2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
48 /* Handle HCI Event packets */
50 static void hci_cc_inquiry_cancel(struct hci_dev
*hdev
, struct sk_buff
*skb
)
52 __u8 status
= *((__u8
*) skb
->data
);
54 BT_DBG("%s status 0x%x", hdev
->name
, status
);
59 if (test_bit(HCI_MGMT
, &hdev
->flags
) &&
60 test_and_clear_bit(HCI_INQUIRY
, &hdev
->flags
))
61 mgmt_discovering(hdev
->id
, 0);
63 hci_req_complete(hdev
, HCI_OP_INQUIRY_CANCEL
, status
);
65 hci_conn_check_pending(hdev
);
68 static void hci_cc_exit_periodic_inq(struct hci_dev
*hdev
, struct sk_buff
*skb
)
70 __u8 status
= *((__u8
*) skb
->data
);
72 BT_DBG("%s status 0x%x", hdev
->name
, status
);
77 if (test_bit(HCI_MGMT
, &hdev
->flags
) &&
78 test_and_clear_bit(HCI_INQUIRY
, &hdev
->flags
))
79 mgmt_discovering(hdev
->id
, 0);
81 hci_conn_check_pending(hdev
);
84 static void hci_cc_remote_name_req_cancel(struct hci_dev
*hdev
, struct sk_buff
*skb
)
86 BT_DBG("%s", hdev
->name
);
89 static void hci_cc_role_discovery(struct hci_dev
*hdev
, struct sk_buff
*skb
)
91 struct hci_rp_role_discovery
*rp
= (void *) skb
->data
;
92 struct hci_conn
*conn
;
94 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
101 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
104 conn
->link_mode
&= ~HCI_LM_MASTER
;
106 conn
->link_mode
|= HCI_LM_MASTER
;
109 hci_dev_unlock(hdev
);
112 static void hci_cc_read_link_policy(struct hci_dev
*hdev
, struct sk_buff
*skb
)
114 struct hci_rp_read_link_policy
*rp
= (void *) skb
->data
;
115 struct hci_conn
*conn
;
117 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
124 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
126 conn
->link_policy
= __le16_to_cpu(rp
->policy
);
128 hci_dev_unlock(hdev
);
131 static void hci_cc_write_link_policy(struct hci_dev
*hdev
, struct sk_buff
*skb
)
133 struct hci_rp_write_link_policy
*rp
= (void *) skb
->data
;
134 struct hci_conn
*conn
;
137 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
142 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_LINK_POLICY
);
148 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
150 conn
->link_policy
= get_unaligned_le16(sent
+ 2);
152 hci_dev_unlock(hdev
);
155 static void hci_cc_read_def_link_policy(struct hci_dev
*hdev
, struct sk_buff
*skb
)
157 struct hci_rp_read_def_link_policy
*rp
= (void *) skb
->data
;
159 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
164 hdev
->link_policy
= __le16_to_cpu(rp
->policy
);
167 static void hci_cc_write_def_link_policy(struct hci_dev
*hdev
, struct sk_buff
*skb
)
169 __u8 status
= *((__u8
*) skb
->data
);
172 BT_DBG("%s status 0x%x", hdev
->name
, status
);
174 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_DEF_LINK_POLICY
);
179 hdev
->link_policy
= get_unaligned_le16(sent
);
181 hci_req_complete(hdev
, HCI_OP_WRITE_DEF_LINK_POLICY
, status
);
184 static void hci_cc_reset(struct hci_dev
*hdev
, struct sk_buff
*skb
)
186 __u8 status
= *((__u8
*) skb
->data
);
188 BT_DBG("%s status 0x%x", hdev
->name
, status
);
190 clear_bit(HCI_RESET
, &hdev
->flags
);
192 hci_req_complete(hdev
, HCI_OP_RESET
, status
);
195 static void hci_cc_write_local_name(struct hci_dev
*hdev
, struct sk_buff
*skb
)
197 __u8 status
= *((__u8
*) skb
->data
);
200 BT_DBG("%s status 0x%x", hdev
->name
, status
);
202 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_LOCAL_NAME
);
206 if (test_bit(HCI_MGMT
, &hdev
->flags
))
207 mgmt_set_local_name_complete(hdev
->id
, sent
, status
);
212 memcpy(hdev
->dev_name
, sent
, HCI_MAX_NAME_LENGTH
);
215 static void hci_cc_read_local_name(struct hci_dev
*hdev
, struct sk_buff
*skb
)
217 struct hci_rp_read_local_name
*rp
= (void *) skb
->data
;
219 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
224 memcpy(hdev
->dev_name
, rp
->name
, HCI_MAX_NAME_LENGTH
);
227 static void hci_cc_write_auth_enable(struct hci_dev
*hdev
, struct sk_buff
*skb
)
229 __u8 status
= *((__u8
*) skb
->data
);
232 BT_DBG("%s status 0x%x", hdev
->name
, status
);
234 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_AUTH_ENABLE
);
239 __u8 param
= *((__u8
*) sent
);
241 if (param
== AUTH_ENABLED
)
242 set_bit(HCI_AUTH
, &hdev
->flags
);
244 clear_bit(HCI_AUTH
, &hdev
->flags
);
247 hci_req_complete(hdev
, HCI_OP_WRITE_AUTH_ENABLE
, status
);
250 static void hci_cc_write_encrypt_mode(struct hci_dev
*hdev
, struct sk_buff
*skb
)
252 __u8 status
= *((__u8
*) skb
->data
);
255 BT_DBG("%s status 0x%x", hdev
->name
, status
);
257 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_ENCRYPT_MODE
);
262 __u8 param
= *((__u8
*) sent
);
265 set_bit(HCI_ENCRYPT
, &hdev
->flags
);
267 clear_bit(HCI_ENCRYPT
, &hdev
->flags
);
270 hci_req_complete(hdev
, HCI_OP_WRITE_ENCRYPT_MODE
, status
);
273 static void hci_cc_write_scan_enable(struct hci_dev
*hdev
, struct sk_buff
*skb
)
275 __u8 status
= *((__u8
*) skb
->data
);
278 BT_DBG("%s status 0x%x", hdev
->name
, status
);
280 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_SCAN_ENABLE
);
285 __u8 param
= *((__u8
*) sent
);
286 int old_pscan
, old_iscan
;
288 old_pscan
= test_and_clear_bit(HCI_PSCAN
, &hdev
->flags
);
289 old_iscan
= test_and_clear_bit(HCI_ISCAN
, &hdev
->flags
);
291 if (param
& SCAN_INQUIRY
) {
292 set_bit(HCI_ISCAN
, &hdev
->flags
);
294 mgmt_discoverable(hdev
->id
, 1);
295 } else if (old_iscan
)
296 mgmt_discoverable(hdev
->id
, 0);
298 if (param
& SCAN_PAGE
) {
299 set_bit(HCI_PSCAN
, &hdev
->flags
);
301 mgmt_connectable(hdev
->id
, 1);
302 } else if (old_pscan
)
303 mgmt_connectable(hdev
->id
, 0);
306 hci_req_complete(hdev
, HCI_OP_WRITE_SCAN_ENABLE
, status
);
309 static void hci_cc_read_class_of_dev(struct hci_dev
*hdev
, struct sk_buff
*skb
)
311 struct hci_rp_read_class_of_dev
*rp
= (void *) skb
->data
;
313 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
318 memcpy(hdev
->dev_class
, rp
->dev_class
, 3);
320 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev
->name
,
321 hdev
->dev_class
[2], hdev
->dev_class
[1], hdev
->dev_class
[0]);
324 static void hci_cc_write_class_of_dev(struct hci_dev
*hdev
, struct sk_buff
*skb
)
326 __u8 status
= *((__u8
*) skb
->data
);
329 BT_DBG("%s status 0x%x", hdev
->name
, status
);
334 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_CLASS_OF_DEV
);
338 memcpy(hdev
->dev_class
, sent
, 3);
341 static void hci_cc_read_voice_setting(struct hci_dev
*hdev
, struct sk_buff
*skb
)
343 struct hci_rp_read_voice_setting
*rp
= (void *) skb
->data
;
346 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
351 setting
= __le16_to_cpu(rp
->voice_setting
);
353 if (hdev
->voice_setting
== setting
)
356 hdev
->voice_setting
= setting
;
358 BT_DBG("%s voice setting 0x%04x", hdev
->name
, setting
);
361 tasklet_disable(&hdev
->tx_task
);
362 hdev
->notify(hdev
, HCI_NOTIFY_VOICE_SETTING
);
363 tasklet_enable(&hdev
->tx_task
);
367 static void hci_cc_write_voice_setting(struct hci_dev
*hdev
, struct sk_buff
*skb
)
369 __u8 status
= *((__u8
*) skb
->data
);
373 BT_DBG("%s status 0x%x", hdev
->name
, status
);
378 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_VOICE_SETTING
);
382 setting
= get_unaligned_le16(sent
);
384 if (hdev
->voice_setting
== setting
)
387 hdev
->voice_setting
= setting
;
389 BT_DBG("%s voice setting 0x%04x", hdev
->name
, setting
);
392 tasklet_disable(&hdev
->tx_task
);
393 hdev
->notify(hdev
, HCI_NOTIFY_VOICE_SETTING
);
394 tasklet_enable(&hdev
->tx_task
);
398 static void hci_cc_host_buffer_size(struct hci_dev
*hdev
, struct sk_buff
*skb
)
400 __u8 status
= *((__u8
*) skb
->data
);
402 BT_DBG("%s status 0x%x", hdev
->name
, status
);
404 hci_req_complete(hdev
, HCI_OP_HOST_BUFFER_SIZE
, status
);
407 static void hci_cc_read_ssp_mode(struct hci_dev
*hdev
, struct sk_buff
*skb
)
409 struct hci_rp_read_ssp_mode
*rp
= (void *) skb
->data
;
411 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
416 hdev
->ssp_mode
= rp
->mode
;
419 static void hci_cc_write_ssp_mode(struct hci_dev
*hdev
, struct sk_buff
*skb
)
421 __u8 status
= *((__u8
*) skb
->data
);
