2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
50 /* Handle HCI Event packets */
52 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
54 __u8 status = *((__u8 *) skb->data);
56 BT_DBG("%s status 0x%x", hdev->name, status);
60 mgmt_stop_discovery_failed(hdev, status);
65 clear_bit(HCI_INQUIRY, &hdev->flags);
68 mgmt_discovering(hdev, 0);
71 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
73 hci_conn_check_pending(hdev);
76 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
78 __u8 status = *((__u8 *) skb->data);
80 BT_DBG("%s status 0x%x", hdev->name, status);
85 hci_conn_check_pending(hdev);
88 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
90 BT_DBG("%s", hdev->name);
93 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
98 BT_DBG("%s status 0x%x", hdev->name, rp->status);
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
108 conn->link_mode &= ~HCI_LM_MASTER;
110 conn->link_mode |= HCI_LM_MASTER;
113 hci_dev_unlock(hdev);
116 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
121 BT_DBG("%s status 0x%x", hdev->name, rp->status);
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
130 conn->link_policy = __le16_to_cpu(rp->policy);
132 hci_dev_unlock(hdev);
135 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
138 struct hci_conn *conn;
141 BT_DBG("%s status 0x%x", hdev->name, rp->status);
146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
154 conn->link_policy = get_unaligned_le16(sent + 2);
156 hci_dev_unlock(hdev);
159 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
161 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
163 BT_DBG("%s status 0x%x", hdev->name, rp->status);
168 hdev->link_policy = __le16_to_cpu(rp->policy);
171 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
173 __u8 status = *((__u8 *) skb->data);
176 BT_DBG("%s status 0x%x", hdev->name, status);
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
183 hdev->link_policy = get_unaligned_le16(sent);
185 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
188 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
190 __u8 status = *((__u8 *) skb->data);
192 BT_DBG("%s status 0x%x", hdev->name, status);
194 clear_bit(HCI_RESET, &hdev->flags);
196 hci_req_complete(hdev, HCI_OP_RESET, status);
201 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
203 __u8 status = *((__u8 *) skb->data);
206 BT_DBG("%s status 0x%x", hdev->name, status);
208 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
214 if (test_bit(HCI_MGMT, &hdev->flags))
215 mgmt_set_local_name_complete(hdev, sent, status);
218 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
220 hci_dev_unlock(hdev);
223 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
225 struct hci_rp_read_local_name *rp = (void *) skb->data;
227 BT_DBG("%s status 0x%x", hdev->name, rp->status);
232 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
235 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
237 __u8 status = *((__u8 *) skb->data);
240 BT_DBG("%s status 0x%x", hdev->name, status);
242 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
247 __u8 param = *((__u8 *) sent);
249 if (param == AUTH_ENABLED)
250 set_bit(HCI_AUTH, &hdev->flags);
252 clear_bit(HCI_AUTH, &hdev->flags);
255 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
258 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
260 __u8 status = *((__u8 *) skb->data);
263 BT_DBG("%s status 0x%x", hdev->name, status);
265 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
270 __u8 param = *((__u8 *) sent);
273 set_bit(HCI_ENCRYPT, &hdev->flags);
275 clear_bit(HCI_ENCRYPT, &hdev->flags);
278 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
281 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
283 __u8 param, status = *((__u8 *) skb->data);
284 int old_pscan, old_iscan;
287 BT_DBG("%s status 0x%x", hdev->name, status);
289 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
293 param = *((__u8 *) sent);
298 mgmt_write_scan_failed(hdev, param, status);
299 hdev->discov_timeout = 0;
303 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
304 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
306 if (param & SCAN_INQUIRY) {
307 set_bit(HCI_ISCAN, &hdev->flags);
309 mgmt_discoverable(hdev, 1);
310 if (hdev->discov_timeout > 0) {
311 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
312 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
315 } else if (old_iscan)
316 mgmt_discoverable(hdev, 0);
318 if (param & SCAN_PAGE) {
319 set_bit(HCI_PSCAN, &hdev->flags);
321 mgmt_connectable(hdev, 1);
322 } else if (old_pscan)
323 mgmt_connectable(hdev, 0);
326 hci_dev_unlock(hdev);
327 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
330 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
332 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
334 BT_DBG("%s status 0x%x", hdev->name, rp->status);
339 memcpy(hdev->dev_class, rp->dev_class, 3);
341 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
342 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
345 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
347 __u8 status = *((__u8 *) skb->data);
350 BT_DBG("%s status 0x%x", hdev->name, status);
355 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
359 memcpy(hdev->dev_class, sent, 3);
362 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
364 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
367 BT_DBG("%s status 0x%x", hdev->name, rp->status);
372 setting = __le16_to_cpu(rp->voice_setting);
374 if (hdev->voice_setting == setting)
377 hdev->voice_setting = setting;
379 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
382 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
385 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
387 __u8 status = *((__u8 *) skb->data);
391 BT_DBG("%s status 0x%x", hdev->name, status);
396 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
400 setting = get_unaligned_le16(sent);
402 if (hdev->voice_setting == setting)
405 hdev->voice_setting = setting;
407 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
410 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
413 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
415 __u8 status = *((__u8 *) skb->data);
417 BT_DBG("%s status 0x%x", hdev->name, status);
419 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
422 static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
424 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
426 BT_DBG("%s status 0x%x", hdev->name, rp->status);
431 hdev->ssp_mode = rp->mode;
434 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
436 __u8 status = *((__u8 *) skb->data);
439 BT_DBG("%s status 0x%x", hdev->name, status);
444 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
448 hdev->ssp_mode = *((__u8 *) sent);
451 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
453 if (hdev->features[6] & LMP_EXT_INQ)
456 if (hdev->features[3] & LMP_RSSI_INQ)
459 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
460 hdev->lmp_subver == 0x0757)
463 if (hdev->manufacturer == 15) {
464 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
466 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
468 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
472 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
473 hdev->lmp_subver == 0x1805)
479 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
483 mode = hci_get_inquiry_mode(hdev);
485 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
488 static void hci_setup_event_mask(struct hci_dev *hdev)
490 /* The second byte is 0xff instead of 0x9f (two reserved bits
491 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
492 * command otherwise */
493 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
495 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
496 * any event mask for pre 1.2 devices */
497 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
500 events[4] |= 0x01; /* Flow Specification Complete */
501 events[4] |= 0x02; /* Inquiry Result with RSSI */
502 events[4] |= 0x04; /* Read Remote Extended Features Complete */
503 events[5] |= 0x08; /* Synchronous Connection Complete */
504 events[5] |= 0x10; /* Synchronous Connection Changed */
506 if (hdev->features[3] & LMP_RSSI_INQ)
507 events[4] |= 0x04; /* Inquiry Result with RSSI */
