge(&sk->sk_receive_queue);
265 skb_queue_purge(&sk->sk_write_queue);
268 static void l2cap_sock_cleanup_listen(struct sock *parent)
272 BT_DBG("parent %p", parent);
274 /* Close not yet accepted channels */
275 while ((sk = bt_accept_dequeue(parent, NULL)))
276 l2cap_sock_close(sk);
278 parent->sk_state = BT_CLOSED;
279 sock_set_flag(parent, SOCK_ZAPPED);
282 /* Kill socket (only if zapped and orphan)
283 * Must be called on unlocked socket.
285 static void l2cap_sock_kill(struct sock *sk)
287 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
290 BT_DBG("sk %p state %d", sk, sk->sk_state);
292 /* Kill poor orphan */
293 bt_sock_unlink(&l2cap_sk_list, sk);
294 sock_set_flag(sk, SOCK_DEAD);
298 static void __l2cap_sock_close(struct sock *sk, int reason)
300 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
302 switch (sk->sk_state) {
304 l2cap_sock_cleanup_listen(sk);
310 if (sk->sk_type == SOCK_SEQPACKET) {
311 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
312 struct l2cap_disconn_req req;
314 sk->sk_state = BT_DISCONN;
315 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
317 req.dcid = __cpu_to_le16(l2cap_pi(sk)->dcid);
318 req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);
319 l2cap_send_cmd(conn, l2cap_get_ident(conn),
320 L2CAP_DISCONN_REQ, sizeof(req), &req);
322 l2cap_chan_del(sk, reason);
328 l2cap_chan_del(sk, reason);
332 sock_set_flag(sk, SOCK_ZAPPED);
337 /* Must be called on unlocked socket. */
338 static void l2cap_sock_close(struct sock *sk)
340 l2cap_sock_clear_timer(sk);
342 __l2cap_sock_close(sk, ECONNRESET);
347 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
349 struct l2cap_pinfo *pi = l2cap_pi(sk);
354 sk->sk_type = parent->sk_type;
355 pi->imtu = l2cap_pi(parent)->imtu;
356 pi->omtu = l2cap_pi(parent)->omtu;
357 pi->link_mode = l2cap_pi(parent)->link_mode;
359 pi->imtu = L2CAP_DEFAULT_MTU;
364 /* Default config options */
365 pi->conf_mtu = L2CAP_DEFAULT_MTU;
366 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
369 static struct proto l2cap_proto = {
371 .owner = THIS_MODULE,
372 .obj_size = sizeof(struct l2cap_pinfo)
375 static struct sock *l2cap_sock_alloc(struct socket *sock, int proto, gfp_t prio)
379 sk = sk_alloc(PF_BLUETOOTH, prio, &l2cap_proto, 1);
383 sock_init_data(sock, sk);
384 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
386 sk->sk_destruct = l2cap_sock_destruct;
387 sk->sk_sndtimeo = L2CAP_CONN_TIMEOUT;
389 sock_reset_flag(sk, SOCK_ZAPPED);
391 sk->sk_protocol = proto;
392 sk->sk_state = BT_OPEN;
394 l2cap_sock_init_timer(sk);
396 bt_sock_link(&l2cap_sk_list, sk);
400 static int l2cap_sock_create(struct socket *sock, int protocol)
404 BT_DBG("sock %p", sock);
406 sock->state = SS_UNCONNECTED;
408 if (sock->type != SOCK_SEQPACKET &&
409 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
410 return -ESOCKTNOSUPPORT;
412 if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW))
415 sock->ops = &l2cap_sock_ops;
417 sk = l2cap_sock_alloc(sock, protocol, GFP_KERNEL);
421 l2cap_sock_init(sk, NULL);
425 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
427 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
428 struct sock *sk = sock->sk;
431 BT_DBG("sk %p, %s %d", sk, batostr(&la->l2_bdaddr), la->l2_psm);
433 if (!addr || addr->sa_family != AF_BLUETOOTH)
438 if (sk->sk_state != BT_OPEN) {
443 write_lock_bh(&l2cap_sk_list.lock);
445 if (la->l2_psm && __l2cap_get_sock_by_addr(la->l2_psm, &la->l2_bdaddr)) {
448 /* Save source address */
449 bacpy(&bt_sk(sk)->src, &la->l2_bdaddr);
450 l2cap_pi(sk)->psm = la->l2_psm;
451 l2cap_pi(sk)->sport = la->l2_psm;
452 sk->sk_state = BT_BOUND;
455 write_unlock_bh(&l2cap_sk_list.lock);
462 static int l2cap_do_connect(struct sock *sk)
464 bdaddr_t *src = &bt_sk(sk)->src;
465 bdaddr_t *dst = &bt_sk(sk)->dst;
466 struct l2cap_conn *conn;
467 struct hci_conn *hcon;
468 struct hci_dev *hdev;
471 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst), l2cap_pi(sk)->psm);
473 if (!(hdev = hci_get_route(dst, src)))
474 return -EHOSTUNREACH;
476 hci_dev_lock_bh(hdev);
480 hcon = hci_connect(hdev, ACL_LINK, dst);
484 conn = l2cap_conn_add(hcon, 0);
492 /* Update source addr of the socket */
493 bacpy(src, conn->src);
495 l2cap_chan_add(conn, sk, NULL);
497 sk->sk_state = BT_CONNECT;
498 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
500 if (hcon->state == BT_CONNECTED) {
501 if (sk->sk_type == SOCK_SEQPACKET) {
502 struct l2cap_conn_req req;
503 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
504 req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);
505 req.psm = l2cap_pi(sk)->psm;
506 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
507 L2CAP_CONN_REQ, sizeof(req), &req);
509 l2cap_sock_clear_timer(sk);
510 sk->sk_state = BT_CONNECTED;
515 hci_dev_unlock_bh(hdev);
520 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
522 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
