2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI event handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
40 #include <linux/uaccess.h>
41 #include <asm/unaligned.h>
43 #include <net/bluetooth/bluetooth.h>
44 #include <net/bluetooth/hci_core.h>
46 /* Handle HCI Event packets */
48 static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
50 __u8 status = *((__u8 *) skb->data);
52 BT_DBG("%s status 0x%x", hdev->name, status);
56 mgmt_stop_discovery_failed(hdev, status);
61 clear_bit(HCI_INQUIRY, &hdev->flags);
64 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
67 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
69 hci_conn_check_pending(hdev);
72 static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
74 __u8 status = *((__u8 *) skb->data);
76 BT_DBG("%s status 0x%x", hdev->name, status);
81 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
84 static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
86 __u8 status = *((__u8 *) skb->data);
88 BT_DBG("%s status 0x%x", hdev->name, status);
93 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
95 hci_conn_check_pending(hdev);
98 static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
101 BT_DBG("%s", hdev->name);
104 static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
106 struct hci_rp_role_discovery *rp = (void *) skb->data;
107 struct hci_conn *conn;
109 BT_DBG("%s status 0x%x", hdev->name, rp->status);
116 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
119 conn->link_mode &= ~HCI_LM_MASTER;
121 conn->link_mode |= HCI_LM_MASTER;
124 hci_dev_unlock(hdev);
127 static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
129 struct hci_rp_read_link_policy *rp = (void *) skb->data;
130 struct hci_conn *conn;
132 BT_DBG("%s status 0x%x", hdev->name, rp->status);
139 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
141 conn->link_policy = __le16_to_cpu(rp->policy);
143 hci_dev_unlock(hdev);
146 static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
148 struct hci_rp_write_link_policy *rp = (void *) skb->data;
149 struct hci_conn *conn;
152 BT_DBG("%s status 0x%x", hdev->name, rp->status);
157 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
163 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
165 conn->link_policy = get_unaligned_le16(sent + 2);
167 hci_dev_unlock(hdev);
170 static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
173 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
175 BT_DBG("%s status 0x%x", hdev->name, rp->status);
180 hdev->link_policy = __le16_to_cpu(rp->policy);
183 static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
186 __u8 status = *((__u8 *) skb->data);
189 BT_DBG("%s status 0x%x", hdev->name, status);
191 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
196 hdev->link_policy = get_unaligned_le16(sent);
198 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
201 static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
203 __u8 status = *((__u8 *) skb->data);
205 BT_DBG("%s status 0x%x", hdev->name, status);
207 clear_bit(HCI_RESET, &hdev->flags);
209 hci_req_complete(hdev, HCI_OP_RESET, status);
211 /* Reset all non-persistent flags */
212 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
213 BIT(HCI_PERIODIC_INQ));
215 hdev->discovery.state = DISCOVERY_STOPPED;
218 static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
220 __u8 status = *((__u8 *) skb->data);
223 BT_DBG("%s status 0x%x", hdev->name, status);
225 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
231 if (test_bit(HCI_MGMT, &hdev->dev_flags))
232 mgmt_set_local_name_complete(hdev, sent, status);
234 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
236 hci_dev_unlock(hdev);
238 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
241 static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
243 struct hci_rp_read_local_name *rp = (void *) skb->data;
245 BT_DBG("%s status 0x%x", hdev->name, rp->status);
250 if (test_bit(HCI_SETUP, &hdev->dev_flags))
251 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
254 static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
256 __u8 status = *((__u8 *) skb->data);
259 BT_DBG("%s status 0x%x", hdev->name, status);
261 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
266 __u8 param = *((__u8 *) sent);
268 if (param == AUTH_ENABLED)
269 set_bit(HCI_AUTH, &hdev->flags);
271 clear_bit(HCI_AUTH, &hdev->flags);
274 if (test_bit(HCI_MGMT, &hdev->dev_flags))
275 mgmt_auth_enable_complete(hdev, status);
277 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
280 static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
282 __u8 status = *((__u8 *) skb->data);
285 BT_DBG("%s status 0x%x", hdev->name, status);
287 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
292 __u8 param = *((__u8 *) sent);
295 set_bit(HCI_ENCRYPT, &hdev->flags);
297 clear_bit(HCI_ENCRYPT, &hdev->flags);
300 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
303 static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
305 __u8 param, status = *((__u8 *) skb->data);
306 int old_pscan, old_iscan;
309 BT_DBG("%s status 0x%x", hdev->name, status);
311 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
315 param = *((__u8 *) sent);
320 mgmt_write_scan_failed(hdev, param, status);
321 hdev->discov_timeout = 0;
325 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
326 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
328 if (param & SCAN_INQUIRY) {
329 set_bit(HCI_ISCAN, &hdev->flags);
331 mgmt_discoverable(hdev, 1);
332 if (hdev->discov_timeout > 0) {
333 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
334 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
337 } else if (old_iscan)
338 mgmt_discoverable(hdev, 0);
340 if (param & SCAN_PAGE) {
341 set_bit(HCI_PSCAN, &hdev->flags);
343 mgmt_connectable(hdev, 1);
344 } else if (old_pscan)
345 mgmt_connectable(hdev, 0);
348 hci_dev_unlock(hdev);
349 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
352 static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
354 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
356 BT_DBG("%s status 0x%x", hdev->name, rp->status);
361 memcpy(hdev->dev_class, rp->dev_class, 3);
363 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
364 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
367 static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
369 __u8 status = *((__u8 *) skb->data);
372 BT_DBG("%s status 0x%x", hdev->name, status);
374 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
381 memcpy(hdev->dev_class, sent, 3);
383 if (test_bit(HCI_MGMT, &hdev->dev_flags))
384 mgmt_set_class_of_dev_complete(hdev, sent, status);
386 hci_dev_unlock(hdev);
389 static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
391 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
394 BT_DBG("%s status 0x%x", hdev->name, rp->status);
399 setting = __le16_to_cpu(rp->voice_setting);
401 if (hdev->voice_setting == setting)
404 hdev->voice_setting = setting;
406 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
409 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
412 static void hci_cc_write_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
414 __u8 status = *((__u8 *) skb->data);
418 BT_DBG("%s status 0x%x", hdev->name, status);
423 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
427 setting = get_unaligned_le16(sent);
429 if (hdev->voice_setting == setting)
432 hdev->voice_setting = setting;
434 BT_DBG("%s voice setting 0x%04x", hdev->name, setting);
437 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
440 static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
442 __u8 status = *((__u8 *) skb->data);
444 BT_DBG("%s status 0x%x", hdev->name, status);
446 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
449 static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
451 __u8 status = *((__u8 *) skb->data);
454 BT_DBG("%s status 0x%x", hdev->name, status);
456 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
460 if (test_bit(HCI_MGMT, &hdev->dev_flags))
461 mgmt_ssp_enable_complete(hdev, *((u8 *) sent), status);
464 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
466 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
470 static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
472 if (hdev->features[6] & LMP_EXT_INQ)
475 if (hdev->features[3] & LMP_RSSI_INQ)
478 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
479 hdev->lmp_subver == 0x0757)
482 if (hdev->manufacturer == 15) {
483 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
485 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
487 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
491 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
492 hdev->lmp_subver == 0x1805)
498 static void hci_setup_inquiry_mode(struct hci_dev *hdev)
502 mode = hci_get_inquiry_mode(hdev);
504 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
507 static void hci_setup_event_mask(struct hci_dev *hdev)
509 /* The second byte is 0xff instead of 0x9f (two reserved bits
510 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
511 * command otherwise */
512 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
514 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
515 * any event mask for pre 1.2 devices */
516 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
519 events[4] |= 0x01; /* Flow Specification Complete */
