2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
48 /* Handle HCI Event packets */
50 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
52 __u8 status = *((__u8 *) skb->data);
54 BT_DBG("%s status 0x%x", hdev->name, status);
59 if (test_and_clear_bit(HCI_INQUIRY, &hdev->flags) &&
60 test_bit(HCI_MGMT, &hdev->flags))
61 mgmt_discovering(hdev->id, 0);
63 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
65 hci_conn_check_pending(hdev);
68 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
70 __u8 status = *((__u8 *) skb->data);
72 BT_DBG("%s status 0x%x", hdev->name, status);
77 if (test_and_clear_bit(HCI_INQUIRY, &hdev->flags) &&
78 test_bit(HCI_MGMT, &hdev->flags))
79 mgmt_discovering(hdev->id, 0);
81 hci_conn_check_pending(hdev);
84 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
86 BT_DBG("%s", hdev->name);
89 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
91 struct hci_rp_role_discovery *rp = (void *) skb->data;
92 struct hci_conn *conn;
94 BT_DBG("%s status 0x%x", hdev->name, rp->status);
101 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
104 conn->link_mode &= ~HCI_LM_MASTER;
106 conn->link_mode |= HCI_LM_MASTER;
109 hci_dev_unlock(hdev);
112 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
114 struct hci_rp_read_link_policy *rp = (void *) skb->data;
115 struct hci_conn *conn;
117 BT_DBG("%s status 0x%x", hdev->name, rp->status);
124 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
126 conn->link_policy = __le16_to_cpu(rp->policy);
128 hci_dev_unlock(hdev);
131 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
133 struct hci_rp_write_link_policy *rp = (void *) skb->data;
134 struct hci_conn *conn;
137 BT_DBG("%s status 0x%x", hdev->name, rp->status);
142 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
148 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
150 conn->link_policy = get_unaligned_le16(sent + 2);
152 hci_dev_unlock(hdev);
155 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
157 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
159 BT_DBG("%s status 0x%x", hdev->name, rp->status);
164 hdev->link_policy = __le16_to_cpu(rp->policy);
167 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
169 __u8 status = *((__u8 *) skb->data);
172 BT_DBG("%s status 0x%x", hdev->name, status);
174 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
179 hdev->link_policy = get_unaligned_le16(sent);
181 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
184 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
186 __u8 status = *((__u8 *) skb->data);
188 BT_DBG("%s status 0x%x", hdev->name, status);
190 clear_bit(HCI_RESET, &hdev->flags);
192 hci_req_complete(hdev, HCI_OP_RESET, status);
195 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
197 __u8 status = *((__u8 *) skb->data);
200 BT_DBG("%s status 0x%x", hdev->name, status);
202 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
206 if (test_bit(HCI_MGMT, &hdev->flags))
207 mgmt_set_local_name_complete(hdev->id, sent, status);
212 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
215 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
217 struct hci_rp_read_local_name *rp = (void *) skb->data;
219 BT_DBG("%s status 0x%x", hdev->name, rp->status);
224 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
227 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
229 __u8 status = *((__u8 *) skb->data);
232 BT_DBG("%s status 0x%x", hdev->name, status);
234 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
239 __u8 param = *((__u8 *) sent);
241 if (param == AUTH_ENABLED)
242 set_bit(HCI_AUTH, &hdev->flags);
244 clear_bit(HCI_AUTH, &hdev->flags);
247 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
250 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
252 __u8 status = *((__u8 *) skb->data);
255 BT_DBG("%s status 0x%x", hdev->name, status);
257 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
262 __u8 param = *((__u8 *) sent);
265 set_bit(HCI_ENCRYPT, &hdev->flags);
267 clear_bit(HCI_ENCRYPT, &hdev->flags);
270 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
273 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
275 __u8 status = *((__u8 *) skb->data);
278 BT_DBG("%s status 0x%x", hdev->name, status);
280 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
285 __u8 param = *((__u8 *) sent);
286 int old_pscan, old_iscan;
288 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
289 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
291 if (param & SCAN_INQUIRY) {
292 set_bit(HCI_ISCAN, &hdev->flags);
294 mgmt_discoverable(hdev->id, 1);
295 } else if (old_iscan)
296 mgmt_discoverable(hdev->id, 0);
298 if (param & SCAN_PAGE) {
299 set_bit(HCI_PSCAN, &hdev->flags);
301 mgmt_connectable(hdev->id, 1);
302 } else if (old_pscan)
303 mgmt_connectable(hdev->id, 0);
306 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
309 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
311 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
313 BT_DBG("%s status 0x%x", hdev->name, rp->status);
318 memcpy(hdev->dev_class, rp->dev_class, 3);
320 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
321 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
324 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
326 __u8 status = *((__u8 *) skb->data);
329 BT_DBG("%s status 0x%x", hdev->name, status);
334 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
338 memcpy(hdev->dev_class, sent, 3);
341 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
343 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
346 BT_DBG("%s status 0x%x", hdev->name, rp->status);
351 setting = __le16_to_cpu(rp->voice_setting);
353 if (hdev->voice_setting == setting)
356 hdev->voice_setting = setting;
358 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
361 tasklet_disable(&hdev->tx_task);
362 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
363 tasklet_enable(&hdev->tx_task);
367 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
369 __u8 status = *((__u8 *) skb->data);
373 BT_DBG("%s status 0x%x", hdev->name, status);
378 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
382 setting = get_unaligned_le16(sent);
384 if (hdev->voice_setting == setting)
387 hdev->voice_setting = setting;
389 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
392 tasklet_disable(&hdev->tx_task);
393 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
394 tasklet_enable(&hdev->tx_task);
398 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
400 __u8 status = *((__u8 *) skb->data);
402 BT_DBG("%s status 0x%x", hdev->name, status);
404 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
407 static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
409 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
411 BT_DBG("%s status 0x%x", hdev->name, rp->status);
416 hdev->ssp_mode = rp->mode;
419 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
421 __u8 status = *((__u8 *) skb->data);
424 BT_DBG("%s status 0x%x", hdev->name, status);
429 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
433 hdev->ssp_mode = *((__u8 *) sent);
436 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
438 if (hdev->features[6] & LMP_EXT_INQ)
441 if (hdev->features[3] & LMP_RSSI_INQ)
444 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
445 hdev->lmp_subver == 0x0757)
448 if (hdev->manufacturer == 15) {
