2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
48 /* Handle HCI Event packets */
50 static void hci_cc_inquiry_cancel(struct hci_dev
*hdev
, struct sk_buff
*skb
)
52 __u8 status
= *((__u8
*) skb
->data
);
54 BT_DBG("%s status 0x%x", hdev
->name
, status
);
59 clear_bit(HCI_INQUIRY
, &hdev
->flags
);
61 hci_req_complete(hdev
, HCI_OP_INQUIRY_CANCEL
, status
);
63 hci_conn_check_pending(hdev
);
66 static void hci_cc_exit_periodic_inq(struct hci_dev
*hdev
, struct sk_buff
*skb
)
68 __u8 status
= *((__u8
*) skb
->data
);
70 BT_DBG("%s status 0x%x", hdev
->name
, status
);
75 clear_bit(HCI_INQUIRY
, &hdev
->flags
);
77 hci_conn_check_pending(hdev
);
80 static void hci_cc_remote_name_req_cancel(struct hci_dev
*hdev
, struct sk_buff
*skb
)
82 BT_DBG("%s", hdev
->name
);
85 static void hci_cc_role_discovery(struct hci_dev
*hdev
, struct sk_buff
*skb
)
87 struct hci_rp_role_discovery
*rp
= (void *) skb
->data
;
88 struct hci_conn
*conn
;
90 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
97 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
100 conn
->link_mode
&= ~HCI_LM_MASTER
;
102 conn
->link_mode
|= HCI_LM_MASTER
;
105 hci_dev_unlock(hdev
);
108 static void hci_cc_read_link_policy(struct hci_dev
*hdev
, struct sk_buff
*skb
)
110 struct hci_rp_read_link_policy
*rp
= (void *) skb
->data
;
111 struct hci_conn
*conn
;
113 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
120 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
122 conn
->link_policy
= __le16_to_cpu(rp
->policy
);
124 hci_dev_unlock(hdev
);
127 static void hci_cc_write_link_policy(struct hci_dev
*hdev
, struct sk_buff
*skb
)
129 struct hci_rp_write_link_policy
*rp
= (void *) skb
->data
;
130 struct hci_conn
*conn
;
133 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
138 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_LINK_POLICY
);
144 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
146 conn
->link_policy
= get_unaligned_le16(sent
+ 2);
148 hci_dev_unlock(hdev
);
151 static void hci_cc_read_def_link_policy(struct hci_dev
*hdev
, struct sk_buff
*skb
)
153 struct hci_rp_read_def_link_policy
*rp
= (void *) skb
->data
;
155 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
160 hdev
->link_policy
= __le16_to_cpu(rp
->policy
);
163 static void hci_cc_write_def_link_policy(struct hci_dev
*hdev
, struct sk_buff
*skb
)
165 __u8 status
= *((__u8
*) skb
->data
);
168 BT_DBG("%s status 0x%x", hdev
->name
, status
);
170 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_DEF_LINK_POLICY
);
175 hdev
->link_policy
= get_unaligned_le16(sent
);
177 hci_req_complete(hdev
, HCI_OP_WRITE_DEF_LINK_POLICY
, status
);
180 static void hci_cc_reset(struct hci_dev
*hdev
, struct sk_buff
*skb
)
182 __u8 status
= *((__u8
*) skb
->data
);
184 BT_DBG("%s status 0x%x", hdev
->name
, status
);
186 clear_bit(HCI_RESET
, &hdev
->flags
);
188 hci_req_complete(hdev
, HCI_OP_RESET
, status
);
191 static void hci_cc_write_local_name(struct hci_dev
*hdev
, struct sk_buff
*skb
)
193 __u8 status
= *((__u8
*) skb
->data
);
196 BT_DBG("%s status 0x%x", hdev
->name
, status
);
201 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_LOCAL_NAME
);
205 memcpy(hdev
->dev_name
, sent
, 248);
208 static void hci_cc_read_local_name(struct hci_dev
*hdev
, struct sk_buff
*skb
)
210 struct hci_rp_read_local_name
*rp
= (void *) skb
->data
;
212 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
217 memcpy(hdev
->dev_name
, rp
->name
, 248);
220 static void hci_cc_write_auth_enable(struct hci_dev
*hdev
, struct sk_buff
*skb
)
222 __u8 status
= *((__u8
*) skb
->data
);
225 BT_DBG("%s status 0x%x", hdev
->name
, status
);
227 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_AUTH_ENABLE
);
232 __u8 param
= *((__u8
*) sent
);
234 if (param
== AUTH_ENABLED
)
235 set_bit(HCI_AUTH
, &hdev
->flags
);
237 clear_bit(HCI_AUTH
, &hdev
->flags
);
240 hci_req_complete(hdev
, HCI_OP_WRITE_AUTH_ENABLE
, status
);
243 static void hci_cc_write_encrypt_mode(struct hci_dev
*hdev
, struct sk_buff
*skb
)
245 __u8 status
= *((__u8
*) skb
->data
);
248 BT_DBG("%s status 0x%x", hdev
->name
, status
);
250 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_ENCRYPT_MODE
);
255 __u8 param
= *((__u8
*) sent
);
258 set_bit(HCI_ENCRYPT
, &hdev
->flags
);
260 clear_bit(HCI_ENCRYPT
, &hdev
->flags
);
263 hci_req_complete(hdev
, HCI_OP_WRITE_ENCRYPT_MODE
, status
);
266 static void hci_cc_write_scan_enable(struct hci_dev
*hdev
, struct sk_buff
*skb
)
268 __u8 status
= *((__u8
*) skb
->data
);
271 BT_DBG("%s status 0x%x", hdev
->name
, status
);
273 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_SCAN_ENABLE
);
278 __u8 param
= *((__u8
*) sent
);
279 int old_pscan
, old_iscan
;
281 old_pscan
= test_and_clear_bit(HCI_PSCAN
, &hdev
->flags
);
282 old_iscan
= test_and_clear_bit(HCI_ISCAN
, &hdev
->flags
);
284 if (param
& SCAN_INQUIRY
) {
285 set_bit(HCI_ISCAN
, &hdev
->flags
);
287 mgmt_discoverable(hdev
->id
, 1);
288 } else if (old_iscan
)
289 mgmt_discoverable(hdev
->id
, 0);
291 if (param
& SCAN_PAGE
) {
292 set_bit(HCI_PSCAN
, &hdev
->flags
);
294 mgmt_connectable(hdev
->id
, 1);
295 } else if (old_pscan
)
296 mgmt_connectable(hdev
->id
, 0);
299 hci_req_complete(hdev
, HCI_OP_WRITE_SCAN_ENABLE
, status
);
302 static void hci_cc_read_class_of_dev(struct hci_dev
*hdev
, struct sk_buff
*skb
)
304 struct hci_rp_read_class_of_dev
*rp
= (void *) skb
->data
;
306 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
311 memcpy(hdev
->dev_class
, rp
->dev_class
, 3);
313 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev
->name
,
314 hdev
->dev_class
[2], hdev
->dev_class
[1], hdev
->dev_class
[0]);
317 static void hci_cc_write_class_of_dev(struct hci_dev
*hdev
, struct sk_buff
*skb
)
319 __u8 status
= *((__u8
*) skb
->data
);
322 BT_DBG("%s status 0x%x", hdev
->name
, status
);
327 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_CLASS_OF_DEV
);
331 memcpy(hdev
->dev_class
, sent
, 3);
334 static void hci_cc_read_voice_setting(struct hci_dev
*hdev
, struct sk_buff
*skb
)
336 struct hci_rp_read_voice_setting
*rp
= (void *) skb
->data
;
339 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
344 setting
= __le16_to_cpu(rp
->voice_setting
);
346 if (hdev
->voice_setting
== setting
)
349 hdev
->voice_setting
= setting
;
351 BT_DBG("%s voice setting 0x%04x", hdev
->name
, setting
);
354 tasklet_disable(&hdev
->tx_task
);
355 hdev
->notify(hdev
, HCI_NOTIFY_VOICE_SETTING
);
356 tasklet_enable(&hdev
->tx_task
);
360 static void hci_cc_write_voice_setting(struct hci_dev
*hdev
, struct sk_buff
*skb
)
362 __u8 status
= *((__u8
*) skb
->data
);
366 BT_DBG("%s status 0x%x", hdev
->name
, status
);
371 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_VOICE_SETTING
);
375 setting
= get_unaligned_le16(sent
);
377 if (hdev
->voice_setting
== setting
)
380 hdev
->voice_setting
= setting
;
382 BT_DBG("%s voice setting 0x%04x", hdev
->name
, setting
);
385 tasklet_disable(&hdev
->tx_task
);
386 hdev
->notify(hdev
, HCI_NOTIFY_VOICE_SETTING
);
387 tasklet_enable(&hdev
->tx_task
);
391 static void hci_cc_host_buffer_size(struct hci_dev
*hdev
, struct sk_buff
*skb
)
393 __u8 status
= *((__u8
*) skb
->data
);
395 BT_DBG("%s status 0x%x", hdev
->name
, status
);
397 hci_req_complete(hdev
, HCI_OP_HOST_BUFFER_SIZE
, status
);
400 static void hci_cc_read_ssp_mode(struct hci_dev
*hdev
, struct sk_buff
*skb
)
402 struct hci_rp_read_ssp_mode
