2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
50 /* Handle HCI Event packets */
52 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
54 __u8 status = *((__u8 *) skb->data);
56 BT_DBG("%s status 0x%x", hdev->name, status);
60 mgmt_stop_discovery_failed(hdev, status);
65 clear_bit(HCI_INQUIRY, &hdev->flags);
68 mgmt_discovering(hdev, 0);
71 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
73 hci_conn_check_pending(hdev);
76 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
78 __u8 status = *((__u8 *) skb->data);
80 BT_DBG("%s status 0x%x", hdev->name, status);
85 hci_conn_check_pending(hdev);
88 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
90 BT_DBG("%s", hdev->name);
93 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
98 BT_DBG("%s status 0x%x", hdev->name, rp->status);
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
108 conn->link_mode &= ~HCI_LM_MASTER;
110 conn->link_mode |= HCI_LM_MASTER;
113 hci_dev_unlock(hdev);
116 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
121 BT_DBG("%s status 0x%x", hdev->name, rp->status);
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
130 conn->link_policy = __le16_to_cpu(rp->policy);
132 hci_dev_unlock(hdev);
135 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
138 struct hci_conn *conn;
141 BT_DBG("%s status 0x%x", hdev->name, rp->status);
146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
154 conn->link_policy = get_unaligned_le16(sent + 2);
156 hci_dev_unlock(hdev);
159 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
161 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
163 BT_DBG("%s status 0x%x", hdev->name, rp->status);
168 hdev->link_policy = __le16_to_cpu(rp->policy);
171 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
173 __u8 status = *((__u8 *) skb->data);
176 BT_DBG("%s status 0x%x", hdev->name, status);
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
183 hdev->link_policy = get_unaligned_le16(sent);
185 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
188 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
190 __u8 status = *((__u8 *) skb->data);
192 BT_DBG("%s status 0x%x", hdev->name, status);
194 clear_bit(HCI_RESET, &hdev->flags);
196 hci_req_complete(hdev, HCI_OP_RESET, status);
201 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
203 __u8 status = *((__u8 *) skb->data);
206 BT_DBG("%s status 0x%x", hdev->name, status);
208 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
214 if (test_bit(HCI_MGMT, &hdev->flags))
215 mgmt_set_local_name_complete(hdev, sent, status);
218 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
220 hci_dev_unlock(hdev);
223 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
225 struct hci_rp_read_local_name *rp = (void *) skb->data;
227 BT_DBG("%s status 0x%x", hdev->name, rp->status);
232 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
235 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
237 __u8 status = *((__u8 *) skb->data);
240 BT_DBG("%s status 0x%x", hdev->name, status);
242 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
247 __u8 param = *((__u8 *) sent);
249 if (param == AUTH_ENABLED)
250 set_bit(HCI_AUTH, &hdev->flags);
252 clear_bit(HCI_AUTH, &hdev->flags);
255 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
258 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
260 __u8 status = *((__u8 *) skb->data);
263 BT_DBG("%s status 0x%x", hdev->name, status);
265 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
270 __u8 param = *((__u8 *) sent);
273 set_bit(HCI_ENCRYPT, &hdev->flags);
275 clear_bit(HCI_ENCRYPT, &hdev->flags);
278 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
281 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
283 __u8 param, status = *((__u8 *) skb->data);
284 int old_pscan, old_iscan;
287 BT_DBG("%s status 0x%x", hdev->name, status);
289 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
293 param = *((__u8 *) sent);
298 mgmt_write_scan_failed(hdev, param, status);
299 hdev->discov_timeout = 0;
303 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
304 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
306 if (param & SCAN_INQUIRY) {
307 set_bit(HCI_ISCAN, &hdev->flags);
309 mgmt_discoverable(hdev, 1);
310 if (hdev->discov_timeout > 0) {
311 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
312 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
315 } else if (old_iscan)
316 mgmt_discoverable(hdev, 0);
318 if (param & SCAN_PAGE) {
319 set_bit(HCI_PSCAN, &hdev->flags);
321 mgmt_connectable(hdev, 1);
322 } else if (old_pscan)
323 mgmt_connectable(hdev, 0);
326 hci_dev_unlock(hdev);
327 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
330 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
332 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
334 BT_DBG("%s status 0x%x", hdev->name, rp->status);
339 memcpy(hdev->dev_class, rp->dev_class, 3);
341 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
342 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
345 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
347 __u8 status = *((__u8 *) skb->data);
350 BT_DBG("%s status 0x%x", hdev->name, status);
355 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
359 memcpy(hdev->dev_class, sent, 3);
362 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
364 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
367 BT_DBG("%s status 0x%x", hdev->name, rp->status);
372 setting = __le16_to_cpu(rp->voice_setting);
374 if (hdev->voice_setting == setting)
377 hdev->voice_setting = setting;
379 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
382 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
385 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
387 __u8 status = *((__u8 *) skb->data);
391 BT_DBG("%s status 0x%x", hdev->name, status);
396 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
400 setting = get_unaligned_le16(sent);
402 if (hdev->voice_setting == setting)
405 hdev->voice_setting = setting;
407 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
410 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
413 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
415 __u8 status = *((__u8 *) skb->data);
417 BT_DBG("%s status 0x%x", hdev->name, status);
419 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
422 static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
424 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
426 BT_DBG("%s status 0x%x", hdev->name, rp->status);
431 hdev->ssp_mode = rp->mode;
434 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
436 __u8 status = *((__u8 *) skb->data);
439 BT_DBG("%s status 0x%x", hdev->name, status);
444 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
448 hdev->ssp_mode = *((__u8 *) sent);
451 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
453 if (hdev->features[6] & LMP_EXT_INQ)
456 if (hdev->features[3] & LMP_RSSI_INQ)
459 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
460 hdev->lmp_subver == 0x0757)
463 if (hdev->manufacturer == 15) {
464 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
466 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
468 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
472 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
473 hdev->lmp_subver == 0x1805)
479 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
483 mode = hci_get_inquiry_mode(hdev);
485 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
488 static void hci_setup_event_mask(struct hci_dev *hdev)
490 /* The second byte is 0xff instead of 0x9f (two reserved bits
491 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
492 * command otherwise */
493 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
495 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
496 * any event mask for pre 1.2 devices */
497 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
500 events[4] |= 0x01; /* Flow Specification Complete */
501 events[4] |= 0x02; /* Inquiry Result with RSSI */
502 events[4] |= 0x04; /* Read Remote Extended Features Complete */
503 events[5] |= 0x08; /* Synchronous Connection Complete */
504 events[5] |= 0x10; /* Synchronous Connection Changed */
506 if (hdev->features[3] & LMP_RSSI_INQ)
507 events[4] |= 0x04; /* Inquiry Result with RSSI */
509 if (hdev->features[5] & LMP_SNIFF_SUBR)
