2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
50 /* Handle HCI Event packets */
52 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
54 __u8 status = *((__u8 *) skb->data);
56 BT_DBG("%s status 0x%x", hdev->name, status);
60 mgmt_stop_discovery_failed(hdev, status);
65 clear_bit(HCI_INQUIRY, &hdev->flags);
68 mgmt_discovering(hdev, 0);
71 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
73 hci_conn_check_pending(hdev);
76 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
78 __u8 status = *((__u8 *) skb->data);
80 BT_DBG("%s status 0x%x", hdev->name, status);
85 hci_conn_check_pending(hdev);
88 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
90 BT_DBG("%s", hdev->name);
93 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
98 BT_DBG("%s status 0x%x", hdev->name, rp->status);
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
108 conn->link_mode &= ~HCI_LM_MASTER;
110 conn->link_mode |= HCI_LM_MASTER;
113 hci_dev_unlock(hdev);
116 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
121 BT_DBG("%s status 0x%x", hdev->name, rp->status);
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
130 conn->link_policy = __le16_to_cpu(rp->policy);
132 hci_dev_unlock(hdev);
135 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
138 struct hci_conn *conn;
141 BT_DBG("%s status 0x%x", hdev->name, rp->status);
146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
154 conn->link_policy = get_unaligned_le16(sent + 2);
156 hci_dev_unlock(hdev);
159 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
161 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
163 BT_DBG("%s status 0x%x", hdev->name, rp->status);
168 hdev->link_policy = __le16_to_cpu(rp->policy);
171 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
173 __u8 status = *((__u8 *) skb->data);
176 BT_DBG("%s status 0x%x", hdev->name, status);
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
183 hdev->link_policy = get_unaligned_le16(sent);
185 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
188 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
190 __u8 status = *((__u8 *) skb->data);
192 BT_DBG("%s status 0x%x", hdev->name, status);
194 clear_bit(HCI_RESET, &hdev->flags);
196 hci_req_complete(hdev, HCI_OP_RESET, status);
201 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
203 __u8 status = *((__u8 *) skb->data);
206 BT_DBG("%s status 0x%x", hdev->name, status);
208 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
214 if (test_bit(HCI_MGMT, &hdev->flags))
215 mgmt_set_local_name_complete(hdev, sent, status);
218 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
220 hci_dev_unlock(hdev);
223 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
225 struct hci_rp_read_local_name *rp = (void *) skb->data;
227 BT_DBG("%s status 0x%x", hdev->name, rp->status);
232 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
235 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
237 __u8 status = *((__u8 *) skb->data);
240 BT_DBG("%s status 0x%x", hdev->name, status);
242 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
247 __u8 param = *((__u8 *) sent);
249 if (param == AUTH_ENABLED)
250 set_bit(HCI_AUTH, &hdev->flags);
252 clear_bit(HCI_AUTH, &hdev->flags);
255 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
258 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
260 __u8 status = *((__u8 *) skb->data);
263 BT_DBG("%s status 0x%x", hdev->name, status);
265 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
270 __u8 param = *((__u8 *) sent);
273 set_bit(HCI_ENCRYPT, &hdev->flags);
275 clear_bit(HCI_ENCRYPT, &hdev->flags);
278 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
281 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
283 __u8 param, status = *((__u8 *) skb->data);
284 int old_pscan, old_iscan;
287 BT_DBG("%s status 0x%x", hdev->name, status);
289 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
293 param = *((__u8 *) sent);
298 mgmt_write_scan_failed(hdev, param, status);
299 hdev->discov_timeout = 0;
303 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
304 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
306 if (param & SCAN_INQUIRY) {
307 set_bit(HCI_ISCAN, &hdev->flags);
309 mgmt_discoverable(hdev, 1);
310 if (hdev->discov_timeout > 0) {
311 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
312 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
315 } else if (old_iscan)
316 mgmt_discoverable(hdev, 0);
318 if (param & SCAN_PAGE) {
319 set_bit(HCI_PSCAN, &hdev->flags);
321 mgmt_connectable(hdev, 1);
322 } else if (old_pscan)
323 mgmt_connectable(hdev, 0);
326 hci_dev_unlock(hdev);
327 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
330 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
332 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
334 BT_DBG("%s status 0x%x", hdev->name, rp->status);
339 memcpy(hdev->dev_class, rp->dev_class, 3);
341 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
342 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
345 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
347 __u8 status = *((__u8 *) skb->data);
350 BT_DBG("%s status 0x%x", hdev->name, status);
355 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
359 memcpy(hdev->dev_class, sent, 3);
362 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
364 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
367 BT_DBG("%s status 0x%x", hdev->name, rp->status);
372 setting = __le16_to_cpu(rp->voice_setting);
374 if (hdev->voice_setting == setting)
377 hdev->voice_setting = setting;
379 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
382 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
385 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
387 __u8 status = *((__u8 *) skb->data);
391 BT_DBG("%s status 0x%x", hdev->name, status);
396 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
400 setting = get_unaligned_le16(sent);
402 if (hdev->voice_setting == setting)
405 hdev->voice_setting = setting;
407 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
410 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
413 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
415 __u8 status = *((__u8 *) skb->data);
417 BT_DBG("%s status 0x%x", hdev->name, status);
419 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
422 static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
424 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
426 BT_DBG("%s status 0x%x", hdev->name, rp->status);
431 hdev->ssp_mode = rp->mode;
434 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
436 __u8 status = *((__u8 *) skb->data);
439 BT_DBG("%s status 0x%x", hdev->name, status);
444 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
448 hdev->ssp_mode = *((__u8 *) sent);
451 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
453 if (hdev->features[6] & LMP_EXT_INQ)
456 if (hdev->features[3] & LMP_RSSI_INQ)
459 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
460 hdev->lmp_subver == 0x0757)
463 if (hdev->manufacturer == 15) {
464 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
466 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
468 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
472 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
473 hdev->lmp_subver == 0x1805)
479 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
483 mode = hci_get_inquiry_mode(hdev);
485 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
488 static void hci_setup_event_mask(struct hci_dev *hdev)
490 /* The second byte is 0xff instead of 0x9f (two reserved bits
491 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
492 * command otherwise */
493 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
495 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
496 * any event mask for pre 1.2 devices */
497 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
500 events[4] |= 0x01; /* Flow Specification Complete */
501 events[4] |= 0x02; /* Inquiry Result with RSSI */
502 events[4] |= 0x04; /* Read Remote Extended Features Complete */
503 events[5] |= 0x08; /* Synchronous Connection Complete */
504 events[5] |= 0x10; /* Synchronous Connection Changed */
506 if (hdev->features[3] & LMP_RSSI_INQ)
507 events[4] |= 0x04; /* Inquiry Result with RSSI */
509 if (hdev->features[5] & LMP_SNIFF_SUBR)