449 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
451 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
453 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
457 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
458 hdev->lmp_subver == 0x1805)
464 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
468 mode = hci_get_inquiry_mode(hdev);
470 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
473 static void hci_setup_event_mask(struct hci_dev *hdev)
475 /* The second byte is 0xff instead of 0x9f (two reserved bits
476 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
477 * command otherwise */
478 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
480 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
481 * any event mask for pre 1.2 devices */
482 if (hdev->lmp_ver <= 1)
485 events[4] |= 0x01; /* Flow Specification Complete */
486 events[4] |= 0x02; /* Inquiry Result with RSSI */
487 events[4] |= 0x04; /* Read Remote Extended Features Complete */
488 events[5] |= 0x08; /* Synchronous Connection Complete */
489 events[5] |= 0x10; /* Synchronous Connection Changed */
491 if (hdev->features[3] & LMP_RSSI_INQ)
492 events[4] |= 0x04; /* Inquiry Result with RSSI */
494 if (hdev->features[5] & LMP_SNIFF_SUBR)
495 events[5] |= 0x20; /* Sniff Subrating */
497 if (hdev->features[5] & LMP_PAUSE_ENC)
498 events[5] |= 0x80; /* Encryption Key Refresh Complete */
500 if (hdev->features[6] & LMP_EXT_INQ)
501 events[5] |= 0x40; /* Extended Inquiry Result */
503 if (hdev->features[6] & LMP_NO_FLUSH)
504 events[7] |= 0x01; /* Enhanced Flush Complete */
506 if (hdev->features[7] & LMP_LSTO)
507 events[6] |= 0x80; /* Link Supervision Timeout Changed */
509 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
510 events[6] |= 0x01; /* IO Capability Request */
511 events[6] |= 0x02; /* IO Capability Response */
512 events[6] |= 0x04; /* User Confirmation Request */
513 events[6] |= 0x08; /* User Passkey Request */
514 events[6] |= 0x10; /* Remote OOB Data Request */
515 events[6] |= 0x20; /* Simple Pairing Complete */
516 events[7] |= 0x04; /* User Passkey Notification */
517 events[7] |= 0x08; /* Keypress Notification */
518 events[7] |= 0x10; /* Remote Host Supported
519 * Features Notification */
522 if (hdev->features[4] & LMP_LE)
523 events[7] |= 0x20; /* LE Meta-Event */
525 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
528 static void hci_setup(struct hci_dev *hdev)
530 hci_setup_event_mask(hdev);
532 if (hdev->lmp_ver > 1)
533 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
535 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
537 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
540 if (hdev->features[3] & LMP_RSSI_INQ)
541 hci_setup_inquiry_mode(hdev);
543 if (hdev->features[7] & LMP_INQ_TX_PWR)
544 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
547 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
549 struct hci_rp_read_local_version *rp = (void *) skb->data;
551 BT_DBG("%s status 0x%x", hdev->name, rp->status);
556 hdev->hci_ver = rp->hci_ver;
557 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
558 hdev->lmp_ver = rp->lmp_ver;
559 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
560 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
562 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
564 hdev->hci_ver, hdev->hci_rev);
566 if (test_bit(HCI_INIT, &hdev->flags))
570 static void hci_setup_link_policy(struct hci_dev *hdev)
574 if (hdev->features[0] & LMP_RSWITCH)
575 link_policy |= HCI_LP_RSWITCH;
576 if (hdev->features[0] & LMP_HOLD)
577 link_policy |= HCI_LP_HOLD;
578 if (hdev->features[0] & LMP_SNIFF)
579 link_policy |= HCI_LP_SNIFF;
580 if (hdev->features[1] & LMP_PARK)
581 link_policy |= HCI_LP_PARK;
583 link_policy = cpu_to_le16(link_policy);
584 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
585 sizeof(link_policy), &link_policy);
588 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
590 struct hci_rp_read_local_commands *rp = (void *) skb->data;
592 BT_DBG("%s status 0x%x", hdev->name, rp->status);
597 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
599 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
600 hci_setup_link_policy(hdev);
603 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
606 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
608 struct hci_rp_read_local_features *rp = (void *) skb->data;
610 BT_DBG("%s status 0x%x", hdev->name, rp->status);
615 memcpy(hdev->features, rp->features, 8);
617 /* Adjust default settings according to features
618 * supported by device. */
620 if (hdev->features[0] & LMP_3SLOT)
621 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
623 if (hdev->features[0] & LMP_5SLOT)
624 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
626 if (hdev->features[1] & LMP_HV2) {
627 hdev->pkt_type |= (HCI_HV2);
628 hdev->esco_type |= (ESCO_HV2);
631 if (hdev->features[1] & LMP_HV3) {
632 hdev->pkt_type |= (HCI_HV3);
633 hdev->esco_type |= (ESCO_HV3);
636 if (hdev->features[3] & LMP_ESCO)
637 hdev->esco_type |= (ESCO_EV3);
639 if (hdev->features[4] & LMP_EV4)
640 hdev->esco_type |= (ESCO_EV4);
642 if (hdev->features[4] & LMP_EV5)
643 hdev->esco_type |= (ESCO_EV5);
645 if (hdev->features[5] & LMP_EDR_ESCO_2M)
646 hdev->esco_type |= (ESCO_2EV3);
648 if (hdev->features[5] & LMP_EDR_ESCO_3M)
649 hdev->esco_type |= (ESCO_3EV3);
651 if (hdev->features[5] & LMP_EDR_3S_ESCO)
652 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
654 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
655 hdev->features[0], hdev->features[1],
656 hdev->features[2], hdev->features[3],
657 hdev->features[4], hdev->features[5],
658 hdev->features[6], hdev->features[7]);
661 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
663 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
665 BT_DBG("%s status 0x%x", hdev->name, rp->status);
670 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
671 hdev->sco_mtu = rp->sco_mtu;
672 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
673 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
675 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
680 hdev->acl_cnt = hdev->acl_pkts;
681 hdev->sco_cnt = hdev->sco_pkts;
683 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
684 hdev->acl_mtu, hdev->acl_pkts,
685 hdev->sco_mtu, hdev->sco_pkts);
688 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
690 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
692 BT_DBG("%s status 0x%x", hdev->name, rp->status);
695 bacpy(&hdev->bdaddr, &rp->bdaddr);
697 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
700 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
702 __u8 status = *((__u8 *) skb->data);
704 BT_DBG("%s status 0x%x", hdev->name, status);
706 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
709 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
712 __u8 status = *((__u8 *) skb->data);
714 BT_DBG("%s status 0x%x", hdev->name, status);
716 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
719 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
721 __u8 status = *((__u8 *) skb->data);
723 BT_DBG("%s status 0x%x", hdev->name, status);
725 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
728 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
731 __u8 status = *((__u8 *) skb->data);
733 BT_DBG("%s status 0x%x", hdev->name, status);
