2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
50 /* Handle HCI Event packets */
52 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
54 __u8 status = *((__u8 *) skb->data);
56 BT_DBG("%s status 0x%x", hdev->name, status);
60 mgmt_stop_discovery_failed(hdev, status);
65 clear_bit(HCI_INQUIRY, &hdev->flags);
68 mgmt_discovering(hdev, 0);
71 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
73 hci_conn_check_pending(hdev);
76 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
78 __u8 status = *((__u8 *) skb->data);
80 BT_DBG("%s status 0x%x", hdev->name, status);
85 hci_conn_check_pending(hdev);
88 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
90 BT_DBG("%s", hdev->name);
93 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
98 BT_DBG("%s status 0x%x", hdev->name, rp->status);
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
108 conn->link_mode &= ~HCI_LM_MASTER;
110 conn->link_mode |= HCI_LM_MASTER;
113 hci_dev_unlock(hdev);
116 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
121 BT_DBG("%s status 0x%x", hdev->name, rp->status);
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
130 conn->link_policy = __le16_to_cpu(rp->policy);
132 hci_dev_unlock(hdev);
135 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
138 struct hci_conn *conn;
141 BT_DBG("%s status 0x%x", hdev->name, rp->status);
146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
154 conn->link_policy = get_unaligned_le16(sent + 2);
156 hci_dev_unlock(hdev);
159 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
161 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
163 BT_DBG("%s status 0x%x", hdev->name, rp->status);
168 hdev->link_policy = __le16_to_cpu(rp->policy);
171 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
173 __u8 status = *((__u8 *) skb->data);
176 BT_DBG("%s status 0x%x", hdev->name, status);
178 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
183 hdev->link_policy = get_unaligned_le16(sent);
185 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
188 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
190 __u8 status = *((__u8 *) skb->data);
192 BT_DBG("%s status 0x%x", hdev->name, status);
194 clear_bit(HCI_RESET, &hdev->flags);
196 hci_req_complete(hdev, HCI_OP_RESET, status);
201 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
203 __u8 status = *((__u8 *) skb->data);
206 BT_DBG("%s status 0x%x", hdev->name, status);
208 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
214 if (test_bit(HCI_MGMT, &hdev->flags))
215 mgmt_set_local_name_complete(hdev, sent, status);
218 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
220 hci_dev_unlock(hdev);
223 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
225 struct hci_rp_read_local_name *rp = (void *) skb->data;
227 BT_DBG("%s status 0x%x", hdev->name, rp->status);
232 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
235 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
237 __u8 status = *((__u8 *) skb->data);
240 BT_DBG("%s status 0x%x", hdev->name, status);
242 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
247 __u8 param = *((__u8 *) sent);
249 if (param == AUTH_ENABLED)
250 set_bit(HCI_AUTH, &hdev->flags);
252 clear_bit(HCI_AUTH, &hdev->flags);
255 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
258 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
260 __u8 status = *((__u8 *) skb->data);
263 BT_DBG("%s status 0x%x", hdev->name, status);
265 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
270 __u8 param = *((__u8 *) sent);
273 set_bit(HCI_ENCRYPT, &hdev->flags);
275 clear_bit(HCI_ENCRYPT, &hdev->flags);
278 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
281 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
283 __u8 param, status = *((__u8 *) skb->data);
284 int old_pscan, old_iscan;
287 BT_DBG("%s status 0x%x", hdev->name, status);
289 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
293 param = *((__u8 *) sent);
298 mgmt_write_scan_failed(hdev, param, status);
299 hdev->discov_timeout = 0;
303 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
304 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
306 if (param & SCAN_INQUIRY) {
307 set_bit(HCI_ISCAN, &hdev->flags);
309 mgmt_discoverable(hdev, 1);
310 if (hdev->discov_timeout > 0) {
311 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
312 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
315 } else if (old_iscan)
316 mgmt_discoverable(hdev, 0);
318 if (param & SCAN_PAGE) {
319 set_bit(HCI_PSCAN, &hdev->flags);
321 mgmt_connectable(hdev, 1);
322 } else if (old_pscan)
323 mgmt_connectable(hdev, 0);
326 hci_dev_unlock(hdev);
327 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
330 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
332 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
334 BT_DBG("%s status 0x%x", hdev->name, rp->status);
339 memcpy(hdev->dev_class, rp->dev_class, 3);
341 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
342 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
345 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
347 __u8 status = *((__u8 *) skb->data);
350 BT_DBG("%s status 0x%x", hdev->name, status);
355 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
359 memcpy(hdev->dev_class, sent, 3);
362 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
364 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
367 BT_DBG("%s status 0x%x", hdev->name, rp->status);
372 setting = __le16_to_cpu(rp->voice_setting);
374 if (hdev->voice_setting == setting)
377 hdev->voice_setting = setting;
379 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
382 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
385 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
387 __u8 status = *((__u8 *) skb->data);
391 BT_DBG("%s status 0x%x", hdev->name, status);
396 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
400 setting = get_unaligned_le16(sent);
402 if (hdev->voice_setting == setting)
405 hdev->voice_setting = setting;
407 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
410 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
413 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
415 __u8 status = *((__u8 *) skb->data);
417 BT_DBG("%s status 0x%x", hdev->name, status);
419 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
422 static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
424 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
426 BT_DBG("%s status 0x%x", hdev->name, rp->status);
431 hdev->ssp_mode = rp->mode;
434 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
436 __u8 status = *((__u8 *) skb->data);
439 BT_DBG("%s status 0x%x", hdev->name, status);
444 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
448 hdev->ssp_mode = *((__u8 *) sent);
451 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
453 if (hdev->features[6] & LMP_EXT_INQ)
456 if (hdev->features[3] & LMP_RSSI_INQ)
459 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
460 hdev->lmp_subver == 0x0757)
463 if (hdev->manufacturer == 15) {
464 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
466 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
468 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
472 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
473 hdev->lmp_subver == 0x1805)
479 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
483 mode = hci_get_inquiry_mode(hdev);
485 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
488 static void hci_setup_event_mask(struct hci_dev *hdev)
490 /* The second byte is 0xff instead of 0x9f (two reserved bits
491 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
492 * command otherwise */
493 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
495 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
496 * any event mask for pre 1.2 devices */
497 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
500 events[4] |= 0x01; /* Flow Specification Complete */
501 events[4] |= 0x02; /* Inquiry Result with RSSI */
502 events[4] |= 0x04; /* Read Remote Extended Features Complete */
503 events[5] |= 0x08; /* Synchronous Connection Complete */
504 events[5] |= 0x10; /* Synchronous Connection Changed */
506 if (hdev->features[3] & LMP_RSSI_INQ)
507 events[4] |= 0x04; /* Inquiry Result with RSSI */
509 if (hdev->features[5] & LMP_SNIFF_SUBR)