424 BT_DBG("%s status 0x%x", hdev
->name
, status
);
429 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_SSP_MODE
);
433 hdev
->ssp_mode
= *((__u8
*) sent
);
436 static u8
hci_get_inquiry_mode(struct hci_dev
*hdev
)
438 if (hdev
->features
[6] & LMP_EXT_INQ
)
441 if (hdev
->features
[3] & LMP_RSSI_INQ
)
444 if (hdev
->manufacturer
== 11 && hdev
->hci_rev
== 0x00 &&
445 hdev
->lmp_subver
== 0x0757)
448 if (hdev
->manufacturer
== 15) {
449 if (hdev
->hci_rev
== 0x03 && hdev
->lmp_subver
== 0x6963)
451 if (hdev
->hci_rev
== 0x09 && hdev
->lmp_subver
== 0x6963)
453 if (hdev
->hci_rev
== 0x00 && hdev
->lmp_subver
== 0x6965)
457 if (hdev
->manufacturer
== 31 && hdev
->hci_rev
== 0x2005 &&
458 hdev
->lmp_subver
== 0x1805)
464 static void hci_setup_inquiry_mode(struct hci_dev
*hdev
)
468 mode
= hci_get_inquiry_mode(hdev
);
470 hci_send_cmd(hdev
, HCI_OP_WRITE_INQUIRY_MODE
, 1, &mode
);
473 static void hci_setup_event_mask(struct hci_dev
*hdev
)
475 /* The second byte is 0xff instead of 0x9f (two reserved bits
476 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
477 * command otherwise */
478 u8 events
[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
480 /* Events for 1.2 and newer controllers */
481 if (hdev
->lmp_ver
> 1) {
482 events
[4] |= 0x01; /* Flow Specification Complete */
483 events
[4] |= 0x02; /* Inquiry Result with RSSI */
484 events
[4] |= 0x04; /* Read Remote Extended Features Complete */
485 events
[5] |= 0x08; /* Synchronous Connection Complete */
486 events
[5] |= 0x10; /* Synchronous Connection Changed */
489 if (hdev
->features
[3] & LMP_RSSI_INQ
)
490 events
[4] |= 0x04; /* Inquiry Result with RSSI */
492 if (hdev
->features
[5] & LMP_SNIFF_SUBR
)
493 events
[5] |= 0x20; /* Sniff Subrating */
495 if (hdev
->features
[5] & LMP_PAUSE_ENC
)
496 events
[5] |= 0x80; /* Encryption Key Refresh Complete */
498 if (hdev
->features
[6] & LMP_EXT_INQ
)
499 events
[5] |= 0x40; /* Extended Inquiry Result */
501 if (hdev
->features
[6] & LMP_NO_FLUSH
)
502 events
[7] |= 0x01; /* Enhanced Flush Complete */
504 if (hdev
->features
[7] & LMP_LSTO
)
505 events
[6] |= 0x80; /* Link Supervision Timeout Changed */
507 if (hdev
->features
[6] & LMP_SIMPLE_PAIR
) {
508 events
[6] |= 0x01; /* IO Capability Request */
509 events
[6] |= 0x02; /* IO Capability Response */
510 events
[6] |= 0x04; /* User Confirmation Request */
511 events
[6] |= 0x08; /* User Passkey Request */
512 events
[6] |= 0x10; /* Remote OOB Data Request */
513 events
[6] |= 0x20; /* Simple Pairing Complete */
514 events
[7] |= 0x04; /* User Passkey Notification */
515 events
[7] |= 0x08; /* Keypress Notification */
516 events
[7] |= 0x10; /* Remote Host Supported
517 * Features Notification */
520 if (hdev
->features
[4] & LMP_LE
)
521 events
[7] |= 0x20; /* LE Meta-Event */
523 hci_send_cmd(hdev
, HCI_OP_SET_EVENT_MASK
, sizeof(events
), events
);
526 static void hci_setup(struct hci_dev
*hdev
)
528 hci_setup_event_mask(hdev
);
530 if (hdev
->lmp_ver
> 1)
531 hci_send_cmd(hdev
, HCI_OP_READ_LOCAL_COMMANDS
, 0, NULL
);
533 if (hdev
->features
[6] & LMP_SIMPLE_PAIR
) {
535 hci_send_cmd(hdev
, HCI_OP_WRITE_SSP_MODE
, sizeof(mode
), &mode
);
538 if (hdev
->features
[3] & LMP_RSSI_INQ
)
539 hci_setup_inquiry_mode(hdev
);
541 if (hdev
->features
[7] & LMP_INQ_TX_PWR
)
542 hci_send_cmd(hdev
, HCI_OP_READ_INQ_RSP_TX_POWER
, 0, NULL
);
545 static void hci_cc_read_local_version(struct hci_dev
*hdev
, struct sk_buff
*skb
)
547 struct hci_rp_read_local_version
*rp
= (void *) skb
->data
;
549 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
554 hdev
->hci_ver
= rp
->hci_ver
;
555 hdev
->hci_rev
= __le16_to_cpu(rp
->hci_rev
);
556 hdev
->lmp_ver
= rp
->lmp_ver
;
557 hdev
->manufacturer
= __le16_to_cpu(rp
->manufacturer
);
558 hdev
->lmp_subver
= __le16_to_cpu(rp
->lmp_subver
);
560 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev
->name
,
562 hdev
->hci_ver
, hdev
->hci_rev
);
564 if (test_bit(HCI_INIT
, &hdev
->flags
))
568 static void hci_setup_link_policy(struct hci_dev
*hdev
)
572 if (hdev
->features
[0] & LMP_RSWITCH
)
573 link_policy
|= HCI_LP_RSWITCH
;
574 if (hdev
->features
[0] & LMP_HOLD
)
575 link_policy
|= HCI_LP_HOLD
;
576 if (hdev
->features
[0] & LMP_SNIFF
)
577 link_policy
|= HCI_LP_SNIFF
;
578 if (hdev
->features
[1] & LMP_PARK
)
579 link_policy
|= HCI_LP_PARK
;
581 link_policy
= cpu_to_le16(link_policy
);
582 hci_send_cmd(hdev
, HCI_OP_WRITE_DEF_LINK_POLICY
,
583 sizeof(link_policy
), &link_policy
);
586 static void hci_cc_read_local_commands(struct hci_dev
*hdev
, struct sk_buff
*skb
)
588 struct hci_rp_read_local_commands
*rp
= (void *) skb
->data
;
590 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
595 memcpy(hdev
->commands
, rp
->commands
, sizeof(hdev
->commands
));
597 if (test_bit(HCI_INIT
, &hdev
->flags
) && (hdev
->commands
[5] & 0x10))
598 hci_setup_link_policy(hdev
);
601 hci_req_complete(hdev
, HCI_OP_READ_LOCAL_COMMANDS
, rp
->status
);
604 static void hci_cc_read_local_features(struct hci_dev
*hdev
, struct sk_buff
*skb
)
606 struct hci_rp_read_local_features
*rp
= (void *) skb
->data
;
608 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
613 memcpy(hdev
->features
, rp
->features
, 8);
615 /* Adjust default settings according to features
616 * supported by device. */
618 if (hdev
->features
[0] & LMP_3SLOT
)
619 hdev
->pkt_type
|= (HCI_DM3
| HCI_DH3
);
621 if (hdev
->features
[0] & LMP_5SLOT
)
622 hdev
->pkt_type
|= (HCI_DM5
| HCI_DH5
);
624 if (hdev
->features
[1] & LMP_HV2
) {
625 hdev
->pkt_type
|= (HCI_HV2
);
626 hdev
->esco_type
|= (ESCO_HV2
);
629 if (hdev
->features
[1] & LMP_HV3
) {
630 hdev
->pkt_type
|= (HCI_HV3
);
631 hdev
->esco_type
|= (ESCO_HV3
);
634 if (hdev
->features
[3] & LMP_ESCO
)
635 hdev
->esco_type
|= (ESCO_EV3
);
637 if (hdev
->features
[4] & LMP_EV4
)
638 hdev
->esco_type
|= (ESCO_EV4
);
640 if (hdev
->features
[4] & LMP_EV5
)
641 hdev
->esco_type
|= (ESCO_EV5
);
643 if (hdev
->features
[5] & LMP_EDR_ESCO_2M
)
644 hdev
->esco_type
|= (ESCO_2EV3
);
646 if (hdev
->features
[5] & LMP_EDR_ESCO_3M
)
647 hdev
->esco_type
|= (ESCO_3EV3
);
649 if (hdev
->features
[5] & LMP_EDR_3S_ESCO
)
650 hdev
->esco_type
|= (ESCO_2EV5
| ESCO_3EV5
);
652 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev
->name
,
653 hdev
->features
[0], hdev
->features
[1],
654 hdev
->features
[2], hdev
->features
[3],
655 hdev
->features
[4], hdev
->features
[5],
656 hdev
->features
[6], hdev
->features
[7]);
659 static void hci_cc_read_buffer_size(struct hci_dev
*hdev
, struct sk_buff
*skb
)
661 struct hci_rp_read_buffer_size
*rp
= (void *) skb
->data
;
663 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
668 hdev
->acl_mtu
= __le16_to_cpu(rp
->acl_mtu
);
669 hdev
->sco_mtu
= rp
->sco_mtu
;
670 hdev
->acl_pkts
= __le16_to_cpu(rp
->acl_max_pkt
);
671 hdev
->sco_pkts
= __le16_to_cpu(rp
->sco_max_pkt
);
673 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE
, &hdev
->quirks
)) {
678 hdev
->acl_cnt
= hdev
->acl_pkts
;
679 hdev
->sco_cnt
= hdev
->sco_pkts
;
681 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev
->name
,
682 hdev
->acl_mtu
, hdev
->acl_pkts
,
683 hdev
->sco_mtu
, hdev
->sco_pkts
);
686 static void hci_cc_read_bd_addr(struct hci_dev
*hdev
, struct sk_buff
*skb
)
688 struct hci_rp_read_bd_addr
*rp
= (void *) skb
->data
;
690 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
693 bacpy(&hdev
->bdaddr
, &rp
->bdaddr
);
695 hci_req_complete(hdev
, HCI_OP_READ_BD_ADDR
, rp
->status
);
698 static void hci_cc_write_ca_timeout(struct hci_dev
*hdev
, struct sk_buff
*skb
)
700 __u8 status
= *((__u8
*) skb
->data
);
702 BT_DBG("%s status 0x%x", hdev
->name
, status
);
704 hci_req_complete(hdev
, HCI_OP_WRITE_CA_TIMEOUT
, status
);
707 static void hci_cc_delete_stored_link_key(struct hci_dev
*hdev
,
710 __u8 status
= *((__u8
*) skb
->data
);
712 BT_DBG("%s status 0x%x", hdev
->name
, status
);
714 hci_req_complete(hdev
, HCI_OP_DELETE_STORED_LINK_KEY
, status
);
717 static void hci_cc_set_event_mask(struct hci_dev
