2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
41 #include <asm/system.h>
42 #include <linux/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
48 /* Handle HCI Event packets */
50 static void hci_cc_inquiry_cancel(struct hci_dev
*hdev
, struct sk_buff
*skb
)
52 __u8 status
= *((__u8
*) skb
->data
);
54 BT_DBG("%s status 0x%x", hdev
->name
, status
);
59 if (test_bit(HCI_MGMT
, &hdev
->flags
) &&
60 test_and_clear_bit(HCI_INQUIRY
, &hdev
->flags
))
61 mgmt_discovering(hdev
->id
, 0);
63 hci_req_complete(hdev
, HCI_OP_INQUIRY_CANCEL
, status
);
65 hci_conn_check_pending(hdev
);
68 static void hci_cc_exit_periodic_inq(struct hci_dev
*hdev
, struct sk_buff
*skb
)
70 __u8 status
= *((__u8
*) skb
->data
);
72 BT_DBG("%s status 0x%x", hdev
->name
, status
);
77 if (test_bit(HCI_MGMT
, &hdev
->flags
) &&
78 test_and_clear_bit(HCI_INQUIRY
, &hdev
->flags
))
79 mgmt_discovering(hdev
->id
, 0);
81 hci_conn_check_pending(hdev
);
84 static void hci_cc_remote_name_req_cancel(struct hci_dev
*hdev
, struct sk_buff
*skb
)
86 BT_DBG("%s", hdev
->name
);
89 static void hci_cc_role_discovery(struct hci_dev
*hdev
, struct sk_buff
*skb
)
91 struct hci_rp_role_discovery
*rp
= (void *) skb
->data
;
92 struct hci_conn
*conn
;
94 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
101 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
104 conn
->link_mode
&= ~HCI_LM_MASTER
;
106 conn
->link_mode
|= HCI_LM_MASTER
;
109 hci_dev_unlock(hdev
);
112 static void hci_cc_read_link_policy(struct hci_dev
*hdev
, struct sk_buff
*skb
)
114 struct hci_rp_read_link_policy
*rp
= (void *) skb
->data
;
115 struct hci_conn
*conn
;
117 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
124 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
126 conn
->link_policy
= __le16_to_cpu(rp
->policy
);
128 hci_dev_unlock(hdev
);
131 static void hci_cc_write_link_policy(struct hci_dev
*hdev
, struct sk_buff
*skb
)
133 struct hci_rp_write_link_policy
*rp
= (void *) skb
->data
;
134 struct hci_conn
*conn
;
137 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
142 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_LINK_POLICY
);
148 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(rp
->handle
));
150 conn
->link_policy
= get_unaligned_le16(sent
+ 2);
152 hci_dev_unlock(hdev
);
155 static void hci_cc_read_def_link_policy(struct hci_dev
*hdev
, struct sk_buff
*skb
)
157 struct hci_rp_read_def_link_policy
*rp
= (void *) skb
->data
;
159 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
164 hdev
->link_policy
= __le16_to_cpu(rp
->policy
);
167 static void hci_cc_write_def_link_policy(struct hci_dev
*hdev
, struct sk_buff
*skb
)
169 __u8 status
= *((__u8
*) skb
->data
);
172 BT_DBG("%s status 0x%x", hdev
->name
, status
);
174 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_DEF_LINK_POLICY
);
179 hdev
->link_policy
= get_unaligned_le16(sent
);
181 hci_req_complete(hdev
, HCI_OP_WRITE_DEF_LINK_POLICY
, status
);
184 static void hci_cc_reset(struct hci_dev
*hdev
, struct sk_buff
*skb
)
186 __u8 status
= *((__u8
*) skb
->data
);
188 BT_DBG("%s status 0x%x", hdev
->name
, status
);
190 clear_bit(HCI_RESET
, &hdev
->flags
);
192 hci_req_complete(hdev
, HCI_OP_RESET
, status
);
195 static void hci_cc_write_local_name(struct hci_dev
*hdev
, struct sk_buff
*skb
)
197 __u8 status
= *((__u8
*) skb
->data
);
200 BT_DBG("%s status 0x%x", hdev
->name
, status
);
202 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_LOCAL_NAME
);
206 if (test_bit(HCI_MGMT
, &hdev
->flags
))
207 mgmt_set_local_name_complete(hdev
->id
, sent
, status
);
212 memcpy(hdev
->dev_name
, sent
, HCI_MAX_NAME_LENGTH
);
215 static void hci_cc_read_local_name(struct hci_dev
*hdev
, struct sk_buff
*skb
)
217 struct hci_rp_read_local_name
*rp
= (void *) skb
->data
;
219 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
224 memcpy(hdev
->dev_name
, rp
->name
, HCI_MAX_NAME_LENGTH
);
227 static void hci_cc_write_auth_enable(struct hci_dev
*hdev
, struct sk_buff
*skb
)
229 __u8 status
= *((__u8
*) skb
->data
);
232 BT_DBG("%s status 0x%x", hdev
->name
, status
);
234 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_AUTH_ENABLE
);
239 __u8 param
= *((__u8
*) sent
);
241 if (param
== AUTH_ENABLED
)
242 set_bit(HCI_AUTH
, &hdev
->flags
);
244 clear_bit(HCI_AUTH
, &hdev
->flags
);
247 hci_req_complete(hdev
, HCI_OP_WRITE_AUTH_ENABLE
, status
);
250 static void hci_cc_write_encrypt_mode(struct hci_dev
*hdev
, struct sk_buff
*skb
)
252 __u8 status
= *((__u8
*) skb
->data
);
255 BT_DBG("%s status 0x%x", hdev
->name
, status
);
257 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_ENCRYPT_MODE
);
262 __u8 param
= *((__u8
*) sent
);
265 set_bit(HCI_ENCRYPT
, &hdev
->flags
);
267 clear_bit(HCI_ENCRYPT
, &hdev
->flags
);
270 hci_req_complete(hdev
, HCI_OP_WRITE_ENCRYPT_MODE
, status
);
273 static void hci_cc_write_scan_enable(struct hci_dev
*hdev
, struct sk_buff
*skb
)
275 __u8 status
= *((__u8
*) skb
->data
);
278 BT_DBG("%s status 0x%x", hdev
->name
, status
);
280 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_SCAN_ENABLE
);
285 __u8 param
= *((__u8
*) sent
);
286 int old_pscan
, old_iscan
;
288 old_pscan
= test_and_clear_bit(HCI_PSCAN
, &hdev
->flags
);
289 old_iscan
= test_and_clear_bit(HCI_ISCAN
, &hdev
->flags
);
291 if (param
& SCAN_INQUIRY
) {
292 set_bit(HCI_ISCAN
, &hdev
->flags
);
294 mgmt_discoverable(hdev
->id
, 1);
295 } else if (old_iscan
)
296 mgmt_discoverable(hdev
->id
, 0);
298 if (param
& SCAN_PAGE
) {
299 set_bit(HCI_PSCAN
, &hdev
->flags
);
301 mgmt_connectable(hdev
->id
, 1);
302 } else if (old_pscan
)
303 mgmt_connectable(hdev
->id
, 0);
306 hci_req_complete(hdev
, HCI_OP_WRITE_SCAN_ENABLE
, status
);
309 static void hci_cc_read_class_of_dev(struct hci_dev
*hdev
, struct sk_buff
*skb
)
311 struct hci_rp_read_class_of_dev
*rp
= (void *) skb
->data
;
313 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
318 memcpy(hdev
->dev_class
, rp
->dev_class
, 3);
320 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev
->name
,
321 hdev
->dev_class
[2], hdev
->dev_class
[1], hdev
->dev_class
[0]);
324 static void hci_cc_write_class_of_dev(struct hci_dev
*hdev
, struct sk_buff
*skb
)
326 __u8 status
= *((__u8
*) skb
->data
);
329 BT_DBG("%s status 0x%x", hdev
->name
, status
);
334 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_CLASS_OF_DEV
);
338 memcpy(hdev
->dev_class
, sent
, 3);
341 static void hci_cc_read_voice_setting(struct hci_dev
*hdev
, struct sk_buff
*skb
)
343 struct hci_rp_read_voice_setting
*rp
= (void *) skb
->data
;
346 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
351 setting
= __le16_to_cpu(rp
->voice_setting
);
353 if (hdev
->voice_setting
== setting
)
356 hdev
->voice_setting
= setting
;
358 BT_DBG("%s voice setting 0x%04x", hdev
->name
, setting
);
361 tasklet_disable(&hdev
->tx_task
);
362 hdev
->notify(hdev
, HCI_NOTIFY_VOICE_SETTING
);
363 tasklet_enable(&hdev
->tx_task
);
367 static void hci_cc_write_voice_setting(struct hci_dev
*hdev
, struct sk_buff
*skb
)
369 __u8 status
= *((__u8
*) skb
->data
);
373 BT_DBG("%s status 0x%x", hdev
->name
, status
);
378 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_VOICE_SETTING
);
382 setting
= get_unaligned_le16(sent
);
384 if (hdev
->voice_setting
== setting
)
387 hdev
->voice_setting
= setting
;
389 BT_DBG("%s voice setting 0x%04x", hdev
->name
, setting
);
392 tasklet_disable(&hdev
->tx_task
);
393 hdev
->notify(hdev
, HCI_NOTIFY_VOICE_SETTING
);
394 tasklet_enable(&hdev
->tx_task
);
398 static void hci_cc_host_buffer_size(struct hci_dev
*hdev
, struct sk_buff
*skb
)
400 __u8 status
= *((__u8
*) skb
->data
);
402 BT_DBG("%s status 0x%x", hdev
->name
, status
);
404 hci_req_complete(hdev
, HCI_OP_HOST_BUFFER_SIZE
, status
);
407 static void hci_cc_read_ssp_mode(struct hci_dev
*hdev
, struct sk_buff
*skb
)