510 events[5] |= 0x20; /* Sniff Subrating */
512 if (hdev->features[5] & LMP_PAUSE_ENC)
513 events[5] |= 0x80; /* Encryption Key Refresh Complete */
515 if (hdev->features[6] & LMP_EXT_INQ)
516 events[5] |= 0x40; /* Extended Inquiry Result */
518 if (hdev->features[6] & LMP_NO_FLUSH)
519 events[7] |= 0x01; /* Enhanced Flush Complete */
521 if (hdev->features[7] & LMP_LSTO)
522 events[6] |= 0x80; /* Link Supervision Timeout Changed */
524 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
525 events[6] |= 0x01; /* IO Capability Request */
526 events[6] |= 0x02; /* IO Capability Response */
527 events[6] |= 0x04; /* User Confirmation Request */
528 events[6] |= 0x08; /* User Passkey Request */
529 events[6] |= 0x10; /* Remote OOB Data Request */
530 events[6] |= 0x20; /* Simple Pairing Complete */
531 events[7] |= 0x04; /* User Passkey Notification */
532 events[7] |= 0x08; /* Keypress Notification */
533 events[7] |= 0x10; /* Remote Host Supported
534 * Features Notification */
537 if (hdev->features[4] & LMP_LE)
538 events[7] |= 0x20; /* LE Meta-Event */
540 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
543 static void hci_set_le_support(struct hci_dev *hdev)
545 struct hci_cp_write_le_host_supported cp;
547 memset(&cp, 0, sizeof(cp));
551 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
554 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp), &cp);
557 static void hci_setup(struct hci_dev *hdev)
559 hci_setup_event_mask(hdev);
561 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
562 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
564 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
566 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
569 if (hdev->features[3] & LMP_RSSI_INQ)
570 hci_setup_inquiry_mode(hdev);
572 if (hdev->features[7] & LMP_INQ_TX_PWR)
573 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
575 if (hdev->features[7] & LMP_EXTFEATURES) {
576 struct hci_cp_read_local_ext_features cp;
579 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES,
583 if (hdev->features[4] & LMP_LE)
584 hci_set_le_support(hdev);
587 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
589 struct hci_rp_read_local_version *rp = (void *) skb->data;
591 BT_DBG("%s status 0x%x", hdev->name, rp->status);
596 hdev->hci_ver = rp->hci_ver;
597 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
598 hdev->lmp_ver = rp->lmp_ver;
599 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
600 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
602 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
604 hdev->hci_ver, hdev->hci_rev);
606 if (test_bit(HCI_INIT, &hdev->flags))
610 static void hci_setup_link_policy(struct hci_dev *hdev)
614 if (hdev->features[0] & LMP_RSWITCH)
615 link_policy |= HCI_LP_RSWITCH;
616 if (hdev->features[0] & LMP_HOLD)
617 link_policy |= HCI_LP_HOLD;
618 if (hdev->features[0] & LMP_SNIFF)
619 link_policy |= HCI_LP_SNIFF;
620 if (hdev->features[1] & LMP_PARK)
621 link_policy |= HCI_LP_PARK;
623 link_policy = cpu_to_le16(link_policy);
624 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
625 sizeof(link_policy), &link_policy);
628 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
630 struct hci_rp_read_local_commands *rp = (void *) skb->data;
632 BT_DBG("%s status 0x%x", hdev->name, rp->status);
637 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
639 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
640 hci_setup_link_policy(hdev);
643 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
646 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
648 struct hci_rp_read_local_features *rp = (void *) skb->data;
650 BT_DBG("%s status 0x%x", hdev->name, rp->status);
655 memcpy(hdev->features, rp->features, 8);
657 /* Adjust default settings according to features
658 * supported by device. */
660 if (hdev->features[0] & LMP_3SLOT)
661 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
663 if (hdev->features[0] & LMP_5SLOT)
664 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
666 if (hdev->features[1] & LMP_HV2) {
667 hdev->pkt_type |= (HCI_HV2);
668 hdev->esco_type |= (ESCO_HV2);
671 if (hdev->features[1] & LMP_HV3) {
672 hdev->pkt_type |= (HCI_HV3);
673 hdev->esco_type |= (ESCO_HV3);
676 if (hdev->features[3] & LMP_ESCO)
677 hdev->esco_type |= (ESCO_EV3);
679 if (hdev->features[4] & LMP_EV4)
680 hdev->esco_type |= (ESCO_EV4);
682 if (hdev->features[4] & LMP_EV5)
683 hdev->esco_type |= (ESCO_EV5);
685 if (hdev->features[5] & LMP_EDR_ESCO_2M)
686 hdev->esco_type |= (ESCO_2EV3);
688 if (hdev->features[5] & LMP_EDR_ESCO_3M)
689 hdev->esco_type |= (ESCO_3EV3);
691 if (hdev->features[5] & LMP_EDR_3S_ESCO)
692 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
694 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
695 hdev->features[0], hdev->features[1],
696 hdev->features[2], hdev->features[3],
697 hdev->features[4], hdev->features[5],
698 hdev->features[6], hdev->features[7]);
701 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
704 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
706 BT_DBG("%s status 0x%x", hdev->name, rp->status);
711 memcpy(hdev->extfeatures, rp->features, 8);
713 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
716 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
719 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
721 BT_DBG("%s status 0x%x", hdev->name, rp->status);
726 hdev->flow_ctl_mode = rp->mode;
728 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
731 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
733 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
735 BT_DBG("%s status 0x%x", hdev->name, rp->status);
740 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
741 hdev->sco_mtu = rp->sco_mtu;
742 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
743 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
745 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
750 hdev->acl_cnt = hdev->acl_pkts;
751 hdev->sco_cnt = hdev->sco_pkts;
753 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
754 hdev->acl_mtu, hdev->acl_pkts,
755 hdev->sco_mtu, hdev->sco_pkts);
758 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
760 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
762 BT_DBG("%s status 0x%x", hdev->name, rp->status);
765 bacpy(&hdev->bdaddr, &rp->bdaddr);
767 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
770 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
773 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
775 BT_DBG("%s status 0x%x", hdev->name, rp->status);
780 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
781 hdev->block_len = __le16_to_cpu(rp->block_len);
782 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
784 hdev->block_cnt = hdev->num_blocks;
786 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
787 hdev->block_cnt, hdev->block_len);
789 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
792 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
794 __u8 status = *((__u8 *) skb->data);
796 BT_DBG("%s status 0x%x", hdev->name, status);
798 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
801 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
804 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
806 BT_DBG("%s status 0x%x", hdev->name, rp->status);
811 hdev->amp_status = rp->amp_status;
812 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
813 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
814 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
815 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
816 hdev->amp_type = rp->amp_type;
817 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
818 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
819 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
820 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
822 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
825 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
828 __u8 status = *((__u8 *) skb->data);
830 BT_DBG("%s status 0x%x", hdev->name, status);
832 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
835 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
837 __u8 status = *((__u8 *) skb->data);
839 BT_DBG("%s status 0x%x", hdev->name, status);
841 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