523 struct sock *sk = sock->sk;
530 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_l2)) {
535 if (sk->sk_type == SOCK_SEQPACKET && !la->l2_psm) {
540 switch(sk->sk_state) {
544 /* Already connecting */
548 /* Already connected */
561 /* Set destination address and psm */
562 bacpy(&bt_sk(sk)->dst, &la->l2_bdaddr);
563 l2cap_pi(sk)->psm = la->l2_psm;
565 if ((err = l2cap_do_connect(sk)))
569 err = bt_sock_wait_state(sk, BT_CONNECTED,
570 sock_sndtimeo(sk, flags & O_NONBLOCK));
576 static int l2cap_sock_listen(struct socket *sock, int backlog)
578 struct sock *sk = sock->sk;
581 BT_DBG("sk %p backlog %d", sk, backlog);
585 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
590 if (!l2cap_pi(sk)->psm) {
591 bdaddr_t *src = &bt_sk(sk)->src;
596 write_lock_bh(&l2cap_sk_list.lock);
598 for (psm = 0x1001; psm < 0x1100; psm += 2)
599 if (!__l2cap_get_sock_by_addr(psm, src)) {
600 l2cap_pi(sk)->psm = htobs(psm);
601 l2cap_pi(sk)->sport = htobs(psm);
606 write_unlock_bh(&l2cap_sk_list.lock);
612 sk->sk_max_ack_backlog = backlog;
613 sk->sk_ack_backlog = 0;
614 sk->sk_state = BT_LISTEN;
621 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
623 DECLARE_WAITQUEUE(wait, current);
624 struct sock *sk = sock->sk, *nsk;
630 if (sk->sk_state != BT_LISTEN) {
635 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
637 BT_DBG("sk %p timeo %ld", sk, timeo);
639 /* Wait for an incoming connection. (wake-one). */
640 add_wait_queue_exclusive(sk->sk_sleep, &wait);
641 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
642 set_current_state(TASK_INTERRUPTIBLE);
649 timeo = schedule_timeout(timeo);
652 if (sk->sk_state != BT_LISTEN) {
657 if (signal_pending(current)) {
658 err = sock_intr_errno(timeo);
662 set_current_state(TASK_RUNNING);
663 remove_wait_queue(sk->sk_sleep, &wait);
668 newsock->state = SS_CONNECTED;
670 BT_DBG("new socket %p", nsk);
677 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
679 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
680 struct sock *sk = sock->sk;
682 BT_DBG("sock %p, sk %p", sock, sk);
684 addr->sa_family = AF_BLUETOOTH;
685 *len = sizeof(struct sockaddr_l2);
688 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
690 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
692 la->l2_psm = l2cap_pi(sk)->psm;
696 static inline int l2cap_do_send(struct sock *sk, struct msghdr *msg, int len)
698 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
699 struct sk_buff *skb, **frag;
700 int err, hlen, count, sent=0;
701 struct l2cap_hdr *lh;
703 BT_DBG("sk %p len %d", sk, len);
705 /* First fragment (with L2CAP header) */
706 if (sk->sk_type == SOCK_DGRAM)
707 hlen = L2CAP_HDR_SIZE + 2;
709 hlen = L2CAP_HDR_SIZE;
711 count = min_t(unsigned int, (conn->mtu - hlen), len);
713 skb = bt_skb_send_alloc(sk, hlen + count,
714 msg->msg_flags & MSG_DONTWAIT, &err);
718 /* Create L2CAP header */
719 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
720 lh->cid = __cpu_to_le16(l2cap_pi(sk)->dcid);
721 lh->len = __cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
723 if (sk->sk_type == SOCK_DGRAM)
724 put_unaligned(l2cap_pi(sk)->psm, (u16 *) skb_put(skb, 2));
726 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
734 /* Continuation fragments (no L2CAP header) */
735 frag = &skb_shinfo(skb)->frag_list;
737 count = min_t(unsigned int, conn->mtu, len);
739 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
743 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count)) {
751 frag = &(*frag)->next;
754 if ((err = hci_send_acl(conn->hcon, skb, 0)) < 0)
764 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
766 struct sock *sk = sock->sk;
769 BT_DBG("sock %p, sk %p", sock, sk);
772 return sock_error(sk);
774 if (msg->msg_flags & MSG_OOB)
777 /* Check outgoing MTU */
778 if (sk->sk_type != SOCK_RAW && len > l2cap_pi(sk)->omtu)
783 if (sk->sk_state == BT_CONNECTED)
784 err = l2cap_do_send(sk, msg, len);
792 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
794 struct sock *sk = sock->sk;
795 struct l2cap_options opts;
805 len = min_t(unsigned int, sizeof(opts), optlen);
806 if (copy_from_user((char *) &opts, optval, len)) {
810 l2cap_pi(sk)->imtu = opts.imtu;
811 l2cap_pi(sk)->omtu = opts.omtu;
815 if (get_user(opt, (u32 __user *) optval)) {
820 l2cap_pi(sk)->link_mode = opt;
832 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
834 struct sock *sk = sock->sk;
835 struct l2cap_options opts;
836 struct l2cap_conninfo cinfo;
841 if (get_user(len, optlen))
848 opts.imtu = l2cap_pi(sk)->imtu;
849 opts.omtu = l2cap_pi(sk)->omtu;
850 opts.flush_to = l2cap_pi(sk)->flush_to;
853 len = min_t(unsigned int, len, sizeof(opts));
854 if (copy_to_user(optval, (char *) &opts, len))
860 if (put_user(l2cap_pi(sk)->link_mode, (u32 __user *) optval))
865 if (sk->sk_state != BT_CONNECTED) {
870 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
871 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