735 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
738 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
741 __u8 status = *((__u8 *) skb->data);
743 BT_DBG("%s status 0x%x", hdev->name, status);
745 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
748 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
750 __u8 status = *((__u8 *) skb->data);
752 BT_DBG("%s status 0x%x", hdev->name, status);
754 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
757 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
759 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
760 struct hci_cp_pin_code_reply *cp;
761 struct hci_conn *conn;
763 BT_DBG("%s status 0x%x", hdev->name, rp->status);
765 if (test_bit(HCI_MGMT, &hdev->flags))
766 mgmt_pin_code_reply_complete(hdev->id, &rp->bdaddr, rp->status);
771 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
775 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
777 conn->pin_length = cp->pin_len;
780 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
782 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
784 BT_DBG("%s status 0x%x", hdev->name, rp->status);
786 if (test_bit(HCI_MGMT, &hdev->flags))
787 mgmt_pin_code_neg_reply_complete(hdev->id, &rp->bdaddr,
790 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
793 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
795 BT_DBG("%s status 0x%x", hdev->name, rp->status);
800 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
801 hdev->le_pkts = rp->le_max_pkt;
803 hdev->le_cnt = hdev->le_pkts;
805 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
807 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
810 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
812 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
814 BT_DBG("%s status 0x%x", hdev->name, rp->status);
816 if (test_bit(HCI_MGMT, &hdev->flags))
817 mgmt_user_confirm_reply_complete(hdev->id, &rp->bdaddr,
821 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
824 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
826 BT_DBG("%s status 0x%x", hdev->name, rp->status);
828 if (test_bit(HCI_MGMT, &hdev->flags))
829 mgmt_user_confirm_neg_reply_complete(hdev->id, &rp->bdaddr,
833 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
836 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
838 BT_DBG("%s status 0x%x", hdev->name, rp->status);
840 mgmt_read_local_oob_data_reply_complete(hdev->id, rp->hash,
841 rp->randomizer, rp->status);
844 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
846 BT_DBG("%s status 0x%x", hdev->name, status);
849 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
850 hci_conn_check_pending(hdev);
854 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags) &&
855 test_bit(HCI_MGMT, &hdev->flags))
856 mgmt_discovering(hdev->id, 1);
859 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
861 struct hci_cp_create_conn *cp;
862 struct hci_conn *conn;
864 BT_DBG("%s status 0x%x", hdev->name, status);
866 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
872 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
874 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
877 if (conn && conn->state == BT_CONNECT) {
878 if (status != 0x0c || conn->attempt > 2) {
879 conn->state = BT_CLOSED;
880 hci_proto_connect_cfm(conn, status);
883 conn->state = BT_CONNECT2;
887 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
890 conn->link_mode |= HCI_LM_MASTER;
892 BT_ERR("No memory for new connection");
896 hci_dev_unlock(hdev);
899 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
901 struct hci_cp_add_sco *cp;
902 struct hci_conn *acl, *sco;
905 BT_DBG("%s status 0x%x", hdev->name, status);
910 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
914 handle = __le16_to_cpu(cp->handle);
916 BT_DBG("%s handle %d", hdev->name, handle);
920 acl = hci_conn_hash_lookup_handle(hdev, handle);
924 sco->state = BT_CLOSED;
926 hci_proto_connect_cfm(sco, status);
931 hci_dev_unlock(hdev);
934 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
936 struct hci_cp_auth_requested *cp;
937 struct hci_conn *conn;
939 BT_DBG("%s status 0x%x", hdev->name, status);
944 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
950 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
952 if (conn->state == BT_CONFIG) {
953 hci_proto_connect_cfm(conn, status);
958 hci_dev_unlock(hdev);
961 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
963 struct hci_cp_set_conn_encrypt *cp;
964 struct hci_conn *conn;
966 BT_DBG("%s status 0x%x", hdev->name, status);
971 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
977 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
979 if (conn->state == BT_CONFIG) {
980 hci_proto_connect_cfm(conn, status);
985 hci_dev_unlock(hdev);
988 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
989 struct hci_conn *conn)
991 if (conn->state != BT_CONFIG || !conn->out)
994 if (conn->pending_sec_level == BT_SECURITY_SDP)
997 /* Only request authentication for SSP connections or non-SSP
998 * devices with sec_level HIGH */
999 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
1000 conn->pending_sec_level != BT_SECURITY_HIGH)
1006 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1008 struct hci_cp_remote_name_req *cp;
1009 struct hci_conn *conn;
1011 BT_DBG("%s status 0x%x", hdev->name, status);
1013 /* If successful wait for the name req complete event before
1014 * checking for the need to do authentication */
1018 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1024 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1028 if (!hci_outgoing_auth_needed(hdev, conn))
1031 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1032 struct hci_cp_auth_requested cp;
1033 cp.handle = __cpu_to_le16(conn->handle);
1034 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1038 hci_dev_unlock(hdev);
1041 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1043 struct hci_cp_read_remote_features *cp;
1044 struct hci_conn *conn;
1046 BT_DBG("%s status 0x%x", hdev->name, status);
1051 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1057 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1059 if (conn->state == BT_CONFIG) {
1060 hci_proto_connect_cfm(conn, status);
1065 hci_dev_unlock(hdev);
1068 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1070 struct hci_cp_read_remote_ext_features *cp;
1071 struct hci_conn *conn;
1073 BT_DBG("%s status 0x%x", hdev->name, status);
1078 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1084 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1086 if (conn->state == BT_CONFIG) {
1087 hci_proto_connect_cfm(conn, status);
1092 hci_dev_unlock(hdev);
1095 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1097 struct hci_cp_setup_sync_conn *cp;
1098 struct hci_conn *acl, *sco;
1101 BT_DBG("%s status 0x%x", hdev->name, status);
1106 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1110 handle = __le16_to_cpu(cp->handle);
1112 BT_DBG("%s handle %d", hdev->name, handle);
1116 acl = hci_conn_hash_lookup_handle(hdev, handle);
1120 sco->state = BT_CLOSED;
1122 hci_proto_connect_cfm(sco, status);
1127 hci_dev_unlock(hdev);
1130 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1132 struct hci_cp_sniff_mode *cp;
1133 struct hci_conn *conn;
1135 BT_DBG("%s status 0x%x", hdev->name, status);
