2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
5 Copyright (C) 2010 Google Inc.
7 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License version 2 as
11 published by the Free Software Foundation;
13 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
14 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
16 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
17 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
18 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
23 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
24 SOFTWARE IS DISCLAIMED.
27 /* Bluetooth L2CAP core and sockets. */
29 #include <linux/module.h>
31 #include <linux/types.h>
32 #include <linux/capability.h>
33 #include <linux/errno.h>
34 #include <linux/kernel.h>
35 #include <linux/sched.h>
36 #include <linux/slab.h>
37 #include <linux/poll.h>
38 #include <linux/fcntl.h>
39 #include <linux/init.h>
40 #include <linux/interrupt.h>
41 #include <linux/socket.h>
42 #include <linux/skbuff.h>
43 #include <linux/list.h>
44 #include <linux/device.h>
45 #include <linux/debugfs.h>
46 #include <linux/seq_file.h>
47 #include <linux/uaccess.h>
48 #include <linux/crc16.h>
51 #include <asm/system.h>
52 #include <asm/unaligned.h>
54 #include <net/bluetooth/bluetooth.h>
55 #include <net/bluetooth/hci_core.h>
56 #include <net/bluetooth/l2cap.h>
58 #define VERSION "2.15"
60 static int disable_ertm = 0;
62 static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
63 static u8 l2cap_fixed_chan[8] = { 0x02, };
65 static const struct proto_ops l2cap_sock_ops;
67 static struct workqueue_struct *_busy_wq;
69 static struct bt_sock_list l2cap_sk_list = {
70 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
73 static void l2cap_busy_work(struct work_struct *work);
75 static void __l2cap_sock_close(struct sock *sk, int reason);
76 static void l2cap_sock_close(struct sock *sk);
77 static void l2cap_sock_kill(struct sock *sk);
79 static int l2cap_build_conf_req(struct sock *sk, void *data);
80 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
81 u8 code, u8 ident, u16 dlen, void *data);
83 static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb);
85 /* ---- L2CAP timers ---- */
86 static void l2cap_sock_timeout(unsigned long arg)
88 struct sock *sk = (struct sock *) arg;
91 BT_DBG("sock %p state %d", sk, sk->sk_state);
95 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
96 reason = ECONNREFUSED;
97 else if (sk->sk_state == BT_CONNECT &&
98 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
99 reason = ECONNREFUSED;
103 __l2cap_sock_close(sk, reason);
111 static void l2cap_sock_set_timer(struct sock *sk, long timeout)
113 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
114 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
117 static void l2cap_sock_clear_timer(struct sock *sk)
119 BT_DBG("sock %p state %d", sk, sk->sk_state);
120 sk_stop_timer(sk, &sk->sk_timer);
123 /* ---- L2CAP channels ---- */
124 static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
127 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
128 if (l2cap_pi(s)->dcid == cid)
134 static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
137 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
138 if (l2cap_pi(s)->scid == cid)
144 /* Find channel with given SCID.
145 * Returns locked socket */
146 static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
150 s = __l2cap_get_chan_by_scid(l, cid);
153 read_unlock(&l->lock);
157 static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
160 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
161 if (l2cap_pi(s)->ident == ident)
167 static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
171 s = __l2cap_get_chan_by_ident(l, ident);
174 read_unlock(&l->lock);
178 static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
180 u16 cid = L2CAP_CID_DYN_START;
182 for (; cid < L2CAP_CID_DYN_END; cid++) {
183 if (!__l2cap_get_chan_by_scid(l, cid))
190 static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
195 l2cap_pi(l->head)->prev_c = sk;
197 l2cap_pi(sk)->next_c = l->head;
198 l2cap_pi(sk)->prev_c = NULL;
202 static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
204 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
206 write_lock_bh(&l->lock);
211 l2cap_pi(next)->prev_c = prev;
213 l2cap_pi(prev)->next_c = next;
214 write_unlock_bh(&l->lock);
219 static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
221 struct l2cap_chan_list *l = &conn->chan_list;
223 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
224 l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
226 conn->disc_reason = 0x13;
228 l2cap_pi(sk)->conn = conn;
230 if (sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM) {
231 /* Alloc CID for connection-oriented socket */
232 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
233 } else if (sk->sk_type == SOCK_DGRAM) {
234 /* Connectionless socket */
235 l2cap_pi(sk)->scid = L2CAP_CID_CONN_LESS;
236 l2cap_pi(sk)->dcid = L2CAP_CID_CONN_LESS;
237 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
239 /* Raw socket can send/recv signalling messages only */
240 l2cap_pi(sk)->scid = L2CAP_CID_SIGNALING;
241 l2cap_pi(sk)->dcid = L2CAP_CID_SIGNALING;
242 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
245 __l2cap_chan_link(l, sk);
248 bt_accept_enqueue(parent, sk);
252 * Must be called on the locked socket. */
253 static void l2cap_chan_del(struct sock *sk, int err)
255 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
256 struct sock *parent = bt_sk(sk)->parent;
258 l2cap_sock_clear_timer(sk);
260 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
263 /* Unlink from channel list */
264 l2cap_chan_unlink(&conn->chan_list, sk);
265 l2cap_pi(sk)->conn = NULL;
266 hci_conn_put(conn->hcon);
269 sk->sk_state = BT_CLOSED;
270 sock_set_flag(sk, SOCK_ZAPPED);
276 bt_accept_unlink(sk);
277 parent->sk_data_ready(parent, 0);
279 sk->sk_state_change(sk);
281 skb_queue_purge(TX_QUEUE(sk));
283 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
284 struct srej_list *l, *tmp;
286 del_timer(&l2cap_pi(sk)->retrans_timer);
287 del_timer(&l2cap_pi(sk)->monitor_timer);
288 del_timer(&l2cap_pi(sk)->ack_timer);
290 skb_queue_purge(SREJ_QUEUE(sk));
291 skb_queue_purge(BUSY_QUEUE(sk));
293 list_for_each_entry_safe(l, tmp, SREJ_LIST(sk), list) {
300 /* Service level security */
301 static inline int l2cap_check_security(struct sock *sk)
303 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
306 if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
307 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
308 auth_type = HCI_AT_NO_BONDING_MITM;
310 auth_type = HCI_AT_NO_BONDING;
312 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
313 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
315 switch (l2cap_pi(sk)->sec_level) {
316 case BT_SECURITY_HIGH:
317 auth_type = HCI_AT_GENERAL_BONDING_MITM;
319 case BT_SECURITY_MEDIUM:
320 auth_type = HCI_AT_GENERAL_BONDING;
323 auth_type = HCI_AT_NO_BONDING;
328 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,
332 static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
336 /* Get next available identificator.
337 * 1 - 128 are used by kernel.
338 * 129 - 199 are reserved.
339 * 200 - 254 are used by utilities like l2ping, etc.
342 spin_lock_bh(&conn->lock);
344 if (++conn->tx_ident > 128)
349 spin_unlock_bh(&conn->lock);
354 static inline void l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
356 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
358 BT_DBG("code 0x%2.2x", code);
363 hci_send_acl(conn->hcon, skb, 0);
366 static inline void l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control)
369 struct l2cap_hdr *lh;
370 struct l2cap_conn *conn = pi->conn;
371 struct sock *sk = (struct sock *)pi;
372 int count, hlen = L2CAP_HDR_SIZE + 2;
374 if (sk->sk_state != BT_CONNECTED)
377 if (pi->fcs == L2CAP_FCS_CRC16)
380 BT_DBG("pi %p, control 0x%2.2x", pi, control);
382 count = min_t(unsigned int, conn->mtu, hlen);
383 control |= L2CAP_CTRL_FRAME_TYPE;
385 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
386 control |= L2CAP_CTRL_FINAL;
387 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
390 if (pi->conn_state & L2CAP_CONN_SEND_PBIT) {
391 control |= L2CAP_CTRL_POLL;
392 pi->conn_state &= ~L2CAP_CONN_SEND_PBIT;
395 skb = bt_skb_alloc(count, GFP_ATOMIC);
399 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
400 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
401 lh->cid = cpu_to_le16(pi->dcid);
402 put_unaligned_le16(control, skb_put(skb, 2));
404 if (pi->fcs == L2CAP_FCS_CRC16) {
405 u16 fcs = crc16(0, (u8 *)lh, count - 2);
406 put_unaligned_le16(fcs, skb_put(skb, 2));
409 hci_send_acl(pi->conn->hcon, skb, 0);
412 static inline void l2cap_send_rr_or_rnr(struct l2cap_pinfo *pi, u16 control)
414 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
415 control |= L2CAP_SUPER_RCV_NOT_READY;
416 pi->conn_state |= L2CAP_CONN_RNR_SENT;
418 control |= L2CAP_SUPER_RCV_READY;
420 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
422 l2cap_send_sframe(pi, control);
425 static inline int __l2cap_no_conn_pending(struct sock *sk)
427 return !(l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND);
430 static void l2cap_do_start(struct sock *sk)
432 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
434 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
435 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
438 if (l2cap_check_security(sk) && __l2cap_no_conn_pending(sk)) {
439 struct l2cap_conn_req req;
440 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
441 req.psm = l2cap_pi(sk)->psm;
443 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
444 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
446 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
447 L2CAP_CONN_REQ, sizeof(req), &req);
450 struct l2cap_info_req req;
451 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
453 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
454 conn->info_ident = l2cap_get_ident(conn);
456 mod_timer(&conn->info_timer, jiffies +
457 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
459 l2cap_send_cmd(conn, conn->info_ident,
460 L2CAP_INFO_REQ, sizeof(req), &req);
464 static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
466 u32 local_feat_mask = l2cap_feat_mask;
468 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
471 case L2CAP_MODE_ERTM:
472 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
473 case L2CAP_MODE_STREAMING:
474 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
480 static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk, int err)
482 struct l2cap_disconn_req req;
487 skb_queue_purge(TX_QUEUE(sk));
489 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
490 del_timer(&l2cap_pi(sk)->retrans_timer);
491 del_timer(&l2cap_pi(sk)->monitor_timer);
492 del_timer(&l2cap_pi(sk)->ack_timer);
495 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
496 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
497 l2cap_send_cmd(conn, l2cap_get_ident(conn),
498 L2CAP_DISCONN_REQ, sizeof(req), &req);
500 sk->sk_state = BT_DISCONN;
504 /* ---- L2CAP connections ---- */
505 static void l2cap_conn_start(struct l2cap_conn *conn)
507 struct l2cap_chan_list *l = &conn->chan_list;
508 struct sock_del_list del, *tmp1, *tmp2;
511 BT_DBG("conn %p", conn);
513 INIT_LIST_HEAD(&del.list);
517 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
520 if (sk->sk_type != SOCK_SEQPACKET &&
521 sk->sk_type != SOCK_STREAM) {
526 if (sk->sk_state == BT_CONNECT) {
527 struct l2cap_conn_req req;
529 if (!l2cap_check_security(sk) ||
530 !__l2cap_no_conn_pending(sk)) {
535 if (!l2cap_mode_supported(l2cap_pi(sk)->mode,
537 && l2cap_pi(sk)->conf_state &
538 L2CAP_CONF_STATE2_DEVICE) {
539 tmp1 = kzalloc(sizeof(struct sock_del_list),
542 list_add_tail(&tmp1->list, &del.list);
547 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
548 req.psm = l2cap_pi(sk)->psm;
550 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
551 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
553 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
554 L2CAP_CONN_REQ, sizeof(req), &req);
556 } else if (sk->sk_state == BT_CONNECT2) {
557 struct l2cap_conn_rsp rsp;
559 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
560 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
562 if (l2cap_check_security(sk)) {
563 if (bt_sk(sk)->defer_setup) {
564 struct sock *parent = bt_sk(sk)->parent;
565 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
566 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
567 parent->sk_data_ready(parent, 0);
570 sk->sk_state = BT_CONFIG;
571 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
572 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
575 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
576 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
579 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
580 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
582 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT ||
583 rsp.result != L2CAP_CR_SUCCESS) {
588 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
589 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
590 l2cap_build_conf_req(sk, buf), buf);
591 l2cap_pi(sk)->num_conf_req++;
597 read_unlock(&l->lock);
599 list_for_each_entry_safe(tmp1, tmp2, &del.list, list) {
600 bh_lock_sock(tmp1->sk);
601 __l2cap_sock_close(tmp1->sk, ECONNRESET);
602 bh_unlock_sock(tmp1->sk);
603 list_del(&tmp1->list);
608 static void l2cap_conn_ready(struct l2cap_conn *conn)
610 struct l2cap_chan_list *l = &conn->chan_list;
613 BT_DBG("conn %p", conn);
617 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
620 if (sk->sk_type != SOCK_SEQPACKET &&
621 sk->sk_type != SOCK_STREAM) {
622 l2cap_sock_clear_timer(sk);
623 sk->sk_state = BT_CONNECTED;
624 sk->sk_state_change(sk);
625 } else if (sk->sk_state == BT_CONNECT)
631 read_unlock(&l->lock);
634 /* Notify sockets that we cannot guaranty reliability anymore */
635 static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
637 struct l2cap_chan_list *l = &conn->chan_list;
640 BT_DBG("conn %p", conn);
644 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
645 if (l2cap_pi(sk)->force_reliable)
649 read_unlock(&l->lock);
652 static void l2cap_info_timeout(unsigned long arg)
654 struct l2cap_conn *conn = (void *) arg;
656 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
657 conn->info_ident = 0;
659 l2cap_conn_start(conn);
662 static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
664 struct l2cap_conn *conn = hcon->l2cap_data;
669 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
673 hcon->l2cap_data = conn;
676 BT_DBG("hcon %p conn %p", hcon, conn);
678 conn->mtu = hcon->hdev->acl_mtu;
679 conn->src = &hcon->hdev->bdaddr;
680 conn->dst = &hcon->dst;
684 spin_lock_init(&conn->lock);
685 rwlock_init(&conn->chan_list.lock);
687 setup_timer(&conn->info_timer, l2cap_info_timeout,
688 (unsigned long) conn);
690 conn->disc_reason = 0x13;
695 static void l2cap_conn_del(struct hci_conn *hcon, int err)
697 struct l2cap_conn *conn = hcon->l2cap_data;
703 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
705 kfree_skb(conn->rx_skb);
708 while ((sk = conn->chan_list.head)) {
710 l2cap_chan_del(sk, err);
715 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
716 del_timer_sync(&conn->info_timer);
718 hcon->l2cap_data = NULL;
722 static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
724 struct l2cap_chan_list *l = &conn->chan_list;
725 write_lock_bh(&l->lock);
726 __l2cap_chan_add(conn, sk, parent);
727 write_unlock_bh(&l->lock);
730 /* ---- Socket interface ---- */
731 static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
734 struct hlist_node *node;
735 sk_for_each(sk, node, &l2cap_sk_list.head)
736 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
743 /* Find socket with psm and source bdaddr.
