2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
48 /* Handle HCI Event packets */
50 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
52 __u8 status = *((__u8 *) skb->data);
54 BT_DBG("%s status 0x%x", hdev->name, status);
59 if (test_bit(HCI_MGMT, &hdev->flags) &&
60 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
61 mgmt_discovering(hdev->id, 0);
63 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
65 hci_conn_check_pending(hdev);
68 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
70 __u8 status = *((__u8 *) skb->data);
72 BT_DBG("%s status 0x%x", hdev->name, status);
77 if (test_bit(HCI_MGMT, &hdev->flags) &&
78 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
79 mgmt_discovering(hdev->id, 0);
81 hci_conn_check_pending(hdev);
84 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev, struct sk_buff *skb)
86 BT_DBG("%s", hdev->name);
89 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
91 struct hci_rp_role_discovery *rp = (void *) skb->data;
92 struct hci_conn *conn;
94 BT_DBG("%s status 0x%x", hdev->name, rp->status);
101 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
104 conn->link_mode &= ~HCI_LM_MASTER;
106 conn->link_mode |= HCI_LM_MASTER;
109 hci_dev_unlock(hdev);
112 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
114 struct hci_rp_read_link_policy *rp = (void *) skb->data;
115 struct hci_conn *conn;
117 BT_DBG("%s status 0x%x", hdev->name, rp->status);
124 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
126 conn->link_policy = __le16_to_cpu(rp->policy);
128 hci_dev_unlock(hdev);
131 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
133 struct hci_rp_write_link_policy *rp = (void *) skb->data;
134 struct hci_conn *conn;
137 BT_DBG("%s status 0x%x", hdev->name, rp->status);
142 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
148 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
150 conn->link_policy = get_unaligned_le16(sent + 2);
152 hci_dev_unlock(hdev);
155 static void hci_cc_read_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
157 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
159 BT_DBG("%s status 0x%x", hdev->name, rp->status);
164 hdev->link_policy = __le16_to_cpu(rp->policy);
167 static void hci_cc_write_def_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
169 __u8 status = *((__u8 *) skb->data);
172 BT_DBG("%s status 0x%x", hdev->name, status);
174 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
179 hdev->link_policy = get_unaligned_le16(sent);
181 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
184 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
186 __u8 status = *((__u8 *) skb->data);
188 BT_DBG("%s status 0x%x", hdev->name, status);
190 clear_bit(HCI_RESET, &hdev->flags);
192 hci_req_complete(hdev, HCI_OP_RESET, status);
195 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
197 __u8 status = *((__u8 *) skb->data);
200 BT_DBG("%s status 0x%x", hdev->name, status);
202 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
206 if (test_bit(HCI_MGMT, &hdev->flags))
207 mgmt_set_local_name_complete(hdev->id, sent, status);
212 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
215 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
217 struct hci_rp_read_local_name *rp = (void *) skb->data;
219 BT_DBG("%s status 0x%x", hdev->name, rp->status);
224 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
227 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
229 __u8 status = *((__u8 *) skb->data);
232 BT_DBG("%s status 0x%x", hdev->name, status);
234 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
239 __u8 param = *((__u8 *) sent);
241 if (param == AUTH_ENABLED)
242 set_bit(HCI_AUTH, &hdev->flags);
244 clear_bit(HCI_AUTH, &hdev->flags);
247 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
250 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
252 __u8 status = *((__u8 *) skb->data);
255 BT_DBG("%s status 0x%x", hdev->name, status);
257 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
262 __u8 param = *((__u8 *) sent);
265 set_bit(HCI_ENCRYPT, &hdev->flags);
267 clear_bit(HCI_ENCRYPT, &hdev->flags);
270 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
273 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
275 __u8 status = *((__u8 *) skb->data);
278 BT_DBG("%s status 0x%x", hdev->name, status);
280 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
285 __u8 param = *((__u8 *) sent);
286 int old_pscan, old_iscan;
288 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
289 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
291 if (param & SCAN_INQUIRY) {
292 set_bit(HCI_ISCAN, &hdev->flags);
294 mgmt_discoverable(hdev->id, 1);
295 } else if (old_iscan)
296 mgmt_discoverable(hdev->id, 0);
298 if (param & SCAN_PAGE) {
299 set_bit(HCI_PSCAN, &hdev->flags);
301 mgmt_connectable(hdev->id, 1);
302 } else if (old_pscan)
303 mgmt_connectable(hdev->id, 0);
306 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
309 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
311 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
313 BT_DBG("%s status 0x%x", hdev->name, rp->status);
318 memcpy(hdev->dev_class, rp->dev_class, 3);
320 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
321 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
324 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
326 __u8 status = *((__u8 *) skb->data);
329 BT_DBG("%s status 0x%x", hdev->name, status);
334 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
338 memcpy(hdev->dev_class, sent, 3);
341 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
343 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
346 BT_DBG("%s status 0x%x", hdev->name, rp->status);
351 setting = __le16_to_cpu(rp->voice_setting);
353 if (hdev->voice_setting == setting)
356 hdev->voice_setting = setting;
358 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
361 tasklet_disable(&hdev->tx_task);
362 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
363 tasklet_enable(&hdev->tx_task);
367 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
369 __u8 status = *((__u8 *) skb->data);
373 BT_DBG("%s status 0x%x", hdev->name, status);
378 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
382 setting = get_unaligned_le16(sent);
384 if (hdev->voice_setting == setting)
387 hdev->voice_setting = setting;
389 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
392 tasklet_disable(&hdev->tx_task);
393 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
394 tasklet_enable(&hdev->tx_task);
398 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
400 __u8 status = *((__u8 *) skb->data);
402 BT_DBG("%s status 0x%x", hdev->name, status);
404 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
407 static void hci_cc_read_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
409 struct hci_rp_read_ssp_mode *rp = (void *) skb->data;
411 BT_DBG("%s status 0x%x", hdev->name, rp->status);
416 hdev->ssp_mode = rp->mode;
419 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
421 __u8 status = *((__u8 *) skb->data);
424 BT_DBG("%s status 0x%x", hdev->name, status);
429 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