510 events[5] |= 0x20; /* Sniff Subrating */
512 if (hdev->features[5] & LMP_PAUSE_ENC)
513 events[5] |= 0x80; /* Encryption Key Refresh Complete */
515 if (hdev->features[6] & LMP_EXT_INQ)
516 events[5] |= 0x40; /* Extended Inquiry Result */
518 if (hdev->features[6] & LMP_NO_FLUSH)
519 events[7] |= 0x01; /* Enhanced Flush Complete */
521 if (hdev->features[7] & LMP_LSTO)
522 events[6] |= 0x80; /* Link Supervision Timeout Changed */
524 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
525 events[6] |= 0x01; /* IO Capability Request */
526 events[6] |= 0x02; /* IO Capability Response */
527 events[6] |= 0x04; /* User Confirmation Request */
528 events[6] |= 0x08; /* User Passkey Request */
529 events[6] |= 0x10; /* Remote OOB Data Request */
530 events[6] |= 0x20; /* Simple Pairing Complete */
531 events[7] |= 0x04; /* User Passkey Notification */
532 events[7] |= 0x08; /* Keypress Notification */
533 events[7] |= 0x10; /* Remote Host Supported
534 * Features Notification */
537 if (hdev->features[4] & LMP_LE)
538 events[7] |= 0x20; /* LE Meta-Event */
540 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
543 static void hci_set_le_support(struct hci_dev *hdev)
545 struct hci_cp_write_le_host_supported cp;
547 memset(&cp, 0, sizeof(cp));
551 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
554 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
557 static void hci_setup(struct hci_dev *hdev)
559 if (hdev->dev_type != HCI_BREDR)
562 hci_setup_event_mask(hdev);
564 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
565 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
567 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
569 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
572 if (hdev->features[3] & LMP_RSSI_INQ)
573 hci_setup_inquiry_mode(hdev);
575 if (hdev->features[7] & LMP_INQ_TX_PWR)
576 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
578 if (hdev->features[7] & LMP_EXTFEATURES) {
579 struct hci_cp_read_local_ext_features cp;
582 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
586 if (hdev->features[4] & LMP_LE)
587 hci_set_le_support(hdev);
590 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
592 struct hci_rp_read_local_version *rp = (void *) skb->data;
594 BT_DBG("%s status 0x%x", hdev->name, rp->status);
599 hdev->hci_ver = rp->hci_ver;
600 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
601 hdev->lmp_ver = rp->lmp_ver;
602 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
603 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
605 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
607 hdev->hci_ver, hdev->hci_rev);
609 if (test_bit(HCI_INIT, &hdev->flags))
613 static void hci_setup_link_policy(struct hci_dev *hdev)
617 if (hdev->features[0] & LMP_RSWITCH)
618 link_policy |= HCI_LP_RSWITCH;
619 if (hdev->features[0] & LMP_HOLD)
620 link_policy |= HCI_LP_HOLD;
621 if (hdev->features[0] & LMP_SNIFF)
622 link_policy |= HCI_LP_SNIFF;
623 if (hdev->features[1] & LMP_PARK)
624 link_policy |= HCI_LP_PARK;
626 link_policy = cpu_to_le16(link_policy);
627 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
628 sizeof(link_policy), &link_policy);
631 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
633 struct hci_rp_read_local_commands *rp = (void *) skb->data;
635 BT_DBG("%s status 0x%x", hdev->name, rp->status);
640 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
642 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
643 hci_setup_link_policy(hdev);
646 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
649 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
651 struct hci_rp_read_local_features *rp = (void *) skb->data;
653 BT_DBG("%s status 0x%x", hdev->name, rp->status);
658 memcpy(hdev->features, rp->features, 8);
660 /* Adjust default settings according to features
661 * supported by device. */
663 if (hdev->features[0] & LMP_3SLOT)
664 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
666 if (hdev->features[0] & LMP_5SLOT)
667 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
669 if (hdev->features[1] & LMP_HV2) {
670 hdev->pkt_type |= (HCI_HV2);
671 hdev->esco_type |= (ESCO_HV2);
674 if (hdev->features[1] & LMP_HV3) {
675 hdev->pkt_type |= (HCI_HV3);
676 hdev->esco_type |= (ESCO_HV3);
679 if (hdev->features[3] & LMP_ESCO)
680 hdev->esco_type |= (ESCO_EV3);
682 if (hdev->features[4] & LMP_EV4)
683 hdev->esco_type |= (ESCO_EV4);
685 if (hdev->features[4] & LMP_EV5)
686 hdev->esco_type |= (ESCO_EV5);
688 if (hdev->features[5] & LMP_EDR_ESCO_2M)
689 hdev->esco_type |= (ESCO_2EV3);
691 if (hdev->features[5] & LMP_EDR_ESCO_3M)
692 hdev->esco_type |= (ESCO_3EV3);
694 if (hdev->features[5] & LMP_EDR_3S_ESCO)
695 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
697 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
698 hdev->features[0], hdev->features[1],
699 hdev->features[2], hdev->features[3],
700 hdev->features[4], hdev->features[5],
701 hdev->features[6], hdev->features[7]);
704 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
707 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
709 BT_DBG("%s status 0x%x", hdev->name, rp->status);
714 memcpy(hdev->extfeatures, rp->features, 8);
716 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
719 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
722 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
724 BT_DBG("%s status 0x%x", hdev->name, rp->status);
729 hdev->flow_ctl_mode = rp->mode;
731 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
734 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
736 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
738 BT_DBG("%s status 0x%x", hdev->name, rp->status);
743 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
744 hdev->sco_mtu = rp->sco_mtu;
745 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
746 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
748 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
753 hdev->acl_cnt = hdev->acl_pkts;
754 hdev->sco_cnt = hdev->sco_pkts;
756 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
757 hdev->acl_mtu, hdev->acl_pkts,
758 hdev->sco_mtu, hdev->sco_pkts);
761 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
763 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
765 BT_DBG("%s status 0x%x", hdev->name, rp->status);
768 bacpy(&hdev->bdaddr, &rp->bdaddr);
770 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
773 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
776 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
778 BT_DBG("%s status 0x%x", hdev->name, rp->status);
783 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
784 hdev->block_len = __le16_to_cpu(rp->block_len);
785 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
787 hdev->block_cnt = hdev->num_blocks;
789 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
790 hdev->block_cnt, hdev->block_len);
792 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
795 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
797 __u8 status = *((__u8 *) skb->data);
799 BT_DBG("%s status 0x%x", hdev->name, status);
801 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
804 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
807 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
809 BT_DBG("%s status 0x%x", hdev->name, rp->status);
814 hdev->amp_status = rp->amp_status;
815 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
816 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
817 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
818 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
819 hdev->amp_type = rp->amp_type;
820 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
821 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
822 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
823 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
825 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
828 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
831 __u8 status = *((__u8 *) skb->data);
833 BT_DBG("%s status 0x%x", hdev->name, status);
835 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
838 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
840 __u8 status = *((__u8 *) skb->data);
842 BT_DBG("%s status 0x%x", hdev->name, status);
844 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