509 if (hdev->features[5] & LMP_SNIFF_SUBR)
510 events[5] |= 0x20; /* Sniff Subrating */
512 if (hdev->features[5] & LMP_PAUSE_ENC)
513 events[5] |= 0x80; /* Encryption Key Refresh Complete */
515 if (hdev->features[6] & LMP_EXT_INQ)
516 events[5] |= 0x40; /* Extended Inquiry Result */
518 if (hdev->features[6] & LMP_NO_FLUSH)
519 events[7] |= 0x01; /* Enhanced Flush Complete */
521 if (hdev->features[7] & LMP_LSTO)
522 events[6] |= 0x80; /* Link Supervision Timeout Changed */
524 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
525 events[6] |= 0x01; /* IO Capability Request */
526 events[6] |= 0x02; /* IO Capability Response */
527 events[6] |= 0x04; /* User Confirmation Request */
528 events[6] |= 0x08; /* User Passkey Request */
529 events[6] |= 0x10; /* Remote OOB Data Request */
530 events[6] |= 0x20; /* Simple Pairing Complete */
531 events[7] |= 0x04; /* User Passkey Notification */
532 events[7] |= 0x08; /* Keypress Notification */
533 events[7] |= 0x10; /* Remote Host Supported
534 * Features Notification */
537 if (hdev->features[4] & LMP_LE)
538 events[7] |= 0x20; /* LE Meta-Event */
540 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
543 static void hci_set_le_support(struct hci_dev *hdev)
545 struct hci_cp_write_le_host_supported cp;
547 memset(&cp, 0, sizeof(cp));
551 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
554 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
557 static void hci_setup(struct hci_dev *hdev)
559 hci_setup_event_mask(hdev);
561 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
562 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
564 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
566 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
569 if (hdev->features[3] & LMP_RSSI_INQ)
570 hci_setup_inquiry_mode(hdev);
572 if (hdev->features[7] & LMP_INQ_TX_PWR)
573 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
575 if (hdev->features[7] & LMP_EXTFEATURES) {
576 struct hci_cp_read_local_ext_features cp;
579 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
583 if (hdev->features[4] & LMP_LE)
584 hci_set_le_support(hdev);
587 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
589 struct hci_rp_read_local_version *rp = (void *) skb->data;
591 BT_DBG("%s status 0x%x", hdev->name, rp->status);
596 hdev->hci_ver = rp->hci_ver;
597 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
598 hdev->lmp_ver = rp->lmp_ver;
599 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
600 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
602 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
604 hdev->hci_ver, hdev->hci_rev);
606 if (test_bit(HCI_INIT, &hdev->flags))
610 static void hci_setup_link_policy(struct hci_dev *hdev)
614 if (hdev->features[0] & LMP_RSWITCH)
615 link_policy |= HCI_LP_RSWITCH;
616 if (hdev->features[0] & LMP_HOLD)
617 link_policy |= HCI_LP_HOLD;
618 if (hdev->features[0] & LMP_SNIFF)
619 link_policy |= HCI_LP_SNIFF;
620 if (hdev->features[1] & LMP_PARK)
621 link_policy |= HCI_LP_PARK;
623 link_policy = cpu_to_le16(link_policy);
624 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
625 sizeof(link_policy), &link_policy);
628 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
630 struct hci_rp_read_local_commands *rp = (void *) skb->data;
632 BT_DBG("%s status 0x%x", hdev->name, rp->status);
637 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
639 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
640 hci_setup_link_policy(hdev);
643 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
646 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
648 struct hci_rp_read_local_features *rp = (void *) skb->data;
650 BT_DBG("%s status 0x%x", hdev->name, rp->status);
655 memcpy(hdev->features, rp->features, 8);
657 /* Adjust default settings according to features
658 * supported by device. */
660 if (hdev->features[0] & LMP_3SLOT)
661 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
663 if (hdev->features[0] & LMP_5SLOT)
664 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
666 if (hdev->features[1] & LMP_HV2) {
667 hdev->pkt_type |= (HCI_HV2);
668 hdev->esco_type |= (ESCO_HV2);
671 if (hdev->features[1] & LMP_HV3) {
672 hdev->pkt_type |= (HCI_HV3);
673 hdev->esco_type |= (ESCO_HV3);
676 if (hdev->features[3] & LMP_ESCO)
677 hdev->esco_type |= (ESCO_EV3);
679 if (hdev->features[4] & LMP_EV4)
680 hdev->esco_type |= (ESCO_EV4);
682 if (hdev->features[4] & LMP_EV5)
683 hdev->esco_type |= (ESCO_EV5);
685 if (hdev->features[5] & LMP_EDR_ESCO_2M)
686 hdev->esco_type |= (ESCO_2EV3);
688 if (hdev->features[5] & LMP_EDR_ESCO_3M)
689 hdev->esco_type |= (ESCO_3EV3);
691 if (hdev->features[5] & LMP_EDR_3S_ESCO)
692 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
694 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
695 hdev->features[0], hdev->features[1],
696 hdev->features[2], hdev->features[3],
697 hdev->features[4], hdev->features[5],
698 hdev->features[6], hdev->features[7]);
701 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
704 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
706 BT_DBG("%s status 0x%x", hdev->name, rp->status);
711 memcpy(hdev->extfeatures, rp->features, 8);
713 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
716 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
719 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
721 BT_DBG("%s status 0x%x", hdev->name, rp->status);
726 hdev->flow_ctl_mode = rp->mode;
728 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
731 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
733 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
735 BT_DBG("%s status 0x%x", hdev->name, rp->status);
740 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
741 hdev->sco_mtu = rp->sco_mtu;
742 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
743 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
745 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
750 hdev->acl_cnt = hdev->acl_pkts;
751 hdev->sco_cnt = hdev->sco_pkts;
753 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
754 hdev->acl_mtu, hdev->acl_pkts,
755 hdev->sco_mtu, hdev->sco_pkts);
758 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
760 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
762 BT_DBG("%s status 0x%x", hdev->name, rp->status);
765 bacpy(&hdev->bdaddr, &rp->bdaddr);
767 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
770 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
772 __u8 status = *((__u8 *) skb->data);
774 BT_DBG("%s status 0x%x", hdev->name, status);
776 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
779 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
782 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
784 BT_DBG("%s status 0x%x", hdev->name, rp->status);
789 hdev->amp_status = rp->amp_status;
790 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
791 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
792 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
793 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
794 hdev->amp_type = rp->amp_type;
795 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
796 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
797 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
798 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
800 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
803 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
806 __u8 status = *((__u8 *) skb->data);
808 BT_DBG("%s status 0x%x", hdev->name, status);
810 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
813 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
815 __u8 status = *((__u8 *) skb->data);
817 BT_DBG("%s status 0x%x", hdev->name, status);
819 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
822 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
825 __u8 status = *((__u8 *) skb->data);
827 BT_DBG("%s status 0x%x", hdev->name, status);
829 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
832 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
835 __u8 status = *((__u8 *) skb->data);
837 BT_DBG("%s status 0x%x", hdev->name, status);
839 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