744 * Returns closest match.
746 static struct sock *__l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
748 struct sock *sk = NULL, *sk1 = NULL;
749 struct hlist_node *node;
751 sk_for_each(sk, node, &l2cap_sk_list.head) {
752 if (state && sk->sk_state != state)
755 if (l2cap_pi(sk)->psm == psm) {
757 if (!bacmp(&bt_sk(sk)->src, src))
761 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
765 return node ? sk : sk1;
768 /* Find socket with given address (psm, src).
769 * Returns locked socket */
770 static inline struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
773 read_lock(&l2cap_sk_list.lock);
774 s = __l2cap_get_sock_by_psm(state, psm, src);
777 read_unlock(&l2cap_sk_list.lock);
781 static void l2cap_sock_destruct(struct sock *sk)
785 skb_queue_purge(&sk->sk_receive_queue);
786 skb_queue_purge(&sk->sk_write_queue);
789 static void l2cap_sock_cleanup_listen(struct sock *parent)
793 BT_DBG("parent %p", parent);
795 /* Close not yet accepted channels */
796 while ((sk = bt_accept_dequeue(parent, NULL)))
797 l2cap_sock_close(sk);
799 parent->sk_state = BT_CLOSED;
800 sock_set_flag(parent, SOCK_ZAPPED);
803 /* Kill socket (only if zapped and orphan)
804 * Must be called on unlocked socket.
806 static void l2cap_sock_kill(struct sock *sk)
808 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
811 BT_DBG("sk %p state %d", sk, sk->sk_state);
813 /* Kill poor orphan */
814 bt_sock_unlink(&l2cap_sk_list, sk);
815 sock_set_flag(sk, SOCK_DEAD);
819 static void __l2cap_sock_close(struct sock *sk, int reason)
821 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
823 switch (sk->sk_state) {
825 l2cap_sock_cleanup_listen(sk);
830 if (sk->sk_type == SOCK_SEQPACKET ||
831 sk->sk_type == SOCK_STREAM) {
832 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
834 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
835 l2cap_send_disconn_req(conn, sk, reason);
837 l2cap_chan_del(sk, reason);
841 if (sk->sk_type == SOCK_SEQPACKET ||
842 sk->sk_type == SOCK_STREAM) {
843 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
844 struct l2cap_conn_rsp rsp;
847 if (bt_sk(sk)->defer_setup)
848 result = L2CAP_CR_SEC_BLOCK;
850 result = L2CAP_CR_BAD_PSM;
852 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
853 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
854 rsp.result = cpu_to_le16(result);
855 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
856 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
857 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
859 l2cap_chan_del(sk, reason);
864 l2cap_chan_del(sk, reason);
868 sock_set_flag(sk, SOCK_ZAPPED);
873 /* Must be called on unlocked socket. */
874 static void l2cap_sock_close(struct sock *sk)
876 l2cap_sock_clear_timer(sk);
878 __l2cap_sock_close(sk, ECONNRESET);
883 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
885 struct l2cap_pinfo *pi = l2cap_pi(sk);
890 sk->sk_type = parent->sk_type;
891 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
893 pi->imtu = l2cap_pi(parent)->imtu;
894 pi->omtu = l2cap_pi(parent)->omtu;
895 pi->conf_state = l2cap_pi(parent)->conf_state;
896 pi->mode = l2cap_pi(parent)->mode;
897 pi->fcs = l2cap_pi(parent)->fcs;
898 pi->max_tx = l2cap_pi(parent)->max_tx;
899 pi->tx_win = l2cap_pi(parent)->tx_win;
900 pi->sec_level = l2cap_pi(parent)->sec_level;
901 pi->role_switch = l2cap_pi(parent)->role_switch;
902 pi->force_reliable = l2cap_pi(parent)->force_reliable;
904 pi->imtu = L2CAP_DEFAULT_MTU;
906 if (!disable_ertm && sk->sk_type == SOCK_STREAM) {
907 pi->mode = L2CAP_MODE_ERTM;
908 pi->conf_state |= L2CAP_CONF_STATE2_DEVICE;
910 pi->mode = L2CAP_MODE_BASIC;
912 pi->max_tx = L2CAP_DEFAULT_MAX_TX;
913 pi->fcs = L2CAP_FCS_CRC16;
914 pi->tx_win = L2CAP_DEFAULT_TX_WINDOW;
915 pi->sec_level = BT_SECURITY_LOW;
917 pi->force_reliable = 0;
920 /* Default config options */
922 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
923 skb_queue_head_init(TX_QUEUE(sk));
924 skb_queue_head_init(SREJ_QUEUE(sk));
925 skb_queue_head_init(BUSY_QUEUE(sk));
926 INIT_LIST_HEAD(SREJ_LIST(sk));
929 static struct proto l2cap_proto = {
931 .owner = THIS_MODULE,
932 .obj_size = sizeof(struct l2cap_pinfo)
935 static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
939 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
943 sock_init_data(sock, sk);
944 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
946 sk->sk_destruct = l2cap_sock_destruct;
947 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
949 sock_reset_flag(sk, SOCK_ZAPPED);
951 sk->sk_protocol = proto;
952 sk->sk_state = BT_OPEN;
954 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
956 bt_sock_link(&l2cap_sk_list, sk);
960 static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
965 BT_DBG("sock %p", sock);
967 sock->state = SS_UNCONNECTED;
969 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM &&
970 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
971 return -ESOCKTNOSUPPORT;
973 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
976 sock->ops = &l2cap_sock_ops;
978 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
982 l2cap_sock_init(sk, NULL);
986 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
988 struct sock *sk = sock->sk;
989 struct sockaddr_l2 la;
994 if (!addr || addr->sa_family != AF_BLUETOOTH)
997 memset(&la, 0, sizeof(la));
998 len = min_t(unsigned int, sizeof(la), alen);
999 memcpy(&la, addr, len);
1006 if (sk->sk_state != BT_OPEN) {
1011 if (la.l2_psm && __le16_to_cpu(la.l2_psm) < 0x1001 &&
1012 !capable(CAP_NET_BIND_SERVICE)) {
1017 write_lock_bh(&l2cap_sk_list.lock);
1019 if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) {
1022 /* Save source address */
1023 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
1024 l2cap_pi(sk)->psm = la.l2_psm;
1025 l2cap_pi(sk)->sport = la.l2_psm;
1026 sk->sk_state = BT_BOUND;
1028 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
1029 __le16_to_cpu(la.l2_psm) == 0x0003)
1030 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
1033 write_unlock_bh(&l2cap_sk_list.lock);
1040 static int l2cap_do_connect(struct sock *sk)
1042 bdaddr_t *src = &bt_sk(sk)->src;
1043 bdaddr_t *dst = &bt_sk(sk)->dst;
1044 struct l2cap_conn *conn;
1045 struct hci_conn *hcon;
1046 struct hci_dev *hdev;
1050 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
1053 hdev = hci_get_route(dst, src);
1055 return -EHOSTUNREACH;
1057 hci_dev_lock_bh(hdev);
1061 if (sk->sk_type == SOCK_RAW) {
1062 switch (l2cap_pi(sk)->sec_level) {
1063 case BT_SECURITY_HIGH:
1064 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
1066 case BT_SECURITY_MEDIUM:
1067 auth_type = HCI_AT_DEDICATED_BONDING;
1070 auth_type = HCI_AT_NO_BONDING;
1073 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
1074 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
1075 auth_type = HCI_AT_NO_BONDING_MITM;
1077 auth_type = HCI_AT_NO_BONDING;
1079 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
1080 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
1082 switch (l2cap_pi(sk)->sec_level) {
1083 case BT_SECURITY_HIGH:
1084 auth_type = HCI_AT_GENERAL_BONDING_MITM;
1086 case BT_SECURITY_MEDIUM:
1087 auth_type = HCI_AT_GENERAL_BONDING;
1090 auth_type = HCI_AT_NO_BONDING;
1095 hcon = hci_connect(hdev, ACL_LINK, dst,
1096 l2cap_pi(sk)->sec_level, auth_type);
1100 conn = l2cap_conn_add(hcon, 0);
1108 /* Update source addr of the socket */
1109 bacpy(src, conn->src);
1111 l2cap_chan_add(conn, sk, NULL);
1113 sk->sk_state = BT_CONNECT;
1114 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
1116 if (hcon->state == BT_CONNECTED) {
1117 if (sk->sk_type != SOCK_SEQPACKET &&
1118 sk->sk_type != SOCK_STREAM) {
1119 l2cap_sock_clear_timer(sk);
1120 sk->sk_state = BT_CONNECTED;
1126 hci_dev_unlock_bh(hdev);
1131 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
1133 struct sock *sk = sock->sk;
1134 struct sockaddr_l2 la;
1137 BT_DBG("sk %p", sk);
1139 if (!addr || alen < sizeof(addr->sa_family) ||
1140 addr->sa_family != AF_BLUETOOTH)
1143 memset(&la, 0, sizeof(la));
1144 len = min_t(unsigned int, sizeof(la), alen);
1145 memcpy(&la, addr, len);
1152 if ((sk->sk_type == SOCK_SEQPACKET || sk->sk_type == SOCK_STREAM)
1158 switch (l2cap_pi(sk)->mode) {
1159 case L2CAP_MODE_BASIC:
1161 case L2CAP_MODE_ERTM:
1162 case L2CAP_MODE_STREAMING:
1171 switch (sk->sk_state) {
1175 /* Already connecting */
1179 /* Already connected */
1193 /* Set destination address and psm */
1194 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
1195 l2cap_pi(sk)->psm = la.l2_psm;
1197 err = l2cap_do_connect(sk);
1202 err = bt_sock_wait_state(sk, BT_CONNECTED,
1203 sock_sndtimeo(sk, flags & O_NONBLOCK));
1209 static int l2cap_sock_listen(struct socket *sock, int backlog)
1211 struct sock *sk = sock->sk;
1214 BT_DBG("sk %p backlog %d", sk, backlog);
1218 if ((sock->type != SOCK_SEQPACKET && sock->type != SOCK_STREAM)
1219 || sk->sk_state != BT_BOUND) {
1224 switch (l2cap_pi(sk)->mode) {
1225 case L2CAP_MODE_BASIC:
1227 case L2CAP_MODE_ERTM:
1228 case L2CAP_MODE_STREAMING:
1237 if (!l2cap_pi(sk)->psm) {
1238 bdaddr_t *src = &bt_sk(sk)->src;
1243 write_lock_bh(&l2cap_sk_list.lock);
1245 for (psm = 0x1001; psm < 0x1100; psm += 2)
1246 if (!__l2cap_get_sock_by_addr(cpu_to_le16(psm), src)) {
1247 l2cap_pi(sk)->psm = cpu_to_le16(psm);
1248 l2cap_pi(sk)->sport = cpu_to_le16(psm);
1253 write_unlock_bh(&l2cap_sk_list.lock);
1259 sk->sk_max_ack_backlog = backlog;
1260 sk->sk_ack_backlog = 0;
1261 sk->sk_state = BT_LISTEN;
1268 static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
1270 DECLARE_WAITQUEUE(wait, current);
1271 struct sock *sk = sock->sk, *nsk;
1275 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1277 if (sk->sk_state != BT_LISTEN) {
1282 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
1284 BT_DBG("sk %p timeo %ld", sk, timeo);
1286 /* Wait for an incoming connection. (wake-one). */
1287 add_wait_queue_exclusive(sk_sleep(sk), &wait);
1288 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
1289 set_current_state(TASK_INTERRUPTIBLE);
1296 timeo = schedule_timeout(timeo);
1297 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1299 if (sk->sk_state != BT_LISTEN) {
1304 if (signal_pending(current)) {
1305 err = sock_intr_errno(timeo);
1309 set_current_state(TASK_RUNNING);
1310 remove_wait_queue(sk_sleep(sk), &wait);
1315 newsock->state = SS_CONNECTED;
1317 BT_DBG("new socket %p", nsk);
1324 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
1326 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
1327 struct sock *sk = sock->sk;
1329 BT_DBG("sock %p, sk %p", sock, sk);
1331 addr->sa_family = AF_BLUETOOTH;
1332 *len = sizeof(struct sockaddr_l2);
1335 la->l2_psm = l2cap_pi(sk)->psm;
1336 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
1337 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1339 la->l2_psm = l2cap_pi(sk)->sport;
1340 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
1341 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->scid);
1347 static int __l2cap_wait_ack(struct sock *sk)
1349 DECLARE_WAITQUEUE(wait, current);
1353 add_wait_queue(sk_sleep(sk), &wait);
1354 while ((l2cap_pi(sk)->unacked_frames > 0 && l2cap_pi(sk)->conn)) {
1355 set_current_state(TASK_INTERRUPTIBLE);
1360 if (signal_pending(current)) {
1361 err = sock_intr_errno(timeo);
1366 timeo = schedule_timeout(timeo);
1369 err = sock_error(sk);
1373 set_current_state(TASK_RUNNING);
1374 remove_wait_queue(sk_sleep(sk), &wait);
1378 static void l2cap_monitor_timeout(unsigned long arg)
1380 struct sock *sk = (void *) arg;
1382 BT_DBG("sk %p", sk);
1385 if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) {
1386 l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk, ECONNABORTED);
1391 l2cap_pi(sk)->retry_count++;
1392 __mod_monitor_timer();
1394 l2cap_send_rr_or_rnr(l2cap_pi(sk), L2CAP_CTRL_POLL);
1398 static void l2cap_retrans_timeout(unsigned long arg)
1400 struct sock *sk = (void *) arg;
