2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
50 /* Handle HCI Event packets */
52 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
54 __u8 status = *((__u8 *) skb->data);
56 BT_DBG("%s status 0x%x", hdev->name, status);
61 clear_bit(HCI_INQUIRY, &hdev->flags);
63 mgmt_discovering(hdev->id, 0);
65 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
67 hci_conn_check_pending(hdev);
70 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
72 __u8 status = *((__u8 *) skb->data);
74 BT_DBG("%s status 0x%x", hdev->name, status);
79 hci_conn_check_pending(hdev);
82 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
84 BT_DBG("%s", hdev->name);
87 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
89 struct hci_rp_role_discovery *rp = (void *) skb->data;
90 struct hci_conn *conn;
92 BT_DBG("%s status 0x%x", hdev->name, rp->status);
99 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
102 conn->link_mode &= ~HCI_LM_MASTER;
104 conn->link_mode |= HCI_LM_MASTER;
107 hci_dev_unlock(hdev);
110 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
112 struct hci_rp_read_link_policy *rp = (void *) skb->data;
113 struct hci_conn *conn;
115 BT_DBG("%s status 0x%x", hdev->name, rp->status);
122 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
124 conn->link_policy = __le16_to_cpu(rp->policy);
126 hci_dev_unlock(hdev);
129 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
131 struct hci_rp_write_link_policy *rp = (void *) skb->data;
132 struct hci_conn *conn;
135 BT_DBG("%s status 0x%x", hdev->name, rp->status);
140 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
146 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
148 conn->link_policy = get_unaligned_le16(sent + 2);
150 hci_dev_unlock(hdev);
153 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
155 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
157 BT_DBG("%s status 0x%x", hdev->name, rp->status);
162 hdev->link_policy = __le16_to_cpu(rp->policy);
165 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
167 __u8 status = *((__u8 *) skb->data);
170 BT_DBG("%s status 0x%x", hdev->name, status);
172 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
177 hdev->link_policy = get_unaligned_le16(sent);
179 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
182 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
184 __u8 status = *((__u8 *) skb->data);
186 BT_DBG("%s status 0x%x", hdev->name, status);
188 clear_bit(HCI_RESET, &hdev->flags);
190 hci_req_complete(hdev, HCI_OP_RESET, status);
193 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
195 __u8 status = *((__u8 *) skb->data);
198 BT_DBG("%s status 0x%x", hdev->name, status);
200 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
204 if (test_bit(HCI_MGMT, &hdev->flags))
205 mgmt_set_local_name_complete(hdev->id, sent, status);
210 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
213 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
215 struct hci_rp_read_local_name *rp = (void *) skb->data;
217 BT_DBG("%s status 0x%x", hdev->name, rp->status);
222 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
225 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
227 __u8 status = *((__u8 *) skb->data);
230 BT_DBG("%s status 0x%x", hdev->name, status);
232 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
237 __u8 param = *((__u8 *) sent);
239 if (param == AUTH_ENABLED)
240 set_bit(HCI_AUTH, &hdev->flags);
242 clear_bit(HCI_AUTH, &hdev->flags);
245 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
248 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
250 __u8 status = *((__u8 *) skb->data);
253 BT_DBG("%s status 0x%x", hdev->name, status);
255 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
260 __u8 param = *((__u8 *) sent);
263 set_bit(HCI_ENCRYPT, &hdev->flags);
265 clear_bit(HCI_ENCRYPT, &hdev->flags);
268 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
271 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
273 __u8 param, status = *((__u8 *) skb->data);
274 int old_pscan, old_iscan;
277 BT_DBG("%s status 0x%x", hdev->name, status);
279 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
286 param = *((__u8 *) sent);
288 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
289 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
291 if (param & SCAN_INQUIRY) {
292 set_bit(HCI_ISCAN, &hdev->flags);
294 mgmt_discoverable(hdev->id, 1);
295 } else if (old_iscan)
296 mgmt_discoverable(hdev->id, 0);
298 if (param & SCAN_PAGE) {
299 set_bit(HCI_PSCAN, &hdev->flags);
301 mgmt_connectable(hdev->id, 1);
302 } else if (old_pscan)
303 mgmt_connectable(hdev->id, 0);
306 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
309 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
311 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
313 BT_DBG("%s status 0x%x", hdev->name, rp->status);
318 memcpy(hdev->dev_class, rp->dev_class, 3);
320 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
321 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
324 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
326 __u8 status = *((__u8 *) skb->data);
329 BT_DBG("%s status 0x%x", hdev->name, status);
334 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
338 memcpy(hdev->dev_class, sent, 3);
341 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
343 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
346 BT_DBG("%s status 0x%x", hdev->name, rp->status);
351 setting = __le16_to_cpu(rp->voice_setting);
353 if (hdev->voice_setting == setting)
356 hdev->voice_setting = setting;
358 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
361 tasklet_disable(&hdev->tx_task);
362 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
363 tasklet_enable(&hdev->tx_task);
367 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
369 __u8 status = *((__u8 *) skb->data);
373 BT_DBG("%s status 0x%x", hdev->name, status);
378 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
382 setting = get_unaligned_le16(sent);
384 if (hdev->voice_setting == setting)
387 hdev->voice_setting = setting;
389 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
392 tasklet_disable(&hdev->tx_task);
393 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
394 tasklet_enable(&hdev->tx_task);
398 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
400 __u8 status = *((__u8 *) skb->data);
402 BT_DBG("%s status 0x%x", hdev->name, status);
404 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
407 static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
409 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
411 BT_DBG("%s status 0x%x", hdev->name, rp->status);
416 hdev->ssp_mode = rp->mode;
419 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
421 __u8 status = *((__u8 *) skb->data);
424 BT_DBG("%s status 0x%x", hdev->name, status);
429 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
433 hdev->ssp_mode = *((__u8 *) sent);
436 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
438 if (hdev->features[6] & LMP_EXT_INQ)
441 if (hdev->features[3] & LMP_RSSI_INQ)
444 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
445 hdev->lmp_subver == 0x0757)
448 if (hdev->manufacturer == 15) {
449 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
451 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
453 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
457 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
458 hdev->lmp_subver == 0x1805)
464 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
468 mode = hci_get_inquiry_mode(hdev);
470 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
473 static void hci_setup_event_mask(struct hci_dev *hdev)
475 /* The second byte is 0xff instead of 0x9f (two reserved bits
476 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
477 * command otherwise */
478 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
480 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
481 * any event mask for pre 1.2 devices */