842 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
844 __u8 status = *((__u8 *) skb->data);
846 BT_DBG("%s status 0x%x", hdev->name, status);
848 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
851 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
853 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
854 struct hci_cp_pin_code_reply *cp;
855 struct hci_conn *conn;
857 BT_DBG("%s status 0x%x", hdev->name, rp->status);
861 if (test_bit(HCI_MGMT, &hdev->flags))
862 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
867 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
871 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
873 conn->pin_length = cp->pin_len;
876 hci_dev_unlock(hdev);
879 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
881 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
883 BT_DBG("%s status 0x%x", hdev->name, rp->status);
887 if (test_bit(HCI_MGMT, &hdev->flags))
888 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
891 hci_dev_unlock(hdev);
894 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
897 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
899 BT_DBG("%s status 0x%x", hdev->name, rp->status);
904 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
905 hdev->le_pkts = rp->le_max_pkt;
907 hdev->le_cnt = hdev->le_pkts;
909 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
911 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
914 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
916 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
918 BT_DBG("%s status 0x%x", hdev->name, rp->status);
922 if (test_bit(HCI_MGMT, &hdev->flags))
923 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr,
926 hci_dev_unlock(hdev);
929 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
932 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
934 BT_DBG("%s status 0x%x", hdev->name, rp->status);
938 if (test_bit(HCI_MGMT, &hdev->flags))
939 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
942 hci_dev_unlock(hdev);
945 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
947 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
949 BT_DBG("%s status 0x%x", hdev->name, rp->status);
953 if (test_bit(HCI_MGMT, &hdev->flags))
954 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr,
957 hci_dev_unlock(hdev);
960 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
963 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
965 BT_DBG("%s status 0x%x", hdev->name, rp->status);
969 if (test_bit(HCI_MGMT, &hdev->flags))
970 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
973 hci_dev_unlock(hdev);
976 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
979 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
981 BT_DBG("%s status 0x%x", hdev->name, rp->status);
984 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
985 rp->randomizer, rp->status);
986 hci_dev_unlock(hdev);
989 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
991 __u8 status = *((__u8 *) skb->data);
993 BT_DBG("%s status 0x%x", hdev->name, status);
996 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
999 struct hci_cp_le_set_scan_enable *cp;
1000 __u8 status = *((__u8 *) skb->data);
1002 BT_DBG("%s status 0x%x", hdev->name, status);
1007 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1011 if (cp->enable == 0x01) {
1012 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1014 cancel_delayed_work_sync(&hdev->adv_work);
1017 hci_adv_entries_clear(hdev);
1018 hci_dev_unlock(hdev);
1019 } else if (cp->enable == 0x00) {
1020 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1022 cancel_delayed_work_sync(&hdev->adv_work);
1023 queue_delayed_work(hdev->workqueue, &hdev->adv_work,
1024 jiffies + ADV_CLEAR_TIMEOUT);
1028 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1030 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1032 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1037 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1040 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1042 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1044 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1049 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1052 static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1053 struct sk_buff *skb)
1055 struct hci_cp_read_local_ext_features cp;
1056 __u8 status = *((__u8 *) skb->data);
1058 BT_DBG("%s status 0x%x", hdev->name, status);
1064 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
1067 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1069 BT_DBG("%s status 0x%x", hdev->name, status);
1072 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1073 hci_conn_check_pending(hdev);
1075 if (test_bit(HCI_MGMT, &hdev->flags))
1076 mgmt_start_discovery_failed(hdev, status);
1077 hci_dev_unlock(hdev);
1081 set_bit(HCI_INQUIRY, &hdev->flags);
1084 mgmt_discovering(hdev, 1);
1085 hci_dev_unlock(hdev);
1088 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1090 struct hci_cp_create_conn *cp;
1091 struct hci_conn *conn;
1093 BT_DBG("%s status 0x%x", hdev->name, status);
1095 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1101 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1103 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1106 if (conn && conn->state == BT_CONNECT) {
1107 if (status != 0x0c || conn->attempt > 2) {
1108 conn->state = BT_CLOSED;
1109 hci_proto_connect_cfm(conn, status);
1112 conn->state = BT_CONNECT2;
1116 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1119 conn->link_mode |= HCI_LM_MASTER;
1121 BT_ERR("No memory for new connection");
1125 hci_dev_unlock(hdev);
1128 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1130 struct hci_cp_add_sco *cp;
1131 struct hci_conn *acl, *sco;
1134 BT_DBG("%s status 0x%x", hdev->name, status);
1139 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1143 handle = __le16_to_cpu(cp->handle);
1145 BT_DBG("%s handle %d", hdev->name, handle);
1149 acl = hci_conn_hash_lookup_handle(hdev, handle);
1153 sco->state = BT_CLOSED;
1155 hci_proto_connect_cfm(sco, status);
1160 hci_dev_unlock(hdev);
1163 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1165 struct hci_cp_auth_requested *cp;
1166 struct hci_conn *conn;
1168 BT_DBG("%s status 0x%x", hdev->name, status);
1173 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1179 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1181 if (conn->state == BT_CONFIG) {
1182 hci_proto_connect_cfm(conn, status);
1187 hci_dev_unlock(hdev);
1190 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1192 struct hci_cp_set_conn_encrypt *cp;
1193 struct hci_conn *conn;
1195 BT_DBG("%s status 0x%x", hdev->name, status);
1200 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1206 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1208 if (conn->state == BT_CONFIG) {
1209 hci_proto_connect_cfm(conn, status);
1214 hci_dev_unlock(hdev);
1217 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1218 struct hci_conn *conn)
1220 if (conn->state != BT_CONFIG || !conn->out)
1223 if (conn->pending_sec_level == BT_SECURITY_SDP)
1226 /* Only request authentication for SSP connections or non-SSP
1227 * devices with sec_level HIGH or if MITM protection is requested */
1228 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
1229 conn->pending_sec_level != BT_SECURITY_HIGH &&
1230 !(conn->auth_type & 0x01))
1236 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1238 struct hci_cp_remote_name_req *cp;
1239 struct hci_conn *conn;
1241 BT_DBG("%s status 0x%x", hdev->name, status);
1243 /* If successful wait for the name req complete event before
1244 * checking for the need to do authentication */
1248 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1254 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1258 if (!hci_outgoing_auth_needed(hdev, conn))
1261 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1262 struct hci_cp_auth_requested cp;
1263 cp.handle = __cpu_to_le16(conn->handle);
1264 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1268 hci_dev_unlock(hdev);
1271 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1273 struct hci_cp_read_remote_features *cp;
1274 struct hci_conn *conn;
1276 BT_DBG("%s status 0x%x", hdev->name, status);