433 hdev->ssp_mode = *((__u8 *) sent);
436 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
438 if (hdev->features[6] & LMP_EXT_INQ)
441 if (hdev->features[3] & LMP_RSSI_INQ)
444 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
445 hdev->lmp_subver == 0x0757)
448 if (hdev->manufacturer == 15) {
449 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
451 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
453 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
457 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
458 hdev->lmp_subver == 0x1805)
464 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
468 mode = hci_get_inquiry_mode(hdev);
470 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
473 static void hci_setup_event_mask(struct hci_dev *hdev)
475 /* The second byte is 0xff instead of 0x9f (two reserved bits
476 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
477 * command otherwise */
478 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
480 /* Events for 1.2 and newer controllers */
481 if (hdev->lmp_ver > 1) {
482 events[4] |= 0x01; /* Flow Specification Complete */
483 events[4] |= 0x02; /* Inquiry Result with RSSI */
484 events[4] |= 0x04; /* Read Remote Extended Features Complete */
485 events[5] |= 0x08; /* Synchronous Connection Complete */
486 events[5] |= 0x10; /* Synchronous Connection Changed */
489 if (hdev->features[3] & LMP_RSSI_INQ)
490 events[4] |= 0x04; /* Inquiry Result with RSSI */
492 if (hdev->features[5] & LMP_SNIFF_SUBR)
493 events[5] |= 0x20; /* Sniff Subrating */
495 if (hdev->features[5] & LMP_PAUSE_ENC)
496 events[5] |= 0x80; /* Encryption Key Refresh Complete */
498 if (hdev->features[6] & LMP_EXT_INQ)
499 events[5] |= 0x40; /* Extended Inquiry Result */
501 if (hdev->features[6] & LMP_NO_FLUSH)
502 events[7] |= 0x01; /* Enhanced Flush Complete */
504 if (hdev->features[7] & LMP_LSTO)
505 events[6] |= 0x80; /* Link Supervision Timeout Changed */
507 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
508 events[6] |= 0x01; /* IO Capability Request */
509 events[6] |= 0x02; /* IO Capability Response */
510 events[6] |= 0x04; /* User Confirmation Request */
511 events[6] |= 0x08; /* User Passkey Request */
512 events[6] |= 0x10; /* Remote OOB Data Request */
513 events[6] |= 0x20; /* Simple Pairing Complete */
514 events[7] |= 0x04; /* User Passkey Notification */
515 events[7] |= 0x08; /* Keypress Notification */
516 events[7] |= 0x10; /* Remote Host Supported
517 * Features Notification */
520 if (hdev->features[4] & LMP_LE)
521 events[7] |= 0x20; /* LE Meta-Event */
523 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
526 static void hci_setup(struct hci_dev *hdev)
528 hci_setup_event_mask(hdev);
530 if (hdev->lmp_ver > 1)
531 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
533 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
535 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
538 if (hdev->features[3] & LMP_RSSI_INQ)
539 hci_setup_inquiry_mode(hdev);
541 if (hdev->features[7] & LMP_INQ_TX_PWR)
542 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
545 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
547 struct hci_rp_read_local_version *rp = (void *) skb->data;
549 BT_DBG("%s status 0x%x", hdev->name, rp->status);
554 hdev->hci_ver = rp->hci_ver;
555 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
556 hdev->lmp_ver = rp->lmp_ver;
557 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
558 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
560 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
562 hdev->hci_ver, hdev->hci_rev);
564 if (test_bit(HCI_INIT, &hdev->flags))
568 static void hci_setup_link_policy(struct hci_dev *hdev)
572 if (hdev->features[0] & LMP_RSWITCH)
573 link_policy |= HCI_LP_RSWITCH;
574 if (hdev->features[0] & LMP_HOLD)
575 link_policy |= HCI_LP_HOLD;
576 if (hdev->features[0] & LMP_SNIFF)
577 link_policy |= HCI_LP_SNIFF;
578 if (hdev->features[1] & LMP_PARK)
579 link_policy |= HCI_LP_PARK;
581 link_policy = cpu_to_le16(link_policy);
582 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY,
583 sizeof(link_policy), &link_policy);
586 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
588 struct hci_rp_read_local_commands *rp = (void *) skb->data;
590 BT_DBG("%s status 0x%x", hdev->name, rp->status);
595 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
597 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
598 hci_setup_link_policy(hdev);
601 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
604 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
606 struct hci_rp_read_local_features *rp = (void *) skb->data;
608 BT_DBG("%s status 0x%x", hdev->name, rp->status);
613 memcpy(hdev->features, rp->features, 8);
615 /* Adjust default settings according to features
616 * supported by device. */
618 if (hdev->features[0] & LMP_3SLOT)
619 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
621 if (hdev->features[0] & LMP_5SLOT)
622 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
624 if (hdev->features[1] & LMP_HV2) {
625 hdev->pkt_type |= (HCI_HV2);
626 hdev->esco_type |= (ESCO_HV2);
629 if (hdev->features[1] & LMP_HV3) {
630 hdev->pkt_type |= (HCI_HV3);
631 hdev->esco_type |= (ESCO_HV3);
634 if (hdev->features[3] & LMP_ESCO)
635 hdev->esco_type |= (ESCO_EV3);
637 if (hdev->features[4] & LMP_EV4)
638 hdev->esco_type |= (ESCO_EV4);
640 if (hdev->features[4] & LMP_EV5)
641 hdev->esco_type |= (ESCO_EV5);
643 if (hdev->features[5] & LMP_EDR_ESCO_2M)
644 hdev->esco_type |= (ESCO_2EV3);
646 if (hdev->features[5] & LMP_EDR_ESCO_3M)
647 hdev->esco_type |= (ESCO_3EV3);
649 if (hdev->features[5] & LMP_EDR_3S_ESCO)
650 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
652 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
653 hdev->features[0], hdev->features[1],
654 hdev->features[2], hdev->features[3],
655 hdev->features[4], hdev->features[5],
656 hdev->features[6], hdev->features[7]);
659 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
661 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
663 BT_DBG("%s status 0x%x", hdev->name, rp->status);
668 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
669 hdev->sco_mtu = rp->sco_mtu;
670 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
671 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
673 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
678 hdev->acl_cnt = hdev->acl_pkts;
679 hdev->sco_cnt = hdev->sco_pkts;
681 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name,
682 hdev->acl_mtu, hdev->acl_pkts,
683 hdev->sco_mtu, hdev->sco_pkts);
686 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
688 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
690 BT_DBG("%s status 0x%x", hdev->name, rp->status);
693 bacpy(&hdev->bdaddr, &rp->bdaddr);
695 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
698 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
700 __u8 status = *((__u8 *) skb->data);
702 BT_DBG("%s status 0x%x", hdev->name, status);
704 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
707 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