873 len = min_t(unsigned int, len, sizeof(cinfo));
874 if (copy_to_user(optval, (char *) &cinfo, len))
888 static int l2cap_sock_shutdown(struct socket *sock, int how)
890 struct sock *sk = sock->sk;
893 BT_DBG("sock %p, sk %p", sock, sk);
899 if (!sk->sk_shutdown) {
900 sk->sk_shutdown = SHUTDOWN_MASK;
901 l2cap_sock_clear_timer(sk);
902 __l2cap_sock_close(sk, 0);
904 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
905 err = bt_sock_wait_state(sk, BT_CLOSED, sk->sk_lingertime);
911 static int l2cap_sock_release(struct socket *sock)
913 struct sock *sk = sock->sk;
916 BT_DBG("sock %p, sk %p", sock, sk);
921 err = l2cap_sock_shutdown(sock, 2);
928 /* ---- L2CAP channels ---- */
929 static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
932 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
933 if (l2cap_pi(s)->dcid == cid)
939 static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
942 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
943 if (l2cap_pi(s)->scid == cid)
949 /* Find channel with given SCID.
950 * Returns locked socket */
951 static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
955 s = __l2cap_get_chan_by_scid(l, cid);
956 if (s) bh_lock_sock(s);
957 read_unlock(&l->lock);
961 static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
964 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
965 if (l2cap_pi(s)->ident == ident)
971 static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
975 s = __l2cap_get_chan_by_ident(l, ident);
976 if (s) bh_lock_sock(s);
977 read_unlock(&l->lock);
981 static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
985 for (; cid < 0xffff; cid++) {
986 if(!__l2cap_get_chan_by_scid(l, cid))
993 static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
998 l2cap_pi(l->head)->prev_c = sk;
1000 l2cap_pi(sk)->next_c = l->head;
1001 l2cap_pi(sk)->prev_c = NULL;
1005 static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
1007 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
1009 write_lock(&l->lock);
1014 l2cap_pi(next)->prev_c = prev;
1016 l2cap_pi(prev)->next_c = next;
1017 write_unlock(&l->lock);
1022 static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
1024 struct l2cap_chan_list *l = &conn->chan_list;
1026 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
1028 l2cap_pi(sk)->conn = conn;
1030 if (sk->sk_type == SOCK_SEQPACKET) {
1031 /* Alloc CID for connection-oriented socket */
1032 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
1033 } else if (sk->sk_type == SOCK_DGRAM) {
1034 /* Connectionless socket */
1035 l2cap_pi(sk)->scid = 0x0002;
1036 l2cap_pi(sk)->dcid = 0x0002;
1037 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
1039 /* Raw socket can send/recv signalling messages only */
1040 l2cap_pi(sk)->scid = 0x0001;
1041 l2cap_pi(sk)->dcid = 0x0001;
1042 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
1045 __l2cap_chan_link(l, sk);
1048 bt_accept_enqueue(parent, sk);
1052 * Must be called on the locked socket. */
1053 static void l2cap_chan_del(struct sock *sk, int err)
1055 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1056 struct sock *parent = bt_sk(sk)->parent;
1058 l2cap_sock_clear_timer(sk);
1060 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
1063 /* Unlink from channel list */
1064 l2cap_chan_unlink(&conn->chan_list, sk);
1065 l2cap_pi(sk)->conn = NULL;
1066 hci_conn_put(conn->hcon);
1069 sk->sk_state = BT_CLOSED;
1070 sock_set_flag(sk, SOCK_ZAPPED);
1076 bt_accept_unlink(sk);
1077 parent->sk_data_ready(parent, 0);
1079 sk->sk_state_change(sk);
1082 static void l2cap_conn_ready(struct l2cap_conn *conn)
1084 struct l2cap_chan_list *l = &conn->chan_list;
1087 BT_DBG("conn %p", conn);
1089 read_lock(&l->lock);
1091 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1094 if (sk->sk_type != SOCK_SEQPACKET) {
1095 l2cap_sock_clear_timer(sk);
1096 sk->sk_state = BT_CONNECTED;
1097 sk->sk_state_change(sk);
1098 } else if (sk->sk_state == BT_CONNECT) {
1099 struct l2cap_conn_req req;
1100 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
1101 req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);
1102 req.psm = l2cap_pi(sk)->psm;
1103 l2cap_send_cmd(conn, l2cap_pi(sk)->ident, L2CAP_CONN_REQ, sizeof(req), &req);
1109 read_unlock(&l->lock);
1112 /* Notify sockets that we cannot guaranty reliability anymore */
1113 static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
1115 struct l2cap_chan_list *l = &conn->chan_list;
1118 BT_DBG("conn %p", conn);
1120 read_lock(&l->lock);
1121 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1122 if (l2cap_pi(sk)->link_mode & L2CAP_LM_RELIABLE)
1125 read_unlock(&l->lock);
1128 static void l2cap_chan_ready(struct sock *sk)
1130 struct sock *parent = bt_sk(sk)->parent;
1132 BT_DBG("sk %p, parent %p", sk, parent);
1134 l2cap_pi(sk)->conf_state = 0;
1135 l2cap_sock_clear_timer(sk);
1138 /* Outgoing channel.