482 if (hdev->lmp_ver <= 1)
485 events[4] |= 0x01; /* Flow Specification Complete */
486 events[4] |= 0x02; /* Inquiry Result with RSSI */
487 events[4] |= 0x04; /* Read Remote Extended Features Complete */
488 events[5] |= 0x08; /* Synchronous Connection Complete */
489 events[5] |= 0x10; /* Synchronous Connection Changed */
491 if (hdev->features[3] & LMP_RSSI_INQ)
492 events[4] |= 0x04; /* Inquiry Result with RSSI */
494 if (hdev->features[5] & LMP_SNIFF_SUBR)
495 events[5] |= 0x20; /* Sniff Subrating */
497 if (hdev->features[5] & LMP_PAUSE_ENC)
498 events[5] |= 0x80; /* Encryption Key Refresh Complete */
500 if (hdev->features[6] & LMP_EXT_INQ)
501 events[5] |= 0x40; /* Extended Inquiry Result */
503 if (hdev->features[6] & LMP_NO_FLUSH)
504 events[7] |= 0x01; /* Enhanced Flush Complete */
506 if (hdev->features[7] & LMP_LSTO)
507 events[6] |= 0x80; /* Link Supervision Timeout Changed */
509 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
510 events[6] |= 0x01; /* IO Capability Request */
511 events[6] |= 0x02; /* IO Capability Response */
512 events[6] |= 0x04; /* User Confirmation Request */
513 events[6] |= 0x08; /* User Passkey Request */
514 events[6] |= 0x10; /* Remote OOB Data Request */
515 events[6] |= 0x20; /* Simple Pairing Complete */
516 events[7] |= 0x04; /* User Passkey Notification */
517 events[7] |= 0x08; /* Keypress Notification */
518 events[7] |= 0x10; /* Remote Host Supported
519 * Features Notification */
522 if (hdev->features[4] & LMP_LE)
523 events[7] |= 0x20; /* LE Meta-Event */
525 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
528 static void hci_set_le_support(struct hci_dev *hdev)
530 struct hci_cp_write_le_host_supported cp;
532 memset(&cp, 0, sizeof(cp));
536 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
539 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
542 static void hci_setup(struct hci_dev *hdev)
544 hci_setup_event_mask(hdev);
546 if (hdev->lmp_ver > 1)
547 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
549 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
551 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
554 if (hdev->features[3] & LMP_RSSI_INQ)
555 hci_setup_inquiry_mode(hdev);
557 if (hdev->features[7] & LMP_INQ_TX_PWR)
558 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
560 if (hdev->features[7] & LMP_EXTFEATURES) {
561 struct hci_cp_read_local_ext_features cp;
564 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
568 if (hdev->features[4] & LMP_LE)
569 hci_set_le_support(hdev);
572 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
574 struct hci_rp_read_local_version *rp = (void *) skb->data;
576 BT_DBG("%s status 0x%x", hdev->name, rp->status);
581 hdev->hci_ver = rp->hci_ver;
582 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
583 hdev->lmp_ver = rp->lmp_ver;
584 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
585 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
587 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
589 hdev->hci_ver, hdev->hci_rev);
591 if (test_bit(HCI_INIT, &hdev->flags))
595 static void hci_setup_link_policy(struct hci_dev *hdev)
599 if (hdev->features[0] & LMP_RSWITCH)
600 link_policy |= HCI_LP_RSWITCH;
601 if (hdev->features[0] & LMP_HOLD)
602 link_policy |= HCI_LP_HOLD;
603 if (hdev->features[0] & LMP_SNIFF)
604 link_policy |= HCI_LP_SNIFF;
605 if (hdev->features[1] & LMP_PARK)
606 link_policy |= HCI_LP_PARK;
608 link_policy = cpu_to_le16(link_policy);
609 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
610 sizeof(link_policy), &link_policy);
613 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
615 struct hci_rp_read_local_commands *rp = (void *) skb->data;
617 BT_DBG("%s status 0x%x", hdev->name, rp->status);
622 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
624 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
625 hci_setup_link_policy(hdev);
628 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
631 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
633 struct hci_rp_read_local_features *rp = (void *) skb->data;
635 BT_DBG("%s status 0x%x", hdev->name, rp->status);
640 memcpy(hdev->features, rp->features, 8);
642 /* Adjust default settings according to features
643 * supported by device. */
645 if (hdev->features[0] & LMP_3SLOT)
646 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
648 if (hdev->features[0] & LMP_5SLOT)
649 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
651 if (hdev->features[1] & LMP_HV2) {
652 hdev->pkt_type |= (HCI_HV2);
653 hdev->esco_type |= (ESCO_HV2);
656 if (hdev->features[1] & LMP_HV3) {
657 hdev->pkt_type |= (HCI_HV3);
658 hdev->esco_type |= (ESCO_HV3);
661 if (hdev->features[3] & LMP_ESCO)
662 hdev->esco_type |= (ESCO_EV3);
664 if (hdev->features[4] & LMP_EV4)
665 hdev->esco_type |= (ESCO_EV4);
667 if (hdev->features[4] & LMP_EV5)
668 hdev->esco_type |= (ESCO_EV5);
670 if (hdev->features[5] & LMP_EDR_ESCO_2M)
671 hdev->esco_type |= (ESCO_2EV3);
673 if (hdev->features[5] & LMP_EDR_ESCO_3M)
674 hdev->esco_type |= (ESCO_3EV3);
676 if (hdev->features[5] & LMP_EDR_3S_ESCO)
677 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
679 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
680 hdev->features[0], hdev->features[1],
681 hdev->features[2], hdev->features[3],
682 hdev->features[4], hdev->features[5],
683 hdev->features[6], hdev->features[7]);
686 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
689 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
691 BT_DBG("%s status 0x%x", hdev->name, rp->status);
696 memcpy(hdev->extfeatures, rp->features, 8);
698 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
701 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
703 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
705 BT_DBG("%s status 0x%x", hdev->name, rp->status);
710 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
711 hdev->sco_mtu = rp->sco_mtu;
712 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
713 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
715 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
720 hdev->acl_cnt = hdev->acl_pkts;
721 hdev->sco_cnt = hdev->sco_pkts;
723 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
724 hdev->acl_mtu, hdev->acl_pkts,
725 hdev->sco_mtu, hdev->sco_pkts);
728 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
730 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
732 BT_DBG("%s status 0x%x", hdev->name, rp->status);
735 bacpy(&hdev->bdaddr, &rp->bdaddr);
737 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
740 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
742 __u8 status = *((__u8 *) skb->data);
744 BT_DBG("%s status 0x%x", hdev->name, status);
746 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
749 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
752 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
754 BT_DBG("%s status 0x%x", hdev->name, rp->status);
759 hdev->amp_status = rp->amp_status;
760 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
761 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
762 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
763 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
764 hdev->amp_type = rp->amp_type;
765 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
766 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
767 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
768 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
770 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
773 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
776 __u8 status = *((__u8 *) skb->data);
778 BT_DBG("%s status 0x%x", hdev->name, status);
780 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
783 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
785 __u8 status = *((__u8 *) skb->data);
787 BT_DBG("%s status 0x%x", hdev->name, status);
789 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