520 events[4] |= 0x02; /* Inquiry Result with RSSI */
521 events[4] |= 0x04; /* Read Remote Extended Features Complete */
522 events[5] |= 0x08; /* Synchronous Connection Complete */
523 events[5] |= 0x10; /* Synchronous Connection Changed */
525 if (hdev->features[3] & LMP_RSSI_INQ)
526 events[4] |= 0x02; /* Inquiry Result with RSSI */
528 if (hdev->features[5] & LMP_SNIFF_SUBR)
529 events[5] |= 0x20; /* Sniff Subrating */
531 if (hdev->features[5] & LMP_PAUSE_ENC)
532 events[5] |= 0x80; /* Encryption Key Refresh Complete */
534 if (hdev->features[6] & LMP_EXT_INQ)
535 events[5] |= 0x40; /* Extended Inquiry Result */
537 if (hdev->features[6] & LMP_NO_FLUSH)
538 events[7] |= 0x01; /* Enhanced Flush Complete */
540 if (hdev->features[7] & LMP_LSTO)
541 events[6] |= 0x80; /* Link Supervision Timeout Changed */
543 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
544 events[6] |= 0x01; /* IO Capability Request */
545 events[6] |= 0x02; /* IO Capability Response */
546 events[6] |= 0x04; /* User Confirmation Request */
547 events[6] |= 0x08; /* User Passkey Request */
548 events[6] |= 0x10; /* Remote OOB Data Request */
549 events[6] |= 0x20; /* Simple Pairing Complete */
550 events[7] |= 0x04; /* User Passkey Notification */
551 events[7] |= 0x08; /* Keypress Notification */
552 events[7] |= 0x10; /* Remote Host Supported
553 * Features Notification */
556 if (hdev->features[4] & LMP_LE)
557 events[7] |= 0x20; /* LE Meta-Event */
559 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
562 static void hci_setup(struct hci_dev *hdev)
564 if (hdev->dev_type != HCI_BREDR)
567 hci_setup_event_mask(hdev);
569 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
570 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
572 if (hdev->features[6] & LMP_SIMPLE_PAIR) {
573 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
575 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
576 sizeof(mode), &mode);
578 struct hci_cp_write_eir cp;
580 memset(hdev->eir, 0, sizeof(hdev->eir));
581 memset(&cp, 0, sizeof(cp));
583 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
587 if (hdev->features[3] & LMP_RSSI_INQ)
588 hci_setup_inquiry_mode(hdev);
590 if (hdev->features[7] & LMP_INQ_TX_PWR)
591 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
593 if (hdev->features[7] & LMP_EXTFEATURES) {
594 struct hci_cp_read_local_ext_features cp;
597 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
601 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
603 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
608 static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
610 struct hci_rp_read_local_version *rp = (void *) skb->data;
612 BT_DBG("%s status 0x%x", hdev->name, rp->status);
617 hdev->hci_ver = rp->hci_ver;
618 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
619 hdev->lmp_ver = rp->lmp_ver;
620 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
621 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
623 BT_DBG("%s manufacturer %d hci ver %d:%d", hdev->name,
624 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
626 if (test_bit(HCI_INIT, &hdev->flags))
630 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
633 static void hci_setup_link_policy(struct hci_dev *hdev)
635 struct hci_cp_write_def_link_policy cp;
638 if (hdev->features[0] & LMP_RSWITCH)
639 link_policy |= HCI_LP_RSWITCH;
640 if (hdev->features[0] & LMP_HOLD)
641 link_policy |= HCI_LP_HOLD;
642 if (hdev->features[0] & LMP_SNIFF)
643 link_policy |= HCI_LP_SNIFF;
644 if (hdev->features[1] & LMP_PARK)
645 link_policy |= HCI_LP_PARK;
647 cp.policy = cpu_to_le16(link_policy);
648 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
651 static void hci_cc_read_local_commands(struct hci_dev *hdev, struct sk_buff *skb)
653 struct hci_rp_read_local_commands *rp = (void *) skb->data;
655 BT_DBG("%s status 0x%x", hdev->name, rp->status);
660 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
662 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
663 hci_setup_link_policy(hdev);
666 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
669 static void hci_cc_read_local_features(struct hci_dev *hdev, struct sk_buff *skb)
671 struct hci_rp_read_local_features *rp = (void *) skb->data;
673 BT_DBG("%s status 0x%x", hdev->name, rp->status);
678 memcpy(hdev->features, rp->features, 8);
680 /* Adjust default settings according to features
681 * supported by device. */
683 if (hdev->features[0] & LMP_3SLOT)
684 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
686 if (hdev->features[0] & LMP_5SLOT)
687 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
689 if (hdev->features[1] & LMP_HV2) {
690 hdev->pkt_type |= (HCI_HV2);
691 hdev->esco_type |= (ESCO_HV2);
694 if (hdev->features[1] & LMP_HV3) {
695 hdev->pkt_type |= (HCI_HV3);
696 hdev->esco_type |= (ESCO_HV3);
699 if (hdev->features[3] & LMP_ESCO)
700 hdev->esco_type |= (ESCO_EV3);
702 if (hdev->features[4] & LMP_EV4)
703 hdev->esco_type |= (ESCO_EV4);
705 if (hdev->features[4] & LMP_EV5)
706 hdev->esco_type |= (ESCO_EV5);
708 if (hdev->features[5] & LMP_EDR_ESCO_2M)
709 hdev->esco_type |= (ESCO_2EV3);
711 if (hdev->features[5] & LMP_EDR_ESCO_3M)
712 hdev->esco_type |= (ESCO_3EV3);
714 if (hdev->features[5] & LMP_EDR_3S_ESCO)
715 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
717 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
718 hdev->features[0], hdev->features[1],
719 hdev->features[2], hdev->features[3],
720 hdev->features[4], hdev->features[5],
721 hdev->features[6], hdev->features[7]);
724 static void hci_set_le_support(struct hci_dev *hdev)
726 struct hci_cp_write_le_host_supported cp;
728 memset(&cp, 0, sizeof(cp));
730 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
732 cp.simul = !!(hdev->features[6] & LMP_SIMUL_LE_BR);
735 if (cp.le != !!(hdev->host_features[0] & LMP_HOST_LE))
736 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
740 static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
743 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
745 BT_DBG("%s status 0x%x", hdev->name, rp->status);
752 memcpy(hdev->features, rp->features, 8);
755 memcpy(hdev->host_features, rp->features, 8);
759 if (test_bit(HCI_INIT, &hdev->flags) && hdev->features[4] & LMP_LE)
760 hci_set_le_support(hdev);
763 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
766 static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
769 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
771 BT_DBG("%s status 0x%x", hdev->name, rp->status);
776 hdev->flow_ctl_mode = rp->mode;
778 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
781 static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
783 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
785 BT_DBG("%s status 0x%x", hdev->name, rp->status);
790 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
791 hdev->sco_mtu = rp->sco_mtu;
792 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
793 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
795 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
800 hdev->acl_cnt = hdev->acl_pkts;
801 hdev->sco_cnt = hdev->sco_pkts;
803 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
804 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
807 static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
809 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
811 BT_DBG("%s status 0x%x", hdev->name, rp->status);
814 bacpy(&hdev->bdaddr, &rp->bdaddr);
816 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
819 static void hci_cc_read_data_block_size(struct hci_dev *hdev,
822 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
824 BT_DBG("%s status 0x%x", hdev->name, rp->status);
829 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
830 hdev->block_len = __le16_to_cpu(rp->block_len);
831 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
833 hdev->block_cnt = hdev->num_blocks;
835 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
836 hdev->block_cnt, hdev->block_len);
838 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
841 static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
843 __u8 status = *((__u8 *) skb->data);
845 BT_DBG("%s status 0x%x", hdev->name, status);
847 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
850 static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
853 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
855 BT_DBG("%s status 0x%x", hdev->name, rp->status);
860 hdev->amp_status = rp->amp_status;
861 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
862 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
863 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
864 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
865 hdev->amp_type = rp->amp_type;
866 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
867 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
868 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
869 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
871 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
874 static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
877 __u8 status = *((__u8 *) skb->data);
879 BT_DBG("%s status 0x%x", hdev->name, status);
881 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
884 static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
886 __u8 status = *((__u8 *) skb->data);
888 BT_DBG("%s status 0x%x", hdev->name, status);