1140 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1146 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1148 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1150 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1151 hci_sco_setup(conn, status);
1154 hci_dev_unlock(hdev);
1157 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1159 struct hci_cp_exit_sniff_mode *cp;
1160 struct hci_conn *conn;
1162 BT_DBG("%s status 0x%x", hdev->name, status);
1167 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1173 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1175 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1177 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1178 hci_sco_setup(conn, status);
1181 hci_dev_unlock(hdev);
1184 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1186 struct hci_cp_le_create_conn *cp;
1187 struct hci_conn *conn;
1189 BT_DBG("%s status 0x%x", hdev->name, status);
1191 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1197 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1199 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1203 if (conn && conn->state == BT_CONNECT) {
1204 conn->state = BT_CLOSED;
1205 hci_proto_connect_cfm(conn, status);
1210 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1214 BT_ERR("No memory for new connection");
1218 hci_dev_unlock(hdev);
1221 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1223 __u8 status = *((__u8 *) skb->data);
1225 BT_DBG("%s status %d", hdev->name, status);
1227 if (test_and_clear_bit(HCI_INQUIRY, &hdev->flags) &&
1228 test_bit(HCI_MGMT, &hdev->flags))
1229 mgmt_discovering(hdev->id, 0);
1231 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1233 hci_conn_check_pending(hdev);
1236 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1238 struct inquiry_data data;
1239 struct inquiry_info *info = (void *) (skb->data + 1);
1240 int num_rsp = *((__u8 *) skb->data);
1242 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1249 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
1251 if (test_bit(HCI_MGMT, &hdev->flags))
1252 mgmt_discovering(hdev->id, 1);
1255 for (; num_rsp; num_rsp--, info++) {
1256 bacpy(&data.bdaddr, &info->bdaddr);
1257 data.pscan_rep_mode = info->pscan_rep_mode;
1258 data.pscan_period_mode = info->pscan_period_mode;
1259 data.pscan_mode = info->pscan_mode;
1260 memcpy(data.dev_class, info->dev_class, 3);
1261 data.clock_offset = info->clock_offset;
1263 data.ssp_mode = 0x00;
1264 hci_inquiry_cache_update(hdev, &data);
1265 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class, 0,
1269 hci_dev_unlock(hdev);
1272 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1274 struct hci_ev_conn_complete *ev = (void *) skb->data;
1275 struct hci_conn *conn;
1277 BT_DBG("%s", hdev->name);
1281 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1283 if (ev->link_type != SCO_LINK)
1286 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1290 conn->type = SCO_LINK;
1294 conn->handle = __le16_to_cpu(ev->handle);
1296 if (conn->type == ACL_LINK) {
1297 conn->state = BT_CONFIG;
1298 hci_conn_hold(conn);
1299 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1300 mgmt_connected(hdev->id, &ev->bdaddr);
1302 conn->state = BT_CONNECTED;
1304 hci_conn_hold_device(conn);
1305 hci_conn_add_sysfs(conn);
1307 if (test_bit(HCI_AUTH, &hdev->flags))
1308 conn->link_mode |= HCI_LM_AUTH;
1310 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1311 conn->link_mode |= HCI_LM_ENCRYPT;
1313 /* Get remote features */
1314 if (conn->type == ACL_LINK) {
1315 struct hci_cp_read_remote_features cp;
1316 cp.handle = ev->handle;
1317 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1321 /* Set packet type for incoming connection */
1322 if (!conn->out && hdev->hci_ver < 3) {
1323 struct hci_cp_change_conn_ptype cp;
1324 cp.handle = ev->handle;
1325 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1326 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1330 conn->state = BT_CLOSED;
1331 if (conn->type == ACL_LINK)
1332 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
1335 if (conn->type == ACL_LINK)
1336 hci_sco_setup(conn, ev->status);
1339 hci_proto_connect_cfm(conn, ev->status);
1341 } else if (ev->link_type != ACL_LINK)
1342 hci_proto_connect_cfm(conn, ev->status);
1345 hci_dev_unlock(hdev);
1347 hci_conn_check_pending(hdev);
1350 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1352 struct hci_ev_conn_request *ev = (void *) skb->data;
1353 int mask = hdev->link_mode;
1355 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1356 batostr(&ev->bdaddr), ev->link_type);
1358 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1360 if ((mask & HCI_LM_ACCEPT) &&
1361 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1362 /* Connection accepted */
1363 struct inquiry_entry *ie;
1364 struct hci_conn *conn;
1368 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1370 memcpy(ie->data.dev_class, ev->dev_class, 3);
1372 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1374 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1376 BT_ERR("No memory for new connection");
1377 hci_dev_unlock(hdev);
1382 memcpy(conn->dev_class, ev->dev_class, 3);
1383 conn->state = BT_CONNECT;
1385 hci_dev_unlock(hdev);
1387 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1388 struct hci_cp_accept_conn_req cp;
1390 bacpy(&cp.bdaddr, &ev->bdaddr);
1392 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1393 cp.role = 0x00; /* Become master */
1395 cp.role = 0x01; /* Remain slave */
1397 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1400 struct hci_cp_accept_sync_conn_req cp;
1402 bacpy(&cp.bdaddr, &ev->bdaddr);
1403 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1405 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1406 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1407 cp.max_latency = cpu_to_le16(0xffff);
1408 cp.content_format = cpu_to_le16(hdev->voice_setting);
1409 cp.retrans_effort = 0xff;
1411 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1415 /* Connection rejected */
1416 struct hci_cp_reject_conn_req cp;
1418 bacpy(&cp.bdaddr, &ev->bdaddr);
1420 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1424 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1426 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1427 struct hci_conn *conn;
1429 BT_DBG("%s status %d", hdev->name, ev->status);
1432 mgmt_disconnect_failed(hdev->id);
1438 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1442 conn->state = BT_CLOSED;
1444 if (conn->type == ACL_LINK || conn->type == LE_LINK)
1445 mgmt_disconnected(hdev->id, &conn->dst);
1447 hci_proto_disconn_cfm(conn, ev->reason);
1451 hci_dev_unlock(hdev);
1454 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1456 struct hci_ev_auth_complete *ev = (void *) skb->data;
1457 struct hci_conn *conn;
1459 BT_DBG("%s status %d", hdev->name, ev->status);
1463 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1466 conn->link_mode |= HCI_LM_AUTH;
1467 conn->sec_level = conn->pending_sec_level;
1469 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
1472 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1474 if (conn->state == BT_CONFIG) {
1475 if (!ev->status && hdev->ssp_mode > 0 &&
1476 conn->ssp_mode > 0) {
1477 struct hci_cp_set_conn_encrypt cp;
1478 cp.handle = ev->handle;
1480 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