*rp
= (void *) skb
->data
;
404 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
409 hdev
->ssp_mode
= rp
->mode
;
412 static void hci_cc_write_ssp_mode(struct hci_dev
*hdev
, struct sk_buff
*skb
)
414 __u8 status
= *((__u8
*) skb
->data
);
417 BT_DBG("%s status 0x%x", hdev
->name
, status
);
422 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_SSP_MODE
);
426 hdev
->ssp_mode
= *((__u8
*) sent
);
429 static u8
hci_get_inquiry_mode(struct hci_dev
*hdev
)
431 if (hdev
->features
[6] & LMP_EXT_INQ
)
434 if (hdev
->features
[3] & LMP_RSSI_INQ
)
437 if (hdev
->manufacturer
== 11 && hdev
->hci_rev
== 0x00 &&
438 hdev
->lmp_subver
== 0x0757)
441 if (hdev
->manufacturer
== 15) {
442 if (hdev
->hci_rev
== 0x03 && hdev
->lmp_subver
== 0x6963)
444 if (hdev
->hci_rev
== 0x09 && hdev
->lmp_subver
== 0x6963)
446 if (hdev
->hci_rev
== 0x00 && hdev
->lmp_subver
== 0x6965)
450 if (hdev
->manufacturer
== 31 && hdev
->hci_rev
== 0x2005 &&
451 hdev
->lmp_subver
== 0x1805)
457 static void hci_setup_inquiry_mode(struct hci_dev
*hdev
)
461 mode
= hci_get_inquiry_mode(hdev
);
463 hci_send_cmd(hdev
, HCI_OP_WRITE_INQUIRY_MODE
, 1, &mode
);
466 static void hci_setup_event_mask(struct hci_dev
*hdev
)
468 /* The second byte is 0xff instead of 0x9f (two reserved bits
469 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
470 * command otherwise */
471 u8 events
[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
473 /* Events for 1.2 and newer controllers */
474 if (hdev
->lmp_ver
> 1) {
475 events
[4] |= 0x01; /* Flow Specification Complete */
476 events
[4] |= 0x02; /* Inquiry Result with RSSI */
477 events
[4] |= 0x04; /* Read Remote Extended Features Complete */
478 events
[5] |= 0x08; /* Synchronous Connection Complete */
479 events
[5] |= 0x10; /* Synchronous Connection Changed */
482 if (hdev
->features
[3] & LMP_RSSI_INQ
)
483 events
[4] |= 0x04; /* Inquiry Result with RSSI */
485 if (hdev
->features
[5] & LMP_SNIFF_SUBR
)
486 events
[5] |= 0x20; /* Sniff Subrating */
488 if (hdev
->features
[5] & LMP_PAUSE_ENC
)
489 events
[5] |= 0x80; /* Encryption Key Refresh Complete */
491 if (hdev
->features
[6] & LMP_EXT_INQ
)
492 events
[5] |= 0x40; /* Extended Inquiry Result */
494 if (hdev
->features
[6] & LMP_NO_FLUSH
)
495 events
[7] |= 0x01; /* Enhanced Flush Complete */
497 if (hdev
->features
[7] & LMP_LSTO
)
498 events
[6] |= 0x80; /* Link Supervision Timeout Changed */
500 if (hdev
->features
[6] & LMP_SIMPLE_PAIR
) {
501 events
[6] |= 0x01; /* IO Capability Request */
502 events
[6] |= 0x02; /* IO Capability Response */
503 events
[6] |= 0x04; /* User Confirmation Request */
504 events
[6] |= 0x08; /* User Passkey Request */
505 events
[6] |= 0x10; /* Remote OOB Data Request */
506 events
[6] |= 0x20; /* Simple Pairing Complete */
507 events
[7] |= 0x04; /* User Passkey Notification */
508 events
[7] |= 0x08; /* Keypress Notification */
509 events
[7] |= 0x10; /* Remote Host Supported
510 * Features Notification */
513 if (hdev
->features
[4] & LMP_LE
)
514 events
[7] |= 0x20; /* LE Meta-Event */
516 hci_send_cmd(hdev
, HCI_OP_SET_EVENT_MASK
, sizeof(events
), events
);
519 static void hci_setup(struct hci_dev
*hdev
)
521 hci_setup_event_mask(hdev
);
523 if (hdev
->lmp_ver
> 1)
524 hci_send_cmd(hdev
, HCI_OP_READ_LOCAL_COMMANDS
, 0, NULL
);
526 if (hdev
->features
[6] & LMP_SIMPLE_PAIR
) {
528 hci_send_cmd(hdev
, HCI_OP_WRITE_SSP_MODE
, sizeof(mode
), &mode
);
531 if (hdev
->features
[3] & LMP_RSSI_INQ
)
532 hci_setup_inquiry_mode(hdev
);
534 if (hdev
->features
[7] & LMP_INQ_TX_PWR
)
535 hci_send_cmd(hdev
, HCI_OP_READ_INQ_RSP_TX_POWER
, 0, NULL
);
538 static void hci_cc_read_local_version(struct hci_dev
*hdev
, struct sk_buff
*skb
)
540 struct hci_rp_read_local_version
*rp
= (void *) skb
->data
;
542 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
547 hdev
->hci_ver
= rp
->hci_ver
;
548 hdev
->hci_rev
= __le16_to_cpu(rp
->hci_rev
);
549 hdev
->lmp_ver
= rp
->lmp_ver
;
550 hdev
->manufacturer
= __le16_to_cpu(rp
->manufacturer
);
551 hdev
->lmp_subver
= __le16_to_cpu(rp
->lmp_subver
);
553 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev
->name
,
555 hdev
->hci_ver
, hdev
->hci_rev
);
557 if (test_bit(HCI_INIT
, &hdev
->flags
))
561 static void hci_setup_link_policy(struct hci_dev
*hdev
)
565 if (hdev
->features
[0] & LMP_RSWITCH
)
566 link_policy
|= HCI_LP_RSWITCH
;
567 if (hdev
->features
[0] & LMP_HOLD
)
568 link_policy
|= HCI_LP_HOLD
;
569 if (hdev
->features
[0] & LMP_SNIFF
)
570 link_policy
|= HCI_LP_SNIFF
;
571 if (hdev
->features
[1] & LMP_PARK
)
572 link_policy
|= HCI_LP_PARK
;
574 link_policy
= cpu_to_le16(link_policy
);
575 hci_send_cmd(hdev
, HCI_OP_WRITE_DEF_LINK_POLICY
,
576 sizeof(link_policy
), &link_policy
);
579 static void hci_cc_read_local_commands(struct hci_dev
*hdev
, struct sk_buff
*skb
)
581 struct hci_rp_read_local_commands
*rp
= (void *) skb
->data
;
583 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
588 memcpy(hdev
->commands
, rp
->commands
, sizeof(hdev
->commands
));
590 if (test_bit(HCI_INIT
, &hdev
->flags
) && (hdev
->commands
[5] & 0x10))
591 hci_setup_link_policy(hdev
);
594 hci_req_complete(hdev
, HCI_OP_READ_LOCAL_COMMANDS
, rp
->status
);
597 static void hci_cc_read_local_features(struct hci_dev
*hdev
, struct sk_buff
*skb
)
599 struct hci_rp_read_local_features
*rp
= (void *) skb
->data
;
601 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
606 memcpy(hdev
->features
, rp
->features
, 8);
608 /* Adjust default settings according to features
609 * supported by device. */
611 if (hdev
->features
[0] & LMP_3SLOT
)
612 hdev
->pkt_type
|= (HCI_DM3
| HCI_DH3
);
614 if (hdev
->features
[0] & LMP_5SLOT
)
615 hdev
->pkt_type
|= (HCI_DM5
| HCI_DH5
);
617 if (hdev
->features
[1] & LMP_HV2
) {
618 hdev
->pkt_type
|= (HCI_HV2
);
619 hdev
->esco_type
|= (ESCO_HV2
);
622 if (hdev
->features
[1] & LMP_HV3
) {
623 hdev
->pkt_type
|= (HCI_HV3
);
624 hdev
->esco_type
|= (ESCO_HV3
);
627 if (hdev
->features
[3] & LMP_ESCO
)
628 hdev
->esco_type
|= (ESCO_EV3
);
630 if (hdev
->features
[4] & LMP_EV4
)
631 hdev
->esco_type
|= (ESCO_EV4
);
633 if (hdev
->features
[4] & LMP_EV5
)
634 hdev
->esco_type
|= (ESCO_EV5
);
636 if (hdev
->features
[5] & LMP_EDR_ESCO_2M
)
637 hdev
->esco_type
|= (ESCO_2EV3
);
639 if (hdev
->features
[5] & LMP_EDR_ESCO_3M
)
640 hdev
->esco_type
|= (ESCO_3EV3
);
642 if (hdev
->features
[5] & LMP_EDR_3S_ESCO
)
643 hdev
->esco_type
|= (ESCO_2EV5
| ESCO_3EV5
);
645 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev
->name
,
646 hdev
->features
[0], hdev
->features
[1],
647 hdev
->features
[2], hdev
->features
[3],
648 hdev
->features
[4], hdev
->features
[5],
649 hdev
->features
[6], hdev
->features
[7]);
652 static void hci_cc_read_buffer_size(struct hci_dev
*hdev
, struct sk_buff
*skb
)
654 struct hci_rp_read_buffer_size
*rp
= (void *) skb
->data
;
656 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
661 hdev
->acl_mtu
= __le16_to_cpu(rp
->acl_mtu
);
662 hdev
->sco_mtu
= rp
->sco_mtu
;
663 hdev
->acl_pkts
= __le16_to_cpu(rp
->acl_max_pkt
);
664 hdev
->sco_pkts
= __le16_to_cpu(rp
->sco_max_pkt
);
666 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE
, &hdev
->quirks
)) {
671 hdev
->acl_cnt
= hdev
->acl_pkts
;
672 hdev
->sco_cnt
= hdev
->sco_pkts
;
674 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev
->name
,
675 hdev
->acl_mtu
, hdev
->acl_pkts
,
676 hdev