710 __u8 status = *((__u8 *) skb->data);
712 BT_DBG("%s status 0x%x", hdev->name, status);
714 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
717 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
719 __u8 status = *((__u8 *) skb->data);
721 BT_DBG("%s status 0x%x", hdev->name, status);
723 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
726 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
729 __u8 status = *((__u8 *) skb->data);
731 BT_DBG("%s status 0x%x", hdev->name, status);
733 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
736 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
739 __u8 status = *((__u8 *) skb->data);
741 BT_DBG("%s status 0x%x", hdev->name, status);
743 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, status);
746 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
748 __u8 status = *((__u8 *) skb->data);
750 BT_DBG("%s status 0x%x", hdev->name, status);
752 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
755 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
757 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
758 struct hci_cp_pin_code_reply *cp;
759 struct hci_conn *conn;
761 BT_DBG("%s status 0x%x", hdev->name, rp->status);
763 if (test_bit(HCI_MGMT, &hdev->flags))
764 mgmt_pin_code_reply_complete(hdev->id, &rp->bdaddr, rp->status);
769 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
773 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
775 conn->pin_length = cp->pin_len;
778 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
780 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
782 BT_DBG("%s status 0x%x", hdev->name, rp->status);
784 if (test_bit(HCI_MGMT, &hdev->flags))
785 mgmt_pin_code_neg_reply_complete(hdev->id, &rp->bdaddr,
788 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
791 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
793 BT_DBG("%s status 0x%x", hdev->name, rp->status);
798 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
799 hdev->le_pkts = rp->le_max_pkt;
801 hdev->le_cnt = hdev->le_pkts;
803 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
805 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
808 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
810 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
812 BT_DBG("%s status 0x%x", hdev->name, rp->status);
814 if (test_bit(HCI_MGMT, &hdev->flags))
815 mgmt_user_confirm_reply_complete(hdev->id, &rp->bdaddr,
819 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
822 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
824 BT_DBG("%s status 0x%x", hdev->name, rp->status);
826 if (test_bit(HCI_MGMT, &hdev->flags))
827 mgmt_user_confirm_neg_reply_complete(hdev->id, &rp->bdaddr,
831 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
834 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
836 BT_DBG("%s status 0x%x", hdev->name, rp->status);
838 mgmt_read_local_oob_data_reply_complete(hdev->id, rp->hash,
839 rp->randomizer, rp->status);
842 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
844 BT_DBG("%s status 0x%x", hdev->name, status);
847 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
848 hci_conn_check_pending(hdev);
852 if (test_bit(HCI_MGMT, &hdev->flags) &&
853 !test_and_set_bit(HCI_INQUIRY,
855 mgmt_discovering(hdev->id, 1);
858 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
860 struct hci_cp_create_conn *cp;
861 struct hci_conn *conn;
863 BT_DBG("%s status 0x%x", hdev->name, status);
865 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
871 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
873 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
876 if (conn && conn->state == BT_CONNECT) {
877 if (status != 0x0c || conn->attempt > 2) {
878 conn->state = BT_CLOSED;
879 hci_proto_connect_cfm(conn, status);
882 conn->state = BT_CONNECT2;
886 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
889 conn->link_mode |= HCI_LM_MASTER;
891 BT_ERR("No memory for new connection");
895 hci_dev_unlock(hdev);
898 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
900 struct hci_cp_add_sco *cp;
901 struct hci_conn *acl, *sco;
904 BT_DBG("%s status 0x%x", hdev->name, status);
909 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
913 handle = __le16_to_cpu(cp->handle);
915 BT_DBG("%s handle %d", hdev->name, handle);
919 acl = hci_conn_hash_lookup_handle(hdev, handle);
923 sco->state = BT_CLOSED;
925 hci_proto_connect_cfm(sco, status);
930 hci_dev_unlock(hdev);
933 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
935 struct hci_cp_auth_requested *cp;
936 struct hci_conn *conn;
938 BT_DBG("%s status 0x%x", hdev->name, status);
943 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
949 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
951 if (conn->state == BT_CONFIG) {
952 hci_proto_connect_cfm(conn, status);
957 hci_dev_unlock(hdev);
960 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
962 struct hci_cp_set_conn_encrypt *cp;
963 struct hci_conn *conn;
965 BT_DBG("%s status 0x%x", hdev->name, status);
970 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
976 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
978 if (conn->state == BT_CONFIG) {
979 hci_proto_connect_cfm(conn, status);
984 hci_dev_unlock(hdev);
987 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
988 struct hci_conn *conn)
990 if (conn->state != BT_CONFIG || !conn->out)
993 if (conn->pending_sec_level == BT_SECURITY_SDP)
996 /* Only request authentication for SSP connections or non-SSP
997 * devices with sec_level HIGH */
998 if (!(hdev->ssp_mode > 0 && conn->ssp_mode > 0) &&
999 conn->pending_sec_level != BT_SECURITY_HIGH)
1005 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1007 struct hci_cp_remote_name_req *cp;
1008 struct hci_conn *conn;
1010 BT_DBG("%s status 0x%x", hdev->name, status);
1012 /* If successful wait for the name req complete event before
1013 * checking for the need to do authentication */
1017 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1023 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1024 if (conn && hci_outgoing_auth_needed(hdev, conn)) {
1025 struct hci_cp_auth_requested cp;
1026 cp.handle = __cpu_to_le16(conn->handle);
1027 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1030 hci_dev_unlock(hdev);
1033 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1035 struct hci_cp_read_remote_features *cp;
1036 struct hci_conn *conn;
1038 BT_DBG("%s status 0x%x", hdev->name, status);
1043 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1049 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1051 if (conn->state == BT_CONFIG) {
1052 hci_proto_connect_cfm(conn, status);
1057 hci_dev_unlock(hdev);
1060 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1062 struct hci_cp_read_remote_ext_features *cp;
1063 struct hci_conn *conn;
1065 BT_DBG("%s status 0x%x", hdev->name, status);
1070 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1076 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1078 if (conn->state == BT_CONFIG) {
1079 hci_proto_connect_cfm(conn, status);
1084 hci_dev_unlock(hdev);
1087 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1089 struct hci_cp_setup_sync_conn *cp;