409 struct hci_rp_read_ssp_mode
*rp
= (void *) skb
->data
;
411 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
416 hdev
->ssp_mode
= rp
->mode
;
419 static void hci_cc_write_ssp_mode(struct hci_dev
*hdev
, struct sk_buff
*skb
)
421 __u8 status
= *((__u8
*) skb
->data
);
424 BT_DBG("%s status 0x%x", hdev
->name
, status
);
429 sent
= hci_sent_cmd_data(hdev
, HCI_OP_WRITE_SSP_MODE
);
433 hdev
->ssp_mode
= *((__u8
*) sent
);
436 static u8
hci_get_inquiry_mode(struct hci_dev
*hdev
)
438 if (hdev
->features
[6] & LMP_EXT_INQ
)
441 if (hdev
->features
[3] & LMP_RSSI_INQ
)
444 if (hdev
->manufacturer
== 11 && hdev
->hci_rev
== 0x00 &&
445 hdev
->lmp_subver
== 0x0757)
448 if (hdev
->manufacturer
== 15) {
449 if (hdev
->hci_rev
== 0x03 && hdev
->lmp_subver
== 0x6963)
451 if (hdev
->hci_rev
== 0x09 && hdev
->lmp_subver
== 0x6963)
453 if (hdev
->hci_rev
== 0x00 && hdev
->lmp_subver
== 0x6965)
457 if (hdev
->manufacturer
== 31 && hdev
->hci_rev
== 0x2005 &&
458 hdev
->lmp_subver
== 0x1805)
464 static void hci_setup_inquiry_mode(struct hci_dev
*hdev
)
468 mode
= hci_get_inquiry_mode(hdev
);
470 hci_send_cmd(hdev
, HCI_OP_WRITE_INQUIRY_MODE
, 1, &mode
);
473 static void hci_setup_event_mask(struct hci_dev
*hdev
)
475 /* The second byte is 0xff instead of 0x9f (two reserved bits
476 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
477 * command otherwise */
478 u8 events
[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
480 /* Events for 1.2 and newer controllers */
481 if (hdev
->lmp_ver
> 1) {
482 events
[4] |= 0x01; /* Flow Specification Complete */
483 events
[4] |= 0x02; /* Inquiry Result with RSSI */
484 events
[4] |= 0x04; /* Read Remote Extended Features Complete */
485 events
[5] |= 0x08; /* Synchronous Connection Complete */
486 events
[5] |= 0x10; /* Synchronous Connection Changed */
489 if (hdev
->features
[3] & LMP_RSSI_INQ
)
490 events
[4] |= 0x04; /* Inquiry Result with RSSI */
492 if (hdev
->features
[5] & LMP_SNIFF_SUBR
)
493 events
[5] |= 0x20; /* Sniff Subrating */
495 if (hdev
->features
[5] & LMP_PAUSE_ENC
)
496 events
[5] |= 0x80; /* Encryption Key Refresh Complete */
498 if (hdev
->features
[6] & LMP_EXT_INQ
)
499 events
[5] |= 0x40; /* Extended Inquiry Result */
501 if (hdev
->features
[6] & LMP_NO_FLUSH
)
502 events
[7] |= 0x01; /* Enhanced Flush Complete */
504 if (hdev
->features
[7] & LMP_LSTO
)
505 events
[6] |= 0x80; /* Link Supervision Timeout Changed */
507 if (hdev
->features
[6] & LMP_SIMPLE_PAIR
) {
508 events
[6] |= 0x01; /* IO Capability Request */
509 events
[6] |= 0x02; /* IO Capability Response */
510 events
[6] |= 0x04; /* User Confirmation Request */
511 events
[6] |= 0x08; /* User Passkey Request */
512 events
[6] |= 0x10; /* Remote OOB Data Request */
513 events
[6] |= 0x20; /* Simple Pairing Complete */
514 events
[7] |= 0x04; /* User Passkey Notification */
515 events
[7] |= 0x08; /* Keypress Notification */
516 events
[7] |= 0x10; /* Remote Host Supported
517 * Features Notification */
520 if (hdev
->features
[4] & LMP_LE
)
521 events
[7] |= 0x20; /* LE Meta-Event */
523 hci_send_cmd(hdev
, HCI_OP_SET_EVENT_MASK
, sizeof(events
), events
);
526 static void hci_setup(struct hci_dev
*hdev
)
528 hci_setup_event_mask(hdev
);
530 if (hdev
->lmp_ver
> 1)
531 hci_send_cmd(hdev
, HCI_OP_READ_LOCAL_COMMANDS
, 0, NULL
);
533 if (hdev
->features
[6] & LMP_SIMPLE_PAIR
) {
535 hci_send_cmd(hdev
, HCI_OP_WRITE_SSP_MODE
, sizeof(mode
), &mode
);
538 if (hdev
->features
[3] & LMP_RSSI_INQ
)
539 hci_setup_inquiry_mode(hdev
);
541 if (hdev
->features
[7] & LMP_INQ_TX_PWR
)
542 hci_send_cmd(hdev
, HCI_OP_READ_INQ_RSP_TX_POWER
, 0, NULL
);
545 static void hci_cc_read_local_version(struct hci_dev
*hdev
, struct sk_buff
*skb
)
547 struct hci_rp_read_local_version
*rp
= (void *) skb
->data
;
549 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
554 hdev
->hci_ver
= rp
->hci_ver
;
555 hdev
->hci_rev
= __le16_to_cpu(rp
->hci_rev
);
556 hdev
->lmp_ver
= rp
->lmp_ver
;
557 hdev
->manufacturer
= __le16_to_cpu(rp
->manufacturer
);
558 hdev
->lmp_subver
= __le16_to_cpu(rp
->lmp_subver
);
560 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev
->name
,
562 hdev
->hci_ver
, hdev
->hci_rev
);
564 if (test_bit(HCI_INIT
, &hdev
->flags
))
568 static void hci_setup_link_policy(struct hci_dev
*hdev
)
572 if (hdev
->features
[0] & LMP_RSWITCH
)
573 link_policy
|= HCI_LP_RSWITCH
;
574 if (hdev
->features
[0] & LMP_HOLD
)
575 link_policy
|= HCI_LP_HOLD
;
576 if (hdev
->features
[0] & LMP_SNIFF
)
577 link_policy
|= HCI_LP_SNIFF
;
578 if (hdev
->features
[1] & LMP_PARK
)
579 link_policy
|= HCI_LP_PARK
;
581 link_policy
= cpu_to_le16(link_policy
);
582 hci_send_cmd(hdev
, HCI_OP_WRITE_DEF_LINK_POLICY
,
583 sizeof(link_policy
), &link_policy
);
586 static void hci_cc_read_local_commands(struct hci_dev
*hdev
, struct sk_buff
*skb
)
588 struct hci_rp_read_local_commands
*rp
= (void *) skb
->data
;
590 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
595 memcpy(hdev
->commands
, rp
->commands
, sizeof(hdev
->commands
));
597 if (test_bit(HCI_INIT
, &hdev
->flags
) && (hdev
->commands
[5] & 0x10))
598 hci_setup_link_policy(hdev
);
601 hci_req_complete(hdev
, HCI_OP_READ_LOCAL_COMMANDS
, rp
->status
);
604 static void hci_cc_read_local_features(struct hci_dev
*hdev
, struct sk_buff
*skb
)
606 struct hci_rp_read_local_features
*rp
= (void *) skb
->data
;
608 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
613 memcpy(hdev
->features
, rp
->features
, 8);
615 /* Adjust default settings according to features
616 * supported by device. */
618 if (hdev
->features
[0] & LMP_3SLOT
)
619 hdev
->pkt_type
|= (HCI_DM3
| HCI_DH3
);
621 if (hdev
->features
[0] & LMP_5SLOT
)
622 hdev
->pkt_type
|= (HCI_DM5
| HCI_DH5
);
624 if (hdev
->features
[1] & LMP_HV2
) {
625 hdev
->pkt_type
|= (HCI_HV2
);
626 hdev
->esco_type
|= (ESCO_HV2
);
629 if (hdev
->features
[1] & LMP_HV3
) {
630 hdev
->pkt_type
|= (HCI_HV3
);
631 hdev
->esco_type
|= (ESCO_HV3
);
634 if (hdev
->features
[3] & LMP_ESCO
)
635 hdev
->esco_type
|= (ESCO_EV3
);
637 if (hdev
->features
[4] & LMP_EV4
)
638 hdev
->esco_type
|= (ESCO_EV4
);
640 if (hdev
->features
[4] & LMP_EV5
)
641 hdev
->esco_type
|= (ESCO_EV5
);
643 if (hdev
->features
[5] & LMP_EDR_ESCO_2M
)
644 hdev
->esco_type
|= (ESCO_2EV3
);
646 if (hdev
->features
[5] & LMP_EDR_ESCO_3M
)
647 hdev
->esco_type
|= (ESCO_3EV3
);
649 if (hdev
->features
[5] & LMP_EDR_3S_ESCO
)
650 hdev
->esco_type
|= (ESCO_2EV5
| ESCO_3EV5
);
652 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev
->name
,
653 hdev
->features
[0], hdev
->features
[1],
654 hdev
->features
[2], hdev
->features
[3],
655 hdev
->features
[4], hdev
->features
[5],
656 hdev
->features
[6], hdev
->features
[7]);
659 static void hci_cc_read_buffer_size(struct hci_dev
*hdev
, struct sk_buff
*skb
)
661 struct hci_rp_read_buffer_size
*rp
= (void *) skb
->data
;
663 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
668 hdev
->acl_mtu
= __le16_to_cpu(rp
->acl_mtu
);
669 hdev
->sco_mtu
= rp
->sco_mtu
;
670 hdev
->acl_pkts
= __le16_to_cpu(rp
->acl_max_pkt
);
671 hdev
->sco_pkts
= __le16_to_cpu(rp
->sco_max_pkt
);
673 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE
, &hdev
->quirks
)) {
678 hdev
->acl_cnt
= hdev
->acl_pkts
;
679 hdev
->sco_cnt
= hdev
->sco_pkts
;
681 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev
->name
,
682 hdev
->acl_mtu
, hdev
->acl_pkts
,
683 hdev
->sco_mtu
, hdev
->sco_pkts
);
686 static void hci_cc_read_bd_addr(struct hci_dev
*hdev
, struct sk_buff
*skb
)
688 struct hci_rp_read_bd_addr
*rp
= (void *) skb
->data
;
690 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
693 bacpy(&hdev
->bdaddr
, &rp
->bdaddr
);
695 hci_req_complete(hdev
, HCI_OP_READ_BD_ADDR
, rp
->status
);
698 static void hci_cc_write_ca_timeout(struct hci_dev
*hdev
, struct sk_buff
*skb
)
700 __u8 status