*hdev
, struct sk_buff
*skb
)
719 __u8 status
= *((__u8
*) skb
->data
);
721 BT_DBG("%s status 0x%x", hdev
->name
, status
);
723 hci_req_complete(hdev
, HCI_OP_SET_EVENT_MASK
, status
);
726 static void hci_cc_write_inquiry_mode(struct hci_dev
*hdev
,
729 __u8 status
= *((__u8
*) skb
->data
);
731 BT_DBG("%s status 0x%x", hdev
->name
, status
);
733 hci_req_complete(hdev
, HCI_OP_WRITE_INQUIRY_MODE
, status
);
736 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev
*hdev
,
739 __u8 status
= *((__u8
*) skb
->data
);
741 BT_DBG("%s status 0x%x", hdev
->name
, status
);
743 hci_req_complete(hdev
, HCI_OP_READ_INQ_RSP_TX_POWER
, status
);
746 static void hci_cc_set_event_flt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
748 __u8 status
= *((__u8
*) skb
->data
);
750 BT_DBG("%s status 0x%x", hdev
->name
, status
);
752 hci_req_complete(hdev
, HCI_OP_SET_EVENT_FLT
, status
);
755 static void hci_cc_pin_code_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
757 struct hci_rp_pin_code_reply
*rp
= (void *) skb
->data
;
758 struct hci_cp_pin_code_reply
*cp
;
759 struct hci_conn
*conn
;
761 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
763 if (test_bit(HCI_MGMT
, &hdev
->flags
))
764 mgmt_pin_code_reply_complete(hdev
->id
, &rp
->bdaddr
, rp
->status
);
769 cp
= hci_sent_cmd_data(hdev
, HCI_OP_PIN_CODE_REPLY
);
773 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->bdaddr
);
775 conn
->pin_length
= cp
->pin_len
;
778 static void hci_cc_pin_code_neg_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
780 struct hci_rp_pin_code_neg_reply
*rp
= (void *) skb
->data
;
782 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
784 if (test_bit(HCI_MGMT
, &hdev
->flags
))
785 mgmt_pin_code_neg_reply_complete(hdev
->id
, &rp
->bdaddr
,
788 static void hci_cc_le_read_buffer_size(struct hci_dev
*hdev
,
791 struct hci_rp_le_read_buffer_size
*rp
= (void *) skb
->data
;
793 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
798 hdev
->le_mtu
= __le16_to_cpu(rp
->le_mtu
);
799 hdev
->le_pkts
= rp
->le_max_pkt
;
801 hdev
->le_cnt
= hdev
->le_pkts
;
803 BT_DBG("%s le mtu %d:%d", hdev
->name
, hdev
->le_mtu
, hdev
->le_pkts
);
805 hci_req_complete(hdev
, HCI_OP_LE_READ_BUFFER_SIZE
, rp
->status
);
808 static void hci_cc_user_confirm_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
810 struct hci_rp_user_confirm_reply
*rp
= (void *) skb
->data
;
812 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
814 if (test_bit(HCI_MGMT
, &hdev
->flags
))
815 mgmt_user_confirm_reply_complete(hdev
->id
, &rp
->bdaddr
,
819 static void hci_cc_user_confirm_neg_reply(struct hci_dev
*hdev
,
822 struct hci_rp_user_confirm_reply
*rp
= (void *) skb
->data
;
824 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
826 if (test_bit(HCI_MGMT
, &hdev
->flags
))
827 mgmt_user_confirm_neg_reply_complete(hdev
->id
, &rp
->bdaddr
,
831 static void hci_cc_read_local_oob_data_reply(struct hci_dev
*hdev
,
834 struct hci_rp_read_local_oob_data
*rp
= (void *) skb
->data
;
836 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
838 mgmt_read_local_oob_data_reply_complete(hdev
->id
, rp
->hash
,
839 rp
->randomizer
, rp
->status
);
842 static inline void hci_cs_inquiry(struct hci_dev
*hdev
, __u8 status
)
844 BT_DBG("%s status 0x%x", hdev
->name
, status
);
847 hci_req_complete(hdev
, HCI_OP_INQUIRY
, status
);
848 hci_conn_check_pending(hdev
);
852 if (test_bit(HCI_MGMT
, &hdev
->flags
) &&
853 !test_and_set_bit(HCI_INQUIRY
,
855 mgmt_discovering(hdev
->id
, 1);
858 static inline void hci_cs_create_conn(struct hci_dev
*hdev
, __u8 status
)
860 struct hci_cp_create_conn
*cp
;
861 struct hci_conn
*conn
;
863 BT_DBG("%s status 0x%x", hdev
->name
, status
);
865 cp
= hci_sent_cmd_data(hdev
, HCI_OP_CREATE_CONN
);
871 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->bdaddr
);
873 BT_DBG("%s bdaddr %s conn %p", hdev
->name
, batostr(&cp
->bdaddr
), conn
);
876 if (conn
&& conn
->state
== BT_CONNECT
) {
877 if (status
!= 0x0c || conn
->attempt
> 2) {
878 conn
->state
= BT_CLOSED
;
879 hci_proto_connect_cfm(conn
, status
);
882 conn
->state
= BT_CONNECT2
;
886 conn
= hci_conn_add(hdev
, ACL_LINK
, &cp
->bdaddr
);
889 conn
->link_mode
|= HCI_LM_MASTER
;
891 BT_ERR("No memory for new connection");
895 hci_dev_unlock(hdev
);
898 static void hci_cs_add_sco(struct hci_dev
*hdev
, __u8 status
)
900 struct hci_cp_add_sco
*cp
;
901 struct hci_conn
*acl
, *sco
;
904 BT_DBG("%s status 0x%x", hdev
->name
, status
);
909 cp
= hci_sent_cmd_data(hdev
, HCI_OP_ADD_SCO
);
913 handle
= __le16_to_cpu(cp
->handle
);
915 BT_DBG("%s handle %d", hdev
->name
, handle
);
919 acl
= hci_conn_hash_lookup_handle(hdev
, handle
);
923 sco
->state
= BT_CLOSED
;
925 hci_proto_connect_cfm(sco
, status
);
930 hci_dev_unlock(hdev
);
933 static void hci_cs_auth_requested(struct hci_dev
*hdev
, __u8 status
)
935 struct hci_cp_auth_requested
*cp
;
936 struct hci_conn
*conn
;
938 BT_DBG("%s status 0x%x", hdev
->name
, status
);
943 cp
= hci_sent_cmd_data(hdev
, HCI_OP_AUTH_REQUESTED
);
949 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
951 if (conn
->state
== BT_CONFIG
) {
952 hci_proto_connect_cfm(conn
, status
);
957 hci_dev_unlock(hdev
);
960 static void hci_cs_set_conn_encrypt(struct hci_dev
*hdev
, __u8 status
)
962 struct hci_cp_set_conn_encrypt
*cp
;
963 struct hci_conn
*conn
;
965 BT_DBG("%s status 0x%x", hdev
->name
, status
);
970 cp
= hci_sent_cmd_data(hdev
, HCI_OP_SET_CONN_ENCRYPT
);
976 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
978 if (conn
->state
== BT_CONFIG
) {
979 hci_proto_connect_cfm(conn
, status
);
984 hci_dev_unlock(hdev
);
987 static int hci_outgoing_auth_needed(struct hci_dev
*hdev
,
988 struct hci_conn
*conn
)
990 if (conn
->state
!= BT_CONFIG
|| !conn
->out
)
993 if (conn
->pending_sec_level
== BT_SECURITY_SDP
)
996 /* Only request authentication for SSP connections or non-SSP
997 * devices with sec_level HIGH */
998 if (!(hdev
->ssp_mode
> 0 && conn
->ssp_mode
> 0) &&
999 conn
->pending_sec_level
!= BT_SECURITY_HIGH
)
1005 static void hci_cs_remote_name_req(struct hci_dev
*hdev
, __u8 status
)
1007 struct hci_cp_remote_name_req
*cp
;
1008 struct hci_conn
*conn
;
1010 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1012 /* If successful wait for the name req complete event before
1013 * checking for the need to do authentication */
1017 cp
= hci_sent_cmd_data(hdev
, HCI_OP_REMOTE_NAME_REQ
);
1023 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->bdaddr
);
1024 if (conn
&& hci_outgoing_auth_needed(hdev
, conn
)) {
1025 struct hci_cp_auth_requested cp
;
1026 cp
.handle
= __cpu_to_le16(conn
->handle
);
1027 hci_send_cmd(hdev
, HCI_OP_AUTH_REQUESTED
, sizeof(cp
), &cp
);
1030 hci_dev_unlock(hdev
);
1033 static void hci_cs_read_remote_features(struct hci_dev
*hdev
, __u8 status
)
1035 struct hci_cp_read_remote_features
*cp
;
1036 struct hci_conn
*conn
;
1038 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1043 cp
= hci_sent_cmd_data(hdev
, HCI_OP_READ_REMOTE_FEATURES
);
1049 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1051 if (conn
->state
== BT_CONFIG
) {
1052 hci_proto_connect_cfm(conn
, status
);
1057 hci_dev_unlock(hdev
);
1060 static void hci_cs_read_remote_ext_features(struct hci_dev
*hdev
, __u8 status
)
1062 struct hci_cp_read_remote_ext_features
*cp
;
1063 struct hci_conn
*conn
;
1065 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1070 cp
= hci_sent_cmd_data(hdev
, HCI_OP_READ_REMOTE_EXT_FEATURES
);
1076 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1078 if (conn
->state
== BT_CONFIG
) {
1079 hci_proto_connect_cfm(conn
, status
);
1084 hci_dev_unlock(hdev
);
1087 static void hci_cs_setup_sync_conn(struct hci_dev
*hdev
, __u8 status
)
1089 struct hci_cp_setup_sync_conn
*cp
;
1090 struct hci_conn
*acl
, *sco
;
1093 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1098 cp
= hci_sent_cmd_data(hdev
, HCI_OP_SETUP_SYNC_CONN
);
1102 handle
= __le16_to_cpu(cp
->handle
);