1139 * Wake up socket sleeping on connect.
1141 sk->sk_state = BT_CONNECTED;
1142 sk->sk_state_change(sk);
1144 /* Incoming channel.
1145 * Wake up socket sleeping on accept.
1147 parent->sk_data_ready(parent, 0);
1151 /* Copy frame to all raw sockets on that connection */
1152 static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1154 struct l2cap_chan_list *l = &conn->chan_list;
1155 struct sk_buff *nskb;
1158 BT_DBG("conn %p", conn);
1160 read_lock(&l->lock);
1161 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1162 if (sk->sk_type != SOCK_RAW)
1165 /* Don't send frame to the socket it came from */
1169 if (!(nskb = skb_clone(skb, GFP_ATOMIC)))
1172 if (sock_queue_rcv_skb(sk, nskb))
1175 read_unlock(&l->lock);
1178 /* ---- L2CAP signalling commands ---- */
1179 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
1180 u8 code, u8 ident, u16 dlen, void *data)
1182 struct sk_buff *skb, **frag;
1183 struct l2cap_cmd_hdr *cmd;
1184 struct l2cap_hdr *lh;
1187 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d", conn, code, ident, dlen);
1189 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
1190 count = min_t(unsigned int, conn->mtu, len);
1192 skb = bt_skb_alloc(count, GFP_ATOMIC);
1196 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1197 lh->len = __cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
1198 lh->cid = __cpu_to_le16(0x0001);
1200 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1203 cmd->len = __cpu_to_le16(dlen);
1206 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
1207 memcpy(skb_put(skb, count), data, count);
1213 /* Continuation fragments (no L2CAP header) */
1214 frag = &skb_shinfo(skb)->frag_list;
1216 count = min_t(unsigned int, conn->mtu, len);
1218 *frag = bt_skb_alloc(count, GFP_ATOMIC);
1222 memcpy(skb_put(*frag, count), data, count);
1227 frag = &(*frag)->next;
1237 static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
1239 struct l2cap_conf_opt *opt = *ptr;
1242 len = L2CAP_CONF_OPT_SIZE + opt->len;
1250 *val = *((u8 *) opt->val);
1254 *val = __le16_to_cpu(*((u16 *)opt->val));
1258 *val = __le32_to_cpu(*((u32 *)opt->val));
1262 *val = (unsigned long) opt->val;
1266 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
1270 static inline void l2cap_parse_conf_req(struct sock *sk, void *data, int len)
1272 int type, hint, olen;
1276 BT_DBG("sk %p len %d", sk, len);
1278 while (len >= L2CAP_CONF_OPT_SIZE) {
1279 len -= l2cap_get_conf_opt(&ptr, &type, &olen, &val);
1285 case L2CAP_CONF_MTU:
1286 l2cap_pi(sk)->conf_mtu = val;
1289 case L2CAP_CONF_FLUSH_TO:
1290 l2cap_pi(sk)->flush_to = val;
1293 case L2CAP_CONF_QOS:
1300 /* FIXME: Reject unknown option */
1306 static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
1308 struct l2cap_conf_opt *opt = *ptr;
1310 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
1317 *((u8 *) opt->val) = val;
1321 *((u16 *) opt->val) = __cpu_to_le16(val);
1325 *((u32 *) opt->val) = __cpu_to_le32(val);
1329 memcpy(opt->val, (void *) val, len);
1333 *ptr += L2CAP_CONF_OPT_SIZE + len;
1336 static int l2cap_build_conf_req(struct sock *sk, void *data)
1338 struct l2cap_pinfo *pi = l2cap_pi(sk);
1339 struct l2cap_conf_req *req = data;
1340 void *ptr = req->data;
1342 BT_DBG("sk %p", sk);
1344 if (pi->imtu != L2CAP_DEFAULT_MTU)
1345 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
1347 /* FIXME: Need actual value of the flush timeout */
1348 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
1349 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
1351 req->dcid = __cpu_to_le16(pi->dcid);
1352 req->flags = __cpu_to_le16(0);
1357 static inline int l2cap_conf_output(struct sock *sk, void **ptr)
1359 struct l2cap_pinfo *pi = l2cap_pi(sk);
1362 /* Configure output options and let the other side know
1363 * which ones we don't like. */
1364 if (pi->conf_mtu < pi->omtu) {
1365 l2cap_add_conf_opt(ptr, L2CAP_CONF_MTU, 2, pi->omtu);
1366 result = L2CAP_CONF_UNACCEPT;
1368 pi->omtu = pi->conf_mtu;
1371 BT_DBG("sk %p result %d", sk, result);
1375 static int l2cap_build_conf_rsp(struct sock *sk, void *data, int *result)
1377 struct l2cap_conf_rsp *rsp = data;
1378 void *ptr = rsp->data;
1381 BT_DBG("sk %p complete %d", sk, result ? 1 : 0);
1384 *result = l2cap_conf_output(sk, &ptr);
1388 rsp->scid = __cpu_to_le16(l2cap_pi(sk)->dcid);
1389 rsp->result = __cpu_to_le16(result ? *result : 0);
1390 rsp->flags = __cpu_to_le16(flags);
1395 static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1397 struct l2cap_chan_list *list = &conn->chan_list;