->sco_mtu
, hdev
->sco_pkts
);
679 static void hci_cc_read_bd_addr(struct hci_dev
*hdev
, struct sk_buff
*skb
)
681 struct hci_rp_read_bd_addr
*rp
= (void *) skb
->data
;
683 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
686 bacpy(&hdev
->bdaddr
, &rp
->bdaddr
);
688 hci_req_complete(hdev
, HCI_OP_READ_BD_ADDR
, rp
->status
);
691 static void hci_cc_write_ca_timeout(struct hci_dev
*hdev
, struct sk_buff
*skb
)
693 __u8 status
= *((__u8
*) skb
->data
);
695 BT_DBG("%s status 0x%x", hdev
->name
, status
);
697 hci_req_complete(hdev
, HCI_OP_WRITE_CA_TIMEOUT
, status
);
700 static void hci_cc_delete_stored_link_key(struct hci_dev
*hdev
,
703 __u8 status
= *((__u8
*) skb
->data
);
705 BT_DBG("%s status 0x%x", hdev
->name
, status
);
707 hci_req_complete(hdev
, HCI_OP_DELETE_STORED_LINK_KEY
, status
);
710 static void hci_cc_set_event_mask(struct hci_dev
*hdev
, struct sk_buff
*skb
)
712 __u8 status
= *((__u8
*) skb
->data
);
714 BT_DBG("%s status 0x%x", hdev
->name
, status
);
716 hci_req_complete(hdev
, HCI_OP_SET_EVENT_MASK
, status
);
719 static void hci_cc_write_inquiry_mode(struct hci_dev
*hdev
,
722 __u8 status
= *((__u8
*) skb
->data
);
724 BT_DBG("%s status 0x%x", hdev
->name
, status
);
726 hci_req_complete(hdev
, HCI_OP_WRITE_INQUIRY_MODE
, status
);
729 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev
*hdev
,
732 __u8 status
= *((__u8
*) skb
->data
);
734 BT_DBG("%s status 0x%x", hdev
->name
, status
);
736 hci_req_complete(hdev
, HCI_OP_READ_INQ_RSP_TX_POWER
, status
);
739 static void hci_cc_set_event_flt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
741 __u8 status
= *((__u8
*) skb
->data
);
743 BT_DBG("%s status 0x%x", hdev
->name
, status
);
745 hci_req_complete(hdev
, HCI_OP_SET_EVENT_FLT
, status
);
748 static void hci_cc_pin_code_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
750 struct hci_rp_pin_code_reply
*rp
= (void *) skb
->data
;
751 struct hci_cp_pin_code_reply
*cp
;
752 struct hci_conn
*conn
;
754 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
756 if (test_bit(HCI_MGMT
, &hdev
->flags
))
757 mgmt_pin_code_reply_complete(hdev
->id
, &rp
->bdaddr
, rp
->status
);
762 cp
= hci_sent_cmd_data(hdev
, HCI_OP_PIN_CODE_REPLY
);
766 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->bdaddr
);
768 conn
->pin_length
= cp
->pin_len
;
771 static void hci_cc_pin_code_neg_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
773 struct hci_rp_pin_code_neg_reply
*rp
= (void *) skb
->data
;
775 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
777 if (test_bit(HCI_MGMT
, &hdev
->flags
))
778 mgmt_pin_code_neg_reply_complete(hdev
->id
, &rp
->bdaddr
,
781 static void hci_cc_le_read_buffer_size(struct hci_dev
*hdev
,
784 struct hci_rp_le_read_buffer_size
*rp
= (void *) skb
->data
;
786 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
791 hdev
->le_mtu
= __le16_to_cpu(rp
->le_mtu
);
792 hdev
->le_pkts
= rp
->le_max_pkt
;
794 hdev
->le_cnt
= hdev
->le_pkts
;
796 BT_DBG("%s le mtu %d:%d", hdev
->name
, hdev
->le_mtu
, hdev
->le_pkts
);
798 hci_req_complete(hdev
, HCI_OP_LE_READ_BUFFER_SIZE
, rp
->status
);
801 static void hci_cc_user_confirm_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
803 struct hci_rp_user_confirm_reply
*rp
= (void *) skb
->data
;
805 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
807 if (test_bit(HCI_MGMT
, &hdev
->flags
))
808 mgmt_user_confirm_reply_complete(hdev
->id
, &rp
->bdaddr
,
812 static void hci_cc_user_confirm_neg_reply(struct hci_dev
*hdev
,
815 struct hci_rp_user_confirm_reply
*rp
= (void *) skb
->data
;
817 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
819 if (test_bit(HCI_MGMT
, &hdev
->flags
))
820 mgmt_user_confirm_neg_reply_complete(hdev
->id
, &rp
->bdaddr
,
824 static inline void hci_cs_inquiry(struct hci_dev
*hdev
, __u8 status
)
826 BT_DBG("%s status 0x%x", hdev
->name
, status
);
829 hci_req_complete(hdev
, HCI_OP_INQUIRY
, status
);
831 hci_conn_check_pending(hdev
);
833 set_bit(HCI_INQUIRY
, &hdev
->flags
);
836 static inline void hci_cs_create_conn(struct hci_dev
*hdev
, __u8 status
)
838 struct hci_cp_create_conn
*cp
;
839 struct hci_conn
*conn
;
841 BT_DBG("%s status 0x%x", hdev
->name
, status
);
843 cp
= hci_sent_cmd_data(hdev
, HCI_OP_CREATE_CONN
);
849 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->bdaddr
);
851 BT_DBG("%s bdaddr %s conn %p", hdev
->name
, batostr(&cp
->bdaddr
), conn
);
854 if (conn
&& conn
->state
== BT_CONNECT
) {
855 if (status
!= 0x0c || conn
->attempt
> 2) {
856 conn
->state
= BT_CLOSED
;
857 hci_proto_connect_cfm(conn
, status
);
860 conn
->state
= BT_CONNECT2
;
864 conn
= hci_conn_add(hdev
, ACL_LINK
, &cp
->bdaddr
);
867 conn
->link_mode
|= HCI_LM_MASTER
;
869 BT_ERR("No memory for new connection");
873 hci_dev_unlock(hdev
);
876 static void hci_cs_add_sco(struct hci_dev
*hdev
, __u8 status
)
878 struct hci_cp_add_sco
*cp
;
879 struct hci_conn
*acl
, *sco
;
882 BT_DBG("%s status 0x%x", hdev
->name
, status
);
887 cp
= hci_sent_cmd_data(hdev
, HCI_OP_ADD_SCO
);
891 handle
= __le16_to_cpu(cp
->handle
);
893 BT_DBG("%s handle %d", hdev
->name
, handle
);
897 acl
= hci_conn_hash_lookup_handle(hdev
, handle
);
901 sco
->state
= BT_CLOSED
;
903 hci_proto_connect_cfm(sco
, status
);
908 hci_dev_unlock(hdev
);
911 static void hci_cs_auth_requested(struct hci_dev
*hdev
, __u8 status
)
913 struct hci_cp_auth_requested
*cp
;
914 struct hci_conn
*conn
;
916 BT_DBG("%s status 0x%x", hdev
->name
, status
);
921 cp
= hci_sent_cmd_data(hdev
, HCI_OP_AUTH_REQUESTED
);
927 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
929 if (conn
->state
== BT_CONFIG
) {
930 hci_proto_connect_cfm(conn
, status
);
935 hci_dev_unlock(hdev
);
938 static void hci_cs_set_conn_encrypt(struct hci_dev
*hdev
, __u8 status
)
940 struct hci_cp_set_conn_encrypt
*cp
;
941 struct hci_conn
*conn
;
943 BT_DBG("%s status 0x%x", hdev
->name
, status
);
948 cp
= hci_sent_cmd_data(hdev
, HCI_OP_SET_CONN_ENCRYPT
);
954 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
956 if (conn
->state
== BT_CONFIG
) {
957 hci_proto_connect_cfm(conn
, status
);
962 hci_dev_unlock(hdev
);
965 static int hci_outgoing_auth_needed(struct hci_dev
*hdev
,
966 struct hci_conn
*conn
)
968 if (conn
->state
!= BT_CONFIG
|| !conn
->out
)
971 if (conn
->pending_sec_level
== BT_SECURITY_SDP
)
974 /* Only request authentication for SSP connections or non-SSP
975 * devices with sec_level HIGH */
976 if (!(hdev
->ssp_mode
> 0 && conn
->ssp_mode
> 0) &&
977 conn
->pending_sec_level
!= BT_SECURITY_HIGH
)
983 static void hci_cs_remote_name_req(struct hci_dev
*hdev
, __u8 status
)
985 struct hci_cp_remote_name_req
*cp
;
986 struct hci_conn
*conn
;
988 BT_DBG("%s status 0x%x", hdev
->name
, status
);
990 /* If successful wait for the name req complete event before
991 * checking for the need to do authentication */
995 cp
= hci_sent_cmd_data(hdev
, HCI_OP_REMOTE_NAME_REQ
);
1001 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->bdaddr
);
1002 if (conn
&& hci_outgoing_auth_needed(hdev
, conn
)) {
1003 struct hci_cp_auth_requested cp
;
1004 cp
.handle
= __cpu_to_le16(conn
->handle
);
1005 hci_send_cmd(hdev
, HCI_OP_AUTH_REQUESTED
, sizeof(cp
), &cp
);
1008 hci_dev_unlock(hdev
);
1011 static void hci_cs_read_remote_features(struct hci_dev
*hdev
, __u8 status
)
1013 struct hci_cp_read_remote_features
*cp
;
1014 struct hci_conn
*conn
;
1016 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1021 cp