1104 BT_DBG("%s handle %d", hdev
->name
, handle
);
1108 acl
= hci_conn_hash_lookup_handle(hdev
, handle
);
1112 sco
->state
= BT_CLOSED
;
1114 hci_proto_connect_cfm(sco
, status
);
1119 hci_dev_unlock(hdev
);
1122 static void hci_cs_sniff_mode(struct hci_dev
*hdev
, __u8 status
)
1124 struct hci_cp_sniff_mode
*cp
;
1125 struct hci_conn
*conn
;
1127 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1132 cp
= hci_sent_cmd_data(hdev
, HCI_OP_SNIFF_MODE
);
1138 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1140 clear_bit(HCI_CONN_MODE_CHANGE_PEND
, &conn
->pend
);
1142 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND
, &conn
->pend
))
1143 hci_sco_setup(conn
, status
);
1146 hci_dev_unlock(hdev
);
1149 static void hci_cs_exit_sniff_mode(struct hci_dev
*hdev
, __u8 status
)
1151 struct hci_cp_exit_sniff_mode
*cp
;
1152 struct hci_conn
*conn
;
1154 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1159 cp
= hci_sent_cmd_data(hdev
, HCI_OP_EXIT_SNIFF_MODE
);
1165 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1167 clear_bit(HCI_CONN_MODE_CHANGE_PEND
, &conn
->pend
);
1169 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND
, &conn
->pend
))
1170 hci_sco_setup(conn
, status
);
1173 hci_dev_unlock(hdev
);
1176 static void hci_cs_le_create_conn(struct hci_dev
*hdev
, __u8 status
)
1178 struct hci_cp_le_create_conn
*cp
;
1179 struct hci_conn
*conn
;
1181 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1183 cp
= hci_sent_cmd_data(hdev
, HCI_OP_LE_CREATE_CONN
);
1189 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, &cp
->peer_addr
);
1191 BT_DBG("%s bdaddr %s conn %p", hdev
->name
, batostr(&cp
->peer_addr
),
1195 if (conn
&& conn
->state
== BT_CONNECT
) {
1196 conn
->state
= BT_CLOSED
;
1197 hci_proto_connect_cfm(conn
, status
);
1202 conn
= hci_conn_add(hdev
, LE_LINK
, &cp
->peer_addr
);
1206 BT_ERR("No memory for new connection");
1210 hci_dev_unlock(hdev
);
1213 static inline void hci_inquiry_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1215 __u8 status
= *((__u8
*) skb
->data
);
1217 BT_DBG("%s status %d", hdev
->name
, status
);
1219 if (test_bit(HCI_MGMT
, &hdev
->flags
) &&
1220 test_and_clear_bit(HCI_INQUIRY
, &hdev
->flags
))
1221 mgmt_discovering(hdev
->id
, 0);
1223 hci_req_complete(hdev
, HCI_OP_INQUIRY
, status
);
1225 hci_conn_check_pending(hdev
);
1228 static inline void hci_inquiry_result_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1230 struct inquiry_data data
;
1231 struct inquiry_info
*info
= (void *) (skb
->data
+ 1);
1232 int num_rsp
= *((__u8
*) skb
->data
);
1234 BT_DBG("%s num_rsp %d", hdev
->name
, num_rsp
);
1241 if (!test_and_set_bit(HCI_INQUIRY
, &hdev
->flags
)) {
1243 if (test_bit(HCI_MGMT
, &hdev
->flags
))
1244 mgmt_discovering(hdev
->id
, 1);
1247 for (; num_rsp
; num_rsp
--, info
++) {
1248 bacpy(&data
.bdaddr
, &info
->bdaddr
);
1249 data
.pscan_rep_mode
= info
->pscan_rep_mode
;
1250 data
.pscan_period_mode
= info
->pscan_period_mode
;
1251 data
.pscan_mode
= info
->pscan_mode
;
1252 memcpy(data
.dev_class
, info
->dev_class
, 3);
1253 data
.clock_offset
= info
->clock_offset
;
1255 data
.ssp_mode
= 0x00;
1256 hci_inquiry_cache_update(hdev
, &data
);
1257 mgmt_device_found(hdev
->id
, &info
->bdaddr
, info
->dev_class
, 0,
1261 hci_dev_unlock(hdev
);
1264 static inline void hci_conn_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1266 struct hci_ev_conn_complete
*ev
= (void *) skb
->data
;
1267 struct hci_conn
*conn
;
1269 BT_DBG("%s", hdev
->name
);
1273 conn
= hci_conn_hash_lookup_ba(hdev
, ev
->link_type
, &ev
->bdaddr
);
1275 if (ev
->link_type
!= SCO_LINK
)
1278 conn
= hci_conn_hash_lookup_ba(hdev
, ESCO_LINK
, &ev
->bdaddr
);
1282 conn
->type
= SCO_LINK
;
1286 conn
->handle
= __le16_to_cpu(ev
->handle
);
1288 if (conn
->type
== ACL_LINK
) {
1289 conn
->state
= BT_CONFIG
;
1290 hci_conn_hold(conn
);
1291 conn
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
1292 mgmt_connected(hdev
->id
, &ev
->bdaddr
);
1294 conn
->state
= BT_CONNECTED
;
1296 hci_conn_hold_device(conn
);
1297 hci_conn_add_sysfs(conn
);
1299 if (test_bit(HCI_AUTH
, &hdev
->flags
))
1300 conn
->link_mode
|= HCI_LM_AUTH
;
1302 if (test_bit(HCI_ENCRYPT
, &hdev
->flags
))
1303 conn
->link_mode
|= HCI_LM_ENCRYPT
;
1305 /* Get remote features */
1306 if (conn
->type
== ACL_LINK
) {
1307 struct hci_cp_read_remote_features cp
;
1308 cp
.handle
= ev
->handle
;
1309 hci_send_cmd(hdev
, HCI_OP_READ_REMOTE_FEATURES
,
1313 /* Set packet type for incoming connection */
1314 if (!conn
->out
&& hdev
->hci_ver
< 3) {
1315 struct hci_cp_change_conn_ptype cp
;
1316 cp
.handle
= ev
->handle
;
1317 cp
.pkt_type
= cpu_to_le16(conn
->pkt_type
);
1318 hci_send_cmd(hdev
, HCI_OP_CHANGE_CONN_PTYPE
,
1322 conn
->state
= BT_CLOSED
;
1323 if (conn
->type
== ACL_LINK
)
1324 mgmt_connect_failed(hdev
->id
, &ev
->bdaddr
, ev
->status
);
1327 if (conn
->type
== ACL_LINK
)
1328 hci_sco_setup(conn
, ev
->status
);
1331 hci_proto_connect_cfm(conn
, ev
->status
);
1333 } else if (ev
->link_type
!= ACL_LINK
)
1334 hci_proto_connect_cfm(conn
, ev
->status
);
1337 hci_dev_unlock(hdev
);
1339 hci_conn_check_pending(hdev
);
1342 static inline void hci_conn_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1344 struct hci_ev_conn_request
*ev
= (void *) skb
->data
;
1345 int mask
= hdev
->link_mode
;
1347 BT_DBG("%s bdaddr %s type 0x%x", hdev
->name
,
1348 batostr(&ev
->bdaddr
), ev
->link_type
);
1350 mask
|= hci_proto_connect_ind(hdev
, &ev
->bdaddr
, ev
->link_type
);
1352 if ((mask
& HCI_LM_ACCEPT
) &&
1353 !hci_blacklist_lookup(hdev
, &ev
->bdaddr
)) {
1354 /* Connection accepted */
1355 struct inquiry_entry
*ie
;
1356 struct hci_conn
*conn
;
1360 ie
= hci_inquiry_cache_lookup(hdev
, &ev
->bdaddr
);
1362 memcpy(ie
->data
.dev_class
, ev
->dev_class
, 3);
1364 conn
= hci_conn_hash_lookup_ba(hdev
, ev
->link_type
, &ev
->bdaddr
);
1366 conn
= hci_conn_add(hdev
, ev
->link_type
, &ev
->bdaddr
);
1368 BT_ERR("No memory for new connection");
1369 hci_dev_unlock(hdev
);
1374 memcpy(conn
->dev_class
, ev
->dev_class
, 3);
1375 conn
->state
= BT_CONNECT
;
1377 hci_dev_unlock(hdev
);
1379 if (ev
->link_type
== ACL_LINK
|| !lmp_esco_capable(hdev
)) {
1380 struct hci_cp_accept_conn_req cp
;
1382 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
1384 if (lmp_rswitch_capable(hdev
) && (mask
& HCI_LM_MASTER
))
1385 cp
.role
= 0x00; /* Become master */
1387 cp
.role
= 0x01; /* Remain slave */
1389 hci_send_cmd(hdev
, HCI_OP_ACCEPT_CONN_REQ
,
1392 struct hci_cp_accept_sync_conn_req cp
;
1394 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
1395 cp
.pkt_type
= cpu_to_le16(conn
->pkt_type
);
1397 cp
.tx_bandwidth
= cpu_to_le32(0x00001f40);
1398 cp
.rx_bandwidth
= cpu_to_le32(0x00001f40);
1399 cp
.max_latency
= cpu_to_le16(0xffff);
1400 cp
.content_format
= cpu_to_le16(hdev
->voice_setting
);
1401 cp
.retrans_effort
= 0xff;
1403 hci_send_cmd(hdev
, HCI_OP_ACCEPT_SYNC_CONN_REQ
,
1407 /* Connection rejected */
1408 struct hci_cp_reject_conn_req cp
;
1410 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
1412 hci_send_cmd(hdev
, HCI_OP_REJECT_CONN_REQ
, sizeof(cp
), &cp
);
1416 static inline void hci_disconn_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1418 struct hci_ev_disconn_complete
*ev
= (void *) skb
->data
;
1419 struct hci_conn
*conn
;
1421 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
1424 mgmt_disconnect_failed(hdev
->id
);
1430 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
1434 conn
->state
= BT_CLOSED
;
1436 if (conn
->type
== ACL_LINK
)
1437 mgmt_disconnected(hdev
->id
, &conn
->dst
);
1439 hci_proto_disconn_cfm(conn
, ev
->reason
);
1443 hci_dev_unlock(hdev
);
1446 static inline void hci_auth_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1448 struct hci_ev_auth_complete
*ev
= (void *) skb
->data
;
1449 struct hci_conn
*conn
;
1451 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
1455 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
1458 conn
->link_mode