890 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
893 static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
896 __u8 status = *((__u8 *) skb->data);
898 BT_DBG("%s status 0x%x", hdev->name, status);
900 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
903 static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
906 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
908 BT_DBG("%s status 0x%x", hdev->name, rp->status);
911 hdev->inq_tx_power = rp->tx_power;
913 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
916 static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
918 __u8 status = *((__u8 *) skb->data);
920 BT_DBG("%s status 0x%x", hdev->name, status);
922 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
925 static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
927 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
928 struct hci_cp_pin_code_reply *cp;
929 struct hci_conn *conn;
931 BT_DBG("%s status 0x%x", hdev->name, rp->status);
935 if (test_bit(HCI_MGMT, &hdev->dev_flags))
936 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
941 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
945 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
947 conn->pin_length = cp->pin_len;
950 hci_dev_unlock(hdev);
953 static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
955 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
957 BT_DBG("%s status 0x%x", hdev->name, rp->status);
961 if (test_bit(HCI_MGMT, &hdev->dev_flags))
962 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
965 hci_dev_unlock(hdev);
968 static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
971 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
973 BT_DBG("%s status 0x%x", hdev->name, rp->status);
978 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
979 hdev->le_pkts = rp->le_max_pkt;
981 hdev->le_cnt = hdev->le_pkts;
983 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
985 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
988 static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
990 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
992 BT_DBG("%s status 0x%x", hdev->name, rp->status);
996 if (test_bit(HCI_MGMT, &hdev->dev_flags))
997 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
1000 hci_dev_unlock(hdev);
1003 static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
1004 struct sk_buff *skb)
1006 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1008 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1012 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1013 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
1014 ACL_LINK, 0, rp->status);
1016 hci_dev_unlock(hdev);
1019 static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1021 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1023 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1027 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1028 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
1031 hci_dev_unlock(hdev);
1034 static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1035 struct sk_buff *skb)
1037 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1039 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1043 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1044 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1045 ACL_LINK, 0, rp->status);
1047 hci_dev_unlock(hdev);
1050 static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1051 struct sk_buff *skb)
1053 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1055 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1058 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
1059 rp->randomizer, rp->status);
1060 hci_dev_unlock(hdev);
1063 static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1065 __u8 status = *((__u8 *) skb->data);
1067 BT_DBG("%s status 0x%x", hdev->name, status);
1069 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
1073 mgmt_start_discovery_failed(hdev, status);
1074 hci_dev_unlock(hdev);
1079 static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1080 struct sk_buff *skb)
1082 struct hci_cp_le_set_scan_enable *cp;
1083 __u8 status = *((__u8 *) skb->data);
1085 BT_DBG("%s status 0x%x", hdev->name, status);
1087 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1091 switch (cp->enable) {
1092 case LE_SCANNING_ENABLED:
1093 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1097 mgmt_start_discovery_failed(hdev, status);
1098 hci_dev_unlock(hdev);
1102 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1105 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1106 hci_dev_unlock(hdev);
1109 case LE_SCANNING_DISABLED:
1112 mgmt_stop_discovery_failed(hdev, status);
1113 hci_dev_unlock(hdev);
1117 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1119 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1120 hdev->discovery.state == DISCOVERY_FINDING) {
1121 mgmt_interleaved_discovery(hdev);
1124 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1125 hci_dev_unlock(hdev);
1131 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1136 static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1138 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1140 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1145 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1148 static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1150 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1152 BT_DBG("%s status 0x%x", hdev->name, rp->status);
1157 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1160 static inline void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1161 struct sk_buff *skb)
1163 struct hci_cp_write_le_host_supported *sent;
1164 __u8 status = *((__u8 *) skb->data);
1166 BT_DBG("%s status 0x%x", hdev->name, status);
1168 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1174 hdev->host_features[0] |= LMP_HOST_LE;
1176 hdev->host_features[0] &= ~LMP_HOST_LE;
1179 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
1180 !test_bit(HCI_INIT, &hdev->flags))
1181 mgmt_le_enable_complete(hdev, sent->le, status);
1183 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
1186 static inline void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1188 BT_DBG("%s status 0x%x", hdev->name, status);
1191 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1192 hci_conn_check_pending(hdev);
1194 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1195 mgmt_start_discovery_failed(hdev, status);
1196 hci_dev_unlock(hdev);
1200 set_bit(HCI_INQUIRY, &hdev->flags);
1203 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1204 hci_dev_unlock(hdev);
1207 static inline void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1209 struct hci_cp_create_conn *cp;
1210 struct hci_conn *conn;
1212 BT_DBG("%s status 0x%x", hdev->name, status);
1214 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1220 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1222 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->bdaddr), conn);
1225 if (conn && conn->state == BT_CONNECT) {
1226 if (status != 0x0c || conn->attempt > 2) {
1227 conn->state = BT_CLOSED;
1228 hci_proto_connect_cfm(conn, status);
1231 conn->state = BT_CONNECT2;
1235 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1238 conn->link_mode |= HCI_LM_MASTER;
1240 BT_ERR("No memory for new connection");
1244 hci_dev_unlock(hdev);
1247 static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1249 struct hci_cp_add_sco *cp;
1250 struct hci_conn *acl, *sco;
1253 BT_DBG("%s status 0x%x", hdev->name, status);
1258 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1262 handle = __le16_to_cpu(cp->handle);
1264 BT_DBG("%s handle %d", hdev->name, handle);
1268 acl = hci_conn_hash_lookup_handle(hdev, handle);
1272 sco->state = BT_CLOSED;
1274 hci_proto_connect_cfm(sco, status);
1279 hci_dev_unlock(hdev);
1282 static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1284 struct hci_cp_auth_requested *cp;
1285 struct hci_conn *conn;
1287 BT_DBG("%s status 0x%x", hdev->name, status);
1292 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1298 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1300 if (conn->state == BT_CONFIG) {
1301 hci_proto_connect_cfm(conn, status);
1306 hci_dev_unlock(hdev);
1309 static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1311 struct hci_cp_set_conn_encrypt *cp;
1312 struct hci_conn *conn;
1314 BT_DBG("%s status 0x%x", hdev->name, status);
1319 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1325 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1327 if (conn->state == BT_CONFIG) {
1328 hci_proto_connect_cfm(conn, status);
1333 hci_dev_unlock(hdev);
1336 static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1337 struct hci_conn *conn)
1339 if (conn->state != BT_CONFIG || !conn->out)
1342 if (conn->pending_sec_level == BT_SECURITY_SDP)
1345 /* Only request authentication for SSP connections or non-SSP
1346 * devices with sec_level HIGH or if MITM protection is requested */
1347 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1348 conn->pending_sec_level != BT_SECURITY_HIGH)
1354 static inline int hci_resolve_name(struct hci_dev *hdev,
1355 struct inquiry_entry *e)
1357 struct hci_cp_remote_name_req cp;
1359 memset(&cp, 0, sizeof(cp));
1361 bacpy(&cp.bdaddr, &e->data.bdaddr);