1483 conn->state = BT_CONNECTED;
1484 hci_proto_connect_cfm(conn, ev->status);
1488 hci_auth_cfm(conn, ev->status);
1490 hci_conn_hold(conn);
1491 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1495 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1497 struct hci_cp_set_conn_encrypt cp;
1498 cp.handle = ev->handle;
1500 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
1503 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1504 hci_encrypt_cfm(conn, ev->status, 0x00);
1509 hci_dev_unlock(hdev);
1512 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1514 struct hci_ev_remote_name *ev = (void *) skb->data;
1515 struct hci_conn *conn;
1517 BT_DBG("%s", hdev->name);
1519 hci_conn_check_pending(hdev);
1523 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
1524 mgmt_remote_name(hdev->id, &ev->bdaddr, ev->name);
1526 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1530 if (!hci_outgoing_auth_needed(hdev, conn))
1533 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
1534 struct hci_cp_auth_requested cp;
1535 cp.handle = __cpu_to_le16(conn->handle);
1536 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1540 hci_dev_unlock(hdev);
1543 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1545 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1546 struct hci_conn *conn;
1548 BT_DBG("%s status %d", hdev->name, ev->status);
1552 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1556 /* Encryption implies authentication */
1557 conn->link_mode |= HCI_LM_AUTH;
1558 conn->link_mode |= HCI_LM_ENCRYPT;
1560 conn->link_mode &= ~HCI_LM_ENCRYPT;
1563 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1565 if (conn->state == BT_CONFIG) {
1567 conn->state = BT_CONNECTED;
1569 hci_proto_connect_cfm(conn, ev->status);
1572 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1575 hci_dev_unlock(hdev);
1578 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1580 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1581 struct hci_conn *conn;
1583 BT_DBG("%s status %d", hdev->name, ev->status);
1587 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1590 conn->link_mode |= HCI_LM_SECURE;
1592 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1594 hci_key_change_cfm(conn, ev->status);
1597 hci_dev_unlock(hdev);
1600 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1602 struct hci_ev_remote_features *ev = (void *) skb->data;
1603 struct hci_conn *conn;
1605 BT_DBG("%s status %d", hdev->name, ev->status);
1609 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1614 memcpy(conn->features, ev->features, 8);
1616 if (conn->state != BT_CONFIG)
1619 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1620 struct hci_cp_read_remote_ext_features cp;
1621 cp.handle = ev->handle;
1623 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
1629 struct hci_cp_remote_name_req cp;
1630 memset(&cp, 0, sizeof(cp));
1631 bacpy(&cp.bdaddr, &conn->dst);
1632 cp.pscan_rep_mode = 0x02;
1633 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1636 if (!hci_outgoing_auth_needed(hdev, conn)) {
1637 conn->state = BT_CONNECTED;
1638 hci_proto_connect_cfm(conn, ev->status);
1643 hci_dev_unlock(hdev);
1646 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1648 BT_DBG("%s", hdev->name);
1651 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1653 BT_DBG("%s", hdev->name);
1656 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1658 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1661 skb_pull(skb, sizeof(*ev));
1663 opcode = __le16_to_cpu(ev->opcode);
1666 case HCI_OP_INQUIRY_CANCEL:
1667 hci_cc_inquiry_cancel(hdev, skb);
1670 case HCI_OP_EXIT_PERIODIC_INQ:
1671 hci_cc_exit_periodic_inq(hdev, skb);
1674 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1675 hci_cc_remote_name_req_cancel(hdev, skb);
1678 case HCI_OP_ROLE_DISCOVERY:
1679 hci_cc_role_discovery(hdev, skb);
1682 case HCI_OP_READ_LINK_POLICY:
1683 hci_cc_read_link_policy(hdev, skb);
1686 case HCI_OP_WRITE_LINK_POLICY:
1687 hci_cc_write_link_policy(hdev, skb);
1690 case HCI_OP_READ_DEF_LINK_POLICY:
1691 hci_cc_read_def_link_policy(hdev, skb);
1694 case HCI_OP_WRITE_DEF_LINK_POLICY:
1695 hci_cc_write_def_link_policy(hdev, skb);
1699 hci_cc_reset(hdev, skb);
1702 case HCI_OP_WRITE_LOCAL_NAME:
1703 hci_cc_write_local_name(hdev, skb);
1706 case HCI_OP_READ_LOCAL_NAME:
1707 hci_cc_read_local_name(hdev, skb);
1710 case HCI_OP_WRITE_AUTH_ENABLE:
1711 hci_cc_write_auth_enable(hdev, skb);
1714 case HCI_OP_WRITE_ENCRYPT_MODE:
1715 hci_cc_write_encrypt_mode(hdev, skb);
1718 case HCI_OP_WRITE_SCAN_ENABLE:
1719 hci_cc_write_scan_enable(hdev, skb);
1722 case HCI_OP_READ_CLASS_OF_DEV:
1723 hci_cc_read_class_of_dev(hdev, skb);
1726 case HCI_OP_WRITE_CLASS_OF_DEV:
1727 hci_cc_write_class_of_dev(hdev, skb);
1730 case HCI_OP_READ_VOICE_SETTING:
1731 hci_cc_read_voice_setting(hdev, skb);
1734 case HCI_OP_WRITE_VOICE_SETTING:
1735 hci_cc_write_voice_setting(hdev, skb);
1738 case HCI_OP_HOST_BUFFER_SIZE:
1739 hci_cc_host_buffer_size(hdev, skb);
1742 case HCI_OP_READ_SSP_MODE:
1743 hci_cc_read_ssp_mode(hdev, skb);
1746 case HCI_OP_WRITE_SSP_MODE:
1747 hci_cc_write_ssp_mode(hdev, skb);
1750 case HCI_OP_READ_LOCAL_VERSION:
1751 hci_cc_read_local_version(hdev, skb);
1754 case HCI_OP_READ_LOCAL_COMMANDS:
1755 hci_cc_read_local_commands(hdev, skb);
1758 case HCI_OP_READ_LOCAL_FEATURES:
1759 hci_cc_read_local_features(hdev, skb);
1762 case HCI_OP_READ_BUFFER_SIZE:
1763 hci_cc_read_buffer_size(hdev, skb);
1766 case HCI_OP_READ_BD_ADDR:
1767 hci_cc_read_bd_addr(hdev, skb);
1770 case HCI_OP_WRITE_CA_TIMEOUT:
1771 hci_cc_write_ca_timeout(hdev, skb);
1774 case HCI_OP_DELETE_STORED_LINK_KEY:
1775 hci_cc_delete_stored_link_key(hdev, skb);
1778 case HCI_OP_SET_EVENT_MASK:
1779 hci_cc_set_event_mask(hdev, skb);
1782 case HCI_OP_WRITE_INQUIRY_MODE:
1783 hci_cc_write_inquiry_mode(hdev, skb);
1786 case HCI_OP_READ_INQ_RSP_TX_POWER:
1787 hci_cc_read_inq_rsp_tx_power(hdev, skb);
1790 case HCI_OP_SET_EVENT_FLT:
1791 hci_cc_set_event_flt(hdev, skb);
1794 case HCI_OP_PIN_CODE_REPLY:
1795 hci_cc_pin_code_reply(hdev, skb);
1798 case HCI_OP_PIN_CODE_NEG_REPLY:
1799 hci_cc_pin_code_neg_reply(hdev, skb);
1802 case HCI_OP_READ_LOCAL_OOB_DATA:
1803 hci_cc_read_local_oob_data_reply(hdev, skb);
1806 case HCI_OP_LE_READ_BUFFER_SIZE:
1807 hci_cc_le_read_buffer_size(hdev, skb);
1810 case HCI_OP_USER_CONFIRM_REPLY:
1811 hci_cc_user_confirm_reply(hdev, skb);
1814 case HCI_OP_USER_CONFIRM_NEG_REPLY:
1815 hci_cc_user_confirm_neg_reply(hdev, skb);
1819 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1823 if (ev->opcode != HCI_OP_NOP)
1824 del_timer(&hdev->cmd_timer);
1827 atomic_set(&hdev->cmd_cnt, 1);
1828 if (!skb_queue_empty(&hdev->cmd_q))
1829 tasklet_schedule(&hdev->cmd_task);
1833 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
1835 struct hci_ev_cmd_status *ev = (void *) skb->data;
1838 skb_pull(skb, sizeof(*ev));
1840 opcode = __le16_to_cpu(ev->opcode);
1843 case HCI_OP_INQUIRY:
1844 hci_cs_inquiry(hdev, ev->status);
1847 case HCI_OP_CREATE_CONN:
1848 hci_cs_create_conn(hdev, ev->status);
1851 case HCI_OP_ADD_SCO:
1852 hci_cs_add_sco(hdev, ev->status);
1855 case HCI_OP_AUTH_REQUESTED:
1856 hci_cs_auth_requested(hdev, ev->status);
1859 case HCI_OP_SET_CONN_ENCRYPT:
1860 hci_cs_set_conn_encrypt(hdev, ev->status);
1863 case HCI_OP_REMOTE_NAME_REQ:
1864 hci_cs_remote_name_req(hdev, ev->status);