844 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
847 __u8 status = *((__u8 *) skb->data);
849 BT_DBG("%s status 0x%x", hdev->name, status);
851 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
854 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
857 __u8 status = *((__u8 *) skb->data);
859 BT_DBG("%s status 0x%x", hdev->name, status);
861 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
864 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
866 __u8 status = *((__u8 *) skb->data);
868 BT_DBG("%s status 0x%x", hdev->name, status);
870 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
873 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
875 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
876 struct hci_cp_pin_code_reply *cp;
877 struct hci_conn *conn;
879 BT_DBG("%s status 0x%x", hdev->name, rp->status);
883 if (test_bit(HCI_MGMT, &hdev->flags))
884 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
889 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
893 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
895 conn->pin_length = cp->pin_len;
898 hci_dev_unlock(hdev);
901 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
903 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
905 BT_DBG("%s status 0x%x", hdev->name, rp->status);
909 if (test_bit(HCI_MGMT, &hdev->flags))
910 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
913 hci_dev_unlock(hdev);
916 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
919 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
921 BT_DBG("%s status 0x%x", hdev->name, rp->status);
926 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
927 hdev->le_pkts = rp->le_max_pkt;
929 hdev->le_cnt = hdev->le_pkts;
931 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
933 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
936 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
938 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
940 BT_DBG("%s status 0x%x", hdev->name, rp->status);
944 if (test_bit(HCI_MGMT, &hdev->flags))
945 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr,
948 hci_dev_unlock(hdev);
951 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
954 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
956 BT_DBG("%s status 0x%x", hdev->name, rp->status);
960 if (test_bit(HCI_MGMT, &hdev->flags))
961 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
964 hci_dev_unlock(hdev);
967 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
969 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
971 BT_DBG("%s status 0x%x", hdev->name, rp->status);
975 if (test_bit(HCI_MGMT, &hdev->flags))
976 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr,
979 hci_dev_unlock(hdev);
982 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
985 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
987 BT_DBG("%s status 0x%x", hdev->name, rp->status);
991 if (test_bit(HCI_MGMT, &hdev->flags))
992 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
995 hci_dev_unlock(hdev);
998 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1001 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1003 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1006 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
1007 rp->randomizer, rp->status);
1008 hci_dev_unlock(hdev);
1011 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1013 __u8 status = *((__u8 *) skb->data);
1015 BT_DBG("%s status 0x%x", hdev->name, status);
1018 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1019 struct sk_buff *skb)
1021 struct hci_cp_le_set_scan_enable *cp;
1022 __u8 status = *((__u8 *) skb->data);
1024 BT_DBG("%s status 0x%x", hdev->name, status);
1029 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1033 if (cp->enable == 0x01) {
1034 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1036 cancel_delayed_work_sync(&hdev->adv_work);
1039 hci_adv_entries_clear(hdev);
1040 hci_dev_unlock(hdev);
1041 } else if (cp->enable == 0x00) {
1042 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1044 cancel_delayed_work_sync(&hdev->adv_work);
1045 queue_delayed_work(hdev->workqueue, &hdev->adv_work,
1046 jiffies + ADV_CLEAR_TIMEOUT);
1050 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1052 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1054 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1059 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1062 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1064 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1066 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1071 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1074 static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1075 struct sk_buff *skb)
1077 struct hci_cp_read_local_ext_features cp;
1078 __u8 status = *((__u8 *) skb->data);
1080 BT_DBG("%s status 0x%x", hdev->name, status);
1086 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp), &cp);
1089 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1091 BT_DBG("%s status 0x%x", hdev->name, status);
1094 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1095 hci_conn_check_pending(hdev);
1097 if (test_bit(HCI_MGMT, &hdev->flags))
1098 mgmt_start_discovery_failed(hdev, status);
1099 hci_dev_unlock(hdev);
1103 set_bit(HCI_INQUIRY, &hdev->flags);
1106 mgmt_discovering(hdev, 1);
1107 hci_dev_unlock(hdev);
1110 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1112 struct hci_cp_create_conn *cp;
1113 struct hci_conn *conn;
1115 BT_DBG("%s status 0x%x", hdev->name, status);
1117 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1123 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1125 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1128 if (conn && conn->state == BT_CONNECT) {
1129 if (status != 0x0c || conn->attempt > 2) {
1130 conn->state = BT_CLOSED;
1131 hci_proto_connect_cfm(conn, status);
1134 conn->state = BT_CONNECT2;
1138 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1141 conn->link_mode |= HCI_LM_MASTER;
1143 BT_ERR("No memory for new connection");
1147 hci_dev_unlock(hdev);
1150 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1152 struct hci_cp_add_sco *cp;
1153 struct hci_conn *acl, *sco;
1156 BT_DBG("%s status 0x%x", hdev->name, status);
1161 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1165 handle = __le16_to_cpu(cp->handle);
1167 BT_DBG("%s handle %d", hdev->name, handle);
1171 acl = hci_conn_hash_lookup_handle(hdev, handle);
1175 sco->state = BT_CLOSED;
1177 hci_proto_connect_cfm(sco, status);
1182 hci_dev_unlock(hdev);
1185 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1187 struct hci_cp_auth_requested *cp;
1188 struct hci_conn *conn;
1190 BT_DBG("%s status 0x%x", hdev->name, status);
1195 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1201 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1203 if (conn->state == BT_CONFIG) {
1204 hci_proto_connect_cfm(conn, status);
1209 hci_dev_unlock(hdev);
1212 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1214 struct hci_cp_set_conn_encrypt *cp;
1215 struct hci_conn *conn;
1217 BT_DBG("%s status 0x%x", hdev->name, status);
1222 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1228 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1230 if (conn->state == BT_CONFIG) {
1231 hci_proto_connect_cfm(conn, status);
1236 hci_dev_unlock(hdev);
1239 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1240 struct hci_conn *conn)
1242 if (conn->state != BT_CONFIG || !conn->out)
1245 if (conn->pending_sec_level == BT_SECURITY_SDP)
1248 /* Only request authentication for SSP connections or non-SSP
1249 * devices with sec_level HIGH or if MITM protection is requested */
1250 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
1251 conn->pending_sec_level != BT_SECURITY_HIGH &&
1252 !(conn->auth_type & 0x01))
1258 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1260 struct hci_cp_remote_name_req *cp;
1261 struct hci_conn *conn;
1263 BT_DBG("%s status 0x%x", hdev->name, status);
1265 /* If successful wait for the name req complete event before
1266 * checking for the need to do authentication */
1270 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1276 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1280 if (!hci_outgoing_auth_needed(hdev, conn))
1283 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1284 struct hci_cp_auth_requested cp;
