File: /usr/src/linux/net/bluetooth/l2cap_core.c
1 /*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23 */
24
25 /*
26 * BlueZ L2CAP core and sockets.
27 *
28 * $Id: l2cap_core.c,v 1.19 2001/08/03 04:19:50 maxk Exp $
29 */
30 #define VERSION "1.1"
31
32 #include <linux/config.h>
33 #include <linux/module.h>
34
35 #include <linux/types.h>
36 #include <linux/errno.h>
37 #include <linux/kernel.h>
38 #include <linux/major.h>
39 #include <linux/sched.h>
40 #include <linux/slab.h>
41 #include <linux/poll.h>
42 #include <linux/fcntl.h>
43 #include <linux/init.h>
44 #include <linux/skbuff.h>
45 #include <linux/interrupt.h>
46 #include <linux/socket.h>
47 #include <linux/skbuff.h>
48 #include <linux/proc_fs.h>
49 #include <linux/list.h>
50 #include <net/sock.h>
51
52 #include <asm/system.h>
53 #include <asm/uaccess.h>
54
55 #include <net/bluetooth/bluetooth.h>
56 #include <net/bluetooth/bluez.h>
57 #include <net/bluetooth/hci_core.h>
58 #include <net/bluetooth/l2cap.h>
59 #include <net/bluetooth/l2cap_core.h>
60
61 #ifndef L2CAP_DEBUG
62 #undef DBG
63 #define DBG( A... )
64 #endif
65
66 struct proto_ops l2cap_sock_ops;
67
68 struct bluez_sock_list l2cap_sk_list = {
69 lock: RW_LOCK_UNLOCKED
70 };
71
72 struct list_head l2cap_iff_list = LIST_HEAD_INIT(l2cap_iff_list);
73 rwlock_t l2cap_rt_lock = RW_LOCK_UNLOCKED;
74
75 static int l2cap_conn_del(struct l2cap_conn *conn, int err);
76
77 static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent);
78 static void l2cap_chan_del(struct sock *sk, int err);
79 static int l2cap_chan_send(struct sock *sk, struct msghdr *msg, int len);
80
81 static void l2cap_sock_close(struct sock *sk);
82 static void l2cap_sock_kill(struct sock *sk);
83
84 static int l2cap_send_req(struct l2cap_conn *conn, __u8 code, __u16 len, void *data);
85 static int l2cap_send_rsp(struct l2cap_conn *conn, __u8 ident, __u8 code, __u16 len, void *data);
86
87 /* -------- L2CAP interfaces & routing --------- */
88 /* Add/delete L2CAP interface.
89 * Must be called with locked rt_lock
90 */
91
92 static void l2cap_iff_add(struct hci_dev *hdev)
93 {
94 struct l2cap_iff *iff;
95
96 DBG("%s", hdev->name);
97
98 DBG("iff_list %p next %p prev %p", &l2cap_iff_list, l2cap_iff_list.next, l2cap_iff_list.prev);
99
100 /* Allocate new interface and lock HCI device */
101 if (!(iff = kmalloc(sizeof(struct l2cap_iff), GFP_KERNEL))) {
102 ERR("Can't allocate new interface %s", hdev->name);
103 return;
104 }
105 memset(iff, 0, sizeof(struct l2cap_iff));
106
107 hci_dev_hold(hdev);
108 hdev->l2cap_data = iff;
109 iff->hdev = hdev;
110 iff->mtu = hdev->acl_mtu - HCI_ACL_HDR_SIZE;
111 iff->bdaddr = &hdev->bdaddr;
112
113 spin_lock_init(&iff->lock);
114 INIT_LIST_HEAD(&iff->conn_list);
115
116 list_add(&iff->list, &l2cap_iff_list);
117 }
118
119 static void l2cap_iff_del(struct hci_dev *hdev)
120 {
121 struct l2cap_iff *iff;
122
123 if (!(iff = hdev->l2cap_data))
124 return;
125
126 DBG("%s iff %p", hdev->name, iff);
127
128 list_del(&iff->list);
129
130 l2cap_iff_lock(iff);
131
132 /* Drop connections */
133 while (!list_empty(&iff->conn_list)) {
134 struct l2cap_conn *c;
135
136 c = list_entry(iff->conn_list.next, struct l2cap_conn, list);
137 l2cap_conn_del(c, ENODEV);
138 }
139
140 l2cap_iff_unlock(iff);
141
142 /* Unlock HCI device */
143 hdev->l2cap_data = NULL;
144 hci_dev_put(hdev);
145
146 kfree(iff);
147 }
148
149 /* Get route. Returns L2CAP interface.
150 * Must be called with locked rt_lock
151 */
152 static struct l2cap_iff *l2cap_get_route(bdaddr_t *src, bdaddr_t *dst)
153 {
154 struct list_head *p;
155 int use_src;
156
157 DBG("%s -> %s", batostr(src), batostr(dst));
158
159 use_src = bacmp(src, BDADDR_ANY) ? 0 : 1;
160
161 /* Simple routing:
162 * No source address - find interface with bdaddr != dst
163 * Source address - find interface with bdaddr == src
164 */
165
166 list_for_each(p, &l2cap_iff_list) {
167 struct l2cap_iff *iff;
168
169 iff = list_entry(p, struct l2cap_iff, list);
170
171 if (use_src && !bacmp(iff->bdaddr, src))
172 return iff;
173 else if (bacmp(iff->bdaddr, dst))
174 return iff;
175 }
176 return NULL;
177 }
178
179 /* ----- L2CAP timers ------ */
180 static void l2cap_sock_timeout(unsigned long arg)
181 {
182 struct sock *sk = (struct sock *) arg;
183
184 DBG("sock %p state %d", sk, sk->state);
185
186 bh_lock_sock(sk);
187 switch (sk->state) {
188 case BT_DISCONN:
189 l2cap_chan_del(sk, ETIMEDOUT);
190 break;
191
192 default:
193 sk->err = ETIMEDOUT;
194 sk->state_change(sk);
195 break;
196 };
197 bh_unlock_sock(sk);
198
199 l2cap_sock_kill(sk);
200 sock_put(sk);
201 }
202
203 static void l2cap_sock_set_timer(struct sock *sk, long timeout)
204 {
205 DBG("sock %p state %d timeout %ld", sk, sk->state, timeout);
206
207 if (!mod_timer(&sk->timer, jiffies + timeout))
208 sock_hold(sk);
209 }
210
211 static void l2cap_sock_clear_timer(struct sock *sk)
212 {
213 DBG("sock %p state %d", sk, sk->state);
214
215 if (timer_pending(&sk->timer) && del_timer(&sk->timer))
216 __sock_put(sk);
217 }
218
219 static void l2cap_sock_init_timer(struct sock *sk)
220 {
221 init_timer(&sk->timer);
222 sk->timer.function = l2cap_sock_timeout;
223 sk->timer.data = (unsigned long)sk;
224 }
225
226 static void l2cap_conn_timeout(unsigned long arg)
227 {
228 struct l2cap_conn *conn = (void *)arg;
229
230 DBG("conn %p state %d", conn, conn->state);
231
232 if (conn->state == BT_CONNECTED) {
233 hci_disconnect(conn->hconn, 0x13);
234 }
235
236 return;
237 }
238
239 static void l2cap_conn_set_timer(struct l2cap_conn *conn, long timeout)
240 {
241 DBG("conn %p state %d timeout %ld", conn, conn->state, timeout);
242
243 mod_timer(&conn->timer, jiffies + timeout);
244 }
245
246 static void l2cap_conn_clear_timer(struct l2cap_conn *conn)
247 {
248 DBG("conn %p state %d", conn, conn->state);
249
250 del_timer(&conn->timer);
251 }
252
253 static void l2cap_conn_init_timer(struct l2cap_conn *conn)
254 {
255 init_timer(&conn->timer);
256 conn->timer.function = l2cap_conn_timeout;
257 conn->timer.data = (unsigned long)conn;
258 }
259
260 /* -------- L2CAP connections --------- */
261 /* Add new connection to the interface.
262 * Interface must be locked
263 */
264 static struct l2cap_conn *l2cap_conn_add(struct l2cap_iff *iff, bdaddr_t *dst)
265 {
266 struct l2cap_conn *conn;
267 bdaddr_t *src = iff->bdaddr;
268
269 if (!(conn = kmalloc(sizeof(struct l2cap_conn), GFP_KERNEL)))
270 return NULL;
271
272 memset(conn, 0, sizeof(struct l2cap_conn));
273
274 conn->state = BT_OPEN;
275 conn->iff = iff;
276 bacpy(&conn->src, src);
277 bacpy(&conn->dst, dst);
278
279 spin_lock_init(&conn->lock);
280 conn->chan_list.lock = RW_LOCK_UNLOCKED;
281
282 l2cap_conn_init_timer(conn);
283
284 __l2cap_conn_link(iff, conn);
285
286 DBG("%s -> %s, %p", batostr(src), batostr(dst), conn);
287
288 MOD_INC_USE_COUNT;
289
290 return conn;
291 }
292
293 /* Delete connection on the interface.