510 events[5] |= 0x20; /* Sniff Subrating */
512 if (hdev->features[5] & LMP_PAUSE_ENC)
513 events[5] |= 0x80; /* Encryption Key Refresh Complete */
515 if (hdev->features[6] & LMP_EXT_INQ)
516 events[5] |= 0x40; /* Extended Inquiry Result */
518 if (hdev->features[6] & LMP_NO_FLUSH)
519 events[7] |= 0x01; /* Enhanced Flush Complete */
521 if (hdev->features[7] & LMP_LSTO)
522 events[6] |= 0x80; /* Link Supervision Timeout Changed */
524 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
525 events[6] |= 0x01; /* IO Capability Request */
526 events[6] |= 0x02; /* IO Capability Response */
527 events[6] |= 0x04; /* User Confirmation Request */
528 events[6] |= 0x08; /* User Passkey Request */
529 events[6] |= 0x10; /* Remote OOB Data Request */
530 events[6] |= 0x20; /* Simple Pairing Complete */
531 events[7] |= 0x04; /* User Passkey Notification */
532 events[7] |= 0x08; /* Keypress Notification */
533 events[7] |= 0x10; /* Remote Host Supported
534 * Features Notification */
537 if (hdev->features[4] & LMP_LE)
538 events[7] |= 0x20; /* LE Meta-Event */
540 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
543 static void hci_set_le_support(struct hci_dev *hdev)
545 struct hci_cp_write_le_host_supported cp;
547 memset(&cp, 0, sizeof(cp));
551 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
554 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
557 static void hci_setup(struct hci_dev *hdev)
559 if (hdev->dev_type != HCI_BREDR)
562 hci_setup_event_mask(hdev);
564 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
565 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
567 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
569 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
572 if (hdev->features[3] & LMP_RSSI_INQ)
573 hci_setup_inquiry_mode(hdev);
575 if (hdev->features[7] & LMP_INQ_TX_PWR)
576 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
578 if (hdev->features[7] & LMP_EXTFEATURES) {
579 struct hci_cp_read_local_ext_features cp;
582 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
586 if (hdev->features[4] & LMP_LE)
587 hci_set_le_support(hdev);
590 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
592 struct hci_rp_read_local_version *rp = (void *) skb->data;
594 BT_DBG("%s status 0x%x", hdev->name, rp->status);
599 hdev->hci_ver = rp->hci_ver;
600 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
601 hdev->lmp_ver = rp->lmp_ver;
602 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
603 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
605 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
607 hdev->hci_ver, hdev->hci_rev);
609 if (test_bit(HCI_INIT, &hdev->flags))
613 static void hci_setup_link_policy(struct hci_dev *hdev)
617 if (hdev->features[0] & LMP_RSWITCH)
618 link_policy |= HCI_LP_RSWITCH;
619 if (hdev->features[0] & LMP_HOLD)
620 link_policy |= HCI_LP_HOLD;
621 if (hdev->features[0] & LMP_SNIFF)
622 link_policy |= HCI_LP_SNIFF;
623 if (hdev->features[1] & LMP_PARK)
624 link_policy |= HCI_LP_PARK;
626 link_policy = cpu_to_le16(link_policy);
627 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
628 sizeof(link_policy), &link_policy);
631 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
633 struct hci_rp_read_local_commands *rp = (void *) skb->data;
635 BT_DBG("%s status 0x%x", hdev->name, rp->status);
640 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
642 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
643 hci_setup_link_policy(hdev);
646 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
649 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
651 struct hci_rp_read_local_features *rp = (void *) skb->data;
653 BT_DBG("%s status 0x%x", hdev->name, rp->status);
658 memcpy(hdev->features, rp->features, 8);
660 /* Adjust default settings according to features
661 * supported by device. */
663 if (hdev->features[0] & LMP_3SLOT)
664 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
666 if (hdev->features[0] & LMP_5SLOT)
667 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
669 if (hdev->features[1] & LMP_HV2) {
670 hdev->pkt_type |= (HCI_HV2);
671 hdev->esco_type |= (ESCO_HV2);
674 if (hdev->features[1] & LMP_HV3) {
675 hdev->pkt_type |= (HCI_HV3);
676 hdev->esco_type |= (ESCO_HV3);
679 if (hdev->features[3] & LMP_ESCO)
680 hdev->esco_type |= (ESCO_EV3);
682 if (hdev->features[4] & LMP_EV4)
683 hdev->esco_type |= (ESCO_EV4);
685 if (hdev->features[4] & LMP_EV5)
686 hdev->esco_type |= (ESCO_EV5);
688 if (hdev->features[5] & LMP_EDR_ESCO_2M)
689 hdev->esco_type |= (ESCO_2EV3);
691 if (hdev->features[5] & LMP_EDR_ESCO_3M)
692 hdev->esco_type |= (ESCO_3EV3);
694 if (hdev->features[5] & LMP_EDR_3S_ESCO)
695 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
697 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
698 hdev->features[0], hdev->features[1],
699 hdev->features[2], hdev->features[3],
700 hdev->features[4], hdev->features[5],
701 hdev->features[6], hdev->features[7]);
704 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
707 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
709 BT_DBG("%s status 0x%x", hdev->name, rp->status);
714 memcpy(hdev->extfeatures, rp->features, 8);
716 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
719 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
722 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
724 BT_DBG("%s status 0x%x", hdev->name, rp->status);
729 hdev->flow_ctl_mode = rp->mode;
731 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
734 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
736 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
738 BT_DBG("%s status 0x%x", hdev->name, rp->status);
743 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
744 hdev->sco_mtu = rp->sco_mtu;
745 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
746 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
748 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
753 hdev->acl_cnt = hdev->acl_pkts;
754 hdev->sco_cnt = hdev->sco_pkts;
756 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
757 hdev->acl_mtu, hdev->acl_pkts,
758 hdev->sco_mtu, hdev->sco_pkts);
761 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
763 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
765 BT_DBG("%s status 0x%x", hdev->name, rp->status);
768 bacpy(&hdev->bdaddr, &rp->bdaddr);
770 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
773 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
776 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
778 BT_DBG("%s status 0x%x", hdev->name, rp->status);
783 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
784 hdev->block_len = __le16_to_cpu(rp->block_len);
785 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
787 hdev->block_cnt = hdev->num_blocks;
789 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
790 hdev->block_cnt, hdev->block_len);
792 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
795 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
797 __u8 status = *((__u8 *) skb->data);
799 BT_DBG("%s status 0x%x", hdev->name, status);
801 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
804 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
809 BT_DBG("%s status 0x%x", hdev->name, rp->status);
814 hdev->amp_status = rp->amp_status;
815 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
816 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
817 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
818 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
819 hdev->amp_type = rp->amp_type;
820 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
821 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
822 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
823 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
825 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
828 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
831 __u8 status = *((__u8 *) skb->data);
833 BT_DBG("%s status 0x%x", hdev->name, status);
835 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
838 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
840 __u8 status = *((__u8 *) skb->data);
842 BT_DBG("%s status 0x%x", hdev->name, status);
844 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
847 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