1285 cp.handle = __cpu_to_le16(conn->handle);
1286 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1290 hci_dev_unlock(hdev);
1293 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1295 struct hci_cp_read_remote_features *cp;
1296 struct hci_conn *conn;
1298 BT_DBG("%s status 0x%x", hdev->name, status);
1303 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1309 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1311 if (conn->state == BT_CONFIG) {
1312 hci_proto_connect_cfm(conn, status);
1317 hci_dev_unlock(hdev);
1320 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1322 struct hci_cp_read_remote_ext_features *cp;
1323 struct hci_conn *conn;
1325 BT_DBG("%s status 0x%x", hdev->name, status);
1330 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1336 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1338 if (conn->state == BT_CONFIG) {
1339 hci_proto_connect_cfm(conn, status);
1344 hci_dev_unlock(hdev);
1347 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1349 struct hci_cp_setup_sync_conn *cp;
1350 struct hci_conn *acl, *sco;
1353 BT_DBG("%s status 0x%x", hdev->name, status);
1358 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1362 handle = __le16_to_cpu(cp->handle);
1364 BT_DBG("%s handle %d", hdev->name, handle);
1368 acl = hci_conn_hash_lookup_handle(hdev, handle);
1372 sco->state = BT_CLOSED;
1374 hci_proto_connect_cfm(sco, status);
1379 hci_dev_unlock(hdev);
1382 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1384 struct hci_cp_sniff_mode *cp;
1385 struct hci_conn *conn;
1387 BT_DBG("%s status 0x%x", hdev->name, status);
1392 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1398 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1400 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1402 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1403 hci_sco_setup(conn, status);
1406 hci_dev_unlock(hdev);
1409 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1411 struct hci_cp_exit_sniff_mode *cp;
1412 struct hci_conn *conn;
1414 BT_DBG("%s status 0x%x", hdev->name, status);
1419 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1425 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1427 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1429 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1430 hci_sco_setup(conn, status);
1433 hci_dev_unlock(hdev);
1436 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1438 struct hci_cp_le_create_conn *cp;
1439 struct hci_conn *conn;
1441 BT_DBG("%s status 0x%x", hdev->name, status);
1443 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1449 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1451 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1455 if (conn && conn->state == BT_CONNECT) {
1456 conn->state = BT_CLOSED;
1457 hci_proto_connect_cfm(conn, status);
1462 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1464 conn->dst_type = cp->peer_addr_type;
1467 BT_ERR("No memory for new connection");
1472 hci_dev_unlock(hdev);
1475 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1477 BT_DBG("%s status 0x%x", hdev->name, status);
1480 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1482 __u8 status = *((__u8 *) skb->data);
1484 BT_DBG("%s status %d", hdev->name, status);
1486 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1488 hci_conn_check_pending(hdev);
1490 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1494 mgmt_discovering(hdev, 0);
1495 hci_dev_unlock(hdev);
1498 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1500 struct inquiry_data data;
1501 struct inquiry_info *info = (void *) (skb->data + 1);
1502 int num_rsp = *((__u8 *) skb->data);
1504 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1511 for (; num_rsp; num_rsp--, info++) {
1512 bacpy(&data.bdaddr, &info->bdaddr);
1513 data.pscan_rep_mode = info->pscan_rep_mode;
1514 data.pscan_period_mode = info->pscan_period_mode;
1515 data.pscan_mode = info->pscan_mode;
1516 memcpy(data.dev_class, info->dev_class, 3);
1517 data.clock_offset = info->clock_offset;
1519 data.ssp_mode = 0x00;
1520 hci_inquiry_cache_update(hdev, &data);
1521 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1522 info->dev_class, 0, NULL);
1525 hci_dev_unlock(hdev);
1528 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1530 struct hci_ev_conn_complete *ev = (void *) skb->data;
1531 struct hci_conn *conn;
1533 BT_DBG("%s", hdev->name);
1537 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1539 if (ev->link_type != SCO_LINK)
1542 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1546 conn->type = SCO_LINK;
1550 conn->handle = __le16_to_cpu(ev->handle);
1552 if (conn->type == ACL_LINK) {
1553 conn->state = BT_CONFIG;
1554 hci_conn_hold(conn);
1555 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1556 mgmt_connected(hdev, &ev->bdaddr, conn->type,
1559 conn->state = BT_CONNECTED;
1561 hci_conn_hold_device(conn);
1562 hci_conn_add_sysfs(conn);
1564 if (test_bit(HCI_AUTH, &hdev->flags))
1565 conn->link_mode |= HCI_LM_AUTH;
1567 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1568 conn->link_mode |= HCI_LM_ENCRYPT;
1570 /* Get remote features */
1571 if (conn->type == ACL_LINK) {
1572 struct hci_cp_read_remote_features cp;
1573 cp.handle = ev->handle;
1574 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1578 /* Set packet type for incoming connection */
1579 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1580 struct hci_cp_change_conn_ptype cp;
1581 cp.handle = ev->handle;
1582 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1583 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1587 conn->state = BT_CLOSED;
1588 if (conn->type == ACL_LINK)
1589 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1590 conn->dst_type, ev->status);
1593 if (conn->type == ACL_LINK)
1594 hci_sco_setup(conn, ev->status);
1597 hci_proto_connect_cfm(conn, ev->status);
1599 } else if (ev->link_type != ACL_LINK)
1600 hci_proto_connect_cfm(conn, ev->status);
1603 hci_dev_unlock(hdev);
1605 hci_conn_check_pending(hdev);
1608 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1610 struct hci_ev_conn_request *ev = (void *) skb->data;
1611 int mask = hdev->link_mode;
1613 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1614 batostr(&ev->bdaddr), ev->link_type);
1616 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1618 if ((mask & HCI_LM_ACCEPT) &&
1619 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1620 /* Connection accepted */
1621 struct inquiry_entry *ie;
1622 struct hci_conn *conn;
1626 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1628 memcpy(ie->data.dev_class, ev->dev_class, 3);
1630 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1632 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1634 BT_ERR("No memory for new connection");
1635 hci_dev_unlock(hdev);
1640 memcpy(conn->dev_class, ev->dev_class, 3);
1641 conn->state = BT_CONNECT;
1643 hci_dev_unlock(hdev);
1645 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1646 struct hci_cp_accept_conn_req cp;
1648 bacpy(&cp.bdaddr, &ev->bdaddr);
1650 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1651 cp.role = 0x00; /* Become master */
1653 cp.role = 0x01; /* Remain slave */
1655 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1658 struct hci_cp_accept_sync_conn_req cp;
1660 bacpy(&cp.bdaddr, &ev->bdaddr);
1661 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1663 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1664 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1665 cp.max_latency = cpu_to_le16(0xffff);
1666 cp.content_format = cpu_to_le16(hdev->voice_setting);
1667 cp.retrans_effort = 0xff;
1669 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1673 /* Connection rejected */
1674 struct hci_cp_reject_conn_req cp;
1676 bacpy(&cp.bdaddr, &ev->bdaddr);
1677 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1678 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1682 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1684 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1685 struct hci_conn *conn;
1687 BT_DBG("%s status %d", hdev->name, ev->status);
1691 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1695 if (ev->status == 0)
1696 conn->state = BT_CLOSED;
1698 if (conn->type == ACL_LINK || conn->type == LE_LINK) {