= *((__u8
*) skb
->data
);
702 BT_DBG("%s status 0x%x", hdev
->name
, status
);
704 hci_req_complete(hdev
, HCI_OP_WRITE_CA_TIMEOUT
, status
);
707 static void hci_cc_delete_stored_link_key(struct hci_dev
*hdev
,
710 __u8 status
= *((__u8
*) skb
->data
);
712 BT_DBG("%s status 0x%x", hdev
->name
, status
);
714 hci_req_complete(hdev
, HCI_OP_DELETE_STORED_LINK_KEY
, status
);
717 static void hci_cc_set_event_mask(struct hci_dev
*hdev
, struct sk_buff
*skb
)
719 __u8 status
= *((__u8
*) skb
->data
);
721 BT_DBG("%s status 0x%x", hdev
->name
, status
);
723 hci_req_complete(hdev
, HCI_OP_SET_EVENT_MASK
, status
);
726 static void hci_cc_write_inquiry_mode(struct hci_dev
*hdev
,
729 __u8 status
= *((__u8
*) skb
->data
);
731 BT_DBG("%s status 0x%x", hdev
->name
, status
);
733 hci_req_complete(hdev
, HCI_OP_WRITE_INQUIRY_MODE
, status
);
736 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev
*hdev
,
739 __u8 status
= *((__u8
*) skb
->data
);
741 BT_DBG("%s status 0x%x", hdev
->name
, status
);
743 hci_req_complete(hdev
, HCI_OP_READ_INQ_RSP_TX_POWER
, status
);
746 static void hci_cc_set_event_flt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
748 __u8 status
= *((__u8
*) skb
->data
);
750 BT_DBG("%s status 0x%x", hdev
->name
, status
);
752 hci_req_complete(hdev
, HCI_OP_SET_EVENT_FLT
, status
);
755 static void hci_cc_pin_code_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
757 struct hci_rp_pin_code_reply
*rp
= (void *) skb
->data
;
758 struct hci_cp_pin_code_reply
*cp
;
759 struct hci_conn
*conn
;
761 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
763 if (test_bit(HCI_MGMT
, &hdev
->flags
))
764 mgmt_pin_code_reply_complete(hdev
->id
, &rp
->bdaddr
, rp
->status
);
769 cp
= hci_sent_cmd_data(hdev
, HCI_OP_PIN_CODE_REPLY
);
773 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->bdaddr
);
775 conn
->pin_length
= cp
->pin_len
;
778 static void hci_cc_pin_code_neg_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
780 struct hci_rp_pin_code_neg_reply
*rp
= (void *) skb
->data
;
782 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
784 if (test_bit(HCI_MGMT
, &hdev
->flags
))
785 mgmt_pin_code_neg_reply_complete(hdev
->id
, &rp
->bdaddr
,
788 static void hci_cc_le_read_buffer_size(struct hci_dev
*hdev
,
791 struct hci_rp_le_read_buffer_size
*rp
= (void *) skb
->data
;
793 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
798 hdev
->le_mtu
= __le16_to_cpu(rp
->le_mtu
);
799 hdev
->le_pkts
= rp
->le_max_pkt
;
801 hdev
->le_cnt
= hdev
->le_pkts
;
803 BT_DBG("%s le mtu %d:%d", hdev
->name
, hdev
->le_mtu
, hdev
->le_pkts
);
805 hci_req_complete(hdev
, HCI_OP_LE_READ_BUFFER_SIZE
, rp
->status
);
808 static void hci_cc_user_confirm_reply(struct hci_dev
*hdev
, struct sk_buff
*skb
)
810 struct hci_rp_user_confirm_reply
*rp
= (void *) skb
->data
;
812 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
814 if (test_bit(HCI_MGMT
, &hdev
->flags
))
815 mgmt_user_confirm_reply_complete(hdev
->id
, &rp
->bdaddr
,
819 static void hci_cc_user_confirm_neg_reply(struct hci_dev
*hdev
,
822 struct hci_rp_user_confirm_reply
*rp
= (void *) skb
->data
;
824 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
826 if (test_bit(HCI_MGMT
, &hdev
->flags
))
827 mgmt_user_confirm_neg_reply_complete(hdev
->id
, &rp
->bdaddr
,
831 static void hci_cc_read_local_oob_data_reply(struct hci_dev
*hdev
,
834 struct hci_rp_read_local_oob_data
*rp
= (void *) skb
->data
;
836 BT_DBG("%s status 0x%x", hdev
->name
, rp
->status
);
838 mgmt_read_local_oob_data_reply_complete(hdev
->id
, rp
->hash
,
839 rp
->randomizer
, rp
->status
);
842 static inline void hci_cs_inquiry(struct hci_dev
*hdev
, __u8 status
)
844 BT_DBG("%s status 0x%x", hdev
->name
, status
);
847 hci_req_complete(hdev
, HCI_OP_INQUIRY
, status
);
848 hci_conn_check_pending(hdev
);
852 if (test_bit(HCI_MGMT
, &hdev
->flags
) &&
853 !test_and_set_bit(HCI_INQUIRY
,
855 mgmt_discovering(hdev
->id
, 1);
858 static inline void hci_cs_create_conn(struct hci_dev
*hdev
, __u8 status
)
860 struct hci_cp_create_conn
*cp
;
861 struct hci_conn
*conn
;
863 BT_DBG("%s status 0x%x", hdev
->name
, status
);
865 cp
= hci_sent_cmd_data(hdev
, HCI_OP_CREATE_CONN
);
871 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->bdaddr
);
873 BT_DBG("%s bdaddr %s conn %p", hdev
->name
, batostr(&cp
->bdaddr
), conn
);
876 if (conn
&& conn
->state
== BT_CONNECT
) {
877 if (status
!= 0x0c || conn
->attempt
> 2) {
878 conn
->state
= BT_CLOSED
;
879 hci_proto_connect_cfm(conn
, status
);
882 conn
->state
= BT_CONNECT2
;
886 conn
= hci_conn_add(hdev
, ACL_LINK
, &cp
->bdaddr
);
889 conn
->link_mode
|= HCI_LM_MASTER
;
891 BT_ERR("No memory for new connection");
895 hci_dev_unlock(hdev
);
898 static void hci_cs_add_sco(struct hci_dev
*hdev
, __u8 status
)
900 struct hci_cp_add_sco
*cp
;
901 struct hci_conn
*acl
, *sco
;
904 BT_DBG("%s status 0x%x", hdev
->name
, status
);
909 cp
= hci_sent_cmd_data(hdev
, HCI_OP_ADD_SCO
);
913 handle
= __le16_to_cpu(cp
->handle
);
915 BT_DBG("%s handle %d", hdev
->name
, handle
);
919 acl
= hci_conn_hash_lookup_handle(hdev
, handle
);
923 sco
->state
= BT_CLOSED
;
925 hci_proto_connect_cfm(sco
, status
);
930 hci_dev_unlock(hdev
);
933 static void hci_cs_auth_requested(struct hci_dev
*hdev
, __u8 status
)
935 struct hci_cp_auth_requested
*cp
;
936 struct hci_conn
*conn
;
938 BT_DBG("%s status 0x%x", hdev
->name
, status
);
943 cp
= hci_sent_cmd_data(hdev
, HCI_OP_AUTH_REQUESTED
);
949 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
951 if (conn
->state
== BT_CONFIG
) {
952 hci_proto_connect_cfm(conn
, status
);
957 hci_dev_unlock(hdev
);
960 static void hci_cs_set_conn_encrypt(struct hci_dev
*hdev
, __u8 status
)
962 struct hci_cp_set_conn_encrypt
*cp
;
963 struct hci_conn
*conn
;
965 BT_DBG("%s status 0x%x", hdev
->name
, status
);
970 cp
= hci_sent_cmd_data(hdev
, HCI_OP_SET_CONN_ENCRYPT
);
976 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
978 if (conn
->state
== BT_CONFIG
) {
979 hci_proto_connect_cfm(conn
, status
);
984 hci_dev_unlock(hdev
);
987 static int hci_outgoing_auth_needed(struct hci_dev
*hdev
,
988 struct hci_conn
*conn
)
990 if (conn
->state
!= BT_CONFIG
|| !conn
->out
)
993 if (conn
->pending_sec_level
== BT_SECURITY_SDP
)
996 /* Only request authentication for SSP connections or non-SSP
997 * devices with sec_level HIGH */
998 if (!(hdev
->ssp_mode
> 0 && conn
->ssp_mode
> 0) &&
999 conn
->pending_sec_level
!= BT_SECURITY_HIGH
)
1005 static void hci_cs_remote_name_req(struct hci_dev
*hdev
, __u8 status
)
1007 struct hci_cp_remote_name_req
*cp
;
1008 struct hci_conn
*conn
;
1010 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1012 /* If successful wait for the name req complete event before
1013 * checking for the need to do authentication */
1017 cp
= hci_sent_cmd_data(hdev
, HCI_OP_REMOTE_NAME_REQ
);
1023 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &cp
->bdaddr
);
1024 if (conn
&& hci_outgoing_auth_needed(hdev
, conn
)) {
1025 struct hci_cp_auth_requested cp
;
1026 cp
.handle
= __cpu_to_le16(conn
->handle
);
1027 hci_send_cmd(hdev
, HCI_OP_AUTH_REQUESTED
, sizeof(cp
), &cp
);
1030 hci_dev_unlock(hdev
);
1033 static void hci_cs_read_remote_features(struct hci_dev
*hdev
, __u8 status
)
1035 struct hci_cp_read_remote_features
*cp
;
1036 struct hci_conn
*conn
;
1038 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1043 cp
= hci_sent_cmd_data(hdev
, HCI_OP_READ_REMOTE_FEATURES
);
1049 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1051 if (conn
->state
== BT_CONFIG
) {
1052 hci_proto_connect_cfm(conn
, status
);
1057 hci_dev_unlock(hdev
);
1060 static void hci_cs_read_remote_ext_features(struct hci_dev
*hdev
, __u8 status
)
1062 struct hci_cp_read_remote_ext_features
*cp
;
1063 struct hci_conn
*conn
;
1065 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1070 cp