1362 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1363 cp.pscan_mode = e->data.pscan_mode;
1364 cp.clock_offset = e->data.clock_offset;
1366 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1369 static bool hci_resolve_next_name(struct hci_dev *hdev)
1371 struct discovery_state *discov = &hdev->discovery;
1372 struct inquiry_entry *e;
1374 if (list_empty(&discov->resolve))
1377 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1378 if (hci_resolve_name(hdev, e) == 0) {
1379 e->name_state = NAME_PENDING;
1386 static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1387 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1389 struct discovery_state *discov = &hdev->discovery;
1390 struct inquiry_entry *e;
1392 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1393 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1394 name_len, conn->dev_class);
1396 if (discov->state == DISCOVERY_STOPPED)
1399 if (discov->state == DISCOVERY_STOPPING)
1400 goto discov_complete;
1402 if (discov->state != DISCOVERY_RESOLVING)
1405 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1407 e->name_state = NAME_KNOWN;
1410 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1411 e->data.rssi, name, name_len);
1414 if (hci_resolve_next_name(hdev))
1418 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1421 static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1423 struct hci_cp_remote_name_req *cp;
1424 struct hci_conn *conn;
1426 BT_DBG("%s status 0x%x", hdev->name, status);
1428 /* If successful wait for the name req complete event before
1429 * checking for the need to do authentication */
1433 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1439 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1441 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1442 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1447 if (!hci_outgoing_auth_needed(hdev, conn))
1450 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1451 struct hci_cp_auth_requested cp;
1452 cp.handle = __cpu_to_le16(conn->handle);
1453 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1457 hci_dev_unlock(hdev);
1460 static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1462 struct hci_cp_read_remote_features *cp;
1463 struct hci_conn *conn;
1465 BT_DBG("%s status 0x%x", hdev->name, status);
1470 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1476 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1478 if (conn->state == BT_CONFIG) {
1479 hci_proto_connect_cfm(conn, status);
1484 hci_dev_unlock(hdev);
1487 static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1489 struct hci_cp_read_remote_ext_features *cp;
1490 struct hci_conn *conn;
1492 BT_DBG("%s status 0x%x", hdev->name, status);
1497 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1503 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1505 if (conn->state == BT_CONFIG) {
1506 hci_proto_connect_cfm(conn, status);
1511 hci_dev_unlock(hdev);
1514 static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1516 struct hci_cp_setup_sync_conn *cp;
1517 struct hci_conn *acl, *sco;
1520 BT_DBG("%s status 0x%x", hdev->name, status);
1525 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1529 handle = __le16_to_cpu(cp->handle);
1531 BT_DBG("%s handle %d", hdev->name, handle);
1535 acl = hci_conn_hash_lookup_handle(hdev, handle);
1539 sco->state = BT_CLOSED;
1541 hci_proto_connect_cfm(sco, status);
1546 hci_dev_unlock(hdev);
1549 static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1551 struct hci_cp_sniff_mode *cp;
1552 struct hci_conn *conn;
1554 BT_DBG("%s status 0x%x", hdev->name, status);
1559 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1565 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1567 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1569 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1570 hci_sco_setup(conn, status);
1573 hci_dev_unlock(hdev);
1576 static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1578 struct hci_cp_exit_sniff_mode *cp;
1579 struct hci_conn *conn;
1581 BT_DBG("%s status 0x%x", hdev->name, status);
1586 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1592 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1594 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1596 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1597 hci_sco_setup(conn, status);
1600 hci_dev_unlock(hdev);
1603 static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1605 struct hci_cp_disconnect *cp;
1606 struct hci_conn *conn;
1611 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1617 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1619 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1620 conn->dst_type, status);
1622 hci_dev_unlock(hdev);
1625 static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1627 struct hci_cp_le_create_conn *cp;
1628 struct hci_conn *conn;
1630 BT_DBG("%s status 0x%x", hdev->name, status);
1632 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_CREATE_CONN);
1638 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->peer_addr);
1640 BT_DBG("%s bdaddr %s conn %p", hdev->name, batostr(&cp->peer_addr),
1644 if (conn && conn->state == BT_CONNECT) {
1645 conn->state = BT_CLOSED;
1646 mgmt_connect_failed(hdev, &cp->peer_addr, conn->type,
1647 conn->dst_type, status);
1648 hci_proto_connect_cfm(conn, status);
1653 conn = hci_conn_add(hdev, LE_LINK, &cp->peer_addr);
1655 conn->dst_type = cp->peer_addr_type;
1658 BT_ERR("No memory for new connection");
1663 hci_dev_unlock(hdev);
1666 static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1668 BT_DBG("%s status 0x%x", hdev->name, status);
1671 static inline void hci_inquiry_complete_evt(struct hci_dev *hdev,
1672 struct sk_buff *skb)
1674 __u8 status = *((__u8 *) skb->data);
1675 struct discovery_state *discov = &hdev->discovery;
1676 struct inquiry_entry *e;
1678 BT_DBG("%s status %d", hdev->name, status);
1680 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1682 hci_conn_check_pending(hdev);
1684 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1687 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1692 if (discov->state != DISCOVERY_FINDING)
1695 if (list_empty(&discov->resolve)) {
1696 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1700 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1701 if (e && hci_resolve_name(hdev, e) == 0) {
1702 e->name_state = NAME_PENDING;
1703 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1705 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1709 hci_dev_unlock(hdev);
1712 static inline void hci_inquiry_result_evt(struct hci_dev *hdev,
1713 struct sk_buff *skb)
1715 struct inquiry_data data;
1716 struct inquiry_info *info = (void *) (skb->data + 1);
1717 int num_rsp = *((__u8 *) skb->data);
1719 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1724 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1729 for (; num_rsp; num_rsp--, info++) {
1730 bool name_known, ssp;
1732 bacpy(&data.bdaddr, &info->bdaddr);
1733 data.pscan_rep_mode = info->pscan_rep_mode;
1734 data.pscan_period_mode = info->pscan_period_mode;
1735 data.pscan_mode = info->pscan_mode;
1736 memcpy(data.dev_class, info->dev_class, 3);
1737 data.clock_offset = info->clock_offset;
1739 data.ssp_mode = 0x00;
1741 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1742 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1743 info->dev_class, 0, !name_known, ssp, NULL,
1747 hci_dev_unlock(hdev);
1750 static inline void hci_conn_complete_evt(struct hci_dev *hdev,
1751 struct sk_buff *skb)
1753 struct hci_ev_conn_complete *ev = (void *) skb->data;
1754 struct hci_conn *conn;
1756 BT_DBG("%s", hdev->name);
1760 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1762 if (ev->link_type != SCO_LINK)
1765 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1769 conn->type = SCO_LINK;
1773 conn->handle = __le16_to_cpu(ev->handle);
1775 if (conn->type == ACL_LINK) {
1776 conn->state = BT_CONFIG;
1777 hci_conn_hold(conn);
1778 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1780 conn->state = BT_CONNECTED;
1782 hci_conn_hold_device(conn);
1783 hci_conn_add_sysfs(conn);
1785 if (test_bit(HCI_AUTH, &hdev->flags))
1786 conn->link_mode |= HCI_LM_AUTH;
1788 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1789 conn->link_mode |= HCI_LM_ENCRYPT;
1791 /* Get remote features */
1792 if (conn->type == ACL_LINK) {
1793 struct hci_cp_read_remote_features cp;
1794 cp.handle = ev->handle;
1795 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1799 /* Set packet type for incoming connection */
1800 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1801 struct hci_cp_change_conn_ptype cp;
1802 cp.handle = ev->handle;
1803 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1804 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1808 conn->state = BT_CLOSED;
1809 if (conn->type == ACL_LINK)
1810 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1811 conn->dst_type, ev->status);
1814 if (conn->type == ACL_LINK)
1815 hci_sco_setup(conn, ev->status);
1818 hci_proto_connect_cfm(conn, ev->status);
1820 } else if (ev->link_type != ACL_LINK)
1821 hci_proto_connect_cfm(conn, ev->status);
1824 hci_dev_unlock(hdev);
1826 hci_conn_check_pending(hdev);
1829 static inline void hci_conn_request_evt(struct hci_dev *hdev,
1830 struct sk_buff *skb)
1832 struct hci_ev_conn_request *ev = (void *) skb->data;
1833 int mask = hdev->link_mode;