294 * Interface must be locked
295 */
296 static int l2cap_conn_del(struct l2cap_conn *conn, int err)
297 {
298 struct sock *sk;
299
300 DBG("conn %p, state %d, err %d", conn, conn->state, err);
301
302 l2cap_conn_clear_timer(conn);
303 __l2cap_conn_unlink(conn->iff, conn);
304
305 conn->state = BT_CLOSED;
306
307 if (conn->rx_skb)
308 kfree_skb(conn->rx_skb);
309
310 /* Kill channels */
311 while ((sk = conn->chan_list.head)) {
312 bh_lock_sock(sk);
313 l2cap_sock_clear_timer(sk);
314 l2cap_chan_del(sk, err);
315 bh_unlock_sock(sk);
316
317 l2cap_sock_kill(sk);
318 }
319
320 kfree(conn);
321
322 MOD_DEC_USE_COUNT;
323 return 0;
324 }
325
326 static inline struct l2cap_conn *l2cap_get_conn_by_addr(struct l2cap_iff *iff, bdaddr_t *dst)
327 {
328 struct list_head *p;
329
330 list_for_each(p, &iff->conn_list) {
331 struct l2cap_conn *c;
332
333 c = list_entry(p, struct l2cap_conn, list);
334 if (!bacmp(&c->dst, dst))
335 return c;
336 }
337 return NULL;
338 }
339
340 int l2cap_connect(struct sock *sk)
341 {
342 bdaddr_t *src = &l2cap_pi(sk)->src;
343 bdaddr_t *dst = &l2cap_pi(sk)->dst;
344 struct l2cap_conn *conn;
345 struct l2cap_iff *iff;
346 int err = 0;
347
348 DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst), l2cap_pi(sk)->psm);
349
350 read_lock_bh(&l2cap_rt_lock);
351
352 /* Get route to remote BD address */
353 if (!(iff = l2cap_get_route(src, dst))) {
354 err = -EHOSTUNREACH;
355 goto done;
356 }
357
358 /* Update source addr of the socket */
359 bacpy(src, iff->bdaddr);
360
361 l2cap_iff_lock(iff);
362
363 if (!(conn = l2cap_get_conn_by_addr(iff, dst))) {
364 /* Connection doesn't exist */
365 if (!(conn = l2cap_conn_add(iff, dst))) {
366 l2cap_iff_unlock(iff);
367 err = -ENOMEM;
368 goto done;
369 }
370 conn->out = 1;
371 }
372
373 l2cap_iff_unlock(iff);
374
375 l2cap_chan_add(conn, sk, NULL);
376
377 sk->state = BT_CONNECT;
378 l2cap_sock_set_timer(sk, sk->sndtimeo);
379
380 switch (conn->state) {
381 case BT_CONNECTED:
382 if (sk->type == SOCK_SEQPACKET) {
383 l2cap_conn_req req;
384 req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);
385 req.psm = l2cap_pi(sk)->psm;
386 l2cap_send_req(conn, L2CAP_CONN_REQ, L2CAP_CONN_REQ_SIZE, &req);
387 } else {
388 l2cap_sock_clear_timer(sk);
389 sk->state = BT_CONNECTED;
390 }
391 break;
392
393 case BT_CONNECT:
394 break;
395
396 default:
397 /* Create ACL connection */
398 conn->state = BT_CONNECT;
399 hci_connect(iff->hdev, dst);
400 break;
401 };
402
403 done:
404 read_unlock_bh(&l2cap_rt_lock);
405 return err;
406 }
407
408 /* ------ Channel queues for listening sockets ------ */
409 void l2cap_accept_queue(struct sock *parent, struct sock *sk)
410 {
411 struct l2cap_accept_q *q = &l2cap_pi(parent)->accept_q;
412
413 DBG("parent %p, sk %p", parent, sk);
414
415 sock_hold(sk);
416 l2cap_pi(sk)->parent = parent;
417 l2cap_pi(sk)->next_q = NULL;
418
419 if (!q->head) {
420 q->head = q->tail = sk;
421 } else {
422 struct sock *tail = q->tail;
423
424 l2cap_pi(sk)->prev_q = tail;
425 l2cap_pi(tail)->next_q = sk;
426 q->tail = sk;
427 }
428
429 parent->ack_backlog++;
430 }
431
432 void l2cap_accept_unlink(struct sock *sk)
433 {
434 struct sock *parent = l2cap_pi(sk)->parent;
435 struct l2cap_accept_q *q = &l2cap_pi(parent)->accept_q;
436 struct sock *next, *prev;
437
438 DBG("sk %p", sk);
439
440 next = l2cap_pi(sk)->next_q;
441 prev = l2cap_pi(sk)->prev_q;
442
443 if (sk == q->head)
444 q->head = next;
445 if (sk == q->tail)
446 q->tail = prev;
447
448 if (next)
449 l2cap_pi(next)->prev_q = prev;
450 if (prev)
451 l2cap_pi(prev)->next_q = next;
452
453 l2cap_pi(sk)->parent = NULL;
454
455 parent->ack_backlog--;
456 __sock_put(sk);
457 }
458
459 /* Get next connected channel in queue. */
460 struct sock *l2cap_accept_dequeue(struct sock *parent, int state)
461 {
462 struct l2cap_accept_q *q = &l2cap_pi(parent)->accept_q;
463 struct sock *sk;
464
465 for (sk = q->head; sk; sk = l2cap_pi(sk)->next_q) {
466 if (!state || sk->state == state) {
467 l2cap_accept_unlink(sk);
468 break;
469 }
470 }
471
472 DBG("parent %p, sk %p", parent, sk);
473
474 return sk;
475 }
476
477 /* -------- Socket interface ---------- */
478 static struct sock *__l2cap_get_sock_by_addr(struct sockaddr_l2 *addr)
479 {
480 bdaddr_t *src = &addr->l2_bdaddr;
481 __u16 psm = addr->l2_psm;
482 struct sock *sk;
483
484 for (sk = l2cap_sk_list.head; sk; sk = sk->next) {
485 if (l2cap_pi(sk)->psm == psm &&
486 !bacmp(&l2cap_pi(sk)->src, src))
487 break;
488 }
489
490 return sk;
491 }
492
493 /* Find socket listening on psm and source bdaddr.
494 * Returns closest match.
495 */
496 static struct sock *l2cap_get_sock_listen(bdaddr_t *src, __u16 psm)
497 {
498 struct sock *sk, *sk1 = NULL;
499
500 read_lock(&l2cap_sk_list.lock);
501
502 for (sk = l2cap_sk_list.head; sk; sk = sk->next) {
503 struct l2cap_pinfo *pi;
504
505 if (sk->state != BT_LISTEN)
506 continue;
507
508 pi = l2cap_pi(sk);
509
510 if (pi->psm == psm) {
511 /* Exact match. */
512 if (!bacmp(&pi->src, src))
513 break;
514
515 /* Closest match */
516 if (!bacmp(&pi->src, BDADDR_ANY))
517 sk1 = sk;
518 }
519 }
520
521 read_unlock(&l2cap_sk_list.lock);
522
523 return sk ? sk : sk1;
524 }
525
526 static void l2cap_sock_destruct(struct sock *sk)
527 {
528 DBG("sk %p", sk);
529
530 skb_queue_purge(&sk->receive_queue);
531 skb_queue_purge(&sk->write_queue);
532
533 MOD_DEC_USE_COUNT;
534 }
535
536 static void l2cap_sock_cleanup_listen(struct sock *parent)
537 {
538 struct sock *sk;
539
540 DBG("parent %p", parent);
541
542 /* Close not yet accepted channels */
543 while ((sk = l2cap_accept_dequeue(parent, 0)))
544 l2cap_sock_close(sk);
545
546 parent->state = BT_CLOSED;
547 parent->zapped = 1;
548 }
549
550 /* Kill socket (only if zapped and orphan)
551 * Must be called on unlocked socket.
552 */
553 static void l2cap_sock_kill(struct sock *sk)
554 {
555 if (!sk->zapped || sk->socket)
556 return;
557
558 DBG("sk %p state %d", sk, sk->state);
559
560 /* Kill poor orphan */
561 bluez_sock_unlink(&l2cap_sk_list, sk);
562 sk->dead = 1;
563 sock_put(sk);
564 }
565
566 /* Close socket.
567 * Must be called on unlocked socket.