= hci_sent_cmd_data(hdev
, HCI_OP_READ_REMOTE_FEATURES
);
1027 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1029 if (conn
->state
== BT_CONFIG
) {
1030 hci_proto_connect_cfm(conn
, status
);
1035 hci_dev_unlock(hdev
);
1038 static void hci_cs_read_remote_ext_features(struct hci_dev
*hdev
, __u8 status
)
1040 struct hci_cp_read_remote_ext_features
*cp
;
1041 struct hci_conn
*conn
;
1043 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1048 cp
= hci_sent_cmd_data(hdev
, HCI_OP_READ_REMOTE_EXT_FEATURES
);
1054 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1056 if (conn
->state
== BT_CONFIG
) {
1057 hci_proto_connect_cfm(conn
, status
);
1062 hci_dev_unlock(hdev
);
1065 static void hci_cs_setup_sync_conn(struct hci_dev
*hdev
, __u8 status
)
1067 struct hci_cp_setup_sync_conn
*cp
;
1068 struct hci_conn
*acl
, *sco
;
1071 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1076 cp
= hci_sent_cmd_data(hdev
, HCI_OP_SETUP_SYNC_CONN
);
1080 handle
= __le16_to_cpu(cp
->handle
);
1082 BT_DBG("%s handle %d", hdev
->name
, handle
);
1086 acl
= hci_conn_hash_lookup_handle(hdev
, handle
);
1090 sco
->state
= BT_CLOSED
;
1092 hci_proto_connect_cfm(sco
, status
);
1097 hci_dev_unlock(hdev
);
1100 static void hci_cs_sniff_mode(struct hci_dev
*hdev
, __u8 status
)
1102 struct hci_cp_sniff_mode
*cp
;
1103 struct hci_conn
*conn
;
1105 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1110 cp
= hci_sent_cmd_data(hdev
, HCI_OP_SNIFF_MODE
);
1116 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1118 clear_bit(HCI_CONN_MODE_CHANGE_PEND
, &conn
->pend
);
1120 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND
, &conn
->pend
))
1121 hci_sco_setup(conn
, status
);
1124 hci_dev_unlock(hdev
);
1127 static void hci_cs_exit_sniff_mode(struct hci_dev
*hdev
, __u8 status
)
1129 struct hci_cp_exit_sniff_mode
*cp
;
1130 struct hci_conn
*conn
;
1132 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1137 cp
= hci_sent_cmd_data(hdev
, HCI_OP_EXIT_SNIFF_MODE
);
1143 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1145 clear_bit(HCI_CONN_MODE_CHANGE_PEND
, &conn
->pend
);
1147 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND
, &conn
->pend
))
1148 hci_sco_setup(conn
, status
);
1151 hci_dev_unlock(hdev
);
1154 static void hci_cs_le_create_conn(struct hci_dev
*hdev
, __u8 status
)
1156 struct hci_cp_le_create_conn
*cp
;
1157 struct hci_conn
*conn
;
1159 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1161 cp
= hci_sent_cmd_data(hdev
, HCI_OP_LE_CREATE_CONN
);
1167 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, &cp
->peer_addr
);
1169 BT_DBG("%s bdaddr %s conn %p", hdev
->name
, batostr(&cp
->peer_addr
),
1173 if (conn
&& conn
->state
== BT_CONNECT
) {
1174 conn
->state
= BT_CLOSED
;
1175 hci_proto_connect_cfm(conn
, status
);
1180 conn
= hci_conn_add(hdev
, LE_LINK
, &cp
->peer_addr
);
1184 BT_ERR("No memory for new connection");
1188 hci_dev_unlock(hdev
);
1191 static inline void hci_inquiry_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1193 __u8 status
= *((__u8
*) skb
->data
);
1195 BT_DBG("%s status %d", hdev
->name
, status
);
1197 clear_bit(HCI_INQUIRY
, &hdev
->flags
);
1199 hci_req_complete(hdev
, HCI_OP_INQUIRY
, status
);
1201 hci_conn_check_pending(hdev
);
1204 static inline void hci_inquiry_result_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1206 struct inquiry_data data
;
1207 struct inquiry_info
*info
= (void *) (skb
->data
+ 1);
1208 int num_rsp
= *((__u8
*) skb
->data
);
1210 BT_DBG("%s num_rsp %d", hdev
->name
, num_rsp
);
1217 for (; num_rsp
; num_rsp
--) {
1218 bacpy(&data
.bdaddr
, &info
->bdaddr
);
1219 data
.pscan_rep_mode
= info
->pscan_rep_mode
;
1220 data
.pscan_period_mode
= info
->pscan_period_mode
;
1221 data
.pscan_mode
= info
->pscan_mode
;
1222 memcpy(data
.dev_class
, info
->dev_class
, 3);
1223 data
.clock_offset
= info
->clock_offset
;
1225 data
.ssp_mode
= 0x00;
1227 hci_inquiry_cache_update(hdev
, &data
);
1230 hci_dev_unlock(hdev
);
1233 static inline void hci_conn_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1235 struct hci_ev_conn_complete
*ev
= (void *) skb
->data
;
1236 struct hci_conn
*conn
;
1238 BT_DBG("%s", hdev
->name
);
1242 conn
= hci_conn_hash_lookup_ba(hdev
, ev
->link_type
, &ev
->bdaddr
);
1244 if (ev
->link_type
!= SCO_LINK
)
1247 conn
= hci_conn_hash_lookup_ba(hdev
, ESCO_LINK
, &ev
->bdaddr
);
1251 conn
->type
= SCO_LINK
;
1255 conn
->handle
= __le16_to_cpu(ev
->handle
);
1257 if (conn
->type
== ACL_LINK
) {
1258 conn
->state
= BT_CONFIG
;
1259 hci_conn_hold(conn
);
1260 conn
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
1261 mgmt_connected(hdev
->id
, &ev
->bdaddr
);
1263 conn
->state
= BT_CONNECTED
;
1265 hci_conn_hold_device(conn
);
1266 hci_conn_add_sysfs(conn
);
1268 if (test_bit(HCI_AUTH
, &hdev
->flags
))
1269 conn
->link_mode
|= HCI_LM_AUTH
;
1271 if (test_bit(HCI_ENCRYPT
, &hdev
->flags
))
1272 conn
->link_mode
|= HCI_LM_ENCRYPT
;
1274 /* Get remote features */
1275 if (conn
->type
== ACL_LINK
) {
1276 struct hci_cp_read_remote_features cp
;
1277 cp
.handle
= ev
->handle
;
1278 hci_send_cmd(hdev
, HCI_OP_READ_REMOTE_FEATURES
,
1282 /* Set packet type for incoming connection */
1283 if (!conn
->out
&& hdev
->hci_ver
< 3) {
1284 struct hci_cp_change_conn_ptype cp
;
1285 cp
.handle
= ev
->handle
;
1286 cp
.pkt_type
= cpu_to_le16(conn
->pkt_type
);
1287 hci_send_cmd(hdev
, HCI_OP_CHANGE_CONN_PTYPE
,
1291 conn
->state
= BT_CLOSED
;
1292 if (conn
->type
== ACL_LINK
)
1293 mgmt_connect_failed(hdev
->id
, &ev
->bdaddr
, ev
->status
);
1296 if (conn
->type
== ACL_LINK
)
1297 hci_sco_setup(conn
, ev
->status
);
1300 hci_proto_connect_cfm(conn
, ev
->status
);
1302 } else if (ev
->link_type
!= ACL_LINK
)
1303 hci_proto_connect_cfm(conn
, ev
->status
);
1306 hci_dev_unlock(hdev
);
1308 hci_conn_check_pending(hdev
);
1311 static inline void hci_conn_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1313 struct hci_ev_conn_request
*ev
= (void *) skb
->data
;
1314 int mask
= hdev
->link_mode
;
1316 BT_DBG("%s bdaddr %s type 0x%x", hdev
->name
,
1317 batostr(&ev
->bdaddr
), ev
->link_type
);
1319 mask
|= hci_proto_connect_ind(hdev
, &ev
->bdaddr
, ev
->link_type
);
1321 if ((mask
& HCI_LM_ACCEPT
) &&
1322 !hci_blacklist_lookup(hdev
, &ev
->bdaddr
)) {
1323 /* Connection accepted */
1324 struct inquiry_entry
*ie
;
1325 struct hci_conn
*conn
;
1329 ie
= hci_inquiry_cache_lookup(hdev
, &ev
->bdaddr
);
1331 memcpy(ie
->data
.dev_class
, ev
->dev_class
, 3);
1333 conn
= hci_conn_hash_lookup_ba(hdev
, ev
->link_type
, &ev
->bdaddr
);
1335 conn
= hci_conn_add(hdev
, ev
->link_type
, &ev
->bdaddr
);
1337 BT_ERR("No memory for new connection");
1338 hci_dev_unlock(hdev
);
1343 memcpy(conn
->dev_class
, ev
->dev_class
, 3);
1344 conn
->state
= BT_CONNECT
;
1346 hci_dev_unlock(hdev
);
1348 if (ev
->link_type
== ACL_LINK
|| !lmp_esco_capable(hdev
)) {
1349 struct hci_cp_accept_conn_req cp
;
1351 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
1353 if (lmp_rswitch_capable(hdev
) && (mask
& HCI_LM_MASTER
))
1354 cp
.role
= 0x00; /* Become master */
1356 cp
.role
= 0x01; /* Remain slave */
1358 hci_send_cmd(hdev
, HCI_OP_ACCEPT_CONN_REQ
,
1361 struct hci_cp_accept_sync_conn_req cp
;
1363 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
1364 cp
.pkt_type
= cpu_to_le16(conn
->pkt_type
);
1366 cp
.tx_bandwidth
= cpu_to_le32(0x00001f40);