850 __u8 status = *((__u8 *) skb->data);
852 BT_DBG("%s status 0x%x", hdev->name, status);
854 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
857 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
860 __u8 status = *((__u8 *) skb->data);
862 BT_DBG("%s status 0x%x", hdev->name, status);
864 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
867 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
869 __u8 status = *((__u8 *) skb->data);
871 BT_DBG("%s status 0x%x", hdev->name, status);
873 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
876 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
878 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
879 struct hci_cp_pin_code_reply *cp;
880 struct hci_conn *conn;
882 BT_DBG("%s status 0x%x", hdev->name, rp->status);
886 if (test_bit(HCI_MGMT, &hdev->flags))
887 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
892 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
896 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
898 conn->pin_length = cp->pin_len;
901 hci_dev_unlock(hdev);
904 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
906 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
908 BT_DBG("%s status 0x%x", hdev->name, rp->status);
912 if (test_bit(HCI_MGMT, &hdev->flags))
913 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
916 hci_dev_unlock(hdev);
919 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
922 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
924 BT_DBG("%s status 0x%x", hdev->name, rp->status);
929 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
930 hdev->le_pkts = rp->le_max_pkt;
932 hdev->le_cnt = hdev->le_pkts;
934 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
936 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
939 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
941 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
943 BT_DBG("%s status 0x%x", hdev->name, rp->status);
947 if (test_bit(HCI_MGMT, &hdev->flags))
948 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr,
951 hci_dev_unlock(hdev);
954 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
957 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
959 BT_DBG("%s status 0x%x", hdev->name, rp->status);
963 if (test_bit(HCI_MGMT, &hdev->flags))
964 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
967 hci_dev_unlock(hdev);
970 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
972 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
974 BT_DBG("%s status 0x%x", hdev->name, rp->status);
978 if (test_bit(HCI_MGMT, &hdev->flags))
979 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr,
982 hci_dev_unlock(hdev);
985 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
988 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
990 BT_DBG("%s status 0x%x", hdev->name, rp->status);
994 if (test_bit(HCI_MGMT, &hdev->flags))
995 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
998 hci_dev_unlock(hdev);
1001 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1002 struct sk_buff *skb)
1004 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1006 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1009 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
1010 rp->randomizer, rp->status);
1011 hci_dev_unlock(hdev);
1014 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1016 __u8 status = *((__u8 *) skb->data);
1018 BT_DBG("%s status 0x%x", hdev->name, status);
1021 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1022 struct sk_buff *skb)
1024 struct hci_cp_le_set_scan_enable *cp;
1025 __u8 status = *((__u8 *) skb->data);
1027 BT_DBG("%s status 0x%x", hdev->name, status);
1032 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1036 if (cp->enable == 0x01) {
1037 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1039 cancel_delayed_work_sync(&hdev->adv_work);
1042 hci_adv_entries_clear(hdev);
1043 hci_dev_unlock(hdev);
1044 } else if (cp->enable == 0x00) {
1045 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1047 cancel_delayed_work_sync(&hdev->adv_work);
1048 queue_delayed_work(hdev->workqueue, &hdev->adv_work,
1049 jiffies + ADV_CLEAR_TIMEOUT);
1053 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1055 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1057 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1062 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1065 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1067 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1069 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1074 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1077 static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1078 struct sk_buff *skb)
1080 struct hci_cp_read_local_ext_features cp;
1081 __u8 status = *((__u8 *) skb->data);
1083 BT_DBG("%s status 0x%x", hdev->name, status);
1089 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
1092 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1094 BT_DBG("%s status 0x%x", hdev->name, status);
1097 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1098 hci_conn_check_pending(hdev);
1100 if (test_bit(HCI_MGMT, &hdev->flags))
1101 mgmt_start_discovery_failed(hdev, status);
1102 hci_dev_unlock(hdev);
1106 set_bit(HCI_INQUIRY, &hdev->flags);
1109 mgmt_discovering(hdev, 1);
1110 hci_dev_unlock(hdev);
1113 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1115 struct hci_cp_create_conn *cp;
1116 struct hci_conn *conn;
1118 BT_DBG("%s status 0x%x", hdev->name, status);
1120 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1126 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1128 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1131 if (conn && conn->state == BT_CONNECT) {
1132 if (status != 0x0c || conn->attempt > 2) {
1133 conn->state = BT_CLOSED;
1134 hci_proto_connect_cfm(conn, status);
1137 conn->state = BT_CONNECT2;
1141 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1144 conn->link_mode |= HCI_LM_MASTER;
1146 BT_ERR("No memory for new connection");
1150 hci_dev_unlock(hdev);
1153 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1155 struct hci_cp_add_sco *cp;
1156 struct hci_conn *acl, *sco;
1159 BT_DBG("%s status 0x%x", hdev->name, status);
1164 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1168 handle = __le16_to_cpu(cp->handle);
1170 BT_DBG("%s handle %d", hdev->name, handle);
1174 acl = hci_conn_hash_lookup_handle(hdev, handle);
1178 sco->state = BT_CLOSED;
1180 hci_proto_connect_cfm(sco, status);
1185 hci_dev_unlock(hdev);
1188 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1190 struct hci_cp_auth_requested *cp;
1191 struct hci_conn *conn;
1193 BT_DBG("%s status 0x%x", hdev->name, status);
1198 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1204 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1206 if (conn->state == BT_CONFIG) {
1207 hci_proto_connect_cfm(conn, status);
1212 hci_dev_unlock(hdev);
1215 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1217 struct hci_cp_set_conn_encrypt *cp;
1218 struct hci_conn *conn;
1220 BT_DBG("%s status 0x%x", hdev->name, status);
1225 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1231 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1233 if (conn->state == BT_CONFIG) {
1234 hci_proto_connect_cfm(conn, status);
1239 hci_dev_unlock(hdev);
1242 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1243 struct hci_conn *conn)
1245 if (conn->state != BT_CONFIG || !conn->out)
1248 if (conn->pending_sec_level == BT_SECURITY_SDP)
1251 /* Only request authentication for SSP connections or non-SSP
1252 * devices with sec_level HIGH or if MITM protection is requested */
1253 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
1254 conn->pending_sec_level != BT_SECURITY_HIGH &&
1255 !(conn->auth_type & 0x01))
1261 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1263 struct hci_cp_remote_name_req *cp;
1264 struct hci_conn *conn;
1266 BT_DBG("%s status 0x%x", hdev->name, status);
1268 /* If successful wait for the name req complete event before
1269 * checking for the need to do authentication */
1273 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1279 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1283 if (!hci_outgoing_auth_needed(hdev, conn))
1286 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1287 struct hci_cp_auth_requested cp;