1867 case HCI_OP_READ_REMOTE_FEATURES:
1868 hci_cs_read_remote_features(hdev, ev->status);
1871 case HCI_OP_READ_REMOTE_EXT_FEATURES:
1872 hci_cs_read_remote_ext_features(hdev, ev->status);
1875 case HCI_OP_SETUP_SYNC_CONN:
1876 hci_cs_setup_sync_conn(hdev, ev->status);
1879 case HCI_OP_SNIFF_MODE:
1880 hci_cs_sniff_mode(hdev, ev->status);
1883 case HCI_OP_EXIT_SNIFF_MODE:
1884 hci_cs_exit_sniff_mode(hdev, ev->status);
1887 case HCI_OP_DISCONNECT:
1888 if (ev->status != 0)
1889 mgmt_disconnect_failed(hdev->id);
1892 case HCI_OP_LE_CREATE_CONN:
1893 hci_cs_le_create_conn(hdev, ev->status);
1897 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1901 if (ev->opcode != HCI_OP_NOP)
1902 del_timer(&hdev->cmd_timer);
1904 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
1905 atomic_set(&hdev->cmd_cnt, 1);
1906 if (!skb_queue_empty(&hdev->cmd_q))
1907 tasklet_schedule(&hdev->cmd_task);
1911 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1913 struct hci_ev_role_change *ev = (void *) skb->data;
1914 struct hci_conn *conn;
1916 BT_DBG("%s status %d", hdev->name, ev->status);
1920 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1924 conn->link_mode &= ~HCI_LM_MASTER;
1926 conn->link_mode |= HCI_LM_MASTER;
1929 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
1931 hci_role_switch_cfm(conn, ev->status, ev->role);
1934 hci_dev_unlock(hdev);
1937 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
1939 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
1943 skb_pull(skb, sizeof(*ev));
1945 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
1947 if (skb->len < ev->num_hndl * 4) {
1948 BT_DBG("%s bad parameters", hdev->name);
1952 tasklet_disable(&hdev->tx_task);
1954 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
1955 struct hci_conn *conn;
1956 __u16 handle, count;
1958 handle = get_unaligned_le16(ptr++);
1959 count = get_unaligned_le16(ptr++);
1961 conn = hci_conn_hash_lookup_handle(hdev, handle);
1963 conn->sent -= count;
1965 if (conn->type == ACL_LINK) {
1966 hdev->acl_cnt += count;
1967 if (hdev->acl_cnt > hdev->acl_pkts)
1968 hdev->acl_cnt = hdev->acl_pkts;
1969 } else if (conn->type == LE_LINK) {
1970 if (hdev->le_pkts) {
1971 hdev->le_cnt += count;
1972 if (hdev->le_cnt > hdev->le_pkts)
1973 hdev->le_cnt = hdev->le_pkts;
1975 hdev->acl_cnt += count;
1976 if (hdev->acl_cnt > hdev->acl_pkts)
1977 hdev->acl_cnt = hdev->acl_pkts;
1980 hdev->sco_cnt += count;
1981 if (hdev->sco_cnt > hdev->sco_pkts)
1982 hdev->sco_cnt = hdev->sco_pkts;
1987 tasklet_schedule(&hdev->tx_task);
1989 tasklet_enable(&hdev->tx_task);
1992 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1994 struct hci_ev_mode_change *ev = (void *) skb->data;
1995 struct hci_conn *conn;
1997 BT_DBG("%s status %d", hdev->name, ev->status);
2001 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2003 conn->mode = ev->mode;
2004 conn->interval = __le16_to_cpu(ev->interval);
2006 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
2007 if (conn->mode == HCI_CM_ACTIVE)
2008 conn->power_save = 1;
2010 conn->power_save = 0;
2013 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
2014 hci_sco_setup(conn, ev->status);
2017 hci_dev_unlock(hdev);
2020 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2022 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2023 struct hci_conn *conn;
2025 BT_DBG("%s", hdev->name);
2029 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2030 if (conn && conn->state == BT_CONNECTED) {
2031 hci_conn_hold(conn);
2032 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2036 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2037 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2038 sizeof(ev->bdaddr), &ev->bdaddr);
2039 else if (test_bit(HCI_MGMT, &hdev->flags)) {
2042 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2047 mgmt_pin_code_request(hdev->id, &ev->bdaddr, secure);
2050 hci_dev_unlock(hdev);
2053 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2055 struct hci_ev_link_key_req *ev = (void *) skb->data;
2056 struct hci_cp_link_key_reply cp;
2057 struct hci_conn *conn;
2058 struct link_key *key;
2060 BT_DBG("%s", hdev->name);
2062 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2067 key = hci_find_link_key(hdev, &ev->bdaddr);
2069 BT_DBG("%s link key not found for %s", hdev->name,
2070 batostr(&ev->bdaddr));
2074 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2075 batostr(&ev->bdaddr));
2077 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2078 key->type == HCI_LK_DEBUG_COMBINATION) {
2079 BT_DBG("%s ignoring debug key", hdev->name);
2083 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2085 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2086 conn->auth_type != 0xff &&
2087 (conn->auth_type & 0x01)) {
2088 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2092 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2093 conn->pending_sec_level == BT_SECURITY_HIGH) {
2094 BT_DBG("%s ignoring key unauthenticated for high \
2095 security", hdev->name);
2099 conn->key_type = key->type;
2100 conn->pin_length = key->pin_len;
2103 bacpy(&cp.bdaddr, &ev->bdaddr);
2104 memcpy(cp.link_key, key->val, 16);
2106 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2108 hci_dev_unlock(hdev);
2113 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2114 hci_dev_unlock(hdev);
2117 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2119 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2120 struct hci_conn *conn;
2123 BT_DBG("%s", hdev->name);
2127 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2129 hci_conn_hold(conn);
2130 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2131 pin_len = conn->pin_length;
2133 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2134 conn->key_type = ev->key_type;
2139 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
2140 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2141 ev->key_type, pin_len);
2143 hci_dev_unlock(hdev);
2146 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2148 struct hci_ev_clock_offset *ev = (void *) skb->data;
2149 struct hci_conn *conn;
2151 BT_DBG("%s status %d", hdev->name, ev->status);
2155 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2156 if (conn && !ev->status) {
2157 struct inquiry_entry *ie;
2159 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2161 ie->data.clock_offset = ev->clock_offset;
2162 ie->timestamp = jiffies;
2166 hci_dev_unlock(hdev);
2169 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2171 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2172 struct hci_conn *conn;
2174 BT_DBG("%s status %d", hdev->name, ev->status);
2178 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2179 if (conn && !ev->status)
2180 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2182 hci_dev_unlock(hdev);
2185 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2187 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2188 struct inquiry_entry *ie;
2190 BT_DBG("%s", hdev->name);
2194 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2196 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2197 ie->timestamp = jiffies;
2200 hci_dev_unlock(hdev);
2203 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2205 struct inquiry_data data;
2206 int num_rsp = *((__u8 *) skb->data);