1699 if (ev->status != 0)
1700 mgmt_disconnect_failed(hdev, &conn->dst, ev->status);
1702 mgmt_disconnected(hdev, &conn->dst, conn->type,
1706 if (ev->status == 0) {
1707 hci_proto_disconn_cfm(conn, ev->reason);
1712 hci_dev_unlock(hdev);
1715 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1717 struct hci_ev_auth_complete *ev = (void *) skb->data;
1718 struct hci_conn *conn;
1720 BT_DBG("%s status %d", hdev->name, ev->status);
1724 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1729 if (!(conn->ssp_mode > 0 && hdev->ssp_mode > 0) &&
1730 test_bit(HCI_CONN_REAUTH_PEND, &conn->pend)) {
1731 BT_INFO("re-auth of legacy device is not possible.");
1733 conn->link_mode |= HCI_LM_AUTH;
1734 conn->sec_level = conn->pending_sec_level;
1737 mgmt_auth_failed(hdev, &conn->dst, ev->status);
1740 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1741 clear_bit(HCI_CONN_REAUTH_PEND, &conn->pend);
1743 if (conn->state == BT_CONFIG) {
1744 if (!ev->status && hdev->ssp_mode > 0 && conn->ssp_mode > 0) {
1745 struct hci_cp_set_conn_encrypt cp;
1746 cp.handle = ev->handle;
1748 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1751 conn->state = BT_CONNECTED;
1752 hci_proto_connect_cfm(conn, ev->status);
1756 hci_auth_cfm(conn, ev->status);
1758 hci_conn_hold(conn);
1759 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1763 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1765 struct hci_cp_set_conn_encrypt cp;
1766 cp.handle = ev->handle;
1768 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1771 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1772 hci_encrypt_cfm(conn, ev->status, 0x00);
1777 hci_dev_unlock(hdev);
1780 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1782 struct hci_ev_remote_name *ev = (void *) skb->data;
1783 struct hci_conn *conn;
1785 BT_DBG("%s", hdev->name);
1787 hci_conn_check_pending(hdev);
1791 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
1792 mgmt_remote_name(hdev, &ev->bdaddr, ev->name);
1794 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1798 if (!hci_outgoing_auth_needed(hdev, conn))
1801 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1802 struct hci_cp_auth_requested cp;
1803 cp.handle = __cpu_to_le16(conn->handle);
1804 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1808 hci_dev_unlock(hdev);
1811 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1813 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1814 struct hci_conn *conn;
1816 BT_DBG("%s status %d", hdev->name, ev->status);
1820 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1824 /* Encryption implies authentication */
1825 conn->link_mode |= HCI_LM_AUTH;
1826 conn->link_mode |= HCI_LM_ENCRYPT;
1827 conn->sec_level = conn->pending_sec_level;
1829 conn->link_mode &= ~HCI_LM_ENCRYPT;
1832 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1834 if (conn->state == BT_CONFIG) {
1836 conn->state = BT_CONNECTED;
1838 hci_proto_connect_cfm(conn, ev->status);
1841 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1844 hci_dev_unlock(hdev);
1847 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1849 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1850 struct hci_conn *conn;
1852 BT_DBG("%s status %d", hdev->name, ev->status);
1856 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1859 conn->link_mode |= HCI_LM_SECURE;
1861 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1863 hci_key_change_cfm(conn, ev->status);
1866 hci_dev_unlock(hdev);
1869 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1871 struct hci_ev_remote_features *ev = (void *) skb->data;
1872 struct hci_conn *conn;
1874 BT_DBG("%s status %d", hdev->name, ev->status);
1878 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1883 memcpy(conn->features, ev->features, 8);
1885 if (conn->state != BT_CONFIG)
1888 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1889 struct hci_cp_read_remote_ext_features cp;
1890 cp.handle = ev->handle;
1892 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
1898 struct hci_cp_remote_name_req cp;
1899 memset(&cp, 0, sizeof(cp));
1900 bacpy(&cp.bdaddr, &conn->dst);
1901 cp.pscan_rep_mode = 0x02;
1902 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1905 if (!hci_outgoing_auth_needed(hdev, conn)) {
1906 conn->state = BT_CONNECTED;
1907 hci_proto_connect_cfm(conn, ev->status);
1912 hci_dev_unlock(hdev);
1915 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1917 BT_DBG("%s", hdev->name);
1920 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1922 BT_DBG("%s", hdev->name);
1925 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1927 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1930 skb_pull(skb, sizeof(*ev));
1932 opcode = __le16_to_cpu(ev->opcode);
1935 case HCI_OP_INQUIRY_CANCEL:
1936 hci_cc_inquiry_cancel(hdev, skb);
1939 case HCI_OP_EXIT_PERIODIC_INQ:
1940 hci_cc_exit_periodic_inq(hdev, skb);
1943 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1944 hci_cc_remote_name_req_cancel(hdev, skb);
1947 case HCI_OP_ROLE_DISCOVERY:
1948 hci_cc_role_discovery(hdev, skb);
1951 case HCI_OP_READ_LINK_POLICY:
1952 hci_cc_read_link_policy(hdev, skb);
1955 case HCI_OP_WRITE_LINK_POLICY:
1956 hci_cc_write_link_policy(hdev, skb);
1959 case HCI_OP_READ_DEF_LINK_POLICY:
1960 hci_cc_read_def_link_policy(hdev, skb);
1963 case HCI_OP_WRITE_DEF_LINK_POLICY:
1964 hci_cc_write_def_link_policy(hdev, skb);
1968 hci_cc_reset(hdev, skb);
1971 case HCI_OP_WRITE_LOCAL_NAME:
1972 hci_cc_write_local_name(hdev, skb);
1975 case HCI_OP_READ_LOCAL_NAME:
1976 hci_cc_read_local_name(hdev, skb);
1979 case HCI_OP_WRITE_AUTH_ENABLE:
1980 hci_cc_write_auth_enable(hdev, skb);
1983 case HCI_OP_WRITE_ENCRYPT_MODE:
1984 hci_cc_write_encrypt_mode(hdev, skb);
1987 case HCI_OP_WRITE_SCAN_ENABLE:
1988 hci_cc_write_scan_enable(hdev, skb);
1991 case HCI_OP_READ_CLASS_OF_DEV:
1992 hci_cc_read_class_of_dev(hdev, skb);
1995 case HCI_OP_WRITE_CLASS_OF_DEV:
1996 hci_cc_write_class_of_dev(hdev, skb);
1999 case HCI_OP_READ_VOICE_SETTING:
2000 hci_cc_read_voice_setting(hdev, skb);
2003 case HCI_OP_WRITE_VOICE_SETTING:
2004 hci_cc_write_voice_setting(hdev, skb);
2007 case HCI_OP_HOST_BUFFER_SIZE:
2008 hci_cc_host_buffer_size(hdev, skb);
2011 case HCI_OP_READ_SSP_MODE:
2012 hci_cc_read_ssp_mode(hdev, skb);
2015 case HCI_OP_WRITE_SSP_MODE:
2016 hci_cc_write_ssp_mode(hdev, skb);
2019 case HCI_OP_READ_LOCAL_VERSION:
2020 hci_cc_read_local_version(hdev, skb);
2023 case HCI_OP_READ_LOCAL_COMMANDS:
2024 hci_cc_read_local_commands(hdev, skb);
2027 case HCI_OP_READ_LOCAL_FEATURES:
2028 hci_cc_read_local_features(hdev, skb);
2031 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2032 hci_cc_read_local_ext_features(hdev, skb);
2035 case HCI_OP_READ_BUFFER_SIZE:
2036 hci_cc_read_buffer_size(hdev, skb);
2039 case HCI_OP_READ_BD_ADDR:
2040 hci_cc_read_bd_addr(hdev, skb);
2043 case HCI_OP_READ_DATA_BLOCK_SIZE:
2044 hci_cc_read_data_block_size(hdev, skb);
2047 case HCI_OP_WRITE_CA_TIMEOUT:
2048 hci_cc_write_ca_timeout(hdev, skb);
2051 case HCI_OP_READ_FLOW_CONTROL_MODE:
2052 hci_cc_read_flow_control_mode(hdev, skb);
2055 case HCI_OP_READ_LOCAL_AMP_INFO:
2056 hci_cc_read_local_amp_info(hdev, skb);
2059 case HCI_OP_DELETE_STORED_LINK_KEY:
2060 hci_cc_delete_stored_link_key(hdev, skb);
2063 case HCI_OP_SET_EVENT_MASK:
2064 hci_cc_set_event_mask(hdev, skb);
2067 case HCI_OP_WRITE_INQUIRY_MODE:
2068 hci_cc_write_inquiry_mode(hdev, skb);
2071 case HCI_OP_READ_INQ_RSP_TX_POWER:
2072 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2075 case HCI_OP_SET_EVENT_FLT:
2076 hci_cc_set_event_flt(hdev, skb);
2079 case HCI_OP_PIN_CODE_REPLY:
2080 hci_cc_pin_code_reply(hdev, skb);
2083 case HCI_OP_PIN_CODE_NEG_REPLY:
2084 hci_cc_pin_code_neg_reply(hdev, skb);
2087 case HCI_OP_READ_LOCAL_OOB_DATA:
2088 hci_cc_read_local_oob_data_reply(hdev, skb);
2091 case HCI_OP_LE_READ_BUFFER_SIZE:
2092 hci_cc_le_read_buffer_size(hdev, skb);
2095 case HCI_OP_USER_CONFIRM_REPLY:
2096 hci_cc_user_confirm_reply(hdev, skb);
2099 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2100 hci_cc_user_confirm_neg_reply(hdev, skb);
2103 case HCI_OP_USER_PASSKEY_REPLY:
2104 hci_cc_user_passkey_reply(hdev, skb);
2107 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2108 hci_cc_user_passkey_neg_reply(hdev, skb);
2110 case HCI_OP_LE_SET_SCAN_PARAM:
2111 hci_cc_le_set_scan_param(hdev, skb);