1835 BT_DBG("%s bdaddr %s type 0x%x", hdev->name, batostr(&ev->bdaddr),
1838 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
1840 if ((mask & HCI_LM_ACCEPT) &&
1841 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
1842 /* Connection accepted */
1843 struct inquiry_entry *ie;
1844 struct hci_conn *conn;
1848 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
1850 memcpy(ie->data.dev_class, ev->dev_class, 3);
1852 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1854 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
1856 BT_ERR("No memory for new connection");
1857 hci_dev_unlock(hdev);
1862 memcpy(conn->dev_class, ev->dev_class, 3);
1863 conn->state = BT_CONNECT;
1865 hci_dev_unlock(hdev);
1867 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
1868 struct hci_cp_accept_conn_req cp;
1870 bacpy(&cp.bdaddr, &ev->bdaddr);
1872 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1873 cp.role = 0x00; /* Become master */
1875 cp.role = 0x01; /* Remain slave */
1877 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
1880 struct hci_cp_accept_sync_conn_req cp;
1882 bacpy(&cp.bdaddr, &ev->bdaddr);
1883 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1885 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
1886 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
1887 cp.max_latency = cpu_to_le16(0xffff);
1888 cp.content_format = cpu_to_le16(hdev->voice_setting);
1889 cp.retrans_effort = 0xff;
1891 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1895 /* Connection rejected */
1896 struct hci_cp_reject_conn_req cp;
1898 bacpy(&cp.bdaddr, &ev->bdaddr);
1899 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
1900 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
1904 static inline void hci_disconn_complete_evt(struct hci_dev *hdev,
1905 struct sk_buff *skb)
1907 struct hci_ev_disconn_complete *ev = (void *) skb->data;
1908 struct hci_conn *conn;
1910 BT_DBG("%s status %d", hdev->name, ev->status);
1914 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1918 if (ev->status == 0)
1919 conn->state = BT_CLOSED;
1921 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
1922 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
1923 if (ev->status != 0)
1924 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1925 conn->dst_type, ev->status);
1927 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
1931 if (ev->status == 0) {
1932 if (conn->type == ACL_LINK && conn->flush_key)
1933 hci_remove_link_key(hdev, &conn->dst);
1934 hci_proto_disconn_cfm(conn, ev->reason);
1939 hci_dev_unlock(hdev);
1942 static inline void hci_auth_complete_evt(struct hci_dev *hdev,
1943 struct sk_buff *skb)
1945 struct hci_ev_auth_complete *ev = (void *) skb->data;
1946 struct hci_conn *conn;
1948 BT_DBG("%s status %d", hdev->name, ev->status);
1952 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
1957 if (!hci_conn_ssp_enabled(conn) &&
1958 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
1959 BT_INFO("re-auth of legacy device is not possible.");
1961 conn->link_mode |= HCI_LM_AUTH;
1962 conn->sec_level = conn->pending_sec_level;
1965 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
1969 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
1970 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
1972 if (conn->state == BT_CONFIG) {
1973 if (!ev->status && hci_conn_ssp_enabled(conn)) {
1974 struct hci_cp_set_conn_encrypt cp;
1975 cp.handle = ev->handle;
1977 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
1980 conn->state = BT_CONNECTED;
1981 hci_proto_connect_cfm(conn, ev->status);
1985 hci_auth_cfm(conn, ev->status);
1987 hci_conn_hold(conn);
1988 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1992 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
1994 struct hci_cp_set_conn_encrypt cp;
1995 cp.handle = ev->handle;
1997 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2000 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2001 hci_encrypt_cfm(conn, ev->status, 0x00);
2006 hci_dev_unlock(hdev);
2009 static inline void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
2011 struct hci_ev_remote_name *ev = (void *) skb->data;
2012 struct hci_conn *conn;
2014 BT_DBG("%s", hdev->name);
2016 hci_conn_check_pending(hdev);
2020 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2022 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2025 if (ev->status == 0)
2026 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2027 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2029 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2035 if (!hci_outgoing_auth_needed(hdev, conn))
2038 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2039 struct hci_cp_auth_requested cp;
2040 cp.handle = __cpu_to_le16(conn->handle);
2041 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2045 hci_dev_unlock(hdev);
2048 static inline void hci_encrypt_change_evt(struct hci_dev *hdev,
2049 struct sk_buff *skb)
2051 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2052 struct hci_conn *conn;
2054 BT_DBG("%s status %d", hdev->name, ev->status);
2058 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2062 /* Encryption implies authentication */
2063 conn->link_mode |= HCI_LM_AUTH;
2064 conn->link_mode |= HCI_LM_ENCRYPT;
2065 conn->sec_level = conn->pending_sec_level;
2067 conn->link_mode &= ~HCI_LM_ENCRYPT;
2070 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2072 if (ev->status && conn->state == BT_CONNECTED) {
2073 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
2078 if (conn->state == BT_CONFIG) {
2080 conn->state = BT_CONNECTED;
2082 hci_proto_connect_cfm(conn, ev->status);
2085 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2089 hci_dev_unlock(hdev);
2092 static inline void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2093 struct sk_buff *skb)
2095 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2096 struct hci_conn *conn;
2098 BT_DBG("%s status %d", hdev->name, ev->status);
2102 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2105 conn->link_mode |= HCI_LM_SECURE;
2107 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2109 hci_key_change_cfm(conn, ev->status);
2112 hci_dev_unlock(hdev);
2115 static inline void hci_remote_features_evt(struct hci_dev *hdev,
2116 struct sk_buff *skb)
2118 struct hci_ev_remote_features *ev = (void *) skb->data;
2119 struct hci_conn *conn;
2121 BT_DBG("%s status %d", hdev->name, ev->status);
2125 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2130 memcpy(conn->features, ev->features, 8);
2132 if (conn->state != BT_CONFIG)
2135 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2136 struct hci_cp_read_remote_ext_features cp;
2137 cp.handle = ev->handle;
2139 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2144 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2145 struct hci_cp_remote_name_req cp;
2146 memset(&cp, 0, sizeof(cp));
2147 bacpy(&cp.bdaddr, &conn->dst);
2148 cp.pscan_rep_mode = 0x02;
2149 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2150 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2151 mgmt_device_connected(hdev, &conn->dst, conn->type,
2152 conn->dst_type, 0, NULL, 0,
2155 if (!hci_outgoing_auth_needed(hdev, conn)) {
2156 conn->state = BT_CONNECTED;
2157 hci_proto_connect_cfm(conn, ev->status);
2162 hci_dev_unlock(hdev);
2165 static inline void hci_remote_version_evt(struct hci_dev *hdev,
2166 struct sk_buff *skb)
2168 BT_DBG("%s", hdev->name);
2171 static inline void hci_qos_setup_complete_evt(struct hci_dev *hdev,
2172 struct sk_buff *skb)
2174 BT_DBG("%s", hdev->name);
2177 static inline void hci_cmd_complete_evt(struct hci_dev *hdev,
2178 struct sk_buff *skb)
2180 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2183 skb_pull(skb, sizeof(*ev));
2185 opcode = __le16_to_cpu(ev->opcode);
2188 case HCI_OP_INQUIRY_CANCEL:
2189 hci_cc_inquiry_cancel(hdev, skb);
2192 case HCI_OP_PERIODIC_INQ:
2193 hci_cc_periodic_inq(hdev, skb);
2196 case HCI_OP_EXIT_PERIODIC_INQ:
2197 hci_cc_exit_periodic_inq(hdev, skb);
2200 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2201 hci_cc_remote_name_req_cancel(hdev, skb);
2204 case HCI_OP_ROLE_DISCOVERY:
2205 hci_cc_role_discovery(hdev, skb);
2208 case HCI_OP_READ_LINK_POLICY:
2209 hci_cc_read_link_policy(hdev, skb);
2212 case HCI_OP_WRITE_LINK_POLICY:
2213 hci_cc_write_link_policy(hdev, skb);
2216 case HCI_OP_READ_DEF_LINK_POLICY:
2217 hci_cc_read_def_link_policy(hdev, skb);
2220 case HCI_OP_WRITE_DEF_LINK_POLICY:
2221 hci_cc_write_def_link_policy(hdev, skb);
2225 hci_cc_reset(hdev, skb);
2228 case HCI_OP_WRITE_LOCAL_NAME:
2229 hci_cc_write_local_name(hdev, skb);
2232 case HCI_OP_READ_LOCAL_NAME:
2233 hci_cc_read_local_name(hdev, skb);
2236 case HCI_OP_WRITE_AUTH_ENABLE:
2237 hci_cc_write_auth_enable(hdev, skb);
2240 case HCI_OP_WRITE_ENCRYPT_MODE:
2241 hci_cc_write_encrypt_mode(hdev, skb);
2244 case HCI_OP_WRITE_SCAN_ENABLE:
2245 hci_cc_write_scan_enable(hdev, skb);
2248 case HCI_OP_READ_CLASS_OF_DEV:
2249 hci_cc_read_class_of_dev(hdev, skb);
2252 case HCI_OP_WRITE_CLASS_OF_DEV:
2253 hci_cc_write_class_of_dev(hdev, skb);
2256 case HCI_OP_READ_VOICE_SETTING:
2257 hci_cc_read_voice_setting(hdev, skb);
2260 case HCI_OP_WRITE_VOICE_SETTING:
2261 hci_cc_write_voice_setting(hdev, skb);
2264 case HCI_OP_HOST_BUFFER_SIZE:
2265 hci_cc_host_buffer_size(hdev, skb);
2268 case HCI_OP_WRITE_SSP_MODE:
2269 hci_cc_write_ssp_mode(hdev, skb);
2272 case HCI_OP_READ_LOCAL_VERSION:
2273 hci_cc_read_local_version(hdev, skb);
2276 case HCI_OP_READ_LOCAL_COMMANDS:
2277 hci_cc_read_local_commands(hdev, skb);
2280 case HCI_OP_READ_LOCAL_FEATURES:
2281 hci_cc_read_local_features(hdev, skb);
2284 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2285 hci_cc_read_local_ext_features(hdev, skb);
2288 case HCI_OP_READ_BUFFER_SIZE:
2289 hci_cc_read_buffer_size(hdev, skb);
2292 case HCI_OP_READ_BD_ADDR:
2293 hci_cc_read_bd_addr(hdev, skb);
2296 case HCI_OP_READ_DATA_BLOCK_SIZE:
2297 hci_cc_read_data_block_size(hdev, skb);
2300 case HCI_OP_WRITE_CA_TIMEOUT:
2301 hci_cc_write_ca_timeout(hdev, skb);
2304 case HCI_OP_READ_FLOW_CONTROL_MODE:
2305 hci_cc_read_flow_control_mode(hdev, skb);
2308 case HCI_OP_READ_LOCAL_AMP_INFO:
2309 hci_cc_read_local_amp_info(hdev, skb);
2312 case HCI_OP_DELETE_STORED_LINK_KEY:
2313 hci_cc_delete_stored_link_key(hdev, skb);
2316 case HCI_OP_SET_EVENT_MASK:
2317 hci_cc_set_event_mask(hdev, skb);
2320 case HCI_OP_WRITE_INQUIRY_MODE:
2321 hci_cc_write_inquiry_mode(hdev, skb);
2324 case HCI_OP_READ_INQ_RSP_TX_POWER:
2325 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2328 case HCI_OP_SET_EVENT_FLT:
2329 hci_cc_set_event_flt(hdev, skb);
2332 case HCI_OP_PIN_CODE_REPLY:
2333 hci_cc_pin_code_reply(hdev, skb);
2336 case HCI_OP_PIN_CODE_NEG_REPLY:
2337 hci_cc_pin_code_neg_reply(hdev, skb);
2340 case HCI_OP_READ_LOCAL_OOB_DATA:
2341 hci_cc_read_local_oob_data_reply(hdev, skb);
2344 case HCI_OP_LE_READ_BUFFER_SIZE:
2345 hci_cc_le_read_buffer_size(hdev, skb);
2348 case HCI_OP_USER_CONFIRM_REPLY:
2349 hci_cc_user_confirm_reply(hdev, skb);
2352 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2353 hci_cc_user_confirm_neg_reply(hdev, skb);
2356 case HCI_OP_USER_PASSKEY_REPLY:
2357 hci_cc_user_passkey_reply(hdev, skb);
2360 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2361 hci_cc_user_passkey_neg_reply(hdev, skb);
2364 case HCI_OP_LE_SET_SCAN_PARAM:
2365 hci_cc_le_set_scan_param(hdev, skb);
2368 case HCI_OP_LE_SET_SCAN_ENABLE:
2369 hci_cc_le_set_scan_enable(hdev, skb);
2372 case HCI_OP_LE_LTK_REPLY:
2373 hci_cc_le_ltk_reply(hdev, skb);
2376 case HCI_OP_LE_LTK_NEG_REPLY:
2377 hci_cc_le_ltk_neg_reply(hdev, skb);
2380 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2381 hci_cc_write_le_host_supported(hdev, skb);
2385 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2389 if (ev->opcode != HCI_OP_NOP)
2390 del_timer(&hdev->cmd_timer);
2393 atomic_set(&hdev->cmd_cnt, 1);
2394 if (!skb_queue_empty(&hdev->cmd_q))
2395 queue_work(hdev->workqueue, &hdev->cmd_work);
2399 static inline void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2401 struct hci_ev_cmd_status *ev = (void *) skb->data;
2404 skb_pull(skb, sizeof(*ev));
2406 opcode = __le16_to_cpu(ev->opcode);
2409 case HCI_OP_INQUIRY:
2410 hci_cs_inquiry(hdev, ev->status);
2413 case HCI_OP_CREATE_CONN:
2414 hci_cs_create_conn(hdev, ev->status);
2417 case HCI_OP_ADD_SCO:
2418 hci_cs_add_sco(hdev, ev->status);
2421 case HCI_OP_AUTH_REQUESTED:
2422 hci_cs_auth_requested(hdev, ev->status);
2425 case HCI_OP_SET_CONN_ENCRYPT:
2426 hci_cs_set_conn_encrypt(hdev, ev->status);
2429 case HCI_OP_REMOTE_NAME_REQ:
2430 hci_cs_remote_name_req(hdev, ev->status);
2433 case HCI_OP_READ_REMOTE_FEATURES:
2434 hci_cs_read_remote_features(hdev, ev->status);
2437 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2438 hci_cs_read_remote_ext_features(hdev, ev->status);
2441 case HCI_OP_SETUP_SYNC_CONN:
2442 hci_cs_setup_sync_conn(hdev, ev->status);
2445 case HCI_OP_SNIFF_MODE:
2446 hci_cs_sniff_mode(hdev, ev->status);
2449 case HCI_OP_EXIT_SNIFF_MODE:
2450 hci_cs_exit_sniff_mode(hdev, ev->status);
2453 case HCI_OP_DISCONNECT:
2454 hci_cs_disconnect(hdev, ev->status);
2457 case HCI_OP_LE_CREATE_CONN:
2458 hci_cs_le_create_conn(hdev, ev->status);
2461 case HCI_OP_LE_START_ENC:
2462 hci_cs_le_start_enc(hdev, ev->status);
2466 BT_DBG("%s opcode 0x%x", hdev->name, opcode);
2470 if (ev->opcode != HCI_OP_NOP)
2471 del_timer(&hdev->cmd_timer);
2473 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2474 atomic_set(&hdev->cmd_cnt, 1);
2475 if (!skb_queue_empty(&hdev->cmd_q))
2476 queue_work(hdev->workqueue, &hdev->cmd_work);
2480 static inline void hci_role_change_evt(struct hci_dev *hdev,
2481 struct sk_buff *skb)
2483 struct hci_ev_role_change *ev = (void *) skb->data;
2484 struct hci_conn *conn;
2486 BT_DBG("%s status %d", hdev->name, ev->status);
2490 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2494 conn->link_mode &= ~HCI_LM_MASTER;
2496 conn->link_mode |= HCI_LM_MASTER;
2499 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2501 hci_role_switch_cfm(conn, ev->status, ev->role);
2504 hci_dev_unlock(hdev);
2507 static inline void hci_num_comp_pkts_evt(struct hci_dev *hdev,
2508 struct sk_buff *skb)
2510 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2513 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2514 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2518 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2519 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2520 BT_DBG("%s bad parameters", hdev->name);
2524 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2526 for (i = 0; i < ev->num_hndl; i++) {
2527 struct hci_comp_pkts_info *info = &ev->handles[i];
2528 struct hci_conn *conn;
2529 __u16 handle, count;
2531 handle = __le16_to_cpu(info->handle);
2532 count = __le16_to_cpu(info->count);
2534 conn = hci_conn_hash_lookup_handle(hdev, handle);
2538 conn->sent -= count;
2540 switch (conn->type) {
2542 hdev->acl_cnt += count;
2543 if (hdev->acl_cnt > hdev->acl_pkts)
2544 hdev->acl_cnt = hdev->acl_pkts;
2548 if (hdev->le_pkts) {
2549 hdev->le_cnt += count;
2550 if (hdev->le_cnt > hdev->le_pkts)
2551 hdev->le_cnt = hdev->le_pkts;
2553 hdev->acl_cnt += count;
2554 if (hdev->acl_cnt > hdev->acl_pkts)
2555 hdev->acl_cnt = hdev->acl_pkts;
2560 hdev->sco_cnt += count;
2561 if (hdev->sco_cnt > hdev->sco_pkts)
2562 hdev->sco_cnt = hdev->sco_pkts;
2566 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2571 queue_work(hdev->workqueue, &hdev->tx_work);
2574 static inline void hci_num_comp_blocks_evt(struct hci_dev *hdev,
2575 struct sk_buff *skb)
2577 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2580 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2581 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2585 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2586 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2587 BT_DBG("%s bad parameters", hdev->name);
2591 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2594 for (i = 0; i < ev->num_hndl; i++) {
2595 struct hci_comp_blocks_info *info = &ev->handles[i];
2596 struct hci_conn *conn;
2597 __u16 handle, block_count;
2599 handle = __le16_to_cpu(info->handle);
2600 block_count = __le16_to_cpu(info->blocks);
2602 conn = hci_conn_hash_lookup_handle(hdev, handle);
2606 conn->sent -= block_count;
2608 switch (conn->type) {
2610 hdev->block_cnt += block_count;
2611 if (hdev->block_cnt > hdev->num_blocks)
2612 hdev->block_cnt = hdev->num_blocks;
2616 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2621 queue_work(hdev->workqueue, &hdev->tx_work);
2624 static inline void hci_mode_change_evt(struct hci_dev *hdev,
2625 struct sk_buff *skb)
2627 struct hci_ev_mode_change *ev = (void *) skb->data;
2628 struct hci_conn *conn;
2630 BT_DBG("%s status %d", hdev->name, ev->status);
2634 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2636 conn->mode = ev->mode;
2637 conn->interval = __le16_to_cpu(ev->interval);
2639 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags)) {
2640 if (conn->mode == HCI_CM_ACTIVE)
2641 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2643 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2646 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2647 hci_sco_setup(conn, ev->status);
2650 hci_dev_unlock(hdev);
2653 static inline void hci_pin_code_request_evt(struct hci_dev *hdev,
2654 struct sk_buff *skb)
2656 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2657 struct hci_conn *conn;
2659 BT_DBG("%s", hdev->name);
2663 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2667 if (conn->state == BT_CONNECTED) {
2668 hci_conn_hold(conn);
2669 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2673 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2674 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2675 sizeof(ev->bdaddr), &ev->bdaddr);
2676 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2679 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2684 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2688 hci_dev_unlock(hdev);
2691 static inline void hci_link_key_request_evt(struct hci_dev *hdev,
2692 struct sk_buff *skb)
2694 struct hci_ev_link_key_req *ev = (void *) skb->data;
2695 struct hci_cp_link_key_reply cp;
2696 struct hci_conn *conn;
2697 struct link_key *key;
2699 BT_DBG("%s", hdev->name);
2701 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2706 key = hci_find_link_key(hdev, &ev->bdaddr);
2708 BT_DBG("%s link key not found for %s", hdev->name,
2709 batostr(&ev->bdaddr));
2713 BT_DBG("%s found key type %u for %s", hdev->name, key->type,
2714 batostr(&ev->bdaddr));
2716 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2717 key->type == HCI_LK_DEBUG_COMBINATION) {
2718 BT_DBG("%s ignoring debug key", hdev->name);