792 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
795 __u8 status = *((__u8 *) skb->data);
797 BT_DBG("%s status 0x%x", hdev->name, status);
799 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
802 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
805 __u8 status = *((__u8 *) skb->data);
807 BT_DBG("%s status 0x%x", hdev->name, status);
809 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
812 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
814 __u8 status = *((__u8 *) skb->data);
816 BT_DBG("%s status 0x%x", hdev->name, status);
818 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
821 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
823 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
824 struct hci_cp_pin_code_reply *cp;
825 struct hci_conn *conn;
827 BT_DBG("%s status 0x%x", hdev->name, rp->status);
829 if (test_bit(HCI_MGMT, &hdev->flags))
830 mgmt_pin_code_reply_complete(hdev->id, &rp->bdaddr, rp->status);
835 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
839 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
841 conn->pin_length = cp->pin_len;
844 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
846 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
848 BT_DBG("%s status 0x%x", hdev->name, rp->status);
850 if (test_bit(HCI_MGMT, &hdev->flags))
851 mgmt_pin_code_neg_reply_complete(hdev->id, &rp->bdaddr,
854 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
857 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
859 BT_DBG("%s status 0x%x", hdev->name, rp->status);
864 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
865 hdev->le_pkts = rp->le_max_pkt;
867 hdev->le_cnt = hdev->le_pkts;
869 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
871 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
874 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
876 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
878 BT_DBG("%s status 0x%x", hdev->name, rp->status);
880 if (test_bit(HCI_MGMT, &hdev->flags))
881 mgmt_user_confirm_reply_complete(hdev->id, &rp->bdaddr,
885 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
888 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
890 BT_DBG("%s status 0x%x", hdev->name, rp->status);
892 if (test_bit(HCI_MGMT, &hdev->flags))
893 mgmt_user_confirm_neg_reply_complete(hdev->id, &rp->bdaddr,
897 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
900 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
902 BT_DBG("%s status 0x%x", hdev->name, rp->status);
904 mgmt_read_local_oob_data_reply_complete(hdev->id, rp->hash,
905 rp->randomizer, rp->status);
908 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
911 struct hci_cp_le_set_scan_enable *cp;
912 __u8 status = *((__u8 *) skb->data);
914 BT_DBG("%s status 0x%x", hdev->name, status);
919 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
923 if (cp->enable == 0x01) {
924 del_timer(&hdev->adv_timer);
927 hci_adv_entries_clear(hdev);
928 hci_dev_unlock(hdev);
929 } else if (cp->enable == 0x00) {
930 mod_timer(&hdev->adv_timer, jiffies + ADV_CLEAR_TIMEOUT);
934 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
936 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
938 BT_DBG("%s status 0x%x", hdev->name, rp->status);
943 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
946 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
948 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
950 BT_DBG("%s status 0x%x", hdev->name, rp->status);
955 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
958 static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
961 struct hci_cp_read_local_ext_features cp;
962 __u8 status = *((__u8 *) skb->data);
964 BT_DBG("%s status 0x%x", hdev->name, status);
970 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
973 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
975 BT_DBG("%s status 0x%x", hdev->name, status);
978 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
979 hci_conn_check_pending(hdev);
980 if (test_bit(HCI_MGMT, &hdev->flags))
981 mgmt_inquiry_failed(hdev->id, status);
985 set_bit(HCI_INQUIRY, &hdev->flags);
987 mgmt_discovering(hdev->id, 1);
990 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
992 struct hci_cp_create_conn *cp;
993 struct hci_conn *conn;
995 BT_DBG("%s status 0x%x", hdev->name, status);
997 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1003 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1005 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1008 if (conn && conn->state == BT_CONNECT) {
1009 if (status != 0x0c || conn->attempt > 2) {
1010 conn->state = BT_CLOSED;
1011 hci_proto_connect_cfm(conn, status);
1014 conn->state = BT_CONNECT2;
1018 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1021 conn->link_mode |= HCI_LM_MASTER;
1023 BT_ERR("No memory for new connection");
1027 hci_dev_unlock(hdev);
1030 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1032 struct hci_cp_add_sco *cp;
1033 struct hci_conn *acl, *sco;
1036 BT_DBG("%s status 0x%x", hdev->name, status);
1041 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1045 handle = __le16_to_cpu(cp->handle);
1047 BT_DBG("%s handle %d", hdev->name, handle);
1051 acl = hci_conn_hash_lookup_handle(hdev, handle);
1055 sco->state = BT_CLOSED;
1057 hci_proto_connect_cfm(sco, status);
1062 hci_dev_unlock(hdev);
1065 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1067 struct hci_cp_auth_requested *cp;
1068 struct hci_conn *conn;
1070 BT_DBG("%s status 0x%x", hdev->name, status);
1075 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1081 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1083 if (conn->state == BT_CONFIG) {
1084 hci_proto_connect_cfm(conn, status);
1089 hci_dev_unlock(hdev);
1092 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1094 struct hci_cp_set_conn_encrypt *cp;
1095 struct hci_conn *conn;
1097 BT_DBG("%s status 0x%x", hdev->name, status);
1102 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1108 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1110 if (conn->state == BT_CONFIG) {
1111 hci_proto_connect_cfm(conn, status);
1116 hci_dev_unlock(hdev);
1119 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1120 struct hci_conn *conn)
1122 if (conn->state != BT_CONFIG || !conn->out)
1125 if (conn->pending_sec_level == BT_SECURITY_SDP)
1128 /* Only request authentication for SSP connections or non-SSP
1129 * devices with sec_level HIGH or if MITM protection is requested */
1130 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
1131 conn->pending_sec_level != BT_SECURITY_HIGH &&
1132 !(conn->auth_type & 0x01))
1138 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1140 struct hci_cp_remote_name_req *cp;
1141 struct hci_conn *conn;
1143 BT_DBG("%s status 0x%x", hdev->name, status);
1145 /* If successful wait for the name req complete event before
1146 * checking for the need to do authentication */
1150 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1156 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1160 if (!hci_outgoing_auth_needed(hdev, conn))
1163 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1164 struct hci_cp_auth_requested cp;
1165 cp.handle = __cpu_to_le16(conn->handle);
1166 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1170 hci_dev_unlock(hdev);
1173 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1175 struct hci_cp_read_remote_features *cp;
1176 struct hci_conn *conn;
1178 BT_DBG("%s status 0x%x", hdev->name, status);
1183 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1189 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1191 if (conn->state == BT_CONFIG) {
1192 hci_proto_connect_cfm(conn, status);
1197 hci_dev_unlock(hdev);
1200 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1202 struct hci_cp_read_remote_ext_features *cp;
1203 struct hci_conn *conn;
1205 BT_DBG("%s status 0x%x", hdev->name, status);