|= HCI_LM_AUTH
;
1459 conn
->sec_level
= conn
->pending_sec_level
;
1461 mgmt_auth_failed(hdev
->id
, &conn
->dst
, ev
->status
);
1464 clear_bit(HCI_CONN_AUTH_PEND
, &conn
->pend
);
1466 if (conn
->state
== BT_CONFIG
) {
1467 if (!ev
->status
&& hdev
->ssp_mode
> 0 &&
1468 conn
->ssp_mode
> 0) {
1469 struct hci_cp_set_conn_encrypt cp
;
1470 cp
.handle
= ev
->handle
;
1472 hci_send_cmd(hdev
, HCI_OP_SET_CONN_ENCRYPT
,
1475 conn
->state
= BT_CONNECTED
;
1476 hci_proto_connect_cfm(conn
, ev
->status
);
1480 hci_auth_cfm(conn
, ev
->status
);
1482 hci_conn_hold(conn
);
1483 conn
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
1487 if (test_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->pend
)) {
1489 struct hci_cp_set_conn_encrypt cp
;
1490 cp
.handle
= ev
->handle
;
1492 hci_send_cmd(hdev
, HCI_OP_SET_CONN_ENCRYPT
,
1495 clear_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->pend
);
1496 hci_encrypt_cfm(conn
, ev
->status
, 0x00);
1501 hci_dev_unlock(hdev
);
1504 static inline void hci_remote_name_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1506 struct hci_ev_remote_name
*ev
= (void *) skb
->data
;
1507 struct hci_conn
*conn
;
1509 BT_DBG("%s", hdev
->name
);
1511 hci_conn_check_pending(hdev
);
1515 if (ev
->status
== 0 && test_bit(HCI_MGMT
, &hdev
->flags
))
1516 mgmt_remote_name(hdev
->id
, &ev
->bdaddr
, ev
->name
);
1518 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
1519 if (conn
&& hci_outgoing_auth_needed(hdev
, conn
)) {
1520 struct hci_cp_auth_requested cp
;
1521 cp
.handle
= __cpu_to_le16(conn
->handle
);
1522 hci_send_cmd(hdev
, HCI_OP_AUTH_REQUESTED
, sizeof(cp
), &cp
);
1525 hci_dev_unlock(hdev
);
1528 static inline void hci_encrypt_change_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1530 struct hci_ev_encrypt_change
*ev
= (void *) skb
->data
;
1531 struct hci_conn
*conn
;
1533 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
1537 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
1541 /* Encryption implies authentication */
1542 conn
->link_mode
|= HCI_LM_AUTH
;
1543 conn
->link_mode
|= HCI_LM_ENCRYPT
;
1545 conn
->link_mode
&= ~HCI_LM_ENCRYPT
;
1548 clear_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->pend
);
1550 if (conn
->state
== BT_CONFIG
) {
1552 conn
->state
= BT_CONNECTED
;
1554 hci_proto_connect_cfm(conn
, ev
->status
);
1557 hci_encrypt_cfm(conn
, ev
->status
, ev
->encrypt
);
1560 hci_dev_unlock(hdev
);
1563 static inline void hci_change_link_key_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1565 struct hci_ev_change_link_key_complete
*ev
= (void *) skb
->data
;
1566 struct hci_conn
*conn
;
1568 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
1572 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
1575 conn
->link_mode
|= HCI_LM_SECURE
;
1577 clear_bit(HCI_CONN_AUTH_PEND
, &conn
->pend
);
1579 hci_key_change_cfm(conn
, ev
->status
);
1582 hci_dev_unlock(hdev
);
1585 static inline void hci_remote_features_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1587 struct hci_ev_remote_features
*ev
= (void *) skb
->data
;
1588 struct hci_conn
*conn
;
1590 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
1594 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
1599 memcpy(conn
->features
, ev
->features
, 8);
1601 if (conn
->state
!= BT_CONFIG
)
1604 if (!ev
->status
&& lmp_ssp_capable(hdev
) && lmp_ssp_capable(conn
)) {
1605 struct hci_cp_read_remote_ext_features cp
;
1606 cp
.handle
= ev
->handle
;
1608 hci_send_cmd(hdev
, HCI_OP_READ_REMOTE_EXT_FEATURES
,
1614 struct hci_cp_remote_name_req cp
;
1615 memset(&cp
, 0, sizeof(cp
));
1616 bacpy(&cp
.bdaddr
, &conn
->dst
);
1617 cp
.pscan_rep_mode
= 0x02;
1618 hci_send_cmd(hdev
, HCI_OP_REMOTE_NAME_REQ
, sizeof(cp
), &cp
);
1621 if (!hci_outgoing_auth_needed(hdev
, conn
)) {
1622 conn
->state
= BT_CONNECTED
;
1623 hci_proto_connect_cfm(conn
, ev
->status
);
1628 hci_dev_unlock(hdev
);
1631 static inline void hci_remote_version_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1633 BT_DBG("%s", hdev
->name
);
1636 static inline void hci_qos_setup_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1638 BT_DBG("%s", hdev
->name
);
1641 static inline void hci_cmd_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1643 struct hci_ev_cmd_complete
*ev
= (void *) skb
->data
;
1646 skb_pull(skb
, sizeof(*ev
));
1648 opcode
= __le16_to_cpu(ev
->opcode
);
1651 case HCI_OP_INQUIRY_CANCEL
:
1652 hci_cc_inquiry_cancel(hdev
, skb
);
1655 case HCI_OP_EXIT_PERIODIC_INQ
:
1656 hci_cc_exit_periodic_inq(hdev
, skb
);
1659 case HCI_OP_REMOTE_NAME_REQ_CANCEL
:
1660 hci_cc_remote_name_req_cancel(hdev
, skb
);
1663 case HCI_OP_ROLE_DISCOVERY
:
1664 hci_cc_role_discovery(hdev
, skb
);
1667 case HCI_OP_READ_LINK_POLICY
:
1668 hci_cc_read_link_policy(hdev
, skb
);
1671 case HCI_OP_WRITE_LINK_POLICY
:
1672 hci_cc_write_link_policy(hdev
, skb
);
1675 case HCI_OP_READ_DEF_LINK_POLICY
:
1676 hci_cc_read_def_link_policy(hdev
, skb
);
1679 case HCI_OP_WRITE_DEF_LINK_POLICY
:
1680 hci_cc_write_def_link_policy(hdev
, skb
);
1684 hci_cc_reset(hdev
, skb
);
1687 case HCI_OP_WRITE_LOCAL_NAME
:
1688 hci_cc_write_local_name(hdev
, skb
);
1691 case HCI_OP_READ_LOCAL_NAME
:
1692 hci_cc_read_local_name(hdev
, skb
);
1695 case HCI_OP_WRITE_AUTH_ENABLE
:
1696 hci_cc_write_auth_enable(hdev
, skb
);
1699 case HCI_OP_WRITE_ENCRYPT_MODE
:
1700 hci_cc_write_encrypt_mode(hdev
, skb
);
1703 case HCI_OP_WRITE_SCAN_ENABLE
:
1704 hci_cc_write_scan_enable(hdev
, skb
);
1707 case HCI_OP_READ_CLASS_OF_DEV
:
1708 hci_cc_read_class_of_dev(hdev
, skb
);
1711 case HCI_OP_WRITE_CLASS_OF_DEV
:
1712 hci_cc_write_class_of_dev(hdev
, skb
);
1715 case HCI_OP_READ_VOICE_SETTING
:
1716 hci_cc_read_voice_setting(hdev
, skb
);
1719 case HCI_OP_WRITE_VOICE_SETTING
:
1720 hci_cc_write_voice_setting(hdev
, skb
);
1723 case HCI_OP_HOST_BUFFER_SIZE
:
1724 hci_cc_host_buffer_size(hdev
, skb
);
1727 case HCI_OP_READ_SSP_MODE
:
1728 hci_cc_read_ssp_mode(hdev
, skb
);
1731 case HCI_OP_WRITE_SSP_MODE
:
1732 hci_cc_write_ssp_mode(hdev
, skb
);
1735 case HCI_OP_READ_LOCAL_VERSION
:
1736 hci_cc_read_local_version(hdev
, skb
);
1739 case HCI_OP_READ_LOCAL_COMMANDS
:
1740 hci_cc_read_local_commands(hdev
, skb
);
1743 case HCI_OP_READ_LOCAL_FEATURES
:
1744 hci_cc_read_local_features(hdev
, skb
);
1747 case HCI_OP_READ_BUFFER_SIZE
:
1748 hci_cc_read_buffer_size(hdev
, skb
);
1751 case HCI_OP_READ_BD_ADDR
:
1752 hci_cc_read_bd_addr(hdev
, skb
);
1755 case HCI_OP_WRITE_CA_TIMEOUT
:
1756 hci_cc_write_ca_timeout(hdev
, skb
);
1759 case HCI_OP_DELETE_STORED_LINK_KEY
:
1760 hci_cc_delete_stored_link_key(hdev
, skb
);
1763 case HCI_OP_SET_EVENT_MASK
:
1764 hci_cc_set_event_mask(hdev
, skb
);
1767 case HCI_OP_WRITE_INQUIRY_MODE
:
1768 hci_cc_write_inquiry_mode(hdev
, skb
);
1771 case HCI_OP_READ_INQ_RSP_TX_POWER
:
1772 hci_cc_read_inq_rsp_tx_power(hdev
, skb
);
1775 case HCI_OP_SET_EVENT_FLT
:
1776 hci_cc_set_event_flt(hdev
, skb
);
1779 case HCI_OP_PIN_CODE_REPLY
:
1780 hci_cc_pin_code_reply(hdev
, skb
);
1783 case HCI_OP_PIN_CODE_NEG_REPLY
:
1784 hci_cc_pin_code_neg_reply(hdev
, skb
);
1787 case HCI_OP_READ_LOCAL_OOB_DATA
:
1788 hci_cc_read_local_oob_data_reply(hdev
, skb
);
1791 case HCI_OP_LE_READ_BUFFER_SIZE
:
1792 hci_cc_le_read_buffer_size(hdev
, skb
);
1795 case HCI_OP_USER_CONFIRM_REPLY
:
1796 hci_cc_user_confirm_reply(hdev
, skb
);
1799 case HCI_OP_USER_CONFIRM_NEG_REPLY
:
1800 hci_cc_user_confirm_neg_reply(hdev
, skb
);
1804 BT_DBG("%s opcode 0x%x", hdev
->name
, opcode
);
1808 if (ev
->opcode
!= HCI_OP_NOP
)
1809 del_timer(&hdev
->cmd_timer
);
1812 atomic_set(&hdev
->cmd_cnt
, 1);
1813 if (!skb_queue_empty(&hdev
->cmd_q
))
1814 tasklet_schedule(&hdev
->cmd_task
);
1818 static inline void hci_cmd_status_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1820 struct hci_ev_cmd_status
*ev
= (void *) skb
->data
;
1823 skb_pull(skb
, sizeof(*ev
));
1825 opcode
= __le16_to_cpu(ev
->opcode
);
1828 case HCI_OP_INQUIRY
:
1829 hci_cs_inquiry(hdev
, ev
->status
);