1367 cp
.rx_bandwidth
= cpu_to_le32(0x00001f40);
1368 cp
.max_latency
= cpu_to_le16(0xffff);
1369 cp
.content_format
= cpu_to_le16(hdev
->voice_setting
);
1370 cp
.retrans_effort
= 0xff;
1372 hci_send_cmd(hdev
, HCI_OP_ACCEPT_SYNC_CONN_REQ
,
1376 /* Connection rejected */
1377 struct hci_cp_reject_conn_req cp
;
1379 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
1381 hci_send_cmd(hdev
, HCI_OP_REJECT_CONN_REQ
, sizeof(cp
), &cp
);
1385 static inline void hci_disconn_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1387 struct hci_ev_disconn_complete
*ev
= (void *) skb
->data
;
1388 struct hci_conn
*conn
;
1390 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
1393 mgmt_disconnect_failed(hdev
->id
);
1399 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
1403 conn
->state
= BT_CLOSED
;
1405 if (conn
->type
== ACL_LINK
)
1406 mgmt_disconnected(hdev
->id
, &conn
->dst
);
1408 hci_proto_disconn_cfm(conn
, ev
->reason
);
1412 hci_dev_unlock(hdev
);
1415 static inline void hci_auth_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1417 struct hci_ev_auth_complete
*ev
= (void *) skb
->data
;
1418 struct hci_conn
*conn
;
1420 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
1424 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
1427 conn
->link_mode
|= HCI_LM_AUTH
;
1428 conn
->sec_level
= conn
->pending_sec_level
;
1430 mgmt_auth_failed(hdev
->id
, &conn
->dst
, ev
->status
);
1431 conn
->sec_level
= BT_SECURITY_LOW
;
1434 clear_bit(HCI_CONN_AUTH_PEND
, &conn
->pend
);
1436 if (conn
->state
== BT_CONFIG
) {
1437 if (!ev
->status
&& hdev
->ssp_mode
> 0 &&
1438 conn
->ssp_mode
> 0) {
1439 struct hci_cp_set_conn_encrypt cp
;
1440 cp
.handle
= ev
->handle
;
1442 hci_send_cmd(hdev
, HCI_OP_SET_CONN_ENCRYPT
,
1445 conn
->state
= BT_CONNECTED
;
1446 hci_proto_connect_cfm(conn
, ev
->status
);
1450 hci_auth_cfm(conn
, ev
->status
);
1452 hci_conn_hold(conn
);
1453 conn
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
1457 if (test_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->pend
)) {
1459 struct hci_cp_set_conn_encrypt cp
;
1460 cp
.handle
= ev
->handle
;
1462 hci_send_cmd(hdev
, HCI_OP_SET_CONN_ENCRYPT
,
1465 clear_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->pend
);
1466 hci_encrypt_cfm(conn
, ev
->status
, 0x00);
1471 hci_dev_unlock(hdev
);
1474 static inline void hci_remote_name_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1476 struct hci_ev_remote_name
*ev
= (void *) skb
->data
;
1477 struct hci_conn
*conn
;
1479 BT_DBG("%s", hdev
->name
);
1481 hci_conn_check_pending(hdev
);
1485 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
1486 if (conn
&& hci_outgoing_auth_needed(hdev
, conn
)) {
1487 struct hci_cp_auth_requested cp
;
1488 cp
.handle
= __cpu_to_le16(conn
->handle
);
1489 hci_send_cmd(hdev
, HCI_OP_AUTH_REQUESTED
, sizeof(cp
), &cp
);
1492 hci_dev_unlock(hdev
);
1495 static inline void hci_encrypt_change_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1497 struct hci_ev_encrypt_change
*ev
= (void *) skb
->data
;
1498 struct hci_conn
*conn
;
1500 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
1504 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
1508 /* Encryption implies authentication */
1509 conn
->link_mode
|= HCI_LM_AUTH
;
1510 conn
->link_mode
|= HCI_LM_ENCRYPT
;
1512 conn
->link_mode
&= ~HCI_LM_ENCRYPT
;
1515 clear_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->pend
);
1517 if (conn
->state
== BT_CONFIG
) {
1519 conn
->state
= BT_CONNECTED
;
1521 hci_proto_connect_cfm(conn
, ev
->status
);
1524 hci_encrypt_cfm(conn
, ev
->status
, ev
->encrypt
);
1527 hci_dev_unlock(hdev
);
1530 static inline void hci_change_link_key_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1532 struct hci_ev_change_link_key_complete
*ev
= (void *) skb
->data
;
1533 struct hci_conn
*conn
;
1535 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
1539 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
1542 conn
->link_mode
|= HCI_LM_SECURE
;
1544 clear_bit(HCI_CONN_AUTH_PEND
, &conn
->pend
);
1546 hci_key_change_cfm(conn
, ev
->status
);
1549 hci_dev_unlock(hdev
);
1552 static inline void hci_remote_features_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1554 struct hci_ev_remote_features
*ev
= (void *) skb
->data
;
1555 struct hci_conn
*conn
;
1557 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
1561 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
1566 memcpy(conn
->features
, ev
->features
, 8);
1568 if (conn
->state
!= BT_CONFIG
)
1571 if (!ev
->status
&& lmp_ssp_capable(hdev
) && lmp_ssp_capable(conn
)) {
1572 struct hci_cp_read_remote_ext_features cp
;
1573 cp
.handle
= ev
->handle
;
1575 hci_send_cmd(hdev
, HCI_OP_READ_REMOTE_EXT_FEATURES
,
1581 struct hci_cp_remote_name_req cp
;
1582 memset(&cp
, 0, sizeof(cp
));
1583 bacpy(&cp
.bdaddr
, &conn
->dst
);
1584 cp
.pscan_rep_mode
= 0x02;
1585 hci_send_cmd(hdev
, HCI_OP_REMOTE_NAME_REQ
, sizeof(cp
), &cp
);
1588 if (!hci_outgoing_auth_needed(hdev
, conn
)) {
1589 conn
->state
= BT_CONNECTED
;
1590 hci_proto_connect_cfm(conn
, ev
->status
);
1595 hci_dev_unlock(hdev
);
1598 static inline void hci_remote_version_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1600 BT_DBG("%s", hdev
->name
);
1603 static inline void hci_qos_setup_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1605 BT_DBG("%s", hdev
->name
);
1608 static inline void hci_cmd_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1610 struct hci_ev_cmd_complete
*ev
= (void *) skb
->data
;
1613 skb_pull(skb
, sizeof(*ev
));
1615 opcode
= __le16_to_cpu(ev
->opcode
);
1618 case HCI_OP_INQUIRY_CANCEL
:
1619 hci_cc_inquiry_cancel(hdev
, skb
);
1622 case HCI_OP_EXIT_PERIODIC_INQ
:
1623 hci_cc_exit_periodic_inq(hdev
, skb
);
1626 case HCI_OP_REMOTE_NAME_REQ_CANCEL
:
1627 hci_cc_remote_name_req_cancel(hdev
, skb
);
1630 case HCI_OP_ROLE_DISCOVERY
:
1631 hci_cc_role_discovery(hdev
, skb
);
1634 case HCI_OP_READ_LINK_POLICY
:
1635 hci_cc_read_link_policy(hdev
, skb
);
1638 case HCI_OP_WRITE_LINK_POLICY
:
1639 hci_cc_write_link_policy(hdev
, skb
);
1642 case HCI_OP_READ_DEF_LINK_POLICY
:
1643 hci_cc_read_def_link_policy(hdev
, skb
);
1646 case HCI_OP_WRITE_DEF_LINK_POLICY
:
1647 hci_cc_write_def_link_policy(hdev
, skb
);
1651 hci_cc_reset(hdev
, skb
);
1654 case HCI_OP_WRITE_LOCAL_NAME
:
1655 hci_cc_write_local_name(hdev
, skb
);
1658 case HCI_OP_READ_LOCAL_NAME
:
1659 hci_cc_read_local_name(hdev
, skb
);
1662 case HCI_OP_WRITE_AUTH_ENABLE
:
1663 hci_cc_write_auth_enable(hdev
, skb
);
1666 case HCI_OP_WRITE_ENCRYPT_MODE
:
1667 hci_cc_write_encrypt_mode(hdev
, skb
);
1670 case HCI_OP_WRITE_SCAN_ENABLE
:
1671 hci_cc_write_scan_enable(hdev
, skb
);
1674 case HCI_OP_READ_CLASS_OF_DEV
:
1675 hci_cc_read_class_of_dev(hdev
, skb
);
1678 case HCI_OP_WRITE_CLASS_OF_DEV
:
1679 hci_cc_write_class_of_dev(hdev
, skb
);
1682 case HCI_OP_READ_VOICE_SETTING
:
1683 hci_cc_read_voice_setting(hdev
, skb
);
1686 case HCI_OP_WRITE_VOICE_SETTING
:
1687 hci_cc_write_voice_setting(hdev
, skb
);
1690 case HCI_OP_HOST_BUFFER_SIZE
:
1691 hci_cc_host_buffer_size(hdev
, skb
);
1694 case HCI_OP_READ_SSP_MODE
:
1695 hci_cc_read_ssp_mode(hdev
, skb
);
1698 case HCI_OP_WRITE_SSP_MODE
:
1699 hci_cc_write_ssp_mode(hdev
, skb
);
1702 case HCI_OP_READ_LOCAL_VERSION
:
1703 hci_cc_read_local_version(hdev
, skb
);
1706 case HCI_OP_READ_LOCAL_COMMANDS
:
1707 hci_cc_read_local_commands(hdev
, skb
);
1710 case HCI_OP_READ_LOCAL_FEATURES
:
1711 hci_cc_read_local_features(hdev
, skb
);
1714 case HCI_OP_READ_BUFFER_SIZE
:
1715 hci_cc_read_buffer_size(hdev
, skb
);
1718 case HCI_OP_READ_BD_ADDR
:
1719 hci_cc_read_bd_addr(hdev
, skb
);
1722 case HCI_OP_WRITE_CA_TIMEOUT
:
1723 hci_cc_write_ca_timeout(hdev
, skb
);
1726 case HCI_OP_DELETE_STORED_LINK_KEY
:
1727 hci_cc_delete_stored_link_key(hdev
, skb
);
1730 case HCI_OP_SET_EVENT_MASK
:
1731 hci_cc_set_event_mask(hdev
, skb
);
1734 case HCI_OP_WRITE_INQUIRY_MODE
:
1735 hci_cc_write_inquiry_mode(hdev
, skb
);
1738 case HCI_OP_READ_INQ_RSP_TX_POWER
:
1739 hci_cc_read_inq_rsp_tx_power(hdev
, skb
);
1742 case HCI_OP_SET_EVENT_FLT
:
1743 hci_cc_set_event_flt(hdev
, skb
);
1746 case HCI_OP_PIN_CODE_REPLY
:
1747 hci_cc_pin_code_reply(hdev
, skb
);
1750 case HCI_OP_PIN_CODE_NEG_REPLY
:
1751 hci_cc_pin_code_neg_reply(hdev
, skb
);
1754 case HCI_OP_LE_READ_BUFFER_SIZE
:
1755 hci_cc_le_read_buffer_size(hdev
, skb
);
1758 case HCI_OP_USER_CONFIRM_REPLY
:
1759 hci_cc_user_confirm_reply(hdev
, skb
);
1762 case HCI_OP_USER_CONFIRM_NEG_REPLY
:
1763 hci_cc_user_confirm_neg_reply(hdev
, skb
);
1767 BT_DBG("%s opcode 0x%x", hdev
->name
, opcode
);
1771 if (ev
->opcode
!= HCI_OP_NOP
)
1772 del_timer(&hdev
->cmd_timer
);
1775 atomic_set(&hdev
->cmd_cnt
, 1);
1776 if (!skb_queue_empty(&hdev
->cmd_q
))
1777 tasklet_schedule(&hdev
->cmd_task
);
1781 static inline void hci_cmd_status_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1783 struct hci_ev_cmd_status
*ev
= (void *) skb
->data
;
1786 skb_pull(skb
, sizeof(*ev
));
1788 opcode
= __le16_to_cpu(ev
->opcode
);
1791 case HCI_OP_INQUIRY
:
1792 hci_cs_inquiry(hdev
, ev
->status
);
1795 case HCI_OP_CREATE_CONN
:
1796 hci_cs_create_conn(hdev
, ev
->status
);
1799 case HCI_OP_ADD_SCO
:
1800 hci_cs_add_sco(hdev
, ev
->status
);
1803 case HCI_OP_AUTH_REQUESTED
:
1804 hci_cs_auth_requested(hdev
, ev
->status
);
1807 case HCI_OP_SET_CONN_ENCRYPT
:
1808 hci_cs_set_conn_encrypt(hdev
, ev
->status
);
1811 case HCI_OP_REMOTE_NAME_REQ
:
1812 hci_cs_remote_name_req(hdev
, ev
->status
);
1815 case HCI_OP_READ_REMOTE_FEATURES
:
1816 hci_cs_read_remote_features(hdev
, ev
->status
);
1819 case HCI_OP_READ_REMOTE_EXT_FEATURES
:
1820 hci_cs_read_remote_ext_features(hdev
, ev
->status
);
1823 case HCI_OP_SETUP_SYNC_CONN
:
1824 hci_cs_setup_sync_conn(hdev
, ev
->status
);
1827 case HCI_OP_SNIFF_MODE
:
1828 hci_cs_sniff_mode(hdev
, ev
->status
);
1831 case HCI_OP_EXIT_SNIFF_MODE
:
1832 hci_cs_exit_sniff_mode(hdev
, ev
->status
);
1835 case HCI_OP_DISCONNECT
:
1836 if (ev
->status
!= 0)
1837 mgmt_disconnect_failed(hdev
->id
);
1840 case HCI_OP_LE_CREATE_CONN
:
1841 hci_cs_le_create_conn(hdev
, ev
->status
);
1845 BT_DBG("%s opcode 0x%x", hdev
->name
, opcode
);
1849 if (ev
->opcode
!= HCI_OP_NOP
)
1850 del_timer(&hdev
->cmd_timer
);
1852 if (ev
->ncmd
&& !test_bit(HCI_RESET
, &hdev
->flags
)) {
1853 atomic_set(&hdev
->cmd_cnt
, 1);
1854 if (!skb_queue_empty(&hdev
->cmd_q
))
1855 tasklet_schedule(&hdev
->cmd_task
);
1859 static inline void hci_role_change_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1861 struct hci_ev_role_change
*ev
= (void *) skb
->data
;
1862 struct hci_conn
*conn
;
1864 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
1868 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
1872 conn
->link_mode
&= ~HCI_LM_MASTER
;
1874 conn
->link_mode
|= HCI_LM_MASTER
;
1877 clear_bit(HCI_CONN_RSWITCH_PEND
, &conn
->pend
);
1879 hci_role_switch_cfm(conn
, ev
->status
, ev
->role
);
1882 hci_dev_unlock(hdev
);
1885 static inline void hci_num_comp_pkts_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1887 struct hci_ev_num_comp_pkts
*ev
= (void *) skb
->data
;
1891 skb_pull(skb
, sizeof(*ev
));
1893 BT_DBG("%s num_hndl %d", hdev
->name
, ev
->num_hndl
);
1895 if (skb
->len
< ev
->num_hndl
* 4) {
1896 BT_DBG("%s bad parameters", hdev
->name
);
1900 tasklet_disable(&hdev
->tx_task
);
1902 for (i
= 0, ptr
= (__le16
*) skb
->data
; i
< ev
->num_hndl
; i
++) {
1903 struct hci_conn
*conn
;
1904 __u16 handle
, count
;
1906 handle
= get_unaligned_le16(ptr
++);
1907 count
= get_unaligned_le16(ptr
++);
1909 conn
= hci_conn_hash_lookup_handle(hdev
, handle
);
1911 conn
->sent
-= count
;
1913 if (conn
->type
== ACL_LINK
) {
1914 hdev
->acl_cnt
+= count
;
1915 if (hdev
->acl_cnt
> hdev
->acl_pkts
)
1916 hdev
->acl_cnt
= hdev
->acl_pkts
;
1917 } else if (conn
->type
== LE_LINK
) {
1918 if (hdev
->le_pkts
) {
1919 hdev
->le_cnt
+= count
;
1920 if (hdev
->le_cnt
> hdev
->le_pkts
)
1921 hdev
->le_cnt
= hdev
->le_pkts
;
1923 hdev
->acl_cnt
+= count
;
1924 if (hdev
->acl_cnt
> hdev
->acl_pkts
)
1925 hdev
->acl_cnt
= hdev
->acl_pkts
;
1928 hdev
->sco_cnt
+= count
;
1929 if (hdev
->sco_cnt
> hdev
->sco_pkts
)
1930 hdev
->sco_cnt
= hdev
->sco_pkts
;
1935 tasklet_schedule(&hdev
->tx_task
);
1937 tasklet_enable(&hdev
->tx_task
);
1940 static inline void hci_mode_change_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1942 struct hci_ev_mode_change
*ev
= (void *) skb
->data
;
1943 struct hci_conn
*conn
;
1945 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
1949 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
1951 conn
->mode
= ev
->mode
;
1952 conn
->interval
= __le16_to_cpu(ev
->interval
);
1954 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND
, &conn
->pend
)) {
1955 if (conn
->mode
== HCI_CM_ACTIVE
)
1956 conn
->power_save
= 1;
1958 conn
->power_save
= 0;
1961 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND
, &conn
->pend
))
1962 hci_sco_setup(conn
, ev
->status
);
1965 hci_dev_unlock(hdev
);
1968 static inline void hci_pin_code_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1970 struct hci_ev_pin_code_req
*ev
= (void *) skb
->data
;
1971 struct hci_conn
*conn
;
1973 BT_DBG("%s", hdev
->name
);
1977 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
1978 if (conn
&& conn
->state
== BT_CONNECTED
) {
1979 hci_conn_hold(conn
);
1980 conn
->disc_timeout
= HCI_PAIRING_TIMEOUT
;
1984 if (!test_bit(HCI_PAIRABLE
, &hdev
->flags
))
1985 hci_send_cmd(hdev
, HCI_OP_PIN_CODE_NEG_REPLY
,
1986 sizeof(ev
->bdaddr
), &ev
->bdaddr
);
1988 if (test_bit(HCI_MGMT
, &hdev
->flags
))
1989 mgmt_pin_code_request(hdev
->id
, &ev
->bdaddr
);
1991 hci_dev_unlock(hdev
);
1994 static inline void hci_link_key_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1996 struct hci_ev_link_key_req
*ev
= (void *) skb
->data
;
1997 struct hci_cp_link_key_reply cp
;
1998 struct hci_conn
*conn
;
1999 struct link_key
*key
;
2001 BT_DBG("%s", hdev
->name
);
2003 if (!test_bit(HCI_LINK_KEYS
, &hdev
->flags
))
2008 key
= hci_find_link_key(hdev
, &ev
->bdaddr
);
2010 BT_DBG("%s link key not found for %s", hdev
->name
,
2011 batostr(&ev
->bdaddr
));
2015 BT_DBG("%s found key type %u for %s", hdev
->name
, key
->type
,
2016 batostr(&ev
->bdaddr
));
2018 if (!test_bit(HCI_DEBUG_KEYS
, &hdev
->flags
) && key
->type
== 0x03) {
2019 BT_DBG("%s ignoring debug key", hdev
->name
);
2023 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2025 if (key
->type
== 0x04 && conn
&& conn
->auth_type
!= 0xff &&
2026 (conn
->auth_type
& 0x01)) {
2027 BT_DBG("%s ignoring unauthenticated key", hdev
->name
);
2031 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
2032 memcpy(cp
.link_key
, key
->val
, 16);
2034 hci_send_cmd(hdev
, HCI_OP_LINK_KEY_REPLY
, sizeof(cp
), &cp
);