= hci_sent_cmd_data(hdev
, HCI_OP_READ_REMOTE_EXT_FEATURES
);
1076 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1078 if (conn
->state
== BT_CONFIG
) {
1079 hci_proto_connect_cfm(conn
, status
);
1084 hci_dev_unlock(hdev
);
1087 static void hci_cs_setup_sync_conn(struct hci_dev
*hdev
, __u8 status
)
1089 struct hci_cp_setup_sync_conn
*cp
;
1090 struct hci_conn
*acl
, *sco
;
1093 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1098 cp
= hci_sent_cmd_data(hdev
, HCI_OP_SETUP_SYNC_CONN
);
1102 handle
= __le16_to_cpu(cp
->handle
);
1104 BT_DBG("%s handle %d", hdev
->name
, handle
);
1108 acl
= hci_conn_hash_lookup_handle(hdev
, handle
);
1112 sco
->state
= BT_CLOSED
;
1114 hci_proto_connect_cfm(sco
, status
);
1119 hci_dev_unlock(hdev
);
1122 static void hci_cs_sniff_mode(struct hci_dev
*hdev
, __u8 status
)
1124 struct hci_cp_sniff_mode
*cp
;
1125 struct hci_conn
*conn
;
1127 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1132 cp
= hci_sent_cmd_data(hdev
, HCI_OP_SNIFF_MODE
);
1138 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1140 clear_bit(HCI_CONN_MODE_CHANGE_PEND
, &conn
->pend
);
1142 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND
, &conn
->pend
))
1143 hci_sco_setup(conn
, status
);
1146 hci_dev_unlock(hdev
);
1149 static void hci_cs_exit_sniff_mode(struct hci_dev
*hdev
, __u8 status
)
1151 struct hci_cp_exit_sniff_mode
*cp
;
1152 struct hci_conn
*conn
;
1154 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1159 cp
= hci_sent_cmd_data(hdev
, HCI_OP_EXIT_SNIFF_MODE
);
1165 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(cp
->handle
));
1167 clear_bit(HCI_CONN_MODE_CHANGE_PEND
, &conn
->pend
);
1169 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND
, &conn
->pend
))
1170 hci_sco_setup(conn
, status
);
1173 hci_dev_unlock(hdev
);
1176 static void hci_cs_le_create_conn(struct hci_dev
*hdev
, __u8 status
)
1178 struct hci_cp_le_create_conn
*cp
;
1179 struct hci_conn
*conn
;
1181 BT_DBG("%s status 0x%x", hdev
->name
, status
);
1183 cp
= hci_sent_cmd_data(hdev
, HCI_OP_LE_CREATE_CONN
);
1189 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, &cp
->peer_addr
);
1191 BT_DBG("%s bdaddr %s conn %p", hdev
->name
, batostr(&cp
->peer_addr
),
1195 if (conn
&& conn
->state
== BT_CONNECT
) {
1196 conn
->state
= BT_CLOSED
;
1197 hci_proto_connect_cfm(conn
, status
);
1202 conn
= hci_conn_add(hdev
, LE_LINK
, &cp
->peer_addr
);
1206 BT_ERR("No memory for new connection");
1210 hci_dev_unlock(hdev
);
1213 static inline void hci_inquiry_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1215 __u8 status
= *((__u8
*) skb
->data
);
1217 BT_DBG("%s status %d", hdev
->name
, status
);
1219 if (test_bit(HCI_MGMT
, &hdev
->flags
) &&
1220 test_and_clear_bit(HCI_INQUIRY
, &hdev
->flags
))
1221 mgmt_discovering(hdev
->id
, 0);
1223 hci_req_complete(hdev
, HCI_OP_INQUIRY
, status
);
1225 hci_conn_check_pending(hdev
);
1228 static inline void hci_inquiry_result_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1230 struct inquiry_data data
;
1231 struct inquiry_info
*info
= (void *) (skb
->data
+ 1);
1232 int num_rsp
= *((__u8
*) skb
->data
);
1234 BT_DBG("%s num_rsp %d", hdev
->name
, num_rsp
);
1241 if (!test_and_set_bit(HCI_INQUIRY
, &hdev
->flags
)) {
1243 if (test_bit(HCI_MGMT
, &hdev
->flags
))
1244 mgmt_discovering(hdev
->id
, 1);
1247 for (; num_rsp
; num_rsp
--, info
++) {
1248 bacpy(&data
.bdaddr
, &info
->bdaddr
);
1249 data
.pscan_rep_mode
= info
->pscan_rep_mode
;
1250 data
.pscan_period_mode
= info
->pscan_period_mode
;
1251 data
.pscan_mode
= info
->pscan_mode
;
1252 memcpy(data
.dev_class
, info
->dev_class
, 3);
1253 data
.clock_offset
= info
->clock_offset
;
1255 data
.ssp_mode
= 0x00;
1256 hci_inquiry_cache_update(hdev
, &data
);
1257 mgmt_device_found(hdev
->id
, &info
->bdaddr
, info
->dev_class
, 0,
1261 hci_dev_unlock(hdev
);
1264 static inline void hci_conn_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1266 struct hci_ev_conn_complete
*ev
= (void *) skb
->data
;
1267 struct hci_conn
*conn
;
1269 BT_DBG("%s", hdev
->name
);
1273 conn
= hci_conn_hash_lookup_ba(hdev
, ev
->link_type
, &ev
->bdaddr
);
1275 if (ev
->link_type
!= SCO_LINK
)
1278 conn
= hci_conn_hash_lookup_ba(hdev
, ESCO_LINK
, &ev
->bdaddr
);
1282 conn
->type
= SCO_LINK
;
1286 conn
->handle
= __le16_to_cpu(ev
->handle
);
1288 if (conn
->type
== ACL_LINK
) {
1289 conn
->state
= BT_CONFIG
;
1290 hci_conn_hold(conn
);
1291 conn
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
1292 mgmt_connected(hdev
->id
, &ev
->bdaddr
);
1294 conn
->state
= BT_CONNECTED
;
1296 hci_conn_hold_device(conn
);
1297 hci_conn_add_sysfs(conn
);
1299 if (test_bit(HCI_AUTH
, &hdev
->flags
))
1300 conn
->link_mode
|= HCI_LM_AUTH
;
1302 if (test_bit(HCI_ENCRYPT
, &hdev
->flags
))
1303 conn
->link_mode
|= HCI_LM_ENCRYPT
;
1305 /* Get remote features */
1306 if (conn
->type
== ACL_LINK
) {
1307 struct hci_cp_read_remote_features cp
;
1308 cp
.handle
= ev
->handle
;
1309 hci_send_cmd(hdev
, HCI_OP_READ_REMOTE_FEATURES
,
1313 /* Set packet type for incoming connection */
1314 if (!conn
->out
&& hdev
->hci_ver
< 3) {
1315 struct hci_cp_change_conn_ptype cp
;
1316 cp
.handle
= ev
->handle
;
1317 cp
.pkt_type
= cpu_to_le16(conn
->pkt_type
);
1318 hci_send_cmd(hdev
, HCI_OP_CHANGE_CONN_PTYPE
,
1322 conn
->state
= BT_CLOSED
;
1323 if (conn
->type
== ACL_LINK
)
1324 mgmt_connect_failed(hdev
->id
, &ev
->bdaddr
, ev
->status
);
1327 if (conn
->type
== ACL_LINK
)
1328 hci_sco_setup(conn
, ev
->status
);
1331 hci_proto_connect_cfm(conn
, ev
->status
);
1333 } else if (ev
->link_type
!= ACL_LINK
)
1334 hci_proto_connect_cfm(conn
, ev
->status
);
1337 hci_dev_unlock(hdev
);
1339 hci_conn_check_pending(hdev
);
1342 static inline void hci_conn_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1344 struct hci_ev_conn_request
*ev
= (void *) skb
->data
;
1345 int mask
= hdev
->link_mode
;
1347 BT_DBG("%s bdaddr %s type 0x%x", hdev
->name
,
1348 batostr(&ev
->bdaddr
), ev
->link_type
);
1350 mask
|= hci_proto_connect_ind(hdev
, &ev
->bdaddr
, ev
->link_type
);
1352 if ((mask
& HCI_LM_ACCEPT
) &&
1353 !hci_blacklist_lookup(hdev
, &ev
->bdaddr
)) {
1354 /* Connection accepted */
1355 struct inquiry_entry
*ie
;
1356 struct hci_conn
*conn
;
1360 ie
= hci_inquiry_cache_lookup(hdev
, &ev
->bdaddr
);
1362 memcpy(ie
->data
.dev_class
, ev
->dev_class
, 3);
1364 conn
= hci_conn_hash_lookup_ba(hdev
, ev
->link_type
, &ev
->bdaddr
);
1366 conn
= hci_conn_add(hdev
, ev
->link_type
, &ev
->bdaddr
);
1368 BT_ERR("No memory for new connection");
1369 hci_dev_unlock(hdev
);
1374 memcpy(conn
->dev_class
, ev
->dev_class
, 3);
1375 conn
->state
= BT_CONNECT
;
1377 hci_dev_unlock(hdev
);
1379 if (ev
->link_type
== ACL_LINK
|| !lmp_esco_capable(hdev
)) {
1380 struct hci_cp_accept_conn_req cp
;
1382 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
1384 if (lmp_rswitch_capable(hdev
) && (mask
& HCI_LM_MASTER
))
1385 cp
.role
= 0x00; /* Become master */
1387 cp
.role
= 0x01; /* Remain slave */
1389 hci_send_cmd(hdev
, HCI_OP_ACCEPT_CONN_REQ
,
1392 struct hci_cp_accept_sync_conn_req cp
;
1394 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
1395 cp
.pkt_type
= cpu_to_le16(conn
->pkt_type
);
1397 cp
.tx_bandwidth
= cpu_to_le32(0x00001f40);
1398 cp
.rx_bandwidth
= cpu_to_le32(0x00001f40);
1399 cp
.max_latency
= cpu_to_le16(0xffff);
1400 cp
.content_format
= cpu_to_le16(hdev
->voice_setting
);
1401 cp
.retrans_effort
= 0xff;
1403 hci_send_cmd(hdev
, HCI_OP_ACCEPT_SYNC_CONN_REQ
,
1407 /* Connection rejected */
1408 struct hci_cp_reject_conn_req cp
;
1410 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
1412 hci_send_cmd(hdev
, HCI_OP_REJECT_CONN_REQ
, sizeof(cp
), &cp
);
1416 static inline void hci_disconn_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1418 struct hci_ev_disconn_complete
*ev