1281 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1287 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1289 if (conn->state == BT_CONFIG) {
1290 hci_proto_connect_cfm(conn, status);
1295 hci_dev_unlock(hdev);
1298 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1300 struct hci_cp_read_remote_ext_features *cp;
1301 struct hci_conn *conn;
1303 BT_DBG("%s status 0x%x", hdev->name, status);
1308 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1314 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1316 if (conn->state == BT_CONFIG) {
1317 hci_proto_connect_cfm(conn, status);
1322 hci_dev_unlock(hdev);
1325 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1327 struct hci_cp_setup_sync_conn *cp;
1328 struct hci_conn *acl, *sco;
1331 BT_DBG("%s status 0x%x", hdev->name, status);
1336 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1340 handle = __le16_to_cpu(cp->handle);
1342 BT_DBG("%s handle %d", hdev->name, handle);
1346 acl = hci_conn_hash_lookup_handle(hdev, handle);
1350 sco->state = BT_CLOSED;
1352 hci_proto_connect_cfm(sco, status);
1357 hci_dev_unlock(hdev);
1360 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1362 struct hci_cp_sniff_mode *cp;
1363 struct hci_conn *conn;
1365 BT_DBG("%s status 0x%x", hdev->name, status);
1370 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1376 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1378 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1380 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1381 hci_sco_setup(conn, status);
1384 hci_dev_unlock(hdev);
1387 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1389 struct hci_cp_exit_sniff_mode *cp;
1390 struct hci_conn *conn;
1392 BT_DBG("%s status 0x%x", hdev->name, status);
1397 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1403 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1405 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1407 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1408 hci_sco_setup(conn, status);
1411 hci_dev_unlock(hdev);
1414 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1416 struct hci_cp_le_create_conn *cp;
1417 struct hci_conn *conn;
1419 BT_DBG("%s status 0x%x", hdev->name, status);
1421 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1427 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1429 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1433 if (conn && conn->state == BT_CONNECT) {
1434 conn->state = BT_CLOSED;
1435 hci_proto_connect_cfm(conn, status);
1440 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1442 conn->dst_type = cp->peer_addr_type;
1445 BT_ERR("No memory for new connection");
1450 hci_dev_unlock(hdev);
1453 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1455 BT_DBG("%s status 0x%x", hdev->name, status);
1458 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1460 __u8 status = *((__u8 *) skb->data);
1462 BT_DBG("%s status %d", hdev->name, status);
1464 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1466 hci_conn_check_pending(hdev);
1468 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1472 mgmt_discovering(hdev, 0);
1473 hci_dev_unlock(hdev);
1476 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1478 struct inquiry_data data;
1479 struct inquiry_info *info = (void *) (skb->data + 1);
1480 int num_rsp = *((__u8 *) skb->data);
1482 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1489 for (; num_rsp; num_rsp--, info++) {
1490 bacpy(&data.bdaddr, &info->bdaddr);
1491 data.pscan_rep_mode = info->pscan_rep_mode;
1492 data.pscan_period_mode = info->pscan_period_mode;
1493 data.pscan_mode = info->pscan_mode;
1494 memcpy(data.dev_class, info->dev_class, 3);
1495 data.clock_offset = info->clock_offset;
1497 data.ssp_mode = 0x00;
1498 hci_inquiry_cache_update(hdev, &data);
1499 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1500 info->dev_class, 0, NULL);
1503 hci_dev_unlock(hdev);
1506 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1508 struct hci_ev_conn_complete *ev = (void *) skb->data;
1509 struct hci_conn *conn;
1511 BT_DBG("%s", hdev->name);
1515 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1517 if (ev->link_type != SCO_LINK)
1520 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1524 conn->type = SCO_LINK;
1528 conn->handle = __le16_to_cpu(ev->handle);
1530 if (conn->type == ACL_LINK) {
1531 conn->state = BT_CONFIG;
1532 hci_conn_hold(conn);
1533 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1534 mgmt_connected(hdev, &ev->bdaddr, conn->type,
1537 conn->state = BT_CONNECTED;
1539 hci_conn_hold_device(conn);
1540 hci_conn_add_sysfs(conn);
1542 if (test_bit(HCI_AUTH, &hdev->flags))
1543 conn->link_mode |= HCI_LM_AUTH;
1545 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1546 conn->link_mode |= HCI_LM_ENCRYPT;
1548 /* Get remote features */
1549 if (conn->type == ACL_LINK) {
1550 struct hci_cp_read_remote_features cp;
1551 cp.handle = ev->handle;
1552 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1556 /* Set packet type for incoming connection */
1557 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1558 struct hci_cp_change_conn_ptype cp;
1559 cp.handle = ev->handle;
1560 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1561 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1565 conn->state = BT_CLOSED;
1566 if (conn->type == ACL_LINK)
1567 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1568 conn->dst_type, ev->status);
1571 if (conn->type == ACL_LINK)
1572 hci_sco_setup(conn, ev->status);
1575 hci_proto_connect_cfm(conn, ev->status);
1577 } else if (ev->link_type != ACL_LINK)
1578 hci_proto_connect_cfm(conn, ev->status);
1581 hci_dev_unlock(hdev);
1583 hci_conn_check_pending(hdev);
1586 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1588 struct hci_ev_conn_request *ev = (void *) skb->data;
1589 int mask = hdev->link_mode;
1591 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1592 batostr(&ev->bdaddr), ev->link_type);
1594 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1596 if ((mask & HCI_LM_ACCEPT) &&
1597 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1598 /* Connection accepted */
1599 struct inquiry_entry *ie;
1600 struct hci_conn *conn;
1604 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1606 memcpy(ie->data.dev_class, ev->dev_class, 3);
1608 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1610 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1612 BT_ERR("No memory for new connection");
1613 hci_dev_unlock(hdev);
1618 memcpy(conn->dev_class, ev->dev_class, 3);
1619 conn->state = BT_CONNECT;
1621 hci_dev_unlock(hdev);
1623 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1624 struct hci_cp_accept_conn_req cp;
1626 bacpy(&cp.bdaddr, &ev->bdaddr);
1628 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1629 cp.role = 0x00; /* Become master */
1631 cp.role = 0x01; /* Remain slave */
1633 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1636 struct hci_cp_accept_sync_conn_req cp;
1638 bacpy(&cp.bdaddr, &ev->bdaddr);
1639 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1641 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1642 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1643 cp.max_latency = cpu_to_le16(0xffff);
1644 cp.content_format = cpu_to_le16(hdev->voice_setting);
1645 cp.retrans_effort = 0xff;
1647 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1651 /* Connection rejected */
1652 struct hci_cp_reject_conn_req cp;
1654 bacpy(&cp.bdaddr, &ev->bdaddr);
1655 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1656 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1660 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1662 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1663 struct hci_conn *conn;
1665 BT_DBG("%s status %d", hdev->name, ev->status);
1669 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1673 if (ev->status == 0)
1674 conn->state = BT_CLOSED;
1676 if (conn->type == ACL_LINK || conn->type == LE_LINK) {
1677 if (ev->status != 0)
1678 mgmt_disconnect_failed(hdev, &conn->dst, ev->status);
1680 mgmt_disconnected(hdev, &conn->dst, conn->type,
1684 if (ev->status == 0) {
1685 hci_proto_disconn_cfm(conn, ev->reason);
1690 hci_dev_unlock(hdev);
1693 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1695 struct hci_ev_auth_complete *ev = (void *) skb->data;