568 */
569 static void l2cap_sock_close(struct sock *sk)
570 {
571 struct l2cap_conn *conn;
572
573 l2cap_sock_clear_timer(sk);
574
575 lock_sock(sk);
576
577 conn = l2cap_pi(sk)->conn;
578
579 DBG("sk %p state %d conn %p socket %p", sk, sk->state, conn, sk->socket);
580
581 switch (sk->state) {
582 case BT_LISTEN:
583 l2cap_sock_cleanup_listen(sk);
584 break;
585
586 case BT_CONNECTED:
587 case BT_CONFIG:
588 if (sk->type == SOCK_SEQPACKET) {
589 l2cap_disconn_req req;
590
591 sk->state = BT_DISCONN;
592
593 req.dcid = __cpu_to_le16(l2cap_pi(sk)->dcid);
594 req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);
595 l2cap_send_req(conn, L2CAP_DISCONN_REQ, L2CAP_DISCONN_REQ_SIZE, &req);
596
597 l2cap_sock_set_timer(sk, sk->sndtimeo);
598 } else {
599 l2cap_chan_del(sk, ECONNRESET);
600 }
601 break;
602
603 case BT_CONNECT:
604 case BT_DISCONN:
605 l2cap_chan_del(sk, ECONNRESET);
606 break;
607
608 default:
609 sk->zapped = 1;
610 break;
611 };
612
613 release_sock(sk);
614
615 l2cap_sock_kill(sk);
616 }
617
618 static void l2cap_sock_init(struct sock *sk, struct sock *parent)
619 {
620 struct l2cap_pinfo *pi = l2cap_pi(sk);
621
622 DBG("sk %p", sk);
623
624 if (parent) {
625 sk->type = parent->type;
626
627 pi->imtu = l2cap_pi(parent)->imtu;
628 pi->omtu = l2cap_pi(parent)->omtu;
629 } else {
630 pi->imtu = L2CAP_DEFAULT_MTU;
631 pi->omtu = 0;
632 }
633
634 /* Default config options */
635 pi->conf_mtu = L2CAP_DEFAULT_MTU;
636 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
637 }
638
639 static struct sock *l2cap_sock_alloc(struct socket *sock, int proto, int prio)
640 {
641 struct sock *sk;
642
643 if (!(sk = sk_alloc(PF_BLUETOOTH, prio, 1)))
644 return NULL;
645
646 sock_init_data(sock, sk);
647
648 sk->zapped = 0;
649
650 sk->destruct = l2cap_sock_destruct;
651 sk->sndtimeo = L2CAP_CONN_TIMEOUT;
652
653 sk->protocol = proto;
654 sk->state = BT_OPEN;
655
656 l2cap_sock_init_timer(sk);
657
658 bluez_sock_link(&l2cap_sk_list, sk);
659
660 MOD_INC_USE_COUNT;
661
662 return sk;
663 }
664
665 static int l2cap_sock_create(struct socket *sock, int protocol)
666 {
667 struct sock *sk;
668
669 DBG("sock %p", sock);
670
671 sock->state = SS_UNCONNECTED;
672
673 if (sock->type != SOCK_SEQPACKET && sock->type != SOCK_RAW)
674 return -ESOCKTNOSUPPORT;
675
676 sock->ops = &l2cap_sock_ops;
677
678 if (!(sk = l2cap_sock_alloc(sock, protocol, GFP_KERNEL)))
679 return -ENOMEM;
680
681 l2cap_sock_init(sk, NULL);
682
683 return 0;
684 }
685
686 static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int addr_len)
687 {
688 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
689 struct sock *sk = sock->sk;
690 int err = 0;
691
692 DBG("sk %p, %s %d", sk, batostr(&la->l2_bdaddr), la->l2_psm);
693
694 if (!addr || addr->sa_family != AF_BLUETOOTH)
695 return -EINVAL;
696
697 lock_sock(sk);
698
699 if (sk->state != BT_OPEN) {
700 err = -EBADFD;
701 goto done;
702 }
703
704 write_lock(&l2cap_sk_list.lock);
705
706 if (la->l2_psm && __l2cap_get_sock_by_addr(la)) {
707 err = -EADDRINUSE;
708 goto unlock;
709 }
710
711 /* Save source address */
712 bacpy(&l2cap_pi(sk)->src, &la->l2_bdaddr);
713 l2cap_pi(sk)->psm = la->l2_psm;
714 sk->state = BT_BOUND;
715
716 unlock:
717 write_unlock(&l2cap_sk_list.lock);
718
719 done:
720 release_sock(sk);
721
722 return err;
723 }
724
725 static int l2cap_sock_w4_connect(struct sock *sk, int flags)
726 {
727 DECLARE_WAITQUEUE(wait, current);
728 long timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
729 int err = 0;
730
731 DBG("sk %p", sk);
732
733 add_wait_queue(sk->sleep, &wait);
734 current->state = TASK_INTERRUPTIBLE;
735
736 while (sk->state != BT_CONNECTED) {
737 if (!timeo) {
738 err = -EAGAIN;
739 break;
740 }
741
742 release_sock(sk);
743 timeo = schedule_timeout(timeo);
744 lock_sock(sk);
745
746 err = 0;
747 if (sk->state == BT_CONNECTED)
748 break;
749
750 if (sk->err) {
751 err = sock_error(sk);
752 break;
753 }
754
755 if (signal_pending(current)) {
756 err = sock_intr_errno(timeo);
757 break;
758 }
759 }
760 current->state = TASK_RUNNING;
761 remove_wait_queue(sk->sleep, &wait);
762
763 return err;
764 }
765
766 static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
767 {
768 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
769 struct sock *sk = sock->sk;
770 int err = 0;
771
772 lock_sock(sk);
773
774 DBG("sk %p", sk);
775
776 if (addr->sa_family != AF_BLUETOOTH || alen < sizeof(struct sockaddr_l2)) {
777 err = -EINVAL;
778 goto done;
779 }
780
781 if (sk->state != BT_OPEN && sk->state != BT_BOUND) {
782 err = -EBADFD;
783 goto done;
784 }
785
786 if (sk->type == SOCK_SEQPACKET && !la->l2_psm) {
787 err = -EINVAL;
788 goto done;
789 }
790
791 /* Set destination address and psm */
792 bacpy(&l2cap_pi(sk)->dst, &la->l2_bdaddr);
793 l2cap_pi(sk)->psm = la->l2_psm;
794
795 if ((err = l2cap_connect(sk)))
796 goto done;
797
798 err = l2cap_sock_w4_connect(sk, flags);
799
800 done:
801 release_sock(sk);
802 return err;
803 }
804
805 int l2cap_sock_listen(struct socket *sock, int backlog)
806 {
807 struct sock *sk = sock->sk;
808 int err = 0;
809
810 DBG("sk %p backlog %d", sk, backlog);
811
812 lock_sock(sk);
813
814 if (sk->state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
815 err = -EBADFD;
816 goto done;
817 }
818
819 if (!l2cap_pi(sk)->psm) {
820 err = -EINVAL;
821 goto done;
822 }
823
824 sk->max_ack_backlog = backlog;
825 sk->ack_backlog = 0;
826 sk->state = BT_LISTEN;
827
828 done:
829 release_sock(sk);
830 return err;
831 }
832
833 int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
834 {
835 DECLARE_WAITQUEUE(wait, current);
836 struct sock *sk = sock->sk, *ch;
837 long timeo;
838 int err = 0;
839
840 lock_sock(sk);
841
842 if (sk->state != BT_LISTEN) {
843 err = -EBADFD;
844 goto done;
845 }
846
847 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
848
849 DBG("sk %p timeo %ld", sk, timeo);
850
851 /* Wait for an incoming connection. (wake-one). */
852 add_wait_queue_exclusive(sk->sleep, &wait);
853 current->state = TASK_INTERRUPTIBLE;
854 while (!(ch = l2cap_accept_dequeue(sk, BT_CONNECTED))) {
855 if (!timeo) {
856 err = -EAGAIN;
857 break;
858 }
859
860 release_sock(sk);
861 timeo = schedule_timeout(timeo);
862 lock_sock(sk);
863
864 if (sk->state != BT_LISTEN) {
865 err = -EBADFD;
866 break;
867 }
868
869 if (signal_pending(current)) {
870 err = sock_intr_errno(timeo);
871 break;
872 }
873 }
874 current->state = TASK_RUNNING;
875 remove_wait_queue(sk->sleep, &wait);
876
877 if (err)
878 goto done;
879
880 sock_graft(ch, newsock);
881 newsock->state = SS_CONNECTED;
882
883 DBG("new socket %p", ch);
884
885 done:
886 release_sock(sk);
887
888 return err;
889 }
890
891 static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
892 {
893 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
894 struct sock *sk = sock->sk;
895
896 DBG("sock %p, sk %p", sock, sk);
897
898 addr->sa_family = AF_BLUETOOTH;
899 *len = sizeof(struct sockaddr_l2);
900
901 if (peer)
902 bacpy(&la->l2_bdaddr, &l2cap_pi(sk)->dst);
903 else
904 bacpy(&la->l2_bdaddr, &l2cap_pi(sk)->src);
905
906 la->l2_psm = l2cap_pi(sk)->psm;
907
908 return 0;
909 }
910
911 static int l2cap_sock_sendmsg(struct socket *sock, struct msghdr *msg, int len, struct scm_cookie *scm)
912 {
913 struct sock *sk = sock->sk;
914 int err = 0;
915