= (void *) skb
->data
;
1419 struct hci_conn
*conn
;
1421 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
1424 mgmt_disconnect_failed(hdev
->id
);
1430 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
1434 conn
->state
= BT_CLOSED
;
1436 if (conn
->type
== ACL_LINK
)
1437 mgmt_disconnected(hdev
->id
, &conn
->dst
);
1439 hci_proto_disconn_cfm(conn
, ev
->reason
);
1443 hci_dev_unlock(hdev
);
1446 static inline void hci_auth_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1448 struct hci_ev_auth_complete
*ev
= (void *) skb
->data
;
1449 struct hci_conn
*conn
;
1451 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
1455 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
1458 conn
->link_mode
|= HCI_LM_AUTH
;
1459 conn
->sec_level
= conn
->pending_sec_level
;
1461 mgmt_auth_failed(hdev
->id
, &conn
->dst
, ev
->status
);
1464 clear_bit(HCI_CONN_AUTH_PEND
, &conn
->pend
);
1466 if (conn
->state
== BT_CONFIG
) {
1467 if (!ev
->status
&& hdev
->ssp_mode
> 0 &&
1468 conn
->ssp_mode
> 0) {
1469 struct hci_cp_set_conn_encrypt cp
;
1470 cp
.handle
= ev
->handle
;
1472 hci_send_cmd(hdev
, HCI_OP_SET_CONN_ENCRYPT
,
1475 conn
->state
= BT_CONNECTED
;
1476 hci_proto_connect_cfm(conn
, ev
->status
);
1480 hci_auth_cfm(conn
, ev
->status
);
1482 hci_conn_hold(conn
);
1483 conn
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
1487 if (test_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->pend
)) {
1489 struct hci_cp_set_conn_encrypt cp
;
1490 cp
.handle
= ev
->handle
;
1492 hci_send_cmd(hdev
, HCI_OP_SET_CONN_ENCRYPT
,
1495 clear_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->pend
);
1496 hci_encrypt_cfm(conn
, ev
->status
, 0x00);
1501 hci_dev_unlock(hdev
);
1504 static inline void hci_remote_name_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1506 struct hci_ev_remote_name
*ev
= (void *) skb
->data
;
1507 struct hci_conn
*conn
;
1509 BT_DBG("%s", hdev
->name
);
1511 hci_conn_check_pending(hdev
);
1515 if (ev
->status
== 0 && test_bit(HCI_MGMT
, &hdev
->flags
))
1516 mgmt_remote_name(hdev
->id
, &ev
->bdaddr
, ev
->name
);
1518 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
1519 if (conn
&& hci_outgoing_auth_needed(hdev
, conn
)) {
1520 struct hci_cp_auth_requested cp
;
1521 cp
.handle
= __cpu_to_le16(conn
->handle
);
1522 hci_send_cmd(hdev
, HCI_OP_AUTH_REQUESTED
, sizeof(cp
), &cp
);
1525 hci_dev_unlock(hdev
);
1528 static inline void hci_encrypt_change_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1530 struct hci_ev_encrypt_change
*ev
= (void *) skb
->data
;
1531 struct hci_conn
*conn
;
1533 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
1537 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
1541 /* Encryption implies authentication */
1542 conn
->link_mode
|= HCI_LM_AUTH
;
1543 conn
->link_mode
|= HCI_LM_ENCRYPT
;
1545 conn
->link_mode
&= ~HCI_LM_ENCRYPT
;
1548 clear_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->pend
);
1550 if (conn
->state
== BT_CONFIG
) {
1552 conn
->state
= BT_CONNECTED
;
1554 hci_proto_connect_cfm(conn
, ev
->status
);
1557 hci_encrypt_cfm(conn
, ev
->status
, ev
->encrypt
);
1560 hci_dev_unlock(hdev
);
1563 static inline void hci_change_link_key_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1565 struct hci_ev_change_link_key_complete
*ev
= (void *) skb
->data
;
1566 struct hci_conn
*conn
;
1568 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
1572 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
1575 conn
->link_mode
|= HCI_LM_SECURE
;
1577 clear_bit(HCI_CONN_AUTH_PEND
, &conn
->pend
);
1579 hci_key_change_cfm(conn
, ev
->status
);
1582 hci_dev_unlock(hdev
);
1585 static inline void hci_remote_features_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1587 struct hci_ev_remote_features
*ev
= (void *) skb
->data
;
1588 struct hci_conn
*conn
;
1590 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
1594 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
1599 memcpy(conn
->features
, ev
->features
, 8);
1601 if (conn
->state
!= BT_CONFIG
)
1604 if (!ev
->status
&& lmp_ssp_capable(hdev
) && lmp_ssp_capable(conn
)) {
1605 struct hci_cp_read_remote_ext_features cp
;
1606 cp
.handle
= ev
->handle
;
1608 hci_send_cmd(hdev
, HCI_OP_READ_REMOTE_EXT_FEATURES
,
1614 struct hci_cp_remote_name_req cp
;
1615 memset(&cp
, 0, sizeof(cp
));
1616 bacpy(&cp
.bdaddr
, &conn
->dst
);
1617 cp
.pscan_rep_mode
= 0x02;
1618 hci_send_cmd(hdev
, HCI_OP_REMOTE_NAME_REQ
, sizeof(cp
), &cp
);
1621 if (!hci_outgoing_auth_needed(hdev
, conn
)) {
1622 conn
->state
= BT_CONNECTED
;
1623 hci_proto_connect_cfm(conn
, ev
->status
);
1628 hci_dev_unlock(hdev
);
1631 static inline void hci_remote_version_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1633 BT_DBG("%s", hdev
->name
);
1636 static inline void hci_qos_setup_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1638 BT_DBG("%s", hdev
->name
);
1641 static inline void hci_cmd_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1643 struct hci_ev_cmd_complete
*ev
= (void *) skb
->data
;
1646 skb_pull(skb
, sizeof(*ev
));
1648 opcode
= __le16_to_cpu(ev
->opcode
);
1651 case HCI_OP_INQUIRY_CANCEL
:
1652 hci_cc_inquiry_cancel(hdev
, skb
);
1655 case HCI_OP_EXIT_PERIODIC_INQ
:
1656 hci_cc_exit_periodic_inq(hdev
, skb
);
1659 case HCI_OP_REMOTE_NAME_REQ_CANCEL
:
1660 hci_cc_remote_name_req_cancel(hdev
, skb
);
1663 case HCI_OP_ROLE_DISCOVERY
:
1664 hci_cc_role_discovery(hdev
, skb
);
1667 case HCI_OP_READ_LINK_POLICY
:
1668 hci_cc_read_link_policy(hdev
, skb
);
1671 case HCI_OP_WRITE_LINK_POLICY
:
1672 hci_cc_write_link_policy(hdev
, skb
);
1675 case HCI_OP_READ_DEF_LINK_POLICY
:
1676 hci_cc_read_def_link_policy(hdev
, skb
);
1679 case HCI_OP_WRITE_DEF_LINK_POLICY
:
1680 hci_cc_write_def_link_policy(hdev
, skb
);
1684 hci_cc_reset(hdev
, skb
);
1687 case HCI_OP_WRITE_LOCAL_NAME
:
1688 hci_cc_write_local_name(hdev
, skb
);
1691 case HCI_OP_READ_LOCAL_NAME
:
1692 hci_cc_read_local_name(hdev
, skb
);
1695 case HCI_OP_WRITE_AUTH_ENABLE
:
1696 hci_cc_write_auth_enable(hdev
, skb
);
1699 case HCI_OP_WRITE_ENCRYPT_MODE
:
1700 hci_cc_write_encrypt_mode(hdev
, skb
);
1703 case HCI_OP_WRITE_SCAN_ENABLE
:
1704 hci_cc_write_scan_enable(hdev
, skb
);
1707 case HCI_OP_READ_CLASS_OF_DEV
:
1708 hci_cc_read_class_of_dev(hdev
, skb
);
1711 case HCI_OP_WRITE_CLASS_OF_DEV
:
1712 hci_cc_write_class_of_dev(hdev
, skb
);
1715 case HCI_OP_READ_VOICE_SETTING
:
1716 hci_cc_read_voice_setting(hdev
, skb
);
1719 case HCI_OP_WRITE_VOICE_SETTING
:
1720 hci_cc_write_voice_setting(hdev
, skb
);
1723 case HCI_OP_HOST_BUFFER_SIZE
:
1724 hci_cc_host_buffer_size(hdev
, skb
);
1727 case HCI_OP_READ_SSP_MODE
:
1728 hci_cc_read_ssp_mode(hdev
, skb
);
1731 case HCI_OP_WRITE_SSP_MODE
:
1732 hci_cc_write_ssp_mode(hdev
, skb
);
1735 case HCI_OP_READ_LOCAL_VERSION
:
1736 hci_cc_read_local_version(hdev
, skb
);
1739 case HCI_OP_READ_LOCAL_COMMANDS
:
1740 hci_cc_read_local_commands(hdev
, skb
);
1743 case HCI_OP_READ_LOCAL_FEATURES
:
1744 hci_cc_read_local_features(hdev
, skb
);
1747 case HCI_OP_READ_BUFFER_SIZE
:
1748 hci_cc_read_buffer_size(hdev
, skb
);
1751 case HCI_OP_READ_BD_ADDR
:
1752 hci_cc_read_bd_addr(hdev
, skb
);
1755 case HCI_OP_WRITE_CA_TIMEOUT
:
1756 hci_cc_write_ca_timeout(hdev
, skb
);
1759 case HCI_OP_DELETE_STORED_LINK_KEY
:
1760 hci_cc_delete_stored_link_key(hdev
, skb
);
1763 case HCI_OP_SET_EVENT_MASK
:
1764 hci_cc_set_event_mask(hdev
, skb
);
1767 case HCI_OP_WRITE_INQUIRY_MODE
:
1768 hci_cc_write_inquiry_mode(hdev
, skb
);
1771 case HCI_OP_READ_INQ_RSP_TX_POWER
:
1772 hci_cc_read_inq_rsp_tx_power(hdev
, skb
);
1775 case HCI_OP_SET_EVENT_FLT
:
1776 hci_cc_set_event_flt(hdev
, skb
);
1779 case HCI_OP_PIN_CODE_REPLY
:
1780 hci_cc_pin_code_reply(hdev
, skb
);
1783 case HCI_OP_PIN_CODE_NEG_REPLY
:
1784 hci_cc_pin_code_neg_reply(hdev
, skb
);
1787 case HCI_OP_READ_LOCAL_OOB_DATA