1832 case HCI_OP_CREATE_CONN
:
1833 hci_cs_create_conn(hdev
, ev
->status
);
1836 case HCI_OP_ADD_SCO
:
1837 hci_cs_add_sco(hdev
, ev
->status
);
1840 case HCI_OP_AUTH_REQUESTED
:
1841 hci_cs_auth_requested(hdev
, ev
->status
);
1844 case HCI_OP_SET_CONN_ENCRYPT
:
1845 hci_cs_set_conn_encrypt(hdev
, ev
->status
);
1848 case HCI_OP_REMOTE_NAME_REQ
:
1849 hci_cs_remote_name_req(hdev
, ev
->status
);
1852 case HCI_OP_READ_REMOTE_FEATURES
:
1853 hci_cs_read_remote_features(hdev
, ev
->status
);
1856 case HCI_OP_READ_REMOTE_EXT_FEATURES
:
1857 hci_cs_read_remote_ext_features(hdev
, ev
->status
);
1860 case HCI_OP_SETUP_SYNC_CONN
:
1861 hci_cs_setup_sync_conn(hdev
, ev
->status
);
1864 case HCI_OP_SNIFF_MODE
:
1865 hci_cs_sniff_mode(hdev
, ev
->status
);
1868 case HCI_OP_EXIT_SNIFF_MODE
:
1869 hci_cs_exit_sniff_mode(hdev
, ev
->status
);
1872 case HCI_OP_DISCONNECT
:
1873 if (ev
->status
!= 0)
1874 mgmt_disconnect_failed(hdev
->id
);
1877 case HCI_OP_LE_CREATE_CONN
:
1878 hci_cs_le_create_conn(hdev
, ev
->status
);
1882 BT_DBG("%s opcode 0x%x", hdev
->name
, opcode
);
1886 if (ev
->opcode
!= HCI_OP_NOP
)
1887 del_timer(&hdev
->cmd_timer
);
1889 if (ev
->ncmd
&& !test_bit(HCI_RESET
, &hdev
->flags
)) {
1890 atomic_set(&hdev
->cmd_cnt
, 1);
1891 if (!skb_queue_empty(&hdev
->cmd_q
))
1892 tasklet_schedule(&hdev
->cmd_task
);
1896 static inline void hci_role_change_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1898 struct hci_ev_role_change
*ev
= (void *) skb
->data
;
1899 struct hci_conn
*conn
;
1901 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
1905 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
1909 conn
->link_mode
&= ~HCI_LM_MASTER
;
1911 conn
->link_mode
|= HCI_LM_MASTER
;
1914 clear_bit(HCI_CONN_RSWITCH_PEND
, &conn
->pend
);
1916 hci_role_switch_cfm(conn
, ev
->status
, ev
->role
);
1919 hci_dev_unlock(hdev
);
1922 static inline void hci_num_comp_pkts_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1924 struct hci_ev_num_comp_pkts
*ev
= (void *) skb
->data
;
1928 skb_pull(skb
, sizeof(*ev
));
1930 BT_DBG("%s num_hndl %d", hdev
->name
, ev
->num_hndl
);
1932 if (skb
->len
< ev
->num_hndl
* 4) {
1933 BT_DBG("%s bad parameters", hdev
->name
);
1937 tasklet_disable(&hdev
->tx_task
);
1939 for (i
= 0, ptr
= (__le16
*) skb
->data
; i
< ev
->num_hndl
; i
++) {
1940 struct hci_conn
*conn
;
1941 __u16 handle
, count
;
1943 handle
= get_unaligned_le16(ptr
++);
1944 count
= get_unaligned_le16(ptr
++);
1946 conn
= hci_conn_hash_lookup_handle(hdev
, handle
);
1948 conn
->sent
-= count
;
1950 if (conn
->type
== ACL_LINK
) {
1951 hdev
->acl_cnt
+= count
;
1952 if (hdev
->acl_cnt
> hdev
->acl_pkts
)
1953 hdev
->acl_cnt
= hdev
->acl_pkts
;
1954 } else if (conn
->type
== LE_LINK
) {
1955 if (hdev
->le_pkts
) {
1956 hdev
->le_cnt
+= count
;
1957 if (hdev
->le_cnt
> hdev
->le_pkts
)
1958 hdev
->le_cnt
= hdev
->le_pkts
;
1960 hdev
->acl_cnt
+= count
;
1961 if (hdev
->acl_cnt
> hdev
->acl_pkts
)
1962 hdev
->acl_cnt
= hdev
->acl_pkts
;
1965 hdev
->sco_cnt
+= count
;
1966 if (hdev
->sco_cnt
> hdev
->sco_pkts
)
1967 hdev
->sco_cnt
= hdev
->sco_pkts
;
1972 tasklet_schedule(&hdev
->tx_task
);
1974 tasklet_enable(&hdev
->tx_task
);
1977 static inline void hci_mode_change_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1979 struct hci_ev_mode_change
*ev
= (void *) skb
->data
;
1980 struct hci_conn
*conn
;
1982 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
1986 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
1988 conn
->mode
= ev
->mode
;
1989 conn
->interval
= __le16_to_cpu(ev
->interval
);
1991 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND
, &conn
->pend
)) {
1992 if (conn
->mode
== HCI_CM_ACTIVE
)
1993 conn
->power_save
= 1;
1995 conn
->power_save
= 0;
1998 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND
, &conn
->pend
))
1999 hci_sco_setup(conn
, ev
->status
);
2002 hci_dev_unlock(hdev
);
2005 static inline void hci_pin_code_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2007 struct hci_ev_pin_code_req
*ev
= (void *) skb
->data
;
2008 struct hci_conn
*conn
;
2010 BT_DBG("%s", hdev
->name
);
2014 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2015 if (conn
&& conn
->state
== BT_CONNECTED
) {
2016 hci_conn_hold(conn
);
2017 conn
->disc_timeout
= HCI_PAIRING_TIMEOUT
;
2021 if (!test_bit(HCI_PAIRABLE
, &hdev
->flags
))
2022 hci_send_cmd(hdev
, HCI_OP_PIN_CODE_NEG_REPLY
,
2023 sizeof(ev
->bdaddr
), &ev
->bdaddr
);
2025 if (test_bit(HCI_MGMT
, &hdev
->flags
)) {
2028 if (conn
->pending_sec_level
== BT_SECURITY_HIGH
)
2033 mgmt_pin_code_request(hdev
->id
, &ev
->bdaddr
, secure
);
2036 hci_dev_unlock(hdev
);
2039 static inline void hci_link_key_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2041 struct hci_ev_link_key_req
*ev
= (void *) skb
->data
;
2042 struct hci_cp_link_key_reply cp
;
2043 struct hci_conn
*conn
;
2044 struct link_key
*key
;
2046 BT_DBG("%s", hdev
->name
);
2048 if (!test_bit(HCI_LINK_KEYS
, &hdev
->flags
))
2053 key
= hci_find_link_key(hdev
, &ev
->bdaddr
);
2055 BT_DBG("%s link key not found for %s", hdev
->name
,
2056 batostr(&ev
->bdaddr
));
2060 BT_DBG("%s found key type %u for %s", hdev
->name
, key
->type
,
2061 batostr(&ev
->bdaddr
));
2063 if (!test_bit(HCI_DEBUG_KEYS
, &hdev
->flags
) &&
2064 key
->type
== HCI_LK_DEBUG_COMBINATION
) {
2065 BT_DBG("%s ignoring debug key", hdev
->name
);
2069 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2071 if (key
->type
== HCI_LK_UNAUTH_COMBINATION
&&
2072 conn
->auth_type
!= 0xff &&
2073 (conn
->auth_type
& 0x01)) {
2074 BT_DBG("%s ignoring unauthenticated key", hdev
->name
);
2078 if (key
->type
== HCI_LK_COMBINATION
&& key
->pin_len
< 16 &&
2079 conn
->pending_sec_level
== BT_SECURITY_HIGH
) {
2080 BT_DBG("%s ignoring key unauthenticated for high \
2081 security", hdev
->name
);
2085 conn
->key_type
= key
->type
;
2086 conn
->pin_length
= key
->pin_len
;
2089 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
2090 memcpy(cp
.link_key
, key
->val
, 16);
2092 hci_send_cmd(hdev
, HCI_OP_LINK_KEY_REPLY
, sizeof(cp
), &cp
);
2094 hci_dev_unlock(hdev
);
2099 hci_send_cmd(hdev
, HCI_OP_LINK_KEY_NEG_REPLY
, 6, &ev
->bdaddr
);
2100 hci_dev_unlock(hdev
);
2103 static inline void hci_link_key_notify_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2105 struct hci_ev_link_key_notify
*ev
= (void *) skb
->data
;
2106 struct hci_conn
*conn
;
2109 BT_DBG("%s", hdev
->name
);
2113 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2115 hci_conn_hold(conn
);
2116 conn
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
2117 pin_len
= conn
->pin_length
;
2119 if (ev
->key_type
!= HCI_LK_CHANGED_COMBINATION
)
2120 conn
->key_type
= ev
->key_type
;
2125 if (test_bit(HCI_LINK_KEYS
, &hdev
->flags
))
2126 hci_add_link_key(hdev
, 1, &ev
->bdaddr
, ev
->link_key
,
2127 ev
->key_type
, pin_len
);
2129 hci_dev_unlock(hdev
);
2132 static inline void hci_clock_offset_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2134 struct hci_ev_clock_offset
*ev
= (void *) skb
->data
;
2135 struct hci_conn
*conn
;
2137 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
2141 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2142 if (conn
&& !ev
->status
) {
2143 struct inquiry_entry
*ie
;
2145 ie
= hci_inquiry_cache_lookup(hdev
, &conn
->dst
);
2147 ie
->data
.clock_offset
= ev
->clock_offset
;
2148 ie
->timestamp
= jiffies
;
2152 hci_dev_unlock(hdev
);
2155 static inline void hci_pkt_type_change_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2157 struct hci_ev_pkt_type_change
*ev
= (void *) skb
->data
;
2158 struct hci_conn
*conn
;
2160 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
2164 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2165 if (conn
&& !ev
->status
)
2166 conn
->pkt_type
= __le16_to_cpu(ev
->pkt_type
);
2168 hci_dev_unlock(hdev
);
2171 static inline void hci_pscan_rep_mode_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2173 struct hci_ev_pscan_rep_mode
*ev
= (void *) skb
->data
;