916 DBG("sock %p, sk %p", sock, sk);
917
918 if (sk->err)
919 return sock_error(sk);
920
921 if (msg->msg_flags & MSG_OOB)
922 return -EOPNOTSUPP;
923
924 lock_sock(sk);
925
926 if (sk->state == BT_CONNECTED)
927 err = l2cap_chan_send(sk, msg, len);
928 else
929 err = -ENOTCONN;
930
931 release_sock(sk);
932 return err;
933 }
934
935 static int l2cap_sock_recvmsg(struct socket *sock, struct msghdr *msg, int len, int flags, struct scm_cookie *scm)
936 {
937 struct sock *sk = sock->sk;
938 int noblock = flags & MSG_DONTWAIT;
939 int copied, err;
940 struct sk_buff *skb;
941
942 DBG("sock %p, sk %p", sock, sk);
943
944 if (flags & (MSG_OOB))
945 return -EOPNOTSUPP;
946
947 if (sk->state == BT_CLOSED)
948 return 0;
949
950 if (!(skb = skb_recv_datagram(sk, flags, noblock, &err)))
951 return err;
952
953 msg->msg_namelen = 0;
954
955 copied = skb->len;
956 if (len < copied) {
957 msg->msg_flags |= MSG_TRUNC;
958 copied = len;
959 }
960
961 skb->h.raw = skb->data;
962 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
963
964 skb_free_datagram(sk, skb);
965
966 return err ? : copied;
967 }
968
969 int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char *optval, int optlen)
970 {
971 struct sock *sk = sock->sk;
972 struct l2cap_options opts;
973 int err = 0;
974
975 DBG("sk %p", sk);
976
977 lock_sock(sk);
978
979 switch (optname) {
980 case L2CAP_OPTIONS:
981 if (copy_from_user((char *)&opts, optval, optlen)) {
982 err = -EFAULT;
983 break;
984 }
985 l2cap_pi(sk)->imtu = opts.imtu;
986 l2cap_pi(sk)->omtu = opts.omtu;
987 break;
988
989 default:
990 err = -ENOPROTOOPT;
991 break;
992 };
993
994 release_sock(sk);
995 return err;
996 }
997
998 int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char *optval, int *optlen)
999 {
1000 struct sock *sk = sock->sk;
1001 struct l2cap_options opts;
1002 struct l2cap_conninfo cinfo;
1003 int len, err = 0;
1004
1005 if (get_user(len, optlen))
1006 return -EFAULT;
1007
1008 lock_sock(sk);
1009
1010 switch (optname) {
1011 case L2CAP_OPTIONS:
1012 opts.imtu = l2cap_pi(sk)->imtu;
1013 opts.omtu = l2cap_pi(sk)->omtu;
1014 opts.flush_to = l2cap_pi(sk)->flush_to;
1015
1016 len = MIN(len, sizeof(opts));
1017 if (copy_to_user(optval, (char *)&opts, len))
1018 err = -EFAULT;
1019
1020 break;
1021
1022 case L2CAP_CONNINFO:
1023 if (sk->state != BT_CONNECTED) {
1024 err = -ENOTCONN;
1025 break;
1026 }
1027
1028 cinfo.hci_handle = l2cap_pi(sk)->conn->hconn->handle;
1029
1030 len = MIN(len, sizeof(cinfo));
1031 if (copy_to_user(optval, (char *)&cinfo, len))
1032 err = -EFAULT;
1033
1034 break;
1035
1036 default:
1037 err = -ENOPROTOOPT;
1038 break;
1039 };
1040
1041 release_sock(sk);
1042 return err;
1043 }
1044
1045 static unsigned int l2cap_sock_poll(struct file * file, struct socket *sock, poll_table *wait)
1046 {
1047 struct sock *sk = sock->sk;
1048 struct l2cap_accept_q *aq;
1049 unsigned int mask;
1050
1051 DBG("sock %p, sk %p", sock, sk);
1052
1053 poll_wait(file, sk->sleep, wait);
1054 mask = 0;
1055
1056 if (sk->err || !skb_queue_empty(&sk->error_queue))
1057 mask |= POLLERR;
1058
1059 if (sk->shutdown == SHUTDOWN_MASK)
1060 mask |= POLLHUP;
1061
1062 aq = &l2cap_pi(sk)->accept_q;
1063 if (!skb_queue_empty(&sk->receive_queue) || aq->head || (sk->shutdown & RCV_SHUTDOWN))
1064 mask |= POLLIN | POLLRDNORM;
1065
1066 if (sk->state == BT_CLOSED)
1067 mask |= POLLHUP;
1068
1069 if (sock_writeable(sk))
1070 mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
1071 else
1072 set_bit(SOCK_ASYNC_NOSPACE, &sk->socket->flags);
1073
1074 return mask;
1075 }
1076
1077 static int l2cap_sock_release(struct socket *sock)
1078 {
1079 struct sock *sk = sock->sk;
1080
1081 DBG("sock %p, sk %p", sock, sk);
1082
1083 if (!sk)
1084 return 0;
1085
1086 sock_orphan(sk);
1087
1088 l2cap_sock_close(sk);
1089
1090 return 0;
1091 }
1092
1093 /* --------- L2CAP channels --------- */
1094 static struct sock * __l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, __u16 cid)
1095 {
1096 struct sock *s;
1097
1098 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
1099 if (l2cap_pi(s)->dcid == cid)
1100 break;
1101 }
1102
1103 return s;
1104 }
1105
1106 static inline struct sock *l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, __u16 cid)
1107 {
1108 struct sock *s;
1109
1110 read_lock(&l->lock);
1111 s = __l2cap_get_chan_by_dcid(l, cid);
1112 read_unlock(&l->lock);
1113
1114 return s;
1115 }
1116
1117 static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, __u16 cid)
1118 {
1119 struct sock *s;
1120
1121 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
1122 if (l2cap_pi(s)->scid == cid)
1123 break;
1124 }
1125
1126 return s;
1127 }
1128 static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, __u16 cid)
1129 {
1130 struct sock *s;
1131
1132 read_lock(&l->lock);
1133 s = __l2cap_get_chan_by_scid(l, cid);
1134 read_unlock(&l->lock);
1135
1136 return s;
1137 }
1138
1139 static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, __u8 ident)
1140 {
1141 struct sock *s;
1142
1143 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
1144 if (l2cap_pi(s)->ident == ident)
1145 break;
1146 }
1147
1148 return s;
1149 }
1150
1151 static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, __u8 ident)
1152 {
1153 struct sock *s;
1154
1155 read_lock(&l->lock);
1156 s = __l2cap_get_chan_by_ident(l, ident);
1157 read_unlock(&l->lock);
1158
1159 return s;
1160 }
1161
1162 static __u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
1163 {
1164 __u16 cid = 0x0040;
1165
1166 for (; cid < 0xffff; cid++) {
1167 if(!__l2cap_get_chan_by_scid(l, cid))
1168 return cid;
1169 }
1170
1171 return 0;
1172 }
1173
1174 static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
1175 {
1176 sock_hold(sk);
1177
1178 if (l->head)
1179 l2cap_pi(l->head)->prev_c = sk;
1180
1181 l2cap_pi(sk)->next_c = l->head;
1182 l2cap_pi(sk)->prev_c = NULL;
1183 l->head = sk;
1184 }
1185
1186 static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
1187 {
1188 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
1189
1190 write_lock(&l->lock);
1191 if (sk == l->head)
1192 l->head = next;
1193
1194 if (next)
1195 l2cap_pi(next)->prev_c = prev;
1196 if (prev)
1197 l2cap_pi(prev)->next_c = next;
1198 write_unlock(&l->lock);
1199
1200 __sock_put(sk);
1201 }
1202
1203 static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
1204 {
1205 struct l2cap_chan_list *l = &conn->chan_list;
1206
1207 DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn, l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
1208
1209 l2cap_conn_clear_timer(conn);
1210
1211 atomic_inc(&conn->refcnt);
1212 l2cap_pi(sk)->conn = conn;
1213
1214 if (sk->type == SOCK_SEQPACKET) {
1215 /* Alloc CID for normal socket */
1216 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
1217 } else {
1218 /* Raw socket can send only signalling messages */
1219 l2cap_pi(sk)->scid = 0x0001;
1220 l2cap_pi(sk)->dcid = 0x0001;
1221 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
1222 }
1223
1224 __l2cap_chan_link(l, sk);
1225
1226 if (parent)
1227 l2cap_accept_queue(parent, sk);
1228 }
1229
1230 static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
1231 {
1232 struct l2cap_chan_list *l = &conn->chan_list;
1233
1234 write_lock(&l->lock);
1235 __l2cap_chan_add(conn, sk, parent);
1236 write_unlock(&l->lock);
1237 }
1238
1239 /* Delete channel.