1288 cp.handle = __cpu_to_le16(conn->handle);
1289 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1293 hci_dev_unlock(hdev);
1296 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1298 struct hci_cp_read_remote_features *cp;
1299 struct hci_conn *conn;
1301 BT_DBG("%s status 0x%x", hdev->name, status);
1306 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1312 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1314 if (conn->state == BT_CONFIG) {
1315 hci_proto_connect_cfm(conn, status);
1320 hci_dev_unlock(hdev);
1323 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1325 struct hci_cp_read_remote_ext_features *cp;
1326 struct hci_conn *conn;
1328 BT_DBG("%s status 0x%x", hdev->name, status);
1333 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1339 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1341 if (conn->state == BT_CONFIG) {
1342 hci_proto_connect_cfm(conn, status);
1347 hci_dev_unlock(hdev);
1350 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1352 struct hci_cp_setup_sync_conn *cp;
1353 struct hci_conn *acl, *sco;
1356 BT_DBG("%s status 0x%x", hdev->name, status);
1361 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1365 handle = __le16_to_cpu(cp->handle);
1367 BT_DBG("%s handle %d", hdev->name, handle);
1371 acl = hci_conn_hash_lookup_handle(hdev, handle);
1375 sco->state = BT_CLOSED;
1377 hci_proto_connect_cfm(sco, status);
1382 hci_dev_unlock(hdev);
1385 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1387 struct hci_cp_sniff_mode *cp;
1388 struct hci_conn *conn;
1390 BT_DBG("%s status 0x%x", hdev->name, status);
1395 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1401 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1403 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1405 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1406 hci_sco_setup(conn, status);
1409 hci_dev_unlock(hdev);
1412 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1414 struct hci_cp_exit_sniff_mode *cp;
1415 struct hci_conn *conn;
1417 BT_DBG("%s status 0x%x", hdev->name, status);
1422 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1428 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1430 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1432 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1433 hci_sco_setup(conn, status);
1436 hci_dev_unlock(hdev);
1439 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1441 struct hci_cp_le_create_conn *cp;
1442 struct hci_conn *conn;
1444 BT_DBG("%s status 0x%x", hdev->name, status);
1446 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1452 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1454 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1458 if (conn && conn->state == BT_CONNECT) {
1459 conn->state = BT_CLOSED;
1460 hci_proto_connect_cfm(conn, status);
1465 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1467 conn->dst_type = cp->peer_addr_type;
1470 BT_ERR("No memory for new connection");
1475 hci_dev_unlock(hdev);
1478 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1480 BT_DBG("%s status 0x%x", hdev->name, status);
1483 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1485 __u8 status = *((__u8 *) skb->data);
1487 BT_DBG("%s status %d", hdev->name, status);
1489 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1491 hci_conn_check_pending(hdev);
1493 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1497 mgmt_discovering(hdev, 0);
1498 hci_dev_unlock(hdev);
1501 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1503 struct inquiry_data data;
1504 struct inquiry_info *info = (void *) (skb->data + 1);
1505 int num_rsp = *((__u8 *) skb->data);
1507 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1514 for (; num_rsp; num_rsp--, info++) {
1515 bacpy(&data.bdaddr, &info->bdaddr);
1516 data.pscan_rep_mode = info->pscan_rep_mode;
1517 data.pscan_period_mode = info->pscan_period_mode;
1518 data.pscan_mode = info->pscan_mode;
1519 memcpy(data.dev_class, info->dev_class, 3);
1520 data.clock_offset = info->clock_offset;
1522 data.ssp_mode = 0x00;
1523 hci_inquiry_cache_update(hdev, &data);
1524 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1525 info->dev_class, 0, NULL);
1528 hci_dev_unlock(hdev);
1531 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1533 struct hci_ev_conn_complete *ev = (void *) skb->data;
1534 struct hci_conn *conn;
1536 BT_DBG("%s", hdev->name);
1540 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1542 if (ev->link_type != SCO_LINK)
1545 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1549 conn->type = SCO_LINK;
1553 conn->handle = __le16_to_cpu(ev->handle);
1555 if (conn->type == ACL_LINK) {
1556 conn->state = BT_CONFIG;
1557 hci_conn_hold(conn);
1558 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1559 mgmt_connected(hdev, &ev->bdaddr, conn->type,
1562 conn->state = BT_CONNECTED;
1564 hci_conn_hold_device(conn);
1565 hci_conn_add_sysfs(conn);
1567 if (test_bit(HCI_AUTH, &hdev->flags))
1568 conn->link_mode |= HCI_LM_AUTH;
1570 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1571 conn->link_mode |= HCI_LM_ENCRYPT;
1573 /* Get remote features */
1574 if (conn->type == ACL_LINK) {
1575 struct hci_cp_read_remote_features cp;
1576 cp.handle = ev->handle;
1577 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1581 /* Set packet type for incoming connection */
1582 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1583 struct hci_cp_change_conn_ptype cp;
1584 cp.handle = ev->handle;
1585 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1586 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1590 conn->state = BT_CLOSED;
1591 if (conn->type == ACL_LINK)
1592 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1593 conn->dst_type, ev->status);
1596 if (conn->type == ACL_LINK)
1597 hci_sco_setup(conn, ev->status);
1600 hci_proto_connect_cfm(conn, ev->status);
1602 } else if (ev->link_type != ACL_LINK)
1603 hci_proto_connect_cfm(conn, ev->status);
1606 hci_dev_unlock(hdev);
1608 hci_conn_check_pending(hdev);
1611 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1613 struct hci_ev_conn_request *ev = (void *) skb->data;
1614 int mask = hdev->link_mode;
1616 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1617 batostr(&ev->bdaddr), ev->link_type);
1619 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1621 if ((mask & HCI_LM_ACCEPT) &&
1622 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1623 /* Connection accepted */
1624 struct inquiry_entry *ie;
1625 struct hci_conn *conn;
1629 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1631 memcpy(ie->data.dev_class, ev->dev_class, 3);
1633 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1635 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1637 BT_ERR("No memory for new connection");
1638 hci_dev_unlock(hdev);
1643 memcpy(conn->dev_class, ev->dev_class, 3);
1644 conn->state = BT_CONNECT;
1646 hci_dev_unlock(hdev);
1648 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1649 struct hci_cp_accept_conn_req cp;
1651 bacpy(&cp.bdaddr, &ev->bdaddr);
1653 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1654 cp.role = 0x00; /* Become master */
1656 cp.role = 0x01; /* Remain slave */
1658 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1661 struct hci_cp_accept_sync_conn_req cp;
1663 bacpy(&cp.bdaddr, &ev->bdaddr);
1664 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1666 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1667 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1668 cp.max_latency = cpu_to_le16(0xffff);
1669 cp.content_format = cpu_to_le16(hdev->voice_setting);
1670 cp.retrans_effort = 0xff;
1672 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1676 /* Connection rejected */
1677 struct hci_cp_reject_conn_req cp;
1679 bacpy(&cp.bdaddr, &ev->bdaddr);
1680 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1681 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1685 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1687 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1688 struct hci_conn *conn;
1690 BT_DBG("%s status %d", hdev->name, ev->status);
1694 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1698 if (ev->status == 0)
1699 conn->state = BT_CLOSED;
1701 if (conn->type == ACL_LINK || conn->type == LE_LINK) {
1702 if (ev->status != 0)
1703 mgmt_disconnect_failed(hdev, &conn->dst, ev->status);