1398 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
1399 struct l2cap_conn_rsp rsp;
1400 struct sock *sk, *parent;
1401 int result = 0, status = 0;
1403 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
1406 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
1408 /* Check if we have socket listening on psm */
1409 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
1411 result = L2CAP_CR_BAD_PSM;
1415 result = L2CAP_CR_NO_MEM;
1417 /* Check for backlog size */
1418 if (sk_acceptq_is_full(parent)) {
1419 BT_DBG("backlog full %d", parent->sk_ack_backlog);
1423 sk = l2cap_sock_alloc(NULL, BTPROTO_L2CAP, GFP_ATOMIC);
1427 write_lock(&list->lock);
1429 /* Check if we already have channel with that dcid */
1430 if (__l2cap_get_chan_by_dcid(list, scid)) {
1431 write_unlock(&list->lock);
1432 sock_set_flag(sk, SOCK_ZAPPED);
1433 l2cap_sock_kill(sk);
1437 hci_conn_hold(conn->hcon);
1439 l2cap_sock_init(sk, parent);
1440 bacpy(&bt_sk(sk)->src, conn->src);
1441 bacpy(&bt_sk(sk)->dst, conn->dst);
1442 l2cap_pi(sk)->psm = psm;
1443 l2cap_pi(sk)->dcid = scid;
1445 __l2cap_chan_add(conn, sk, parent);
1446 dcid = l2cap_pi(sk)->scid;
1448 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
1450 /* Service level security */
1451 result = L2CAP_CR_PEND;
1452 status = L2CAP_CS_AUTHEN_PEND;
1453 sk->sk_state = BT_CONNECT2;
1454 l2cap_pi(sk)->ident = cmd->ident;
1456 if ((l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT) ||
1457 (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE)) {
1458 if (!hci_conn_encrypt(conn->hcon))
1460 } else if (l2cap_pi(sk)->link_mode & L2CAP_LM_AUTH) {
1461 if (!hci_conn_auth(conn->hcon))
1465 sk->sk_state = BT_CONFIG;
1466 result = status = 0;
1469 write_unlock(&list->lock);
1472 bh_unlock_sock(parent);
1475 rsp.scid = __cpu_to_le16(scid);
1476 rsp.dcid = __cpu_to_le16(dcid);
1477 rsp.result = __cpu_to_le16(result);
1478 rsp.status = __cpu_to_le16(status);
1479 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1483 static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1485 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
1486 u16 scid, dcid, result, status;
1490 scid = __le16_to_cpu(rsp->scid);
1491 dcid = __le16_to_cpu(rsp->dcid);
1492 result = __le16_to_cpu(rsp->result);
1493 status = __le16_to_cpu(rsp->status);
1495 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
1498 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1501 if (!(sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident)))
1506 case L2CAP_CR_SUCCESS:
1507 sk->sk_state = BT_CONFIG;
1508 l2cap_pi(sk)->ident = 0;
1509 l2cap_pi(sk)->dcid = dcid;
1510 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
1512 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1513 l2cap_build_conf_req(sk, req), req);
1520 l2cap_chan_del(sk, ECONNREFUSED);
1528 static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1530 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
1536 dcid = __le16_to_cpu(req->dcid);
1537 flags = __le16_to_cpu(req->flags);
1539 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
1541 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
1544 l2cap_parse_conf_req(sk, req->data, cmd->len - sizeof(*req));
1546 if (flags & 0x0001) {
1547 /* Incomplete config. Send empty response. */
1548 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
1549 l2cap_build_conf_rsp(sk, rsp, NULL), rsp);
1553 /* Complete config. */
1554 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
1555 l2cap_build_conf_rsp(sk, rsp, &result), rsp);
1560 /* Output config done */
1561 l2cap_pi(sk)->conf_state |= L2CAP_CONF_OUTPUT_DONE;
1563 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
1564 sk->sk_state = BT_CONNECTED;
1565 l2cap_chan_ready(sk);
1566 } else if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
1568 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1569 l2cap_build_conf_req(sk, req), req);
1577 static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1579 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
1580 u16 scid, flags, result;
1583 scid = __le16_to_cpu(rsp->scid);
1584 flags = __le16_to_cpu(rsp->flags);
1585 result = __le16_to_cpu(rsp->result);
1587 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x", scid, flags, result);
1589 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1593 case L2CAP_CONF_SUCCESS:
1596 case L2CAP_CONF_UNACCEPT:
1597 if (++l2cap_pi(sk)->conf_retry < L2CAP_CONF_MAX_RETRIES) {
1599 /* It does not make sense to adjust L2CAP parameters