2208 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2215 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2217 if (test_bit(HCI_MGMT, &hdev->flags))
2218 mgmt_discovering(hdev->id, 1);
2221 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2222 struct inquiry_info_with_rssi_and_pscan_mode *info;
2223 info = (void *) (skb->data + 1);
2225 for (; num_rsp; num_rsp--, info++) {
2226 bacpy(&data.bdaddr, &info->bdaddr);
2227 data.pscan_rep_mode = info->pscan_rep_mode;
2228 data.pscan_period_mode = info->pscan_period_mode;
2229 data.pscan_mode = info->pscan_mode;
2230 memcpy(data.dev_class, info->dev_class, 3);
2231 data.clock_offset = info->clock_offset;
2232 data.rssi = info->rssi;
2233 data.ssp_mode = 0x00;
2234 hci_inquiry_cache_update(hdev, &data);
2235 mgmt_device_found(hdev->id, &info->bdaddr,
2236 info->dev_class, info->rssi,
2240 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2242 for (; num_rsp; num_rsp--, info++) {
2243 bacpy(&data.bdaddr, &info->bdaddr);
2244 data.pscan_rep_mode = info->pscan_rep_mode;
2245 data.pscan_period_mode = info->pscan_period_mode;
2246 data.pscan_mode = 0x00;
2247 memcpy(data.dev_class, info->dev_class, 3);
2248 data.clock_offset = info->clock_offset;
2249 data.rssi = info->rssi;
2250 data.ssp_mode = 0x00;
2251 hci_inquiry_cache_update(hdev, &data);
2252 mgmt_device_found(hdev->id, &info->bdaddr,
2253 info->dev_class, info->rssi,
2258 hci_dev_unlock(hdev);
2261 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2263 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2264 struct hci_conn *conn;
2266 BT_DBG("%s", hdev->name);
2270 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2274 if (!ev->status && ev->page == 0x01) {
2275 struct inquiry_entry *ie;
2277 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2279 ie->data.ssp_mode = (ev->features[0] & 0x01);
2281 conn->ssp_mode = (ev->features[0] & 0x01);
2284 if (conn->state != BT_CONFIG)
2288 struct hci_cp_remote_name_req cp;
2289 memset(&cp, 0, sizeof(cp));
2290 bacpy(&cp.bdaddr, &conn->dst);
2291 cp.pscan_rep_mode = 0x02;
2292 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2295 if (!hci_outgoing_auth_needed(hdev, conn)) {
2296 conn->state = BT_CONNECTED;
2297 hci_proto_connect_cfm(conn, ev->status);
2302 hci_dev_unlock(hdev);
2305 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2307 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2308 struct hci_conn *conn;
2310 BT_DBG("%s status %d", hdev->name, ev->status);
2314 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2316 if (ev->link_type == ESCO_LINK)
2319 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2323 conn->type = SCO_LINK;
2326 switch (ev->status) {
2328 conn->handle = __le16_to_cpu(ev->handle);
2329 conn->state = BT_CONNECTED;
2331 hci_conn_hold_device(conn);
2332 hci_conn_add_sysfs(conn);
2335 case 0x11: /* Unsupported Feature or Parameter Value */
2336 case 0x1c: /* SCO interval rejected */
2337 case 0x1a: /* Unsupported Remote Feature */
2338 case 0x1f: /* Unspecified error */
2339 if (conn->out && conn->attempt < 2) {
2340 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2341 (hdev->esco_type & EDR_ESCO_MASK);
2342 hci_setup_sync(conn, conn->link->handle);
2348 conn->state = BT_CLOSED;
2352 hci_proto_connect_cfm(conn, ev->status);
2357 hci_dev_unlock(hdev);
2360 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2362 BT_DBG("%s", hdev->name);
2365 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2367 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2369 BT_DBG("%s status %d", hdev->name, ev->status);
2372 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2374 struct inquiry_data data;
2375 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2376 int num_rsp = *((__u8 *) skb->data);
2378 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2383 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2385 if (test_bit(HCI_MGMT, &hdev->flags))
2386 mgmt_discovering(hdev->id, 1);
2391 for (; num_rsp; num_rsp--, info++) {
2392 bacpy(&data.bdaddr, &info->bdaddr);
2393 data.pscan_rep_mode = info->pscan_rep_mode;
2394 data.pscan_period_mode = info->pscan_period_mode;
2395 data.pscan_mode = 0x00;
2396 memcpy(data.dev_class, info->dev_class, 3);
2397 data.clock_offset = info->clock_offset;
2398 data.rssi = info->rssi;
2399 data.ssp_mode = 0x01;
2400 hci_inquiry_cache_update(hdev, &data);
2401 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class,
2402 info->rssi, info->data);
2405 hci_dev_unlock(hdev);
2408 static inline u8 hci_get_auth_req(struct hci_conn *conn)
2410 /* If remote requests dedicated bonding follow that lead */
2411 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2412 /* If both remote and local IO capabilities allow MITM
2413 * protection then require it, otherwise don't */
2414 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2420 /* If remote requests no-bonding follow that lead */
2421 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
2422 return conn->remote_auth | (conn->auth_type & 0x01);
2424 return conn->auth_type;
2427 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2429 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2430 struct hci_conn *conn;
2432 BT_DBG("%s", hdev->name);
2436 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2440 hci_conn_hold(conn);
2442 if (!test_bit(HCI_MGMT, &hdev->flags))
2445 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2446 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
2447 struct hci_cp_io_capability_reply cp;
2449 bacpy(&cp.bdaddr, &ev->bdaddr);
2450 cp.capability = conn->io_capability;
2451 conn->auth_type = hci_get_auth_req(conn);
2452 cp.authentication = conn->auth_type;
2454 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2455 hci_find_remote_oob_data(hdev, &conn->dst))
2460 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2463 struct hci_cp_io_capability_neg_reply cp;
2465 bacpy(&cp.bdaddr, &ev->bdaddr);
2466 cp.reason = 0x18; /* Pairing not allowed */
2468 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2473 hci_dev_unlock(hdev);
2476 static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2478 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2479 struct hci_conn *conn;
2481 BT_DBG("%s", hdev->name);
2485 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2489 conn->remote_cap = ev->capability;
2490 conn->remote_oob = ev->oob_data;
2491 conn->remote_auth = ev->authentication;
2494 hci_dev_unlock(hdev);
2497 static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2498 struct sk_buff *skb)
2500 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
2501 int loc_mitm, rem_mitm, confirm_hint = 0;
2502 struct hci_conn *conn;
2504 BT_DBG("%s", hdev->name);
2508 if (!test_bit(HCI_MGMT, &hdev->flags))
2511 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2515 loc_mitm = (conn->auth_type & 0x01);
2516 rem_mitm = (conn->remote_auth & 0x01);
2518 /* If we require MITM but the remote device can't provide that
2519 * (it has NoInputNoOutput) then reject the confirmation
2520 * request. The only exception is when we're dedicated bonding
2521 * initiators (connect_cfm_cb set) since then we always have the MITM
2523 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
2524 BT_DBG("Rejecting request: remote device can't provide MITM");
2525 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
2526 sizeof(ev->bdaddr), &ev->bdaddr);
2530 /* If no side requires MITM protection; auto-accept */