1210 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1216 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1218 if (conn->state == BT_CONFIG) {
1219 hci_proto_connect_cfm(conn, status);
1224 hci_dev_unlock(hdev);
1227 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1229 struct hci_cp_setup_sync_conn *cp;
1230 struct hci_conn *acl, *sco;
1233 BT_DBG("%s status 0x%x", hdev->name, status);
1238 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1242 handle = __le16_to_cpu(cp->handle);
1244 BT_DBG("%s handle %d", hdev->name, handle);
1248 acl = hci_conn_hash_lookup_handle(hdev, handle);
1252 sco->state = BT_CLOSED;
1254 hci_proto_connect_cfm(sco, status);
1259 hci_dev_unlock(hdev);
1262 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1264 struct hci_cp_sniff_mode *cp;
1265 struct hci_conn *conn;
1267 BT_DBG("%s status 0x%x", hdev->name, status);
1272 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1278 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1280 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1282 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1283 hci_sco_setup(conn, status);
1286 hci_dev_unlock(hdev);
1289 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1291 struct hci_cp_exit_sniff_mode *cp;
1292 struct hci_conn *conn;
1294 BT_DBG("%s status 0x%x", hdev->name, status);
1299 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1305 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1307 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1309 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1310 hci_sco_setup(conn, status);
1313 hci_dev_unlock(hdev);
1316 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1318 struct hci_cp_le_create_conn *cp;
1319 struct hci_conn *conn;
1321 BT_DBG("%s status 0x%x", hdev->name, status);
1323 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1329 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1331 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1335 if (conn && conn->state == BT_CONNECT) {
1336 conn->state = BT_CLOSED;
1337 hci_proto_connect_cfm(conn, status);
1342 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1344 conn->dst_type = cp->peer_addr_type;
1347 BT_ERR("No memory for new connection");
1352 hci_dev_unlock(hdev);
1355 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1357 BT_DBG("%s status 0x%x", hdev->name, status);
1360 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1362 __u8 status = *((__u8 *) skb->data);
1364 BT_DBG("%s status %d", hdev->name, status);
1366 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1368 hci_conn_check_pending(hdev);
1370 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1373 mgmt_discovering(hdev->id, 0);
1376 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1378 struct inquiry_data data;
1379 struct inquiry_info *info = (void *) (skb->data + 1);
1380 int num_rsp = *((__u8 *) skb->data);
1382 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1389 for (; num_rsp; num_rsp--, info++) {
1390 bacpy(&data.bdaddr, &info->bdaddr);
1391 data.pscan_rep_mode = info->pscan_rep_mode;
1392 data.pscan_period_mode = info->pscan_period_mode;
1393 data.pscan_mode = info->pscan_mode;
1394 memcpy(data.dev_class, info->dev_class, 3);
1395 data.clock_offset = info->clock_offset;
1397 data.ssp_mode = 0x00;
1398 hci_inquiry_cache_update(hdev, &data);
1399 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class, 0,
1403 hci_dev_unlock(hdev);
1406 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1408 struct hci_ev_conn_complete *ev = (void *) skb->data;
1409 struct hci_conn *conn;
1411 BT_DBG("%s", hdev->name);
1415 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1417 if (ev->link_type != SCO_LINK)
1420 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1424 conn->type = SCO_LINK;
1428 conn->handle = __le16_to_cpu(ev->handle);
1430 if (conn->type == ACL_LINK) {
1431 conn->state = BT_CONFIG;
1432 hci_conn_hold(conn);
1433 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1434 mgmt_connected(hdev->id, &ev->bdaddr, conn->type);
1436 conn->state = BT_CONNECTED;
1438 hci_conn_hold_device(conn);
1439 hci_conn_add_sysfs(conn);
1441 if (test_bit(HCI_AUTH, &hdev->flags))
1442 conn->link_mode |= HCI_LM_AUTH;
1444 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1445 conn->link_mode |= HCI_LM_ENCRYPT;
1447 /* Get remote features */
1448 if (conn->type == ACL_LINK) {
1449 struct hci_cp_read_remote_features cp;
1450 cp.handle = ev->handle;
1451 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1455 /* Set packet type for incoming connection */
1456 if (!conn->out && hdev->hci_ver < 3) {
1457 struct hci_cp_change_conn_ptype cp;
1458 cp.handle = ev->handle;
1459 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1460 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1464 conn->state = BT_CLOSED;
1465 if (conn->type == ACL_LINK)
1466 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
1469 if (conn->type == ACL_LINK)
1470 hci_sco_setup(conn, ev->status);
1473 hci_proto_connect_cfm(conn, ev->status);
1475 } else if (ev->link_type != ACL_LINK)
1476 hci_proto_connect_cfm(conn, ev->status);
1479 hci_dev_unlock(hdev);
1481 hci_conn_check_pending(hdev);
1484 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1486 struct hci_ev_conn_request *ev = (void *) skb->data;
1487 int mask = hdev->link_mode;
1489 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1490 batostr(&ev->bdaddr), ev->link_type);
1492 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1494 if ((mask & HCI_LM_ACCEPT) &&
1495 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1496 /* Connection accepted */
1497 struct inquiry_entry *ie;
1498 struct hci_conn *conn;
1502 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1504 memcpy(ie->data.dev_class, ev->dev_class, 3);
1506 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1508 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1510 BT_ERR("No memory for new connection");
1511 hci_dev_unlock(hdev);
1516 memcpy(conn->dev_class, ev->dev_class, 3);
1517 conn->state = BT_CONNECT;
1519 hci_dev_unlock(hdev);
1521 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1522 struct hci_cp_accept_conn_req cp;
1524 bacpy(&cp.bdaddr, &ev->bdaddr);
1526 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1527 cp.role = 0x00; /* Become master */
1529 cp.role = 0x01; /* Remain slave */
1531 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1534 struct hci_cp_accept_sync_conn_req cp;
1536 bacpy(&cp.bdaddr, &ev->bdaddr);
1537 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1539 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1540 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1541 cp.max_latency = cpu_to_le16(0xffff);
1542 cp.content_format = cpu_to_le16(hdev->voice_setting);
1543 cp.retrans_effort = 0xff;
1545 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1549 /* Connection rejected */
1550 struct hci_cp_reject_conn_req cp;
1552 bacpy(&cp.bdaddr, &ev->bdaddr);
1553 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1554 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1558 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1560 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1561 struct hci_conn *conn;
1563 BT_DBG("%s status %d", hdev->name, ev->status);
1566 mgmt_disconnect_failed(hdev->id);
1572 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1576 conn->state = BT_CLOSED;
1578 if (conn->type == ACL_LINK || conn->type == LE_LINK)
1579 mgmt_disconnected(hdev->id, &conn->dst);
1581 hci_proto_disconn_cfm(conn, ev->reason);
1585 hci_dev_unlock(hdev);
1588 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1590 struct hci_ev_auth_complete *ev = (void *) skb->data;
1591 struct hci_conn *conn;
1593 BT_DBG("%s status %d", hdev->name, ev->status);
1597 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1602 if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) &&
1603 test_bit(HCI_CONN_REAUTH_PEND, &conn->pend)) {
1604 BT_INFO("re-auth of legacy device is not possible.");