1600 * that are currently defined in the spec. We simply
1601 * resend config request that we sent earlier. It is
1602 * stupid, but it helps qualification testing which
1603 * expects at least some response from us. */
1604 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1605 l2cap_build_conf_req(sk, req), req);
1610 sk->sk_state = BT_DISCONN;
1611 sk->sk_err = ECONNRESET;
1612 l2cap_sock_set_timer(sk, HZ * 5);
1614 struct l2cap_disconn_req req;
1615 req.dcid = __cpu_to_le16(l2cap_pi(sk)->dcid);
1616 req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);
1617 l2cap_send_cmd(conn, l2cap_get_ident(conn),
1618 L2CAP_DISCONN_REQ, sizeof(req), &req);
1626 /* Input config done */
1627 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
1629 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
1630 sk->sk_state = BT_CONNECTED;
1631 l2cap_chan_ready(sk);
1639 static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1641 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
1642 struct l2cap_disconn_rsp rsp;
1646 scid = __le16_to_cpu(req->scid);
1647 dcid = __le16_to_cpu(req->dcid);
1649 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
1651 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
1654 rsp.dcid = __cpu_to_le16(l2cap_pi(sk)->scid);
1655 rsp.scid = __cpu_to_le16(l2cap_pi(sk)->dcid);
1656 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
1658 sk->sk_shutdown = SHUTDOWN_MASK;
1660 l2cap_chan_del(sk, ECONNRESET);
1663 l2cap_sock_kill(sk);
1667 static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1669 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
1673 scid = __le16_to_cpu(rsp->scid);
1674 dcid = __le16_to_cpu(rsp->dcid);
1676 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
1678 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1681 l2cap_chan_del(sk, 0);
1684 l2cap_sock_kill(sk);
1688 static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1690 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
1691 struct l2cap_info_rsp rsp;
1694 type = __le16_to_cpu(req->type);
1696 BT_DBG("type 0x%4.4x", type);
1698 rsp.type = __cpu_to_le16(type);
1699 rsp.result = __cpu_to_le16(L2CAP_IR_NOTSUPP);
1700 l2cap_send_cmd(conn, cmd->ident, L2CAP_INFO_RSP, sizeof(rsp), &rsp);
1705 static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
1707 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
1710 type = __le16_to_cpu(rsp->type);
1711 result = __le16_to_cpu(rsp->result);
1713 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
1718 static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
1720 u8 *data = skb->data;
1722 struct l2cap_cmd_hdr cmd;
1725 l2cap_raw_recv(conn, skb);
1727 while (len >= L2CAP_CMD_HDR_SIZE) {
1728 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
1729 data += L2CAP_CMD_HDR_SIZE;
1730 len -= L2CAP_CMD_HDR_SIZE;
1732 cmd.len = __le16_to_cpu(cmd.len);
1734 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd.len, cmd.ident);
1736 if (cmd.len > len || !cmd.ident) {
1737 BT_DBG("corrupted command");
1742 case L2CAP_COMMAND_REJ:
1743 /* FIXME: We should process this */
1746 case L2CAP_CONN_REQ:
1747 err = l2cap_connect_req(conn, &cmd, data);
1750 case L2CAP_CONN_RSP:
1751 err = l2cap_connect_rsp(conn, &cmd, data);
1754 case L2CAP_CONF_REQ:
1755 err = l2cap_config_req(conn, &cmd, data);
1758 case L2CAP_CONF_RSP:
1759 err = l2cap_config_rsp(conn, &cmd, data);
1762 case L2CAP_DISCONN_REQ:
1763 err = l2cap_disconnect_req(conn, &cmd, data);
1766 case L2CAP_DISCONN_RSP:
1767 err = l2cap_disconnect_rsp(conn, &cmd, data);
1770 case L2CAP_ECHO_REQ:
1771 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd.len, data);
1774 case L2CAP_ECHO_RSP:
1777 case L2CAP_INFO_REQ:
1778 err = l2cap_information_req(conn, &cmd, data);
1781 case L2CAP_INFO_RSP:
1782 err = l2cap_information_rsp(conn, &cmd, data);
1786 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
1792 struct l2cap_cmd_rej rej;
1793 BT_DBG("error %d", err);
1795 /* FIXME: Map err to a valid reason */
1796 rej.reason = __cpu_to_le16(0);
1797 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
1807 static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
1811 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
1813 BT_DBG("unknown cid 0x%4.4x", cid);
1817 BT_DBG("sk %p, len %d", sk, skb->len);
1819 if (sk->sk_state != BT_CONNECTED)
1822 if (l2cap_pi(sk)->imtu < skb->len)
1825 /* If socket recv buffers overflows we drop data here
1826 * which is *bad* because L2CAP has to be reliable.