1696 struct hci_conn *conn;
1698 BT_DBG("%s status %d", hdev->name, ev->status);
1702 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1707 if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) &&
1708 test_bit(HCI_CONN_REAUTH_PEND, &conn->pend)) {
1709 BT_INFO("re-auth of legacy device is not possible.");
1711 conn->link_mode |= HCI_LM_AUTH;
1712 conn->sec_level = conn->pending_sec_level;
1715 mgmt_auth_failed(hdev, &conn->dst, ev->status);
1718 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1719 clear_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
1721 if (conn->state == BT_CONFIG) {
1722 if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) {
1723 struct hci_cp_set_conn_encrypt cp;
1724 cp.handle = ev->handle;
1726 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1729 conn->state = BT_CONNECTED;
1730 hci_proto_connect_cfm(conn, ev->status);
1734 hci_auth_cfm(conn, ev->status);
1736 hci_conn_hold(conn);
1737 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1741 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1743 struct hci_cp_set_conn_encrypt cp;
1744 cp.handle = ev->handle;
1746 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1749 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1750 hci_encrypt_cfm(conn, ev->status, 0x00);
1755 hci_dev_unlock(hdev);
1758 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1760 struct hci_ev_remote_name *ev = (void *) skb->data;
1761 struct hci_conn *conn;
1763 BT_DBG("%s", hdev->name);
1765 hci_conn_check_pending(hdev);
1769 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
1770 mgmt_remote_name(hdev, &ev->bdaddr, ev->name);
1772 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1776 if (!hci_outgoing_auth_needed(hdev, conn))
1779 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1780 struct hci_cp_auth_requested cp;
1781 cp.handle = __cpu_to_le16(conn->handle);
1782 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1786 hci_dev_unlock(hdev);
1789 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1791 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1792 struct hci_conn *conn;
1794 BT_DBG("%s status %d", hdev->name, ev->status);
1798 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1802 /* Encryption implies authentication */
1803 conn->link_mode |= HCI_LM_AUTH;
1804 conn->link_mode |= HCI_LM_ENCRYPT;
1805 conn->sec_level = conn->pending_sec_level;
1807 conn->link_mode &= ~HCI_LM_ENCRYPT;
1810 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1812 if (conn->state == BT_CONFIG) {
1814 conn->state = BT_CONNECTED;
1816 hci_proto_connect_cfm(conn, ev->status);
1819 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1822 hci_dev_unlock(hdev);
1825 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1827 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1828 struct hci_conn *conn;
1830 BT_DBG("%s status %d", hdev->name, ev->status);
1834 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1837 conn->link_mode |= HCI_LM_SECURE;
1839 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1841 hci_key_change_cfm(conn, ev->status);
1844 hci_dev_unlock(hdev);
1847 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1849 struct hci_ev_remote_features *ev = (void *) skb->data;
1850 struct hci_conn *conn;
1852 BT_DBG("%s status %d", hdev->name, ev->status);
1856 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1861 memcpy(conn->features, ev->features, 8);
1863 if (conn->state != BT_CONFIG)
1866 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1867 struct hci_cp_read_remote_ext_features cp;
1868 cp.handle = ev->handle;
1870 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
1876 struct hci_cp_remote_name_req cp;
1877 memset(&cp, 0, sizeof(cp));
1878 bacpy(&cp.bdaddr, &conn->dst);
1879 cp.pscan_rep_mode = 0x02;
1880 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1883 if (!hci_outgoing_auth_needed(hdev, conn)) {
1884 conn->state = BT_CONNECTED;
1885 hci_proto_connect_cfm(conn, ev->status);
1890 hci_dev_unlock(hdev);
1893 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1895 BT_DBG("%s", hdev->name);
1898 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1900 BT_DBG("%s", hdev->name);
1903 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1905 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1908 skb_pull(skb, sizeof(*ev));
1910 opcode = __le16_to_cpu(ev->opcode);
1913 case HCI_OP_INQUIRY_CANCEL:
1914 hci_cc_inquiry_cancel(hdev, skb);
1917 case HCI_OP_EXIT_PERIODIC_INQ:
1918 hci_cc_exit_periodic_inq(hdev, skb);
1921 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1922 hci_cc_remote_name_req_cancel(hdev, skb);
1925 case HCI_OP_ROLE_DISCOVERY:
1926 hci_cc_role_discovery(hdev, skb);
1929 case HCI_OP_READ_LINK_POLICY:
1930 hci_cc_read_link_policy(hdev, skb);
1933 case HCI_OP_WRITE_LINK_POLICY:
1934 hci_cc_write_link_policy(hdev, skb);
1937 case HCI_OP_READ_DEF_LINK_POLICY:
1938 hci_cc_read_def_link_policy(hdev, skb);
1941 case HCI_OP_WRITE_DEF_LINK_POLICY:
1942 hci_cc_write_def_link_policy(hdev, skb);
1946 hci_cc_reset(hdev, skb);
1949 case HCI_OP_WRITE_LOCAL_NAME:
1950 hci_cc_write_local_name(hdev, skb);
1953 case HCI_OP_READ_LOCAL_NAME:
1954 hci_cc_read_local_name(hdev, skb);
1957 case HCI_OP_WRITE_AUTH_ENABLE:
1958 hci_cc_write_auth_enable(hdev, skb);
1961 case HCI_OP_WRITE_ENCRYPT_MODE:
1962 hci_cc_write_encrypt_mode(hdev, skb);
1965 case HCI_OP_WRITE_SCAN_ENABLE:
1966 hci_cc_write_scan_enable(hdev, skb);
1969 case HCI_OP_READ_CLASS_OF_DEV:
1970 hci_cc_read_class_of_dev(hdev, skb);
1973 case HCI_OP_WRITE_CLASS_OF_DEV:
1974 hci_cc_write_class_of_dev(hdev, skb);
1977 case HCI_OP_READ_VOICE_SETTING:
1978 hci_cc_read_voice_setting(hdev, skb);
1981 case HCI_OP_WRITE_VOICE_SETTING:
1982 hci_cc_write_voice_setting(hdev, skb);
1985 case HCI_OP_HOST_BUFFER_SIZE:
1986 hci_cc_host_buffer_size(hdev, skb);
1989 case HCI_OP_READ_SSP_MODE:
1990 hci_cc_read_ssp_mode(hdev, skb);
1993 case HCI_OP_WRITE_SSP_MODE:
1994 hci_cc_write_ssp_mode(hdev, skb);
1997 case HCI_OP_READ_LOCAL_VERSION:
1998 hci_cc_read_local_version(hdev, skb);
2001 case HCI_OP_READ_LOCAL_COMMANDS:
2002 hci_cc_read_local_commands(hdev, skb);
2005 case HCI_OP_READ_LOCAL_FEATURES:
2006 hci_cc_read_local_features(hdev, skb);
2009 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2010 hci_cc_read_local_ext_features(hdev, skb);
2013 case HCI_OP_READ_BUFFER_SIZE:
2014 hci_cc_read_buffer_size(hdev, skb);
2017 case HCI_OP_READ_BD_ADDR:
2018 hci_cc_read_bd_addr(hdev, skb);
2021 case HCI_OP_WRITE_CA_TIMEOUT:
2022 hci_cc_write_ca_timeout(hdev, skb);
2025 case HCI_OP_READ_FLOW_CONTROL_MODE:
2026 hci_cc_read_flow_control_mode(hdev, skb);
2029 case HCI_OP_READ_LOCAL_AMP_INFO:
2030 hci_cc_read_local_amp_info(hdev, skb);
2033 case HCI_OP_DELETE_STORED_LINK_KEY:
2034 hci_cc_delete_stored_link_key(hdev, skb);
2037 case HCI_OP_SET_EVENT_MASK:
2038 hci_cc_set_event_mask(hdev, skb);
2041 case HCI_OP_WRITE_INQUIRY_MODE:
2042 hci_cc_write_inquiry_mode(hdev, skb);
2045 case HCI_OP_READ_INQ_RSP_TX_POWER:
2046 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2049 case HCI_OP_SET_EVENT_FLT:
2050 hci_cc_set_event_flt(hdev, skb);
2053 case HCI_OP_PIN_CODE_REPLY:
2054 hci_cc_pin_code_reply(hdev, skb);
2057 case HCI_OP_PIN_CODE_NEG_REPLY:
2058 hci_cc_pin_code_neg_reply(hdev, skb);
2061 case HCI_OP_READ_LOCAL_OOB_DATA:
2062 hci_cc_read_local_oob_data_reply(hdev, skb);
2065 case HCI_OP_LE_READ_BUFFER_SIZE:
2066 hci_cc_le_read_buffer_size(hdev, skb);
2069 case HCI_OP_USER_CONFIRM_REPLY:
2070 hci_cc_user_confirm_reply(hdev, skb);
2073 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2074 hci_cc_user_confirm_neg_reply(hdev, skb);
2077 case HCI_OP_USER_PASSKEY_REPLY:
2078 hci_cc_user_passkey_reply(hdev, skb);
2081 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2082 hci_cc_user_passkey_neg_reply(hdev, skb);
2084 case HCI_OP_LE_SET_SCAN_PARAM:
2085 hci_cc_le_set_scan_param(hdev, skb);
2088 case HCI_OP_LE_SET_SCAN_ENABLE:
2089 hci_cc_le_set_scan_enable(hdev, skb);
2092 case HCI_OP_LE_LTK_REPLY:
2093 hci_cc_le_ltk_reply(hdev, skb);
2096 case HCI_OP_LE_LTK_NEG_REPLY:
2097 hci_cc_le_ltk_neg_reply(hdev, skb);
2100 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2101 hci_cc_write_le_host_supported(hdev, skb);