:
1788 hci_cc_read_local_oob_data_reply(hdev
, skb
);
1791 case HCI_OP_LE_READ_BUFFER_SIZE
:
1792 hci_cc_le_read_buffer_size(hdev
, skb
);
1795 case HCI_OP_USER_CONFIRM_REPLY
:
1796 hci_cc_user_confirm_reply(hdev
, skb
);
1799 case HCI_OP_USER_CONFIRM_NEG_REPLY
:
1800 hci_cc_user_confirm_neg_reply(hdev
, skb
);
1804 BT_DBG("%s opcode 0x%x", hdev
->name
, opcode
);
1808 if (ev
->opcode
!= HCI_OP_NOP
)
1809 del_timer(&hdev
->cmd_timer
);
1812 atomic_set(&hdev
->cmd_cnt
, 1);
1813 if (!skb_queue_empty(&hdev
->cmd_q
))
1814 tasklet_schedule(&hdev
->cmd_task
);
1818 static inline void hci_cmd_status_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1820 struct hci_ev_cmd_status
*ev
= (void *) skb
->data
;
1823 skb_pull(skb
, sizeof(*ev
));
1825 opcode
= __le16_to_cpu(ev
->opcode
);
1828 case HCI_OP_INQUIRY
:
1829 hci_cs_inquiry(hdev
, ev
->status
);
1832 case HCI_OP_CREATE_CONN
:
1833 hci_cs_create_conn(hdev
, ev
->status
);
1836 case HCI_OP_ADD_SCO
:
1837 hci_cs_add_sco(hdev
, ev
->status
);
1840 case HCI_OP_AUTH_REQUESTED
:
1841 hci_cs_auth_requested(hdev
, ev
->status
);
1844 case HCI_OP_SET_CONN_ENCRYPT
:
1845 hci_cs_set_conn_encrypt(hdev
, ev
->status
);
1848 case HCI_OP_REMOTE_NAME_REQ
:
1849 hci_cs_remote_name_req(hdev
, ev
->status
);
1852 case HCI_OP_READ_REMOTE_FEATURES
:
1853 hci_cs_read_remote_features(hdev
, ev
->status
);
1856 case HCI_OP_READ_REMOTE_EXT_FEATURES
:
1857 hci_cs_read_remote_ext_features(hdev
, ev
->status
);
1860 case HCI_OP_SETUP_SYNC_CONN
:
1861 hci_cs_setup_sync_conn(hdev
, ev
->status
);
1864 case HCI_OP_SNIFF_MODE
:
1865 hci_cs_sniff_mode(hdev
, ev
->status
);
1868 case HCI_OP_EXIT_SNIFF_MODE
:
1869 hci_cs_exit_sniff_mode(hdev
, ev
->status
);
1872 case HCI_OP_DISCONNECT
:
1873 if (ev
->status
!= 0)
1874 mgmt_disconnect_failed(hdev
->id
);
1877 case HCI_OP_LE_CREATE_CONN
:
1878 hci_cs_le_create_conn(hdev
, ev
->status
);
1882 BT_DBG("%s opcode 0x%x", hdev
->name
, opcode
);
1886 if (ev
->opcode
!= HCI_OP_NOP
)
1887 del_timer(&hdev
->cmd_timer
);
1889 if (ev
->ncmd
&& !test_bit(HCI_RESET
, &hdev
->flags
)) {
1890 atomic_set(&hdev
->cmd_cnt
, 1);
1891 if (!skb_queue_empty(&hdev
->cmd_q
))
1892 tasklet_schedule(&hdev
->cmd_task
);
1896 static inline void hci_role_change_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1898 struct hci_ev_role_change
*ev
= (void *) skb
->data
;
1899 struct hci_conn
*conn
;
1901 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
1905 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
1909 conn
->link_mode
&= ~HCI_LM_MASTER
;
1911 conn
->link_mode
|= HCI_LM_MASTER
;
1914 clear_bit(HCI_CONN_RSWITCH_PEND
, &conn
->pend
);
1916 hci_role_switch_cfm(conn
, ev
->status
, ev
->role
);
1919 hci_dev_unlock(hdev
);
1922 static inline void hci_num_comp_pkts_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1924 struct hci_ev_num_comp_pkts
*ev
= (void *) skb
->data
;
1928 skb_pull(skb
, sizeof(*ev
));
1930 BT_DBG("%s num_hndl %d", hdev
->name
, ev
->num_hndl
);
1932 if (skb
->len
< ev
->num_hndl
* 4) {
1933 BT_DBG("%s bad parameters", hdev
->name
);
1937 tasklet_disable(&hdev
->tx_task
);
1939 for (i
= 0, ptr
= (__le16
*) skb
->data
; i
< ev
->num_hndl
; i
++) {
1940 struct hci_conn
*conn
;
1941 __u16 handle
, count
;
1943 handle
= get_unaligned_le16(ptr
++);
1944 count
= get_unaligned_le16(ptr
++);
1946 conn
= hci_conn_hash_lookup_handle(hdev
, handle
);
1948 conn
->sent
-= count
;
1950 if (conn
->type
== ACL_LINK
) {
1951 hdev
->acl_cnt
+= count
;
1952 if (hdev
->acl_cnt
> hdev
->acl_pkts
)
1953 hdev
->acl_cnt
= hdev
->acl_pkts
;
1954 } else if (conn
->type
== LE_LINK
) {
1955 if (hdev
->le_pkts
) {
1956 hdev
->le_cnt
+= count
;
1957 if (hdev
->le_cnt
> hdev
->le_pkts
)
1958 hdev
->le_cnt
= hdev
->le_pkts
;
1960 hdev
->acl_cnt
+= count
;
1961 if (hdev
->acl_cnt
> hdev
->acl_pkts
)
1962 hdev
->acl_cnt
= hdev
->acl_pkts
;
1965 hdev
->sco_cnt
+= count
;
1966 if (hdev
->sco_cnt
> hdev
->sco_pkts
)
1967 hdev
->sco_cnt
= hdev
->sco_pkts
;
1972 tasklet_schedule(&hdev
->tx_task
);
1974 tasklet_enable(&hdev
->tx_task
);
1977 static inline void hci_mode_change_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
1979 struct hci_ev_mode_change
*ev
= (void *) skb
->data
;
1980 struct hci_conn
*conn
;
1982 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
1986 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
1988 conn
->mode
= ev
->mode
;
1989 conn
->interval
= __le16_to_cpu(ev
->interval
);
1991 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND
, &conn
->pend
)) {
1992 if (conn
->mode
== HCI_CM_ACTIVE
)
1993 conn
->power_save
= 1;
1995 conn
->power_save
= 0;
1998 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND
, &conn
->pend
))
1999 hci_sco_setup(conn
, ev
->status
);
2002 hci_dev_unlock(hdev
);
2005 static inline void hci_pin_code_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2007 struct hci_ev_pin_code_req
*ev
= (void *) skb
->data
;
2008 struct hci_conn
*conn
;
2010 BT_DBG("%s", hdev
->name
);
2014 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2015 if (conn
&& conn
->state
== BT_CONNECTED
) {
2016 hci_conn_hold(conn
);
2017 conn
->disc_timeout
= HCI_PAIRING_TIMEOUT
;
2021 if (!test_bit(HCI_PAIRABLE
, &hdev
->flags
))
2022 hci_send_cmd(hdev
, HCI_OP_PIN_CODE_NEG_REPLY
,
2023 sizeof(ev
->bdaddr
), &ev
->bdaddr
);
2025 if (test_bit(HCI_MGMT
, &hdev
->flags
))
2026 mgmt_pin_code_request(hdev
->id
, &ev
->bdaddr
);
2028 hci_dev_unlock(hdev
);
2031 static inline void hci_link_key_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2033 struct hci_ev_link_key_req
*ev
= (void *) skb
->data
;
2034 struct hci_cp_link_key_reply cp
;
2035 struct hci_conn
*conn
;
2036 struct link_key
*key
;
2038 BT_DBG("%s", hdev
->name
);
2040 if (!test_bit(HCI_LINK_KEYS
, &hdev
->flags
))
2045 key
= hci_find_link_key(hdev
, &ev
->bdaddr
);
2047 BT_DBG("%s link key not found for %s", hdev
->name
,
2048 batostr(&ev
->bdaddr
));
2052 BT_DBG("%s found key type %u for %s", hdev
->name
, key
->type
,
2053 batostr(&ev
->bdaddr
));
2055 if (!test_bit(HCI_DEBUG_KEYS
, &hdev
->flags
) &&
2056 key
->type
== HCI_LK_DEBUG_COMBINATION
) {
2057 BT_DBG("%s ignoring debug key", hdev
->name
);
2061 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2063 if (key
->type
== HCI_LK_UNAUTH_COMBINATION
&&
2064 conn
->auth_type
!= 0xff &&
2065 (conn
->auth_type
& 0x01)) {
2066 BT_DBG("%s ignoring unauthenticated key", hdev
->name
);
2070 if (key
->type
== HCI_LK_COMBINATION
&& key
->pin_len
< 16 &&
2071 conn
->pending_sec_level
== BT_SECURITY_HIGH
) {
2072 BT_DBG("%s ignoring key unauthenticated for high \
2073 security", hdev
->name
);
2077 conn
->key_type
= key
->type
;
2078 conn
->pin_length
= key
->pin_len
;
2081 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
2082 memcpy(cp
.link_key
, key
->val
, 16);
2084 hci_send_cmd(hdev
, HCI_OP_LINK_KEY_REPLY
, sizeof(cp
), &cp
);
2086 hci_dev_unlock(hdev
);
2091 hci_send_cmd(hdev
, HCI_OP_LINK_KEY_NEG_REPLY
, 6, &ev
->bdaddr
);
2092 hci_dev_unlock(hdev
);
2095 static inline void hci_link_key_notify_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2097 struct hci_ev_link_key_notify
*ev
= (void *) skb
->data
;
2098 struct hci_conn
*conn
;
2101 BT_DBG("%s", hdev
->name
);
2105 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2107 hci_conn_hold(conn
);
2108 conn
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
2109 pin_len
= conn
->pin_length
;
2111 if (ev
->key_type
!= HCI_LK_CHANGED_COMBINATION
)
2112 conn
->key_type
= ev
->key_type
;
2117 if (test_bit(HCI_LINK_KEYS
, &hdev
->flags
))
2118 hci_add_link_key(hdev
, 1, &ev
->bdaddr
, ev
->link_key
,
2119 ev
->key_type
, pin_len
);
2121 hci_dev_unlock(hdev
);
2124 static inline void hci_clock_offset_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2126 struct hci_ev_clock_offset
*ev
= (void *) skb
->data