1402 BT_DBG("sk %p", sk);
1405 l2cap_pi(sk)->retry_count = 1;
1406 __mod_monitor_timer();
1408 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F;
1410 l2cap_send_rr_or_rnr(l2cap_pi(sk), L2CAP_CTRL_POLL);
1414 static void l2cap_drop_acked_frames(struct sock *sk)
1416 struct sk_buff *skb;
1418 while ((skb = skb_peek(TX_QUEUE(sk))) &&
1419 l2cap_pi(sk)->unacked_frames) {
1420 if (bt_cb(skb)->tx_seq == l2cap_pi(sk)->expected_ack_seq)
1423 skb = skb_dequeue(TX_QUEUE(sk));
1426 l2cap_pi(sk)->unacked_frames--;
1429 if (!l2cap_pi(sk)->unacked_frames)
1430 del_timer(&l2cap_pi(sk)->retrans_timer);
1433 static inline void l2cap_do_send(struct sock *sk, struct sk_buff *skb)
1435 struct l2cap_pinfo *pi = l2cap_pi(sk);
1437 BT_DBG("sk %p, skb %p len %d", sk, skb, skb->len);
1439 hci_send_acl(pi->conn->hcon, skb, 0);
1442 static void l2cap_streaming_send(struct sock *sk)
1444 struct sk_buff *skb, *tx_skb;
1445 struct l2cap_pinfo *pi = l2cap_pi(sk);
1448 while ((skb = sk->sk_send_head)) {
1449 tx_skb = skb_clone(skb, GFP_ATOMIC);
1451 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1452 control |= pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT;
1453 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1455 if (pi->fcs == L2CAP_FCS_CRC16) {
1456 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1457 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1460 l2cap_do_send(sk, tx_skb);
1462 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64;
1464 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1465 sk->sk_send_head = NULL;
1467 sk->sk_send_head = skb_queue_next(TX_QUEUE(sk), skb);
1469 skb = skb_dequeue(TX_QUEUE(sk));
1474 static void l2cap_retransmit_one_frame(struct sock *sk, u8 tx_seq)
1476 struct l2cap_pinfo *pi = l2cap_pi(sk);
1477 struct sk_buff *skb, *tx_skb;
1480 skb = skb_peek(TX_QUEUE(sk));
1485 if (bt_cb(skb)->tx_seq == tx_seq)
1488 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1491 } while ((skb = skb_queue_next(TX_QUEUE(sk), skb)));
1493 if (pi->remote_max_tx &&
1494 bt_cb(skb)->retries == pi->remote_max_tx) {
1495 l2cap_send_disconn_req(pi->conn, sk, ECONNABORTED);
1499 tx_skb = skb_clone(skb, GFP_ATOMIC);
1500 bt_cb(skb)->retries++;
1501 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1503 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
1504 control |= L2CAP_CTRL_FINAL;
1505 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
1508 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1509 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1511 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1513 if (pi->fcs == L2CAP_FCS_CRC16) {
1514 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1515 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1518 l2cap_do_send(sk, tx_skb);
1521 static int l2cap_ertm_send(struct sock *sk)
1523 struct sk_buff *skb, *tx_skb;
1524 struct l2cap_pinfo *pi = l2cap_pi(sk);
1528 if (sk->sk_state != BT_CONNECTED)
1531 while ((skb = sk->sk_send_head) && (!l2cap_tx_window_full(sk))) {
1533 if (pi->remote_max_tx &&
1534 bt_cb(skb)->retries == pi->remote_max_tx) {
1535 l2cap_send_disconn_req(pi->conn, sk, ECONNABORTED);
1539 tx_skb = skb_clone(skb, GFP_ATOMIC);
1541 bt_cb(skb)->retries++;
1543 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1544 control &= L2CAP_CTRL_SAR;
1546 if (pi->conn_state & L2CAP_CONN_SEND_FBIT) {
1547 control |= L2CAP_CTRL_FINAL;
1548 pi->conn_state &= ~L2CAP_CONN_SEND_FBIT;
1550 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1551 | (pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1552 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1555 if (pi->fcs == L2CAP_FCS_CRC16) {
1556 fcs = crc16(0, (u8 *)skb->data, tx_skb->len - 2);
1557 put_unaligned_le16(fcs, skb->data + tx_skb->len - 2);
1560 l2cap_do_send(sk, tx_skb);
1562 __mod_retrans_timer();
1564 bt_cb(skb)->tx_seq = pi->next_tx_seq;
1565 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64;
1567 pi->unacked_frames++;
1570 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1571 sk->sk_send_head = NULL;
1573 sk->sk_send_head = skb_queue_next(TX_QUEUE(sk), skb);
1581 static int l2cap_retransmit_frames(struct sock *sk)
1583 struct l2cap_pinfo *pi = l2cap_pi(sk);
1586 if (!skb_queue_empty(TX_QUEUE(sk)))
1587 sk->sk_send_head = TX_QUEUE(sk)->next;
1589 pi->next_tx_seq = pi->expected_ack_seq;
1590 ret = l2cap_ertm_send(sk);
1594 static void l2cap_send_ack(struct l2cap_pinfo *pi)
1596 struct sock *sk = (struct sock *)pi;
1599 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1601 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
1602 control |= L2CAP_SUPER_RCV_NOT_READY;
1603 pi->conn_state |= L2CAP_CONN_RNR_SENT;
1604 l2cap_send_sframe(pi, control);
1608 if (l2cap_ertm_send(sk) > 0)
1611 control |= L2CAP_SUPER_RCV_READY;
1612 l2cap_send_sframe(pi, control);
1615 static void l2cap_send_srejtail(struct sock *sk)
1617 struct srej_list *tail;
1620 control = L2CAP_SUPER_SELECT_REJECT;
1621 control |= L2CAP_CTRL_FINAL;
1623 tail = list_entry(SREJ_LIST(sk)->prev, struct srej_list, list);
1624 control |= tail->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
1626 l2cap_send_sframe(l2cap_pi(sk), control);
1629 static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb)
1631 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1632 struct sk_buff **frag;
1635 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count))
1641 /* Continuation fragments (no L2CAP header) */
1642 frag = &skb_shinfo(skb)->frag_list;
1644 count = min_t(unsigned int, conn->mtu, len);
1646 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1649 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
1655 frag = &(*frag)->next;
1661 static struct sk_buff *l2cap_create_connless_pdu(struct sock *sk, struct msghdr *msg, size_t len)
1663 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1664 struct sk_buff *skb;
1665 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1666 struct l2cap_hdr *lh;
1668 BT_DBG("sk %p len %d", sk, (int)len);
1670 count = min_t(unsigned int, (conn->mtu - hlen), len);
1671 skb = bt_skb_send_alloc(sk, count + hlen,
1672 msg->msg_flags & MSG_DONTWAIT, &err);
1674 return ERR_PTR(-ENOMEM);
1676 /* Create L2CAP header */
1677 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1678 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1679 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1680 put_unaligned_le16(l2cap_pi(sk)->psm, skb_put(skb, 2));
1682 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1683 if (unlikely(err < 0)) {
1685 return ERR_PTR(err);
1690 static struct sk_buff *l2cap_create_basic_pdu(struct sock *sk, struct msghdr *msg, size_t len)
1692 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1693 struct sk_buff *skb;
1694 int err, count, hlen = L2CAP_HDR_SIZE;
1695 struct l2cap_hdr *lh;
1697 BT_DBG("sk %p len %d", sk, (int)len);
1699 count = min_t(unsigned int, (conn->mtu - hlen), len);
1700 skb = bt_skb_send_alloc(sk, count + hlen,
1701 msg->msg_flags & MSG_DONTWAIT, &err);
1703 return ERR_PTR(-ENOMEM);
1705 /* Create L2CAP header */
1706 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1707 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1708 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1710 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1711 if (unlikely(err < 0)) {
1713 return ERR_PTR(err);
1718 static struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *msg, size_t len, u16 control, u16 sdulen)
1720 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1721 struct sk_buff *skb;
1722 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1723 struct l2cap_hdr *lh;
1725 BT_DBG("sk %p len %d", sk, (int)len);
1728 return ERR_PTR(-ENOTCONN);
1733 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16)
1736 count = min_t(unsigned int, (conn->mtu - hlen), len);
1737 skb = bt_skb_send_alloc(sk, count + hlen,
1738 msg->msg_flags & MSG_DONTWAIT, &err);
1740 return ERR_PTR(-ENOMEM);
1742 /* Create L2CAP header */
1743 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1744 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1745 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1746 put_unaligned_le16(control, skb_put(skb, 2));
1748 put_unaligned_le16(sdulen, skb_put(skb, 2));
1750 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1751 if (unlikely(err < 0)) {
1753 return ERR_PTR(err);
1756 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16)
1757 put_unaligned_le16(0, skb_put(skb, 2));
1759 bt_cb(skb)->retries = 0;
1763 static inline int l2cap_sar_segment_sdu(struct sock *sk, struct msghdr *msg, size_t len)
1765 struct l2cap_pinfo *pi = l2cap_pi(sk);
1766 struct sk_buff *skb;
1767 struct sk_buff_head sar_queue;
1771 skb_queue_head_init(&sar_queue);
1772 control = L2CAP_SDU_START;
1773 skb = l2cap_create_iframe_pdu(sk, msg, pi->remote_mps, control, len);
1775 return PTR_ERR(skb);
1777 __skb_queue_tail(&sar_queue, skb);
1778 len -= pi->remote_mps;
1779 size += pi->remote_mps;
1784 if (len > pi->remote_mps) {
1785 control = L2CAP_SDU_CONTINUE;
1786 buflen = pi->remote_mps;
1788 control = L2CAP_SDU_END;
1792 skb = l2cap_create_iframe_pdu(sk, msg, buflen, control, 0);
1794 skb_queue_purge(&sar_queue);
1795 return PTR_ERR(skb);
1798 __skb_queue_tail(&sar_queue, skb);
1802 skb_queue_splice_tail(&sar_queue, TX_QUEUE(sk));
1803 if (sk->sk_send_head == NULL)
1804 sk->sk_send_head = sar_queue.next;
1809 static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
1811 struct sock *sk = sock->sk;
1812 struct l2cap_pinfo *pi = l2cap_pi(sk);
1813 struct sk_buff *skb;
1817 BT_DBG("sock %p, sk %p", sock, sk);
1819 err = sock_error(sk);
1823 if (msg->msg_flags & MSG_OOB)
1828 if (sk->sk_state != BT_CONNECTED) {
1833 /* Connectionless channel */
1834 if (sk->sk_type == SOCK_DGRAM) {
1835 skb = l2cap_create_connless_pdu(sk, msg, len);
1839 l2cap_do_send(sk, skb);
1846 case L2CAP_MODE_BASIC:
1847 /* Check outgoing MTU */
1848 if (len > pi->omtu) {
1853 /* Create a basic PDU */
1854 skb = l2cap_create_basic_pdu(sk, msg, len);
1860 l2cap_do_send(sk, skb);
1864 case L2CAP_MODE_ERTM:
1865 case L2CAP_MODE_STREAMING:
1866 /* Entire SDU fits into one PDU */
1867 if (len <= pi->remote_mps) {
1868 control = L2CAP_SDU_UNSEGMENTED;
1869 skb = l2cap_create_iframe_pdu(sk, msg, len, control, 0);
1874 __skb_queue_tail(TX_QUEUE(sk), skb);
1876 if (sk->sk_send_head == NULL)
1877 sk->sk_send_head = skb;
1880 /* Segment SDU into multiples PDUs */
1881 err = l2cap_sar_segment_sdu(sk, msg, len);
1886 if (pi->mode == L2CAP_MODE_STREAMING) {
1887 l2cap_streaming_send(sk);
1889 if (pi->conn_state & L2CAP_CONN_REMOTE_BUSY &&
1890 pi->conn_state && L2CAP_CONN_WAIT_F) {
1894 err = l2cap_ertm_send(sk);
1902 BT_DBG("bad state %1.1x", pi->mode);
1911 static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
1913 struct sock *sk = sock->sk;
1917 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
1918 struct l2cap_conn_rsp rsp;
1919 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1922 sk->sk_state = BT_CONFIG;
1924 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1925 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1926 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1927 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1928 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
1929 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1931 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) {
1936 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
1937 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
1938 l2cap_build_conf_req(sk, buf), buf);
1939 l2cap_pi(sk)->num_conf_req++;
1947 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
1950 static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
1952 struct sock *sk = sock->sk;
1953 struct l2cap_options opts;
1957 BT_DBG("sk %p", sk);
1963 opts.imtu = l2cap_pi(sk)->imtu;