2722 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2724 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2725 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2726 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2730 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2731 conn->pending_sec_level == BT_SECURITY_HIGH) {
2732 BT_DBG("%s ignoring key unauthenticated for high \
2733 security", hdev->name);
2737 conn->key_type = key->type;
2738 conn->pin_length = key->pin_len;
2741 bacpy(&cp.bdaddr, &ev->bdaddr);
2742 memcpy(cp.link_key, key->val, 16);
2744 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2746 hci_dev_unlock(hdev);
2751 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2752 hci_dev_unlock(hdev);
2755 static inline void hci_link_key_notify_evt(struct hci_dev *hdev,
2756 struct sk_buff *skb)
2758 struct hci_ev_link_key_notify *ev = (void *) skb->data;
2759 struct hci_conn *conn;
2762 BT_DBG("%s", hdev->name);
2766 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2768 hci_conn_hold(conn);
2769 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2770 pin_len = conn->pin_length;
2772 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2773 conn->key_type = ev->key_type;
2778 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2779 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
2780 ev->key_type, pin_len);
2782 hci_dev_unlock(hdev);
2785 static inline void hci_clock_offset_evt(struct hci_dev *hdev,
2786 struct sk_buff *skb)
2788 struct hci_ev_clock_offset *ev = (void *) skb->data;
2789 struct hci_conn *conn;
2791 BT_DBG("%s status %d", hdev->name, ev->status);
2795 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2796 if (conn && !ev->status) {
2797 struct inquiry_entry *ie;
2799 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2801 ie->data.clock_offset = ev->clock_offset;
2802 ie->timestamp = jiffies;
2806 hci_dev_unlock(hdev);
2809 static inline void hci_pkt_type_change_evt(struct hci_dev *hdev,
2810 struct sk_buff *skb)
2812 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
2813 struct hci_conn *conn;
2815 BT_DBG("%s status %d", hdev->name, ev->status);
2819 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2820 if (conn && !ev->status)
2821 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
2823 hci_dev_unlock(hdev);
2826 static inline void hci_pscan_rep_mode_evt(struct hci_dev *hdev,
2827 struct sk_buff *skb)
2829 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
2830 struct inquiry_entry *ie;
2832 BT_DBG("%s", hdev->name);
2836 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2838 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
2839 ie->timestamp = jiffies;
2842 hci_dev_unlock(hdev);
2845 static inline void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
2846 struct sk_buff *skb)
2848 struct inquiry_data data;
2849 int num_rsp = *((__u8 *) skb->data);
2850 bool name_known, ssp;
2852 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
2857 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
2862 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
2863 struct inquiry_info_with_rssi_and_pscan_mode *info;
2864 info = (void *) (skb->data + 1);
2866 for (; num_rsp; num_rsp--, info++) {
2867 bacpy(&data.bdaddr, &info->bdaddr);
2868 data.pscan_rep_mode = info->pscan_rep_mode;
2869 data.pscan_period_mode = info->pscan_period_mode;
2870 data.pscan_mode = info->pscan_mode;
2871 memcpy(data.dev_class, info->dev_class, 3);
2872 data.clock_offset = info->clock_offset;
2873 data.rssi = info->rssi;
2874 data.ssp_mode = 0x00;
2876 name_known = hci_inquiry_cache_update(hdev, &data,
2878 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2879 info->dev_class, info->rssi,
2880 !name_known, ssp, NULL, 0);
2883 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
2885 for (; num_rsp; num_rsp--, info++) {
2886 bacpy(&data.bdaddr, &info->bdaddr);
2887 data.pscan_rep_mode = info->pscan_rep_mode;
2888 data.pscan_period_mode = info->pscan_period_mode;
2889 data.pscan_mode = 0x00;
2890 memcpy(data.dev_class, info->dev_class, 3);
2891 data.clock_offset = info->clock_offset;
2892 data.rssi = info->rssi;
2893 data.ssp_mode = 0x00;
2894 name_known = hci_inquiry_cache_update(hdev, &data,
2896 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
2897 info->dev_class, info->rssi,
2898 !name_known, ssp, NULL, 0);
2902 hci_dev_unlock(hdev);
2905 static inline void hci_remote_ext_features_evt(struct hci_dev *hdev,
2906 struct sk_buff *skb)
2908 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
2909 struct hci_conn *conn;
2911 BT_DBG("%s", hdev->name);
2915 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2919 if (!ev->status && ev->page == 0x01) {
2920 struct inquiry_entry *ie;
2922 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
2924 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2926 if (ev->features[0] & LMP_HOST_SSP)
2927 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2930 if (conn->state != BT_CONFIG)
2933 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2934 struct hci_cp_remote_name_req cp;
2935 memset(&cp, 0, sizeof(cp));
2936 bacpy(&cp.bdaddr, &conn->dst);
2937 cp.pscan_rep_mode = 0x02;
2938 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2939 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2940 mgmt_device_connected(hdev, &conn->dst, conn->type,
2941 conn->dst_type, 0, NULL, 0,
2944 if (!hci_outgoing_auth_needed(hdev, conn)) {
2945 conn->state = BT_CONNECTED;
2946 hci_proto_connect_cfm(conn, ev->status);
2951 hci_dev_unlock(hdev);
2954 static inline void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2955 struct sk_buff *skb)
2957 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
2958 struct hci_conn *conn;
2960 BT_DBG("%s status %d", hdev->name, ev->status);
2964 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
2966 if (ev->link_type == ESCO_LINK)
2969 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
2973 conn->type = SCO_LINK;
2976 switch (ev->status) {
2978 conn->handle = __le16_to_cpu(ev->handle);
2979 conn->state = BT_CONNECTED;
2981 hci_conn_hold_device(conn);
2982 hci_conn_add_sysfs(conn);
2985 case 0x11: /* Unsupported Feature or Parameter Value */
2986 case 0x1c: /* SCO interval rejected */
2987 case 0x1a: /* Unsupported Remote Feature */
2988 case 0x1f: /* Unspecified error */
2989 if (conn->out && conn->attempt < 2) {
2990 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
2991 (hdev->esco_type & EDR_ESCO_MASK);
2992 hci_setup_sync(conn, conn->link->handle);
2998 conn->state = BT_CLOSED;
3002 hci_proto_connect_cfm(conn, ev->status);
3007 hci_dev_unlock(hdev);
3010 static inline void hci_sync_conn_changed_evt(struct hci_dev *hdev,
3011 struct sk_buff *skb)
3013 BT_DBG("%s", hdev->name);
3016 static inline void hci_sniff_subrate_evt(struct hci_dev *hdev,
3017 struct sk_buff *skb)
3019 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
3021 BT_DBG("%s status %d", hdev->name, ev->status);
3024 static inline void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3025 struct sk_buff *skb)
3027 struct inquiry_data data;
3028 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3029 int num_rsp = *((__u8 *) skb->data);
3032 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3037 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3042 for (; num_rsp; num_rsp--, info++) {
3043 bool name_known, ssp;
3045 bacpy(&data.bdaddr, &info->bdaddr);
3046 data.pscan_rep_mode = info->pscan_rep_mode;
3047 data.pscan_period_mode = info->pscan_period_mode;
3048 data.pscan_mode = 0x00;
3049 memcpy(data.dev_class, info->dev_class, 3);
3050 data.clock_offset = info->clock_offset;
3051 data.rssi = info->rssi;
3052 data.ssp_mode = 0x01;
3054 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3055 name_known = eir_has_data_type(info->data,
3061 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
3063 eir_len = eir_get_length(info->data, sizeof(info->data));
3064 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3065 info->dev_class, info->rssi, !name_known,
3066 ssp, info->data, eir_len);
3069 hci_dev_unlock(hdev);
3072 static inline u8 hci_get_auth_req(struct hci_conn *conn)
3074 /* If remote requests dedicated bonding follow that lead */
3075 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3076 /* If both remote and local IO capabilities allow MITM
3077 * protection then require it, otherwise don't */
3078 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3084 /* If remote requests no-bonding follow that lead */
3085 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
3086 return conn->remote_auth | (conn->auth_type & 0x01);
3088 return conn->auth_type;
3091 static inline void hci_io_capa_request_evt(struct hci_dev *hdev,
3092 struct sk_buff *skb)
3094 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3095 struct hci_conn *conn;
3097 BT_DBG("%s", hdev->name);
3101 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3105 hci_conn_hold(conn);
3107 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3110 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3111 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3112 struct hci_cp_io_capability_reply cp;
3114 bacpy(&cp.bdaddr, &ev->bdaddr);
3115 /* Change the IO capability from KeyboardDisplay
3116 * to DisplayYesNo as it is not supported by BT spec. */
3117 cp.capability = (conn->io_capability == 0x04) ?