;
2127 struct hci_conn
*conn
;
2129 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
2133 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2134 if (conn
&& !ev
->status
) {
2135 struct inquiry_entry
*ie
;
2137 ie
= hci_inquiry_cache_lookup(hdev
, &conn
->dst
);
2139 ie
->data
.clock_offset
= ev
->clock_offset
;
2140 ie
->timestamp
= jiffies
;
2144 hci_dev_unlock(hdev
);
2147 static inline void hci_pkt_type_change_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2149 struct hci_ev_pkt_type_change
*ev
= (void *) skb
->data
;
2150 struct hci_conn
*conn
;
2152 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
2156 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2157 if (conn
&& !ev
->status
)
2158 conn
->pkt_type
= __le16_to_cpu(ev
->pkt_type
);
2160 hci_dev_unlock(hdev
);
2163 static inline void hci_pscan_rep_mode_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2165 struct hci_ev_pscan_rep_mode
*ev
= (void *) skb
->data
;
2166 struct inquiry_entry
*ie
;
2168 BT_DBG("%s", hdev
->name
);
2172 ie
= hci_inquiry_cache_lookup(hdev
, &ev
->bdaddr
);
2174 ie
->data
.pscan_rep_mode
= ev
->pscan_rep_mode
;
2175 ie
->timestamp
= jiffies
;
2178 hci_dev_unlock(hdev
);
2181 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2183 struct inquiry_data data
;
2184 int num_rsp
= *((__u8
*) skb
->data
);
2186 BT_DBG("%s num_rsp %d", hdev
->name
, num_rsp
);
2193 if (!test_and_set_bit(HCI_INQUIRY
, &hdev
->flags
)) {
2195 if (test_bit(HCI_MGMT
, &hdev
->flags
))
2196 mgmt_discovering(hdev
->id
, 1);
2199 if ((skb
->len
- 1) / num_rsp
!= sizeof(struct inquiry_info_with_rssi
)) {
2200 struct inquiry_info_with_rssi_and_pscan_mode
*info
;
2201 info
= (void *) (skb
->data
+ 1);
2203 for (; num_rsp
; num_rsp
--, info
++) {
2204 bacpy(&data
.bdaddr
, &info
->bdaddr
);
2205 data
.pscan_rep_mode
= info
->pscan_rep_mode
;
2206 data
.pscan_period_mode
= info
->pscan_period_mode
;
2207 data
.pscan_mode
= info
->pscan_mode
;
2208 memcpy(data
.dev_class
, info
->dev_class
, 3);
2209 data
.clock_offset
= info
->clock_offset
;
2210 data
.rssi
= info
->rssi
;
2211 data
.ssp_mode
= 0x00;
2212 hci_inquiry_cache_update(hdev
, &data
);
2213 mgmt_device_found(hdev
->id
, &info
->bdaddr
,
2214 info
->dev_class
, info
->rssi
,
2218 struct inquiry_info_with_rssi
*info
= (void *) (skb
->data
+ 1);
2220 for (; num_rsp
; num_rsp
--, info
++) {
2221 bacpy(&data
.bdaddr
, &info
->bdaddr
);
2222 data
.pscan_rep_mode
= info
->pscan_rep_mode
;
2223 data
.pscan_period_mode
= info
->pscan_period_mode
;
2224 data
.pscan_mode
= 0x00;
2225 memcpy(data
.dev_class
, info
->dev_class
, 3);
2226 data
.clock_offset
= info
->clock_offset
;
2227 data
.rssi
= info
->rssi
;
2228 data
.ssp_mode
= 0x00;
2229 hci_inquiry_cache_update(hdev
, &data
);
2230 mgmt_device_found(hdev
->id
, &info
->bdaddr
,
2231 info
->dev_class
, info
->rssi
,
2236 hci_dev_unlock(hdev
);
2239 static inline void hci_remote_ext_features_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2241 struct hci_ev_remote_ext_features
*ev
= (void *) skb
->data
;
2242 struct hci_conn
*conn
;
2244 BT_DBG("%s", hdev
->name
);
2248 conn
= hci_conn_hash_lookup_handle(hdev
, __le16_to_cpu(ev
->handle
));
2252 if (!ev
->status
&& ev
->page
== 0x01) {
2253 struct inquiry_entry
*ie
;
2255 ie
= hci_inquiry_cache_lookup(hdev
, &conn
->dst
);
2257 ie
->data
.ssp_mode
= (ev
->features
[0] & 0x01);
2259 conn
->ssp_mode
= (ev
->features
[0] & 0x01);
2262 if (conn
->state
!= BT_CONFIG
)
2266 struct hci_cp_remote_name_req cp
;
2267 memset(&cp
, 0, sizeof(cp
));
2268 bacpy(&cp
.bdaddr
, &conn
->dst
);
2269 cp
.pscan_rep_mode
= 0x02;
2270 hci_send_cmd(hdev
, HCI_OP_REMOTE_NAME_REQ
, sizeof(cp
), &cp
);
2273 if (!hci_outgoing_auth_needed(hdev
, conn
)) {
2274 conn
->state
= BT_CONNECTED
;
2275 hci_proto_connect_cfm(conn
, ev
->status
);
2280 hci_dev_unlock(hdev
);
2283 static inline void hci_sync_conn_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2285 struct hci_ev_sync_conn_complete
*ev
= (void *) skb
->data
;
2286 struct hci_conn
*conn
;
2288 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
2292 conn
= hci_conn_hash_lookup_ba(hdev
, ev
->link_type
, &ev
->bdaddr
);
2294 if (ev
->link_type
== ESCO_LINK
)
2297 conn
= hci_conn_hash_lookup_ba(hdev
, ESCO_LINK
, &ev
->bdaddr
);
2301 conn
->type
= SCO_LINK
;
2304 switch (ev
->status
) {
2306 conn
->handle
= __le16_to_cpu(ev
->handle
);
2307 conn
->state
= BT_CONNECTED
;
2309 hci_conn_hold_device(conn
);
2310 hci_conn_add_sysfs(conn
);
2313 case 0x11: /* Unsupported Feature or Parameter Value */
2314 case 0x1c: /* SCO interval rejected */
2315 case 0x1a: /* Unsupported Remote Feature */
2316 case 0x1f: /* Unspecified error */
2317 if (conn
->out
&& conn
->attempt
< 2) {
2318 conn
->pkt_type
= (hdev
->esco_type
& SCO_ESCO_MASK
) |
2319 (hdev
->esco_type
& EDR_ESCO_MASK
);
2320 hci_setup_sync(conn
, conn
->link
->handle
);
2326 conn
->state
= BT_CLOSED
;
2330 hci_proto_connect_cfm(conn
, ev
->status
);
2335 hci_dev_unlock(hdev
);
2338 static inline void hci_sync_conn_changed_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2340 BT_DBG("%s", hdev
->name
);
2343 static inline void hci_sniff_subrate_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2345 struct hci_ev_sniff_subrate
*ev
= (void *) skb
->data
;
2347 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
2350 static inline void hci_extended_inquiry_result_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2352 struct inquiry_data data
;
2353 struct extended_inquiry_info
*info
= (void *) (skb
->data
+ 1);
2354 int num_rsp
= *((__u8
*) skb
->data
);
2356 BT_DBG("%s num_rsp %d", hdev
->name
, num_rsp
);
2361 if (!test_and_set_bit(HCI_INQUIRY
, &hdev
->flags
)) {
2363 if (test_bit(HCI_MGMT
, &hdev
->flags
))
2364 mgmt_discovering(hdev
->id
, 1);
2369 for (; num_rsp
; num_rsp
--, info
++) {
2370 bacpy(&data
.bdaddr
, &info
->bdaddr
);
2371 data
.pscan_rep_mode
= info
->pscan_rep_mode
;
2372 data
.pscan_period_mode
= info
->pscan_period_mode
;
2373 data
.pscan_mode
= 0x00;
2374 memcpy(data
.dev_class
, info
->dev_class
, 3);
2375 data
.clock_offset
= info
->clock_offset
;
2376 data
.rssi
= info
->rssi
;
2377 data
.ssp_mode
= 0x01;
2378 hci_inquiry_cache_update(hdev
, &data
);
2379 mgmt_device_found(hdev
->id
, &info
->bdaddr
, info
->dev_class
,
2380 info
->rssi
, info
->data
);
2383 hci_dev_unlock(hdev
);
2386 static inline u8
hci_get_auth_req(struct hci_conn
*conn
)
2388 /* If remote requests dedicated bonding follow that lead */
2389 if (conn
->remote_auth
== 0x02 || conn
->remote_auth
== 0x03) {
2390 /* If both remote and local IO capabilities allow MITM
2391 * protection then require it, otherwise don't */
2392 if (conn
->remote_cap
== 0x03 || conn
->io_capability
== 0x03)
2398 /* If remote requests no-bonding follow that lead */
2399 if (conn
->remote_auth
== 0x00 || conn
->remote_auth
== 0x01)
2402 return conn
->auth_type
;
2405 static inline void hci_io_capa_request_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2407 struct hci_ev_io_capa_request
*ev
= (void *) skb
->data
;
2408 struct hci_conn
*conn
;
2410 BT_DBG("%s", hdev
->name
);
2414 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2418 hci_conn_hold(conn
);
2420 if (!test_bit(HCI_MGMT
, &hdev
->flags
))
2423 if (test_bit(HCI_PAIRABLE
, &hdev
->flags
) ||
2424 (conn
->remote_auth
& ~0x01) == HCI_AT_NO_BONDING
) {
2425 struct hci_cp_io_capability_reply cp
;
2427 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
2428 cp
.capability
= conn
->io_capability
;
2429 cp
.authentication
= hci_get_auth_req(conn
);
2431 if ((conn
->out
== 0x01 || conn
->remote_oob
== 0x01) &&
2432 hci_find_remote_oob_data(hdev
, &conn
->dst
))
2437 hci_send_cmd(hdev
, HCI_OP_IO_CAPABILITY_REPLY
,
2440 struct hci_cp_io_capability_neg_reply cp
;
2442 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