1090 struct hci_conn *acl, *sco;
1093 BT_DBG("%s status 0x%x", hdev->name, status);
1098 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1102 handle = __le16_to_cpu(cp->handle);
1104 BT_DBG("%s handle %d", hdev->name, handle);
1108 acl = hci_conn_hash_lookup_handle(hdev, handle);
1112 sco->state = BT_CLOSED;
1114 hci_proto_connect_cfm(sco, status);
1119 hci_dev_unlock(hdev);
1122 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1124 struct hci_cp_sniff_mode *cp;
1125 struct hci_conn *conn;
1127 BT_DBG("%s status 0x%x", hdev->name, status);
1132 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1138 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1140 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1142 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1143 hci_sco_setup(conn, status);
1146 hci_dev_unlock(hdev);
1149 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1151 struct hci_cp_exit_sniff_mode *cp;
1152 struct hci_conn *conn;
1154 BT_DBG("%s status 0x%x", hdev->name, status);
1159 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1165 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1167 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend);
1169 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1170 hci_sco_setup(conn, status);
1173 hci_dev_unlock(hdev);
1176 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1178 struct hci_cp_le_create_conn *cp;
1179 struct hci_conn *conn;
1181 BT_DBG("%s status 0x%x", hdev->name, status);
1183 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1189 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1191 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1195 if (conn && conn->state == BT_CONNECT) {
1196 conn->state = BT_CLOSED;
1197 hci_proto_connect_cfm(conn, status);
1202 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1206 BT_ERR("No memory for new connection");
1210 hci_dev_unlock(hdev);
1213 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1215 __u8 status = *((__u8 *) skb->data);
1217 BT_DBG("%s status %d", hdev->name, status);
1219 if (test_bit(HCI_MGMT, &hdev->flags) &&
1220 test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1221 mgmt_discovering(hdev->id, 0);
1223 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1225 hci_conn_check_pending(hdev);
1228 static inline void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1230 struct inquiry_data data;
1231 struct inquiry_info *info = (void *) (skb->data + 1);
1232 int num_rsp = *((__u8 *) skb->data);
1234 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1241 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
1243 if (test_bit(HCI_MGMT, &hdev->flags))
1244 mgmt_discovering(hdev->id, 1);
1247 for (; num_rsp; num_rsp--, info++) {
1248 bacpy(&data.bdaddr, &info->bdaddr);
1249 data.pscan_rep_mode = info->pscan_rep_mode;
1250 data.pscan_period_mode = info->pscan_period_mode;
1251 data.pscan_mode = info->pscan_mode;
1252 memcpy(data.dev_class, info->dev_class, 3);
1253 data.clock_offset = info->clock_offset;
1255 data.ssp_mode = 0x00;
1256 hci_inquiry_cache_update(hdev, &data);
1257 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class, 0,
1261 hci_dev_unlock(hdev);
1264 static inline void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1266 struct hci_ev_conn_complete *ev = (void *) skb->data;
1267 struct hci_conn *conn;
1269 BT_DBG("%s", hdev->name);
1273 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1275 if (ev->link_type != SCO_LINK)
1278 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1282 conn->type = SCO_LINK;
1286 conn->handle = __le16_to_cpu(ev->handle);
1288 if (conn->type == ACL_LINK) {
1289 conn->state = BT_CONFIG;
1290 hci_conn_hold(conn);
1291 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1292 mgmt_connected(hdev->id, &ev->bdaddr);
1294 conn->state = BT_CONNECTED;
1296 hci_conn_hold_device(conn);
1297 hci_conn_add_sysfs(conn);
1299 if (test_bit(HCI_AUTH, &hdev->flags))
1300 conn->link_mode |= HCI_LM_AUTH;
1302 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1303 conn->link_mode |= HCI_LM_ENCRYPT;
1305 /* Get remote features */
1306 if (conn->type == ACL_LINK) {
1307 struct hci_cp_read_remote_features cp;
1308 cp.handle = ev->handle;
1309 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1313 /* Set packet type for incoming connection */
1314 if (!conn->out && hdev->hci_ver < 3) {
1315 struct hci_cp_change_conn_ptype cp;
1316 cp.handle = ev->handle;
1317 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1318 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE,
1322 conn->state = BT_CLOSED;
1323 if (conn->type == ACL_LINK)
1324 mgmt_connect_failed(hdev->id, &ev->bdaddr, ev->status);
1327 if (conn->type == ACL_LINK)
1328 hci_sco_setup(conn, ev->status);
1331 hci_proto_connect_cfm(conn, ev->status);
1333 } else if (ev->link_type != ACL_LINK)
1334 hci_proto_connect_cfm(conn, ev->status);
1337 hci_dev_unlock(hdev);
1339 hci_conn_check_pending(hdev);
1342 static inline void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1344 struct hci_ev_conn_request *ev = (void *) skb->data;
1345 int mask = hdev->link_mode;
1347 BT_DBG("%s bdaddr %s type 0x%x", hdev->name,
1348 batostr(&ev->bdaddr), ev->link_type);
1350 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1352 if ((mask & HCI_LM_ACCEPT) &&
1353 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1354 /* Connection accepted */
1355 struct inquiry_entry *ie;
1356 struct hci_conn *conn;
1360 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1362 memcpy(ie->data.dev_class, ev->dev_class, 3);
1364 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1366 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1368 BT_ERR("No memory for new connection");
1369 hci_dev_unlock(hdev);
1374 memcpy(conn->dev_class, ev->dev_class, 3);
1375 conn->state = BT_CONNECT;
1377 hci_dev_unlock(hdev);
1379 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1380 struct hci_cp_accept_conn_req cp;
1382 bacpy(&cp.bdaddr, &ev->bdaddr);
1384 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1385 cp.role = 0x00; /* Become master */
1387 cp.role = 0x01; /* Remain slave */
1389 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ,
1392 struct hci_cp_accept_sync_conn_req cp;
1394 bacpy(&cp.bdaddr, &ev->bdaddr);
1395 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1397 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1398 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1399 cp.max_latency = cpu_to_le16(0xffff);
1400 cp.content_format = cpu_to_le16(hdev->voice_setting);
1401 cp.retrans_effort = 0xff;
1403 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1407 /* Connection rejected */
1408 struct hci_cp_reject_conn_req cp;
1410 bacpy(&cp.bdaddr, &ev->bdaddr);
1412 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1416 static inline void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1418 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1419 struct hci_conn *conn;
1421 BT_DBG("%s status %d", hdev->name, ev->status);
1424 mgmt_disconnect_failed(hdev->id);
1430 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1434 conn->state = BT_CLOSED;