2114 case HCI_OP_LE_SET_SCAN_ENABLE:
2115 hci_cc_le_set_scan_enable(hdev, skb);
2118 case HCI_OP_LE_LTK_REPLY:
2119 hci_cc_le_ltk_reply(hdev, skb);
2122 case HCI_OP_LE_LTK_NEG_REPLY:
2123 hci_cc_le_ltk_neg_reply(hdev, skb);
2126 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2127 hci_cc_write_le_host_supported(hdev, skb);
2131 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2135 if (ev->opcode != HCI_OP_NOP)
2136 del_timer(&hdev->cmd_timer);
2139 atomic_set(&hdev->cmd_cnt, 1);
2140 if (!skb_queue_empty(&hdev->cmd_q))
2141 queue_work(hdev->workqueue, &hdev->cmd_work);
2145 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2147 struct hci_ev_cmd_status *ev = (void *) skb->data;
2150 skb_pull(skb, sizeof(*ev));
2152 opcode = __le16_to_cpu(ev->opcode);
2155 case HCI_OP_INQUIRY:
2156 hci_cs_inquiry(hdev, ev->status);
2159 case HCI_OP_CREATE_CONN:
2160 hci_cs_create_conn(hdev, ev->status);
2163 case HCI_OP_ADD_SCO:
2164 hci_cs_add_sco(hdev, ev->status);
2167 case HCI_OP_AUTH_REQUESTED:
2168 hci_cs_auth_requested(hdev, ev->status);
2171 case HCI_OP_SET_CONN_ENCRYPT:
2172 hci_cs_set_conn_encrypt(hdev, ev->status);
2175 case HCI_OP_REMOTE_NAME_REQ:
2176 hci_cs_remote_name_req(hdev, ev->status);
2179 case HCI_OP_READ_REMOTE_FEATURES:
2180 hci_cs_read_remote_features(hdev, ev->status);
2183 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2184 hci_cs_read_remote_ext_features(hdev, ev->status);
2187 case HCI_OP_SETUP_SYNC_CONN:
2188 hci_cs_setup_sync_conn(hdev, ev->status);
2191 case HCI_OP_SNIFF_MODE:
2192 hci_cs_sniff_mode(hdev, ev->status);
2195 case HCI_OP_EXIT_SNIFF_MODE:
2196 hci_cs_exit_sniff_mode(hdev, ev->status);
2199 case HCI_OP_DISCONNECT:
2200 if (ev->status != 0)
2201 mgmt_disconnect_failed(hdev, NULL, ev->status);
2204 case HCI_OP_LE_CREATE_CONN:
2205 hci_cs_le_create_conn(hdev, ev->status);
2208 case HCI_OP_LE_START_ENC:
2209 hci_cs_le_start_enc(hdev, ev->status);
2213 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2217 if (ev->opcode != HCI_OP_NOP)
2218 del_timer(&hdev->cmd_timer);
2220 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2221 atomic_set(&hdev->cmd_cnt, 1);
2222 if (!skb_queue_empty(&hdev->cmd_q))
2223 queue_work(hdev->workqueue, &hdev->cmd_work);
2227 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2229 struct hci_ev_role_change *ev = (void *) skb->data;
2230 struct hci_conn *conn;
2232 BT_DBG("%s status %d", hdev->name, ev->status);
2236 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2240 conn->link_mode &= ~HCI_LM_MASTER;
2242 conn->link_mode |= HCI_LM_MASTER;
2245 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
2247 hci_role_switch_cfm(conn, ev->status, ev->role);
2250 hci_dev_unlock(hdev);
2253 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2255 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2259 skb_pull(skb, sizeof(*ev));
2261 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2263 if (skb->len < ev->num_hndl * 4) {
2264 BT_DBG("%s bad parameters", hdev->name);
2268 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
2269 struct hci_conn *conn;
2270 __u16 handle, count;
2272 handle = get_unaligned_le16(ptr++);
2273 count = get_unaligned_le16(ptr++);
2275 conn = hci_conn_hash_lookup_handle(hdev, handle);
2279 conn->sent -= count;
2281 switch (conn->type) {
2283 hdev->acl_cnt += count;
2284 if (hdev->acl_cnt > hdev->acl_pkts)
2285 hdev->acl_cnt = hdev->acl_pkts;
2289 if (hdev->le_pkts) {
2290 hdev->le_cnt += count;
2291 if (hdev->le_cnt > hdev->le_pkts)
2292 hdev->le_cnt = hdev->le_pkts;
2294 hdev->acl_cnt += count;
2295 if (hdev->acl_cnt > hdev->acl_pkts)
2296 hdev->acl_cnt = hdev->acl_pkts;
2301 hdev->sco_cnt += count;
2302 if (hdev->sco_cnt > hdev->sco_pkts)
2303 hdev->sco_cnt = hdev->sco_pkts;
2307 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2312 queue_work(hdev->workqueue, &hdev->tx_work);
2315 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2317 struct hci_ev_mode_change *ev = (void *) skb->data;
2318 struct hci_conn *conn;
2320 BT_DBG("%s status %d", hdev->name, ev->status);
2324 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2326 conn->mode = ev->mode;
2327 conn->interval = __le16_to_cpu(ev->interval);
2329 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2330 if (conn->mode == HCI_CM_ACTIVE)
2331 conn->power_save = 1;
2333 conn->power_save = 0;
2336 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2337 hci_sco_setup(conn, ev->status);
2340 hci_dev_unlock(hdev);
2343 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2345 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2346 struct hci_conn *conn;
2348 BT_DBG("%s", hdev->name);
2352 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2356 if (conn->state == BT_CONNECTED) {
2357 hci_conn_hold(conn);
2358 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2362 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2363 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2364 sizeof(ev->bdaddr), &ev->bdaddr);
2365 else if (test_bit(HCI_MGMT, &hdev->flags)) {
2368 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2373 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2377 hci_dev_unlock(hdev);
2380 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2382 struct hci_ev_link_key_req *ev = (void *) skb->data;
2383 struct hci_cp_link_key_reply cp;
2384 struct hci_conn *conn;
2385 struct link_key *key;
2387 BT_DBG("%s", hdev->name);
2389 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2394 key = hci_find_link_key(hdev, &ev->bdaddr);
2396 BT_DBG("%s link key not found for %s", hdev->name,
2397 batostr(&ev->bdaddr));
2401 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2402 batostr(&ev->bdaddr));
2404 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2405 key->type == HCI_LK_DEBUG_COMBINATION) {
2406 BT_DBG("%s ignoring debug key", hdev->name);
2410 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2412 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2413 conn->auth_type != 0xff &&
2414 (conn->auth_type & 0x01)) {
2415 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2419 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2420 conn->pending_sec_level == BT_SECURITY_HIGH) {
2421 BT_DBG("%s ignoring key unauthenticated for high \
2422 security", hdev->name);
2426 conn->key_type = key->type;
2427 conn->pin_length = key->pin_len;
2430 bacpy(&cp.bdaddr, &ev->bdaddr);
2431 memcpy(cp.link_key, key->val, 16);
2433 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2435 hci_dev_unlock(hdev);
2440 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2441 hci_dev_unlock(hdev);
2444 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2446 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2447 struct hci_conn *conn;
2450 BT_DBG("%s", hdev->name);
2454 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2456 hci_conn_hold(conn);
2457 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2458 pin_len = conn->pin_length;
2460 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2461 conn->key_type = ev->key_type;
2466 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
2467 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2468 ev->key_type, pin_len);
2470 hci_dev_unlock(hdev);
2473 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2475 struct hci_ev_clock_offset *ev = (void *) skb->data;
2476 struct hci_conn *conn;
2478 BT_DBG("%s status %d", hdev->name, ev->status);
2482 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2483 if (conn && !ev->status) {
2484 struct inquiry_entry *ie;
2486 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2488 ie->data.clock_offset = ev->clock_offset;
2489 ie->timestamp = jiffies;
2493 hci_dev_unlock(hdev);
2496 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2498 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2499 struct hci_conn *conn;
2501 BT_DBG("%s status %d", hdev->name, ev->status);
2505 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2506 if (conn && !ev->status)
2507 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2509 hci_dev_unlock(hdev);
2512 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2514 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2515 struct inquiry_entry *ie;
2517 BT_DBG("%s", hdev->name);
2521 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2523 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2524 ie->timestamp = jiffies;