1606 conn->link_mode |= HCI_LM_AUTH;
1607 conn->sec_level = conn->pending_sec_level;
1610 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
1613 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1614 clear_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
1616 if (conn->state == BT_CONFIG) {
1617 if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) {
1618 struct hci_cp_set_conn_encrypt cp;
1619 cp.handle = ev->handle;
1621 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1624 conn->state = BT_CONNECTED;
1625 hci_proto_connect_cfm(conn, ev->status);
1629 hci_auth_cfm(conn, ev->status);
1631 hci_conn_hold(conn);
1632 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1636 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1638 struct hci_cp_set_conn_encrypt cp;
1639 cp.handle = ev->handle;
1641 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1644 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1645 hci_encrypt_cfm(conn, ev->status, 0x00);
1650 hci_dev_unlock(hdev);
1653 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1655 struct hci_ev_remote_name *ev = (void *) skb->data;
1656 struct hci_conn *conn;
1658 BT_DBG("%s", hdev->name);
1660 hci_conn_check_pending(hdev);
1664 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
1665 mgmt_remote_name(hdev->id, &ev->bdaddr, ev->name);
1667 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1671 if (!hci_outgoing_auth_needed(hdev, conn))
1674 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1675 struct hci_cp_auth_requested cp;
1676 cp.handle = __cpu_to_le16(conn->handle);
1677 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1681 hci_dev_unlock(hdev);
1684 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1686 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1687 struct hci_conn *conn;
1689 BT_DBG("%s status %d", hdev->name, ev->status);
1693 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1697 /* Encryption implies authentication */
1698 conn->link_mode |= HCI_LM_AUTH;
1699 conn->link_mode |= HCI_LM_ENCRYPT;
1700 conn->sec_level = conn->pending_sec_level;
1702 conn->link_mode &= ~HCI_LM_ENCRYPT;
1705 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1707 if (conn->state == BT_CONFIG) {
1709 conn->state = BT_CONNECTED;
1711 hci_proto_connect_cfm(conn, ev->status);
1714 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1717 hci_dev_unlock(hdev);
1720 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1722 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1723 struct hci_conn *conn;
1725 BT_DBG("%s status %d", hdev->name, ev->status);
1729 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1732 conn->link_mode |= HCI_LM_SECURE;
1734 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1736 hci_key_change_cfm(conn, ev->status);
1739 hci_dev_unlock(hdev);
1742 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1744 struct hci_ev_remote_features *ev = (void *) skb->data;
1745 struct hci_conn *conn;
1747 BT_DBG("%s status %d", hdev->name, ev->status);
1751 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1756 memcpy(conn->features, ev->features, 8);
1758 if (conn->state != BT_CONFIG)
1761 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1762 struct hci_cp_read_remote_ext_features cp;
1763 cp.handle = ev->handle;
1765 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
1771 struct hci_cp_remote_name_req cp;
1772 memset(&cp, 0, sizeof(cp));
1773 bacpy(&cp.bdaddr, &conn->dst);
1774 cp.pscan_rep_mode = 0x02;
1775 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1778 if (!hci_outgoing_auth_needed(hdev, conn)) {
1779 conn->state = BT_CONNECTED;
1780 hci_proto_connect_cfm(conn, ev->status);
1785 hci_dev_unlock(hdev);
1788 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1790 BT_DBG("%s", hdev->name);
1793 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1795 BT_DBG("%s", hdev->name);
1798 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1800 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1803 skb_pull(skb, sizeof(*ev));
1805 opcode = __le16_to_cpu(ev->opcode);
1808 case HCI_OP_INQUIRY_CANCEL:
1809 hci_cc_inquiry_cancel(hdev, skb);
1812 case HCI_OP_EXIT_PERIODIC_INQ:
1813 hci_cc_exit_periodic_inq(hdev, skb);
1816 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1817 hci_cc_remote_name_req_cancel(hdev, skb);
1820 case HCI_OP_ROLE_DISCOVERY:
1821 hci_cc_role_discovery(hdev, skb);
1824 case HCI_OP_READ_LINK_POLICY:
1825 hci_cc_read_link_policy(hdev, skb);
1828 case HCI_OP_WRITE_LINK_POLICY:
1829 hci_cc_write_link_policy(hdev, skb);
1832 case HCI_OP_READ_DEF_LINK_POLICY:
1833 hci_cc_read_def_link_policy(hdev, skb);
1836 case HCI_OP_WRITE_DEF_LINK_POLICY:
1837 hci_cc_write_def_link_policy(hdev, skb);
1841 hci_cc_reset(hdev, skb);
1844 case HCI_OP_WRITE_LOCAL_NAME:
1845 hci_cc_write_local_name(hdev, skb);
1848 case HCI_OP_READ_LOCAL_NAME:
1849 hci_cc_read_local_name(hdev, skb);
1852 case HCI_OP_WRITE_AUTH_ENABLE:
1853 hci_cc_write_auth_enable(hdev, skb);
1856 case HCI_OP_WRITE_ENCRYPT_MODE:
1857 hci_cc_write_encrypt_mode(hdev, skb);
1860 case HCI_OP_WRITE_SCAN_ENABLE:
1861 hci_cc_write_scan_enable(hdev, skb);
1864 case HCI_OP_READ_CLASS_OF_DEV:
1865 hci_cc_read_class_of_dev(hdev, skb);
1868 case HCI_OP_WRITE_CLASS_OF_DEV:
1869 hci_cc_write_class_of_dev(hdev, skb);
1872 case HCI_OP_READ_VOICE_SETTING:
1873 hci_cc_read_voice_setting(hdev, skb);
1876 case HCI_OP_WRITE_VOICE_SETTING:
1877 hci_cc_write_voice_setting(hdev, skb);
1880 case HCI_OP_HOST_BUFFER_SIZE:
1881 hci_cc_host_buffer_size(hdev, skb);
1884 case HCI_OP_READ_SSP_MODE:
1885 hci_cc_read_ssp_mode(hdev, skb);
1888 case HCI_OP_WRITE_SSP_MODE:
1889 hci_cc_write_ssp_mode(hdev, skb);
1892 case HCI_OP_READ_LOCAL_VERSION:
1893 hci_cc_read_local_version(hdev, skb);
1896 case HCI_OP_READ_LOCAL_COMMANDS:
1897 hci_cc_read_local_commands(hdev, skb);
1900 case HCI_OP_READ_LOCAL_FEATURES:
1901 hci_cc_read_local_features(hdev, skb);
1904 case HCI_OP_READ_LOCAL_EXT_FEATURES:
1905 hci_cc_read_local_ext_features(hdev, skb);
1908 case HCI_OP_READ_BUFFER_SIZE:
1909 hci_cc_read_buffer_size(hdev, skb);
1912 case HCI_OP_READ_BD_ADDR:
1913 hci_cc_read_bd_addr(hdev, skb);
1916 case HCI_OP_WRITE_CA_TIMEOUT:
1917 hci_cc_write_ca_timeout(hdev, skb);
1920 case HCI_OP_READ_LOCAL_AMP_INFO:
1921 hci_cc_read_local_amp_info(hdev, skb);
1924 case HCI_OP_DELETE_STORED_LINK_KEY:
1925 hci_cc_delete_stored_link_key(hdev, skb);
1928 case HCI_OP_SET_EVENT_MASK:
1929 hci_cc_set_event_mask(hdev, skb);
1932 case HCI_OP_WRITE_INQUIRY_MODE:
1933 hci_cc_write_inquiry_mode(hdev, skb);
1936 case HCI_OP_READ_INQ_RSP_TX_POWER:
1937 hci_cc_read_inq_rsp_tx_power(hdev, skb);
1940 case HCI_OP_SET_EVENT_FLT:
1941 hci_cc_set_event_flt(hdev, skb);
1944 case HCI_OP_PIN_CODE_REPLY:
1945 hci_cc_pin_code_reply(hdev, skb);
1948 case HCI_OP_PIN_CODE_NEG_REPLY:
1949 hci_cc_pin_code_neg_reply(hdev, skb);
1952 case HCI_OP_READ_LOCAL_OOB_DATA:
1953 hci_cc_read_local_oob_data_reply(hdev, skb);
1956 case HCI_OP_LE_READ_BUFFER_SIZE:
1957 hci_cc_le_read_buffer_size(hdev, skb);
1960 case HCI_OP_USER_CONFIRM_REPLY:
1961 hci_cc_user_confirm_reply(hdev, skb);
1964 case HCI_OP_USER_CONFIRM_NEG_REPLY:
1965 hci_cc_user_confirm_neg_reply(hdev, skb);
1968 case HCI_OP_LE_SET_SCAN_ENABLE:
1969 hci_cc_le_set_scan_enable(hdev, skb);
1972 case HCI_OP_LE_LTK_REPLY:
1973 hci_cc_le_ltk_reply(hdev, skb);
1976 case HCI_OP_LE_LTK_NEG_REPLY:
1977 hci_cc_le_ltk_neg_reply(hdev, skb);
1980 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
1981 hci_cc_write_le_host_supported(hdev, skb);
1985 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1989 if (ev->opcode != HCI_OP_NOP)
1990 del_timer(&hdev->cmd_timer);
1993 atomic_set(&hdev->cmd_cnt, 1);
1994 if (!skb_queue_empty(&hdev->cmd_q))
1995 tasklet_schedule(&hdev->cmd_task);
1999 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2001 struct hci_ev_cmd_status *ev = (void *) skb->data;
2004 skb_pull(skb, sizeof(*ev));