1705 mgmt_disconnected(hdev, &conn->dst, conn->type,
1709 if (ev->status == 0) {
1710 hci_proto_disconn_cfm(conn, ev->reason);
1715 hci_dev_unlock(hdev);
1718 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1720 struct hci_ev_auth_complete *ev = (void *) skb->data;
1721 struct hci_conn *conn;
1723 BT_DBG("%s status %d", hdev->name, ev->status);
1727 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1732 if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) &&
1733 test_bit(HCI_CONN_REAUTH_PEND, &conn->pend)) {
1734 BT_INFO("re-auth of legacy device is not possible.");
1736 conn->link_mode |= HCI_LM_AUTH;
1737 conn->sec_level = conn->pending_sec_level;
1740 mgmt_auth_failed(hdev, &conn->dst, ev->status);
1743 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1744 clear_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
1746 if (conn->state == BT_CONFIG) {
1747 if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) {
1748 struct hci_cp_set_conn_encrypt cp;
1749 cp.handle = ev->handle;
1751 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1754 conn->state = BT_CONNECTED;
1755 hci_proto_connect_cfm(conn, ev->status);
1759 hci_auth_cfm(conn, ev->status);
1761 hci_conn_hold(conn);
1762 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1766 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1768 struct hci_cp_set_conn_encrypt cp;
1769 cp.handle = ev->handle;
1771 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1774 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1775 hci_encrypt_cfm(conn, ev->status, 0x00);
1780 hci_dev_unlock(hdev);
1783 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1785 struct hci_ev_remote_name *ev = (void *) skb->data;
1786 struct hci_conn *conn;
1788 BT_DBG("%s", hdev->name);
1790 hci_conn_check_pending(hdev);
1794 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
1795 mgmt_remote_name(hdev, &ev->bdaddr, ev->name);
1797 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1801 if (!hci_outgoing_auth_needed(hdev, conn))
1804 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1805 struct hci_cp_auth_requested cp;
1806 cp.handle = __cpu_to_le16(conn->handle);
1807 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1811 hci_dev_unlock(hdev);
1814 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1816 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1817 struct hci_conn *conn;
1819 BT_DBG("%s status %d", hdev->name, ev->status);
1823 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1827 /* Encryption implies authentication */
1828 conn->link_mode |= HCI_LM_AUTH;
1829 conn->link_mode |= HCI_LM_ENCRYPT;
1830 conn->sec_level = conn->pending_sec_level;
1832 conn->link_mode &= ~HCI_LM_ENCRYPT;
1835 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1837 if (conn->state == BT_CONFIG) {
1839 conn->state = BT_CONNECTED;
1841 hci_proto_connect_cfm(conn, ev->status);
1844 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1847 hci_dev_unlock(hdev);
1850 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1852 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1853 struct hci_conn *conn;
1855 BT_DBG("%s status %d", hdev->name, ev->status);
1859 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1862 conn->link_mode |= HCI_LM_SECURE;
1864 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1866 hci_key_change_cfm(conn, ev->status);
1869 hci_dev_unlock(hdev);
1872 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1874 struct hci_ev_remote_features *ev = (void *) skb->data;
1875 struct hci_conn *conn;
1877 BT_DBG("%s status %d", hdev->name, ev->status);
1881 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1886 memcpy(conn->features, ev->features, 8);
1888 if (conn->state != BT_CONFIG)
1891 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1892 struct hci_cp_read_remote_ext_features cp;
1893 cp.handle = ev->handle;
1895 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
1901 struct hci_cp_remote_name_req cp;
1902 memset(&cp, 0, sizeof(cp));
1903 bacpy(&cp.bdaddr, &conn->dst);
1904 cp.pscan_rep_mode = 0x02;
1905 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1908 if (!hci_outgoing_auth_needed(hdev, conn)) {
1909 conn->state = BT_CONNECTED;
1910 hci_proto_connect_cfm(conn, ev->status);
1915 hci_dev_unlock(hdev);
1918 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1920 BT_DBG("%s", hdev->name);
1923 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1925 BT_DBG("%s", hdev->name);
1928 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1930 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1933 skb_pull(skb, sizeof(*ev));
1935 opcode = __le16_to_cpu(ev->opcode);
1938 case HCI_OP_INQUIRY_CANCEL:
1939 hci_cc_inquiry_cancel(hdev, skb);
1942 case HCI_OP_EXIT_PERIODIC_INQ:
1943 hci_cc_exit_periodic_inq(hdev, skb);
1946 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1947 hci_cc_remote_name_req_cancel(hdev, skb);
1950 case HCI_OP_ROLE_DISCOVERY:
1951 hci_cc_role_discovery(hdev, skb);
1954 case HCI_OP_READ_LINK_POLICY:
1955 hci_cc_read_link_policy(hdev, skb);
1958 case HCI_OP_WRITE_LINK_POLICY:
1959 hci_cc_write_link_policy(hdev, skb);
1962 case HCI_OP_READ_DEF_LINK_POLICY:
1963 hci_cc_read_def_link_policy(hdev, skb);
1966 case HCI_OP_WRITE_DEF_LINK_POLICY:
1967 hci_cc_write_def_link_policy(hdev, skb);
1971 hci_cc_reset(hdev, skb);
1974 case HCI_OP_WRITE_LOCAL_NAME:
1975 hci_cc_write_local_name(hdev, skb);
1978 case HCI_OP_READ_LOCAL_NAME:
1979 hci_cc_read_local_name(hdev, skb);
1982 case HCI_OP_WRITE_AUTH_ENABLE:
1983 hci_cc_write_auth_enable(hdev, skb);
1986 case HCI_OP_WRITE_ENCRYPT_MODE:
1987 hci_cc_write_encrypt_mode(hdev, skb);
1990 case HCI_OP_WRITE_SCAN_ENABLE:
1991 hci_cc_write_scan_enable(hdev, skb);
1994 case HCI_OP_READ_CLASS_OF_DEV:
1995 hci_cc_read_class_of_dev(hdev, skb);
1998 case HCI_OP_WRITE_CLASS_OF_DEV:
1999 hci_cc_write_class_of_dev(hdev, skb);
2002 case HCI_OP_READ_VOICE_SETTING:
2003 hci_cc_read_voice_setting(hdev, skb);
2006 case HCI_OP_WRITE_VOICE_SETTING:
2007 hci_cc_write_voice_setting(hdev, skb);
2010 case HCI_OP_HOST_BUFFER_SIZE:
2011 hci_cc_host_buffer_size(hdev, skb);
2014 case HCI_OP_READ_SSP_MODE:
2015 hci_cc_read_ssp_mode(hdev, skb);
2018 case HCI_OP_WRITE_SSP_MODE:
2019 hci_cc_write_ssp_mode(hdev, skb);
2022 case HCI_OP_READ_LOCAL_VERSION:
2023 hci_cc_read_local_version(hdev, skb);
2026 case HCI_OP_READ_LOCAL_COMMANDS:
2027 hci_cc_read_local_commands(hdev, skb);
2030 case HCI_OP_READ_LOCAL_FEATURES:
2031 hci_cc_read_local_features(hdev, skb);
2034 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2035 hci_cc_read_local_ext_features(hdev, skb);
2038 case HCI_OP_READ_BUFFER_SIZE:
2039 hci_cc_read_buffer_size(hdev, skb);
2042 case HCI_OP_READ_BD_ADDR:
2043 hci_cc_read_bd_addr(hdev, skb);
2046 case HCI_OP_READ_DATA_BLOCK_SIZE:
2047 hci_cc_read_data_block_size(hdev, skb);
2050 case HCI_OP_WRITE_CA_TIMEOUT:
2051 hci_cc_write_ca_timeout(hdev, skb);
2054 case HCI_OP_READ_FLOW_CONTROL_MODE:
2055 hci_cc_read_flow_control_mode(hdev, skb);
2058 case HCI_OP_READ_LOCAL_AMP_INFO:
2059 hci_cc_read_local_amp_info(hdev, skb);
2062 case HCI_OP_DELETE_STORED_LINK_KEY:
2063 hci_cc_delete_stored_link_key(hdev, skb);
2066 case HCI_OP_SET_EVENT_MASK:
2067 hci_cc_set_event_mask(hdev, skb);
2070 case HCI_OP_WRITE_INQUIRY_MODE:
2071 hci_cc_write_inquiry_mode(hdev, skb);
2074 case HCI_OP_READ_INQ_RSP_TX_POWER:
2075 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2078 case HCI_OP_SET_EVENT_FLT:
2079 hci_cc_set_event_flt(hdev, skb);
2082 case HCI_OP_PIN_CODE_REPLY:
2083 hci_cc_pin_code_reply(hdev, skb);
2086 case HCI_OP_PIN_CODE_NEG_REPLY:
2087 hci_cc_pin_code_neg_reply(hdev, skb);
2090 case HCI_OP_READ_LOCAL_OOB_DATA:
2091 hci_cc_read_local_oob_data_reply(hdev, skb);
2094 case HCI_OP_LE_READ_BUFFER_SIZE:
2095 hci_cc_le_read_buffer_size(hdev, skb);
2098 case HCI_OP_USER_CONFIRM_REPLY:
2099 hci_cc_user_confirm_reply(hdev, skb);
2102 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2103 hci_cc_user_confirm_neg_reply(hdev, skb);
2106 case HCI_OP_USER_PASSKEY_REPLY:
2107 hci_cc_user_passkey_reply(hdev, skb);
2110 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2111 hci_cc_user_passkey_neg_reply(hdev, skb);
2113 case HCI_OP_LE_SET_SCAN_PARAM:
2114 hci_cc_le_set_scan_param(hdev, skb);
2117 case HCI_OP_LE_SET_SCAN_ENABLE:
2118 hci_cc_le_set_scan_enable(hdev, skb);