2527 hci_dev_unlock(hdev);
2530 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2532 struct inquiry_data data;
2533 int num_rsp = *((__u8 *) skb->data);
2535 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2542 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2543 struct inquiry_info_with_rssi_and_pscan_mode *info;
2544 info = (void *) (skb->data + 1);
2546 for (; num_rsp; num_rsp--, info++) {
2547 bacpy(&data.bdaddr, &info->bdaddr);
2548 data.pscan_rep_mode = info->pscan_rep_mode;
2549 data.pscan_period_mode = info->pscan_period_mode;
2550 data.pscan_mode = info->pscan_mode;
2551 memcpy(data.dev_class, info->dev_class, 3);
2552 data.clock_offset = info->clock_offset;
2553 data.rssi = info->rssi;
2554 data.ssp_mode = 0x00;
2555 hci_inquiry_cache_update(hdev, &data);
2556 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2557 info->dev_class, info->rssi,
2561 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2563 for (; num_rsp; num_rsp--, info++) {
2564 bacpy(&data.bdaddr, &info->bdaddr);
2565 data.pscan_rep_mode = info->pscan_rep_mode;
2566 data.pscan_period_mode = info->pscan_period_mode;
2567 data.pscan_mode = 0x00;
2568 memcpy(data.dev_class, info->dev_class, 3);
2569 data.clock_offset = info->clock_offset;
2570 data.rssi = info->rssi;
2571 data.ssp_mode = 0x00;
2572 hci_inquiry_cache_update(hdev, &data);
2573 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2574 info->dev_class, info->rssi,
2579 hci_dev_unlock(hdev);
2582 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2584 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2585 struct hci_conn *conn;
2587 BT_DBG("%s", hdev->name);
2591 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2595 if (!ev->status && ev->page == 0x01) {
2596 struct inquiry_entry *ie;
2598 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2600 ie->data.ssp_mode = (ev->features[0] & 0x01);
2602 conn->ssp_mode = (ev->features[0] & 0x01);
2605 if (conn->state != BT_CONFIG)
2609 struct hci_cp_remote_name_req cp;
2610 memset(&cp, 0, sizeof(cp));
2611 bacpy(&cp.bdaddr, &conn->dst);
2612 cp.pscan_rep_mode = 0x02;
2613 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2616 if (!hci_outgoing_auth_needed(hdev, conn)) {
2617 conn->state = BT_CONNECTED;
2618 hci_proto_connect_cfm(conn, ev->status);
2623 hci_dev_unlock(hdev);
2626 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2628 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2629 struct hci_conn *conn;
2631 BT_DBG("%s status %d", hdev->name, ev->status);
2635 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2637 if (ev->link_type == ESCO_LINK)
2640 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2644 conn->type = SCO_LINK;
2647 switch (ev->status) {
2649 conn->handle = __le16_to_cpu(ev->handle);
2650 conn->state = BT_CONNECTED;
2652 hci_conn_hold_device(conn);
2653 hci_conn_add_sysfs(conn);
2656 case 0x11: /* Unsupported Feature or Parameter Value */
2657 case 0x1c: /* SCO interval rejected */
2658 case 0x1a: /* Unsupported Remote Feature */
2659 case 0x1f: /* Unspecified error */
2660 if (conn->out && conn->attempt < 2) {
2661 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2662 (hdev->esco_type & EDR_ESCO_MASK);
2663 hci_setup_sync(conn, conn->link->handle);
2669 conn->state = BT_CLOSED;
2673 hci_proto_connect_cfm(conn, ev->status);
2678 hci_dev_unlock(hdev);
2681 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2683 BT_DBG("%s", hdev->name);
2686 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2688 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2690 BT_DBG("%s status %d", hdev->name, ev->status);
2693 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2695 struct inquiry_data data;
2696 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2697 int num_rsp = *((__u8 *) skb->data);
2699 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2706 for (; num_rsp; num_rsp--, info++) {
2707 bacpy(&data.bdaddr, &info->bdaddr);
2708 data.pscan_rep_mode = info->pscan_rep_mode;
2709 data.pscan_period_mode = info->pscan_period_mode;
2710 data.pscan_mode = 0x00;
2711 memcpy(data.dev_class, info->dev_class, 3);
2712 data.clock_offset = info->clock_offset;
2713 data.rssi = info->rssi;
2714 data.ssp_mode = 0x01;
2715 hci_inquiry_cache_update(hdev, &data);
2716 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2717 info->dev_class, info->rssi, info->data);
2720 hci_dev_unlock(hdev);
2723 static inline u8 hci_get_auth_req(struct hci_conn *conn)
2725 /* If remote requests dedicated bonding follow that lead */
2726 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2727 /* If both remote and local IO capabilities allow MITM
2728 * protection then require it, otherwise don't */
2729 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2735 /* If remote requests no-bonding follow that lead */
2736 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
2737 return conn->remote_auth | (conn->auth_type & 0x01);
2739 return conn->auth_type;
2742 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2744 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2745 struct hci_conn *conn;
2747 BT_DBG("%s", hdev->name);
2751 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2755 hci_conn_hold(conn);
2757 if (!test_bit(HCI_MGMT, &hdev->flags))
2760 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2761 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
2762 struct hci_cp_io_capability_reply cp;
2764 bacpy(&cp.bdaddr, &ev->bdaddr);
2765 cp.capability = conn->io_capability;
2766 conn->auth_type = hci_get_auth_req(conn);
2767 cp.authentication = conn->auth_type;
2769 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2770 hci_find_remote_oob_data(hdev, &conn->dst))
2775 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2778 struct hci_cp_io_capability_neg_reply cp;
2780 bacpy(&cp.bdaddr, &ev->bdaddr);
2781 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
2783 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2788 hci_dev_unlock(hdev);
2791 static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2793 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2794 struct hci_conn *conn;
2796 BT_DBG("%s", hdev->name);
2800 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2804 conn->remote_cap = ev->capability;
2805 conn->remote_oob = ev->oob_data;
2806 conn->remote_auth = ev->authentication;
2809 hci_dev_unlock(hdev);
2812 static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2813 struct sk_buff *skb)
2815 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
2816 int loc_mitm, rem_mitm, confirm_hint = 0;
2817 struct hci_conn *conn;
2819 BT_DBG("%s", hdev->name);
2823 if (!test_bit(HCI_MGMT, &hdev->flags))
2826 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2830 loc_mitm = (conn->auth_type & 0x01);
2831 rem_mitm = (conn->remote_auth & 0x01);
2833 /* If we require MITM but the remote device can't provide that
2834 * (it has NoInputNoOutput) then reject the confirmation
2835 * request. The only exception is when we're dedicated bonding
2836 * initiators (connect_cfm_cb set) since then we always have the MITM
2838 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2839 BT_DBG("Rejecting request: remote device can't provide MITM");
2840 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2841 sizeof(ev->bdaddr), &ev->bdaddr);
2845 /* If no side requires MITM protection; auto-accept */
2846 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2847 (!rem_mitm || conn->io_capability == 0x03)) {
2849 /* If we're not the initiators request authorization to
2850 * proceed from user space (mgmt_user_confirm with
2851 * confirm_hint set to 1). */
2852 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2853 BT_DBG("Confirming auto-accept as acceptor");
2858 BT_DBG("Auto-accept of user confirmation with %ums delay",
2859 hdev->auto_accept_delay);
2861 if (hdev->auto_accept_delay > 0) {
2862 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2863 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2867 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2868 sizeof(ev->bdaddr), &ev->bdaddr);
2873 mgmt_user_confirm_request(hdev, &ev->bdaddr, ev->passkey,
2877 hci_dev_unlock(hdev);
2880 static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
2881 struct sk_buff *skb)