847 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
850 __u8 status = *((__u8 *) skb->data);
852 BT_DBG("%s status 0x%x", hdev->name, status);
854 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
857 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
860 __u8 status = *((__u8 *) skb->data);
862 BT_DBG("%s status 0x%x", hdev->name, status);
864 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
867 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
869 __u8 status = *((__u8 *) skb->data);
871 BT_DBG("%s status 0x%x", hdev->name, status);
873 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
876 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
878 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
879 struct hci_cp_pin_code_reply *cp;
880 struct hci_conn *conn;
882 BT_DBG("%s status 0x%x", hdev->name, rp->status);
886 if (test_bit(HCI_MGMT, &hdev->flags))
887 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
892 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
896 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
898 conn->pin_length = cp->pin_len;
901 hci_dev_unlock(hdev);
904 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
906 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
908 BT_DBG("%s status 0x%x", hdev->name, rp->status);
912 if (test_bit(HCI_MGMT, &hdev->flags))
913 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
916 hci_dev_unlock(hdev);
919 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
922 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
924 BT_DBG("%s status 0x%x", hdev->name, rp->status);
929 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
930 hdev->le_pkts = rp->le_max_pkt;
932 hdev->le_cnt = hdev->le_pkts;
934 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
936 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
939 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
941 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
943 BT_DBG("%s status 0x%x", hdev->name, rp->status);
947 if (test_bit(HCI_MGMT, &hdev->flags))
948 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr,
951 hci_dev_unlock(hdev);
954 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
957 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
959 BT_DBG("%s status 0x%x", hdev->name, rp->status);
963 if (test_bit(HCI_MGMT, &hdev->flags))
964 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
967 hci_dev_unlock(hdev);
970 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
972 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
974 BT_DBG("%s status 0x%x", hdev->name, rp->status);
978 if (test_bit(HCI_MGMT, &hdev->flags))
979 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr,
982 hci_dev_unlock(hdev);
985 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
988 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
990 BT_DBG("%s status 0x%x", hdev->name, rp->status);
994 if (test_bit(HCI_MGMT, &hdev->flags))
995 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
998 hci_dev_unlock(hdev);
1001 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1002 struct sk_buff *skb)
1004 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1006 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1009 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
1010 rp->randomizer, rp->status);
1011 hci_dev_unlock(hdev);
1014 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1016 __u8 status = *((__u8 *) skb->data);
1018 BT_DBG("%s status 0x%x", hdev->name, status);
1021 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1022 struct sk_buff *skb)
1024 struct hci_cp_le_set_scan_enable *cp;
1025 __u8 status = *((__u8 *) skb->data);
1027 BT_DBG("%s status 0x%x", hdev->name, status);
1032 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1036 if (cp->enable == 0x01) {
1037 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1039 cancel_delayed_work_sync(&hdev->adv_work);
1042 hci_adv_entries_clear(hdev);
1043 hci_dev_unlock(hdev);
1044 } else if (cp->enable == 0x00) {
1045 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1047 cancel_delayed_work_sync(&hdev->adv_work);
1048 queue_delayed_work(hdev->workqueue, &hdev->adv_work,
1049 jiffies + ADV_CLEAR_TIMEOUT);
1053 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1055 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1057 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1062 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1065 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1067 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1069 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1074 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1077 static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1078 struct sk_buff *skb)
1080 struct hci_cp_read_local_ext_features cp;
1081 __u8 status = *((__u8 *) skb->data);
1083 BT_DBG("%s status 0x%x", hdev->name, status);
1089 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
1092 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1094 BT_DBG("%s status 0x%x", hdev->name, status);
1097 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1098 hci_conn_check_pending(hdev);
1100 if (test_bit(HCI_MGMT, &hdev->flags))
1101 mgmt_start_discovery_failed(hdev, status);
1102 hci_dev_unlock(hdev);
1106 set_bit(HCI_INQUIRY, &hdev->flags);
1109 mgmt_discovering(hdev, 1);
1110 hci_dev_unlock(hdev);
1113 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1115 struct hci_cp_create_conn *cp;
1116 struct hci_conn *conn;
1118 BT_DBG("%s status 0x%x", hdev->name, status);
1120 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1126 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1128 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1131 if (conn && conn->state == BT_CONNECT) {
1132 if (status != 0x0c || conn->attempt > 2) {
1133 conn->state = BT_CLOSED;
1134 hci_proto_connect_cfm(conn, status);
1137 conn->state = BT_CONNECT2;
1141 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1144 conn->link_mode |= HCI_LM_MASTER;
1146 BT_ERR("No memory for new connection");
1150 hci_dev_unlock(hdev);
1153 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1155 struct hci_cp_add_sco *cp;
1156 struct hci_conn *acl, *sco;
1159 BT_DBG("%s status 0x%x", hdev->name, status);
1164 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1168 handle = __le16_to_cpu(cp->handle);
1170 BT_DBG("%s handle %d", hdev->name, handle);
1174 acl = hci_conn_hash_lookup_handle(hdev, handle);
1178 sco->state = BT_CLOSED;
1180 hci_proto_connect_cfm(sco, status);
1185 hci_dev_unlock(hdev);
1188 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1190 struct hci_cp_auth_requested *cp;
1191 struct hci_conn *conn;
1193 BT_DBG("%s status 0x%x", hdev->name, status);
1198 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1204 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1206 if (conn->state == BT_CONFIG) {
1207 hci_proto_connect_cfm(conn, status);
1212 hci_dev_unlock(hdev);
1215 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1217 struct hci_cp_set_conn_encrypt *cp;
1218 struct hci_conn *conn;
1220 BT_DBG("%s status 0x%x", hdev->name, status);
1225 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1231 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1233 if (conn->state == BT_CONFIG) {
1234 hci_proto_connect_cfm(conn, status);
1239 hci_dev_unlock(hdev);
1242 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1243 struct hci_conn *conn)
1245 if (conn->state != BT_CONFIG || !conn->out)
1248 if (conn->pending_sec_level == BT_SECURITY_SDP)
1251 /* Only request authentication for SSP connections or non-SSP
1252 * devices with sec_level HIGH or if MITM protection is requested */
1253 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
1254 conn->pending_sec_level != BT_SECURITY_HIGH &&
1255 !(conn->auth_type & 0x01))
1261 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1263 struct hci_cp_remote_name_req *cp;
1264 struct hci_conn *conn;
1266 BT_DBG("%s status 0x%x", hdev->name, status);
1268 /* If successful wait for the name req complete event before
1269 * checking for the need to do authentication */
1273 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1279 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1283 if (!hci_outgoing_auth_needed(hdev, conn))