3118 0x01 : conn->io_capability;
3119 conn->auth_type = hci_get_auth_req(conn);
3120 cp.authentication = conn->auth_type;
3122 if ((conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)) &&
3123 hci_find_remote_oob_data(hdev, &conn->dst))
3128 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3131 struct hci_cp_io_capability_neg_reply cp;
3133 bacpy(&cp.bdaddr, &ev->bdaddr);
3134 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3136 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3141 hci_dev_unlock(hdev);
3144 static inline void hci_io_capa_reply_evt(struct hci_dev *hdev,
3145 struct sk_buff *skb)
3147 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3148 struct hci_conn *conn;
3150 BT_DBG("%s", hdev->name);
3154 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3158 conn->remote_cap = ev->capability;
3159 conn->remote_auth = ev->authentication;
3161 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3164 hci_dev_unlock(hdev);
3167 static inline void hci_user_confirm_request_evt(struct hci_dev *hdev,
3168 struct sk_buff *skb)
3170 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3171 int loc_mitm, rem_mitm, confirm_hint = 0;
3172 struct hci_conn *conn;
3174 BT_DBG("%s", hdev->name);
3178 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3181 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3185 loc_mitm = (conn->auth_type & 0x01);
3186 rem_mitm = (conn->remote_auth & 0x01);
3188 /* If we require MITM but the remote device can't provide that
3189 * (it has NoInputNoOutput) then reject the confirmation
3190 * request. The only exception is when we're dedicated bonding
3191 * initiators (connect_cfm_cb set) since then we always have the MITM
3193 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3194 BT_DBG("Rejecting request: remote device can't provide MITM");
3195 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3196 sizeof(ev->bdaddr), &ev->bdaddr);
3200 /* If no side requires MITM protection; auto-accept */
3201 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3202 (!rem_mitm || conn->io_capability == 0x03)) {
3204 /* If we're not the initiators request authorization to
3205 * proceed from user space (mgmt_user_confirm with
3206 * confirm_hint set to 1). */
3207 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3208 BT_DBG("Confirming auto-accept as acceptor");
3213 BT_DBG("Auto-accept of user confirmation with %ums delay",
3214 hdev->auto_accept_delay);
3216 if (hdev->auto_accept_delay > 0) {
3217 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3218 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3222 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3223 sizeof(ev->bdaddr), &ev->bdaddr);
3228 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3232 hci_dev_unlock(hdev);
3235 static inline void hci_user_passkey_request_evt(struct hci_dev *hdev,
3236 struct sk_buff *skb)
3238 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3240 BT_DBG("%s", hdev->name);
3244 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3245 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3247 hci_dev_unlock(hdev);
3250 static inline void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3251 struct sk_buff *skb)
3253 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3254 struct hci_conn *conn;
3256 BT_DBG("%s", hdev->name);
3260 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3264 /* To avoid duplicate auth_failed events to user space we check
3265 * the HCI_CONN_AUTH_PEND flag which will be set if we
3266 * initiated the authentication. A traditional auth_complete
3267 * event gets always produced as initiator and is also mapped to
3268 * the mgmt_auth_failed event */
3269 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status != 0)
3270 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3276 hci_dev_unlock(hdev);
3279 static inline void hci_remote_host_features_evt(struct hci_dev *hdev,
3280 struct sk_buff *skb)
3282 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3283 struct inquiry_entry *ie;
3285 BT_DBG("%s", hdev->name);
3289 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3291 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3293 hci_dev_unlock(hdev);
3296 static inline void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3297 struct sk_buff *skb)
3299 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3300 struct oob_data *data;
3302 BT_DBG("%s", hdev->name);
3306 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3309 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3311 struct hci_cp_remote_oob_data_reply cp;
3313 bacpy(&cp.bdaddr, &ev->bdaddr);
3314 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3315 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3317 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3320 struct hci_cp_remote_oob_data_neg_reply cp;
3322 bacpy(&cp.bdaddr, &ev->bdaddr);
3323 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3328 hci_dev_unlock(hdev);
3331 static inline void hci_le_conn_complete_evt(struct hci_dev *hdev,
3332 struct sk_buff *skb)
3334 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3335 struct hci_conn *conn;
3337 BT_DBG("%s status %d", hdev->name, ev->status);
3341 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &ev->bdaddr);
3343 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3345 BT_ERR("No memory for new connection");
3346 hci_dev_unlock(hdev);
3350 conn->dst_type = ev->bdaddr_type;
3354 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
3355 conn->dst_type, ev->status);
3356 hci_proto_connect_cfm(conn, ev->status);
3357 conn->state = BT_CLOSED;
3362 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3363 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3364 conn->dst_type, 0, NULL, 0, NULL);
3366 conn->sec_level = BT_SECURITY_LOW;
3367 conn->handle = __le16_to_cpu(ev->handle);
3368 conn->state = BT_CONNECTED;
3370 hci_conn_hold_device(conn);
3371 hci_conn_add_sysfs(conn);
3373 hci_proto_connect_cfm(conn, ev->status);
3376 hci_dev_unlock(hdev);
3379 static inline void hci_le_adv_report_evt(struct hci_dev *hdev,
3380 struct sk_buff *skb)
3382 u8 num_reports = skb->data[0];
3383 void *ptr = &skb->data[1];
3388 while (num_reports--) {
3389 struct hci_ev_le_advertising_info *ev = ptr;
3391 rssi = ev->data[ev->length];
3392 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3393 NULL, rssi, 0, 1, ev->data, ev->length);
3395 ptr += sizeof(*ev) + ev->length + 1;
3398 hci_dev_unlock(hdev);
3401 static inline void hci_le_ltk_request_evt(struct hci_dev *hdev,
3402 struct sk_buff *skb)
3404 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3405 struct hci_cp_le_ltk_reply cp;
3406 struct hci_cp_le_ltk_neg_reply neg;
3407 struct hci_conn *conn;
3408 struct smp_ltk *ltk;
3410 BT_DBG("%s handle %d", hdev->name, __le16_to_cpu(ev->handle));
3414 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3418 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3422 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3423 cp.handle = cpu_to_le16(conn->handle);
3425 if (ltk->authenticated)
3426 conn->sec_level = BT_SECURITY_HIGH;
3428 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3430 if (ltk->type & HCI_SMP_STK) {
3431 list_del(<k->list);
3435 hci_dev_unlock(hdev);
3440 neg.handle = ev->handle;
3441 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3442 hci_dev_unlock(hdev);
3445 static inline void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3447 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3449 skb_pull(skb, sizeof(*le_ev));
3451 switch (le_ev->subevent) {
3452 case HCI_EV_LE_CONN_COMPLETE:
3453 hci_le_conn_complete_evt(hdev, skb);
3456 case HCI_EV_LE_ADVERTISING_REPORT:
3457 hci_le_adv_report_evt(hdev, skb);
3460 case HCI_EV_LE_LTK_REQ:
3461 hci_le_ltk_request_evt(hdev, skb);
3469 void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3471 struct hci_event_hdr *hdr = (void *) skb->data;
3472 __u8 event = hdr->evt;
3474 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3477 case HCI_EV_INQUIRY_COMPLETE:
3478 hci_inquiry_complete_evt(hdev, skb);
3481 case HCI_EV_INQUIRY_RESULT:
3482 hci_inquiry_result_evt(hdev, skb);
3485 case HCI_EV_CONN_COMPLETE:
3486 hci_conn_complete_evt(hdev, skb);
3489 case HCI_EV_CONN_REQUEST:
3490 hci_conn_request_evt(hdev, skb);
3493 case HCI_EV_DISCONN_COMPLETE:
3494 hci_disconn_complete_evt(hdev, skb);
3497 case HCI_EV_AUTH_COMPLETE:
3498 hci_auth_complete_evt(hdev, skb);
3501 case HCI_EV_REMOTE_NAME:
3502 hci_remote_name_evt(hdev, skb);
3505 case HCI_EV_ENCRYPT_CHANGE:
3506 hci_encrypt_change_evt(hdev, skb);
3509 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3510 hci_change_link_key_complete_evt(hdev, skb);
3513 case HCI_EV_REMOTE_FEATURES:
3514 hci_remote_features_evt(hdev, skb);
3517 case HCI_EV_REMOTE_VERSION:
3518 hci_remote_version_evt(hdev, skb);
3521 case HCI_EV_QOS_SETUP_COMPLETE:
3522 hci_qos_setup_complete_evt(hdev, skb);
3525 case HCI_EV_CMD_COMPLETE:
3526 hci_cmd_complete_evt(hdev, skb);
3529 case HCI_EV_CMD_STATUS:
3530 hci_cmd_status_evt(hdev, skb);
3533 case HCI_EV_ROLE_CHANGE:
3534 hci_role_change_evt(hdev, skb);
3537 case HCI_EV_NUM_COMP_PKTS:
3538 hci_num_comp_pkts_evt(hdev, skb);
3541 case HCI_EV_MODE_CHANGE:
3542 hci_mode_change_evt(hdev, skb);
3545 case HCI_EV_PIN_CODE_REQ:
3546 hci_pin_code_request_evt(hdev, skb);
3549 case HCI_EV_LINK_KEY_REQ:
3550 hci_link_key_request_evt(hdev, skb);
3553 case HCI_EV_LINK_KEY_NOTIFY:
3554 hci_link_key_notify_evt(hdev, skb);
3557 case HCI_EV_CLOCK_OFFSET:
3558 hci_clock_offset_evt(hdev, skb);
3561 case HCI_EV_PKT_TYPE_CHANGE:
3562 hci_pkt_type_change_evt(hdev, skb);
3565 case HCI_EV_PSCAN_REP_MODE:
3566 hci_pscan_rep_mode_evt(hdev, skb);
3569 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
3570 hci_inquiry_result_with_rssi_evt(hdev, skb);
3573 case HCI_EV_REMOTE_EXT_FEATURES:
3574 hci_remote_ext_features_evt(hdev, skb);
3577 case HCI_EV_SYNC_CONN_COMPLETE:
3578 hci_sync_conn_complete_evt(hdev, skb);
3581 case HCI_EV_SYNC_CONN_CHANGED:
3582 hci_sync_conn_changed_evt(hdev, skb);
3585 case HCI_EV_SNIFF_SUBRATE:
3586 hci_sniff_subrate_evt(hdev, skb);
3589 case HCI_EV_EXTENDED_INQUIRY_RESULT:
3590 hci_extended_inquiry_result_evt(hdev, skb);
3593 case HCI_EV_IO_CAPA_REQUEST:
3594 hci_io_capa_request_evt(hdev, skb);
3597 case HCI_EV_IO_CAPA_REPLY:
3598 hci_io_capa_reply_evt(hdev, skb);
3601 case HCI_EV_USER_CONFIRM_REQUEST:
3602 hci_user_confirm_request_evt(hdev, skb);
3605 case HCI_EV_USER_PASSKEY_REQUEST:
3606 hci_user_passkey_request_evt(hdev, skb);
3609 case HCI_EV_SIMPLE_PAIR_COMPLETE:
3610 hci_simple_pair_complete_evt(hdev, skb);
3613 case HCI_EV_REMOTE_HOST_FEATURES:
3614 hci_remote_host_features_evt(hdev, skb);
3617 case HCI_EV_LE_META:
3618 hci_le_meta_evt(hdev, skb);
3621 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
3622 hci_remote_oob_data_request_evt(hdev, skb);
3625 case HCI_EV_NUM_COMP_BLOCKS:
3626 hci_num_comp_blocks_evt(hdev, skb);
3630 BT_DBG("%s event 0x%x", hdev->name, event);
3635 hdev->stat.evt_rx++;
projects / ~andy / linux / blob