2443 cp
.reason
= 0x16; /* Pairing not allowed */
2445 hci_send_cmd(hdev
, HCI_OP_IO_CAPABILITY_NEG_REPLY
,
2450 hci_dev_unlock(hdev
);
2453 static inline void hci_io_capa_reply_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2455 struct hci_ev_io_capa_reply
*ev
= (void *) skb
->data
;
2456 struct hci_conn
*conn
;
2458 BT_DBG("%s", hdev
->name
);
2462 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2466 conn
->remote_cap
= ev
->capability
;
2467 conn
->remote_oob
= ev
->oob_data
;
2468 conn
->remote_auth
= ev
->authentication
;
2471 hci_dev_unlock(hdev
);
2474 static inline void hci_user_confirm_request_evt(struct hci_dev
*hdev
,
2475 struct sk_buff
*skb
)
2477 struct hci_ev_user_confirm_req
*ev
= (void *) skb
->data
;
2479 BT_DBG("%s", hdev
->name
);
2483 if (test_bit(HCI_MGMT
, &hdev
->flags
))
2484 mgmt_user_confirm_request(hdev
->id
, &ev
->bdaddr
, ev
->passkey
);
2486 hci_dev_unlock(hdev
);
2489 static inline void hci_simple_pair_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2491 struct hci_ev_simple_pair_complete
*ev
= (void *) skb
->data
;
2492 struct hci_conn
*conn
;
2494 BT_DBG("%s", hdev
->name
);
2498 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &ev
->bdaddr
);
2502 /* To avoid duplicate auth_failed events to user space we check
2503 * the HCI_CONN_AUTH_PEND flag which will be set if we
2504 * initiated the authentication. A traditional auth_complete
2505 * event gets always produced as initiator and is also mapped to
2506 * the mgmt_auth_failed event */
2507 if (!test_bit(HCI_CONN_AUTH_PEND
, &conn
->pend
) && ev
->status
!= 0)
2508 mgmt_auth_failed(hdev
->id
, &conn
->dst
, ev
->status
);
2513 hci_dev_unlock(hdev
);
2516 static inline void hci_remote_host_features_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2518 struct hci_ev_remote_host_features
*ev
= (void *) skb
->data
;
2519 struct inquiry_entry
*ie
;
2521 BT_DBG("%s", hdev
->name
);
2525 ie
= hci_inquiry_cache_lookup(hdev
, &ev
->bdaddr
);
2527 ie
->data
.ssp_mode
= (ev
->features
[0] & 0x01);
2529 hci_dev_unlock(hdev
);
2532 static inline void hci_remote_oob_data_request_evt(struct hci_dev
*hdev
,
2533 struct sk_buff
*skb
)
2535 struct hci_ev_remote_oob_data_request
*ev
= (void *) skb
->data
;
2536 struct oob_data
*data
;
2538 BT_DBG("%s", hdev
->name
);
2542 if (!test_bit(HCI_MGMT
, &hdev
->flags
))
2545 data
= hci_find_remote_oob_data(hdev
, &ev
->bdaddr
);
2547 struct hci_cp_remote_oob_data_reply cp
;
2549 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
2550 memcpy(cp
.hash
, data
->hash
, sizeof(cp
.hash
));
2551 memcpy(cp
.randomizer
, data
->randomizer
, sizeof(cp
.randomizer
));
2553 hci_send_cmd(hdev
, HCI_OP_REMOTE_OOB_DATA_REPLY
, sizeof(cp
),
2556 struct hci_cp_remote_oob_data_neg_reply cp
;
2558 bacpy(&cp
.bdaddr
, &ev
->bdaddr
);
2559 hci_send_cmd(hdev
, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY
, sizeof(cp
),
2564 hci_dev_unlock(hdev
);
2567 static inline void hci_le_conn_complete_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2569 struct hci_ev_le_conn_complete
*ev
= (void *) skb
->data
;
2570 struct hci_conn
*conn
;
2572 BT_DBG("%s status %d", hdev
->name
, ev
->status
);
2576 conn
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, &ev
->bdaddr
);
2578 conn
= hci_conn_add(hdev
, LE_LINK
, &ev
->bdaddr
);
2580 BT_ERR("No memory for new connection");
2581 hci_dev_unlock(hdev
);
2587 hci_proto_connect_cfm(conn
, ev
->status
);
2588 conn
->state
= BT_CLOSED
;
2593 conn
->handle
= __le16_to_cpu(ev
->handle
);
2594 conn
->state
= BT_CONNECTED
;
2596 hci_conn_hold_device(conn
);
2597 hci_conn_add_sysfs(conn
);
2599 hci_proto_connect_cfm(conn
, ev
->status
);
2602 hci_dev_unlock(hdev
);
2605 static inline void hci_le_meta_evt(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2607 struct hci_ev_le_meta
*le_ev
= (void *) skb
->data
;
2609 skb_pull(skb
, sizeof(*le_ev
));
2611 switch (le_ev
->subevent
) {
2612 case HCI_EV_LE_CONN_COMPLETE
:
2613 hci_le_conn_complete_evt(hdev
, skb
);
2621 void hci_event_packet(struct hci_dev
*hdev
, struct sk_buff
*skb
)
2623 struct hci_event_hdr
*hdr
= (void *) skb
->data
;
2624 __u8 event
= hdr
->evt
;
2626 skb_pull(skb
, HCI_EVENT_HDR_SIZE
);
2629 case HCI_EV_INQUIRY_COMPLETE
:
2630 hci_inquiry_complete_evt(hdev
, skb
);
2633 case HCI_EV_INQUIRY_RESULT
:
2634 hci_inquiry_result_evt(hdev
, skb
);
2637 case HCI_EV_CONN_COMPLETE
:
2638 hci_conn_complete_evt(hdev
, skb
);
2641 case HCI_EV_CONN_REQUEST
:
2642 hci_conn_request_evt(hdev
, skb
);
2645 case HCI_EV_DISCONN_COMPLETE
:
2646 hci_disconn_complete_evt(hdev
, skb
);
2649 case HCI_EV_AUTH_COMPLETE
:
2650 hci_auth_complete_evt(hdev
, skb
);
2653 case HCI_EV_REMOTE_NAME
:
2654 hci_remote_name_evt(hdev
, skb
);
2657 case HCI_EV_ENCRYPT_CHANGE
:
2658 hci_encrypt_change_evt(hdev
, skb
);
2661 case HCI_EV_CHANGE_LINK_KEY_COMPLETE
:
2662 hci_change_link_key_complete_evt(hdev
, skb
);
2665 case HCI_EV_REMOTE_FEATURES
:
2666 hci_remote_features_evt(hdev
, skb
);
2669 case HCI_EV_REMOTE_VERSION
:
2670 hci_remote_version_evt(hdev
, skb
);
2673 case HCI_EV_QOS_SETUP_COMPLETE
:
2674 hci_qos_setup_complete_evt(hdev
, skb
);
2677 case HCI_EV_CMD_COMPLETE
:
2678 hci_cmd_complete_evt(hdev
, skb
);
2681 case HCI_EV_CMD_STATUS
:
2682 hci_cmd_status_evt(hdev
, skb
);
2685 case HCI_EV_ROLE_CHANGE
:
2686 hci_role_change_evt(hdev
, skb
);
2689 case HCI_EV_NUM_COMP_PKTS
:
2690 hci_num_comp_pkts_evt(hdev
, skb
);
2693 case HCI_EV_MODE_CHANGE
:
2694 hci_mode_change_evt(hdev
, skb
);
2697 case HCI_EV_PIN_CODE_REQ
:
2698 hci_pin_code_request_evt(hdev
, skb
);
2701 case HCI_EV_LINK_KEY_REQ
:
2702 hci_link_key_request_evt(hdev
, skb
);
2705 case HCI_EV_LINK_KEY_NOTIFY
:
2706 hci_link_key_notify_evt(hdev
, skb
);
2709 case HCI_EV_CLOCK_OFFSET
:
2710 hci_clock_offset_evt(hdev
, skb
);
2713 case HCI_EV_PKT_TYPE_CHANGE
:
2714 hci_pkt_type_change_evt(hdev
, skb
);
2717 case HCI_EV_PSCAN_REP_MODE
:
2718 hci_pscan_rep_mode_evt(hdev
, skb
);
2721 case HCI_EV_INQUIRY_RESULT_WITH_RSSI
:
2722 hci_inquiry_result_with_rssi_evt(hdev
, skb
);
2725 case HCI_EV_REMOTE_EXT_FEATURES
:
2726 hci_remote_ext_features_evt(hdev
, skb
);
2729 case HCI_EV_SYNC_CONN_COMPLETE
:
2730 hci_sync_conn_complete_evt(hdev
, skb
);
2733 case HCI_EV_SYNC_CONN_CHANGED
:
2734 hci_sync_conn_changed_evt(hdev
, skb
);
2737 case HCI_EV_SNIFF_SUBRATE
:
2738 hci_sniff_subrate_evt(hdev
, skb
);
2741 case HCI_EV_EXTENDED_INQUIRY_RESULT
:
2742 hci_extended_inquiry_result_evt(hdev
, skb
);
2745 case HCI_EV_IO_CAPA_REQUEST
:
2746 hci_io_capa_request_evt(hdev
, skb
);
2749 case HCI_EV_IO_CAPA_REPLY
:
2750 hci_io_capa_reply_evt(hdev
, skb
);
2753 case HCI_EV_USER_CONFIRM_REQUEST
:
2754 hci_user_confirm_request_evt(hdev
, skb
);
2757 case HCI_EV_SIMPLE_PAIR_COMPLETE
:
2758 hci_simple_pair_complete_evt(hdev
, skb
);
2761 case HCI_EV_REMOTE_HOST_FEATURES
:
2762 hci_remote_host_features_evt(hdev
, skb
);
2765 case HCI_EV_LE_META
:
2766 hci_le_meta_evt(hdev
, skb
);
2769 case HCI_EV_REMOTE_OOB_DATA_REQUEST
:
2770 hci_remote_oob_data_request_evt(hdev
, skb
);
2774 BT_DBG("%s event 0x%x", hdev
->name
, event
);
2779 hdev
->stat
.evt_rx
++;
2782 /* Generate internal stack event */
2783 void hci_si_event(struct hci_dev
*hdev
, int type
, int dlen
, void *data
)
2785 struct hci_event_hdr
*hdr
;
2786 struct hci_ev_stack_internal
*ev
;
2787 struct sk_buff
*skb
;
2789 skb
= bt_skb_alloc(HCI_EVENT_HDR_SIZE
+ sizeof(*ev
) + dlen
, GFP_ATOMIC
);
2793 hdr
= (void *) skb_put(skb
, HCI_EVENT_HDR_SIZE
);
2794 hdr
->evt
= HCI_EV_STACK_INTERNAL
;
2795 hdr
->plen
= sizeof(*ev
) + dlen
;
2797 ev
= (void *) skb_put(skb
, sizeof(*ev
) + dlen
);
2799 memcpy(ev
->data
, data
, dlen
);
2801 bt_cb(skb
)->incoming
= 1;
2802 __net_timestamp(skb
);
2804 bt_cb(skb
)->pkt_type
= HCI_EVENT_PKT
;
2805 skb
->dev
= (void *) hdev
;
2806 hci_send_to_sock(hdev
, skb
, NULL
);