1286 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1287 struct hci_cp_auth_requested cp;
1288 cp.handle = __cpu_to_le16(conn->handle);
1289 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1293 hci_dev_unlock(hdev);
1296 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1298 struct hci_cp_read_remote_features *cp;
1299 struct hci_conn *conn;
1301 BT_DBG("%s status 0x%x", hdev->name, status);
1306 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1312 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1314 if (conn->state == BT_CONFIG) {
1315 hci_proto_connect_cfm(conn, status);
1320 hci_dev_unlock(hdev);
1323 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1325 struct hci_cp_read_remote_ext_features *cp;
1326 struct hci_conn *conn;
1328 BT_DBG("%s status 0x%x", hdev->name, status);
1333 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1339 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1341 if (conn->state == BT_CONFIG) {
1342 hci_proto_connect_cfm(conn, status);
1347 hci_dev_unlock(hdev);
1350 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1352 struct hci_cp_setup_sync_conn *cp;
1353 struct hci_conn *acl, *sco;
1356 BT_DBG("%s status 0x%x", hdev->name, status);
1361 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1365 handle = __le16_to_cpu(cp->handle);
1367 BT_DBG("%s handle %d", hdev->name, handle);
1371 acl = hci_conn_hash_lookup_handle(hdev, handle);
1375 sco->state = BT_CLOSED;
1377 hci_proto_connect_cfm(sco, status);
1382 hci_dev_unlock(hdev);
1385 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1387 struct hci_cp_sniff_mode *cp;
1388 struct hci_conn *conn;
1390 BT_DBG("%s status 0x%x", hdev->name, status);
1395 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1401 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1403 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1405 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1406 hci_sco_setup(conn, status);
1409 hci_dev_unlock(hdev);
1412 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1414 struct hci_cp_exit_sniff_mode *cp;
1415 struct hci_conn *conn;
1417 BT_DBG("%s status 0x%x", hdev->name, status);
1422 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1428 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1430 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1432 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1433 hci_sco_setup(conn, status);
1436 hci_dev_unlock(hdev);
1439 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1441 struct hci_cp_le_create_conn *cp;
1442 struct hci_conn *conn;
1444 BT_DBG("%s status 0x%x", hdev->name, status);
1446 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1452 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1454 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1458 if (conn && conn->state == BT_CONNECT) {
1459 conn->state = BT_CLOSED;
1460 hci_proto_connect_cfm(conn, status);
1465 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1467 conn->dst_type = cp->peer_addr_type;
1470 BT_ERR("No memory for new connection");
1475 hci_dev_unlock(hdev);
1478 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1480 BT_DBG("%s status 0x%x", hdev->name, status);
1483 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1485 __u8 status = *((__u8 *) skb->data);
1487 BT_DBG("%s status %d", hdev->name, status);
1489 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1491 hci_conn_check_pending(hdev);
1493 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1497 mgmt_discovering(hdev, 0);
1498 hci_dev_unlock(hdev);
1501 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1503 struct inquiry_data data;
1504 struct inquiry_info *info = (void *) (skb->data + 1);
1505 int num_rsp = *((__u8 *) skb->data);
1507 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1514 for (; num_rsp; num_rsp--, info++) {
1515 bacpy(&data.bdaddr, &info->bdaddr);
1516 data.pscan_rep_mode = info->pscan_rep_mode;
1517 data.pscan_period_mode = info->pscan_period_mode;
1518 data.pscan_mode = info->pscan_mode;
1519 memcpy(data.dev_class, info->dev_class, 3);
1520 data.clock_offset = info->clock_offset;
1522 data.ssp_mode = 0x00;
1523 hci_inquiry_cache_update(hdev, &data);
1524 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1525 info->dev_class, 0, NULL);
1528 hci_dev_unlock(hdev);
1531 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1533 struct hci_ev_conn_complete *ev = (void *) skb->data;
1534 struct hci_conn *conn;
1536 BT_DBG("%s", hdev->name);
1540 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1542 if (ev->link_type != SCO_LINK)
1545 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1549 conn->type = SCO_LINK;
1553 conn->handle = __le16_to_cpu(ev->handle);
1555 if (conn->type == ACL_LINK) {
1556 conn->state = BT_CONFIG;
1557 hci_conn_hold(conn);
1558 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1559 mgmt_connected(hdev, &ev->bdaddr, conn->type,
1562 conn->state = BT_CONNECTED;
1564 hci_conn_hold_device(conn);
1565 hci_conn_add_sysfs(conn);
1567 if (test_bit(HCI_AUTH, &hdev->flags))
1568 conn->link_mode |= HCI_LM_AUTH;
1570 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1571 conn->link_mode |= HCI_LM_ENCRYPT;
1573 /* Get remote features */
1574 if (conn->type == ACL_LINK) {
1575 struct hci_cp_read_remote_features cp;
1576 cp.handle = ev->handle;
1577 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1581 /* Set packet type for incoming connection */
1582 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1583 struct hci_cp_change_conn_ptype cp;
1584 cp.handle = ev->handle;
1585 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1586 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1590 conn->state = BT_CLOSED;
1591 if (conn->type == ACL_LINK)
1592 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1593 conn->dst_type, ev->status);
1596 if (conn->type == ACL_LINK)
1597 hci_sco_setup(conn, ev->status);
1600 hci_proto_connect_cfm(conn, ev->status);
1602 } else if (ev->link_type != ACL_LINK)
1603 hci_proto_connect_cfm(conn, ev->status);
1606 hci_dev_unlock(hdev);
1608 hci_conn_check_pending(hdev);
1611 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1613 struct hci_ev_conn_request *ev = (void *) skb->data;
1614 int mask = hdev->link_mode;
1616 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1617 batostr(&ev->bdaddr), ev->link_type);
1619 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1621 if ((mask & HCI_LM_ACCEPT) &&
1622 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1623 /* Connection accepted */
1624 struct inquiry_entry *ie;
1625 struct hci_conn *conn;
1629 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1631 memcpy(ie->data.dev_class, ev->dev_class, 3);
1633 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1635 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1637 BT_ERR("No memory for new connection");
1638 hci_dev_unlock(hdev);
1643 memcpy(conn->dev_class, ev->dev_class, 3);
1644 conn->state = BT_CONNECT;
1646 hci_dev_unlock(hdev);
1648 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1649 struct hci_cp_accept_conn_req cp;
1651 bacpy(&cp.bdaddr, &ev->bdaddr);
1653 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1654 cp.role = 0x00; /* Become master */
1656 cp.role = 0x01; /* Remain slave */
1658 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1661 struct hci_cp_accept_sync_conn_req cp;
1663 bacpy(&cp.bdaddr, &ev->bdaddr);
1664 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1666 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1667 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1668 cp.max_latency = cpu_to_le16(0xffff);
1669 cp.content_format = cpu_to_le16(hdev->voice_setting);
1670 cp.retrans_effort = 0xff;
1672 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1676 /* Connection rejected */
1677 struct hci_cp_reject_conn_req cp;
1679 bacpy(&cp.bdaddr, &ev->bdaddr);
1680 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1681 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1685 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1687 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1688 struct hci_conn *conn;
1690 BT_DBG("%s status %d", hdev->name, ev->status);
1694 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1698 if (ev->status == 0)
1699 conn->state = BT_CLOSED;
1701 if (conn->type == ACL_LINK || conn->type == LE_LINK) {