2174 struct inquiry_entry
*ie
;
2176 BT_DBG("%s", hdev
->name
);
2180 ie
= hci_inquiry_cache_lookup(hdev
, &ev
->bdaddr
);
2182 ie
->data
.pscan_rep_mode
= ev
->pscan_rep_mode
;
2183 ie
->timestamp
= jiffies
;
2186 hci_dev_unlock(hdev
);
2189 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2191 struct inquiry_data data
;
2192 int num_rsp
= *((__u8
*) skb
->data
);
2194 BT_DBG("%s num_rsp %d", hdev
->name
, num_rsp
);
2201 if (!test_and_set_bit(HCI_INQUIRY
, &hdev
->flags
)) {
2203 if (test_bit(HCI_MGMT
, &hdev
->flags
))
2204 mgmt_discovering(hdev
->id
, 1);
2207 if ((skb
->len
- 1) / num_rsp
!= sizeof(struct inquiry_info_with_rssi
)) {
2208 struct inquiry_info_with_rssi_and_pscan_mode
*info
;
2209 info
= (void *) (skb
->data
+ 1);
2211 for (; num_rsp
; num_rsp
--, info
++) {
2212 bacpy(&data
.bdaddr
, &info
->bdaddr
);
2213 data
.pscan_rep_mode
= info
->pscan_rep_mode
;
2214 data
.pscan_period_mode
= info
->pscan_period_mode
;
2215 data
.pscan_mode
= info
->pscan_mode
;
2216 memcpy(data
.dev_class
, info
->dev_class
, 3);
2217 data
.clock_offset
= info
->clock_offset
;
2218 data
.rssi
= info
->rssi
;
2219 data
.ssp_mode
= 0x00;
2220 hci_inquiry_cache_update(hdev
, &data
);
2221 mgmt_device_found(hdev
->id
, &info
->bdaddr
,
2222 info
->dev_class
, info
->rssi
,
2226 struct inquiry_info_with_rssi
*info
= (void *) (skb
->data
+ 1);
2228 for (; num_rsp
; num_rsp
--, info
++) {
2229 bacpy(&data
.bdaddr
, &info
->bdaddr
);
2230 data
.pscan_rep_mode
= info
->pscan_rep_mode
;
2231 data
.pscan_period_mode
= info
->pscan_period_mode
;
2232 data
.pscan_mode
= 0x00;
2233 memcpy(data
.dev_class
, info
->dev_class
, 3);
2234 data
.clock_offset
= info
->clock_offset
;
2235 data
.rssi
= info
->rssi
;
2236 data
.ssp_mode
= 0x00;
2237 hci_inquiry_cache_update(hdev
, &data
);
2238 mgmt_device_found(hdev
->id
, &info
->bdaddr
,
2239 info
->dev_class
, info
->rssi
,
2244 hci_dev_unlock(hdev
);
2247 static inline void hci_remote_ext_features_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2249 struct hci_ev_remote_ext_features
*ev
= (void *) skb
->data
;
2250 struct hci_conn
*conn
;
2252 BT_DBG("%s", hdev
->name
);
2256 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2260 if (!ev
->status
&& ev
->page
== 0x01) {
2261 struct inquiry_entry
*ie
;
2263 ie
= hci_inquiry_cache_lookup(hdev
, &conn
->dst
);
2265 ie
->data
.ssp_mode
= (ev
->features
[0] & 0x01);
2267 conn
->ssp_mode
= (ev
->features
[0] & 0x01);
2270 if (conn
->state
!= BT_CONFIG
)
2274 struct hci_cp_remote_name_req cp
;
2275 memset(&cp
, 0, sizeof(cp
));
2276 bacpy(&cp
.bdaddr
, &conn
->dst
);
2277 cp
.pscan_rep_mode
= 0x02;
2278 hci_send_cmd(hdev
, HCI_OP_REMOTE_NAME_REQ
, sizeof(cp
), &cp
);
2281 if (!hci_outgoing_auth_needed(hdev
, conn
)) {
2282 conn
->state
= BT_CONNECTED
;
2283 hci_proto_connect_cfm(conn
, ev
->status
);
2288 hci_dev_unlock(hdev
);
2291 static inline void hci_sync_conn_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2293 struct hci_ev_sync_conn_complete
*ev
= (void *) skb
->data
;
2294 struct hci_conn
*conn
;
2296 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
2300 conn
= hci_conn_hash_lookup_ba(hdev
, ev
->link_type
, &ev
->bdaddr
);
2302 if (ev
->link_type
== ESCO_LINK
)
2305 conn
= hci_conn_hash_lookup_ba(hdev
, ESCO_LINK
, &ev
->bdaddr
);
2309 conn
->type
= SCO_LINK
;
2312 switch (ev
->status
) {
2314 conn
->handle
= __le16_to_cpu(ev
->handle
);
2315 conn
->state
= BT_CONNECTED
;
2317 hci_conn_hold_device(conn
);
2318 hci_conn_add_sysfs(conn
);
2321 case 0x11: /* Unsupported Feature or Parameter Value */
2322 case 0x1c: /* SCO interval rejected */
2323 case 0x1a: /* Unsupported Remote Feature */
2324 case 0x1f: /* Unspecified error */
2325 if (conn
->out
&& conn
->attempt
< 2) {
2326 conn
->pkt_type
= (hdev
->esco_type
& SCO_ESCO_MASK
) |
2327 (hdev
->esco_type
& EDR_ESCO_MASK
);
2328 hci_setup_sync(conn
, conn
->link
->handle
);
2334 conn
->state
= BT_CLOSED
;
2338 hci_proto_connect_cfm(conn
, ev
->status
);
2343 hci_dev_unlock(hdev
);
2346 static inline void hci_sync_conn_changed_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2348 BT_DBG("%s", hdev
->name
);
2351 static inline void hci_sniff_subrate_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2353 struct hci_ev_sniff_subrate
*ev
= (void *) skb
->data
;
2355 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
2358 static inline void hci_extended_inquiry_result_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2360 struct inquiry_data data
;
2361 struct extended_inquiry_info
*info
= (void *) (skb
->data
+ 1);
2362 int num_rsp
= *((__u8
*) skb
->data
);
2364 BT_DBG("%s num_rsp %d", hdev
->name
, num_rsp
);
2369 if (!test_and_set_bit(HCI_INQUIRY
, &hdev
->flags
)) {
2371 if (test_bit(HCI_MGMT
, &hdev
->flags
))
2372 mgmt_discovering(hdev
->id
, 1);
2377 for (; num_rsp
; num_rsp
--, info
++) {
2378 bacpy(&data
.bdaddr
, &info
->bdaddr
);
2379 data
.pscan_rep_mode
= info
->pscan_rep_mode
;
2380 data
.pscan_period_mode
= info
->pscan_period_mode
;
2381 data
.pscan_mode
= 0x00;
2382 memcpy(data
.dev_class
, info
->dev_class
, 3);
2383 data
.clock_offset
= info
->clock_offset
;
2384 data
.rssi
= info
->rssi
;
2385 data
.ssp_mode
= 0x01;
2386 hci_inquiry_cache_update(hdev
, &data
);
2387 mgmt_device_found(hdev
->id
, &info
->bdaddr
, info
->dev_class
,
2388 info
->rssi
, info
->data
);
2391 hci_dev_unlock(hdev
);
2394 static inline u8
hci_get_auth_req(struct hci_conn
*conn
)
2396 /* If remote requests dedicated bonding follow that lead */
2397 if (conn
->remote_auth
== 0x02 || conn
->remote_auth
== 0x03) {
2398 /* If both remote and local IO capabilities allow MITM
2399 * protection then require it, otherwise don't */
2400 if (conn
->remote_cap
== 0x03 || conn
->io_capability
== 0x03)
2406 /* If remote requests no-bonding follow that lead */
2407 if (conn
->remote_auth
== 0x00 || conn
->remote_auth
== 0x01)
2408 return conn
->remote_auth
| (conn
->auth_type
& 0x01);
2410 return conn
->auth_type
;
2413 static inline void hci_io_capa_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2415 struct hci_ev_io_capa_request
*ev
= (void *) skb
->data
;
2416 struct hci_conn
*conn
;
2418 BT_DBG("%s", hdev
->name
);
2422 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2426 hci_conn_hold(conn
);
2428 if (!test_bit(HCI_MGMT
, &hdev
->flags
))
2431 if (test_bit(HCI_PAIRABLE
, &hdev
->flags
) ||
2432 (conn
->remote_auth
& ~0x01) == HCI_AT_NO_BONDING
) {
2433 struct hci_cp_io_capability_reply cp
;
2435 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
2436 cp
.capability
= conn
->io_capability
;
2437 cp
.authentication
= hci_get_auth_req(conn
);
2439 if ((conn
->out
== 0x01 || conn
->remote_oob
== 0x01) &&
2440 hci_find_remote_oob_data(hdev
, &conn
->dst
))
2445 hci_send_cmd(hdev
, HCI_OP_IO_CAPABILITY_REPLY
,
2448 struct hci_cp_io_capability_neg_reply cp
;
2450 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
2451 cp
.reason
= 0x16; /* Pairing not allowed */
2453 hci_send_cmd(hdev
, HCI_OP_IO_CAPABILITY_NEG_REPLY
,
2458 hci_dev_unlock(hdev
);
2461 static inline void hci_io_capa_reply_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2463 struct hci_ev_io_capa_reply
*ev
= (void *) skb
->data
;
2464 struct hci_conn
*conn
;
2466 BT_DBG("%s", hdev
->name
);
2470 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2474 conn
->remote_cap
= ev
->capability
;
2475 conn
->remote_oob
= ev
->oob_data
;
2476 conn
->remote_auth
= ev
->authentication
;
2479 hci_dev_unlock(hdev
);
2482 static inline void hci_user_confirm_request_evt(struct hci_dev
*hdev
,
2483 struct sk_buff
*skb
)
2485 struct hci_ev_user_confirm_req
*ev
= (void *) skb
->data
;
2486 int loc_mitm
, rem_mitm
;
2487 struct hci_conn
*conn
;
2489 BT_DBG("%s", hdev
->name
);
2493 if (!test_bit(HCI_MGMT
, &hdev
->flags
))
2496 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2500 loc_mitm
= (conn
->auth_type
& 0x01);
2501 rem_mitm
= (conn
->remote_auth
& 0x01);
2503 /* If we require MITM but the remote device can't provide that