1436 if (conn->type == ACL_LINK)
1437 mgmt_disconnected(hdev->id, &conn->dst);
1439 hci_proto_disconn_cfm(conn, ev->reason);
1443 hci_dev_unlock(hdev);
1446 static inline void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1448 struct hci_ev_auth_complete *ev = (void *) skb->data;
1449 struct hci_conn *conn;
1451 BT_DBG("%s status %d", hdev->name, ev->status);
1455 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1458 conn->link_mode |= HCI_LM_AUTH;
1459 conn->sec_level = conn->pending_sec_level;
1461 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
1464 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1466 if (conn->state == BT_CONFIG) {
1467 if (!ev->status && hdev->ssp_mode > 0 &&
1468 conn->ssp_mode > 0) {
1469 struct hci_cp_set_conn_encrypt cp;
1470 cp.handle = ev->handle;
1472 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
1475 conn->state = BT_CONNECTED;
1476 hci_proto_connect_cfm(conn, ev->status);
1480 hci_auth_cfm(conn, ev->status);
1482 hci_conn_hold(conn);
1483 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1487 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend)) {
1489 struct hci_cp_set_conn_encrypt cp;
1490 cp.handle = ev->handle;
1492 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT,
1495 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1496 hci_encrypt_cfm(conn, ev->status, 0x00);
1501 hci_dev_unlock(hdev);
1504 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
1506 struct hci_ev_remote_name *ev = (void *) skb->data;
1507 struct hci_conn *conn;
1509 BT_DBG("%s", hdev->name);
1511 hci_conn_check_pending(hdev);
1515 if (ev->status == 0 && test_bit(HCI_MGMT, &hdev->flags))
1516 mgmt_remote_name(hdev->id, &ev->bdaddr, ev->name);
1518 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1519 if (conn && hci_outgoing_auth_needed(hdev, conn)) {
1520 struct hci_cp_auth_requested cp;
1521 cp.handle = __cpu_to_le16(conn->handle);
1522 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1525 hci_dev_unlock(hdev);
1528 static inline void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1530 struct hci_ev_encrypt_change *ev = (void *) skb->data;
1531 struct hci_conn *conn;
1533 BT_DBG("%s status %d", hdev->name, ev->status);
1537 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1541 /* Encryption implies authentication */
1542 conn->link_mode |= HCI_LM_AUTH;
1543 conn->link_mode |= HCI_LM_ENCRYPT;
1545 conn->link_mode &= ~HCI_LM_ENCRYPT;
1548 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend);
1550 if (conn->state == BT_CONFIG) {
1552 conn->state = BT_CONNECTED;
1554 hci_proto_connect_cfm(conn, ev->status);
1557 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
1560 hci_dev_unlock(hdev);
1563 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1565 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
1566 struct hci_conn *conn;
1568 BT_DBG("%s status %d", hdev->name, ev->status);
1572 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1575 conn->link_mode |= HCI_LM_SECURE;
1577 clear_bit(HCI_CONN_AUTH_PEND, &conn->pend);
1579 hci_key_change_cfm(conn, ev->status);
1582 hci_dev_unlock(hdev);
1585 static inline void hci_remote_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
1587 struct hci_ev_remote_features *ev = (void *) skb->data;
1588 struct hci_conn *conn;
1590 BT_DBG("%s status %d", hdev->name, ev->status);
1594 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1599 memcpy(conn->features, ev->features, 8);
1601 if (conn->state != BT_CONFIG)
1604 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
1605 struct hci_cp_read_remote_ext_features cp;
1606 cp.handle = ev->handle;
1608 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
1614 struct hci_cp_remote_name_req cp;
1615 memset(&cp, 0, sizeof(cp));
1616 bacpy(&cp.bdaddr, &conn->dst);
1617 cp.pscan_rep_mode = 0x02;
1618 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1621 if (!hci_outgoing_auth_needed(hdev, conn)) {
1622 conn->state = BT_CONNECTED;
1623 hci_proto_connect_cfm(conn, ev->status);
1628 hci_dev_unlock(hdev);
1631 static inline void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
1633 BT_DBG("%s", hdev->name);
1636 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1638 BT_DBG("%s", hdev->name);
1641 static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1643 struct hci_ev_cmd_complete *ev = (void *) skb->data;
1646 skb_pull(skb, sizeof(*ev));
1648 opcode = __le16_to_cpu(ev->opcode);
1651 case HCI_OP_INQUIRY_CANCEL:
1652 hci_cc_inquiry_cancel(hdev, skb);
1655 case HCI_OP_EXIT_PERIODIC_INQ:
1656 hci_cc_exit_periodic_inq(hdev, skb);
1659 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
1660 hci_cc_remote_name_req_cancel(hdev, skb);
1663 case HCI_OP_ROLE_DISCOVERY:
1664 hci_cc_role_discovery(hdev, skb);
1667 case HCI_OP_READ_LINK_POLICY:
1668 hci_cc_read_link_policy(hdev, skb);
1671 case HCI_OP_WRITE_LINK_POLICY:
1672 hci_cc_write_link_policy(hdev, skb);
1675 case HCI_OP_READ_DEF_LINK_POLICY:
1676 hci_cc_read_def_link_policy(hdev, skb);
1679 case HCI_OP_WRITE_DEF_LINK_POLICY:
1680 hci_cc_write_def_link_policy(hdev, skb);
1684 hci_cc_reset(hdev, skb);
1687 case HCI_OP_WRITE_LOCAL_NAME:
1688 hci_cc_write_local_name(hdev, skb);
1691 case HCI_OP_READ_LOCAL_NAME:
1692 hci_cc_read_local_name(hdev, skb);
1695 case HCI_OP_WRITE_AUTH_ENABLE:
1696 hci_cc_write_auth_enable(hdev, skb);
1699 case HCI_OP_WRITE_ENCRYPT_MODE:
1700 hci_cc_write_encrypt_mode(hdev, skb);
1703 case HCI_OP_WRITE_SCAN_ENABLE:
1704 hci_cc_write_scan_enable(hdev, skb);
1707 case HCI_OP_READ_CLASS_OF_DEV:
1708 hci_cc_read_class_of_dev(hdev, skb);
1711 case HCI_OP_WRITE_CLASS_OF_DEV:
1712 hci_cc_write_class_of_dev(hdev, skb);
1715 case HCI_OP_READ_VOICE_SETTING:
1716 hci_cc_read_voice_setting(hdev, skb);
1719 case HCI_OP_WRITE_VOICE_SETTING:
1720 hci_cc_write_voice_setting(hdev, skb);
1723 case HCI_OP_HOST_BUFFER_SIZE:
1724 hci_cc_host_buffer_size(hdev, skb);
1727 case HCI_OP_READ_SSP_MODE:
1728 hci_cc_read_ssp_mode(hdev, skb);
1731 case HCI_OP_WRITE_SSP_MODE:
1732 hci_cc_write_ssp_mode(hdev, skb);
1735 case HCI_OP_READ_LOCAL_VERSION:
1736 hci_cc_read_local_version(hdev, skb);
1739 case HCI_OP_READ_LOCAL_COMMANDS:
1740 hci_cc_read_local_commands(hdev, skb);
1743 case HCI_OP_READ_LOCAL_FEATURES:
1744 hci_cc_read_local_features(hdev, skb);
1747 case HCI_OP_READ_BUFFER_SIZE:
1748 hci_cc_read_buffer_size(hdev, skb);
1751 case HCI_OP_READ_BD_ADDR:
1752 hci_cc_read_bd_addr(hdev, skb);
1755 case HCI_OP_WRITE_CA_TIMEOUT:
1756 hci_cc_write_ca_timeout(hdev, skb);
1759 case HCI_OP_DELETE_STORED_LINK_KEY:
1760 hci_cc_delete_stored_link_key(hdev, skb);
1763 case HCI_OP_SET_EVENT_MASK:
1764 hci_cc_set_event_mask(hdev, skb);
1767 case HCI_OP_WRITE_INQUIRY_MODE:
1768 hci_cc_write_inquiry_mode(hdev, skb);
1771 case HCI_OP_READ_INQ_RSP_TX_POWER:
1772 hci_cc_read_inq_rsp_tx_power(hdev, skb);
1775 case HCI_OP_SET_EVENT_FLT:
1776 hci_cc_set_event_flt(hdev, skb);
1779 case HCI_OP_PIN_CODE_REPLY:
1780 hci_cc_pin_code_reply(hdev, skb);
1783 case HCI_OP_PIN_CODE_NEG_REPLY:
1784 hci_cc_pin_code_neg_reply(hdev, skb);
1787 case HCI_OP_READ_LOCAL_OOB_DATA:
1788 hci_cc_read_local_oob_data_reply(hdev, skb);
1791 case HCI_OP_LE_READ_BUFFER_SIZE:
1792 hci_cc_le_read_buffer_size(hdev, skb);
1795 case HCI_OP_USER_CONFIRM_REPLY:
1796 hci_cc_user_confirm_reply(hdev, skb);
1799 case HCI_OP_USER_CONFIRM_NEG_REPLY:
1800 hci_cc_user_confirm_neg_reply(hdev, skb);
1804 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1808 if (ev->opcode != HCI_OP_NOP)
1809 del_timer(&hdev->cmd_timer);
1812 atomic_set(&hdev->cmd_cnt, 1);
1813 if (!skb_queue_empty(&hdev->cmd_q))
1814 tasklet_schedule(&hdev->cmd_task);
1818 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
1820 struct hci_ev_cmd_status *ev = (void *) skb->data;
1823 skb_pull(skb, sizeof(*ev));
1825 opcode = __le16_to_cpu(ev->opcode);
1828 case HCI_OP_INQUIRY:
1829 hci_cs_inquiry(hdev, ev->status);
1832 case HCI_OP_CREATE_CONN:
1833 hci_cs_create_conn(hdev, ev->status);
1836 case HCI_OP_ADD_SCO:
1837 hci_cs_add_sco(hdev, ev->status);
1840 case HCI_OP_AUTH_REQUESTED:
1841 hci_cs_auth_requested(hdev, ev->status);
1844 case HCI_OP_SET_CONN_ENCRYPT:
1845 hci_cs_set_conn_encrypt(hdev, ev->status);
1848 case HCI_OP_REMOTE_NAME_REQ:
1849 hci_cs_remote_name_req(hdev, ev->status);
1852 case HCI_OP_READ_REMOTE_FEATURES:
1853 hci_cs_read_remote_features(hdev, ev->status);
1856 case HCI_OP_READ_REMOTE_EXT_FEATURES:
1857 hci_cs_read_remote_ext_features(hdev, ev->status);
1860 case HCI_OP_SETUP_SYNC_CONN:
1861 hci_cs_setup_sync_conn(hdev, ev->status);
1864 case HCI_OP_SNIFF_MODE:
1865 hci_cs_sniff_mode(hdev, ev->status);
1868 case HCI_OP_EXIT_SNIFF_MODE:
1869 hci_cs_exit_sniff_mode(hdev, ev->status);
1872 case HCI_OP_DISCONNECT:
1873 if (ev->status != 0)
1874 mgmt_disconnect_failed(hdev->id);
1877 case HCI_OP_LE_CREATE_CONN:
1878 hci_cs_le_create_conn(hdev, ev->status);
1882 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
1886 if (ev->opcode != HCI_OP_NOP)
1887 del_timer(&hdev->cmd_timer);
1889 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
1890 atomic_set(&hdev->cmd_cnt, 1);
1891 if (!skb_queue_empty(&hdev->cmd_q))
1892 tasklet_schedule(&hdev->cmd_task);
1896 static inline void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1898 struct hci_ev_role_change *ev = (void *) skb->data;
1899 struct hci_conn *conn;
1901 BT_DBG("%s status %d", hdev->name, ev->status);
1905 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
1909 conn->link_mode &= ~HCI_LM_MASTER;
1911 conn->link_mode |= HCI_LM_MASTER;
1914 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->pend);
1916 hci_role_switch_cfm(conn, ev->status, ev->role);
1919 hci_dev_unlock(hdev);
1922 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
1924 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
1928 skb_pull(skb, sizeof(*ev));
1930 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
1932 if (skb->len < ev->num_hndl * 4) {
1933 BT_DBG("%s bad parameters", hdev->name);
1937 tasklet_disable(&hdev->tx_task);
1939 for (i = 0, ptr = (__le16 *) skb->data; i < ev->num_hndl; i++) {
1940 struct hci_conn *conn;
1941 __u16 handle, count;
1943 handle = get_unaligned_le16(ptr++);
1944 count = get_unaligned_le16(ptr++);
1946 conn = hci_conn_hash_lookup_handle(hdev, handle);
1948 conn->sent -= count;
1950 if (conn->type == ACL_LINK) {
1951 hdev->acl_cnt += count;
1952 if (hdev->acl_cnt > hdev->acl_pkts)
1953 hdev->acl_cnt = hdev->acl_pkts;
1954 } else if (conn->type == LE_LINK) {
1955 if (hdev->le_pkts) {
1956 hdev->le_cnt += count;
1957 if (hdev->le_cnt > hdev->le_pkts)
1958 hdev->le_cnt = hdev->le_pkts;
1960 hdev->acl_cnt += count;
1961 if (hdev->acl_cnt > hdev->acl_pkts)
1962 hdev->acl_cnt = hdev->acl_pkts;
1965 hdev->sco_cnt += count;
1966 if (hdev->sco_cnt > hdev->sco_pkts)
1967 hdev->sco_cnt = hdev->sco_pkts;
1972 tasklet_schedule(&hdev->tx_task);
1974 tasklet_enable(&hdev->tx_task);
1977 static inline void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
1979 struct hci_ev_mode_change *ev = (void *) skb->data;
1980 struct hci_conn *conn;
1982 BT_DBG("%s status %d", hdev->name, ev->status);
1986 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1988 conn->mode = ev->mode;
1989 conn->interval = __le16_to_cpu(ev->interval);
1991 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
1992 if (conn->mode == HCI_CM_ACTIVE)
1993 conn->power_save = 1;
1995 conn->power_save = 0;
1998 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->pend))
1999 hci_sco_setup(conn, ev->status);
2002 hci_dev_unlock(hdev);
2005 static inline void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2007 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2008 struct hci_conn *conn;
2010 BT_DBG("%s", hdev->name);
2014 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2015 if (conn && conn->state == BT_CONNECTED) {
2016 hci_conn_hold(conn);
2017 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2021 if (!test_bit(HCI_PAIRABLE, &hdev->flags))
2022 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2023 sizeof(ev->bdaddr), &ev->bdaddr);
2025 if (test_bit(HCI_MGMT, &hdev->flags))
2026 mgmt_pin_code_request(hdev->id, &ev->bdaddr);
2028 hci_dev_unlock(hdev);
2031 static inline void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2033 struct hci_ev_link_key_req *ev = (void *) skb->data;
2034 struct hci_cp_link_key_reply cp;
2035 struct hci_conn *conn;
2036 struct link_key *key;
2038 BT_DBG("%s", hdev->name);
2040 if (!test_bit(HCI_LINK_KEYS, &hdev->flags))
2045 key = hci_find_link_key(hdev, &ev->bdaddr);
2047 BT_DBG("%s link key not found for %s", hdev->name,
2048 batostr(&ev->bdaddr));
2052 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2053 batostr(&ev->bdaddr));
2055 if (!test_bit(HCI_DEBUG_KEYS, &hdev->flags) &&
2056 key->type == HCI_LK_DEBUG_COMBINATION) {
2057 BT_DBG("%s ignoring debug key", hdev->name);
2061 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2063 if (key->type == HCI_LK_UNAUTH_COMBINATION && conn &&
2064 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2065 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2069 bacpy(&cp.bdaddr, &ev->bdaddr);
2070 memcpy(cp.link_key, key->val, 16);
2072 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2074 hci_dev_unlock(hdev);
2079 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2080 hci_dev_unlock(hdev);
2083 static inline void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2085 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2086 struct hci_conn *conn;
2089 BT_DBG("%s", hdev->name);
2093 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2095 hci_conn_hold(conn);
2096 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2097 pin_len = conn->pin_length;
2099 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2100 conn->key_type = ev->key_type;
2105 if (test_bit(HCI_LINK_KEYS, &hdev->flags))
2106 hci_add_link_key(hdev, 1, &ev->bdaddr, ev->link_key,
2107 ev->key_type, pin_len);
2109 hci_dev_unlock(hdev);
2112 static inline void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
2114 struct hci_ev_clock_offset *ev = (void *) skb->data;
2115 struct hci_conn *conn;
2117 BT_DBG("%s status %d", hdev->name, ev->status);
2121 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2122 if (conn && !ev->status) {