1827 * But we don't have any other choice. L2CAP doesn't
1828 * provide flow control mechanism. */
1830 if (!sock_queue_rcv_skb(sk, skb))
1837 if (sk) bh_unlock_sock(sk);
1841 static inline int l2cap_conless_channel(struct l2cap_conn *conn, u16 psm, struct sk_buff *skb)
1845 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
1849 BT_DBG("sk %p, len %d", sk, skb->len);
1851 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
1854 if (l2cap_pi(sk)->imtu < skb->len)
1857 if (!sock_queue_rcv_skb(sk, skb))
1864 if (sk) bh_unlock_sock(sk);
1868 static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
1870 struct l2cap_hdr *lh = (void *) skb->data;
1873 skb_pull(skb, L2CAP_HDR_SIZE);
1874 cid = __le16_to_cpu(lh->cid);
1875 len = __le16_to_cpu(lh->len);
1877 BT_DBG("len %d, cid 0x%4.4x", len, cid);
1881 l2cap_sig_channel(conn, skb);
1885 psm = get_unaligned((u16 *) skb->data);
1887 l2cap_conless_channel(conn, psm, skb);
1891 l2cap_data_channel(conn, cid, skb);
1896 /* ---- L2CAP interface with lower layer (HCI) ---- */
1898 static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
1900 int exact = 0, lm1 = 0, lm2 = 0;
1901 register struct sock *sk;
1902 struct hlist_node *node;
1904 if (type != ACL_LINK)
1907 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
1909 /* Find listening sockets and check their link_mode */
1910 read_lock(&l2cap_sk_list.lock);
1911 sk_for_each(sk, node, &l2cap_sk_list.head) {
1912 if (sk->sk_state != BT_LISTEN)
1915 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
1916 lm1 |= (HCI_LM_ACCEPT | l2cap_pi(sk)->link_mode);
1918 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
1919 lm2 |= (HCI_LM_ACCEPT | l2cap_pi(sk)->link_mode);
1921 read_unlock(&l2cap_sk_list.lock);
1923 return exact ? lm1 : lm2;
1926 static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
1928 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
1930 if (hcon->type != ACL_LINK)
1934 struct l2cap_conn *conn;
1936 conn = l2cap_conn_add(hcon, status);
1938 l2cap_conn_ready(conn);
1940 l2cap_conn_del(hcon, bt_err(status));
1945 static int l2cap_disconn_ind(struct hci_conn *hcon, u8 reason)
1947 BT_DBG("hcon %p reason %d", hcon, reason);
1949 if (hcon->type != ACL_LINK)
1952 l2cap_conn_del(hcon, bt_err(reason));
1956 static int l2cap_auth_cfm(struct hci_conn *hcon, u8 status)
1958 struct l2cap_chan_list *l;
1959 struct l2cap_conn *conn;
1960 struct l2cap_conn_rsp rsp;
1964 if (!(conn = hcon->l2cap_data))
1966 l = &conn->chan_list;
1968 BT_DBG("conn %p", conn);
1970 read_lock(&l->lock);
1972 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1975 if (sk->sk_state != BT_CONNECT2 ||
1976 (l2cap_pi(sk)->link_mode & L2CAP_LM_ENCRYPT) ||
1977 (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE)) {
1983 sk->sk_state = BT_CONFIG;
1986 sk->sk_state = BT_DISCONN;
1987 l2cap_sock_set_timer(sk, HZ/10);
1988 result = L2CAP_CR_SEC_BLOCK;
1991 rsp.scid = __cpu_to_le16(l2cap_pi(sk)->dcid);
1992 rsp.dcid = __cpu_to_le16(l2cap_pi(sk)->scid);
1993 rsp.result = __cpu_to_le16(result);
1994 rsp.status = __cpu_to_le16(0);
1995 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
1996 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2001 read_unlock(&l->lock);
2005 static int l2cap_encrypt_cfm(struct hci_conn *hcon, u8 status)
2007 struct l2cap_chan_list *l;
2008 struct l2cap_conn *conn;
2009 struct l2cap_conn_rsp rsp;
2013 if (!(conn = hcon->l2cap_data))
2015 l = &conn->chan_list;
2017 BT_DBG("conn %p", conn);
2019 read_lock(&l->lock);
2021 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2024 if (sk->sk_state != BT_CONNECT2) {
2030 sk->sk_state = BT_CONFIG;
2033 sk->sk_state = BT_DISCONN;
2034 l2cap_sock_set_timer(sk, HZ/10);
2035 result = L2CAP_CR_SEC_BLOCK;
2038 rsp.scid = __cpu_to_le16(l2cap_pi(sk)->dcid);
2039 rsp.dcid = __cpu_to_le16(l2cap_pi(sk)->scid);
2040 rsp.result = __cpu_to_le16(result);
2041 rsp.status = __cpu_to_le16(0);
2042 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
2043 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2045 if (l2cap_pi(sk)->link_mode & L2CAP_LM_SECURE)
2046 hci_conn_change_link_key(hcon);
2051 read_unlock(&l->lock);
2055 static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
2057 struct l2cap_conn *conn = hcon->l2cap_data;
2059 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
2062 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
2064 if (flags & ACL_START) {
2065 struct l2cap_hdr *hdr;
2069 BT_ERR("Unexpected start frame (len %d)", skb->len);
2070 kfree_skb(conn->rx_skb);
2071 conn->rx_skb = NULL;
2073 l2cap_conn_unreliable(conn, ECOMM);
2077 BT_ERR("Frame is too short (len %d)", skb->len);
2078 l2cap_conn_unreliable(conn, ECOMM);
2082 hdr = (struct l2cap_hdr *) skb->data;
2083 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
2085 if (len == skb->len) {
2086 /* Complete frame received */
2087 l2cap_recv_frame(conn, skb);
2091 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
2093 if (skb->len > len) {