2105 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2109 if (ev->opcode != HCI_OP_NOP)
2110 del_timer(&hdev->cmd_timer);
2113 atomic_set(&hdev->cmd_cnt, 1);
2114 if (!skb_queue_empty(&hdev->cmd_q))
2115 queue_work(hdev->workqueue, &hdev->cmd_work);
2119 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2121 struct hci_ev_cmd_status *ev = (void *) skb->data;
2124 skb_pull(skb, sizeof(*ev));
2126 opcode = __le16_to_cpu(ev->opcode);
2129 case HCI_OP_INQUIRY:
2130 hci_cs_inquiry(hdev, ev->status);
2133 case HCI_OP_CREATE_CONN:
2134 hci_cs_create_conn(hdev, ev->status);
2137 case HCI_OP_ADD_SCO:
2138 hci_cs_add_sco(hdev, ev->status);
2141 case HCI_OP_AUTH_REQUESTED:
2142 hci_cs_auth_requested(hdev, ev->status);
2145 case HCI_OP_SET_CONN_ENCRYPT:
2146 hci_cs_set_conn_encrypt(hdev, ev->status);
2149 case HCI_OP_REMOTE_NAME_REQ:
2150 hci_cs_remote_name_req(hdev, ev->status);
2153 case HCI_OP_READ_REMOTE_FEATURES:
2154 hci_cs_read_remote_features(hdev, ev->status);
2157 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2158 hci_cs_read_remote_ext_features(hdev, ev->status);
2161 case HCI_OP_SETUP_SYNC_CONN:
2162 hci_cs_setup_sync_conn(hdev, ev->status);
2165 case HCI_OP_SNIFF_MODE:
2166 hci_cs_sniff_mode(hdev, ev->status);
2169 case HCI_OP_EXIT_SNIFF_MODE:
2170 hci_cs_exit_sniff_mode(hdev, ev->status);
2173 case HCI_OP_DISCONNECT:
2174 if (ev->status != 0)
2175 mgmt_disconnect_failed(hdev, NULL, ev->status);
2178 case HCI_OP_LE_CREATE_CONN:
2179 hci_cs_le_create_conn(hdev, ev->status);
2182 case HCI_OP_LE_START_ENC:
2183 hci_cs_le_start_enc(hdev, ev->status);
2187 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2191 if (ev->opcode != HCI_OP_NOP)
2192 del_timer(&hdev->cmd_timer);
2194 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2195 atomic_set(&hdev->cmd_cnt, 1);
2196 if (!skb_queue_empty(&hdev->cmd_q))
2197 queue_work(hdev->workqueue, &hdev->cmd_work);
2201 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2203 struct hci_ev_role_change *ev = (void *) skb->data;
2204 struct hci_conn *conn;
2206 BT_DBG("%s status %d", hdev->name, ev->status);
2210 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2214 conn->link_mode &= ~HCI_LM_MASTER;
2216 conn->link_mode |= HCI_LM_MASTER;
2219 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
2221 hci_role_switch_cfm(conn, ev->status, ev->role);
2224 hci_dev_unlock(hdev);
2227 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2229 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2233 skb_pull(skb, sizeof(*ev));
2235 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2237 if (skb->len < ev->num_hndl * 4) {
2238 BT_DBG("%s bad parameters", hdev->name);
2242 tasklet_disable(&hdev->tx_task);
2244 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
2245 struct hci_conn *conn;
2246 __u16 handle, count;
2248 handle = get_unaligned_le16(ptr++);
2249 count = get_unaligned_le16(ptr++);
2251 conn = hci_conn_hash_lookup_handle(hdev, handle);
2253 conn->sent -= count;
2255 if (conn->type == ACL_LINK) {
2256 hdev->acl_cnt += count;
2257 if (hdev->acl_cnt > hdev->acl_pkts)
2258 hdev->acl_cnt = hdev->acl_pkts;
2259 } else if (conn->type == LE_LINK) {
2260 if (hdev->le_pkts) {
2261 hdev->le_cnt += count;
2262 if (hdev->le_cnt > hdev->le_pkts)
2263 hdev->le_cnt = hdev->le_pkts;
2265 hdev->acl_cnt += count;
2266 if (hdev->acl_cnt > hdev->acl_pkts)
2267 hdev->acl_cnt = hdev->acl_pkts;
2270 hdev->sco_cnt += count;
2271 if (hdev->sco_cnt > hdev->sco_pkts)
2272 hdev->sco_cnt = hdev->sco_pkts;
2277 tasklet_schedule(&hdev->tx_task);
2279 tasklet_enable(&hdev->tx_task);
2282 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2284 struct hci_ev_mode_change *ev = (void *) skb->data;
2285 struct hci_conn *conn;
2287 BT_DBG("%s status %d", hdev->name, ev->status);
2291 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2293 conn->mode = ev->mode;
2294 conn->interval = __le16_to_cpu(ev->interval);
2296 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2297 if (conn->mode == HCI_CM_ACTIVE)
2298 conn->power_save = 1;
2300 conn->power_save = 0;
2303 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2304 hci_sco_setup(conn, ev->status);
2307 hci_dev_unlock(hdev);
2310 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2312 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2313 struct hci_conn *conn;
2315 BT_DBG("%s", hdev->name);
2319 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2323 if (conn->state == BT_CONNECTED) {
2324 hci_conn_hold(conn);
2325 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2329 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2330 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2331 sizeof(ev->bdaddr), &ev->bdaddr);
2332 else if (test_bit(HCI_MGMT, &hdev->flags)) {
2335 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2340 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2344 hci_dev_unlock(hdev);
2347 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2349 struct hci_ev_link_key_req *ev = (void *) skb->data;
2350 struct hci_cp_link_key_reply cp;
2351 struct hci_conn *conn;
2352 struct link_key *key;
2354 BT_DBG("%s", hdev->name);
2356 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2361 key = hci_find_link_key(hdev, &ev->bdaddr);
2363 BT_DBG("%s link key not found for %s", hdev->name,
2364 batostr(&ev->bdaddr));
2368 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2369 batostr(&ev->bdaddr));
2371 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2372 key->type == HCI_LK_DEBUG_COMBINATION) {
2373 BT_DBG("%s ignoring debug key", hdev->name);
2377 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2379 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2380 conn->auth_type != 0xff &&
2381 (conn->auth_type & 0x01)) {
2382 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2386 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2387 conn->pending_sec_level == BT_SECURITY_HIGH) {
2388 BT_DBG("%s ignoring key unauthenticated for high \
2389 security", hdev->name);
2393 conn->key_type = key->type;
2394 conn->pin_length = key->pin_len;
2397 bacpy(&cp.bdaddr, &ev->bdaddr);
2398 memcpy(cp.link_key, key->val, 16);
2400 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2402 hci_dev_unlock(hdev);
2407 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2408 hci_dev_unlock(hdev);
2411 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2413 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2414 struct hci_conn *conn;
2417 BT_DBG("%s", hdev->name);
2421 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2423 hci_conn_hold(conn);
2424 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2425 pin_len = conn->pin_length;
2427 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2428 conn->key_type = ev->key_type;
2433 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
2434 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2435 ev->key_type, pin_len);
2437 hci_dev_unlock(hdev);
2440 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2442 struct hci_ev_clock_offset *ev = (void *) skb->data;
2443 struct hci_conn *conn;
2445 BT_DBG("%s status %d", hdev->name, ev->status);
2449 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2450 if (conn && !ev->status) {
2451 struct inquiry_entry *ie;
2453 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2455 ie->data.clock_offset = ev->clock_offset;
2456 ie->timestamp = jiffies;
2460 hci_dev_unlock(hdev);
2463 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2465 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2466 struct hci_conn *conn;
2468 BT_DBG("%s status %d", hdev->name, ev->status);
2472 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2473 if (conn && !ev->status)
2474 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2476 hci_dev_unlock(hdev);
2479 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2481 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2482 struct inquiry_entry *ie;
2484 BT_DBG("%s", hdev->name);
2488 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2490 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2491 ie->timestamp = jiffies;
2494 hci_dev_unlock(hdev);
2497 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2499 struct inquiry_data data;
2500 int num_rsp = *((__u8 *) skb->data);