1240 * Must be called on the locked socket. */
1241 static void l2cap_chan_del(struct sock *sk, int err)
1242 {
1243 struct l2cap_conn *conn;
1244 struct sock *parent;
1245
1246 conn = l2cap_pi(sk)->conn;
1247 parent = l2cap_pi(sk)->parent;
1248
1249 DBG("sk %p, conn %p, err %d", sk, conn, err);
1250
1251 if (parent) {
1252 /* Unlink from parent accept queue */
1253 bh_lock_sock(parent);
1254 l2cap_accept_unlink(sk);
1255 bh_unlock_sock(parent);
1256 }
1257
1258 if (conn) {
1259 long timeout;
1260
1261 /* Unlink from channel list */
1262 l2cap_chan_unlink(&conn->chan_list, sk);
1263 l2cap_pi(sk)->conn = NULL;
1264
1265 if (conn->out)
1266 timeout = L2CAP_DISCONN_TIMEOUT;
1267 else
1268 timeout = L2CAP_CONN_IDLE_TIMEOUT;
1269
1270 if (atomic_dec_and_test(&conn->refcnt) && conn->state == BT_CONNECTED) {
1271 /* Schedule Baseband disconnect */
1272 l2cap_conn_set_timer(conn, timeout);
1273 }
1274 }
1275
1276 sk->state = BT_CLOSED;
1277 sk->err = err;
1278 sk->state_change(sk);
1279
1280 sk->zapped = 1;
1281 }
1282
1283 static void l2cap_conn_ready(struct l2cap_conn *conn)
1284 {
1285 struct l2cap_chan_list *l = &conn->chan_list;
1286 struct sock *sk;
1287
1288 DBG("conn %p", conn);
1289
1290 read_lock(&l->lock);
1291
1292 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1293 bh_lock_sock(sk);
1294
1295 if (sk->type != SOCK_SEQPACKET) {
1296 sk->state = BT_CONNECTED;
1297 sk->state_change(sk);
1298 l2cap_sock_clear_timer(sk);
1299 } else if (sk->state == BT_CONNECT) {
1300 l2cap_conn_req req;
1301 req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);
1302 req.psm = l2cap_pi(sk)->psm;
1303 l2cap_send_req(conn, L2CAP_CONN_REQ, L2CAP_CONN_REQ_SIZE, &req);
1304
1305 l2cap_sock_set_timer(sk, sk->sndtimeo);
1306 }
1307
1308 bh_unlock_sock(sk);
1309 }
1310
1311 read_unlock(&l->lock);
1312 }
1313
1314 static void l2cap_chan_ready(struct sock *sk)
1315 {
1316 struct sock *parent = l2cap_pi(sk)->parent;
1317
1318 DBG("sk %p, parent %p", sk, parent);
1319
1320 l2cap_pi(sk)->conf_state = 0;
1321 l2cap_sock_clear_timer(sk);
1322
1323 if (!parent) {
1324 /* Outgoing channel.
1325 * Wake up socket sleeping on connect.
1326 */
1327 sk->state = BT_CONNECTED;
1328 sk->state_change(sk);
1329 } else {
1330 /* Incomming channel.
1331 * Wake up socket sleeping on accept.
1332 */
1333 parent->data_ready(parent, 1);
1334 }
1335 }
1336
1337 /* Copy frame to all raw sockets on that connection */
1338 void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
1339 {
1340 struct l2cap_chan_list *l = &conn->chan_list;
1341 struct sk_buff *nskb;
1342 struct sock * sk;
1343
1344 DBG("conn %p", conn);
1345
1346 read_lock(&l->lock);
1347 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
1348 if (sk->type != SOCK_RAW)
1349 continue;
1350
1351 /* Don't send frame to the socket it came from */
1352 if (skb->sk == sk)
1353 continue;
1354
1355 if (!(nskb = skb_clone(skb, GFP_ATOMIC)))
1356 continue;
1357
1358 skb_queue_tail(&sk->receive_queue, nskb);
1359 sk->data_ready(sk, nskb->len);
1360 }
1361 read_unlock(&l->lock);
1362 }
1363
1364 static int l2cap_chan_send(struct sock *sk, struct msghdr *msg, int len)
1365 {
1366 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1367 struct sk_buff *skb, **frag;
1368 int err, size, count, sent=0;
1369 l2cap_hdr *lh;
1370
1371 /* Check outgoing MTU */
1372 if (len > l2cap_pi(sk)->omtu)
1373 return -EINVAL;
1374
1375 DBG("sk %p len %d", sk, len);
1376
1377 /* First fragment (with L2CAP header) */
1378 count = MIN(conn->iff->mtu - L2CAP_HDR_SIZE, len);
1379 size = L2CAP_HDR_SIZE + count;
1380 if (!(skb = bluez_skb_send_alloc(sk, size, msg->msg_flags & MSG_DONTWAIT, &err)))
1381 return err;
1382
1383 /* Create L2CAP header */
1384 lh = (l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1385 lh->len = __cpu_to_le16(len);
1386 lh->cid = __cpu_to_le16(l2cap_pi(sk)->dcid);
1387
1388 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
1389 err = -EFAULT;
1390 goto fail;
1391 }
1392
1393 sent += count;
1394 len -= count;
1395
1396 /* Continuation fragments (no L2CAP header) */
1397 frag = &skb_shinfo(skb)->frag_list;
1398 while (len) {
1399 count = MIN(conn->iff->mtu, len);
1400
1401 *frag = bluez_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1402 if (!*frag)
1403 goto fail;
1404
1405 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count)) {
1406 err = -EFAULT;
1407 goto fail;
1408 }
1409
1410 sent += count;
1411 len -= count;
1412
1413 frag = &(*frag)->next;
1414 }
1415
1416 if ((err = hci_send_acl(conn->hconn, skb, 0)) < 0)
1417 goto fail;
1418
1419 return sent;
1420
1421 fail:
1422 kfree_skb(skb);
1423 return err;
1424 }
1425
1426 /* --------- L2CAP signalling commands --------- */
1427 static inline __u8 l2cap_get_ident(struct l2cap_conn *conn)
1428 {
1429 __u8 id;
1430
1431 /* Get next available identificator.
1432 * 1 - 199 are used by kernel.
1433 * 200 - 254 are used by utilities like l2ping, etc
1434 */
1435
1436 spin_lock(&conn->lock);
1437
1438 if (++conn->tx_ident > 199)
1439 conn->tx_ident = 1;
1440
1441 id = conn->tx_ident;
1442
1443 spin_unlock(&conn->lock);
1444
1445 return id;
1446 }
1447
1448 static inline struct sk_buff *l2cap_build_cmd(__u8 code, __u8 ident, __u16 len, void *data)
1449 {
1450 struct sk_buff *skb;
1451 l2cap_cmd_hdr *cmd;
1452 l2cap_hdr *lh;
1453 int size;
1454
1455 DBG("code 0x%2.2x, ident 0x%2.2x, len %d", code, ident, len);
1456
1457 size = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + len;
1458 if (!(skb = bluez_skb_alloc(size, GFP_ATOMIC)))
1459 return NULL;
1460
1461 lh = (l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1462 lh->len = __cpu_to_le16(L2CAP_CMD_HDR_SIZE + len);
1463 lh->cid = __cpu_to_le16(0x0001);
1464
1465 cmd = (l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
1466 cmd->code = code;
1467 cmd->ident = ident;
1468 cmd->len = __cpu_to_le16(len);
1469
1470 if (len)
1471 memcpy(skb_put(skb, len), data, len);
1472
1473 return skb;
1474 }
1475
1476 static int l2cap_send_req(struct l2cap_conn *conn, __u8 code, __u16 len, void *data)
1477 {
1478 struct sk_buff *skb;
1479 __u8 ident;
1480
1481 DBG("code 0x%2.2x", code);
1482
1483 ident = l2cap_get_ident(conn);
1484 if (!(skb = l2cap_build_cmd(code, ident, len, data)))
1485 return -ENOMEM;
1486 return hci_send_acl(conn->hconn, skb, 0);
1487 }
1488
1489 static int l2cap_send_rsp(struct l2cap_conn *conn, __u8 ident, __u8 code, __u16 len, void *data)
1490 {
1491 struct sk_buff *skb;
1492
1493 DBG("code 0x%2.2x", code);
1494
1495 if (!(skb = l2cap_build_cmd(code, ident, len, data)))
1496 return -ENOMEM;
1497 return hci_send_acl(conn->hconn, skb, 0);
1498 }
1499
1500 static inline int l2cap_get_conf_opt(__u8 **ptr, __u8 *type, __u32 *val)
1501 {
1502 l2cap_conf_opt *opt = (l2cap_conf_opt *) (*ptr);
1503 int len;
1504
1505 *type = opt->type;
1506 switch (opt->len) {
1507 case 1:
1508 *val = *((__u8 *) opt->val);
1509 break;
1510
1511 case 2:
1512 *val = __le16_to_cpu(*((__u16 *)opt->val));
1513 break;
1514
1515 case 4:
1516 *val = __le32_to_cpu(*((__u32 *)opt->val));
1517 break;
1518
1519 default:
1520 *val = 0L;
1521 break;
1522 };
1523
1524 DBG("type 0x%2.2x len %d val 0x%8.8x", *type, opt->len, *val);
1525
1526 len = L2CAP_CONF_OPT_SIZE + opt->len;
1527
1528 *ptr += len;
1529
1530 return len;
1531 }
1532
1533 static inline void l2cap_parse_conf_req(struct sock *sk, char *data, int len)
1534 {
1535 __u8 type, hint; __u32 val;
1536 __u8 *ptr = data;
1537
1538 DBG("sk %p len %d", sk, len);
1539
1540 while (len >= L2CAP_CONF_OPT_SIZE) {
1541 len -= l2cap_get_conf_opt(&ptr, &type, &val);
1542
1543 hint = type & 0x80;
1544 type &= 0x7f;
1545
1546 switch (type) {
1547 case L2CAP_CONF_MTU:
1548 l2cap_pi(sk)->conf_mtu = val;
1549 break;
1550
1551 case L2CAP_CONF_FLUSH_TO:
1552 l2cap_pi(sk)->flush_to = val;
1553 break;
1554
1555 case L2CAP_CONF_QOS:
1556 break;
1557
1558 default:
1559 if (hint)
1560 break;
1561
1562 /* FIXME: Reject unknon option */
1563 break;
1564 };
1565 }
1566 }
1567
1568 static inline void l2cap_add_conf_opt(__u8 **ptr, __u8 type, __u8 len, __u32 val)
1569 {
1570 register l2cap_conf_opt *opt = (l2cap_conf_opt *) (*ptr);
1571
1572 DBG("type 0x%2.2x len %d val 0x%8.8x", type, len, val);
1573
1574 opt->type = type;
1575 opt->len = len;
1576 switch (len) {
1577 case 1:
1578 *((__u8 *) opt->val) = val;
1579 break;
1580
1581 case 2:
1582 *((__u16 *) opt->val) = __cpu_to_le16(val);
1583 break;
1584
1585 case 4:
1586 *((__u32 *) opt->val) = __cpu_to_le32(val);
1587 break;
1588 };
1589
1590 *ptr += L2CAP_CONF_OPT_SIZE + len;
1591 }
1592
1593 static int l2cap_build_conf_req(struct sock *sk, __u8 *data)
1594 {
1595 struct l2cap_pinfo *pi = l2cap_pi(sk);
1596 l2cap_conf_req *req = (l2cap_conf_req *) data;
1597 __u8 *ptr = req->data;
1598
1599 DBG("sk %p", sk);
1600
1601 if (pi->imtu != L2CAP_DEFAULT_MTU)
1602 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
1603
1604 /* FIXME. Need actual value of the flush timeout */
1605 //if (flush_to != L2CAP_DEFAULT_FLUSH_TO)
1606 // l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO, 2, pi->flush_to);
1607
1608 req->dcid = __cpu_to_le16(pi->dcid);
1609 req->flags = __cpu_to_le16(0);
1610
1611 return ptr - data;
1612 }
1613
1614 static int l2cap_conf_output(struct sock *sk, __u8 **ptr)
1615 {
1616 struct l2cap_pinfo *pi = l2cap_pi(sk);
1617 int result = 0;
1618
1619 /* Configure output options and let other side know
1620 * which ones we don't like.