2121 case HCI_OP_LE_LTK_REPLY:
2122 hci_cc_le_ltk_reply(hdev, skb);
2125 case HCI_OP_LE_LTK_NEG_REPLY:
2126 hci_cc_le_ltk_neg_reply(hdev, skb);
2129 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2130 hci_cc_write_le_host_supported(hdev, skb);
2134 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2138 if (ev->opcode != HCI_OP_NOP)
2139 del_timer(&hdev->cmd_timer);
2142 atomic_set(&hdev->cmd_cnt, 1);
2143 if (!skb_queue_empty(&hdev->cmd_q))
2144 queue_work(hdev->workqueue, &hdev->cmd_work);
2148 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2150 struct hci_ev_cmd_status *ev = (void *) skb->data;
2153 skb_pull(skb, sizeof(*ev));
2155 opcode = __le16_to_cpu(ev->opcode);
2158 case HCI_OP_INQUIRY:
2159 hci_cs_inquiry(hdev, ev->status);
2162 case HCI_OP_CREATE_CONN:
2163 hci_cs_create_conn(hdev, ev->status);
2166 case HCI_OP_ADD_SCO:
2167 hci_cs_add_sco(hdev, ev->status);
2170 case HCI_OP_AUTH_REQUESTED:
2171 hci_cs_auth_requested(hdev, ev->status);
2174 case HCI_OP_SET_CONN_ENCRYPT:
2175 hci_cs_set_conn_encrypt(hdev, ev->status);
2178 case HCI_OP_REMOTE_NAME_REQ:
2179 hci_cs_remote_name_req(hdev, ev->status);
2182 case HCI_OP_READ_REMOTE_FEATURES:
2183 hci_cs_read_remote_features(hdev, ev->status);
2186 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2187 hci_cs_read_remote_ext_features(hdev, ev->status);
2190 case HCI_OP_SETUP_SYNC_CONN:
2191 hci_cs_setup_sync_conn(hdev, ev->status);
2194 case HCI_OP_SNIFF_MODE:
2195 hci_cs_sniff_mode(hdev, ev->status);
2198 case HCI_OP_EXIT_SNIFF_MODE:
2199 hci_cs_exit_sniff_mode(hdev, ev->status);
2202 case HCI_OP_DISCONNECT:
2203 if (ev->status != 0)
2204 mgmt_disconnect_failed(hdev, NULL, ev->status);
2207 case HCI_OP_LE_CREATE_CONN:
2208 hci_cs_le_create_conn(hdev, ev->status);
2211 case HCI_OP_LE_START_ENC:
2212 hci_cs_le_start_enc(hdev, ev->status);
2216 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2220 if (ev->opcode != HCI_OP_NOP)
2221 del_timer(&hdev->cmd_timer);
2223 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2224 atomic_set(&hdev->cmd_cnt, 1);
2225 if (!skb_queue_empty(&hdev->cmd_q))
2226 queue_work(hdev->workqueue, &hdev->cmd_work);
2230 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2232 struct hci_ev_role_change *ev = (void *) skb->data;
2233 struct hci_conn *conn;
2235 BT_DBG("%s status %d", hdev->name, ev->status);
2239 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2243 conn->link_mode &= ~HCI_LM_MASTER;
2245 conn->link_mode |= HCI_LM_MASTER;
2248 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
2250 hci_role_switch_cfm(conn, ev->status, ev->role);
2253 hci_dev_unlock(hdev);
2256 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2258 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2262 skb_pull(skb, sizeof(*ev));
2264 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2266 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2267 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2271 if (skb->len < ev->num_hndl * 4) {
2272 BT_DBG("%s bad parameters", hdev->name);
2276 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
2277 struct hci_conn *conn;
2278 __u16 handle, count;
2280 handle = get_unaligned_le16(ptr++);
2281 count = get_unaligned_le16(ptr++);
2283 conn = hci_conn_hash_lookup_handle(hdev, handle);
2287 conn->sent -= count;
2289 switch (conn->type) {
2291 hdev->acl_cnt += count;
2292 if (hdev->acl_cnt > hdev->acl_pkts)
2293 hdev->acl_cnt = hdev->acl_pkts;
2297 if (hdev->le_pkts) {
2298 hdev->le_cnt += count;
2299 if (hdev->le_cnt > hdev->le_pkts)
2300 hdev->le_cnt = hdev->le_pkts;
2302 hdev->acl_cnt += count;
2303 if (hdev->acl_cnt > hdev->acl_pkts)
2304 hdev->acl_cnt = hdev->acl_pkts;
2309 hdev->sco_cnt += count;
2310 if (hdev->sco_cnt > hdev->sco_pkts)
2311 hdev->sco_cnt = hdev->sco_pkts;
2315 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2320 queue_work(hdev->workqueue, &hdev->tx_work);
2323 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2325 struct hci_ev_mode_change *ev = (void *) skb->data;
2326 struct hci_conn *conn;
2328 BT_DBG("%s status %d", hdev->name, ev->status);
2332 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2334 conn->mode = ev->mode;
2335 conn->interval = __le16_to_cpu(ev->interval);
2337 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2338 if (conn->mode == HCI_CM_ACTIVE)
2339 conn->power_save = 1;
2341 conn->power_save = 0;
2344 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2345 hci_sco_setup(conn, ev->status);
2348 hci_dev_unlock(hdev);
2351 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2353 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2354 struct hci_conn *conn;
2356 BT_DBG("%s", hdev->name);
2360 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2364 if (conn->state == BT_CONNECTED) {
2365 hci_conn_hold(conn);
2366 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2370 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2371 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2372 sizeof(ev->bdaddr), &ev->bdaddr);
2373 else if (test_bit(HCI_MGMT, &hdev->flags)) {
2376 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2381 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2385 hci_dev_unlock(hdev);
2388 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2390 struct hci_ev_link_key_req *ev = (void *) skb->data;
2391 struct hci_cp_link_key_reply cp;
2392 struct hci_conn *conn;
2393 struct link_key *key;
2395 BT_DBG("%s", hdev->name);
2397 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2402 key = hci_find_link_key(hdev, &ev->bdaddr);
2404 BT_DBG("%s link key not found for %s", hdev->name,
2405 batostr(&ev->bdaddr));
2409 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2410 batostr(&ev->bdaddr));
2412 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2413 key->type == HCI_LK_DEBUG_COMBINATION) {
2414 BT_DBG("%s ignoring debug key", hdev->name);
2418 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2420 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2421 conn->auth_type != 0xff &&
2422 (conn->auth_type & 0x01)) {
2423 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2427 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2428 conn->pending_sec_level == BT_SECURITY_HIGH) {
2429 BT_DBG("%s ignoring key unauthenticated for high \
2430 security", hdev->name);
2434 conn->key_type = key->type;
2435 conn->pin_length = key->pin_len;
2438 bacpy(&cp.bdaddr, &ev->bdaddr);
2439 memcpy(cp.link_key, key->val, 16);
2441 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2443 hci_dev_unlock(hdev);
2448 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2449 hci_dev_unlock(hdev);
2452 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2454 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2455 struct hci_conn *conn;
2458 BT_DBG("%s", hdev->name);
2462 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2464 hci_conn_hold(conn);
2465 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2466 pin_len = conn->pin_length;
2468 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2469 conn->key_type = ev->key_type;
2474 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
2475 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2476 ev->key_type, pin_len);
2478 hci_dev_unlock(hdev);
2481 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2483 struct hci_ev_clock_offset *ev = (void *) skb->data;
2484 struct hci_conn *conn;
2486 BT_DBG("%s status %d", hdev->name, ev->status);
2490 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2491 if (conn && !ev->status) {
2492 struct inquiry_entry *ie;
2494 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2496 ie->data.clock_offset = ev->clock_offset;
2497 ie->timestamp = jiffies;
2501 hci_dev_unlock(hdev);
2504 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2506 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2507 struct hci_conn *conn;
2509 BT_DBG("%s status %d", hdev->name, ev->status);
2513 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2514 if (conn && !ev->status)
2515 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2517 hci_dev_unlock(hdev);
2520 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2522 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2523 struct inquiry_entry *ie;
2525 BT_DBG("%s", hdev->name);