1964 opts.omtu = l2cap_pi(sk)->omtu;
1965 opts.flush_to = l2cap_pi(sk)->flush_to;
1966 opts.mode = l2cap_pi(sk)->mode;
1967 opts.fcs = l2cap_pi(sk)->fcs;
1968 opts.max_tx = l2cap_pi(sk)->max_tx;
1969 opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win;
1971 len = min_t(unsigned int, sizeof(opts), optlen);
1972 if (copy_from_user((char *) &opts, optval, len)) {
1977 if (opts.txwin_size > L2CAP_DEFAULT_TX_WINDOW) {
1982 l2cap_pi(sk)->mode = opts.mode;
1983 switch (l2cap_pi(sk)->mode) {
1984 case L2CAP_MODE_BASIC:
1985 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_STATE2_DEVICE;
1987 case L2CAP_MODE_ERTM:
1988 case L2CAP_MODE_STREAMING:
1997 l2cap_pi(sk)->imtu = opts.imtu;
1998 l2cap_pi(sk)->omtu = opts.omtu;
1999 l2cap_pi(sk)->fcs = opts.fcs;
2000 l2cap_pi(sk)->max_tx = opts.max_tx;
2001 l2cap_pi(sk)->tx_win = (__u8)opts.txwin_size;
2005 if (get_user(opt, (u32 __user *) optval)) {
2010 if (opt & L2CAP_LM_AUTH)
2011 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW;
2012 if (opt & L2CAP_LM_ENCRYPT)
2013 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
2014 if (opt & L2CAP_LM_SECURE)
2015 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH;
2017 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER);
2018 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE);
2030 static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
2032 struct sock *sk = sock->sk;
2033 struct bt_security sec;
2037 BT_DBG("sk %p", sk);
2039 if (level == SOL_L2CAP)
2040 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
2042 if (level != SOL_BLUETOOTH)
2043 return -ENOPROTOOPT;
2049 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
2050 && sk->sk_type != SOCK_RAW) {
2055 sec.level = BT_SECURITY_LOW;
2057 len = min_t(unsigned int, sizeof(sec), optlen);
2058 if (copy_from_user((char *) &sec, optval, len)) {
2063 if (sec.level < BT_SECURITY_LOW ||
2064 sec.level > BT_SECURITY_HIGH) {
2069 l2cap_pi(sk)->sec_level = sec.level;
2072 case BT_DEFER_SETUP:
2073 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
2078 if (get_user(opt, (u32 __user *) optval)) {
2083 bt_sk(sk)->defer_setup = opt;
2095 static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
2097 struct sock *sk = sock->sk;
2098 struct l2cap_options opts;
2099 struct l2cap_conninfo cinfo;
2103 BT_DBG("sk %p", sk);
2105 if (get_user(len, optlen))
2112 opts.imtu = l2cap_pi(sk)->imtu;
2113 opts.omtu = l2cap_pi(sk)->omtu;
2114 opts.flush_to = l2cap_pi(sk)->flush_to;
2115 opts.mode = l2cap_pi(sk)->mode;
2116 opts.fcs = l2cap_pi(sk)->fcs;
2117 opts.max_tx = l2cap_pi(sk)->max_tx;
2118 opts.txwin_size = (__u16)l2cap_pi(sk)->tx_win;
2120 len = min_t(unsigned int, len, sizeof(opts));
2121 if (copy_to_user(optval, (char *) &opts, len))
2127 switch (l2cap_pi(sk)->sec_level) {
2128 case BT_SECURITY_LOW:
2129 opt = L2CAP_LM_AUTH;
2131 case BT_SECURITY_MEDIUM:
2132 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
2134 case BT_SECURITY_HIGH:
2135 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
2143 if (l2cap_pi(sk)->role_switch)
2144 opt |= L2CAP_LM_MASTER;
2146 if (l2cap_pi(sk)->force_reliable)
2147 opt |= L2CAP_LM_RELIABLE;
2149 if (put_user(opt, (u32 __user *) optval))
2153 case L2CAP_CONNINFO:
2154 if (sk->sk_state != BT_CONNECTED &&
2155 !(sk->sk_state == BT_CONNECT2 &&
2156 bt_sk(sk)->defer_setup)) {
2161 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
2162 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
2164 len = min_t(unsigned int, len, sizeof(cinfo));
2165 if (copy_to_user(optval, (char *) &cinfo, len))
2179 static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
2181 struct sock *sk = sock->sk;
2182 struct bt_security sec;
2185 BT_DBG("sk %p", sk);
2187 if (level == SOL_L2CAP)
2188 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
2190 if (level != SOL_BLUETOOTH)
2191 return -ENOPROTOOPT;
2193 if (get_user(len, optlen))
2200 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM
2201 && sk->sk_type != SOCK_RAW) {
2206 sec.level = l2cap_pi(sk)->sec_level;
2208 len = min_t(unsigned int, len, sizeof(sec));
2209 if (copy_to_user(optval, (char *) &sec, len))
2214 case BT_DEFER_SETUP:
2215 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
2220 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
2234 static int l2cap_sock_shutdown(struct socket *sock, int how)
2236 struct sock *sk = sock->sk;
2239 BT_DBG("sock %p, sk %p", sock, sk);
2245 if (!sk->sk_shutdown) {
2246 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
2247 err = __l2cap_wait_ack(sk);
2249 sk->sk_shutdown = SHUTDOWN_MASK;
2250 l2cap_sock_clear_timer(sk);
2251 __l2cap_sock_close(sk, 0);
2253 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
2254 err = bt_sock_wait_state(sk, BT_CLOSED,
2258 if (!err && sk->sk_err)
2265 static int l2cap_sock_release(struct socket *sock)
2267 struct sock *sk = sock->sk;
2270 BT_DBG("sock %p, sk %p", sock, sk);
2275 err = l2cap_sock_shutdown(sock, 2);
2278 l2cap_sock_kill(sk);
2282 static void l2cap_chan_ready(struct sock *sk)
2284 struct sock *parent = bt_sk(sk)->parent;
2286 BT_DBG("sk %p, parent %p", sk, parent);
2288 l2cap_pi(sk)->conf_state = 0;
2289 l2cap_sock_clear_timer(sk);
2292 /* Outgoing channel.
2293 * Wake up socket sleeping on connect.
2295 sk->sk_state = BT_CONNECTED;
2296 sk->sk_state_change(sk);
2298 /* Incoming channel.
2299 * Wake up socket sleeping on accept.
2301 parent->sk_data_ready(parent, 0);
2305 /* Copy frame to all raw sockets on that connection */
2306 static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
2308 struct l2cap_chan_list *l = &conn->chan_list;
2309 struct sk_buff *nskb;
2312 BT_DBG("conn %p", conn);
2314 read_lock(&l->lock);
2315 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2316 if (sk->sk_type != SOCK_RAW)
2319 /* Don't send frame to the socket it came from */
2322 nskb = skb_clone(skb, GFP_ATOMIC);
2326 if (sock_queue_rcv_skb(sk, nskb))
2329 read_unlock(&l->lock);
2332 /* ---- L2CAP signalling commands ---- */
2333 static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
2334 u8 code, u8 ident, u16 dlen, void *data)
2336 struct sk_buff *skb, **frag;
2337 struct l2cap_cmd_hdr *cmd;
2338 struct l2cap_hdr *lh;
2341 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
2342 conn, code, ident, dlen);
2344 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
2345 count = min_t(unsigned int, conn->mtu, len);
2347 skb = bt_skb_alloc(count, GFP_ATOMIC);
2351 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
2352 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
2353 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
2355 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
2358 cmd->len = cpu_to_le16(dlen);
2361 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
2362 memcpy(skb_put(skb, count), data, count);
2368 /* Continuation fragments (no L2CAP header) */
2369 frag = &skb_shinfo(skb)->frag_list;
2371 count = min_t(unsigned int, conn->mtu, len);
2373 *frag = bt_skb_alloc(count, GFP_ATOMIC);
2377 memcpy(skb_put(*frag, count), data, count);
2382 frag = &(*frag)->next;
2392 static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
2394 struct l2cap_conf_opt *opt = *ptr;
2397 len = L2CAP_CONF_OPT_SIZE + opt->len;
2405 *val = *((u8 *) opt->val);
2409 *val = __le16_to_cpu(*((__le16 *) opt->val));
2413 *val = __le32_to_cpu(*((__le32 *) opt->val));
2417 *val = (unsigned long) opt->val;
2421 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
2425 static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
2427 struct l2cap_conf_opt *opt = *ptr;
2429 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
2436 *((u8 *) opt->val) = val;
2440 *((__le16 *) opt->val) = cpu_to_le16(val);
2444 *((__le32 *) opt->val) = cpu_to_le32(val);
2448 memcpy(opt->val, (void *) val, len);
2452 *ptr += L2CAP_CONF_OPT_SIZE + len;
2455 static void l2cap_ack_timeout(unsigned long arg)
2457 struct sock *sk = (void *) arg;
2460 l2cap_send_ack(l2cap_pi(sk));
2464 static inline void l2cap_ertm_init(struct sock *sk)
2466 l2cap_pi(sk)->expected_ack_seq = 0;
2467 l2cap_pi(sk)->unacked_frames = 0;
2468 l2cap_pi(sk)->buffer_seq = 0;
2469 l2cap_pi(sk)->num_acked = 0;
2470 l2cap_pi(sk)->frames_sent = 0;
2472 setup_timer(&l2cap_pi(sk)->retrans_timer,
2473 l2cap_retrans_timeout, (unsigned long) sk);
2474 setup_timer(&l2cap_pi(sk)->monitor_timer,
2475 l2cap_monitor_timeout, (unsigned long) sk);
2476 setup_timer(&l2cap_pi(sk)->ack_timer,
2477 l2cap_ack_timeout, (unsigned long) sk);
2479 __skb_queue_head_init(SREJ_QUEUE(sk));
2480 __skb_queue_head_init(BUSY_QUEUE(sk));
2482 INIT_WORK(&l2cap_pi(sk)->busy_work, l2cap_busy_work);
2484 sk->sk_backlog_rcv = l2cap_ertm_data_rcv;
2487 static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
2490 case L2CAP_MODE_STREAMING:
2491 case L2CAP_MODE_ERTM:
2492 if (l2cap_mode_supported(mode, remote_feat_mask))
2496 return L2CAP_MODE_BASIC;
2500 static int l2cap_build_conf_req(struct sock *sk, void *data)
2502 struct l2cap_pinfo *pi = l2cap_pi(sk);
2503 struct l2cap_conf_req *req = data;
2504 struct l2cap_conf_rfc rfc = { .mode = pi->mode };
2505 void *ptr = req->data;
2507 BT_DBG("sk %p", sk);
2509 if (pi->num_conf_req || pi->num_conf_rsp)
2513 case L2CAP_MODE_STREAMING:
2514 case L2CAP_MODE_ERTM:
2515 if (pi->conf_state & L2CAP_CONF_STATE2_DEVICE)
2520 pi->mode = l2cap_select_mode(rfc.mode, pi->conn->feat_mask);
2526 case L2CAP_MODE_BASIC:
2527 if (pi->imtu != L2CAP_DEFAULT_MTU)
2528 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
2530 if (!(pi->conn->feat_mask & L2CAP_FEAT_ERTM) &&
2531 !(pi->conn->feat_mask & L2CAP_FEAT_STREAMING))
2534 rfc.mode = L2CAP_MODE_BASIC;
2536 rfc.max_transmit = 0;
2537 rfc.retrans_timeout = 0;
2538 rfc.monitor_timeout = 0;
2539 rfc.max_pdu_size = 0;
2541 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2542 (unsigned long) &rfc);
2545 case L2CAP_MODE_ERTM:
2546 rfc.mode = L2CAP_MODE_ERTM;
2547 rfc.txwin_size = pi->tx_win;
2548 rfc.max_transmit = pi->max_tx;
2549 rfc.retrans_timeout = 0;
2550 rfc.monitor_timeout = 0;
2551 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
2552 if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)
2553 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
2555 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2556 (unsigned long) &rfc);
2558 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))
2561 if (pi->fcs == L2CAP_FCS_NONE ||
2562 pi->conf_state & L2CAP_CONF_NO_FCS_RECV) {
2563 pi->fcs = L2CAP_FCS_NONE;
2564 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs);
2568 case L2CAP_MODE_STREAMING:
2569 rfc.mode = L2CAP_MODE_STREAMING;
2571 rfc.max_transmit = 0;
2572 rfc.retrans_timeout = 0;
2573 rfc.monitor_timeout = 0;
2574 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
2575 if (L2CAP_DEFAULT_MAX_PDU_SIZE > pi->conn->mtu - 10)
2576 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
2578 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC, sizeof(rfc),
2579 (unsigned long) &rfc);
2581 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))
2584 if (pi->fcs == L2CAP_FCS_NONE ||
2585 pi->conf_state & L2CAP_CONF_NO_FCS_RECV) {
2586 pi->fcs = L2CAP_FCS_NONE;
2587 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs);
2592 /* FIXME: Need actual value of the flush timeout */
2593 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
2594 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
2596 req->dcid = cpu_to_le16(pi->dcid);
2597 req->flags = cpu_to_le16(0);
2602 static int l2cap_parse_conf_req(struct sock *sk, void *data)
2604 struct l2cap_pinfo *pi = l2cap_pi(sk);
2605 struct l2cap_conf_rsp *rsp = data;
2606 void *ptr = rsp->data;
2607 void *req = pi->conf_req;
2608 int len = pi->conf_len;
2609 int type, hint, olen;
2611 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
2612 u16 mtu = L2CAP_DEFAULT_MTU;
2613 u16 result = L2CAP_CONF_SUCCESS;
2615 BT_DBG("sk %p", sk);
2617 while (len >= L2CAP_CONF_OPT_SIZE) {