1621 */
1622 if (pi->conf_mtu < pi->omtu) {
1623 l2cap_add_conf_opt(ptr, L2CAP_CONF_MTU, 2, l2cap_pi(sk)->omtu);
1624 result = L2CAP_CONF_UNACCEPT;
1625 } else {
1626 pi->omtu = pi->conf_mtu;
1627 }
1628
1629 DBG("sk %p result %d", sk, result);
1630 return result;
1631 }
1632
1633 static int l2cap_build_conf_rsp(struct sock *sk, __u8 *data, int *result)
1634 {
1635 l2cap_conf_rsp *rsp = (l2cap_conf_rsp *) data;
1636 __u8 *ptr = rsp->data;
1637
1638 DBG("sk %p complete %d", sk, result ? 1 : 0);
1639
1640 if (result)
1641 *result = l2cap_conf_output(sk, &ptr);
1642
1643 rsp->scid = __cpu_to_le16(l2cap_pi(sk)->dcid);
1644 rsp->result = __cpu_to_le16(result ? *result : 0);
1645 rsp->flags = __cpu_to_le16(0);
1646
1647 return ptr - data;
1648 }
1649
1650 static inline int l2cap_connect_req(struct l2cap_conn *conn, l2cap_cmd_hdr *cmd, __u8 *data)
1651 {
1652 struct l2cap_chan_list *list = &conn->chan_list;
1653 l2cap_conn_req *req = (l2cap_conn_req *) data;
1654 l2cap_conn_rsp rsp;
1655 struct sock *sk, *parent;
1656
1657 __u16 scid = __le16_to_cpu(req->scid);
1658 __u16 psm = req->psm;
1659
1660 DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
1661
1662 /* Check if we have socket listening on psm */
1663 if (!(parent = l2cap_get_sock_listen(&conn->src, psm)))
1664 goto reject;
1665
1666 bh_lock_sock(parent);
1667 write_lock(&list->lock);
1668
1669 /* Check if we already have channel with that dcid */
1670 if (__l2cap_get_chan_by_dcid(list, scid))
1671 goto unlock;
1672
1673 /* Check for backlog size */
1674 if (parent->ack_backlog > parent->max_ack_backlog)
1675 goto unlock;
1676
1677 if (!(sk = l2cap_sock_alloc(NULL, BTPROTO_L2CAP, GFP_ATOMIC)))
1678 goto unlock;
1679
1680 l2cap_sock_init(sk, parent);
1681
1682 bacpy(&l2cap_pi(sk)->src, &conn->src);
1683 bacpy(&l2cap_pi(sk)->dst, &conn->dst);
1684 l2cap_pi(sk)->psm = psm;
1685 l2cap_pi(sk)->dcid = scid;
1686
1687 __l2cap_chan_add(conn, sk, parent);
1688 sk->state = BT_CONFIG;
1689
1690 write_unlock(&list->lock);
1691 bh_unlock_sock(parent);
1692
1693 rsp.dcid = __cpu_to_le16(l2cap_pi(sk)->scid);
1694 rsp.scid = __cpu_to_le16(l2cap_pi(sk)->dcid);
1695 rsp.result = __cpu_to_le16(0);
1696 rsp.status = __cpu_to_le16(0);
1697 l2cap_send_rsp(conn, cmd->ident, L2CAP_CONN_RSP, L2CAP_CONN_RSP_SIZE, &rsp);
1698
1699 return 0;
1700
1701 unlock:
1702 write_unlock(&list->lock);
1703 bh_unlock_sock(parent);
1704
1705 reject:
1706 rsp.scid = __cpu_to_le16(scid);
1707 rsp.dcid = __cpu_to_le16(0);
1708 rsp.status = __cpu_to_le16(0);
1709 rsp.result = __cpu_to_le16(L2CAP_CONN_NO_MEM);
1710 l2cap_send_rsp(conn, cmd->ident, L2CAP_CONN_RSP, L2CAP_CONN_RSP_SIZE, &rsp);
1711
1712 return 0;
1713 }
1714
1715 static inline int l2cap_connect_rsp(struct l2cap_conn *conn, l2cap_cmd_hdr *cmd, __u8 *data)
1716 {
1717 l2cap_conn_rsp *rsp = (l2cap_conn_rsp *) data;
1718 __u16 scid, dcid, result, status;
1719 struct sock *sk;
1720
1721 scid = __le16_to_cpu(rsp->scid);
1722 dcid = __le16_to_cpu(rsp->dcid);
1723 result = __le16_to_cpu(rsp->result);
1724 status = __le16_to_cpu(rsp->status);
1725
1726 DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
1727
1728 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1729 return -ENOENT;
1730
1731 bh_lock_sock(sk);
1732
1733 if (!result) {
1734 char req[64];
1735
1736 sk->state = BT_CONFIG;
1737 l2cap_pi(sk)->dcid = dcid;
1738 l2cap_pi(sk)->conf_state |= CONF_REQ_SENT;
1739
1740 l2cap_send_req(conn, L2CAP_CONF_REQ, l2cap_build_conf_req(sk, req), req);
1741 } else {
1742 l2cap_chan_del(sk, ECONNREFUSED);
1743 }
1744
1745 bh_unlock_sock(sk);
1746 return 0;
1747 }
1748
1749 static inline int l2cap_config_req(struct l2cap_conn *conn, l2cap_cmd_hdr *cmd, __u8 *data)
1750 {
1751 l2cap_conf_req * req = (l2cap_conf_req *) data;
1752 __u16 dcid, flags;
1753 __u8 rsp[64];
1754 struct sock *sk;
1755 int result;
1756
1757 dcid = __le16_to_cpu(req->dcid);
1758 flags = __le16_to_cpu(req->flags);
1759
1760 DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
1761
1762 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
1763 return -ENOENT;
1764
1765 bh_lock_sock(sk);
1766
1767 l2cap_parse_conf_req(sk, req->data, cmd->len - L2CAP_CONF_REQ_SIZE);
1768
1769 if (flags & 0x01) {
1770 /* Incomplete config. Send empty response. */
1771 l2cap_send_rsp(conn, cmd->ident, L2CAP_CONF_RSP, l2cap_build_conf_rsp(sk, rsp, NULL), rsp);
1772 goto unlock;
1773 }
1774
1775 /* Complete config. */
1776 l2cap_send_rsp(conn, cmd->ident, L2CAP_CONF_RSP, l2cap_build_conf_rsp(sk, rsp, &result), rsp);
1777
1778 if (result)
1779 goto unlock;
1780
1781 /* Output config done */
1782 l2cap_pi(sk)->conf_state |= CONF_OUTPUT_DONE;
1783
1784 if (l2cap_pi(sk)->conf_state & CONF_INPUT_DONE) {
1785 sk->state = BT_CONNECTED;
1786 l2cap_chan_ready(sk);
1787 } else if (!(l2cap_pi(sk)->conf_state & CONF_REQ_SENT)) {
1788 char req[64];
1789 l2cap_send_req(conn, L2CAP_CONF_REQ, l2cap_build_conf_req(sk, req), req);
1790 }
1791
1792 unlock:
1793 bh_unlock_sock(sk);
1794
1795 return 0;
1796 }
1797
1798 static inline int l2cap_config_rsp(struct l2cap_conn *conn, l2cap_cmd_hdr *cmd, __u8 *data)
1799 {
1800 l2cap_conf_rsp *rsp = (l2cap_conf_rsp *)data;
1801 __u16 scid, flags, result;
1802 struct sock *sk;
1803 int err = 0;
1804
1805 scid = __le16_to_cpu(rsp->scid);
1806 flags = __le16_to_cpu(rsp->flags);
1807 result = __le16_to_cpu(rsp->result);
1808
1809 DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x", scid, flags, result);
1810
1811 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1812 return -ENOENT;
1813
1814 bh_lock_sock(sk);
1815
1816 if (result) {
1817 l2cap_disconn_req req;
1818
1819 /* They didn't like our options. Well... we do not negotiate.