2502 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2509 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2510 struct inquiry_info_with_rssi_and_pscan_mode *info;
2511 info = (void *) (skb->data + 1);
2513 for (; num_rsp; num_rsp--, info++) {
2514 bacpy(&data.bdaddr, &info->bdaddr);
2515 data.pscan_rep_mode = info->pscan_rep_mode;
2516 data.pscan_period_mode = info->pscan_period_mode;
2517 data.pscan_mode = info->pscan_mode;
2518 memcpy(data.dev_class, info->dev_class, 3);
2519 data.clock_offset = info->clock_offset;
2520 data.rssi = info->rssi;
2521 data.ssp_mode = 0x00;
2522 hci_inquiry_cache_update(hdev, &data);
2523 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2524 info->dev_class, info->rssi,
2528 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2530 for (; num_rsp; num_rsp--, info++) {
2531 bacpy(&data.bdaddr, &info->bdaddr);
2532 data.pscan_rep_mode = info->pscan_rep_mode;
2533 data.pscan_period_mode = info->pscan_period_mode;
2534 data.pscan_mode = 0x00;
2535 memcpy(data.dev_class, info->dev_class, 3);
2536 data.clock_offset = info->clock_offset;
2537 data.rssi = info->rssi;
2538 data.ssp_mode = 0x00;
2539 hci_inquiry_cache_update(hdev, &data);
2540 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2541 info->dev_class, info->rssi,
2546 hci_dev_unlock(hdev);
2549 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2551 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2552 struct hci_conn *conn;
2554 BT_DBG("%s", hdev->name);
2558 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2562 if (!ev->status && ev->page == 0x01) {
2563 struct inquiry_entry *ie;
2565 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2567 ie->data.ssp_mode = (ev->features[0] & 0x01);
2569 conn->ssp_mode = (ev->features[0] & 0x01);
2572 if (conn->state != BT_CONFIG)
2576 struct hci_cp_remote_name_req cp;
2577 memset(&cp, 0, sizeof(cp));
2578 bacpy(&cp.bdaddr, &conn->dst);
2579 cp.pscan_rep_mode = 0x02;
2580 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2583 if (!hci_outgoing_auth_needed(hdev, conn)) {
2584 conn->state = BT_CONNECTED;
2585 hci_proto_connect_cfm(conn, ev->status);
2590 hci_dev_unlock(hdev);
2593 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2595 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2596 struct hci_conn *conn;
2598 BT_DBG("%s status %d", hdev->name, ev->status);
2602 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2604 if (ev->link_type == ESCO_LINK)
2607 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2611 conn->type = SCO_LINK;
2614 switch (ev->status) {
2616 conn->handle = __le16_to_cpu(ev->handle);
2617 conn->state = BT_CONNECTED;
2619 hci_conn_hold_device(conn);
2620 hci_conn_add_sysfs(conn);
2623 case 0x11: /* Unsupported Feature or Parameter Value */
2624 case 0x1c: /* SCO interval rejected */
2625 case 0x1a: /* Unsupported Remote Feature */
2626 case 0x1f: /* Unspecified error */
2627 if (conn->out && conn->attempt < 2) {
2628 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2629 (hdev->esco_type & EDR_ESCO_MASK);
2630 hci_setup_sync(conn, conn->link->handle);
2636 conn->state = BT_CLOSED;
2640 hci_proto_connect_cfm(conn, ev->status);
2645 hci_dev_unlock(hdev);
2648 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2650 BT_DBG("%s", hdev->name);
2653 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2655 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2657 BT_DBG("%s status %d", hdev->name, ev->status);
2660 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2662 struct inquiry_data data;
2663 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2664 int num_rsp = *((__u8 *) skb->data);
2666 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2673 for (; num_rsp; num_rsp--, info++) {
2674 bacpy(&data.bdaddr, &info->bdaddr);
2675 data.pscan_rep_mode = info->pscan_rep_mode;
2676 data.pscan_period_mode = info->pscan_period_mode;
2677 data.pscan_mode = 0x00;
2678 memcpy(data.dev_class, info->dev_class, 3);
2679 data.clock_offset = info->clock_offset;
2680 data.rssi = info->rssi;
2681 data.ssp_mode = 0x01;
2682 hci_inquiry_cache_update(hdev, &data);
2683 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2684 info->dev_class, info->rssi, info->data);
2687 hci_dev_unlock(hdev);
2690 static inline u8 hci_get_auth_req(struct hci_conn *conn)
2692 /* If remote requests dedicated bonding follow that lead */
2693 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2694 /* If both remote and local IO capabilities allow MITM
2695 * protection then require it, otherwise don't */
2696 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2702 /* If remote requests no-bonding follow that lead */
2703 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
2704 return conn->remote_auth | (conn->auth_type & 0x01);
2706 return conn->auth_type;
2709 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2711 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2712 struct hci_conn *conn;
2714 BT_DBG("%s", hdev->name);
2718 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2722 hci_conn_hold(conn);
2724 if (!test_bit(HCI_MGMT, &hdev->flags))
2727 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2728 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
2729 struct hci_cp_io_capability_reply cp;
2731 bacpy(&cp.bdaddr, &ev->bdaddr);
2732 cp.capability = conn->io_capability;
2733 conn->auth_type = hci_get_auth_req(conn);
2734 cp.authentication = conn->auth_type;
2736 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2737 hci_find_remote_oob_data(hdev, &conn->dst))
2742 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2745 struct hci_cp_io_capability_neg_reply cp;
2747 bacpy(&cp.bdaddr, &ev->bdaddr);
2748 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
2750 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2755 hci_dev_unlock(hdev);
2758 static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2760 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2761 struct hci_conn *conn;
2763 BT_DBG("%s", hdev->name);
2767 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2771 conn->remote_cap = ev->capability;
2772 conn->remote_oob = ev->oob_data;
2773 conn->remote_auth = ev->authentication;
2776 hci_dev_unlock(hdev);
2779 static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2780 struct sk_buff *skb)
2782 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
2783 int loc_mitm, rem_mitm, confirm_hint = 0;
2784 struct hci_conn *conn;
2786 BT_DBG("%s", hdev->name);
2790 if (!test_bit(HCI_MGMT, &hdev->flags))
2793 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2797 loc_mitm = (conn->auth_type & 0x01);
2798 rem_mitm = (conn->remote_auth & 0x01);
2800 /* If we require MITM but the remote device can't provide that
2801 * (it has NoInputNoOutput) then reject the confirmation
2802 * request. The only exception is when we're dedicated bonding
2803 * initiators (connect_cfm_cb set) since then we always have the MITM
2805 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2806 BT_DBG("Rejecting request: remote device can't provide MITM");
2807 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2808 sizeof(ev->bdaddr), &ev->bdaddr);
2812 /* If no side requires MITM protection; auto-accept */
2813 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2814 (!rem_mitm || conn->io_capability == 0x03)) {
2816 /* If we're not the initiators request authorization to
2817 * proceed from user space (mgmt_user_confirm with
2818 * confirm_hint set to 1). */
2819 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2820 BT_DBG("Confirming auto-accept as acceptor");
2825 BT_DBG("Auto-accept of user confirmation with %ums delay",
2826 hdev->auto_accept_delay);
2828 if (hdev->auto_accept_delay > 0) {
2829 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2830 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2834 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2835 sizeof(ev->bdaddr), &ev->bdaddr);
2840 mgmt_user_confirm_request(hdev, &ev->bdaddr, ev->passkey,
2844 hci_dev_unlock(hdev);
2847 static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
2848 struct sk_buff *skb)
2850 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
2852 BT_DBG("%s", hdev->name);
2856 if (test_bit(HCI_MGMT, &hdev->flags))