1702 if (ev->status != 0)
1703 mgmt_disconnect_failed(hdev, &conn->dst, ev->status);
1705 mgmt_disconnected(hdev, &conn->dst, conn->type,
1709 if (ev->status == 0) {
1710 hci_proto_disconn_cfm(conn, ev->reason);
1715 hci_dev_unlock(hdev);
1718 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1720 struct hci_ev_auth_complete *ev = (void *) skb->data;
1721 struct hci_conn *conn;
1723 BT_DBG("%s status %d", hdev->name, ev->status);
1727 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1732 if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) &&
1733 test_bit(HCI_CONN_REAUTH_PEND, &conn->pend)) {
1734 BT_INFO("re-auth of legacy device is not possible.");
1736 conn->link_mode |= HCI_LM_AUTH;
1737 conn->sec_level = conn->pending_sec_level;
1740 mgmt_auth_failed(hdev, &conn->dst, ev->status);
1743 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1744 clear_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
1746 if (conn->state == BT_CONFIG) {
1747 if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) {
1748 struct hci_cp_set_conn_encrypt cp;
1749 cp.handle = ev->handle;
1751 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1754 conn->state = BT_CONNECTED;
1755 hci_proto_connect_cfm(conn, ev->status);
1759 hci_auth_cfm(conn, ev->status);
1761 hci_conn_hold(conn);
1762 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1766 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1768 struct hci_cp_set_conn_encrypt cp;
1769 cp.handle = ev->handle;
1771 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1774 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1775 hci_encrypt_cfm(conn, ev->status, 0x00);
1780 hci_dev_unlock(hdev);
1783 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1785 struct hci_ev_remote_name *ev = (void *) skb->data;
1786 struct hci_conn *conn;
1788 BT_DBG("%s", hdev->name);
1790 hci_conn_check_pending(hdev);
1794 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
1795 mgmt_remote_name(hdev, &ev->bdaddr, ev->name);
1797 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1801 if (!hci_outgoing_auth_needed(hdev, conn))
1804 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1805 struct hci_cp_auth_requested cp;
1806 cp.handle = __cpu_to_le16(conn->handle);
1807 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1811 hci_dev_unlock(hdev);
1814 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1816 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1817 struct hci_conn *conn;
1819 BT_DBG("%s status %d", hdev->name, ev->status);
1823 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1827 /* Encryption implies authentication */
1828 conn->link_mode |= HCI_LM_AUTH;
1829 conn->link_mode |= HCI_LM_ENCRYPT;
1830 conn->sec_level = conn->pending_sec_level;
1832 conn->link_mode &= ~HCI_LM_ENCRYPT;
1835 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1837 if (conn->state == BT_CONFIG) {
1839 conn->state = BT_CONNECTED;
1841 hci_proto_connect_cfm(conn, ev->status);
1844 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1847 hci_dev_unlock(hdev);
1850 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1852 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1853 struct hci_conn *conn;
1855 BT_DBG("%s status %d", hdev->name, ev->status);
1859 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1862 conn->link_mode |= HCI_LM_SECURE;
1864 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1866 hci_key_change_cfm(conn, ev->status);
1869 hci_dev_unlock(hdev);
1872 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1874 struct hci_ev_remote_features *ev = (void *) skb->data;
1875 struct hci_conn *conn;
1877 BT_DBG("%s status %d", hdev->name, ev->status);
1881 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1886 memcpy(conn->features, ev->features, 8);
1888 if (conn->state != BT_CONFIG)
1891 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1892 struct hci_cp_read_remote_ext_features cp;
1893 cp.handle = ev->handle;
1895 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
1901 struct hci_cp_remote_name_req cp;
1902 memset(&cp, 0, sizeof(cp));
1903 bacpy(&cp.bdaddr, &conn->dst);
1904 cp.pscan_rep_mode = 0x02;
1905 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1908 if (!hci_outgoing_auth_needed(hdev, conn)) {
1909 conn->state = BT_CONNECTED;
1910 hci_proto_connect_cfm(conn, ev->status);
1915 hci_dev_unlock(hdev);
1918 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1920 BT_DBG("%s", hdev->name);
1923 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1925 BT_DBG("%s", hdev->name);
1928 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1930 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1933 skb_pull(skb, sizeof(*ev));
1935 opcode = __le16_to_cpu(ev->opcode);
1938 case HCI_OP_INQUIRY_CANCEL:
1939 hci_cc_inquiry_cancel(hdev, skb);
1942 case HCI_OP_EXIT_PERIODIC_INQ:
1943 hci_cc_exit_periodic_inq(hdev, skb);
1946 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1947 hci_cc_remote_name_req_cancel(hdev, skb);
1950 case HCI_OP_ROLE_DISCOVERY:
1951 hci_cc_role_discovery(hdev, skb);
1954 case HCI_OP_READ_LINK_POLICY:
1955 hci_cc_read_link_policy(hdev, skb);
1958 case HCI_OP_WRITE_LINK_POLICY:
1959 hci_cc_write_link_policy(hdev, skb);
1962 case HCI_OP_READ_DEF_LINK_POLICY:
1963 hci_cc_read_def_link_policy(hdev, skb);
1966 case HCI_OP_WRITE_DEF_LINK_POLICY:
1967 hci_cc_write_def_link_policy(hdev, skb);
1971 hci_cc_reset(hdev, skb);
1974 case HCI_OP_WRITE_LOCAL_NAME:
1975 hci_cc_write_local_name(hdev, skb);
1978 case HCI_OP_READ_LOCAL_NAME:
1979 hci_cc_read_local_name(hdev, skb);
1982 case HCI_OP_WRITE_AUTH_ENABLE:
1983 hci_cc_write_auth_enable(hdev, skb);
1986 case HCI_OP_WRITE_ENCRYPT_MODE:
1987 hci_cc_write_encrypt_mode(hdev, skb);
1990 case HCI_OP_WRITE_SCAN_ENABLE:
1991 hci_cc_write_scan_enable(hdev, skb);
1994 case HCI_OP_READ_CLASS_OF_DEV:
1995 hci_cc_read_class_of_dev(hdev, skb);
1998 case HCI_OP_WRITE_CLASS_OF_DEV:
1999 hci_cc_write_class_of_dev(hdev, skb);
2002 case HCI_OP_READ_VOICE_SETTING:
2003 hci_cc_read_voice_setting(hdev, skb);
2006 case HCI_OP_WRITE_VOICE_SETTING:
2007 hci_cc_write_voice_setting(hdev, skb);
2010 case HCI_OP_HOST_BUFFER_SIZE:
2011 hci_cc_host_buffer_size(hdev, skb);
2014 case HCI_OP_READ_SSP_MODE:
2015 hci_cc_read_ssp_mode(hdev, skb);
2018 case HCI_OP_WRITE_SSP_MODE:
2019 hci_cc_write_ssp_mode(hdev, skb);
2022 case HCI_OP_READ_LOCAL_VERSION:
2023 hci_cc_read_local_version(hdev, skb);
2026 case HCI_OP_READ_LOCAL_COMMANDS:
2027 hci_cc_read_local_commands(hdev, skb);
2030 case HCI_OP_READ_LOCAL_FEATURES:
2031 hci_cc_read_local_features(hdev, skb);
2034 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2035 hci_cc_read_local_ext_features(hdev, skb);
2038 case HCI_OP_READ_BUFFER_SIZE:
2039 hci_cc_read_buffer_size(hdev, skb);
2042 case HCI_OP_READ_BD_ADDR:
2043 hci_cc_read_bd_addr(hdev, skb);
2046 case HCI_OP_READ_DATA_BLOCK_SIZE:
2047 hci_cc_read_data_block_size(hdev, skb);
2050 case HCI_OP_WRITE_CA_TIMEOUT:
2051 hci_cc_write_ca_timeout(hdev, skb);
2054 case HCI_OP_READ_FLOW_CONTROL_MODE:
2055 hci_cc_read_flow_control_mode(hdev, skb);
2058 case HCI_OP_READ_LOCAL_AMP_INFO:
2059 hci_cc_read_local_amp_info(hdev, skb);
2062 case HCI_OP_DELETE_STORED_LINK_KEY:
2063 hci_cc_delete_stored_link_key(hdev, skb);
2066 case HCI_OP_SET_EVENT_MASK:
2067 hci_cc_set_event_mask(hdev, skb);
2070 case HCI_OP_WRITE_INQUIRY_MODE:
2071 hci_cc_write_inquiry_mode(hdev, skb);
2074 case HCI_OP_READ_INQ_RSP_TX_POWER:
2075 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2078 case HCI_OP_SET_EVENT_FLT:
2079 hci_cc_set_event_flt(hdev, skb);
2082 case HCI_OP_PIN_CODE_REPLY:
2083 hci_cc_pin_code_reply(hdev, skb);
2086 case HCI_OP_PIN_CODE_NEG_REPLY:
2087 hci_cc_pin_code_neg_reply(hdev, skb);
2090 case HCI_OP_READ_LOCAL_OOB_DATA:
2091 hci_cc_read_local_oob_data_reply(hdev, skb);
2094 case HCI_OP_LE_READ_BUFFER_SIZE:
2095 hci_cc_le_read_buffer_size(hdev, skb);
2098 case HCI_OP_USER_CONFIRM_REPLY:
2099 hci_cc_user_confirm_reply(hdev, skb);
2102 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2103 hci_cc_user_confirm_neg_reply(hdev, skb);
2106 case HCI_OP_USER_PASSKEY_REPLY:
2107 hci_cc_user_passkey_reply(hdev, skb);
2110 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2111 hci_cc_user_passkey_neg_reply(hdev, skb);
2113 case HCI_OP_LE_SET_SCAN_PARAM:
2114 hci_cc_le_set_scan_param(hdev, skb);