1820 * Close channel.
1821 */
1822 sk->state = BT_DISCONN;
1823
1824 req.dcid = __cpu_to_le16(l2cap_pi(sk)->dcid);
1825 req.scid = __cpu_to_le16(l2cap_pi(sk)->scid);
1826 l2cap_send_req(conn, L2CAP_DISCONN_REQ, L2CAP_DISCONN_REQ_SIZE, &req);
1827
1828 l2cap_sock_set_timer(sk, sk->sndtimeo);
1829 goto done;
1830 }
1831
1832 if (flags & 0x01)
1833 goto done;
1834
1835 /* Input config done */
1836 l2cap_pi(sk)->conf_state |= CONF_INPUT_DONE;
1837
1838 if (l2cap_pi(sk)->conf_state & CONF_OUTPUT_DONE) {
1839 sk->state = BT_CONNECTED;
1840 l2cap_chan_ready(sk);
1841 }
1842
1843 done:
1844 bh_unlock_sock(sk);
1845
1846 return err;
1847 }
1848
1849 static inline int l2cap_disconnect_req(struct l2cap_conn *conn, l2cap_cmd_hdr *cmd, __u8 *data)
1850 {
1851 l2cap_disconn_req *req = (l2cap_disconn_req *) data;
1852 l2cap_disconn_rsp rsp;
1853 __u16 dcid, scid;
1854 struct sock *sk;
1855
1856 scid = __le16_to_cpu(req->scid);
1857 dcid = __le16_to_cpu(req->dcid);
1858
1859 DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
1860
1861 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid)))
1862 return 0;
1863
1864 bh_lock_sock(sk);
1865
1866 rsp.dcid = __cpu_to_le16(l2cap_pi(sk)->scid);
1867 rsp.scid = __cpu_to_le16(l2cap_pi(sk)->dcid);
1868 l2cap_send_rsp(conn, cmd->ident, L2CAP_DISCONN_RSP, L2CAP_DISCONN_RSP_SIZE, &rsp);
1869
1870 l2cap_chan_del(sk, ECONNRESET);
1871
1872 bh_unlock_sock(sk);
1873
1874 l2cap_sock_kill(sk);
1875
1876 return 0;
1877 }
1878
1879 static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, l2cap_cmd_hdr *cmd, __u8 *data)
1880 {
1881 l2cap_disconn_rsp *rsp = (l2cap_disconn_rsp *) data;
1882 __u16 dcid, scid;
1883 struct sock *sk;
1884
1885 scid = __le16_to_cpu(rsp->scid);
1886 dcid = __le16_to_cpu(rsp->dcid);
1887
1888 DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
1889
1890 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, scid)))
1891 return -ENOENT;
1892
1893 bh_lock_sock(sk);
1894 l2cap_sock_clear_timer(sk);
1895 l2cap_chan_del(sk, ECONNABORTED);
1896 bh_unlock_sock(sk);
1897
1898 l2cap_sock_kill(sk);
1899
1900 return 0;
1901 }
1902
1903 static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
1904 {
1905 __u8 *data = skb->data;
1906 int len = skb->len;
1907 l2cap_cmd_hdr cmd;
1908 int err = 0;
1909
1910 while (len >= L2CAP_CMD_HDR_SIZE) {
1911 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
1912 data += L2CAP_CMD_HDR_SIZE;
1913 len -= L2CAP_CMD_HDR_SIZE;
1914
1915 cmd.len = __le16_to_cpu(cmd.len);
1916
1917 DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd.len, cmd.ident);
1918
1919 if (cmd.len > len || !cmd.ident) {
1920 DBG("corrupted command");
1921 break;
1922 }
1923
1924 switch (cmd.code) {
1925 case L2CAP_CONN_REQ:
1926 err = l2cap_connect_req(conn, &cmd, data);
1927 break;
1928
1929 case L2CAP_CONN_RSP:
1930 err = l2cap_connect_rsp(conn, &cmd, data);
1931 break;
1932
1933 case L2CAP_CONF_REQ:
1934 err = l2cap_config_req(conn, &cmd, data);
1935 break;
1936
1937 case L2CAP_CONF_RSP:
1938 err = l2cap_config_rsp(conn, &cmd, data);
1939 break;
1940
1941 case L2CAP_DISCONN_REQ:
1942 err = l2cap_disconnect_req(conn, &cmd, data);
1943 break;
1944
1945 case L2CAP_DISCONN_RSP:
1946 err = l2cap_disconnect_rsp(conn, &cmd, data);
1947 break;
1948
1949 case L2CAP_COMMAND_REJ:
1950 /* FIXME: We should process this */
1951 l2cap_raw_recv(conn, skb);
1952 break;
1953
1954 case L2CAP_ECHO_REQ:
1955 l2cap_send_rsp(conn, cmd.ident, L2CAP_ECHO_RSP, cmd.len, data);
1956 break;
1957
1958 case L2CAP_ECHO_RSP:
1959 case L2CAP_INFO_REQ:
1960 case L2CAP_INFO_RSP:
1961 l2cap_raw_recv(conn, skb);
1962 break;
1963
1964 default:
1965 ERR("Uknown signaling command 0x%2.2x", cmd.code);
1966 err = -EINVAL;
1967 break;
1968 };
1969
1970 if (err) {
1971 l2cap_cmd_rej rej;
1972 DBG("error %d", err);
1973
1974 /* FIXME: Map err to a valid reason. */
1975 rej.reason = __cpu_to_le16(0);
1976 l2cap_send_rsp(conn, cmd.ident, L2CAP_COMMAND_REJ, L2CAP_CMD_REJ_SIZE, &rej);
1977 }
1978
1979 data += cmd.len;
1980 len -= cmd.len;
1981 }
1982
1983 kfree_skb(skb);
1984 }
1985
1986 static inline int l2cap_data_channel(struct l2cap_conn *conn, __u16 cid, struct sk_buff *skb)
1987 {
1988 struct sock *sk;
1989
1990 if (!(sk = l2cap_get_chan_by_scid(&conn->chan_list, cid))) {
1991 DBG("unknown cid 0x%4.4x", cid);
1992 goto drop;
1993 }
1994
1995 DBG("sk %p, len %d", sk, skb->len);
1996
1997 if (sk->state != BT_CONNECTED)
1998 goto drop;
1999
2000 if (l2cap_pi(sk)->imtu < skb->len)
2001 goto drop;
2002
2003 skb_queue_tail(&sk->receive_queue, skb);
2004 sk->data_ready(sk, skb->len);
2005
2006 return 0;
2007
2008 drop:
2009 kfree_skb(skb);
2010
2011 return 0;
2012 }
2013
2014 static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
2015 {
2016 l2cap_hdr *lh = (l2cap_hdr *) skb->data;
2017 __u16 cid, len;
2018
2019 skb_pull(skb, L2CAP_HDR_SIZE);
2020 cid = __le16_to_cpu(lh->cid);
2021 len = __le16_to_cpu(lh->len);
2022
2023 DBG("len %d, cid 0x%4.4x", len, cid);
2024
2025 if (cid == 0x0001)
2026 l2cap_sig_channel(conn, skb);
2027 else
2028 l2cap_data_channel(conn, cid, skb);
2029 }
2030
2031 /* ------------ L2CAP interface with lower layer (HCI) ------------- */
2032 static int l2cap_dev_event(struct notifier_block *this, unsigned long event, void *ptr)
2033 {
2034 struct hci_dev *hdev = (struct hci_dev *) ptr;
2035
2036 DBG("hdev %s, event %ld", hdev->name, event);
2037
2038 write_lock(&l2cap_rt_lock);
2039
2040 switch (event) {
2041 case HCI_DEV_UP:
2042 l2cap_iff_add(hdev);
2043 break;
2044
2045 case HCI_DEV_DOWN:
2046 l2cap_iff_del(hdev);
2047 break;
2048 };
2049
2050 write_unlock(&l2cap_rt_lock);
2051
2052 return NOTIFY_DONE;
2053 }
2054
2055 int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr)
2056 {
2057 struct l2cap_iff *iff;
2058
2059 DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
2060
2061 if (!(iff = hdev->l2cap_data)) {
2062 ERR("unknown interface");
2063 return 0;
2064 }
2065
2066 /* Always accept connection */
2067 return 1;
2068 }
2069
2070 int l2cap_connect_cfm(struct hci_dev *hdev, bdaddr_t *bdaddr, __u8 status, struct hci_conn *hconn)
2071 {
2072 struct l2cap_conn *conn;