2529 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2531 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2532 ie->timestamp = jiffies;
2535 hci_dev_unlock(hdev);
2538 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2540 struct inquiry_data data;
2541 int num_rsp = *((__u8 *) skb->data);
2543 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2550 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2551 struct inquiry_info_with_rssi_and_pscan_mode *info;
2552 info = (void *) (skb->data + 1);
2554 for (; num_rsp; num_rsp--, info++) {
2555 bacpy(&data.bdaddr, &info->bdaddr);
2556 data.pscan_rep_mode = info->pscan_rep_mode;
2557 data.pscan_period_mode = info->pscan_period_mode;
2558 data.pscan_mode = info->pscan_mode;
2559 memcpy(data.dev_class, info->dev_class, 3);
2560 data.clock_offset = info->clock_offset;
2561 data.rssi = info->rssi;
2562 data.ssp_mode = 0x00;
2563 hci_inquiry_cache_update(hdev, &data);
2564 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2565 info->dev_class, info->rssi,
2569 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2571 for (; num_rsp; num_rsp--, info++) {
2572 bacpy(&data.bdaddr, &info->bdaddr);
2573 data.pscan_rep_mode = info->pscan_rep_mode;
2574 data.pscan_period_mode = info->pscan_period_mode;
2575 data.pscan_mode = 0x00;
2576 memcpy(data.dev_class, info->dev_class, 3);
2577 data.clock_offset = info->clock_offset;
2578 data.rssi = info->rssi;
2579 data.ssp_mode = 0x00;
2580 hci_inquiry_cache_update(hdev, &data);
2581 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2582 info->dev_class, info->rssi,
2587 hci_dev_unlock(hdev);
2590 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2592 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2593 struct hci_conn *conn;
2595 BT_DBG("%s", hdev->name);
2599 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2603 if (!ev->status && ev->page == 0x01) {
2604 struct inquiry_entry *ie;
2606 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2608 ie->data.ssp_mode = (ev->features[0] & 0x01);
2610 conn->ssp_mode = (ev->features[0] & 0x01);
2613 if (conn->state != BT_CONFIG)
2617 struct hci_cp_remote_name_req cp;
2618 memset(&cp, 0, sizeof(cp));
2619 bacpy(&cp.bdaddr, &conn->dst);
2620 cp.pscan_rep_mode = 0x02;
2621 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2624 if (!hci_outgoing_auth_needed(hdev, conn)) {
2625 conn->state = BT_CONNECTED;
2626 hci_proto_connect_cfm(conn, ev->status);
2631 hci_dev_unlock(hdev);
2634 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2636 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2637 struct hci_conn *conn;
2639 BT_DBG("%s status %d", hdev->name, ev->status);
2643 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2645 if (ev->link_type == ESCO_LINK)
2648 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2652 conn->type = SCO_LINK;
2655 switch (ev->status) {
2657 conn->handle = __le16_to_cpu(ev->handle);
2658 conn->state = BT_CONNECTED;
2660 hci_conn_hold_device(conn);
2661 hci_conn_add_sysfs(conn);
2664 case 0x11: /* Unsupported Feature or Parameter Value */
2665 case 0x1c: /* SCO interval rejected */
2666 case 0x1a: /* Unsupported Remote Feature */
2667 case 0x1f: /* Unspecified error */
2668 if (conn->out && conn->attempt < 2) {
2669 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2670 (hdev->esco_type & EDR_ESCO_MASK);
2671 hci_setup_sync(conn, conn->link->handle);
2677 conn->state = BT_CLOSED;
2681 hci_proto_connect_cfm(conn, ev->status);
2686 hci_dev_unlock(hdev);
2689 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2691 BT_DBG("%s", hdev->name);
2694 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2696 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2698 BT_DBG("%s status %d", hdev->name, ev->status);
2701 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2703 struct inquiry_data data;
2704 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2705 int num_rsp = *((__u8 *) skb->data);
2707 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2714 for (; num_rsp; num_rsp--, info++) {
2715 bacpy(&data.bdaddr, &info->bdaddr);
2716 data.pscan_rep_mode = info->pscan_rep_mode;
2717 data.pscan_period_mode = info->pscan_period_mode;
2718 data.pscan_mode = 0x00;
2719 memcpy(data.dev_class, info->dev_class, 3);
2720 data.clock_offset = info->clock_offset;
2721 data.rssi = info->rssi;
2722 data.ssp_mode = 0x01;
2723 hci_inquiry_cache_update(hdev, &data);
2724 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2725 info->dev_class, info->rssi, info->data);
2728 hci_dev_unlock(hdev);
2731 static inline u8 hci_get_auth_req(struct hci_conn *conn)
2733 /* If remote requests dedicated bonding follow that lead */
2734 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2735 /* If both remote and local IO capabilities allow MITM
2736 * protection then require it, otherwise don't */
2737 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2743 /* If remote requests no-bonding follow that lead */
2744 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
2745 return conn->remote_auth | (conn->auth_type & 0x01);
2747 return conn->auth_type;
2750 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2752 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2753 struct hci_conn *conn;
2755 BT_DBG("%s", hdev->name);
2759 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2763 hci_conn_hold(conn);
2765 if (!test_bit(HCI_MGMT, &hdev->flags))
2768 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2769 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
2770 struct hci_cp_io_capability_reply cp;
2772 bacpy(&cp.bdaddr, &ev->bdaddr);
2773 cp.capability = conn->io_capability;
2774 conn->auth_type = hci_get_auth_req(conn);
2775 cp.authentication = conn->auth_type;
2777 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2778 hci_find_remote_oob_data(hdev, &conn->dst))
2783 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2786 struct hci_cp_io_capability_neg_reply cp;
2788 bacpy(&cp.bdaddr, &ev->bdaddr);
2789 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
2791 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2796 hci_dev_unlock(hdev);
2799 static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2801 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2802 struct hci_conn *conn;
2804 BT_DBG("%s", hdev->name);
2808 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2812 conn->remote_cap = ev->capability;
2813 conn->remote_oob = ev->oob_data;
2814 conn->remote_auth = ev->authentication;
2817 hci_dev_unlock(hdev);
2820 static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2821 struct sk_buff *skb)
2823 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
2824 int loc_mitm, rem_mitm, confirm_hint = 0;
2825 struct hci_conn *conn;
2827 BT_DBG("%s", hdev->name);
2831 if (!test_bit(HCI_MGMT, &hdev->flags))
2834 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2838 loc_mitm = (conn->auth_type & 0x01);
2839 rem_mitm = (conn->remote_auth & 0x01);
2841 /* If we require MITM but the remote device can't provide that
2842 * (it has NoInputNoOutput) then reject the confirmation
2843 * request. The only exception is when we're dedicated bonding
2844 * initiators (connect_cfm_cb set) since then we always have the MITM
2846 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2847 BT_DBG("Rejecting request: remote device can't provide MITM");
2848 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2849 sizeof(ev->bdaddr), &ev->bdaddr);
2853 /* If no side requires MITM protection; auto-accept */
2854 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2855 (!rem_mitm || conn->io_capability == 0x03)) {
2857 /* If we're not the initiators request authorization to
2858 * proceed from user space (mgmt_user_confirm with
2859 * confirm_hint set to 1). */
2860 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2861 BT_DBG("Confirming auto-accept as acceptor");
2866 BT_DBG("Auto-accept of user confirmation with %ums delay",
2867 hdev->auto_accept_delay);
2869 if (hdev->auto_accept_delay > 0) {
2870 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2871 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2875 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2876 sizeof(ev->bdaddr), &ev->bdaddr);
2881 mgmt_user_confirm_request(hdev, &ev->bdaddr, ev->passkey,
2885 hci_dev_unlock(hdev);
2888 static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
2889 struct sk_buff *skb)
