1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include <linux/module.h>
28
29#include <linux/types.h>
30#include <linux/capability.h>
31#include <linux/errno.h>
32#include <linux/kernel.h>
33#include <linux/sched.h>
34#include <linux/slab.h>
35#include <linux/poll.h>
36#include <linux/fcntl.h>
37#include <linux/init.h>
38#include <linux/interrupt.h>
39#include <linux/socket.h>
40#include <linux/skbuff.h>
41#include <linux/list.h>
42#include <linux/device.h>
43#include <linux/uaccess.h>
44#include <linux/crc16.h>
45#include <net/sock.h>
46
47#include <asm/system.h>
48#include <asm/unaligned.h>
49
50#include <net/bluetooth/bluetooth.h>
51#include <net/bluetooth/hci_core.h>
52#include <net/bluetooth/l2cap.h>
53
54#define VERSION "2.14"
55
56static int enable_ertm = 0;
57static int max_transmit = L2CAP_DEFAULT_MAX_TX;
58
59static u32 l2cap_feat_mask = L2CAP_FEAT_FIXED_CHAN;
60static u8 l2cap_fixed_chan[8] = { 0x02, };
61
62static const struct proto_ops l2cap_sock_ops;
63
64static struct bt_sock_list l2cap_sk_list = {
65 .lock = __RW_LOCK_UNLOCKED(l2cap_sk_list.lock)
66};
67
68static void __l2cap_sock_close(struct sock *sk, int reason);
69static void l2cap_sock_close(struct sock *sk);
70static void l2cap_sock_kill(struct sock *sk);
71
72static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
73 u8 code, u8 ident, u16 dlen, void *data);
74
75
76static void l2cap_sock_timeout(unsigned long arg)
77{
78 struct sock *sk = (struct sock *) arg;
79 int reason;
80
81 BT_DBG("sock %p state %d", sk, sk->sk_state);
82
83 bh_lock_sock(sk);
84
85 if (sk->sk_state == BT_CONNECTED || sk->sk_state == BT_CONFIG)
86 reason = ECONNREFUSED;
87 else if (sk->sk_state == BT_CONNECT &&
88 l2cap_pi(sk)->sec_level != BT_SECURITY_SDP)
89 reason = ECONNREFUSED;
90 else
91 reason = ETIMEDOUT;
92
93 __l2cap_sock_close(sk, reason);
94
95 bh_unlock_sock(sk);
96
97 l2cap_sock_kill(sk);
98 sock_put(sk);
99}
100
101static void l2cap_sock_set_timer(struct sock *sk, long timeout)
102{
103 BT_DBG("sk %p state %d timeout %ld", sk, sk->sk_state, timeout);
104 sk_reset_timer(sk, &sk->sk_timer, jiffies + timeout);
105}
106
107static void l2cap_sock_clear_timer(struct sock *sk)
108{
109 BT_DBG("sock %p state %d", sk, sk->sk_state);
110 sk_stop_timer(sk, &sk->sk_timer);
111}
112
113
114static struct sock *__l2cap_get_chan_by_dcid(struct l2cap_chan_list *l, u16 cid)
115{
116 struct sock *s;
117 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
118 if (l2cap_pi(s)->dcid == cid)
119 break;
120 }
121 return s;
122}
123
124static struct sock *__l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
125{
126 struct sock *s;
127 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
128 if (l2cap_pi(s)->scid == cid)
129 break;
130 }
131 return s;
132}
133
134
135
136static inline struct sock *l2cap_get_chan_by_scid(struct l2cap_chan_list *l, u16 cid)
137{
138 struct sock *s;
139 read_lock(&l->lock);
140 s = __l2cap_get_chan_by_scid(l, cid);
141 if (s)
142 bh_lock_sock(s);
143 read_unlock(&l->lock);
144 return s;
145}
146
147static struct sock *__l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
148{
149 struct sock *s;
150 for (s = l->head; s; s = l2cap_pi(s)->next_c) {
151 if (l2cap_pi(s)->ident == ident)
152 break;
153 }
154 return s;
155}
156
157static inline struct sock *l2cap_get_chan_by_ident(struct l2cap_chan_list *l, u8 ident)
158{
159 struct sock *s;
160 read_lock(&l->lock);
161 s = __l2cap_get_chan_by_ident(l, ident);
162 if (s)
163 bh_lock_sock(s);
164 read_unlock(&l->lock);
165 return s;
166}
167
168static u16 l2cap_alloc_cid(struct l2cap_chan_list *l)
169{
170 u16 cid = L2CAP_CID_DYN_START;
171
172 for (; cid < L2CAP_CID_DYN_END; cid++) {
173 if (!__l2cap_get_chan_by_scid(l, cid))
174 return cid;
175 }
176
177 return 0;
178}
179
180static inline void __l2cap_chan_link(struct l2cap_chan_list *l, struct sock *sk)
181{
182 sock_hold(sk);
183
184 if (l->head)