2531 if ((!loc_mitm || conn->remote_cap == 0x03) &&
2532 (!rem_mitm || conn->io_capability == 0x03)) {
2534 /* If we're not the initiators request authorization to
2535 * proceed from user space (mgmt_user_confirm with
2536 * confirm_hint set to 1). */
2537 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
2538 BT_DBG("Confirming auto-accept as acceptor");
2543 BT_DBG("Auto-accept of user confirmation with %ums delay",
2544 hdev->auto_accept_delay);
2546 if (hdev->auto_accept_delay > 0) {
2547 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
2548 mod_timer(&conn->auto_accept_timer, jiffies + delay);
2552 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
2553 sizeof(ev->bdaddr), &ev->bdaddr);
2558 mgmt_user_confirm_request(hdev->id, &ev->bdaddr, ev->passkey,
2562 hci_dev_unlock(hdev);
2565 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2567 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2568 struct hci_conn *conn;
2570 BT_DBG("%s", hdev->name);
2574 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2578 /* To avoid duplicate auth_failed events to user space we check
2579 * the HCI_CONN_AUTH_PEND flag which will be set if we
2580 * initiated the authentication. A traditional auth_complete
2581 * event gets always produced as initiator and is also mapped to
2582 * the mgmt_auth_failed event */
2583 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
2584 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
2589 hci_dev_unlock(hdev);
2592 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2594 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2595 struct inquiry_entry *ie;
2597 BT_DBG("%s", hdev->name);
2601 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2603 ie->data.ssp_mode = (ev->features[0] & 0x01);
2605 hci_dev_unlock(hdev);
2608 static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2609 struct sk_buff *skb)
2611 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2612 struct oob_data *data;
2614 BT_DBG("%s", hdev->name);
2618 if (!test_bit(HCI_MGMT, &hdev->flags))
2621 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2623 struct hci_cp_remote_oob_data_reply cp;
2625 bacpy(&cp.bdaddr, &ev->bdaddr);
2626 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2627 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2629 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2632 struct hci_cp_remote_oob_data_neg_reply cp;
2634 bacpy(&cp.bdaddr, &ev->bdaddr);
2635 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2640 hci_dev_unlock(hdev);
2643 static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2645 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2646 struct hci_conn *conn;
2648 BT_DBG("%s status %d", hdev->name, ev->status);
2652 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
2654 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2656 BT_ERR("No memory for new connection");
2657 hci_dev_unlock(hdev);
2663 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
2664 hci_proto_connect_cfm(conn, ev->status);
2665 conn->state = BT_CLOSED;
2670 mgmt_connected(hdev->id, &ev->bdaddr);
2672 conn->handle = __le16_to_cpu(ev->handle);
2673 conn->state = BT_CONNECTED;
2675 hci_conn_hold_device(conn);
2676 hci_conn_add_sysfs(conn);
2678 hci_proto_connect_cfm(conn, ev->status);
2681 hci_dev_unlock(hdev);
2684 static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
2686 struct hci_ev_le_meta *le_ev = (void *) skb->data;
2688 skb_pull(skb, sizeof(*le_ev));
2690 switch (le_ev->subevent) {
2691 case HCI_EV_LE_CONN_COMPLETE:
2692 hci_le_conn_complete_evt(hdev, skb);
2700 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
2702 struct hci_event_hdr *hdr = (void *) skb->data;
2703 __u8 event = hdr->evt;
2705 skb_pull(skb, HCI_EVENT_HDR_SIZE);
2708 case HCI_EV_INQUIRY_COMPLETE:
2709 hci_inquiry_complete_evt(hdev, skb);
2712 case HCI_EV_INQUIRY_RESULT:
2713 hci_inquiry_result_evt(hdev, skb);
2716 case HCI_EV_CONN_COMPLETE:
2717 hci_conn_complete_evt(hdev, skb);
2720 case HCI_EV_CONN_REQUEST:
2721 hci_conn_request_evt(hdev, skb);
2724 case HCI_EV_DISCONN_COMPLETE:
2725 hci_disconn_complete_evt(hdev, skb);
2728 case HCI_EV_AUTH_COMPLETE:
2729 hci_auth_complete_evt(hdev, skb);
2732 case HCI_EV_REMOTE_NAME:
2733 hci_remote_name_evt(hdev, skb);
2736 case HCI_EV_ENCRYPT_CHANGE:
2737 hci_encrypt_change_evt(hdev, skb);
2740 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
2741 hci_change_link_key_complete_evt(hdev, skb);
2744 case HCI_EV_REMOTE_FEATURES:
2745 hci_remote_features_evt(hdev, skb);
2748 case HCI_EV_REMOTE_VERSION:
2749 hci_remote_version_evt(hdev, skb);
2752 case HCI_EV_QOS_SETUP_COMPLETE:
2753 hci_qos_setup_complete_evt(hdev, skb);
2756 case HCI_EV_CMD_COMPLETE:
2757 hci_cmd_complete_evt(hdev, skb);
2760 case HCI_EV_CMD_STATUS:
2761 hci_cmd_status_evt(hdev, skb);
2764 case HCI_EV_ROLE_CHANGE:
2765 hci_role_change_evt(hdev, skb);
2768 case HCI_EV_NUM_COMP_PKTS:
2769 hci_num_comp_pkts_evt(hdev, skb);
2772 case HCI_EV_MODE_CHANGE:
2773 hci_mode_change_evt(hdev, skb);
2776 case HCI_EV_PIN_CODE_REQ:
2777 hci_pin_code_request_evt(hdev, skb);
2780 case HCI_EV_LINK_KEY_REQ:
2781 hci_link_key_request_evt(hdev, skb);
2784 case HCI_EV_LINK_KEY_NOTIFY:
2785 hci_link_key_notify_evt(hdev, skb);
2788 case HCI_EV_CLOCK_OFFSET:
2789 hci_clock_offset_evt(hdev, skb);
2792 case HCI_EV_PKT_TYPE_CHANGE:
2793 hci_pkt_type_change_evt(hdev, skb);
2796 case HCI_EV_PSCAN_REP_MODE:
2797 hci_pscan_rep_mode_evt(hdev, skb);
2800 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
2801 hci_inquiry_result_with_rssi_evt(hdev, skb);
2804 case HCI_EV_REMOTE_EXT_FEATURES:
2805 hci_remote_ext_features_evt(hdev, skb);
2808 case HCI_EV_SYNC_CONN_COMPLETE:
2809 hci_sync_conn_complete_evt(hdev, skb);
2812 case HCI_EV_SYNC_CONN_CHANGED:
2813 hci_sync_conn_changed_evt(hdev, skb);
2816 case HCI_EV_SNIFF_SUBRATE:
2817 hci_sniff_subrate_evt(hdev, skb);
2820 case HCI_EV_EXTENDED_INQUIRY_RESULT:
2821 hci_extended_inquiry_result_evt(hdev, skb);
2824 case HCI_EV_IO_CAPA_REQUEST:
2825 hci_io_capa_request_evt(hdev, skb);
2828 case HCI_EV_IO_CAPA_REPLY:
2829 hci_io_capa_reply_evt(hdev, skb);
2832 case HCI_EV_USER_CONFIRM_REQUEST:
2833 hci_user_confirm_request_evt(hdev, skb);
2836 case HCI_EV_SIMPLE_PAIR_COMPLETE:
2837 hci_simple_pair_complete_evt(hdev, skb);
2840 case HCI_EV_REMOTE_HOST_FEATURES:
2841 hci_remote_host_features_evt(hdev, skb);
2844 case HCI_EV_LE_META:
2845 hci_le_meta_evt(hdev, skb);
2848 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
2849 hci_remote_oob_data_request_evt(hdev, skb);
2853 BT_DBG("%s event 0x%x", hdev->name, event);
2858 hdev->stat.evt_rx++;
2861 /* Generate internal stack event */
2862 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
2864 struct hci_event_hdr *hdr;
2865 struct hci_ev_stack_internal *ev;
2866 struct sk_buff *skb;
2868 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
2872 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
2873 hdr->evt = HCI_EV_STACK_INTERNAL;
2874 hdr->plen = sizeof(*ev) + dlen;
2876 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
2878 memcpy(ev->data, data, dlen);
2880 bt_cb(skb)->incoming = 1;
2881 __net_timestamp(skb);
2883 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
2884 skb->dev = (void *) hdev;
2885 hci_send_to_sock(hdev, skb, NULL);
projects / librecmc / linux-libre.git / blob