2006 opcode = __le16_to_cpu(ev->opcode);
2009 case HCI_OP_INQUIRY:
2010 hci_cs_inquiry(hdev, ev->status);
2013 case HCI_OP_CREATE_CONN:
2014 hci_cs_create_conn(hdev, ev->status);
2017 case HCI_OP_ADD_SCO:
2018 hci_cs_add_sco(hdev, ev->status);
2021 case HCI_OP_AUTH_REQUESTED:
2022 hci_cs_auth_requested(hdev, ev->status);
2025 case HCI_OP_SET_CONN_ENCRYPT:
2026 hci_cs_set_conn_encrypt(hdev, ev->status);
2029 case HCI_OP_REMOTE_NAME_REQ:
2030 hci_cs_remote_name_req(hdev, ev->status);
2033 case HCI_OP_READ_REMOTE_FEATURES:
2034 hci_cs_read_remote_features(hdev, ev->status);
2037 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2038 hci_cs_read_remote_ext_features(hdev, ev->status);
2041 case HCI_OP_SETUP_SYNC_CONN:
2042 hci_cs_setup_sync_conn(hdev, ev->status);
2045 case HCI_OP_SNIFF_MODE:
2046 hci_cs_sniff_mode(hdev, ev->status);
2049 case HCI_OP_EXIT_SNIFF_MODE:
2050 hci_cs_exit_sniff_mode(hdev, ev->status);
2053 case HCI_OP_DISCONNECT:
2054 if (ev->status != 0)
2055 mgmt_disconnect_failed(hdev->id);
2058 case HCI_OP_LE_CREATE_CONN:
2059 hci_cs_le_create_conn(hdev, ev->status);
2062 case HCI_OP_LE_START_ENC:
2063 hci_cs_le_start_enc(hdev, ev->status);
2067 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2071 if (ev->opcode != HCI_OP_NOP)
2072 del_timer(&hdev->cmd_timer);
2074 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2075 atomic_set(&hdev->cmd_cnt, 1);
2076 if (!skb_queue_empty(&hdev->cmd_q))
2077 tasklet_schedule(&hdev->cmd_task);
2081 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2083 struct hci_ev_role_change *ev = (void *) skb->data;
2084 struct hci_conn *conn;
2086 BT_DBG("%s status %d", hdev->name, ev->status);
2090 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2094 conn->link_mode &= ~HCI_LM_MASTER;
2096 conn->link_mode |= HCI_LM_MASTER;
2099 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
2101 hci_role_switch_cfm(conn, ev->status, ev->role);
2104 hci_dev_unlock(hdev);
2107 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2109 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2113 skb_pull(skb, sizeof(*ev));
2115 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2117 if (skb->len < ev->num_hndl * 4) {
2118 BT_DBG("%s bad parameters", hdev->name);
2122 tasklet_disable(&hdev->tx_task);
2124 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
2125 struct hci_conn *conn;
2126 __u16 handle, count;
2128 handle = get_unaligned_le16(ptr++);
2129 count = get_unaligned_le16(ptr++);
2131 conn = hci_conn_hash_lookup_handle(hdev, handle);
2133 conn->sent -= count;
2135 if (conn->type == ACL_LINK) {
2136 hdev->acl_cnt += count;
2137 if (hdev->acl_cnt > hdev->acl_pkts)
2138 hdev->acl_cnt = hdev->acl_pkts;
2139 } else if (conn->type == LE_LINK) {
2140 if (hdev->le_pkts) {
2141 hdev->le_cnt += count;
2142 if (hdev->le_cnt > hdev->le_pkts)
2143 hdev->le_cnt = hdev->le_pkts;
2145 hdev->acl_cnt += count;
2146 if (hdev->acl_cnt > hdev->acl_pkts)
2147 hdev->acl_cnt = hdev->acl_pkts;
2150 hdev->sco_cnt += count;
2151 if (hdev->sco_cnt > hdev->sco_pkts)
2152 hdev->sco_cnt = hdev->sco_pkts;
2157 tasklet_schedule(&hdev->tx_task);
2159 tasklet_enable(&hdev->tx_task);
2162 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2164 struct hci_ev_mode_change *ev = (void *) skb->data;
2165 struct hci_conn *conn;
2167 BT_DBG("%s status %d", hdev->name, ev->status);
2171 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2173 conn->mode = ev->mode;
2174 conn->interval = __le16_to_cpu(ev->interval);
2176 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2177 if (conn->mode == HCI_CM_ACTIVE)
2178 conn->power_save = 1;
2180 conn->power_save = 0;
2183 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2184 hci_sco_setup(conn, ev->status);
2187 hci_dev_unlock(hdev);
2190 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2192 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2193 struct hci_conn *conn;
2195 BT_DBG("%s", hdev->name);
2199 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2203 if (conn->state == BT_CONNECTED) {
2204 hci_conn_hold(conn);
2205 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2209 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2210 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2211 sizeof(ev->bdaddr), &ev->bdaddr);
2212 else if (test_bit(HCI_MGMT, &hdev->flags)) {
2215 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2220 mgmt_pin_code_request(hdev->id, &ev->bdaddr, secure);
2224 hci_dev_unlock(hdev);
2227 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2229 struct hci_ev_link_key_req *ev = (void *) skb->data;
2230 struct hci_cp_link_key_reply cp;
2231 struct hci_conn *conn;
2232 struct link_key *key;
2234 BT_DBG("%s", hdev->name);
2236 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2241 key = hci_find_link_key(hdev, &ev->bdaddr);
2243 BT_DBG("%s link key not found for %s", hdev->name,
2244 batostr(&ev->bdaddr));
2248 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2249 batostr(&ev->bdaddr));
2251 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2252 key->type == HCI_LK_DEBUG_COMBINATION) {
2253 BT_DBG("%s ignoring debug key", hdev->name);
2257 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2259 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2260 conn->auth_type != 0xff &&
2261 (conn->auth_type & 0x01)) {
2262 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2266 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2267 conn->pending_sec_level == BT_SECURITY_HIGH) {
2268 BT_DBG("%s ignoring key unauthenticated for high \
2269 security", hdev->name);
2273 conn->key_type = key->type;
2274 conn->pin_length = key->pin_len;
2277 bacpy(&cp.bdaddr, &ev->bdaddr);
2278 memcpy(cp.link_key, key->val, 16);
2280 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2282 hci_dev_unlock(hdev);
2287 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2288 hci_dev_unlock(hdev);
2291 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2293 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2294 struct hci_conn *conn;
2297 BT_DBG("%s", hdev->name);
2301 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2303 hci_conn_hold(conn);
2304 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2305 pin_len = conn->pin_length;
2307 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2308 conn->key_type = ev->key_type;
2313 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
2314 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2315 ev->key_type, pin_len);
2317 hci_dev_unlock(hdev);
2320 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2322 struct hci_ev_clock_offset *ev = (void *) skb->data;
2323 struct hci_conn *conn;
2325 BT_DBG("%s status %d", hdev->name, ev->status);
2329 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2330 if (conn && !ev->status) {
2331 struct inquiry_entry *ie;
2333 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2335 ie->data.clock_offset = ev->clock_offset;
2336 ie->timestamp = jiffies;
2340 hci_dev_unlock(hdev);
2343 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2345 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2346 struct hci_conn *conn;
2348 BT_DBG("%s status %d", hdev->name, ev->status);
2352 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2353 if (conn && !ev->status)
2354 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2356 hci_dev_unlock(hdev);
2359 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2361 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2362 struct inquiry_entry *ie;
2364 BT_DBG("%s", hdev->name);
2368 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2370 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2371 ie->timestamp = jiffies;
2374 hci_dev_unlock(hdev);
2377 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2379 struct inquiry_data data;
2380 int num_rsp = *((__u8 *) skb->data);
2382 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2389 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2390 struct inquiry_info_with_rssi_and_pscan_mode *info;