2618 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
2620 hint = type & L2CAP_CONF_HINT;
2621 type &= L2CAP_CONF_MASK;
2624 case L2CAP_CONF_MTU:
2628 case L2CAP_CONF_FLUSH_TO:
2632 case L2CAP_CONF_QOS:
2635 case L2CAP_CONF_RFC:
2636 if (olen == sizeof(rfc))
2637 memcpy(&rfc, (void *) val, olen);
2640 case L2CAP_CONF_FCS:
2641 if (val == L2CAP_FCS_NONE)
2642 pi->conf_state |= L2CAP_CONF_NO_FCS_RECV;
2650 result = L2CAP_CONF_UNKNOWN;
2651 *((u8 *) ptr++) = type;
2656 if (pi->num_conf_rsp || pi->num_conf_req > 1)
2660 case L2CAP_MODE_STREAMING:
2661 case L2CAP_MODE_ERTM:
2662 if (!(pi->conf_state & L2CAP_CONF_STATE2_DEVICE)) {
2663 pi->mode = l2cap_select_mode(rfc.mode,
2664 pi->conn->feat_mask);
2668 if (pi->mode != rfc.mode)
2669 return -ECONNREFUSED;
2675 if (pi->mode != rfc.mode) {
2676 result = L2CAP_CONF_UNACCEPT;
2677 rfc.mode = pi->mode;
2679 if (pi->num_conf_rsp == 1)
2680 return -ECONNREFUSED;
2682 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2683 sizeof(rfc), (unsigned long) &rfc);
2687 if (result == L2CAP_CONF_SUCCESS) {
2688 /* Configure output options and let the other side know
2689 * which ones we don't like. */
2691 if (mtu < L2CAP_DEFAULT_MIN_MTU)
2692 result = L2CAP_CONF_UNACCEPT;
2695 pi->conf_state |= L2CAP_CONF_MTU_DONE;
2697 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
2700 case L2CAP_MODE_BASIC:
2701 pi->fcs = L2CAP_FCS_NONE;
2702 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2705 case L2CAP_MODE_ERTM:
2706 pi->remote_tx_win = rfc.txwin_size;
2707 pi->remote_max_tx = rfc.max_transmit;
2709 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10)
2710 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
2712 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size);
2714 rfc.retrans_timeout =
2715 le16_to_cpu(L2CAP_DEFAULT_RETRANS_TO);
2716 rfc.monitor_timeout =
2717 le16_to_cpu(L2CAP_DEFAULT_MONITOR_TO);
2719 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2721 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2722 sizeof(rfc), (unsigned long) &rfc);
2726 case L2CAP_MODE_STREAMING:
2727 if (le16_to_cpu(rfc.max_pdu_size) > pi->conn->mtu - 10)
2728 rfc.max_pdu_size = cpu_to_le16(pi->conn->mtu - 10);
2730 pi->remote_mps = le16_to_cpu(rfc.max_pdu_size);
2732 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2734 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2735 sizeof(rfc), (unsigned long) &rfc);
2740 result = L2CAP_CONF_UNACCEPT;
2742 memset(&rfc, 0, sizeof(rfc));
2743 rfc.mode = pi->mode;
2746 if (result == L2CAP_CONF_SUCCESS)
2747 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
2749 rsp->scid = cpu_to_le16(pi->dcid);
2750 rsp->result = cpu_to_le16(result);
2751 rsp->flags = cpu_to_le16(0x0000);
2756 static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data, u16 *result)
2758 struct l2cap_pinfo *pi = l2cap_pi(sk);
2759 struct l2cap_conf_req *req = data;
2760 void *ptr = req->data;
2763 struct l2cap_conf_rfc rfc;
2765 BT_DBG("sk %p, rsp %p, len %d, req %p", sk, rsp, len, data);
2767 while (len >= L2CAP_CONF_OPT_SIZE) {
2768 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2771 case L2CAP_CONF_MTU:
2772 if (val < L2CAP_DEFAULT_MIN_MTU) {
2773 *result = L2CAP_CONF_UNACCEPT;
2774 pi->omtu = L2CAP_DEFAULT_MIN_MTU;
2777 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
2780 case L2CAP_CONF_FLUSH_TO:
2782 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
2786 case L2CAP_CONF_RFC:
2787 if (olen == sizeof(rfc))
2788 memcpy(&rfc, (void *)val, olen);
2790 if ((pi->conf_state & L2CAP_CONF_STATE2_DEVICE) &&
2791 rfc.mode != pi->mode)
2792 return -ECONNREFUSED;
2796 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2797 sizeof(rfc), (unsigned long) &rfc);
2802 if (pi->mode == L2CAP_MODE_BASIC && pi->mode != rfc.mode)
2803 return -ECONNREFUSED;
2805 pi->mode = rfc.mode;
2807 if (*result == L2CAP_CONF_SUCCESS) {
2809 case L2CAP_MODE_ERTM:
2810 pi->remote_tx_win = rfc.txwin_size;
2811 pi->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2812 pi->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2813 pi->mps = le16_to_cpu(rfc.max_pdu_size);
2815 case L2CAP_MODE_STREAMING:
2816 pi->mps = le16_to_cpu(rfc.max_pdu_size);
2820 req->dcid = cpu_to_le16(pi->dcid);
2821 req->flags = cpu_to_le16(0x0000);
2826 static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
2828 struct l2cap_conf_rsp *rsp = data;
2829 void *ptr = rsp->data;
2831 BT_DBG("sk %p", sk);
2833 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2834 rsp->result = cpu_to_le16(result);
2835 rsp->flags = cpu_to_le16(flags);
2840 static void l2cap_conf_rfc_get(struct sock *sk, void *rsp, int len)
2842 struct l2cap_pinfo *pi = l2cap_pi(sk);
2845 struct l2cap_conf_rfc rfc;
2847 BT_DBG("sk %p, rsp %p, len %d", sk, rsp, len);
2849 if ((pi->mode != L2CAP_MODE_ERTM) && (pi->mode != L2CAP_MODE_STREAMING))
2852 while (len >= L2CAP_CONF_OPT_SIZE) {
2853 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2856 case L2CAP_CONF_RFC:
2857 if (olen == sizeof(rfc))
2858 memcpy(&rfc, (void *)val, olen);
2865 case L2CAP_MODE_ERTM:
2866 pi->remote_tx_win = rfc.txwin_size;
2867 pi->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
2868 pi->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
2869 pi->mps = le16_to_cpu(rfc.max_pdu_size);
2871 case L2CAP_MODE_STREAMING:
2872 pi->mps = le16_to_cpu(rfc.max_pdu_size);
2876 static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2878 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
2880 if (rej->reason != 0x0000)
2883 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
2884 cmd->ident == conn->info_ident) {
2885 del_timer(&conn->info_timer);
2887 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2888 conn->info_ident = 0;
2890 l2cap_conn_start(conn);
2896 static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2898 struct l2cap_chan_list *list = &conn->chan_list;
2899 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
2900 struct l2cap_conn_rsp rsp;
2901 struct sock *parent, *uninitialized_var(sk);
2902 int result, status = L2CAP_CS_NO_INFO;
2904 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
2905 __le16 psm = req->psm;
2907 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
2909 /* Check if we have socket listening on psm */
2910 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
2912 result = L2CAP_CR_BAD_PSM;
2916 /* Check if the ACL is secure enough (if not SDP) */
2917 if (psm != cpu_to_le16(0x0001) &&
2918 !hci_conn_check_link_mode(conn->hcon)) {
2919 conn->disc_reason = 0x05;
2920 result = L2CAP_CR_SEC_BLOCK;
2924 result = L2CAP_CR_NO_MEM;
2926 /* Check for backlog size */
2927 if (sk_acceptq_is_full(parent)) {
2928 BT_DBG("backlog full %d", parent->sk_ack_backlog);
2932 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
2936 write_lock_bh(&list->lock);
2938 /* Check if we already have channel with that dcid */
2939 if (__l2cap_get_chan_by_dcid(list, scid)) {
2940 write_unlock_bh(&list->lock);
2941 sock_set_flag(sk, SOCK_ZAPPED);
2942 l2cap_sock_kill(sk);
2946 hci_conn_hold(conn->hcon);
2948 l2cap_sock_init(sk, parent);
2949 bacpy(&bt_sk(sk)->src, conn->src);
2950 bacpy(&bt_sk(sk)->dst, conn->dst);
2951 l2cap_pi(sk)->psm = psm;
2952 l2cap_pi(sk)->dcid = scid;
2954 __l2cap_chan_add(conn, sk, parent);
2955 dcid = l2cap_pi(sk)->scid;
2957 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
2959 l2cap_pi(sk)->ident = cmd->ident;
2961 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
2962 if (l2cap_check_security(sk)) {
2963 if (bt_sk(sk)->defer_setup) {
2964 sk->sk_state = BT_CONNECT2;
2965 result = L2CAP_CR_PEND;
2966 status = L2CAP_CS_AUTHOR_PEND;
2967 parent->sk_data_ready(parent, 0);
2969 sk->sk_state = BT_CONFIG;
2970 result = L2CAP_CR_SUCCESS;
2971 status = L2CAP_CS_NO_INFO;
2974 sk->sk_state = BT_CONNECT2;
2975 result = L2CAP_CR_PEND;
2976 status = L2CAP_CS_AUTHEN_PEND;
2979 sk->sk_state = BT_CONNECT2;
2980 result = L2CAP_CR_PEND;
2981 status = L2CAP_CS_NO_INFO;
2984 write_unlock_bh(&list->lock);
2987 bh_unlock_sock(parent);
2990 rsp.scid = cpu_to_le16(scid);
2991 rsp.dcid = cpu_to_le16(dcid);
2992 rsp.result = cpu_to_le16(result);
2993 rsp.status = cpu_to_le16(status);
2994 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2996 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
2997 struct l2cap_info_req info;
2998 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
3000 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
3001 conn->info_ident = l2cap_get_ident(conn);
3003 mod_timer(&conn->info_timer, jiffies +
3004 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
3006 l2cap_send_cmd(conn, conn->info_ident,
3007 L2CAP_INFO_REQ, sizeof(info), &info);
3010 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT) &&
3011 result == L2CAP_CR_SUCCESS) {
3013 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
3014 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
3015 l2cap_build_conf_req(sk, buf), buf);
3016 l2cap_pi(sk)->num_conf_req++;
3022 static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3024 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
3025 u16 scid, dcid, result, status;
3029 scid = __le16_to_cpu(rsp->scid);
3030 dcid = __le16_to_cpu(rsp->dcid);
3031 result = __le16_to_cpu(rsp->result);
3032 status = __le16_to_cpu(rsp->status);
3034 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
3037 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
3041 sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident);
3047 case L2CAP_CR_SUCCESS:
3048 sk->sk_state = BT_CONFIG;
3049 l2cap_pi(sk)->ident = 0;
3050 l2cap_pi(sk)->dcid = dcid;
3051 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
3053 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)
3056 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
3058 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
3059 l2cap_build_conf_req(sk, req), req);
3060 l2cap_pi(sk)->num_conf_req++;
3064 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
3068 l2cap_chan_del(sk, ECONNREFUSED);
3076 static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
3078 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
3084 dcid = __le16_to_cpu(req->dcid);
3085 flags = __le16_to_cpu(req->flags);
3087 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
3089 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
3093 if (sk->sk_state != BT_CONFIG) {
3094 struct l2cap_cmd_rej rej;
3096 rej.reason = cpu_to_le16(0x0002);
3097 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ,
3102 /* Reject if config buffer is too small. */
3103 len = cmd_len - sizeof(*req);
3104 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
3105 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3106 l2cap_build_conf_rsp(sk, rsp,
3107 L2CAP_CONF_REJECT, flags), rsp);
3112 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len);
3113 l2cap_pi(sk)->conf_len += len;
3115 if (flags & 0x0001) {
3116 /* Incomplete config. Send empty response. */
3117 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
3118 l2cap_build_conf_rsp(sk, rsp,
3119 L2CAP_CONF_SUCCESS, 0x0001), rsp);
3123 /* Complete config. */
3124 len = l2cap_parse_conf_req(sk, rsp);
3126 l2cap_send_disconn_req(conn, sk, ECONNRESET);
3130 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
3131 l2cap_pi(sk)->num_conf_rsp++;
3133 /* Reset config buffer. */
3134 l2cap_pi(sk)->conf_len = 0;
3136 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
3139 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
3140 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_NO_FCS_RECV) ||
3141 l2cap_pi(sk)->fcs != L2CAP_FCS_NONE)
3142 l2cap_pi(sk)->fcs = L2CAP_FCS_CRC16;
3144 sk->sk_state = BT_CONNECTED;
3146 l2cap_pi(sk)->next_tx_seq = 0;
3147 l2cap_pi(sk)->expected_tx_seq = 0;
3148 __skb_queue_head_init(TX_QUEUE(sk));
3149 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
3150 l2cap_ertm_init(sk);
3152 l2cap_chan_ready(sk);