2883 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
2885 BT_DBG("%s", hdev->name);
2889 if (test_bit(HCI_MGMT, &hdev->flags))
2890 mgmt_user_passkey_request(hdev, &ev->bdaddr);
2892 hci_dev_unlock(hdev);
2895 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2897 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2898 struct hci_conn *conn;
2900 BT_DBG("%s", hdev->name);
2904 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2908 /* To avoid duplicate auth_failed events to user space we check
2909 * the HCI_CONN_AUTH_PEND flag which will be set if we
2910 * initiated the authentication. A traditional auth_complete
2911 * event gets always produced as initiator and is also mapped to
2912 * the mgmt_auth_failed event */
2913 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
2914 mgmt_auth_failed(hdev, &conn->dst, ev->status);
2919 hci_dev_unlock(hdev);
2922 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2924 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2925 struct inquiry_entry *ie;
2927 BT_DBG("%s", hdev->name);
2931 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2933 ie->data.ssp_mode = (ev->features[0] & 0x01);
2935 hci_dev_unlock(hdev);
2938 static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2939 struct sk_buff *skb)
2941 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2942 struct oob_data *data;
2944 BT_DBG("%s", hdev->name);
2948 if (!test_bit(HCI_MGMT, &hdev->flags))
2951 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2953 struct hci_cp_remote_oob_data_reply cp;
2955 bacpy(&cp.bdaddr, &ev->bdaddr);
2956 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2957 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2959 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2962 struct hci_cp_remote_oob_data_neg_reply cp;
2964 bacpy(&cp.bdaddr, &ev->bdaddr);
2965 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2970 hci_dev_unlock(hdev);
2973 static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2975 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2976 struct hci_conn *conn;
2978 BT_DBG("%s status %d", hdev->name, ev->status);
2982 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
2984 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2986 BT_ERR("No memory for new connection");
2987 hci_dev_unlock(hdev);
2991 conn->dst_type = ev->bdaddr_type;
2995 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
2996 conn->dst_type, ev->status);
2997 hci_proto_connect_cfm(conn, ev->status);
2998 conn->state = BT_CLOSED;
3003 mgmt_connected(hdev, &ev->bdaddr, conn->type, conn->dst_type);
3005 conn->sec_level = BT_SECURITY_LOW;
3006 conn->handle = __le16_to_cpu(ev->handle);
3007 conn->state = BT_CONNECTED;
3009 hci_conn_hold_device(conn);
3010 hci_conn_add_sysfs(conn);
3012 hci_proto_connect_cfm(conn, ev->status);
3015 hci_dev_unlock(hdev);
3018 static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3019 struct sk_buff *skb)
3021 u8 num_reports = skb->data[0];
3022 void *ptr = &skb->data[1];
3026 while (num_reports--) {
3027 struct hci_ev_le_advertising_info *ev = ptr;
3029 hci_add_adv_entry(hdev, ev);
3031 ptr += sizeof(*ev) + ev->length + 1;
3034 hci_dev_unlock(hdev);
3037 static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3038 struct sk_buff *skb)
3040 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3041 struct hci_cp_le_ltk_reply cp;
3042 struct hci_cp_le_ltk_neg_reply neg;
3043 struct hci_conn *conn;
3044 struct link_key *ltk;
3046 BT_DBG("%s handle %d", hdev->name, cpu_to_le16(ev->handle));
3050 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3054 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3058 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3059 cp.handle = cpu_to_le16(conn->handle);
3060 conn->pin_length = ltk->pin_len;
3062 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3064 hci_dev_unlock(hdev);
3069 neg.handle = ev->handle;
3070 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3071 hci_dev_unlock(hdev);
3074 static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3076 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3078 skb_pull(skb, sizeof(*le_ev));
3080 switch (le_ev->subevent) {
3081 case HCI_EV_LE_CONN_COMPLETE:
3082 hci_le_conn_complete_evt(hdev, skb);
3085 case HCI_EV_LE_ADVERTISING_REPORT:
3086 hci_le_adv_report_evt(hdev, skb);
3089 case HCI_EV_LE_LTK_REQ:
3090 hci_le_ltk_request_evt(hdev, skb);
3098 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3100 struct hci_event_hdr *hdr = (void *) skb->data;
3101 __u8 event = hdr->evt;
3103 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3106 case HCI_EV_INQUIRY_COMPLETE:
3107 hci_inquiry_complete_evt(hdev, skb);
3110 case HCI_EV_INQUIRY_RESULT:
3111 hci_inquiry_result_evt(hdev, skb);
3114 case HCI_EV_CONN_COMPLETE:
3115 hci_conn_complete_evt(hdev, skb);
3118 case HCI_EV_CONN_REQUEST:
3119 hci_conn_request_evt(hdev, skb);
3122 case HCI_EV_DISCONN_COMPLETE:
3123 hci_disconn_complete_evt(hdev, skb);
3126 case HCI_EV_AUTH_COMPLETE:
3127 hci_auth_complete_evt(hdev, skb);
3130 case HCI_EV_REMOTE_NAME:
3131 hci_remote_name_evt(hdev, skb);
3134 case HCI_EV_ENCRYPT_CHANGE:
3135 hci_encrypt_change_evt(hdev, skb);
3138 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3139 hci_change_link_key_complete_evt(hdev, skb);
3142 case HCI_EV_REMOTE_FEATURES:
3143 hci_remote_features_evt(hdev, skb);
3146 case HCI_EV_REMOTE_VERSION:
3147 hci_remote_version_evt(hdev, skb);
3150 case HCI_EV_QOS_SETUP_COMPLETE:
3151 hci_qos_setup_complete_evt(hdev, skb);
3154 case HCI_EV_CMD_COMPLETE:
3155 hci_cmd_complete_evt(hdev, skb);
3158 case HCI_EV_CMD_STATUS:
3159 hci_cmd_status_evt(hdev, skb);
3162 case HCI_EV_ROLE_CHANGE:
3163 hci_role_change_evt(hdev, skb);
3166 case HCI_EV_NUM_COMP_PKTS:
3167 hci_num_comp_pkts_evt(hdev, skb);
3170 case HCI_EV_MODE_CHANGE:
3171 hci_mode_change_evt(hdev, skb);
3174 case HCI_EV_PIN_CODE_REQ:
3175 hci_pin_code_request_evt(hdev, skb);
3178 case HCI_EV_LINK_KEY_REQ:
3179 hci_link_key_request_evt(hdev, skb);
3182 case HCI_EV_LINK_KEY_NOTIFY:
3183 hci_link_key_notify_evt(hdev, skb);
3186 case HCI_EV_CLOCK_OFFSET:
3187 hci_clock_offset_evt(hdev, skb);
3190 case HCI_EV_PKT_TYPE_CHANGE:
3191 hci_pkt_type_change_evt(hdev, skb);
3194 case HCI_EV_PSCAN_REP_MODE:
3195 hci_pscan_rep_mode_evt(hdev, skb);
3198 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3199 hci_inquiry_result_with_rssi_evt(hdev, skb);
3202 case HCI_EV_REMOTE_EXT_FEATURES:
3203 hci_remote_ext_features_evt(hdev, skb);
3206 case HCI_EV_SYNC_CONN_COMPLETE:
3207 hci_sync_conn_complete_evt(hdev, skb);
3210 case HCI_EV_SYNC_CONN_CHANGED:
3211 hci_sync_conn_changed_evt(hdev, skb);
3214 case HCI_EV_SNIFF_SUBRATE:
3215 hci_sniff_subrate_evt(hdev, skb);
3218 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3219 hci_extended_inquiry_result_evt(hdev, skb);
3222 case HCI_EV_IO_CAPA_REQUEST:
3223 hci_io_capa_request_evt(hdev, skb);
3226 case HCI_EV_IO_CAPA_REPLY:
3227 hci_io_capa_reply_evt(hdev, skb);
3230 case HCI_EV_USER_CONFIRM_REQUEST:
3231 hci_user_confirm_request_evt(hdev, skb);
3234 case HCI_EV_USER_PASSKEY_REQUEST:
3235 hci_user_passkey_request_evt(hdev, skb);
3238 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3239 hci_simple_pair_complete_evt(hdev, skb);
3242 case HCI_EV_REMOTE_HOST_FEATURES:
3243 hci_remote_host_features_evt(hdev, skb);
3246 case HCI_EV_LE_META:
3247 hci_le_meta_evt(hdev, skb);
3250 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3251 hci_remote_oob_data_request_evt(hdev, skb);
3255 BT_DBG("%s event 0x%x", hdev->name, event);
3260 hdev->stat.evt_rx++;
3263 /* Generate internal stack event */
3264 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
3266 struct hci_event_hdr *hdr;
3267 struct hci_ev_stack_internal *ev;
3268 struct sk_buff *skb;
3270 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
3274 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
3275 hdr->evt = HCI_EV_STACK_INTERNAL;
3276 hdr->plen = sizeof(*ev) + dlen;
3278 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
3280 memcpy(ev->data, data, dlen);
3282 bt_cb(skb)->incoming = 1;
3283 __net_timestamp(skb);
3285 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
3286 skb->dev = (void *) hdev;
3287 hci_send_to_sock(hdev, skb, NULL);
3291 module_param(enable_le, bool, 0644);
3292 MODULE_PARM_DESC(enable_le, "Enable LE support");