2391 info = (void *) (skb->data + 1);
2393 for (; num_rsp; num_rsp--, info++) {
2394 bacpy(&data.bdaddr, &info->bdaddr);
2395 data.pscan_rep_mode = info->pscan_rep_mode;
2396 data.pscan_period_mode = info->pscan_period_mode;
2397 data.pscan_mode = info->pscan_mode;
2398 memcpy(data.dev_class, info->dev_class, 3);
2399 data.clock_offset = info->clock_offset;
2400 data.rssi = info->rssi;
2401 data.ssp_mode = 0x00;
2402 hci_inquiry_cache_update(hdev, &data);
2403 mgmt_device_found(hdev->id, &info->bdaddr,
2404 info->dev_class, info->rssi,
2408 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2410 for (; num_rsp; num_rsp--, info++) {
2411 bacpy(&data.bdaddr, &info->bdaddr);
2412 data.pscan_rep_mode = info->pscan_rep_mode;
2413 data.pscan_period_mode = info->pscan_period_mode;
2414 data.pscan_mode = 0x00;
2415 memcpy(data.dev_class, info->dev_class, 3);
2416 data.clock_offset = info->clock_offset;
2417 data.rssi = info->rssi;
2418 data.ssp_mode = 0x00;
2419 hci_inquiry_cache_update(hdev, &data);
2420 mgmt_device_found(hdev->id, &info->bdaddr,
2421 info->dev_class, info->rssi,
2426 hci_dev_unlock(hdev);
2429 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2431 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2432 struct hci_conn *conn;
2434 BT_DBG("%s", hdev->name);
2438 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2442 if (!ev->status && ev->page == 0x01) {
2443 struct inquiry_entry *ie;
2445 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2447 ie->data.ssp_mode = (ev->features[0] & 0x01);
2449 conn->ssp_mode = (ev->features[0] & 0x01);
2452 if (conn->state != BT_CONFIG)
2456 struct hci_cp_remote_name_req cp;
2457 memset(&cp, 0, sizeof(cp));
2458 bacpy(&cp.bdaddr, &conn->dst);
2459 cp.pscan_rep_mode = 0x02;
2460 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2463 if (!hci_outgoing_auth_needed(hdev, conn)) {
2464 conn->state = BT_CONNECTED;
2465 hci_proto_connect_cfm(conn, ev->status);
2470 hci_dev_unlock(hdev);
2473 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2475 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2476 struct hci_conn *conn;
2478 BT_DBG("%s status %d", hdev->name, ev->status);
2482 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2484 if (ev->link_type == ESCO_LINK)
2487 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2491 conn->type = SCO_LINK;
2494 switch (ev->status) {
2496 conn->handle = __le16_to_cpu(ev->handle);
2497 conn->state = BT_CONNECTED;
2499 hci_conn_hold_device(conn);
2500 hci_conn_add_sysfs(conn);
2503 case 0x11: /* Unsupported Feature or Parameter Value */
2504 case 0x1c: /* SCO interval rejected */
2505 case 0x1a: /* Unsupported Remote Feature */
2506 case 0x1f: /* Unspecified error */
2507 if (conn->out && conn->attempt < 2) {
2508 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2509 (hdev->esco_type & EDR_ESCO_MASK);
2510 hci_setup_sync(conn, conn->link->handle);
2516 conn->state = BT_CLOSED;
2520 hci_proto_connect_cfm(conn, ev->status);
2525 hci_dev_unlock(hdev);
2528 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2530 BT_DBG("%s", hdev->name);
2533 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2535 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2537 BT_DBG("%s status %d", hdev->name, ev->status);
2540 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2542 struct inquiry_data data;
2543 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2544 int num_rsp = *((__u8 *) skb->data);
2546 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2553 for (; num_rsp; num_rsp--, info++) {
2554 bacpy(&data.bdaddr, &info->bdaddr);
2555 data.pscan_rep_mode = info->pscan_rep_mode;
2556 data.pscan_period_mode = info->pscan_period_mode;
2557 data.pscan_mode = 0x00;
2558 memcpy(data.dev_class, info->dev_class, 3);
2559 data.clock_offset = info->clock_offset;
2560 data.rssi = info->rssi;
2561 data.ssp_mode = 0x01;
2562 hci_inquiry_cache_update(hdev, &data);
2563 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class,
2564 info->rssi, info->data);
2567 hci_dev_unlock(hdev);
2570 static inline u8 hci_get_auth_req(struct hci_conn *conn)
2572 /* If remote requests dedicated bonding follow that lead */
2573 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2574 /* If both remote and local IO capabilities allow MITM
2575 * protection then require it, otherwise don't */
2576 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2582 /* If remote requests no-bonding follow that lead */
2583 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
2584 return conn->remote_auth | (conn->auth_type & 0x01);
2586 return conn->auth_type;
2589 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2591 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2592 struct hci_conn *conn;
2594 BT_DBG("%s", hdev->name);
2598 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2602 hci_conn_hold(conn);
2604 if (!test_bit(HCI_MGMT, &hdev->flags))
2607 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2608 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
2609 struct hci_cp_io_capability_reply cp;
2611 bacpy(&cp.bdaddr, &ev->bdaddr);
2612 cp.capability = conn->io_capability;
2613 conn->auth_type = hci_get_auth_req(conn);
2614 cp.authentication = conn->auth_type;
2616 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2617 hci_find_remote_oob_data(hdev, &conn->dst))
2622 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2625 struct hci_cp_io_capability_neg_reply cp;
2627 bacpy(&cp.bdaddr, &ev->bdaddr);
2628 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
2630 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2635 hci_dev_unlock(hdev);
2638 static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2640 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2641 struct hci_conn *conn;
2643 BT_DBG("%s", hdev->name);
2647 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2651 conn->remote_cap = ev->capability;
2652 conn->remote_oob = ev->oob_data;
2653 conn->remote_auth = ev->authentication;
2656 hci_dev_unlock(hdev);
2659 static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2660 struct sk_buff *skb)
2662 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
2663 int loc_mitm, rem_mitm, confirm_hint = 0;
2664 struct hci_conn *conn;
2666 BT_DBG("%s", hdev->name);
2670 if (!test_bit(HCI_MGMT, &hdev->flags))
2673 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2677 loc_mitm = (conn->auth_type & 0x01);
2678 rem_mitm = (conn->remote_auth & 0x01);
2680 /* If we require MITM but the remote device can't provide that
2681 * (it has NoInputNoOutput) then reject the confirmation
2682 * request. The only exception is when we're dedicated bonding
2683 * initiators (connect_cfm_cb set) since then we always have the MITM
2685 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2686 BT_DBG("Rejecting request: remote device can't provide MITM");
2687 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2688 sizeof(ev->bdaddr), &ev->bdaddr);
2692 /* If no side requires MITM protection; auto-accept */
2693 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2694 (!rem_mitm || conn->io_capability == 0x03)) {
2696 /* If we're not the initiators request authorization to
2697 * proceed from user space (mgmt_user_confirm with
2698 * confirm_hint set to 1). */
2699 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2700 BT_DBG("Confirming auto-accept as acceptor");
2705 BT_DBG("Auto-accept of user confirmation with %ums delay",
2706 hdev->auto_accept_delay);
2708 if (hdev->auto_accept_delay > 0) {
2709 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2710 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2714 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2715 sizeof(ev->bdaddr), &ev->bdaddr);
2720 mgmt_user_confirm_request(hdev->id, &ev->bdaddr, ev->passkey,
2724 hci_dev_unlock(hdev);
2727 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2729 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2730 struct hci_conn *conn;