2117 case HCI_OP_LE_SET_SCAN_ENABLE:
2118 hci_cc_le_set_scan_enable(hdev, skb);
2121 case HCI_OP_LE_LTK_REPLY:
2122 hci_cc_le_ltk_reply(hdev, skb);
2125 case HCI_OP_LE_LTK_NEG_REPLY:
2126 hci_cc_le_ltk_neg_reply(hdev, skb);
2129 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2130 hci_cc_write_le_host_supported(hdev, skb);
2134 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2138 if (ev->opcode != HCI_OP_NOP)
2139 del_timer(&hdev->cmd_timer);
2142 atomic_set(&hdev->cmd_cnt, 1);
2143 if (!skb_queue_empty(&hdev->cmd_q))
2144 queue_work(hdev->workqueue, &hdev->cmd_work);
2148 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2150 struct hci_ev_cmd_status *ev = (void *) skb->data;
2153 skb_pull(skb, sizeof(*ev));
2155 opcode = __le16_to_cpu(ev->opcode);
2158 case HCI_OP_INQUIRY:
2159 hci_cs_inquiry(hdev, ev->status);
2162 case HCI_OP_CREATE_CONN:
2163 hci_cs_create_conn(hdev, ev->status);
2166 case HCI_OP_ADD_SCO:
2167 hci_cs_add_sco(hdev, ev->status);
2170 case HCI_OP_AUTH_REQUESTED:
2171 hci_cs_auth_requested(hdev, ev->status);
2174 case HCI_OP_SET_CONN_ENCRYPT:
2175 hci_cs_set_conn_encrypt(hdev, ev->status);
2178 case HCI_OP_REMOTE_NAME_REQ:
2179 hci_cs_remote_name_req(hdev, ev->status);
2182 case HCI_OP_READ_REMOTE_FEATURES:
2183 hci_cs_read_remote_features(hdev, ev->status);
2186 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2187 hci_cs_read_remote_ext_features(hdev, ev->status);
2190 case HCI_OP_SETUP_SYNC_CONN:
2191 hci_cs_setup_sync_conn(hdev, ev->status);
2194 case HCI_OP_SNIFF_MODE:
2195 hci_cs_sniff_mode(hdev, ev->status);
2198 case HCI_OP_EXIT_SNIFF_MODE:
2199 hci_cs_exit_sniff_mode(hdev, ev->status);
2202 case HCI_OP_DISCONNECT:
2203 if (ev->status != 0)
2204 mgmt_disconnect_failed(hdev, NULL, ev->status);
2207 case HCI_OP_LE_CREATE_CONN:
2208 hci_cs_le_create_conn(hdev, ev->status);
2211 case HCI_OP_LE_START_ENC:
2212 hci_cs_le_start_enc(hdev, ev->status);
2216 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2220 if (ev->opcode != HCI_OP_NOP)
2221 del_timer(&hdev->cmd_timer);
2223 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2224 atomic_set(&hdev->cmd_cnt, 1);
2225 if (!skb_queue_empty(&hdev->cmd_q))
2226 queue_work(hdev->workqueue, &hdev->cmd_work);
2230 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2232 struct hci_ev_role_change *ev = (void *) skb->data;
2233 struct hci_conn *conn;
2235 BT_DBG("%s status %d", hdev->name, ev->status);
2239 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2243 conn->link_mode &= ~HCI_LM_MASTER;
2245 conn->link_mode |= HCI_LM_MASTER;
2248 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
2250 hci_role_switch_cfm(conn, ev->status, ev->role);
2253 hci_dev_unlock(hdev);
2256 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2258 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2262 skb_pull(skb, sizeof(*ev));
2264 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2266 if (skb->len < ev->num_hndl * 4) {
2267 BT_DBG("%s bad parameters", hdev->name);
2271 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
2272 struct hci_conn *conn;
2273 __u16 handle, count;
2275 handle = get_unaligned_le16(ptr++);
2276 count = get_unaligned_le16(ptr++);
2278 conn = hci_conn_hash_lookup_handle(hdev, handle);
2282 conn->sent -= count;
2284 switch (conn->type) {
2286 hdev->acl_cnt += count;
2287 if (hdev->acl_cnt > hdev->acl_pkts)
2288 hdev->acl_cnt = hdev->acl_pkts;
2292 if (hdev->le_pkts) {
2293 hdev->le_cnt += count;
2294 if (hdev->le_cnt > hdev->le_pkts)
2295 hdev->le_cnt = hdev->le_pkts;
2297 hdev->acl_cnt += count;
2298 if (hdev->acl_cnt > hdev->acl_pkts)
2299 hdev->acl_cnt = hdev->acl_pkts;
2304 hdev->sco_cnt += count;
2305 if (hdev->sco_cnt > hdev->sco_pkts)
2306 hdev->sco_cnt = hdev->sco_pkts;
2310 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2315 queue_work(hdev->workqueue, &hdev->tx_work);
2318 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2320 struct hci_ev_mode_change *ev = (void *) skb->data;
2321 struct hci_conn *conn;
2323 BT_DBG("%s status %d", hdev->name, ev->status);
2327 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2329 conn->mode = ev->mode;
2330 conn->interval = __le16_to_cpu(ev->interval);
2332 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2333 if (conn->mode == HCI_CM_ACTIVE)
2334 conn->power_save = 1;
2336 conn->power_save = 0;
2339 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2340 hci_sco_setup(conn, ev->status);
2343 hci_dev_unlock(hdev);
2346 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2348 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2349 struct hci_conn *conn;
2351 BT_DBG("%s", hdev->name);
2355 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2359 if (conn->state == BT_CONNECTED) {
2360 hci_conn_hold(conn);
2361 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2365 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2366 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2367 sizeof(ev->bdaddr), &ev->bdaddr);
2368 else if (test_bit(HCI_MGMT, &hdev->flags)) {
2371 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2376 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2380 hci_dev_unlock(hdev);
2383 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2385 struct hci_ev_link_key_req *ev = (void *) skb->data;
2386 struct hci_cp_link_key_reply cp;
2387 struct hci_conn *conn;
2388 struct link_key *key;
2390 BT_DBG("%s", hdev->name);
2392 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2397 key = hci_find_link_key(hdev, &ev->bdaddr);
2399 BT_DBG("%s link key not found for %s", hdev->name,
2400 batostr(&ev->bdaddr));
2404 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2405 batostr(&ev->bdaddr));
2407 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2408 key->type == HCI_LK_DEBUG_COMBINATION) {
2409 BT_DBG("%s ignoring debug key", hdev->name);
2413 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2415 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2416 conn->auth_type != 0xff &&
2417 (conn->auth_type & 0x01)) {
2418 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2422 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2423 conn->pending_sec_level == BT_SECURITY_HIGH) {
2424 BT_DBG("%s ignoring key unauthenticated for high \
2425 security", hdev->name);
2429 conn->key_type = key->type;
2430 conn->pin_length = key->pin_len;
2433 bacpy(&cp.bdaddr, &ev->bdaddr);
2434 memcpy(cp.link_key, key->val, 16);
2436 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2438 hci_dev_unlock(hdev);
2443 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2444 hci_dev_unlock(hdev);
2447 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2449 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2450 struct hci_conn *conn;
2453 BT_DBG("%s", hdev->name);
2457 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2459 hci_conn_hold(conn);
2460 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2461 pin_len = conn->pin_length;
2463 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2464 conn->key_type = ev->key_type;
2469 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
2470 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2471 ev->key_type, pin_len);
2473 hci_dev_unlock(hdev);
2476 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2478 struct hci_ev_clock_offset *ev = (void *) skb->data;
2479 struct hci_conn *conn;
2481 BT_DBG("%s status %d", hdev->name, ev->status);
2485 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2486 if (conn && !ev->status) {
2487 struct inquiry_entry *ie;
2489 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2491 ie->data.clock_offset = ev->clock_offset;
2492 ie->timestamp = jiffies;
2496 hci_dev_unlock(hdev);
2499 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2501 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2502 struct hci_conn *conn;
2504 BT_DBG("%s status %d", hdev->name, ev->status);
2508 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2509 if (conn && !ev->status)
2510 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2512 hci_dev_unlock(hdev);
2515 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2517 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2518 struct inquiry_entry *ie;
2520 BT_DBG("%s", hdev->name);
2524 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2526 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2527 ie->timestamp = jiffies;