2857 mgmt_user_passkey_request(hdev, &ev->bdaddr);
2859 hci_dev_unlock(hdev);
2862 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2864 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2865 struct hci_conn *conn;
2867 BT_DBG("%s", hdev->name);
2871 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2875 /* To avoid duplicate auth_failed events to user space we check
2876 * the HCI_CONN_AUTH_PEND flag which will be set if we
2877 * initiated the authentication. A traditional auth_complete
2878 * event gets always produced as initiator and is also mapped to
2879 * the mgmt_auth_failed event */
2880 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
2881 mgmt_auth_failed(hdev, &conn->dst, ev->status);
2886 hci_dev_unlock(hdev);
2889 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2891 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2892 struct inquiry_entry *ie;
2894 BT_DBG("%s", hdev->name);
2898 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2900 ie->data.ssp_mode = (ev->features[0] & 0x01);
2902 hci_dev_unlock(hdev);
2905 static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2906 struct sk_buff *skb)
2908 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2909 struct oob_data *data;
2911 BT_DBG("%s", hdev->name);
2915 if (!test_bit(HCI_MGMT, &hdev->flags))
2918 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2920 struct hci_cp_remote_oob_data_reply cp;
2922 bacpy(&cp.bdaddr, &ev->bdaddr);
2923 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2924 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2926 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2929 struct hci_cp_remote_oob_data_neg_reply cp;
2931 bacpy(&cp.bdaddr, &ev->bdaddr);
2932 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2937 hci_dev_unlock(hdev);
2940 static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2942 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2943 struct hci_conn *conn;
2945 BT_DBG("%s status %d", hdev->name, ev->status);
2949 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
2951 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2953 BT_ERR("No memory for new connection");
2954 hci_dev_unlock(hdev);
2958 conn->dst_type = ev->bdaddr_type;
2962 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
2963 conn->dst_type, ev->status);
2964 hci_proto_connect_cfm(conn, ev->status);
2965 conn->state = BT_CLOSED;
2970 mgmt_connected(hdev, &ev->bdaddr, conn->type, conn->dst_type);
2972 conn->sec_level = BT_SECURITY_LOW;
2973 conn->handle = __le16_to_cpu(ev->handle);
2974 conn->state = BT_CONNECTED;
2976 hci_conn_hold_device(conn);
2977 hci_conn_add_sysfs(conn);
2979 hci_proto_connect_cfm(conn, ev->status);
2982 hci_dev_unlock(hdev);
2985 static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
2986 struct sk_buff *skb)
2988 u8 num_reports = skb->data[0];
2989 void *ptr = &skb->data[1];
2993 while (num_reports--) {
2994 struct hci_ev_le_advertising_info *ev = ptr;
2996 hci_add_adv_entry(hdev, ev);
2998 ptr += sizeof(*ev) + ev->length + 1;
3001 hci_dev_unlock(hdev);
3004 static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3005 struct sk_buff *skb)
3007 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3008 struct hci_cp_le_ltk_reply cp;
3009 struct hci_cp_le_ltk_neg_reply neg;
3010 struct hci_conn *conn;
3011 struct link_key *ltk;
3013 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3017 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3021 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3025 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3026 cp.handle = cpu_to_le16(conn->handle);
3027 conn->pin_length = ltk->pin_len;
3029 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3031 hci_dev_unlock(hdev);
3036 neg.handle = ev->handle;
3037 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3038 hci_dev_unlock(hdev);
3041 static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3043 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3045 skb_pull(skb, sizeof(*le_ev));
3047 switch (le_ev->subevent) {
3048 case HCI_EV_LE_CONN_COMPLETE:
3049 hci_le_conn_complete_evt(hdev, skb);
3052 case HCI_EV_LE_ADVERTISING_REPORT:
3053 hci_le_adv_report_evt(hdev, skb);
3056 case HCI_EV_LE_LTK_REQ:
3057 hci_le_ltk_request_evt(hdev, skb);
3065 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3067 struct hci_event_hdr *hdr = (void *) skb->data;
3068 __u8 event = hdr->evt;
3070 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3073 case HCI_EV_INQUIRY_COMPLETE:
3074 hci_inquiry_complete_evt(hdev, skb);
3077 case HCI_EV_INQUIRY_RESULT:
3078 hci_inquiry_result_evt(hdev, skb);
3081 case HCI_EV_CONN_COMPLETE:
3082 hci_conn_complete_evt(hdev, skb);
3085 case HCI_EV_CONN_REQUEST:
3086 hci_conn_request_evt(hdev, skb);
3089 case HCI_EV_DISCONN_COMPLETE:
3090 hci_disconn_complete_evt(hdev, skb);
3093 case HCI_EV_AUTH_COMPLETE:
3094 hci_auth_complete_evt(hdev, skb);
3097 case HCI_EV_REMOTE_NAME:
3098 hci_remote_name_evt(hdev, skb);
3101 case HCI_EV_ENCRYPT_CHANGE:
3102 hci_encrypt_change_evt(hdev, skb);
3105 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3106 hci_change_link_key_complete_evt(hdev, skb);
3109 case HCI_EV_REMOTE_FEATURES:
3110 hci_remote_features_evt(hdev, skb);
3113 case HCI_EV_REMOTE_VERSION:
3114 hci_remote_version_evt(hdev, skb);
3117 case HCI_EV_QOS_SETUP_COMPLETE:
3118 hci_qos_setup_complete_evt(hdev, skb);
3121 case HCI_EV_CMD_COMPLETE:
3122 hci_cmd_complete_evt(hdev, skb);
3125 case HCI_EV_CMD_STATUS:
3126 hci_cmd_status_evt(hdev, skb);
3129 case HCI_EV_ROLE_CHANGE:
3130 hci_role_change_evt(hdev, skb);
3133 case HCI_EV_NUM_COMP_PKTS:
3134 hci_num_comp_pkts_evt(hdev, skb);
3137 case HCI_EV_MODE_CHANGE:
3138 hci_mode_change_evt(hdev, skb);
3141 case HCI_EV_PIN_CODE_REQ:
3142 hci_pin_code_request_evt(hdev, skb);
3145 case HCI_EV_LINK_KEY_REQ:
3146 hci_link_key_request_evt(hdev, skb);
3149 case HCI_EV_LINK_KEY_NOTIFY:
3150 hci_link_key_notify_evt(hdev, skb);
3153 case HCI_EV_CLOCK_OFFSET:
3154 hci_clock_offset_evt(hdev, skb);
3157 case HCI_EV_PKT_TYPE_CHANGE:
3158 hci_pkt_type_change_evt(hdev, skb);
3161 case HCI_EV_PSCAN_REP_MODE:
3162 hci_pscan_rep_mode_evt(hdev, skb);
3165 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3166 hci_inquiry_result_with_rssi_evt(hdev, skb);
3169 case HCI_EV_REMOTE_EXT_FEATURES:
3170 hci_remote_ext_features_evt(hdev, skb);
3173 case HCI_EV_SYNC_CONN_COMPLETE:
3174 hci_sync_conn_complete_evt(hdev, skb);
3177 case HCI_EV_SYNC_CONN_CHANGED:
3178 hci_sync_conn_changed_evt(hdev, skb);
3181 case HCI_EV_SNIFF_SUBRATE:
3182 hci_sniff_subrate_evt(hdev, skb);
3185 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3186 hci_extended_inquiry_result_evt(hdev, skb);
3189 case HCI_EV_IO_CAPA_REQUEST:
3190 hci_io_capa_request_evt(hdev, skb);
3193 case HCI_EV_IO_CAPA_REPLY:
3194 hci_io_capa_reply_evt(hdev, skb);
3197 case HCI_EV_USER_CONFIRM_REQUEST:
3198 hci_user_confirm_request_evt(hdev, skb);
3201 case HCI_EV_USER_PASSKEY_REQUEST:
3202 hci_user_passkey_request_evt(hdev, skb);
3205 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3206 hci_simple_pair_complete_evt(hdev, skb);
3209 case HCI_EV_REMOTE_HOST_FEATURES:
3210 hci_remote_host_features_evt(hdev, skb);
3213 case HCI_EV_LE_META:
3214 hci_le_meta_evt(hdev, skb);
3217 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3218 hci_remote_oob_data_request_evt(hdev, skb);
3222 BT_DBG("%s event 0x%x", hdev->name, event);
3227 hdev->stat.evt_rx++;
3230 /* Generate internal stack event */
3231 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3233 struct hci_event_hdr *hdr;
3234 struct hci_ev_stack_internal *ev;
3235 struct sk_buff *skb;
3237 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3241 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3242 hdr->evt = HCI_EV_STACK_INTERNAL;
3243 hdr->plen = sizeof(*ev) + dlen;
3245 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3247 memcpy(ev->data, data, dlen);
3249 bt_cb(skb)->incoming = 1;
3250 __net_timestamp(skb);
3252 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
3253 skb->dev = (void *) hdev;
3254 hci_send_to_sock(hdev, skb, NULL);
3258 module_param(enable_le, bool, 0644);
3259 MODULE_PARM_DESC(enable_le, "Enable LE support");
projects / linux-flexiantxendom0-3.2.10.git / blob