2094 BT_ERR("Frame is too long (len %d, expected len %d)",
2096 l2cap_conn_unreliable(conn, ECOMM);
2100 /* Allocate skb for the complete frame (with header) */
2101 if (!(conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC)))
2104 memcpy(skb_put(conn->rx_skb, skb->len), skb->data, skb->len);
2105 conn->rx_len = len - skb->len;
2107 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
2109 if (!conn->rx_len) {
2110 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
2111 l2cap_conn_unreliable(conn, ECOMM);
2115 if (skb->len > conn->rx_len) {
2116 BT_ERR("Fragment is too long (len %d, expected %d)",
2117 skb->len, conn->rx_len);
2118 kfree_skb(conn->rx_skb);
2119 conn->rx_skb = NULL;
2121 l2cap_conn_unreliable(conn, ECOMM);
2125 memcpy(skb_put(conn->rx_skb, skb->len), skb->data, skb->len);
2126 conn->rx_len -= skb->len;
2128 if (!conn->rx_len) {
2129 /* Complete frame received */
2130 l2cap_recv_frame(conn, conn->rx_skb);
2131 conn->rx_skb = NULL;
2140 /* ---- Proc fs support ---- */
2141 #ifdef CONFIG_PROC_FS
2142 static void *l2cap_seq_start(struct seq_file *seq, loff_t *pos)
2145 struct hlist_node *node;
2148 read_lock_bh(&l2cap_sk_list.lock);
2150 sk_for_each(sk, node, &l2cap_sk_list.head)
2158 static void *l2cap_seq_next(struct seq_file *seq, void *e, loff_t *pos)
2164 static void l2cap_seq_stop(struct seq_file *seq, void *e)
2166 read_unlock_bh(&l2cap_sk_list.lock);
2169 static int l2cap_seq_show(struct seq_file *seq, void *e)
2171 struct sock *sk = e;
2172 struct l2cap_pinfo *pi = l2cap_pi(sk);
2174 seq_printf(seq, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d 0x%x\n",
2175 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2176 sk->sk_state, pi->psm, pi->scid, pi->dcid, pi->imtu,
2177 pi->omtu, pi->link_mode);
2181 static struct seq_operations l2cap_seq_ops = {
2182 .start = l2cap_seq_start,
2183 .next = l2cap_seq_next,
2184 .stop = l2cap_seq_stop,
2185 .show = l2cap_seq_show
2188 static int l2cap_seq_open(struct inode *inode, struct file *file)
2190 return seq_open(file, &l2cap_seq_ops);
2193 static struct file_operations l2cap_seq_fops = {
2194 .owner = THIS_MODULE,
2195 .open = l2cap_seq_open,
2197 .llseek = seq_lseek,
2198 .release = seq_release,
2201 static int __init l2cap_proc_init(void)
2203 struct proc_dir_entry *p = create_proc_entry("l2cap", S_IRUGO, proc_bt);
2206 p->owner = THIS_MODULE;
2207 p->proc_fops = &l2cap_seq_fops;
2211 static void __exit l2cap_proc_cleanup(void)
2213 remove_proc_entry("l2cap", proc_bt);
2216 #else /* CONFIG_PROC_FS */
2218 static int __init l2cap_proc_init(void)
2223 static void __exit l2cap_proc_cleanup(void)
2227 #endif /* CONFIG_PROC_FS */
2229 static struct proto_ops l2cap_sock_ops = {
2230 .family = PF_BLUETOOTH,
2231 .owner = THIS_MODULE,
2232 .release = l2cap_sock_release,
2233 .bind = l2cap_sock_bind,
2234 .connect = l2cap_sock_connect,
2235 .listen = l2cap_sock_listen,
2236 .accept = l2cap_sock_accept,
2237 .getname = l2cap_sock_getname,
2238 .sendmsg = l2cap_sock_sendmsg,
2239 .recvmsg = bt_sock_recvmsg,
2240 .poll = bt_sock_poll,
2241 .mmap = sock_no_mmap,
2242 .socketpair = sock_no_socketpair,
2243 .ioctl = sock_no_ioctl,
2244 .shutdown = l2cap_sock_shutdown,
2245 .setsockopt = l2cap_sock_setsockopt,
2246 .getsockopt = l2cap_sock_getsockopt
2249 static struct net_proto_family l2cap_sock_family_ops = {
2250 .family = PF_BLUETOOTH,
2251 .owner = THIS_MODULE,
2252 .create = l2cap_sock_create,
2255 static struct hci_proto l2cap_hci_proto = {
2257 .id = HCI_PROTO_L2CAP,
2258 .connect_ind = l2cap_connect_ind,
2259 .connect_cfm = l2cap_connect_cfm,
2260 .disconn_ind = l2cap_disconn_ind,
2261 .auth_cfm = l2cap_auth_cfm,
2262 .encrypt_cfm = l2cap_encrypt_cfm,
2263 .recv_acldata = l2cap_recv_acldata
2266 static int __init l2cap_init(void)
2270 err = proto_register(&l2cap_proto, 0);
2274 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
2276 BT_ERR("L2CAP socket registration failed");
2280 err = hci_register_proto(&l2cap_hci_proto);
2282 BT_ERR("L2CAP protocol registration failed");
2283 bt_sock_unregister(BTPROTO_L2CAP);
2289 BT_INFO("L2CAP ver %s", VERSION);
2290 BT_INFO("L2CAP socket layer initialized");
2295 proto_unregister(&l2cap_proto);
2299 static void __exit l2cap_exit(void)
2301 l2cap_proc_cleanup();
2303 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
2304 BT_ERR("L2CAP socket unregistration failed");
2306 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
2307 BT_ERR("L2CAP protocol unregistration failed");
2309 proto_unregister(&l2cap_proto);
2312 void l2cap_load(void)
2314 /* Dummy function to trigger automatic L2CAP module loading by
2315 * other modules that use L2CAP sockets but don't use any other
2316 * symbols from it. */
2319 EXPORT_SYMBOL(l2cap_load);
2321 module_init(l2cap_init);
2322 module_exit(l2cap_exit);
2324 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
2325 MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
2326 MODULE_VERSION(VERSION);
2327 MODULE_LICENSE("GPL");
2328 MODULE_ALIAS("bt-proto-0");