2123 struct inquiry_entry *ie;
2125 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2127 ie->data.clock_offset = ev->clock_offset;
2128 ie->timestamp = jiffies;
2132 hci_dev_unlock(hdev);
2135 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2137 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2138 struct hci_conn *conn;
2140 BT_DBG("%s status %d", hdev->name, ev->status);
2144 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2145 if (conn && !ev->status)
2146 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2148 hci_dev_unlock(hdev);
2151 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
2153 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2154 struct inquiry_entry *ie;
2156 BT_DBG("%s", hdev->name);
2160 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2162 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2163 ie->timestamp = jiffies;
2166 hci_dev_unlock(hdev);
2169 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev, struct sk_buff *skb)
2171 struct inquiry_data data;
2172 int num_rsp = *((__u8 *) skb->data);
2174 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2181 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2183 if (test_bit(HCI_MGMT, &hdev->flags))
2184 mgmt_discovering(hdev->id, 1);
2187 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2188 struct inquiry_info_with_rssi_and_pscan_mode *info;
2189 info = (void *) (skb->data + 1);
2191 for (; num_rsp; num_rsp--, info++) {
2192 bacpy(&data.bdaddr, &info->bdaddr);
2193 data.pscan_rep_mode = info->pscan_rep_mode;
2194 data.pscan_period_mode = info->pscan_period_mode;
2195 data.pscan_mode = info->pscan_mode;
2196 memcpy(data.dev_class, info->dev_class, 3);
2197 data.clock_offset = info->clock_offset;
2198 data.rssi = info->rssi;
2199 data.ssp_mode = 0x00;
2200 hci_inquiry_cache_update(hdev, &data);
2201 mgmt_device_found(hdev->id, &info->bdaddr,
2202 info->dev_class, info->rssi,
2206 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2208 for (; num_rsp; num_rsp--, info++) {
2209 bacpy(&data.bdaddr, &info->bdaddr);
2210 data.pscan_rep_mode = info->pscan_rep_mode;
2211 data.pscan_period_mode = info->pscan_period_mode;
2212 data.pscan_mode = 0x00;
2213 memcpy(data.dev_class, info->dev_class, 3);
2214 data.clock_offset = info->clock_offset;
2215 data.rssi = info->rssi;
2216 data.ssp_mode = 0x00;
2217 hci_inquiry_cache_update(hdev, &data);
2218 mgmt_device_found(hdev->id, &info->bdaddr,
2219 info->dev_class, info->rssi,
2224 hci_dev_unlock(hdev);
2227 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2229 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2230 struct hci_conn *conn;
2232 BT_DBG("%s", hdev->name);
2236 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2240 if (!ev->status && ev->page == 0x01) {
2241 struct inquiry_entry *ie;
2243 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2245 ie->data.ssp_mode = (ev->features[0] & 0x01);
2247 conn->ssp_mode = (ev->features[0] & 0x01);
2250 if (conn->state != BT_CONFIG)
2254 struct hci_cp_remote_name_req cp;
2255 memset(&cp, 0, sizeof(cp));
2256 bacpy(&cp.bdaddr, &conn->dst);
2257 cp.pscan_rep_mode = 0x02;
2258 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2261 if (!hci_outgoing_auth_needed(hdev, conn)) {
2262 conn->state = BT_CONNECTED;
2263 hci_proto_connect_cfm(conn, ev->status);
2268 hci_dev_unlock(hdev);
2271 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2273 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2274 struct hci_conn *conn;
2276 BT_DBG("%s status %d", hdev->name, ev->status);
2280 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2282 if (ev->link_type == ESCO_LINK)
2285 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2289 conn->type = SCO_LINK;
2292 switch (ev->status) {
2294 conn->handle = __le16_to_cpu(ev->handle);
2295 conn->state = BT_CONNECTED;
2297 hci_conn_hold_device(conn);
2298 hci_conn_add_sysfs(conn);
2301 case 0x11: /* Unsupported Feature or Parameter Value */
2302 case 0x1c: /* SCO interval rejected */
2303 case 0x1a: /* Unsupported Remote Feature */
2304 case 0x1f: /* Unspecified error */
2305 if (conn->out && conn->attempt < 2) {
2306 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2307 (hdev->esco_type & EDR_ESCO_MASK);
2308 hci_setup_sync(conn, conn->link->handle);
2314 conn->state = BT_CLOSED;
2318 hci_proto_connect_cfm(conn, ev->status);
2323 hci_dev_unlock(hdev);
2326 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
2328 BT_DBG("%s", hdev->name);
2331 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
2333 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
2335 BT_DBG("%s status %d", hdev->name, ev->status);
2338 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
2340 struct inquiry_data data;
2341 struct extended_inquiry_info *info = (void *) (skb->data + 1);
2342 int num_rsp = *((__u8 *) skb->data);
2344 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2349 if (!test_and_set_bit(HCI_INQUIRY, &hdev->flags)) {
2351 if (test_bit(HCI_MGMT, &hdev->flags))
2352 mgmt_discovering(hdev->id, 1);
2357 for (; num_rsp; num_rsp--, info++) {
2358 bacpy(&data.bdaddr, &info->bdaddr);
2359 data.pscan_rep_mode = info->pscan_rep_mode;
2360 data.pscan_period_mode = info->pscan_period_mode;
2361 data.pscan_mode = 0x00;
2362 memcpy(data.dev_class, info->dev_class, 3);
2363 data.clock_offset = info->clock_offset;
2364 data.rssi = info->rssi;
2365 data.ssp_mode = 0x01;
2366 hci_inquiry_cache_update(hdev, &data);
2367 mgmt_device_found(hdev->id, &info->bdaddr, info->dev_class,
2368 info->rssi, info->data);
2371 hci_dev_unlock(hdev);
2374 static inline u8 hci_get_auth_req(struct hci_conn *conn)
2376 /* If remote requests dedicated bonding follow that lead */
2377 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
2378 /* If both remote and local IO capabilities allow MITM
2379 * protection then require it, otherwise don't */
2380 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
2386 /* If remote requests no-bonding follow that lead */
2387 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
2390 return conn->auth_type;
2393 static inline void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2395 struct hci_ev_io_capa_request *ev = (void *) skb->data;
2396 struct hci_conn *conn;
2398 BT_DBG("%s", hdev->name);
2402 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2406 hci_conn_hold(conn);
2408 if (!test_bit(HCI_MGMT, &hdev->flags))
2411 if (test_bit(HCI_PAIRABLE, &hdev->flags) ||
2412 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
2413 struct hci_cp_io_capability_reply cp;
2415 bacpy(&cp.bdaddr, &ev->bdaddr);
2416 cp.capability = conn->io_capability;
2417 cp.authentication = hci_get_auth_req(conn);
2419 if ((conn->out == 0x01 || conn->remote_oob == 0x01) &&
2420 hci_find_remote_oob_data(hdev, &conn->dst))
2425 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
2428 struct hci_cp_io_capability_neg_reply cp;
2430 bacpy(&cp.bdaddr, &ev->bdaddr);
2431 cp.reason = 0x16; /* Pairing not allowed */
2433 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
2438 hci_dev_unlock(hdev);
2441 static inline void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