2036 hci_dev_unlock(hdev
);
2041 hci_send_cmd(hdev
, HCI_OP_LINK_KEY_NEG_REPLY
, 6, &ev
->bdaddr
);
2042 hci_dev_unlock(hdev
);
2045 static inline void hci_link_key_notify_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2047 struct hci_ev_link_key_notify
*ev
= (void *) skb
->data
;
2048 struct hci_conn
*conn
;
2051 BT_DBG("%s", hdev
->name
);
2055 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2057 hci_conn_hold(conn
);
2058 conn
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
2059 pin_len
= conn
->pin_length
;
2063 if (test_bit(HCI_LINK_KEYS
, &hdev
->flags
))
2064 hci_add_link_key(hdev
, 1, &ev
->bdaddr
, ev
->link_key
,
2065 ev
->key_type
, pin_len
);
2067 hci_dev_unlock(hdev
);
2070 static inline void hci_clock_offset_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2072 struct hci_ev_clock_offset
*ev
= (void *) skb
->data
;
2073 struct hci_conn
*conn
;
2075 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
2079 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2080 if (conn
&& !ev
->status
) {
2081 struct inquiry_entry
*ie
;
2083 ie
= hci_inquiry_cache_lookup(hdev
, &conn
->dst
);
2085 ie
->data
.clock_offset
= ev
->clock_offset
;
2086 ie
->timestamp
= jiffies
;
2090 hci_dev_unlock(hdev
);
2093 static inline void hci_pkt_type_change_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2095 struct hci_ev_pkt_type_change
*ev
= (void *) skb
->data
;
2096 struct hci_conn
*conn
;
2098 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
2102 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2103 if (conn
&& !ev
->status
)
2104 conn
->pkt_type
= __le16_to_cpu(ev
->pkt_type
);
2106 hci_dev_unlock(hdev
);
2109 static inline void hci_pscan_rep_mode_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2111 struct hci_ev_pscan_rep_mode
*ev
= (void *) skb
->data
;
2112 struct inquiry_entry
*ie
;
2114 BT_DBG("%s", hdev
->name
);
2118 ie
= hci_inquiry_cache_lookup(hdev
, &ev
->bdaddr
);
2120 ie
->data
.pscan_rep_mode
= ev
->pscan_rep_mode
;
2121 ie
->timestamp
= jiffies
;
2124 hci_dev_unlock(hdev
);
2127 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2129 struct inquiry_data data
;
2130 int num_rsp
= *((__u8
*) skb
->data
);
2132 BT_DBG("%s num_rsp %d", hdev
->name
, num_rsp
);
2139 if ((skb
->len
- 1) / num_rsp
!= sizeof(struct inquiry_info_with_rssi
)) {
2140 struct inquiry_info_with_rssi_and_pscan_mode
*info
;
2141 info
= (void *) (skb
->data
+ 1);
2143 for (; num_rsp
; num_rsp
--) {
2144 bacpy(&data
.bdaddr
, &info
->bdaddr
);
2145 data
.pscan_rep_mode
= info
->pscan_rep_mode
;
2146 data
.pscan_period_mode
= info
->pscan_period_mode
;
2147 data
.pscan_mode
= info
->pscan_mode
;
2148 memcpy(data
.dev_class
, info
->dev_class
, 3);
2149 data
.clock_offset
= info
->clock_offset
;
2150 data
.rssi
= info
->rssi
;
2151 data
.ssp_mode
= 0x00;
2153 hci_inquiry_cache_update(hdev
, &data
);
2156 struct inquiry_info_with_rssi
*info
= (void *) (skb
->data
+ 1);
2158 for (; num_rsp
; num_rsp
--) {
2159 bacpy(&data
.bdaddr
, &info
->bdaddr
);
2160 data
.pscan_rep_mode
= info
->pscan_rep_mode
;
2161 data
.pscan_period_mode
= info
->pscan_period_mode
;
2162 data
.pscan_mode
= 0x00;
2163 memcpy(data
.dev_class
, info
->dev_class
, 3);
2164 data
.clock_offset
= info
->clock_offset
;
2165 data
.rssi
= info
->rssi
;
2166 data
.ssp_mode
= 0x00;
2168 hci_inquiry_cache_update(hdev
, &data
);
2172 hci_dev_unlock(hdev
);
2175 static inline void hci_remote_ext_features_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2177 struct hci_ev_remote_ext_features
*ev
= (void *) skb
->data
;
2178 struct hci_conn
*conn
;
2180 BT_DBG("%s", hdev
->name
);
2184 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2188 if (!ev
->status
&& ev
->page
== 0x01) {
2189 struct inquiry_entry
*ie
;
2191 ie
= hci_inquiry_cache_lookup(hdev
, &conn
->dst
);
2193 ie
->data
.ssp_mode
= (ev
->features
[0] & 0x01);
2195 conn
->ssp_mode
= (ev
->features
[0] & 0x01);
2198 if (conn
->state
!= BT_CONFIG
)
2202 struct hci_cp_remote_name_req cp
;
2203 memset(&cp
, 0, sizeof(cp
));
2204 bacpy(&cp
.bdaddr
, &conn
->dst
);
2205 cp
.pscan_rep_mode
= 0x02;
2206 hci_send_cmd(hdev
, HCI_OP_REMOTE_NAME_REQ
, sizeof(cp
), &cp
);
2209 if (!hci_outgoing_auth_needed(hdev
, conn
)) {
2210 conn
->state
= BT_CONNECTED
;
2211 hci_proto_connect_cfm(conn
, ev
->status
);
2216 hci_dev_unlock(hdev
);
2219 static inline void hci_sync_conn_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2221 struct hci_ev_sync_conn_complete
*ev
= (void *) skb
->data
;
2222 struct hci_conn
*conn
;
2224 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
2228 conn
= hci_conn_hash_lookup_ba(hdev
, ev
->link_type
, &ev
->bdaddr
);
2230 if (ev
->link_type
== ESCO_LINK
)
2233 conn
= hci_conn_hash_lookup_ba(hdev
, ESCO_LINK
, &ev
->bdaddr
);
2237 conn
->type
= SCO_LINK
;
2240 switch (ev
->status
) {
2242 conn
->handle
= __le16_to_cpu(ev
->handle
);
2243 conn
->state
= BT_CONNECTED
;
2245 hci_conn_hold_device(conn
);
2246 hci_conn_add_sysfs(conn
);
2249 case 0x11: /* Unsupported Feature or Parameter Value */
2250 case 0x1c: /* SCO interval rejected */
2251 case 0x1a: /* Unsupported Remote Feature */
2252 case 0x1f: /* Unspecified error */
2253 if (conn
->out
&& conn
->attempt
< 2) {
2254 conn
->pkt_type
= (hdev
->esco_type
& SCO_ESCO_MASK
) |
2255 (hdev
->esco_type
& EDR_ESCO_MASK
);
2256 hci_setup_sync(conn
, conn
->link
->handle
);
2262 conn
->state
= BT_CLOSED
;
2266 hci_proto_connect_cfm(conn
, ev
->status
);
2271 hci_dev_unlock(hdev
);
2274 static inline void hci_sync_conn_changed_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2276 BT_DBG("%s", hdev
->name
);
2279 static inline void hci_sniff_subrate_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2281 struct hci_ev_sniff_subrate
*ev
= (void *) skb
->data
;
2283 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
2286 static inline void hci_extended_inquiry_result_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2288 struct inquiry_data data
;
2289 struct extended_inquiry_info
*info
= (void *) (skb
->data
+ 1);
2290 int num_rsp
= *((__u8
*) skb
->data
);
2292 BT_DBG("%s num_rsp %d", hdev
->name
, num_rsp
);
2299 for (; num_rsp
; num_rsp
--) {
2300 bacpy(&data
.bdaddr
, &info
->bdaddr
);
2301 data
.pscan_rep_mode
= info
->pscan_rep_mode
;
2302 data
.pscan_period_mode
= info
->pscan_period_mode
;
2303 data
.pscan_mode
= 0x00;
2304 memcpy(data
.dev_class
, info
->dev_class
, 3);
2305 data
.clock_offset
= info
->clock_offset
;
2306 data
.rssi
= info
->rssi
;
2307 data
.ssp_mode
= 0x01;
2309 hci_inquiry_cache_update(hdev
, &data
);
2312 hci_dev_unlock(hdev
);
2315 static inline u8
hci_get_auth_req(struct hci_conn
*conn
)
2317 /* If remote requests dedicated bonding follow that lead */
2318 if (conn
->remote_auth
== 0x02 || conn
->remote_auth
== 0x03) {
2319 /* If both remote and local IO capabilities allow MITM
2320 * protection then require it, otherwise don't */
2321 if (conn
->remote_cap
== 0x03 || conn
->io_capability
== 0x03)
2327 /* If remote requests no-bonding follow that lead */
2328 if (conn
->remote_auth
== 0x00 || conn
->remote_auth
== 0x01)
2331 return conn
->auth_type
;
2334 static inline void hci_io_capa_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2336 struct hci_ev_io_capa_request
*ev
= (void *) skb
->data
;
2337 struct hci_conn
*conn
;
2339 BT_DBG("%s", hdev
->name
);
2343 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2347 hci_conn_hold(conn