3156 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
3158 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
3159 l2cap_build_conf_req(sk, buf), buf);
3160 l2cap_pi(sk)->num_conf_req++;
3168 static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3170 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
3171 u16 scid, flags, result;
3173 int len = cmd->len - sizeof(*rsp);
3175 scid = __le16_to_cpu(rsp->scid);
3176 flags = __le16_to_cpu(rsp->flags);
3177 result = __le16_to_cpu(rsp->result);
3179 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
3180 scid, flags, result);
3182 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
3187 case L2CAP_CONF_SUCCESS:
3188 l2cap_conf_rfc_get(sk, rsp->data, len);
3191 case L2CAP_CONF_UNACCEPT:
3192 if (l2cap_pi(sk)->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
3195 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) {
3196 l2cap_send_disconn_req(conn, sk, ECONNRESET);
3200 /* throw out any old stored conf requests */
3201 result = L2CAP_CONF_SUCCESS;
3202 len = l2cap_parse_conf_rsp(sk, rsp->data,
3205 l2cap_send_disconn_req(conn, sk, ECONNRESET);
3209 l2cap_send_cmd(conn, l2cap_get_ident(conn),
3210 L2CAP_CONF_REQ, len, req);
3211 l2cap_pi(sk)->num_conf_req++;
3212 if (result != L2CAP_CONF_SUCCESS)
3218 sk->sk_err = ECONNRESET;
3219 l2cap_sock_set_timer(sk, HZ * 5);
3220 l2cap_send_disconn_req(conn, sk, ECONNRESET);
3227 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
3229 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
3230 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_NO_FCS_RECV) ||
3231 l2cap_pi(sk)->fcs != L2CAP_FCS_NONE)
3232 l2cap_pi(sk)->fcs = L2CAP_FCS_CRC16;
3234 sk->sk_state = BT_CONNECTED;
3235 l2cap_pi(sk)->next_tx_seq = 0;
3236 l2cap_pi(sk)->expected_tx_seq = 0;
3237 __skb_queue_head_init(TX_QUEUE(sk));
3238 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
3239 l2cap_ertm_init(sk);
3241 l2cap_chan_ready(sk);
3249 static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3251 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
3252 struct l2cap_disconn_rsp rsp;
3256 scid = __le16_to_cpu(req->scid);
3257 dcid = __le16_to_cpu(req->dcid);
3259 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
3261 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
3265 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
3266 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
3267 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
3269 sk->sk_shutdown = SHUTDOWN_MASK;
3271 l2cap_chan_del(sk, ECONNRESET);
3274 l2cap_sock_kill(sk);
3278 static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3280 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
3284 scid = __le16_to_cpu(rsp->scid);
3285 dcid = __le16_to_cpu(rsp->dcid);
3287 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
3289 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
3293 l2cap_chan_del(sk, 0);
3296 l2cap_sock_kill(sk);
3300 static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3302 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
3305 type = __le16_to_cpu(req->type);
3307 BT_DBG("type 0x%4.4x", type);
3309 if (type == L2CAP_IT_FEAT_MASK) {
3311 u32 feat_mask = l2cap_feat_mask;
3312 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
3313 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
3314 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
3316 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
3318 put_unaligned_le32(feat_mask, rsp->data);
3319 l2cap_send_cmd(conn, cmd->ident,
3320 L2CAP_INFO_RSP, sizeof(buf), buf);
3321 } else if (type == L2CAP_IT_FIXED_CHAN) {
3323 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
3324 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3325 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
3326 memcpy(buf + 4, l2cap_fixed_chan, 8);
3327 l2cap_send_cmd(conn, cmd->ident,
3328 L2CAP_INFO_RSP, sizeof(buf), buf);
3330 struct l2cap_info_rsp rsp;
3331 rsp.type = cpu_to_le16(type);
3332 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
3333 l2cap_send_cmd(conn, cmd->ident,
3334 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
3340 static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
3342 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
3345 type = __le16_to_cpu(rsp->type);
3346 result = __le16_to_cpu(rsp->result);
3348 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
3350 del_timer(&conn->info_timer);
3352 if (result != L2CAP_IR_SUCCESS) {
3353 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3354 conn->info_ident = 0;
3356 l2cap_conn_start(conn);
3361 if (type == L2CAP_IT_FEAT_MASK) {
3362 conn->feat_mask = get_unaligned_le32(rsp->data);
3364 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
3365 struct l2cap_info_req req;
3366 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3368 conn->info_ident = l2cap_get_ident(conn);
3370 l2cap_send_cmd(conn, conn->info_ident,
3371 L2CAP_INFO_REQ, sizeof(req), &req);
3373 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3374 conn->info_ident = 0;
3376 l2cap_conn_start(conn);
3378 } else if (type == L2CAP_IT_FIXED_CHAN) {
3379 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3380 conn->info_ident = 0;
3382 l2cap_conn_start(conn);
3388 static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
3390 u8 *data = skb->data;
3392 struct l2cap_cmd_hdr cmd;
3395 l2cap_raw_recv(conn, skb);
3397 while (len >= L2CAP_CMD_HDR_SIZE) {
3399 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
3400 data += L2CAP_CMD_HDR_SIZE;
3401 len -= L2CAP_CMD_HDR_SIZE;
3403 cmd_len = le16_to_cpu(cmd.len);
3405 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
3407 if (cmd_len > len || !cmd.ident) {
3408 BT_DBG("corrupted command");
3413 case L2CAP_COMMAND_REJ:
3414 l2cap_command_rej(conn, &cmd, data);
3417 case L2CAP_CONN_REQ:
3418 err = l2cap_connect_req(conn, &cmd, data);
3421 case L2CAP_CONN_RSP:
3422 err = l2cap_connect_rsp(conn, &cmd, data);
3425 case L2CAP_CONF_REQ:
3426 err = l2cap_config_req(conn, &cmd, cmd_len, data);
3429 case L2CAP_CONF_RSP:
3430 err = l2cap_config_rsp(conn, &cmd, data);
3433 case L2CAP_DISCONN_REQ:
3434 err = l2cap_disconnect_req(conn, &cmd, data);
3437 case L2CAP_DISCONN_RSP:
3438 err = l2cap_disconnect_rsp(conn, &cmd, data);
3441 case L2CAP_ECHO_REQ:
3442 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd_len, data);
3445 case L2CAP_ECHO_RSP:
3448 case L2CAP_INFO_REQ:
3449 err = l2cap_information_req(conn, &cmd, data);
3452 case L2CAP_INFO_RSP:
3453 err = l2cap_information_rsp(conn, &cmd, data);
3457 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
3463 struct l2cap_cmd_rej rej;
3464 BT_DBG("error %d", err);
3466 /* FIXME: Map err to a valid reason */
3467 rej.reason = cpu_to_le16(0);
3468 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
3478 static int l2cap_check_fcs(struct l2cap_pinfo *pi, struct sk_buff *skb)
3480 u16 our_fcs, rcv_fcs;
3481 int hdr_size = L2CAP_HDR_SIZE + 2;
3483 if (pi->fcs == L2CAP_FCS_CRC16) {
3484 skb_trim(skb, skb->len - 2);
3485 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
3486 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
3488 if (our_fcs != rcv_fcs)
3494 static inline void l2cap_send_i_or_rr_or_rnr(struct sock *sk)
3496 struct l2cap_pinfo *pi = l2cap_pi(sk);
3499 pi->frames_sent = 0;
3501 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3503 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
3504 control |= L2CAP_SUPER_RCV_NOT_READY;
3505 l2cap_send_sframe(pi, control);
3506 pi->conn_state |= L2CAP_CONN_RNR_SENT;
3509 if (pi->conn_state & L2CAP_CONN_REMOTE_BUSY)
3510 l2cap_retransmit_frames(sk);
3512 l2cap_ertm_send(sk);
3514 if (!(pi->conn_state & L2CAP_CONN_LOCAL_BUSY) &&
3515 pi->frames_sent == 0) {
3516 control |= L2CAP_SUPER_RCV_READY;
3517 l2cap_send_sframe(pi, control);
3521 static int l2cap_add_to_srej_queue(struct sock *sk, struct sk_buff *skb, u8 tx_seq, u8 sar)
3523 struct sk_buff *next_skb;
3524 struct l2cap_pinfo *pi = l2cap_pi(sk);
3525 int tx_seq_offset, next_tx_seq_offset;
3527 bt_cb(skb)->tx_seq = tx_seq;
3528 bt_cb(skb)->sar = sar;
3530 next_skb = skb_peek(SREJ_QUEUE(sk));
3532 __skb_queue_tail(SREJ_QUEUE(sk), skb);
3536 tx_seq_offset = (tx_seq - pi->buffer_seq) % 64;
3537 if (tx_seq_offset < 0)
3538 tx_seq_offset += 64;
3541 if (bt_cb(next_skb)->tx_seq == tx_seq)
3544 next_tx_seq_offset = (bt_cb(next_skb)->tx_seq -
3545 pi->buffer_seq) % 64;
3546 if (next_tx_seq_offset < 0)
3547 next_tx_seq_offset += 64;
3549 if (next_tx_seq_offset > tx_seq_offset) {
3550 __skb_queue_before(SREJ_QUEUE(sk), next_skb, skb);
3554 if (skb_queue_is_last(SREJ_QUEUE(sk), next_skb))
3557 } while ((next_skb = skb_queue_next(SREJ_QUEUE(sk), next_skb)));
3559 __skb_queue_tail(SREJ_QUEUE(sk), skb);
3564 static int l2cap_ertm_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control)
3566 struct l2cap_pinfo *pi = l2cap_pi(sk);
3567 struct sk_buff *_skb;
3570 switch (control & L2CAP_CTRL_SAR) {
3571 case L2CAP_SDU_UNSEGMENTED:
3572 if (pi->conn_state & L2CAP_CONN_SAR_SDU)
3575 err = sock_queue_rcv_skb(sk, skb);
3581 case L2CAP_SDU_START:
3582 if (pi->conn_state & L2CAP_CONN_SAR_SDU)
3585 pi->sdu_len = get_unaligned_le16(skb->data);
3587 if (pi->sdu_len > pi->imtu)
3590 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC);
3594 /* pull sdu_len bytes only after alloc, because of Local Busy
3595 * condition we have to be sure that this will be executed
3596 * only once, i.e., when alloc does not fail */
3599 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3601 pi->conn_state |= L2CAP_CONN_SAR_SDU;
3602 pi->partial_sdu_len = skb->len;
3605 case L2CAP_SDU_CONTINUE:
3606 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3612 pi->partial_sdu_len += skb->len;
3613 if (pi->partial_sdu_len > pi->sdu_len)
3616 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3621 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3627 if (!(pi->conn_state & L2CAP_CONN_SAR_RETRY)) {
3628 pi->partial_sdu_len += skb->len;
3630 if (pi->partial_sdu_len > pi->imtu)
3633 if (pi->partial_sdu_len != pi->sdu_len)
3636 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3639 _skb = skb_clone(pi->sdu, GFP_ATOMIC);
3641 pi->conn_state |= L2CAP_CONN_SAR_RETRY;
3645 err = sock_queue_rcv_skb(sk, _skb);
3648 pi->conn_state |= L2CAP_CONN_SAR_RETRY;
3652 pi->conn_state &= ~L2CAP_CONN_SAR_RETRY;
3653 pi->conn_state &= ~L2CAP_CONN_SAR_SDU;
3667 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
3672 static int l2cap_try_push_rx_skb(struct sock *sk)
3674 struct l2cap_pinfo *pi = l2cap_pi(sk);
3675 struct sk_buff *skb;
3679 while ((skb = skb_dequeue(BUSY_QUEUE(sk)))) {
3680 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
3681 err = l2cap_ertm_reassembly_sdu(sk, skb, control);
3683 skb_queue_head(BUSY_QUEUE(sk), skb);
3687 pi->buffer_seq = (pi->buffer_seq + 1) % 64;
3690 if (!(pi->conn_state & L2CAP_CONN_RNR_SENT))
3693 control = pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3694 control |= L2CAP_SUPER_RCV_READY | L2CAP_CTRL_POLL;
3695 l2cap_send_sframe(pi, control);
3696 l2cap_pi(sk)->retry_count = 1;
3698 del_timer(&pi->retrans_timer);
3699 __mod_monitor_timer();
3701 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F;
3704 pi->conn_state &= ~L2CAP_CONN_LOCAL_BUSY;
3705 pi->conn_state &= ~L2CAP_CONN_RNR_SENT;
3707 BT_DBG("sk %p, Exit local busy", sk);
3712 static void l2cap_busy_work(struct work_struct *work)
3714 DECLARE_WAITQUEUE(wait, current);
3715 struct l2cap_pinfo *pi =
3716 container_of(work, struct l2cap_pinfo, busy_work);
3717 struct sock *sk = (struct sock *)pi;
3718 int n_tries = 0, timeo = HZ/5, err;
3719 struct sk_buff *skb;
3723 add_wait_queue(sk_sleep(sk), &wait);
3724 while ((skb = skb_peek(BUSY_QUEUE(sk)))) {
3725 set_current_state(TASK_INTERRUPTIBLE);
3727 if (n_tries++ > L2CAP_LOCAL_BUSY_TRIES) {
3729 l2cap_send_disconn_req(pi->conn, sk, EBUSY);
3736 if (signal_pending(current)) {