2732 BT_DBG("%s", hdev->name);
2736 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2740 /* To avoid duplicate auth_failed events to user space we check
2741 * the HCI_CONN_AUTH_PEND flag which will be set if we
2742 * initiated the authentication. A traditional auth_complete
2743 * event gets always produced as initiator and is also mapped to
2744 * the mgmt_auth_failed event */
2745 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
2746 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
2751 hci_dev_unlock(hdev);
2754 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2756 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2757 struct inquiry_entry *ie;
2759 BT_DBG("%s", hdev->name);
2763 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2765 ie->data.ssp_mode = (ev->features[0] & 0x01);
2767 hci_dev_unlock(hdev);
2770 static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2771 struct sk_buff *skb)
2773 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2774 struct oob_data *data;
2776 BT_DBG("%s", hdev->name);
2780 if (!test_bit(HCI_MGMT, &hdev->flags))
2783 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2785 struct hci_cp_remote_oob_data_reply cp;
2787 bacpy(&cp.bdaddr, &ev->bdaddr);
2788 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2789 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2791 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2794 struct hci_cp_remote_oob_data_neg_reply cp;
2796 bacpy(&cp.bdaddr, &ev->bdaddr);
2797 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2802 hci_dev_unlock(hdev);
2805 static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2807 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2808 struct hci_conn *conn;
2810 BT_DBG("%s status %d", hdev->name, ev->status);
2814 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
2816 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2818 BT_ERR("No memory for new connection");
2819 hci_dev_unlock(hdev);
2823 conn->dst_type = ev->bdaddr_type;
2827 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
2828 hci_proto_connect_cfm(conn, ev->status);
2829 conn->state = BT_CLOSED;
2834 mgmt_connected(hdev->id, &ev->bdaddr, conn->type);
2836 conn->sec_level = BT_SECURITY_LOW;
2837 conn->handle = __le16_to_cpu(ev->handle);
2838 conn->state = BT_CONNECTED;
2840 hci_conn_hold_device(conn);
2841 hci_conn_add_sysfs(conn);
2843 hci_proto_connect_cfm(conn, ev->status);
2846 hci_dev_unlock(hdev);
2849 static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
2850 struct sk_buff *skb)
2852 u8 num_reports = skb->data[0];
2853 void *ptr = &skb->data[1];
2857 while (num_reports--) {
2858 struct hci_ev_le_advertising_info *ev = ptr;
2860 hci_add_adv_entry(hdev, ev);
2862 ptr += sizeof(*ev) + ev->length + 1;
2865 hci_dev_unlock(hdev);
2868 static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
2869 struct sk_buff *skb)
2871 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
2872 struct hci_cp_le_ltk_reply cp;
2873 struct hci_cp_le_ltk_neg_reply neg;
2874 struct hci_conn *conn;
2875 struct link_key *ltk;
2877 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
2881 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2885 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
2889 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
2890 cp.handle = cpu_to_le16(conn->handle);
2891 conn->pin_length = ltk->pin_len;
2893 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
2895 hci_dev_unlock(hdev);
2900 neg.handle = ev->handle;
2901 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
2902 hci_dev_unlock(hdev);
2905 static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
2907 struct hci_ev_le_meta *le_ev = (void *) skb->data;
2909 skb_pull(skb, sizeof(*le_ev));
2911 switch (le_ev->subevent) {
2912 case HCI_EV_LE_CONN_COMPLETE:
2913 hci_le_conn_complete_evt(hdev, skb);
2916 case HCI_EV_LE_ADVERTISING_REPORT:
2917 hci_le_adv_report_evt(hdev, skb);
2920 case HCI_EV_LE_LTK_REQ:
2921 hci_le_ltk_request_evt(hdev, skb);
2929 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
2931 struct hci_event_hdr *hdr = (void *) skb->data;
2932 __u8 event = hdr->evt;
2934 skb_pull(skb, HCI_EVENT_HDR_SIZE);
2937 case HCI_EV_INQUIRY_COMPLETE:
2938 hci_inquiry_complete_evt(hdev, skb);
2941 case HCI_EV_INQUIRY_RESULT:
2942 hci_inquiry_result_evt(hdev, skb);
2945 case HCI_EV_CONN_COMPLETE:
2946 hci_conn_complete_evt(hdev, skb);
2949 case HCI_EV_CONN_REQUEST:
2950 hci_conn_request_evt(hdev, skb);
2953 case HCI_EV_DISCONN_COMPLETE:
2954 hci_disconn_complete_evt(hdev, skb);
2957 case HCI_EV_AUTH_COMPLETE:
2958 hci_auth_complete_evt(hdev, skb);
2961 case HCI_EV_REMOTE_NAME:
2962 hci_remote_name_evt(hdev, skb);
2965 case HCI_EV_ENCRYPT_CHANGE:
2966 hci_encrypt_change_evt(hdev, skb);
2969 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
2970 hci_change_link_key_complete_evt(hdev, skb);
2973 case HCI_EV_REMOTE_FEATURES:
2974 hci_remote_features_evt(hdev, skb);
2977 case HCI_EV_REMOTE_VERSION:
2978 hci_remote_version_evt(hdev, skb);
2981 case HCI_EV_QOS_SETUP_COMPLETE:
2982 hci_qos_setup_complete_evt(hdev, skb);
2985 case HCI_EV_CMD_COMPLETE:
2986 hci_cmd_complete_evt(hdev, skb);
2989 case HCI_EV_CMD_STATUS:
2990 hci_cmd_status_evt(hdev, skb);
2993 case HCI_EV_ROLE_CHANGE:
2994 hci_role_change_evt(hdev, skb);
2997 case HCI_EV_NUM_COMP_PKTS:
2998 hci_num_comp_pkts_evt(hdev, skb);
3001 case HCI_EV_MODE_CHANGE:
3002 hci_mode_change_evt(hdev, skb);
3005 case HCI_EV_PIN_CODE_REQ:
3006 hci_pin_code_request_evt(hdev, skb);
3009 case HCI_EV_LINK_KEY_REQ:
3010 hci_link_key_request_evt(hdev, skb);
3013 case HCI_EV_LINK_KEY_NOTIFY:
3014 hci_link_key_notify_evt(hdev, skb);
3017 case HCI_EV_CLOCK_OFFSET:
3018 hci_clock_offset_evt(hdev, skb);
3021 case HCI_EV_PKT_TYPE_CHANGE:
3022 hci_pkt_type_change_evt(hdev, skb);
3025 case HCI_EV_PSCAN_REP_MODE:
3026 hci_pscan_rep_mode_evt(hdev, skb);
3029 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3030 hci_inquiry_result_with_rssi_evt(hdev, skb);
3033 case HCI_EV_REMOTE_EXT_FEATURES:
3034 hci_remote_ext_features_evt(hdev, skb);
3037 case HCI_EV_SYNC_CONN_COMPLETE:
3038 hci_sync_conn_complete_evt(hdev, skb);
3041 case HCI_EV_SYNC_CONN_CHANGED:
3042 hci_sync_conn_changed_evt(hdev, skb);
3045 case HCI_EV_SNIFF_SUBRATE:
3046 hci_sniff_subrate_evt(hdev, skb);
3049 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3050 hci_extended_inquiry_result_evt(hdev, skb);
3053 case HCI_EV_IO_CAPA_REQUEST:
3054 hci_io_capa_request_evt(hdev, skb);
3057 case HCI_EV_IO_CAPA_REPLY:
3058 hci_io_capa_reply_evt(hdev, skb);
3061 case HCI_EV_USER_CONFIRM_REQUEST:
3062 hci_user_confirm_request_evt(hdev, skb);
3065 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3066 hci_simple_pair_complete_evt(hdev, skb);
3069 case HCI_EV_REMOTE_HOST_FEATURES:
3070 hci_remote_host_features_evt(hdev, skb);
3073 case HCI_EV_LE_META:
3074 hci_le_meta_evt(hdev, skb);
3077 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3078 hci_remote_oob_data_request_evt(hdev, skb);
3082 BT_DBG("%s event 0x%x", hdev->name, event);
3087 hdev->stat.evt_rx++;
3090 /* Generate internal stack event */
3091 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3093 struct hci_event_hdr *hdr;
3094 struct hci_ev_stack_internal *ev;
3095 struct sk_buff *skb;
3097 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3101 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3102 hdr->evt = HCI_EV_STACK_INTERNAL;
3103 hdr->plen = sizeof(*ev) + dlen;
3105 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3107 memcpy(ev->data, data, dlen);
3109 bt_cb(skb)->incoming = 1;
3110 __net_timestamp(skb);
3112 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
3113 skb->dev = (void *) hdev;
3114 hci_send_to_sock(hdev, skb, NULL);
3118 module_param(enable_le, bool, 0644);
3119 MODULE_PARM_DESC(enable_le, "Enable LE support");
projects / linux-flexiantxendom0-3.2.10.git / blob