2504 * (it has NoInputNoOutput) then reject the confirmation
2505 * request. The only exception is when we're dedicated bonding
2506 * initiators (connect_cfm_cb set) since then we always have the MITM
2508 if (!conn
->connect_cfm_cb
&& loc_mitm
&& conn
->remote_cap
== 0x03) {
2509 BT_DBG("Rejecting request: remote device can't provide MITM");
2510 hci_send_cmd(hdev
, HCI_OP_USER_CONFIRM_NEG_REPLY
,
2511 sizeof(ev
->bdaddr
), &ev
->bdaddr
);
2515 /* If no side requires MITM protection; auto-accept */
2516 if ((!loc_mitm
|| conn
->remote_cap
== 0x03) &&
2517 (!rem_mitm
|| conn
->io_capability
== 0x03)) {
2518 BT_DBG("Auto-accept of user confirmation with %ums delay",
2519 hdev
->auto_accept_delay
);
2521 if (hdev
->auto_accept_delay
> 0) {
2522 int delay
= msecs_to_jiffies(hdev
->auto_accept_delay
);
2523 mod_timer(&conn
->auto_accept_timer
, jiffies
+ delay
);
2527 hci_send_cmd(hdev
, HCI_OP_USER_CONFIRM_REPLY
,
2528 sizeof(ev
->bdaddr
), &ev
->bdaddr
);
2532 mgmt_user_confirm_request(hdev
->id
, &ev
->bdaddr
, ev
->passkey
);
2535 hci_dev_unlock(hdev
);
2538 static inline void hci_simple_pair_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2540 struct hci_ev_simple_pair_complete
*ev
= (void *) skb
->data
;
2541 struct hci_conn
*conn
;
2543 BT_DBG("%s", hdev
->name
);
2547 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2551 /* To avoid duplicate auth_failed events to user space we check
2552 * the HCI_CONN_AUTH_PEND flag which will be set if we
2553 * initiated the authentication. A traditional auth_complete
2554 * event gets always produced as initiator and is also mapped to
2555 * the mgmt_auth_failed event */
2556 if (!test_bit(HCI_CONN_AUTH_PEND
, &conn
->pend
) && ev
->status
!= 0)
2557 mgmt_auth_failed(hdev
->id
, &conn
->dst
, ev
->status
);
2562 hci_dev_unlock(hdev
);
2565 static inline void hci_remote_host_features_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2567 struct hci_ev_remote_host_features
*ev
= (void *) skb
->data
;
2568 struct inquiry_entry
*ie
;
2570 BT_DBG("%s", hdev
->name
);
2574 ie
= hci_inquiry_cache_lookup(hdev
, &ev
->bdaddr
);
2576 ie
->data
.ssp_mode
= (ev
->features
[0] & 0x01);
2578 hci_dev_unlock(hdev
);
2581 static inline void hci_remote_oob_data_request_evt(struct hci_dev
*hdev
,
2582 struct sk_buff
*skb
)
2584 struct hci_ev_remote_oob_data_request
*ev
= (void *) skb
->data
;
2585 struct oob_data
*data
;
2587 BT_DBG("%s", hdev
->name
);
2591 if (!test_bit(HCI_MGMT
, &hdev
->flags
))
2594 data
= hci_find_remote_oob_data(hdev
, &ev
->bdaddr
);
2596 struct hci_cp_remote_oob_data_reply cp
;
2598 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
2599 memcpy(cp
.hash
, data
->hash
, sizeof(cp
.hash
));
2600 memcpy(cp
.randomizer
, data
->randomizer
, sizeof(cp
.randomizer
));
2602 hci_send_cmd(hdev
, HCI_OP_REMOTE_OOB_DATA_REPLY
, sizeof(cp
),
2605 struct hci_cp_remote_oob_data_neg_reply cp
;
2607 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
2608 hci_send_cmd(hdev
, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY
, sizeof(cp
),
2613 hci_dev_unlock(hdev
);
2616 static inline void hci_le_conn_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2618 struct hci_ev_le_conn_complete
*ev
= (void *) skb
->data
;
2619 struct hci_conn
*conn
;
2621 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
2625 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, &ev
->bdaddr
);
2627 conn
= hci_conn_add(hdev
, LE_LINK
, &ev
->bdaddr
);
2629 BT_ERR("No memory for new connection");
2630 hci_dev_unlock(hdev
);
2636 hci_proto_connect_cfm(conn
, ev
->status
);
2637 conn
->state
= BT_CLOSED
;
2642 conn
->handle
= __le16_to_cpu(ev
->handle
);
2643 conn
->state
= BT_CONNECTED
;
2645 hci_conn_hold_device(conn
);
2646 hci_conn_add_sysfs(conn
);
2648 hci_proto_connect_cfm(conn
, ev
->status
);
2651 hci_dev_unlock(hdev
);
2654 static inline void hci_le_meta_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2656 struct hci_ev_le_meta
*le_ev
= (void *) skb
->data
;
2658 skb_pull(skb
, sizeof(*le_ev
));
2660 switch (le_ev
->subevent
) {
2661 case HCI_EV_LE_CONN_COMPLETE
:
2662 hci_le_conn_complete_evt(hdev
, skb
);
2670 void hci_event_packet(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2672 struct hci_event_hdr
*hdr
= (void *) skb
->data
;
2673 __u8 event
= hdr
->evt
;
2675 skb_pull(skb
, HCI_EVENT_HDR_SIZE
);
2678 case HCI_EV_INQUIRY_COMPLETE
:
2679 hci_inquiry_complete_evt(hdev
, skb
);
2682 case HCI_EV_INQUIRY_RESULT
:
2683 hci_inquiry_result_evt(hdev
, skb
);
2686 case HCI_EV_CONN_COMPLETE
:
2687 hci_conn_complete_evt(hdev
, skb
);
2690 case HCI_EV_CONN_REQUEST
:
2691 hci_conn_request_evt(hdev
, skb
);
2694 case HCI_EV_DISCONN_COMPLETE
:
2695 hci_disconn_complete_evt(hdev
, skb
);
2698 case HCI_EV_AUTH_COMPLETE
:
2699 hci_auth_complete_evt(hdev
, skb
);
2702 case HCI_EV_REMOTE_NAME
:
2703 hci_remote_name_evt(hdev
, skb
);
2706 case HCI_EV_ENCRYPT_CHANGE
:
2707 hci_encrypt_change_evt(hdev
, skb
);
2710 case HCI_EV_CHANGE_LINK_KEY_COMPLETE
:
2711 hci_change_link_key_complete_evt(hdev
, skb
);
2714 case HCI_EV_REMOTE_FEATURES
:
2715 hci_remote_features_evt(hdev
, skb
);
2718 case HCI_EV_REMOTE_VERSION
:
2719 hci_remote_version_evt(hdev
, skb
);
2722 case HCI_EV_QOS_SETUP_COMPLETE
:
2723 hci_qos_setup_complete_evt(hdev
, skb
);
2726 case HCI_EV_CMD_COMPLETE
:
2727 hci_cmd_complete_evt(hdev
, skb
);
2730 case HCI_EV_CMD_STATUS
:
2731 hci_cmd_status_evt(hdev
, skb
);
2734 case HCI_EV_ROLE_CHANGE
:
2735 hci_role_change_evt(hdev
, skb
);
2738 case HCI_EV_NUM_COMP_PKTS
:
2739 hci_num_comp_pkts_evt(hdev
, skb
);
2742 case HCI_EV_MODE_CHANGE
:
2743 hci_mode_change_evt(hdev
, skb
);
2746 case HCI_EV_PIN_CODE_REQ
:
2747 hci_pin_code_request_evt(hdev
, skb
);
2750 case HCI_EV_LINK_KEY_REQ
:
2751 hci_link_key_request_evt(hdev
, skb
);
2754 case HCI_EV_LINK_KEY_NOTIFY
:
2755 hci_link_key_notify_evt(hdev
, skb
);
2758 case HCI_EV_CLOCK_OFFSET
:
2759 hci_clock_offset_evt(hdev
, skb
);
2762 case HCI_EV_PKT_TYPE_CHANGE
:
2763 hci_pkt_type_change_evt(hdev
, skb
);
2766 case HCI_EV_PSCAN_REP_MODE
:
2767 hci_pscan_rep_mode_evt(hdev
, skb
);
2770 case HCI_EV_INQUIRY_RESULT_WITH_RSSI
:
2771 hci_inquiry_result_with_rssi_evt(hdev
, skb
);
2774 case HCI_EV_REMOTE_EXT_FEATURES
:
2775 hci_remote_ext_features_evt(hdev
, skb
);
2778 case HCI_EV_SYNC_CONN_COMPLETE
:
2779 hci_sync_conn_complete_evt(hdev
, skb
);
2782 case HCI_EV_SYNC_CONN_CHANGED
:
2783 hci_sync_conn_changed_evt(hdev
, skb
);
2786 case HCI_EV_SNIFF_SUBRATE
:
2787 hci_sniff_subrate_evt(hdev
, skb
);
2790 case HCI_EV_EXTENDED_INQUIRY_RESULT
:
2791 hci_extended_inquiry_result_evt(hdev
, skb
);
2794 case HCI_EV_IO_CAPA_REQUEST
:
2795 hci_io_capa_request_evt(hdev
, skb
);
2798 case HCI_EV_IO_CAPA_REPLY
:
2799 hci_io_capa_reply_evt(hdev
, skb
);
2802 case HCI_EV_USER_CONFIRM_REQUEST
:
2803 hci_user_confirm_request_evt(hdev
, skb
);
2806 case HCI_EV_SIMPLE_PAIR_COMPLETE
:
2807 hci_simple_pair_complete_evt(hdev
, skb
);
2810 case HCI_EV_REMOTE_HOST_FEATURES
:
2811 hci_remote_host_features_evt(hdev
, skb
);
2814 case HCI_EV_LE_META
:
2815 hci_le_meta_evt(hdev
, skb
);
2818 case HCI_EV_REMOTE_OOB_DATA_REQUEST
:
2819 hci_remote_oob_data_request_evt(hdev
, skb
);
2823 BT_DBG("%s event 0x%x", hdev
->name
, event
);
2828 hdev
->stat
.evt_rx
++;
2831 /* Generate internal stack event */
2832 void hci_si_event(struct hci_dev
*hdev
, int type
, int dlen
, void *data
)
2834 struct hci_event_hdr
*hdr
;
2835 struct hci_ev_stack_internal
*ev
;
2836 struct sk_buff
*skb
;
2838 skb
= bt_skb_alloc(HCI_EVENT_HDR_SIZE
+ sizeof(*ev
) + dlen
, GFP_ATOMIC
);
2842 hdr
= (void *) skb_put(skb
, HCI_EVENT_HDR_SIZE
);
2843 hdr
->evt
= HCI_EV_STACK_INTERNAL
;
2844 hdr
->plen
= sizeof(*ev
) + dlen
;
2846 ev
= (void *) skb_put(skb
, sizeof(*ev
) + dlen
);
2848 memcpy(ev
->data
, data
, dlen
);
2850 bt_cb(skb
)->incoming
= 1;
2851 __net_timestamp(skb
);
2853 bt_cb(skb
)->pkt_type
= HCI_EVENT_PKT
;
2854 skb
->dev
= (void *) hdev
;
2855 hci_send_to_sock(hdev
, skb
, NULL
);