3737 err = sock_intr_errno(timeo);
3742 timeo = schedule_timeout(timeo);
3745 err = sock_error(sk);
3749 if (l2cap_try_push_rx_skb(sk) == 0)
3753 set_current_state(TASK_RUNNING);
3754 remove_wait_queue(sk_sleep(sk), &wait);
3759 static int l2cap_push_rx_skb(struct sock *sk, struct sk_buff *skb, u16 control)
3761 struct l2cap_pinfo *pi = l2cap_pi(sk);
3764 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY) {
3765 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
3766 __skb_queue_tail(BUSY_QUEUE(sk), skb);
3767 return l2cap_try_push_rx_skb(sk);
3772 err = l2cap_ertm_reassembly_sdu(sk, skb, control);
3774 pi->buffer_seq = (pi->buffer_seq + 1) % 64;
3778 /* Busy Condition */
3779 BT_DBG("sk %p, Enter local busy", sk);
3781 pi->conn_state |= L2CAP_CONN_LOCAL_BUSY;
3782 bt_cb(skb)->sar = control >> L2CAP_CTRL_SAR_SHIFT;
3783 __skb_queue_tail(BUSY_QUEUE(sk), skb);
3785 sctrl = pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3786 sctrl |= L2CAP_SUPER_RCV_NOT_READY;
3787 l2cap_send_sframe(pi, sctrl);
3789 pi->conn_state |= L2CAP_CONN_RNR_SENT;
3791 del_timer(&pi->ack_timer);
3793 queue_work(_busy_wq, &pi->busy_work);
3798 static int l2cap_streaming_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control)
3800 struct l2cap_pinfo *pi = l2cap_pi(sk);
3801 struct sk_buff *_skb;
3805 * TODO: We have to notify the userland if some data is lost with the
3809 switch (control & L2CAP_CTRL_SAR) {
3810 case L2CAP_SDU_UNSEGMENTED:
3811 if (pi->conn_state & L2CAP_CONN_SAR_SDU) {
3816 err = sock_queue_rcv_skb(sk, skb);
3822 case L2CAP_SDU_START:
3823 if (pi->conn_state & L2CAP_CONN_SAR_SDU) {
3828 pi->sdu_len = get_unaligned_le16(skb->data);
3831 if (pi->sdu_len > pi->imtu) {
3836 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC);
3842 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3844 pi->conn_state |= L2CAP_CONN_SAR_SDU;
3845 pi->partial_sdu_len = skb->len;
3849 case L2CAP_SDU_CONTINUE:
3850 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3853 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3855 pi->partial_sdu_len += skb->len;
3856 if (pi->partial_sdu_len > pi->sdu_len)
3864 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3867 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3869 pi->conn_state &= ~L2CAP_CONN_SAR_SDU;
3870 pi->partial_sdu_len += skb->len;
3872 if (pi->partial_sdu_len > pi->imtu)
3875 if (pi->partial_sdu_len == pi->sdu_len) {
3876 _skb = skb_clone(pi->sdu, GFP_ATOMIC);
3877 err = sock_queue_rcv_skb(sk, _skb);
3892 static void l2cap_check_srej_gap(struct sock *sk, u8 tx_seq)
3894 struct sk_buff *skb;
3897 while ((skb = skb_peek(SREJ_QUEUE(sk)))) {
3898 if (bt_cb(skb)->tx_seq != tx_seq)
3901 skb = skb_dequeue(SREJ_QUEUE(sk));
3902 control = bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
3903 l2cap_ertm_reassembly_sdu(sk, skb, control);
3904 l2cap_pi(sk)->buffer_seq_srej =
3905 (l2cap_pi(sk)->buffer_seq_srej + 1) % 64;
3906 tx_seq = (tx_seq + 1) % 64;
3910 static void l2cap_resend_srejframe(struct sock *sk, u8 tx_seq)
3912 struct l2cap_pinfo *pi = l2cap_pi(sk);
3913 struct srej_list *l, *tmp;
3916 list_for_each_entry_safe(l, tmp, SREJ_LIST(sk), list) {
3917 if (l->tx_seq == tx_seq) {
3922 control = L2CAP_SUPER_SELECT_REJECT;
3923 control |= l->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3924 l2cap_send_sframe(pi, control);
3926 list_add_tail(&l->list, SREJ_LIST(sk));
3930 static void l2cap_send_srejframe(struct sock *sk, u8 tx_seq)
3932 struct l2cap_pinfo *pi = l2cap_pi(sk);
3933 struct srej_list *new;
3936 while (tx_seq != pi->expected_tx_seq) {
3937 control = L2CAP_SUPER_SELECT_REJECT;
3938 control |= pi->expected_tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3939 l2cap_send_sframe(pi, control);
3941 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
3942 new->tx_seq = pi->expected_tx_seq;
3943 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3944 list_add_tail(&new->list, SREJ_LIST(sk));
3946 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3949 static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, struct sk_buff *skb)
3951 struct l2cap_pinfo *pi = l2cap_pi(sk);
3952 u8 tx_seq = __get_txseq(rx_control);
3953 u8 req_seq = __get_reqseq(rx_control);
3954 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT;
3955 int tx_seq_offset, expected_tx_seq_offset;
3956 int num_to_ack = (pi->tx_win/6) + 1;
3959 BT_DBG("sk %p len %d tx_seq %d rx_control 0x%4.4x", sk, skb->len, tx_seq,
3962 if (L2CAP_CTRL_FINAL & rx_control &&
3963 l2cap_pi(sk)->conn_state & L2CAP_CONN_WAIT_F) {
3964 del_timer(&pi->monitor_timer);
3965 if (pi->unacked_frames > 0)
3966 __mod_retrans_timer();
3967 pi->conn_state &= ~L2CAP_CONN_WAIT_F;
3970 pi->expected_ack_seq = req_seq;
3971 l2cap_drop_acked_frames(sk);
3973 if (tx_seq == pi->expected_tx_seq)
3976 tx_seq_offset = (tx_seq - pi->buffer_seq) % 64;
3977 if (tx_seq_offset < 0)
3978 tx_seq_offset += 64;
3980 /* invalid tx_seq */
3981 if (tx_seq_offset >= pi->tx_win) {
3982 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
3986 if (pi->conn_state == L2CAP_CONN_LOCAL_BUSY)
3989 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3990 struct srej_list *first;
3992 first = list_first_entry(SREJ_LIST(sk),
3993 struct srej_list, list);
3994 if (tx_seq == first->tx_seq) {
3995 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3996 l2cap_check_srej_gap(sk, tx_seq);
3998 list_del(&first->list);
4001 if (list_empty(SREJ_LIST(sk))) {
4002 pi->buffer_seq = pi->buffer_seq_srej;
4003 pi->conn_state &= ~L2CAP_CONN_SREJ_SENT;
4005 BT_DBG("sk %p, Exit SREJ_SENT", sk);
4008 struct srej_list *l;
4010 /* duplicated tx_seq */
4011 if (l2cap_add_to_srej_queue(sk, skb, tx_seq, sar) < 0)
4014 list_for_each_entry(l, SREJ_LIST(sk), list) {
4015 if (l->tx_seq == tx_seq) {
4016 l2cap_resend_srejframe(sk, tx_seq);
4020 l2cap_send_srejframe(sk, tx_seq);
4023 expected_tx_seq_offset =
4024 (pi->expected_tx_seq - pi->buffer_seq) % 64;
4025 if (expected_tx_seq_offset < 0)
4026 expected_tx_seq_offset += 64;
4028 /* duplicated tx_seq */
4029 if (tx_seq_offset < expected_tx_seq_offset)
4032 pi->conn_state |= L2CAP_CONN_SREJ_SENT;
4034 BT_DBG("sk %p, Enter SREJ", sk);
4036 INIT_LIST_HEAD(SREJ_LIST(sk));
4037 pi->buffer_seq_srej = pi->buffer_seq;
4039 __skb_queue_head_init(SREJ_QUEUE(sk));
4040 __skb_queue_head_init(BUSY_QUEUE(sk));
4041 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
4043 pi->conn_state |= L2CAP_CONN_SEND_PBIT;
4045 l2cap_send_srejframe(sk, tx_seq);
4047 del_timer(&pi->ack_timer);
4052 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
4054 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
4055 bt_cb(skb)->tx_seq = tx_seq;
4056 bt_cb(skb)->sar = sar;
4057 __skb_queue_tail(SREJ_QUEUE(sk), skb);
4061 err = l2cap_push_rx_skb(sk, skb, rx_control);
4065 if (rx_control & L2CAP_CTRL_FINAL) {
4066 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
4067 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
4069 l2cap_retransmit_frames(sk);
4074 pi->num_acked = (pi->num_acked + 1) % num_to_ack;
4075 if (pi->num_acked == num_to_ack - 1)
4085 static inline void l2cap_data_channel_rrframe(struct sock *sk, u16 rx_control)
4087 struct l2cap_pinfo *pi = l2cap_pi(sk);
4089 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, __get_reqseq(rx_control),
4092 pi->expected_ack_seq = __get_reqseq(rx_control);
4093 l2cap_drop_acked_frames(sk);
4095 if (rx_control & L2CAP_CTRL_POLL) {
4096 pi->conn_state |= L2CAP_CONN_SEND_FBIT;
4097 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
4098 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
4099 (pi->unacked_frames > 0))
4100 __mod_retrans_timer();
4102 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
4103 l2cap_send_srejtail(sk);
4105 l2cap_send_i_or_rr_or_rnr(sk);
4108 } else if (rx_control & L2CAP_CTRL_FINAL) {
4109 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
4111 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
4112 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
4114 l2cap_retransmit_frames(sk);
4117 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
4118 (pi->unacked_frames > 0))
4119 __mod_retrans_timer();
4121 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
4122 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
4125 l2cap_ertm_send(sk);
4130 static inline void l2cap_data_channel_rejframe(struct sock *sk, u16 rx_control)
4132 struct l2cap_pinfo *pi = l2cap_pi(sk);
4133 u8 tx_seq = __get_reqseq(rx_control);
4135 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control);
4137 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
4139 pi->expected_ack_seq = tx_seq;
4140 l2cap_drop_acked_frames(sk);
4142 if (rx_control & L2CAP_CTRL_FINAL) {
4143 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
4144 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
4146 l2cap_retransmit_frames(sk);
4148 l2cap_retransmit_frames(sk);
4150 if (pi->conn_state & L2CAP_CONN_WAIT_F)
4151 pi->conn_state |= L2CAP_CONN_REJ_ACT;
4154 static inline void l2cap_data_channel_srejframe(struct sock *sk, u16 rx_control)
4156 struct l2cap_pinfo *pi = l2cap_pi(sk);
4157 u8 tx_seq = __get_reqseq(rx_control);
4159 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control);
4161 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
4163 if (rx_control & L2CAP_CTRL_POLL) {
4164 pi->expected_ack_seq = tx_seq;
4165 l2cap_drop_acked_frames(sk);
4167 pi->conn_state |= L2CAP_CONN_SEND_FBIT;
4168 l2cap_retransmit_one_frame(sk, tx_seq);
4170 l2cap_ertm_send(sk);
4172 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
4173 pi->srej_save_reqseq = tx_seq;
4174 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
4176 } else if (rx_control & L2CAP_CTRL_FINAL) {
4177 if ((pi->conn_state & L2CAP_CONN_SREJ_ACT) &&
4178 pi->srej_save_reqseq == tx_seq)
4179 pi->conn_state &= ~L2CAP_CONN_SREJ_ACT;
4181 l2cap_retransmit_one_frame(sk, tx_seq);
4183 l2cap_retransmit_one_frame(sk, tx_seq);
4184 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
4185 pi->srej_save_reqseq = tx_seq;
4186 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
4191 static inline void l2cap_data_channel_rnrframe(struct sock *sk, u16 rx_control)
4193 struct l2cap_pinfo *pi = l2cap_pi(sk);
4194 u8 tx_seq = __get_reqseq(rx_control);
4196 BT_DBG("sk %p, req_seq %d ctrl 0x%4.4x", sk, tx_seq, rx_control);
4198 pi->conn_state |= L2CAP_CONN_REMOTE_BUSY;
4199 pi->expected_ack_seq = tx_seq;
4200 l2cap_drop_acked_frames(sk);
4202 if (rx_control & L2CAP_CTRL_POLL)
4203 pi->conn_state |= L2CAP_CONN_SEND_FBIT;
4205 if (!(pi->conn_state & L2CAP_CONN_SREJ_SENT)) {
4206 del_timer(&pi->retrans_timer);
4207 if (rx_control & L2CAP_CTRL_POLL)
4208 l2cap_send_rr_or_rnr(pi, L2CAP_CTRL_FINAL);
4212 if (rx_control & L2CAP_CTRL_POLL)
4213 l2cap_send_srejtail(sk);
4215 l2cap_send_sframe(pi, L2CAP_SUPER_RCV_READY);
4218 static inline int l2cap_data_channel_sframe(struct sock *sk, u16 rx_control, struct sk_buff *skb)
4220 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len);
4222 if (L2CAP_CTRL_FINAL & rx_control &&
4223 l2cap_pi(sk)->conn_state & L2CAP_CONN_WAIT_F) {
4224 del_timer(&l2cap_pi(sk)->monitor_timer);
4225 if (l2cap_pi(sk)->unacked_frames > 0)
4226 __mod_retrans_timer();
4227 l2cap_pi(sk)->conn_state &= ~L2CAP_CONN_WAIT_F;
4230 switch (rx_control & L2CAP_CTRL_SUPERVISE) {
4231 case L2CAP_SUPER_RCV_READY:
4232 l2cap_data_channel_rrframe(sk, rx_control);
4235 case L2CAP_SUPER_REJECT:
4236 l2cap_data_channel_rejframe(sk, rx_control);
4239 case L2CAP_SUPER_SELECT_REJECT:
4240 l2cap_data_channel_srejframe(sk, rx_control);
4243 case L2CAP_SUPER_RCV_NOT_READY:
4244 l2cap_data_channel_rnrframe(sk, rx_control);
4252 static int l2cap_ertm_data_rcv(struct sock *sk, struct sk_buff *skb)
4254 struct l2cap_pinfo *pi = l2cap_pi(sk);
4257 int len, next_tx_seq_offset, req_seq_offset;
4259 control = get_unaligned_le16(skb->data);
4264 * We can just drop the corrupted I-frame here.