2073 struct l2cap_iff *iff;
2074 int err = 0;
2075
2076 DBG("hdev %s bdaddr %s hconn %p", hdev->name, batostr(bdaddr), hconn);
2077
2078 if (!(iff = hdev->l2cap_data)) {
2079 ERR("unknown interface");
2080 return 0;
2081 }
2082
2083 l2cap_iff_lock(iff);
2084
2085 conn = l2cap_get_conn_by_addr(iff, bdaddr);
2086
2087 if (conn) {
2088 /* Outgoing connection */
2089 DBG("Outgoing connection: %s -> %s, %p, %2.2x", batostr(iff->bdaddr), batostr(bdaddr), conn, status);
2090
2091 if (!status && hconn) {
2092 conn->state = BT_CONNECTED;
2093 conn->hconn = hconn;
2094
2095 hconn->l2cap_data = (void *)conn;
2096
2097 /* Establish channels */
2098 l2cap_conn_ready(conn);
2099 } else {
2100 l2cap_conn_del(conn, bterr(status));
2101 }
2102 } else {
2103 /* Incomming connection */
2104 DBG("Incomming connection: %s -> %s, %2.2x", batostr(iff->bdaddr), batostr(bdaddr), status);
2105
2106 if (status || !hconn)
2107 goto done;
2108
2109 if (!(conn = l2cap_conn_add(iff, bdaddr))) {
2110 err = -ENOMEM;
2111 goto done;
2112 }
2113
2114 conn->hconn = hconn;
2115 hconn->l2cap_data = (void *)conn;
2116
2117 conn->state = BT_CONNECTED;
2118 }
2119
2120 done:
2121 l2cap_iff_unlock(iff);
2122
2123 return err;
2124 }
2125
2126 int l2cap_disconn_ind(struct hci_conn *hconn, __u8 reason)
2127 {
2128 struct l2cap_conn *conn = hconn->l2cap_data;
2129
2130 DBG("hconn %p reason %d", hconn, reason);
2131
2132 if (!conn) {
2133 ERR("unknown connection");
2134 return 0;
2135 }
2136 conn->hconn = NULL;
2137
2138 l2cap_iff_lock(conn->iff);
2139 l2cap_conn_del(conn, bterr(reason));
2140 l2cap_iff_unlock(conn->iff);
2141
2142 return 0;
2143 }
2144
2145 int l2cap_recv_acldata(struct hci_conn *hconn, struct sk_buff *skb, __u16 flags)
2146 {
2147 struct l2cap_conn *conn = hconn->l2cap_data;
2148
2149 if (!conn) {
2150 ERR("unknown connection %p", hconn);
2151 goto drop;
2152 }
2153
2154 DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
2155
2156 if (flags & ACL_START) {
2157 int flen, tlen, size;
2158 l2cap_hdr *lh;
2159
2160 if (conn->rx_len) {
2161 ERR("Unexpected start frame (len %d)", skb->len);
2162 kfree_skb(conn->rx_skb); conn->rx_skb = NULL;
2163 conn->rx_len = 0;
2164 }
2165
2166 if (skb->len < L2CAP_HDR_SIZE) {
2167 ERR("Frame is too small (len %d)", skb->len);
2168 goto drop;
2169 }
2170
2171 lh = (l2cap_hdr *)skb->data;
2172 tlen = __le16_to_cpu(lh->len);
2173 flen = skb->len - L2CAP_HDR_SIZE;
2174
2175 DBG("Start: total len %d, frag len %d", tlen, flen);
2176
2177 if (flen == tlen) {
2178 /* Complete frame received */
2179 l2cap_recv_frame(conn, skb);
2180 return 0;
2181 }
2182
2183 /* Allocate skb for the complete frame (with header) */
2184 size = L2CAP_HDR_SIZE + tlen;
2185 if (!(conn->rx_skb = bluez_skb_alloc(size, GFP_ATOMIC)))
2186 goto drop;
2187
2188 memcpy(skb_put(conn->rx_skb, skb->len), skb->data, skb->len);
2189
2190 conn->rx_len = tlen - flen;
2191 } else {
2192 DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
2193
2194 if (!conn->rx_len) {
2195 ERR("Unexpected continuation frame (len %d)", skb->len);
2196 goto drop;
2197 }
2198
2199 if (skb->len > conn->rx_len) {
2200 ERR("Fragment is too large (len %d)", skb->len);
2201 kfree_skb(conn->rx_skb); conn->rx_skb = NULL;
2202 goto drop;
2203 }
2204
2205 memcpy(skb_put(conn->rx_skb, skb->len), skb->data, skb->len);
2206 conn->rx_len -= skb->len;
2207
2208 if (!conn->rx_len) {
2209 /* Complete frame received */
2210 l2cap_recv_frame(conn, conn->rx_skb);
2211 conn->rx_skb = NULL;
2212 }
2213 }
2214
2215 drop:
2216 kfree_skb(skb);
2217 return 0;
2218 }
2219
2220 struct proto_ops l2cap_sock_ops = {
2221 family: PF_BLUETOOTH,
2222 release: l2cap_sock_release,
2223 bind: l2cap_sock_bind,
2224 connect: l2cap_sock_connect,
2225 listen: l2cap_sock_listen,
2226 accept: l2cap_sock_accept,
2227 getname: l2cap_sock_getname,
2228 sendmsg: l2cap_sock_sendmsg,
2229 recvmsg: l2cap_sock_recvmsg,
2230 poll: l2cap_sock_poll,
2231 socketpair: sock_no_socketpair,
2232 ioctl: sock_no_ioctl,
2233 shutdown: sock_no_shutdown,
2234 setsockopt: l2cap_sock_setsockopt,
2235 getsockopt: l2cap_sock_getsockopt,
2236 mmap: sock_no_mmap
2237 };
2238
2239 struct net_proto_family l2cap_sock_family_ops = {
2240 family: PF_BLUETOOTH,
2241 create: l2cap_sock_create
2242 };
2243
2244 struct hci_proto l2cap_hci_proto = {
2245 name: "L2CAP",
2246 id: HCI_PROTO_L2CAP,
2247 connect_ind: l2cap_connect_ind,
2248 connect_cfm: l2cap_connect_cfm,
2249 disconn_ind: l2cap_disconn_ind,
2250 recv_acldata: l2cap_recv_acldata,
2251 };
2252
2253 struct notifier_block l2cap_nblock = {
2254 notifier_call: l2cap_dev_event
2255 };
2256
2257 int __init l2cap_init(void)
2258 {
2259 INF("BlueZ L2CAP ver %s Copyright (C) 2000,2001 Qualcomm Inc",
2260 VERSION);
2261 INF("Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>");
2262
2263 if (bluez_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops)) {
2264 ERR("Can't register L2CAP socket");
2265 return -EPROTO;
2266 }
2267
2268 if (hci_register_proto(&l2cap_hci_proto) < 0) {
2269 ERR("Can't register L2CAP protocol");
2270 return -EPROTO;
2271 }
2272
2273 hci_register_notifier(&l2cap_nblock);
2274
2275 l2cap_register_proc();
2276
2277 return 0;
2278 }
2279
2280 void l2cap_cleanup(void)
2281 {
2282 l2cap_unregister_proc();
2283
2284 /* Unregister socket, protocol and notifier */
2285 if (bluez_sock_unregister(BTPROTO_L2CAP))
2286 ERR("Can't unregister L2CAP socket");
2287
2288 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
2289 ERR("Can't unregister L2CAP protocol");
2290
2291 hci_unregister_notifier(&l2cap_nblock);
2292
2293 /* We _must_ not have any sockets and/or connections
2294 * at this stage.
2295 */
2296
2297 /* Free interface list and unlock HCI devices */
2298 {
2299 struct list_head *list = &l2cap_iff_list;
2300
2301 while (!list_empty(list)) {
2302 struct l2cap_iff *iff;
2303
2304 iff = list_entry(list->next, struct l2cap_iff, list);
2305 l2cap_iff_del(iff->hdev);
2306 }
2307 }
2308 }
2309
2310 module_init(l2cap_init);
2311 module_exit(l2cap_cleanup);
2312
2313 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>");
2314 MODULE_DESCRIPTION("BlueZ L2CAP ver " VERSION);
2315