);
2349 if (!test_bit(HCI_MGMT
, &hdev
->flags
))
2352 if (test_bit(HCI_PAIRABLE
, &hdev
->flags
) ||
2353 (conn
->remote_auth
& ~0x01) == HCI_AT_NO_BONDING
) {
2354 struct hci_cp_io_capability_reply cp
;
2356 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
2357 cp
.capability
= conn
->io_capability
;
2359 cp
.authentication
= hci_get_auth_req(conn
);
2361 hci_send_cmd(hdev
, HCI_OP_IO_CAPABILITY_REPLY
,
2364 struct hci_cp_io_capability_neg_reply cp
;
2366 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
2367 cp
.reason
= 0x16; /* Pairing not allowed */
2369 hci_send_cmd(hdev
, HCI_OP_IO_CAPABILITY_NEG_REPLY
,
2374 hci_dev_unlock(hdev
);
2377 static inline void hci_io_capa_reply_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2379 struct hci_ev_io_capa_reply
*ev
= (void *) skb
->data
;
2380 struct hci_conn
*conn
;
2382 BT_DBG("%s", hdev
->name
);
2386 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2390 conn
->remote_cap
= ev
->capability
;
2391 conn
->remote_oob
= ev
->oob_data
;
2392 conn
->remote_auth
= ev
->authentication
;
2395 hci_dev_unlock(hdev
);
2398 static inline void hci_user_confirm_request_evt(struct hci_dev
*hdev
,
2399 struct sk_buff
*skb
)
2401 struct hci_ev_user_confirm_req
*ev
= (void *) skb
->data
;
2403 BT_DBG("%s", hdev
->name
);
2407 if (test_bit(HCI_MGMT
, &hdev
->flags
))
2408 mgmt_user_confirm_request(hdev
->id
, &ev
->bdaddr
, ev
->passkey
);
2410 hci_dev_unlock(hdev
);
2413 static inline void hci_simple_pair_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2415 struct hci_ev_simple_pair_complete
*ev
= (void *) skb
->data
;
2416 struct hci_conn
*conn
;
2418 BT_DBG("%s", hdev
->name
);
2422 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2426 /* To avoid duplicate auth_failed events to user space we check
2427 * the HCI_CONN_AUTH_PEND flag which will be set if we
2428 * initiated the authentication. A traditional auth_complete
2429 * event gets always produced as initiator and is also mapped to
2430 * the mgmt_auth_failed event */
2431 if (!test_bit(HCI_CONN_AUTH_PEND
, &conn
->pend
) && ev
->status
!= 0)
2432 mgmt_auth_failed(hdev
->id
, &conn
->dst
, ev
->status
);
2437 hci_dev_unlock(hdev
);
2440 static inline void hci_remote_host_features_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2442 struct hci_ev_remote_host_features
*ev
= (void *) skb
->data
;
2443 struct inquiry_entry
*ie
;
2445 BT_DBG("%s", hdev
->name
);
2449 ie
= hci_inquiry_cache_lookup(hdev
, &ev
->bdaddr
);
2451 ie
->data
.ssp_mode
= (ev
->features
[0] & 0x01);
2453 hci_dev_unlock(hdev
);
2456 static inline void hci_le_conn_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2458 struct hci_ev_le_conn_complete
*ev
= (void *) skb
->data
;
2459 struct hci_conn
*conn
;
2461 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
2465 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, &ev
->bdaddr
);
2467 conn
= hci_conn_add(hdev
, LE_LINK
, &ev
->bdaddr
);
2469 BT_ERR("No memory for new connection");
2470 hci_dev_unlock(hdev
);
2476 hci_proto_connect_cfm(conn
, ev
->status
);
2477 conn
->state
= BT_CLOSED
;
2482 conn
->handle
= __le16_to_cpu(ev
->handle
);
2483 conn
->state
= BT_CONNECTED
;
2485 hci_conn_hold_device(conn
);
2486 hci_conn_add_sysfs(conn
);
2488 hci_proto_connect_cfm(conn
, ev
->status
);
2491 hci_dev_unlock(hdev
);
2494 static inline void hci_le_meta_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2496 struct hci_ev_le_meta
*le_ev
= (void *) skb
->data
;
2498 skb_pull(skb
, sizeof(*le_ev
));
2500 switch (le_ev
->subevent
) {
2501 case HCI_EV_LE_CONN_COMPLETE
:
2502 hci_le_conn_complete_evt(hdev
, skb
);
2510 void hci_event_packet(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2512 struct hci_event_hdr
*hdr
= (void *) skb
->data
;
2513 __u8 event
= hdr
->evt
;
2515 skb_pull(skb
, HCI_EVENT_HDR_SIZE
);
2518 case HCI_EV_INQUIRY_COMPLETE
:
2519 hci_inquiry_complete_evt(hdev
, skb
);
2522 case HCI_EV_INQUIRY_RESULT
:
2523 hci_inquiry_result_evt(hdev
, skb
);
2526 case HCI_EV_CONN_COMPLETE
:
2527 hci_conn_complete_evt(hdev
, skb
);
2530 case HCI_EV_CONN_REQUEST
:
2531 hci_conn_request_evt(hdev
, skb
);
2534 case HCI_EV_DISCONN_COMPLETE
:
2535 hci_disconn_complete_evt(hdev
, skb
);
2538 case HCI_EV_AUTH_COMPLETE
:
2539 hci_auth_complete_evt(hdev
, skb
);
2542 case HCI_EV_REMOTE_NAME
:
2543 hci_remote_name_evt(hdev
, skb
);
2546 case HCI_EV_ENCRYPT_CHANGE
:
2547 hci_encrypt_change_evt(hdev
, skb
);
2550 case HCI_EV_CHANGE_LINK_KEY_COMPLETE
:
2551 hci_change_link_key_complete_evt(hdev
, skb
);
2554 case HCI_EV_REMOTE_FEATURES
:
2555 hci_remote_features_evt(hdev
, skb
);
2558 case HCI_EV_REMOTE_VERSION
:
2559 hci_remote_version_evt(hdev
, skb
);
2562 case HCI_EV_QOS_SETUP_COMPLETE
:
2563 hci_qos_setup_complete_evt(hdev
, skb
);
2566 case HCI_EV_CMD_COMPLETE
:
2567 hci_cmd_complete_evt(hdev
, skb
);
2570 case HCI_EV_CMD_STATUS
:
2571 hci_cmd_status_evt(hdev
, skb
);
2574 case HCI_EV_ROLE_CHANGE
:
2575 hci_role_change_evt(hdev
, skb
);
2578 case HCI_EV_NUM_COMP_PKTS
:
2579 hci_num_comp_pkts_evt(hdev
, skb
);
2582 case HCI_EV_MODE_CHANGE
:
2583 hci_mode_change_evt(hdev
, skb
);
2586 case HCI_EV_PIN_CODE_REQ
:
2587 hci_pin_code_request_evt(hdev
, skb
);
2590 case HCI_EV_LINK_KEY_REQ
:
2591 hci_link_key_request_evt(hdev
, skb
);
2594 case HCI_EV_LINK_KEY_NOTIFY
:
2595 hci_link_key_notify_evt(hdev
, skb
);
2598 case HCI_EV_CLOCK_OFFSET
:
2599 hci_clock_offset_evt(hdev
, skb
);
2602 case HCI_EV_PKT_TYPE_CHANGE
:
2603 hci_pkt_type_change_evt(hdev
, skb
);
2606 case HCI_EV_PSCAN_REP_MODE
:
2607 hci_pscan_rep_mode_evt(hdev
, skb
);
2610 case HCI_EV_INQUIRY_RESULT_WITH_RSSI
:
2611 hci_inquiry_result_with_rssi_evt(hdev
, skb
);
2614 case HCI_EV_REMOTE_EXT_FEATURES
:
2615 hci_remote_ext_features_evt(hdev
, skb
);
2618 case HCI_EV_SYNC_CONN_COMPLETE
:
2619 hci_sync_conn_complete_evt(hdev
, skb
);
2622 case HCI_EV_SYNC_CONN_CHANGED
:
2623 hci_sync_conn_changed_evt(hdev
, skb
);
2626 case HCI_EV_SNIFF_SUBRATE
:
2627 hci_sniff_subrate_evt(hdev
, skb
);
2630 case HCI_EV_EXTENDED_INQUIRY_RESULT
:
2631 hci_extended_inquiry_result_evt(hdev
, skb
);
2634 case HCI_EV_IO_CAPA_REQUEST
:
2635 hci_io_capa_request_evt(hdev
, skb
);
2638 case HCI_EV_IO_CAPA_REPLY
:
2639 hci_io_capa_reply_evt(hdev
, skb
);
2642 case HCI_EV_USER_CONFIRM_REQUEST
:
2643 hci_user_confirm_request_evt(hdev
, skb
);
2646 case HCI_EV_SIMPLE_PAIR_COMPLETE
:
2647 hci_simple_pair_complete_evt(hdev
, skb
);
2650 case HCI_EV_REMOTE_HOST_FEATURES
:
2651 hci_remote_host_features_evt(hdev
, skb
);
2654 case HCI_EV_LE_META
:
2655 hci_le_meta_evt(hdev
, skb
);
2659 BT_DBG("%s event 0x%x", hdev
->name
, event
);
2664 hdev
->stat
.evt_rx
++;
2667 /* Generate internal stack event */
2668 void hci_si_event(struct hci_dev
*hdev
, int type
, int dlen
, void *data
)
2670 struct hci_event_hdr
*hdr
;
2671 struct hci_ev_stack_internal
*ev
;
2672 struct sk_buff
*skb
;
2674 skb
= bt_skb_alloc(HCI_EVENT_HDR_SIZE
+ sizeof(*ev
) + dlen
, GFP_ATOMIC
);
2678 hdr
= (void *) skb_put(skb
, HCI_EVENT_HDR_SIZE
);
2679 hdr
->evt
= HCI_EV_STACK_INTERNAL
;
2680 hdr
->plen
= sizeof(*ev
) + dlen
;
2682 ev
= (void *) skb_put(skb
, sizeof(*ev
) + dlen
);
2684 memcpy(ev
->data
, data
, dlen
);
2686 bt_cb(skb
)->incoming
= 1;
2687 __net_timestamp(skb
);
2689 bt_cb(skb
)->pkt_type
= HCI_EVENT_PKT
;
2690 skb
->dev
= (void *) hdev
;
2691 hci_send_to_sock(hdev
, skb
, NULL
);