2530 hci_dev_unlock(hdev);
2533 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2535 struct inquiry_data data;
2536 int num_rsp = *((__u8 *) skb->data);
2538 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2545 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2546 struct inquiry_info_with_rssi_and_pscan_mode *info;
2547 info = (void *) (skb->data + 1);
2549 for (; num_rsp; num_rsp--, info++) {
2550 bacpy(&data.bdaddr, &info->bdaddr);
2551 data.pscan_rep_mode = info->pscan_rep_mode;
2552 data.pscan_period_mode = info->pscan_period_mode;
2553 data.pscan_mode = info->pscan_mode;
2554 memcpy(data.dev_class, info->dev_class, 3);
2555 data.clock_offset = info->clock_offset;
2556 data.rssi = info->rssi;
2557 data.ssp_mode = 0x00;
2558 hci_inquiry_cache_update(hdev, &data);
2559 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2560 info->dev_class, info->rssi,
2564 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2566 for (; num_rsp; num_rsp--, info++) {
2567 bacpy(&data.bdaddr, &info->bdaddr);
2568 data.pscan_rep_mode = info->pscan_rep_mode;
2569 data.pscan_period_mode = info->pscan_period_mode;
2570 data.pscan_mode = 0x00;
2571 memcpy(data.dev_class, info->dev_class, 3);
2572 data.clock_offset = info->clock_offset;
2573 data.rssi = info->rssi;
2574 data.ssp_mode = 0x00;
2575 hci_inquiry_cache_update(hdev, &data);
2576 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2577 info->dev_class, info->rssi,
2582 hci_dev_unlock(hdev);
2585 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2587 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2588 struct hci_conn *conn;
2590 BT_DBG("%s", hdev->name);
2594 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2598 if (!ev->status && ev->page == 0x01) {
2599 struct inquiry_entry *ie;
2601 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2603 ie->data.ssp_mode = (ev->features[0] & 0x01);
2605 conn->ssp_mode = (ev->features[0] & 0x01);
2608 if (conn->state != BT_CONFIG)
2612 struct hci_cp_remote_name_req cp;
2613 memset(&cp, 0, sizeof(cp));
2614 bacpy(&cp.bdaddr, &conn->dst);
2615 cp.pscan_rep_mode = 0x02;
2616 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2619 if (!hci_outgoing_auth_needed(hdev, conn)) {
2620 conn->state = BT_CONNECTED;
2621 hci_proto_connect_cfm(conn, ev->status);
2626 hci_dev_unlock(hdev);
2629 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2631 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2632 struct hci_conn *conn;
2634 BT_DBG("%s status %d", hdev->name, ev->status);
2638 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2640 if (ev->link_type == ESCO_LINK)
2643 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2647 conn->type = SCO_LINK;
2650 switch (ev->status) {
2652 conn->handle = __le16_to_cpu(ev->handle);
2653 conn->state = BT_CONNECTED;
2655 hci_conn_hold_device(conn);
2656 hci_conn_add_sysfs(conn);
2659 case 0x11: /* Unsupported Feature or Parameter Value */
2660 case 0x1c: /* SCO interval rejected */
2661 case 0x1a: /* Unsupported Remote Feature */
2662 case 0x1f: /* Unspecified error */
2663 if (conn->out && conn->attempt < 2) {
2664 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2665 (hdev->esco_type & EDR_ESCO_MASK);
2666 hci_setup_sync(conn, conn->link->handle);
2672 conn->state = BT_CLOSED;
2676 hci_proto_connect_cfm(conn, ev->status);
2681 hci_dev_unlock(hdev);
2684 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2686 BT_DBG("%s", hdev->name);
2689 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2691 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2693 BT_DBG("%s status %d", hdev->name, ev->status);
2696 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2698 struct inquiry_data data;
2699 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2700 int num_rsp = *((__u8 *) skb->data);
2702 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2709 for (; num_rsp; num_rsp--, info++) {
2710 bacpy(&data.bdaddr, &info->bdaddr);
2711 data.pscan_rep_mode = info->pscan_rep_mode;
2712 data.pscan_period_mode = info->pscan_period_mode;
2713 data.pscan_mode = 0x00;
2714 memcpy(data.dev_class, info->dev_class, 3);
2715 data.clock_offset = info->clock_offset;
2716 data.rssi = info->rssi;
2717 data.ssp_mode = 0x01;
2718 hci_inquiry_cache_update(hdev, &data);
2719 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2720 info->dev_class, info->rssi, info->data);
2723 hci_dev_unlock(hdev);
2726 static inline u8 hci_get_auth_req(struct hci_conn *conn)
2728 /* If remote requests dedicated bonding follow that lead */
2729 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2730 /* If both remote and local IO capabilities allow MITM
2731 * protection then require it, otherwise don't */
2732 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2738 /* If remote requests no-bonding follow that lead */
2739 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
2740 return conn->remote_auth | (conn->auth_type & 0x01);
2742 return conn->auth_type;
2745 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2747 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2748 struct hci_conn *conn;
2750 BT_DBG("%s", hdev->name);
2754 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2758 hci_conn_hold(conn);
2760 if (!test_bit(HCI_MGMT, &hdev->flags))
2763 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2764 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
2765 struct hci_cp_io_capability_reply cp;
2767 bacpy(&cp.bdaddr, &ev->bdaddr);
2768 cp.capability = conn->io_capability;
2769 conn->auth_type = hci_get_auth_req(conn);
2770 cp.authentication = conn->auth_type;
2772 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2773 hci_find_remote_oob_data(hdev, &conn->dst))
2778 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2781 struct hci_cp_io_capability_neg_reply cp;
2783 bacpy(&cp.bdaddr, &ev->bdaddr);
2784 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
2786 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2791 hci_dev_unlock(hdev);
2794 static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2796 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2797 struct hci_conn *conn;
2799 BT_DBG("%s", hdev->name);
2803 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2807 conn->remote_cap = ev->capability;
2808 conn->remote_oob = ev->oob_data;
2809 conn->remote_auth = ev->authentication;
2812 hci_dev_unlock(hdev);
2815 static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2816 struct sk_buff *skb)
2818 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
2819 int loc_mitm, rem_mitm, confirm_hint = 0;
2820 struct hci_conn *conn;
2822 BT_DBG("%s", hdev->name);
2826 if (!test_bit(HCI_MGMT, &hdev->flags))
2829 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2833 loc_mitm = (conn->auth_type & 0x01);
2834 rem_mitm = (conn->remote_auth & 0x01);
2836 /* If we require MITM but the remote device can't provide that
2837 * (it has NoInputNoOutput) then reject the confirmation
2838 * request. The only exception is when we're dedicated bonding
2839 * initiators (connect_cfm_cb set) since then we always have the MITM
2841 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2842 BT_DBG("Rejecting request: remote device can't provide MITM");
2843 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2844 sizeof(ev->bdaddr), &ev->bdaddr);
2848 /* If no side requires MITM protection; auto-accept */
2849 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2850 (!rem_mitm || conn->io_capability == 0x03)) {
2852 /* If we're not the initiators request authorization to
2853 * proceed from user space (mgmt_user_confirm with
2854 * confirm_hint set to 1). */
2855 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2856 BT_DBG("Confirming auto-accept as acceptor");
2861 BT_DBG("Auto-accept of user confirmation with %ums delay",
2862 hdev->auto_accept_delay);
2864 if (hdev->auto_accept_delay > 0) {
2865 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2866 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2870 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2871 sizeof(ev->bdaddr), &ev->bdaddr);
2876 mgmt_user_confirm_request(hdev, &ev->bdaddr, ev->passkey,
2880 hci_dev_unlock(hdev);
2883 static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
2884 struct sk_buff *skb)