2443 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
2444 struct hci_conn *conn;
2446 BT_DBG("%s", hdev->name);
2450 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2454 conn->remote_cap = ev->capability;
2455 conn->remote_oob = ev->oob_data;
2456 conn->remote_auth = ev->authentication;
2459 hci_dev_unlock(hdev);
2462 static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
2463 struct sk_buff *skb)
2465 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
2467 BT_DBG("%s", hdev->name);
2471 if (test_bit(HCI_MGMT, &hdev->flags))
2472 mgmt_user_confirm_request(hdev->id, &ev->bdaddr, ev->passkey);
2474 hci_dev_unlock(hdev);
2477 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2479 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
2480 struct hci_conn *conn;
2482 BT_DBG("%s", hdev->name);
2486 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2490 /* To avoid duplicate auth_failed events to user space we check
2491 * the HCI_CONN_AUTH_PEND flag which will be set if we
2492 * initiated the authentication. A traditional auth_complete
2493 * event gets always produced as initiator and is also mapped to
2494 * the mgmt_auth_failed event */
2495 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->pend) && ev->status != 0)
2496 mgmt_auth_failed(hdev->id, &conn->dst, ev->status);
2501 hci_dev_unlock(hdev);
2504 static inline void hci_remote_host_features_evt(struct hci_dev *hdev, struct sk_buff *skb)
2506 struct hci_ev_remote_host_features *ev = (void *) skb->data;
2507 struct inquiry_entry *ie;
2509 BT_DBG("%s", hdev->name);
2513 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2515 ie->data.ssp_mode = (ev->features[0] & 0x01);
2517 hci_dev_unlock(hdev);
2520 static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
2521 struct sk_buff *skb)
2523 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
2524 struct oob_data *data;
2526 BT_DBG("%s", hdev->name);
2530 if (!test_bit(HCI_MGMT, &hdev->flags))
2533 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
2535 struct hci_cp_remote_oob_data_reply cp;
2537 bacpy(&cp.bdaddr, &ev->bdaddr);
2538 memcpy(cp.hash, data->hash, sizeof(cp.hash));
2539 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
2541 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
2544 struct hci_cp_remote_oob_data_neg_reply cp;
2546 bacpy(&cp.bdaddr, &ev->bdaddr);
2547 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
2552 hci_dev_unlock(hdev);
2555 static inline void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2557 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
2558 struct hci_conn *conn;
2560 BT_DBG("%s status %d", hdev->name, ev->status);
2564 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
2566 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
2568 BT_ERR("No memory for new connection");
2569 hci_dev_unlock(hdev);
2575 hci_proto_connect_cfm(conn, ev->status);
2576 conn->state = BT_CLOSED;
2581 conn->handle = __le16_to_cpu(ev->handle);
2582 conn->state = BT_CONNECTED;
2584 hci_conn_hold_device(conn);
2585 hci_conn_add_sysfs(conn);
2587 hci_proto_connect_cfm(conn, ev->status);
2590 hci_dev_unlock(hdev);
2593 static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
2595 struct hci_ev_le_meta *le_ev = (void *) skb->data;
2597 skb_pull(skb, sizeof(*le_ev));
2599 switch (le_ev->subevent) {
2600 case HCI_EV_LE_CONN_COMPLETE:
2601 hci_le_conn_complete_evt(hdev, skb);
2609 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
2611 struct hci_event_hdr *hdr = (void *) skb->data;
2612 __u8 event = hdr->evt;
2614 skb_pull(skb, HCI_EVENT_HDR_SIZE);
2617 case HCI_EV_INQUIRY_COMPLETE:
2618 hci_inquiry_complete_evt(hdev, skb);
2621 case HCI_EV_INQUIRY_RESULT:
2622 hci_inquiry_result_evt(hdev, skb);
2625 case HCI_EV_CONN_COMPLETE:
2626 hci_conn_complete_evt(hdev, skb);
2629 case HCI_EV_CONN_REQUEST:
2630 hci_conn_request_evt(hdev, skb);
2633 case HCI_EV_DISCONN_COMPLETE:
2634 hci_disconn_complete_evt(hdev, skb);
2637 case HCI_EV_AUTH_COMPLETE:
2638 hci_auth_complete_evt(hdev, skb);
2641 case HCI_EV_REMOTE_NAME:
2642 hci_remote_name_evt(hdev, skb);
2645 case HCI_EV_ENCRYPT_CHANGE:
2646 hci_encrypt_change_evt(hdev, skb);
2649 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
2650 hci_change_link_key_complete_evt(hdev, skb);
2653 case HCI_EV_REMOTE_FEATURES:
2654 hci_remote_features_evt(hdev, skb);
2657 case HCI_EV_REMOTE_VERSION:
2658 hci_remote_version_evt(hdev, skb);
2661 case HCI_EV_QOS_SETUP_COMPLETE:
2662 hci_qos_setup_complete_evt(hdev, skb);
2665 case HCI_EV_CMD_COMPLETE:
2666 hci_cmd_complete_evt(hdev, skb);
2669 case HCI_EV_CMD_STATUS:
2670 hci_cmd_status_evt(hdev, skb);
2673 case HCI_EV_ROLE_CHANGE:
2674 hci_role_change_evt(hdev, skb);
2677 case HCI_EV_NUM_COMP_PKTS:
2678 hci_num_comp_pkts_evt(hdev, skb);
2681 case HCI_EV_MODE_CHANGE:
2682 hci_mode_change_evt(hdev, skb);
2685 case HCI_EV_PIN_CODE_REQ:
2686 hci_pin_code_request_evt(hdev, skb);
2689 case HCI_EV_LINK_KEY_REQ:
2690 hci_link_key_request_evt(hdev, skb);
2693 case HCI_EV_LINK_KEY_NOTIFY:
2694 hci_link_key_notify_evt(hdev, skb);
2697 case HCI_EV_CLOCK_OFFSET:
2698 hci_clock_offset_evt(hdev, skb);
2701 case HCI_EV_PKT_TYPE_CHANGE:
2702 hci_pkt_type_change_evt(hdev, skb);
2705 case HCI_EV_PSCAN_REP_MODE:
2706 hci_pscan_rep_mode_evt(hdev, skb);
2709 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
2710 hci_inquiry_result_with_rssi_evt(hdev, skb);
2713 case HCI_EV_REMOTE_EXT_FEATURES:
2714 hci_remote_ext_features_evt(hdev, skb);
2717 case HCI_EV_SYNC_CONN_COMPLETE:
2718 hci_sync_conn_complete_evt(hdev, skb);
2721 case HCI_EV_SYNC_CONN_CHANGED:
2722 hci_sync_conn_changed_evt(hdev, skb);
2725 case HCI_EV_SNIFF_SUBRATE:
2726 hci_sniff_subrate_evt(hdev, skb);
2729 case HCI_EV_EXTENDED_INQUIRY_RESULT:
2730 hci_extended_inquiry_result_evt(hdev, skb);
2733 case HCI_EV_IO_CAPA_REQUEST:
2734 hci_io_capa_request_evt(hdev, skb);
2737 case HCI_EV_IO_CAPA_REPLY:
2738 hci_io_capa_reply_evt(hdev, skb);
2741 case HCI_EV_USER_CONFIRM_REQUEST:
2742 hci_user_confirm_request_evt(hdev, skb);
2745 case HCI_EV_SIMPLE_PAIR_COMPLETE:
2746 hci_simple_pair_complete_evt(hdev, skb);
2749 case HCI_EV_REMOTE_HOST_FEATURES:
2750 hci_remote_host_features_evt(hdev, skb);
2753 case HCI_EV_LE_META:
2754 hci_le_meta_evt(hdev, skb);
2757 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
2758 hci_remote_oob_data_request_evt(hdev, skb);
2762 BT_DBG("%s event 0x%x", hdev->name, event);
2767 hdev->stat.evt_rx++;
2770 /* Generate internal stack event */
2771 void hci_si_event(struct hci_dev *hdev, int type, int dlen, void *data)
2773 struct hci_event_hdr *hdr;
2774 struct hci_ev_stack_internal *ev;
2775 struct sk_buff *skb;
2777 skb = bt_skb_alloc(HCI_EVENT_HDR_SIZE + sizeof(*ev) + dlen, GFP_ATOMIC);
2781 hdr = (void *) skb_put(skb, HCI_EVENT_HDR_SIZE);
2782 hdr->evt = HCI_EV_STACK_INTERNAL;
2783 hdr->plen = sizeof(*ev) + dlen;
2785 ev = (void *) skb_put(skb, sizeof(*ev) + dlen);
2787 memcpy(ev->data, data, dlen);
2789 bt_cb(skb)->incoming = 1;
2790 __net_timestamp(skb);
2792 bt_cb(skb)->pkt_type = HCI_EVENT_PKT;
2793 skb->dev = (void *) hdev;
2794 hci_send_to_sock(hdev, skb, NULL);
projects / linux.git / blob