2891 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
2893 BT_DBG("%s", hdev->name);
2897 if (test_bit(HCI_MGMT, &hdev->flags))
2898 mgmt_user_passkey_request(hdev, &ev->bdaddr);
2900 hci_dev_unlock(hdev);
2903 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2905 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2906 struct hci_conn *conn;
2908 BT_DBG("%s", hdev->name);
2912 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2916 /* To avoid duplicate auth_failed events to user space we check
2917 * the HCI_CONN_AUTH_PEND flag which will be set if we
2918 * initiated the authentication. A traditional auth_complete
2919 * event gets always produced as initiator and is also mapped to
2920 * the mgmt_auth_failed event */
2921 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
2922 mgmt_auth_failed(hdev, &conn->dst, ev->status);
2927 hci_dev_unlock(hdev);
2930 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2932 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2933 struct inquiry_entry *ie;
2935 BT_DBG("%s", hdev->name);
2939 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2941 ie->data.ssp_mode = (ev->features[0] & 0x01);
2943 hci_dev_unlock(hdev);
2946 static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2947 struct sk_buff *skb)
2949 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2950 struct oob_data *data;
2952 BT_DBG("%s", hdev->name);
2956 if (!test_bit(HCI_MGMT, &hdev->flags))
2959 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2961 struct hci_cp_remote_oob_data_reply cp;
2963 bacpy(&cp.bdaddr, &ev->bdaddr);
2964 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2965 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2967 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2970 struct hci_cp_remote_oob_data_neg_reply cp;
2972 bacpy(&cp.bdaddr, &ev->bdaddr);
2973 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2978 hci_dev_unlock(hdev);
2981 static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2983 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2984 struct hci_conn *conn;
2986 BT_DBG("%s status %d", hdev->name, ev->status);
2990 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
2992 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2994 BT_ERR("No memory for new connection");
2995 hci_dev_unlock(hdev);
2999 conn->dst_type = ev->bdaddr_type;
3003 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
3004 conn->dst_type, ev->status);
3005 hci_proto_connect_cfm(conn, ev->status);
3006 conn->state = BT_CLOSED;
3011 mgmt_connected(hdev, &ev->bdaddr, conn->type, conn->dst_type);
3013 conn->sec_level = BT_SECURITY_LOW;
3014 conn->handle = __le16_to_cpu(ev->handle);
3015 conn->state = BT_CONNECTED;
3017 hci_conn_hold_device(conn);
3018 hci_conn_add_sysfs(conn);
3020 hci_proto_connect_cfm(conn, ev->status);
3023 hci_dev_unlock(hdev);
3026 static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3027 struct sk_buff *skb)
3029 u8 num_reports = skb->data[0];
3030 void *ptr = &skb->data[1];
3034 while (num_reports--) {
3035 struct hci_ev_le_advertising_info *ev = ptr;
3037 hci_add_adv_entry(hdev, ev);
3039 ptr += sizeof(*ev) + ev->length + 1;
3042 hci_dev_unlock(hdev);
3045 static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3046 struct sk_buff *skb)
3048 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3049 struct hci_cp_le_ltk_reply cp;
3050 struct hci_cp_le_ltk_neg_reply neg;
3051 struct hci_conn *conn;
3052 struct link_key *ltk;
3054 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3058 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3062 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3066 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3067 cp.handle = cpu_to_le16(conn->handle);
3068 conn->pin_length = ltk->pin_len;
3070 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3072 hci_dev_unlock(hdev);
3077 neg.handle = ev->handle;
3078 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3079 hci_dev_unlock(hdev);
3082 static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3084 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3086 skb_pull(skb, sizeof(*le_ev));
3088 switch (le_ev->subevent) {
3089 case HCI_EV_LE_CONN_COMPLETE:
3090 hci_le_conn_complete_evt(hdev, skb);
3093 case HCI_EV_LE_ADVERTISING_REPORT:
3094 hci_le_adv_report_evt(hdev, skb);
3097 case HCI_EV_LE_LTK_REQ:
3098 hci_le_ltk_request_evt(hdev, skb);
3106 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3108 struct hci_event_hdr *hdr = (void *) skb->data;
3109 __u8 event = hdr->evt;
3111 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3114 case HCI_EV_INQUIRY_COMPLETE:
3115 hci_inquiry_complete_evt(hdev, skb);
3118 case HCI_EV_INQUIRY_RESULT:
3119 hci_inquiry_result_evt(hdev, skb);
3122 case HCI_EV_CONN_COMPLETE:
3123 hci_conn_complete_evt(hdev, skb);
3126 case HCI_EV_CONN_REQUEST:
3127 hci_conn_request_evt(hdev, skb);
3130 case HCI_EV_DISCONN_COMPLETE:
3131 hci_disconn_complete_evt(hdev, skb);
3134 case HCI_EV_AUTH_COMPLETE:
3135 hci_auth_complete_evt(hdev, skb);
3138 case HCI_EV_REMOTE_NAME:
3139 hci_remote_name_evt(hdev, skb);
3142 case HCI_EV_ENCRYPT_CHANGE:
3143 hci_encrypt_change_evt(hdev, skb);
3146 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3147 hci_change_link_key_complete_evt(hdev, skb);
3150 case HCI_EV_REMOTE_FEATURES:
3151 hci_remote_features_evt(hdev, skb);
3154 case HCI_EV_REMOTE_VERSION:
3155 hci_remote_version_evt(hdev, skb);
3158 case HCI_EV_QOS_SETUP_COMPLETE:
3159 hci_qos_setup_complete_evt(hdev, skb);
3162 case HCI_EV_CMD_COMPLETE:
3163 hci_cmd_complete_evt(hdev, skb);
3166 case HCI_EV_CMD_STATUS:
3167 hci_cmd_status_evt(hdev, skb);
3170 case HCI_EV_ROLE_CHANGE:
3171 hci_role_change_evt(hdev, skb);
3174 case HCI_EV_NUM_COMP_PKTS:
3175 hci_num_comp_pkts_evt(hdev, skb);
3178 case HCI_EV_MODE_CHANGE:
3179 hci_mode_change_evt(hdev, skb);
3182 case HCI_EV_PIN_CODE_REQ:
3183 hci_pin_code_request_evt(hdev, skb);
3186 case HCI_EV_LINK_KEY_REQ:
3187 hci_link_key_request_evt(hdev, skb);
3190 case HCI_EV_LINK_KEY_NOTIFY:
3191 hci_link_key_notify_evt(hdev, skb);
3194 case HCI_EV_CLOCK_OFFSET:
3195 hci_clock_offset_evt(hdev, skb);
3198 case HCI_EV_PKT_TYPE_CHANGE:
3199 hci_pkt_type_change_evt(hdev, skb);
3202 case HCI_EV_PSCAN_REP_MODE:
3203 hci_pscan_rep_mode_evt(hdev, skb);
3206 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3207 hci_inquiry_result_with_rssi_evt(hdev, skb);
3210 case HCI_EV_REMOTE_EXT_FEATURES:
3211 hci_remote_ext_features_evt(hdev, skb);
3214 case HCI_EV_SYNC_CONN_COMPLETE:
3215 hci_sync_conn_complete_evt(hdev, skb);
3218 case HCI_EV_SYNC_CONN_CHANGED:
3219 hci_sync_conn_changed_evt(hdev, skb);
3222 case HCI_EV_SNIFF_SUBRATE:
3223 hci_sniff_subrate_evt(hdev, skb);
3226 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3227 hci_extended_inquiry_result_evt(hdev, skb);
3230 case HCI_EV_IO_CAPA_REQUEST:
3231 hci_io_capa_request_evt(hdev, skb);
3234 case HCI_EV_IO_CAPA_REPLY:
3235 hci_io_capa_reply_evt(hdev, skb);
3238 case HCI_EV_USER_CONFIRM_REQUEST:
3239 hci_user_confirm_request_evt(hdev, skb);
3242 case HCI_EV_USER_PASSKEY_REQUEST:
3243 hci_user_passkey_request_evt(hdev, skb);
3246 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3247 hci_simple_pair_complete_evt(hdev, skb);
3250 case HCI_EV_REMOTE_HOST_FEATURES:
3251 hci_remote_host_features_evt(hdev, skb);
3254 case HCI_EV_LE_META:
3255 hci_le_meta_evt(hdev, skb);
3258 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3259 hci_remote_oob_data_request_evt(hdev, skb);
3263 BT_DBG("%s event 0x%x", hdev->name, event);
3268 hdev->stat.evt_rx++;
3271 /* Generate internal stack event */
3272 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3274 struct hci_event_hdr *hdr;
3275 struct hci_ev_stack_internal *ev;
3276 struct sk_buff *skb;
3278 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3282 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3283 hdr->evt = HCI_EV_STACK_INTERNAL;
3284 hdr->plen = sizeof(*ev) + dlen;
3286 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3288 memcpy(ev->data, data, dlen);
3290 bt_cb(skb)->incoming = 1;
3291 __net_timestamp(skb);
3293 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
3294 skb->dev = (void *) hdev;
3295 hci_send_to_sock(hdev, skb, NULL);
3299 module_param(enable_le, bool, 0644);
3300 MODULE_PARM_DESC(enable_le, "Enable LE support");