2886 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
2888 BT_DBG("%s", hdev->name);
2892 if (test_bit(HCI_MGMT, &hdev->flags))
2893 mgmt_user_passkey_request(hdev, &ev->bdaddr);
2895 hci_dev_unlock(hdev);
2898 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2900 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2901 struct hci_conn *conn;
2903 BT_DBG("%s", hdev->name);
2907 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2911 /* To avoid duplicate auth_failed events to user space we check
2912 * the HCI_CONN_AUTH_PEND flag which will be set if we
2913 * initiated the authentication. A traditional auth_complete
2914 * event gets always produced as initiator and is also mapped to
2915 * the mgmt_auth_failed event */
2916 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
2917 mgmt_auth_failed(hdev, &conn->dst, ev->status);
2922 hci_dev_unlock(hdev);
2925 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2927 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2928 struct inquiry_entry *ie;
2930 BT_DBG("%s", hdev->name);
2934 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2936 ie->data.ssp_mode = (ev->features[0] & 0x01);
2938 hci_dev_unlock(hdev);
2941 static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2942 struct sk_buff *skb)
2944 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2945 struct oob_data *data;
2947 BT_DBG("%s", hdev->name);
2951 if (!test_bit(HCI_MGMT, &hdev->flags))
2954 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2956 struct hci_cp_remote_oob_data_reply cp;
2958 bacpy(&cp.bdaddr, &ev->bdaddr);
2959 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2960 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2962 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2965 struct hci_cp_remote_oob_data_neg_reply cp;
2967 bacpy(&cp.bdaddr, &ev->bdaddr);
2968 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2973 hci_dev_unlock(hdev);
2976 static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2978 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2979 struct hci_conn *conn;
2981 BT_DBG("%s status %d", hdev->name, ev->status);
2985 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
2987 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2989 BT_ERR("No memory for new connection");
2990 hci_dev_unlock(hdev);
2994 conn->dst_type = ev->bdaddr_type;
2998 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
2999 conn->dst_type, ev->status);
3000 hci_proto_connect_cfm(conn, ev->status);
3001 conn->state = BT_CLOSED;
3006 mgmt_connected(hdev, &ev->bdaddr, conn->type, conn->dst_type);
3008 conn->sec_level = BT_SECURITY_LOW;
3009 conn->handle = __le16_to_cpu(ev->handle);
3010 conn->state = BT_CONNECTED;
3012 hci_conn_hold_device(conn);
3013 hci_conn_add_sysfs(conn);
3015 hci_proto_connect_cfm(conn, ev->status);
3018 hci_dev_unlock(hdev);
3021 static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3022 struct sk_buff *skb)
3024 u8 num_reports = skb->data[0];
3025 void *ptr = &skb->data[1];
3029 while (num_reports--) {
3030 struct hci_ev_le_advertising_info *ev = ptr;
3032 hci_add_adv_entry(hdev, ev);
3034 ptr += sizeof(*ev) + ev->length + 1;
3037 hci_dev_unlock(hdev);
3040 static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3041 struct sk_buff *skb)
3043 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3044 struct hci_cp_le_ltk_reply cp;
3045 struct hci_cp_le_ltk_neg_reply neg;
3046 struct hci_conn *conn;
3047 struct link_key *ltk;
3049 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3053 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3057 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3061 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3062 cp.handle = cpu_to_le16(conn->handle);
3063 conn->pin_length = ltk->pin_len;
3065 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3067 hci_dev_unlock(hdev);
3072 neg.handle = ev->handle;
3073 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3074 hci_dev_unlock(hdev);
3077 static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3079 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3081 skb_pull(skb, sizeof(*le_ev));
3083 switch (le_ev->subevent) {
3084 case HCI_EV_LE_CONN_COMPLETE:
3085 hci_le_conn_complete_evt(hdev, skb);
3088 case HCI_EV_LE_ADVERTISING_REPORT:
3089 hci_le_adv_report_evt(hdev, skb);
3092 case HCI_EV_LE_LTK_REQ:
3093 hci_le_ltk_request_evt(hdev, skb);
3101 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3103 struct hci_event_hdr *hdr = (void *) skb->data;
3104 __u8 event = hdr->evt;
3106 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3109 case HCI_EV_INQUIRY_COMPLETE:
3110 hci_inquiry_complete_evt(hdev, skb);
3113 case HCI_EV_INQUIRY_RESULT:
3114 hci_inquiry_result_evt(hdev, skb);
3117 case HCI_EV_CONN_COMPLETE:
3118 hci_conn_complete_evt(hdev, skb);
3121 case HCI_EV_CONN_REQUEST:
3122 hci_conn_request_evt(hdev, skb);
3125 case HCI_EV_DISCONN_COMPLETE:
3126 hci_disconn_complete_evt(hdev, skb);
3129 case HCI_EV_AUTH_COMPLETE:
3130 hci_auth_complete_evt(hdev, skb);
3133 case HCI_EV_REMOTE_NAME:
3134 hci_remote_name_evt(hdev, skb);
3137 case HCI_EV_ENCRYPT_CHANGE:
3138 hci_encrypt_change_evt(hdev, skb);
3141 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3142 hci_change_link_key_complete_evt(hdev, skb);
3145 case HCI_EV_REMOTE_FEATURES:
3146 hci_remote_features_evt(hdev, skb);
3149 case HCI_EV_REMOTE_VERSION:
3150 hci_remote_version_evt(hdev, skb);
3153 case HCI_EV_QOS_SETUP_COMPLETE:
3154 hci_qos_setup_complete_evt(hdev, skb);
3157 case HCI_EV_CMD_COMPLETE:
3158 hci_cmd_complete_evt(hdev, skb);
3161 case HCI_EV_CMD_STATUS:
3162 hci_cmd_status_evt(hdev, skb);
3165 case HCI_EV_ROLE_CHANGE:
3166 hci_role_change_evt(hdev, skb);
3169 case HCI_EV_NUM_COMP_PKTS:
3170 hci_num_comp_pkts_evt(hdev, skb);
3173 case HCI_EV_MODE_CHANGE:
3174 hci_mode_change_evt(hdev, skb);
3177 case HCI_EV_PIN_CODE_REQ:
3178 hci_pin_code_request_evt(hdev, skb);
3181 case HCI_EV_LINK_KEY_REQ:
3182 hci_link_key_request_evt(hdev, skb);
3185 case HCI_EV_LINK_KEY_NOTIFY:
3186 hci_link_key_notify_evt(hdev, skb);
3189 case HCI_EV_CLOCK_OFFSET:
3190 hci_clock_offset_evt(hdev, skb);
3193 case HCI_EV_PKT_TYPE_CHANGE:
3194 hci_pkt_type_change_evt(hdev, skb);
3197 case HCI_EV_PSCAN_REP_MODE:
3198 hci_pscan_rep_mode_evt(hdev, skb);
3201 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3202 hci_inquiry_result_with_rssi_evt(hdev, skb);
3205 case HCI_EV_REMOTE_EXT_FEATURES:
3206 hci_remote_ext_features_evt(hdev, skb);
3209 case HCI_EV_SYNC_CONN_COMPLETE:
3210 hci_sync_conn_complete_evt(hdev, skb);
3213 case HCI_EV_SYNC_CONN_CHANGED:
3214 hci_sync_conn_changed_evt(hdev, skb);
3217 case HCI_EV_SNIFF_SUBRATE:
3218 hci_sniff_subrate_evt(hdev, skb);
3221 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3222 hci_extended_inquiry_result_evt(hdev, skb);
3225 case HCI_EV_IO_CAPA_REQUEST:
3226 hci_io_capa_request_evt(hdev, skb);
3229 case HCI_EV_IO_CAPA_REPLY:
3230 hci_io_capa_reply_evt(hdev, skb);
3233 case HCI_EV_USER_CONFIRM_REQUEST:
3234 hci_user_confirm_request_evt(hdev, skb);
3237 case HCI_EV_USER_PASSKEY_REQUEST:
3238 hci_user_passkey_request_evt(hdev, skb);
3241 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3242 hci_simple_pair_complete_evt(hdev, skb);
3245 case HCI_EV_REMOTE_HOST_FEATURES:
3246 hci_remote_host_features_evt(hdev, skb);
3249 case HCI_EV_LE_META:
3250 hci_le_meta_evt(hdev, skb);
3253 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3254 hci_remote_oob_data_request_evt(hdev, skb);
3258 BT_DBG("%s event 0x%x", hdev->name, event);
3263 hdev->stat.evt_rx++;
3266 /* Generate internal stack event */
3267 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3269 struct hci_event_hdr *hdr;
3270 struct hci_ev_stack_internal *ev;
3271 struct sk_buff *skb;
3273 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3277 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3278 hdr->evt = HCI_EV_STACK_INTERNAL;
3279 hdr->plen = sizeof(*ev) + dlen;
3281 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3283 memcpy(ev->data, data, dlen);
3285 bt_cb(skb)->incoming = 1;
3286 __net_timestamp(skb);
3288 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
3289 skb->dev = (void *) hdev;
3290 hci_send_to_sock(hdev, skb, NULL);
3294 module_param(enable_le, bool, 0644);
3295 MODULE_PARM_DESC(enable_le, "Enable LE support");