4265 * Receiver will miss it and start proper recovery
4266 * procedures and ask retransmission.
4268 if (l2cap_check_fcs(pi, skb))
4271 if (__is_sar_start(control) && __is_iframe(control))
4274 if (pi->fcs == L2CAP_FCS_CRC16)
4277 if (len > pi->mps) {
4278 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
4282 req_seq = __get_reqseq(control);
4283 req_seq_offset = (req_seq - pi->expected_ack_seq) % 64;
4284 if (req_seq_offset < 0)
4285 req_seq_offset += 64;
4287 next_tx_seq_offset =
4288 (pi->next_tx_seq - pi->expected_ack_seq) % 64;
4289 if (next_tx_seq_offset < 0)
4290 next_tx_seq_offset += 64;
4292 /* check for invalid req-seq */
4293 if (req_seq_offset > next_tx_seq_offset) {
4294 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
4298 if (__is_iframe(control)) {
4300 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
4304 l2cap_data_channel_iframe(sk, control, skb);
4308 l2cap_send_disconn_req(pi->conn, sk, ECONNRESET);
4312 l2cap_data_channel_sframe(sk, control, skb);
4322 static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
4325 struct l2cap_pinfo *pi;
4330 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
4332 BT_DBG("unknown cid 0x%4.4x", cid);
4338 BT_DBG("sk %p, len %d", sk, skb->len);
4340 if (sk->sk_state != BT_CONNECTED)
4344 case L2CAP_MODE_BASIC:
4345 /* If socket recv buffers overflows we drop data here
4346 * which is *bad* because L2CAP has to be reliable.
4347 * But we don't have any other choice. L2CAP doesn't
4348 * provide flow control mechanism. */
4350 if (pi->imtu < skb->len)
4353 if (!sock_queue_rcv_skb(sk, skb))
4357 case L2CAP_MODE_ERTM:
4358 if (!sock_owned_by_user(sk)) {
4359 l2cap_ertm_data_rcv(sk, skb);
4361 if (sk_add_backlog(sk, skb))
4367 case L2CAP_MODE_STREAMING:
4368 control = get_unaligned_le16(skb->data);
4372 if (l2cap_check_fcs(pi, skb))
4375 if (__is_sar_start(control))
4378 if (pi->fcs == L2CAP_FCS_CRC16)
4381 if (len > pi->mps || len < 0 || __is_sframe(control))
4384 tx_seq = __get_txseq(control);
4386 if (pi->expected_tx_seq == tx_seq)
4387 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
4389 pi->expected_tx_seq = (tx_seq + 1) % 64;
4391 l2cap_streaming_reassembly_sdu(sk, skb, control);
4396 BT_DBG("sk %p: bad mode 0x%2.2x", sk, pi->mode);
4410 static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
4414 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
4418 BT_DBG("sk %p, len %d", sk, skb->len);
4420 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
4423 if (l2cap_pi(sk)->imtu < skb->len)
4426 if (!sock_queue_rcv_skb(sk, skb))
4438 static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
4440 struct l2cap_hdr *lh = (void *) skb->data;
4444 skb_pull(skb, L2CAP_HDR_SIZE);
4445 cid = __le16_to_cpu(lh->cid);
4446 len = __le16_to_cpu(lh->len);
4448 if (len != skb->len) {
4453 BT_DBG("len %d, cid 0x%4.4x", len, cid);
4456 case L2CAP_CID_SIGNALING:
4457 l2cap_sig_channel(conn, skb);
4460 case L2CAP_CID_CONN_LESS:
4461 psm = get_unaligned_le16(skb->data);
4463 l2cap_conless_channel(conn, psm, skb);
4467 l2cap_data_channel(conn, cid, skb);
4472 /* ---- L2CAP interface with lower layer (HCI) ---- */
4474 static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
4476 int exact = 0, lm1 = 0, lm2 = 0;
4477 register struct sock *sk;
4478 struct hlist_node *node;
4480 if (type != ACL_LINK)
4483 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
4485 /* Find listening sockets and check their link_mode */
4486 read_lock(&l2cap_sk_list.lock);
4487 sk_for_each(sk, node, &l2cap_sk_list.head) {
4488 if (sk->sk_state != BT_LISTEN)
4491 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
4492 lm1 |= HCI_LM_ACCEPT;
4493 if (l2cap_pi(sk)->role_switch)
4494 lm1 |= HCI_LM_MASTER;
4496 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
4497 lm2 |= HCI_LM_ACCEPT;
4498 if (l2cap_pi(sk)->role_switch)
4499 lm2 |= HCI_LM_MASTER;
4502 read_unlock(&l2cap_sk_list.lock);
4504 return exact ? lm1 : lm2;
4507 static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
4509 struct l2cap_conn *conn;
4511 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
4513 if (hcon->type != ACL_LINK)
4517 conn = l2cap_conn_add(hcon, status);
4519 l2cap_conn_ready(conn);
4521 l2cap_conn_del(hcon, bt_err(status));
4526 static int l2cap_disconn_ind(struct hci_conn *hcon)
4528 struct l2cap_conn *conn = hcon->l2cap_data;
4530 BT_DBG("hcon %p", hcon);
4532 if (hcon->type != ACL_LINK || !conn)
4535 return conn->disc_reason;
4538 static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
4540 BT_DBG("hcon %p reason %d", hcon, reason);
4542 if (hcon->type != ACL_LINK)
4545 l2cap_conn_del(hcon, bt_err(reason));
4550 static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
4552 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_STREAM)
4555 if (encrypt == 0x00) {
4556 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) {
4557 l2cap_sock_clear_timer(sk);
4558 l2cap_sock_set_timer(sk, HZ * 5);
4559 } else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
4560 __l2cap_sock_close(sk, ECONNREFUSED);
4562 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM)
4563 l2cap_sock_clear_timer(sk);
4567 static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
4569 struct l2cap_chan_list *l;
4570 struct l2cap_conn *conn = hcon->l2cap_data;
4576 l = &conn->chan_list;
4578 BT_DBG("conn %p", conn);
4580 read_lock(&l->lock);
4582 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
4585 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) {
4590 if (!status && (sk->sk_state == BT_CONNECTED ||
4591 sk->sk_state == BT_CONFIG)) {
4592 l2cap_check_encryption(sk, encrypt);
4597 if (sk->sk_state == BT_CONNECT) {
4599 struct l2cap_conn_req req;
4600 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
4601 req.psm = l2cap_pi(sk)->psm;
4603 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
4604 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
4606 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
4607 L2CAP_CONN_REQ, sizeof(req), &req);
4609 l2cap_sock_clear_timer(sk);
4610 l2cap_sock_set_timer(sk, HZ / 10);
4612 } else if (sk->sk_state == BT_CONNECT2) {
4613 struct l2cap_conn_rsp rsp;
4617 sk->sk_state = BT_CONFIG;
4618 result = L2CAP_CR_SUCCESS;
4620 sk->sk_state = BT_DISCONN;
4621 l2cap_sock_set_timer(sk, HZ / 10);
4622 result = L2CAP_CR_SEC_BLOCK;
4625 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
4626 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
4627 rsp.result = cpu_to_le16(result);
4628 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
4629 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
4630 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
4636 read_unlock(&l->lock);
4641 static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
4643 struct l2cap_conn *conn = hcon->l2cap_data;
4645 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
4648 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
4650 if (flags & ACL_START) {
4651 struct l2cap_hdr *hdr;
4655 BT_ERR("Unexpected start frame (len %d)", skb->len);
4656 kfree_skb(conn->rx_skb);
4657 conn->rx_skb = NULL;
4659 l2cap_conn_unreliable(conn, ECOMM);
4663 BT_ERR("Frame is too short (len %d)", skb->len);
4664 l2cap_conn_unreliable(conn, ECOMM);
4668 hdr = (struct l2cap_hdr *) skb->data;
4669 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
4671 if (len == skb->len) {
4672 /* Complete frame received */
4673 l2cap_recv_frame(conn, skb);
4677 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
4679 if (skb->len > len) {
4680 BT_ERR("Frame is too long (len %d, expected len %d)",
4682 l2cap_conn_unreliable(conn, ECOMM);
4686 /* Allocate skb for the complete frame (with header) */
4687 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
4691 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
4693 conn->rx_len = len - skb->len;
4695 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
4697 if (!conn->rx_len) {
4698 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
4699 l2cap_conn_unreliable(conn, ECOMM);
4703 if (skb->len > conn->rx_len) {
4704 BT_ERR("Fragment is too long (len %d, expected %d)",
4705 skb->len, conn->rx_len);
4706 kfree_skb(conn->rx_skb);
4707 conn->rx_skb = NULL;
4709 l2cap_conn_unreliable(conn, ECOMM);
4713 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
4715 conn->rx_len -= skb->len;
4717 if (!conn->rx_len) {
4718 /* Complete frame received */
4719 l2cap_recv_frame(conn, conn->rx_skb);
4720 conn->rx_skb = NULL;
4729 static int l2cap_debugfs_show(struct seq_file *f, void *p)
4732 struct hlist_node *node;
4734 read_lock_bh(&l2cap_sk_list.lock);
4736 sk_for_each(sk, node, &l2cap_sk_list.head) {
4737 struct l2cap_pinfo *pi = l2cap_pi(sk);
4739 seq_printf(f, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n",
4740 batostr(&bt_sk(sk)->src),
4741 batostr(&bt_sk(sk)->dst),
4742 sk->sk_state, __le16_to_cpu(pi->psm),
4744 pi->imtu, pi->omtu, pi->sec_level);
4747 read_unlock_bh(&l2cap_sk_list.lock);
4752 static int l2cap_debugfs_open(struct inode *inode, struct file *file)
4754 return single_open(file, l2cap_debugfs_show, inode->i_private);
4757 static const struct file_operations l2cap_debugfs_fops = {
4758 .open = l2cap_debugfs_open,
4760 .llseek = seq_lseek,
4761 .release = single_release,
4764 static struct dentry *l2cap_debugfs;
4766 static const struct proto_ops l2cap_sock_ops = {
4767 .family = PF_BLUETOOTH,
4768 .owner = THIS_MODULE,
4769 .release = l2cap_sock_release,
4770 .bind = l2cap_sock_bind,
4771 .connect = l2cap_sock_connect,
4772 .listen = l2cap_sock_listen,
4773 .accept = l2cap_sock_accept,
4774 .getname = l2cap_sock_getname,
4775 .sendmsg = l2cap_sock_sendmsg,
4776 .recvmsg = l2cap_sock_recvmsg,
4777 .poll = bt_sock_poll,
4778 .ioctl = bt_sock_ioctl,
4779 .mmap = sock_no_mmap,
4780 .socketpair = sock_no_socketpair,
4781 .shutdown = l2cap_sock_shutdown,
4782 .setsockopt = l2cap_sock_setsockopt,
4783 .getsockopt = l2cap_sock_getsockopt
4786 static const struct net_proto_family l2cap_sock_family_ops = {
4787 .family = PF_BLUETOOTH,
4788 .owner = THIS_MODULE,
4789 .create = l2cap_sock_create,
4792 static struct hci_proto l2cap_hci_proto = {
4794 .id = HCI_PROTO_L2CAP,
4795 .connect_ind = l2cap_connect_ind,
4796 .connect_cfm = l2cap_connect_cfm,
4797 .disconn_ind = l2cap_disconn_ind,
4798 .disconn_cfm = l2cap_disconn_cfm,
4799 .security_cfm = l2cap_security_cfm,
4800 .recv_acldata = l2cap_recv_acldata
4803 static int __init l2cap_init(void)
4807 err = proto_register(&l2cap_proto, 0);
4811 _busy_wq = create_singlethread_workqueue("l2cap");
4815 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
4817 BT_ERR("L2CAP socket registration failed");
4821 err = hci_register_proto(&l2cap_hci_proto);
4823 BT_ERR("L2CAP protocol registration failed");
4824 bt_sock_unregister(BTPROTO_L2CAP);
4829 l2cap_debugfs = debugfs_create_file("l2cap", 0444,
4830 bt_debugfs, NULL, &l2cap_debugfs_fops);
4832 BT_ERR("Failed to create L2CAP debug file");
4835 BT_INFO("L2CAP ver %s", VERSION);
4836 BT_INFO("L2CAP socket layer initialized");
4841 proto_unregister(&l2cap_proto);
4845 static void __exit l2cap_exit(void)
4847 debugfs_remove(l2cap_debugfs);
4849 flush_workqueue(_busy_wq);
4850 destroy_workqueue(_busy_wq);
4852 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
4853 BT_ERR("L2CAP socket unregistration failed");
4855 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
4856 BT_ERR("L2CAP protocol unregistration failed");
4858 proto_unregister(&l2cap_proto);
4861 void l2cap_load(void)
4863 /* Dummy function to trigger automatic L2CAP module loading by
4864 * other modules that use L2CAP sockets but don't use any other
4865 * symbols from it. */
4867 EXPORT_SYMBOL(l2cap_load);
4869 module_init(l2cap_init);
4870 module_exit(l2cap_exit);
4872 module_param(disable_ertm, bool, 0644);
4873 MODULE_PARM_DESC(disable_ertm, "Disable enhanced retransmission mode");
4875 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
4876 MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
4877 MODULE_VERSION(VERSION);
4878 MODULE_LICENSE("GPL");
4879 MODULE_ALIAS("bt-proto-0");
projects / linux-flexiantxendom0-natty.git / blob