185 l2cap_pi(l->head)->prev_c = sk;
186
187 l2cap_pi(sk)->next_c = l->head;
188 l2cap_pi(sk)->prev_c = NULL;
189 l->head = sk;
190}
191
192static inline void l2cap_chan_unlink(struct l2cap_chan_list *l, struct sock *sk)
193{
194 struct sock *next = l2cap_pi(sk)->next_c, *prev = l2cap_pi(sk)->prev_c;
195
196 write_lock_bh(&l->lock);
197 if (sk == l->head)
198 l->head = next;
199
200 if (next)
201 l2cap_pi(next)->prev_c = prev;
202 if (prev)
203 l2cap_pi(prev)->next_c = next;
204 write_unlock_bh(&l->lock);
205
206 __sock_put(sk);
207}
208
209static void __l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
210{
211 struct l2cap_chan_list *l = &conn->chan_list;
212
213 BT_DBG("conn %p, psm 0x%2.2x, dcid 0x%4.4x", conn,
214 l2cap_pi(sk)->psm, l2cap_pi(sk)->dcid);
215
216 conn->disc_reason = 0x13;
217
218 l2cap_pi(sk)->conn = conn;
219
220 if (sk->sk_type == SOCK_SEQPACKET) {
221
222 l2cap_pi(sk)->scid = l2cap_alloc_cid(l);
223 } else if (sk->sk_type == SOCK_DGRAM) {
224
225 l2cap_pi(sk)->scid = L2CAP_CID_CONN_LESS;
226 l2cap_pi(sk)->dcid = L2CAP_CID_CONN_LESS;
227 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
228 } else {
229
230 l2cap_pi(sk)->scid = L2CAP_CID_SIGNALING;
231 l2cap_pi(sk)->dcid = L2CAP_CID_SIGNALING;
232 l2cap_pi(sk)->omtu = L2CAP_DEFAULT_MTU;
233 }
234
235 __l2cap_chan_link(l, sk);
236
237 if (parent)
238 bt_accept_enqueue(parent, sk);
239}
240
241
242
243static void l2cap_chan_del(struct sock *sk, int err)
244{
245 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
246 struct sock *parent = bt_sk(sk)->parent;
247
248 l2cap_sock_clear_timer(sk);
249
250 BT_DBG("sk %p, conn %p, err %d", sk, conn, err);
251
252 if (conn) {
253
254 l2cap_chan_unlink(&conn->chan_list, sk);
255 l2cap_pi(sk)->conn = NULL;
256 hci_conn_put(conn->hcon);
257 }
258
259 sk->sk_state = BT_CLOSED;
260 sock_set_flag(sk, SOCK_ZAPPED);
261
262 if (err)
263 sk->sk_err = err;
264
265 if (parent) {
266 bt_accept_unlink(sk);
267 parent->sk_data_ready(parent, 0);
268 } else
269 sk->sk_state_change(sk);
270}
271
272
273static inline int l2cap_check_security(struct sock *sk)
274{
275 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
276 __u8 auth_type;
277
278 if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
279 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
280 auth_type = HCI_AT_NO_BONDING_MITM;
281 else
282 auth_type = HCI_AT_NO_BONDING;
283
284 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
285 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
286 } else {
287 switch (l2cap_pi(sk)->sec_level) {
288 case BT_SECURITY_HIGH:
289 auth_type = HCI_AT_GENERAL_BONDING_MITM;
290 break;
291 case BT_SECURITY_MEDIUM:
292 auth_type = HCI_AT_GENERAL_BONDING;
293 break;
294 default:
295 auth_type = HCI_AT_NO_BONDING;
296 break;
297 }
298 }
299
300 return hci_conn_security(conn->hcon, l2cap_pi(sk)->sec_level,
301 auth_type);
302}
303
304static inline u8 l2cap_get_ident(struct l2cap_conn *conn)
305{
306 u8 id;
307
308
309
310
311
312
313
314 spin_lock_bh(&conn->lock);
315
316 if (++conn->tx_ident > 128)
317 conn->tx_ident = 1;
318
319 id = conn->tx_ident;
320
321 spin_unlock_bh(&conn->lock);
322
323 return id;
324}
325
326static inline int l2cap_send_cmd(struct l2cap_conn *conn, u8 ident, u8 code, u16 len, void *data)
327{
328 struct sk_buff *skb = l2cap_build_cmd(conn, code, ident, len, data);
329
330 BT_DBG("code 0x%2.2x", code);
331
332 if (!skb)
333 return -ENOMEM;
334
335 return hci_send_acl(conn->hcon, skb, 0);
336}
337
338static inline int l2cap_send_sframe(struct l2cap_pinfo *pi, u16 control)
339{
340 struct sk_buff *skb;
341 struct l2cap_hdr *lh;
342 struct l2cap_conn *conn = pi->conn;
343 int count, hlen = L2CAP_HDR_SIZE + 2;
344
345 if (pi->fcs == L2CAP_FCS_CRC16)
346 hlen += 2;
347
348 BT_DBG("pi %p, control 0x%2.2x", pi, control);
349
350 count = min_t(unsigned int, conn->mtu, hlen);
351 control |= L2CAP_CTRL_FRAME_TYPE;
352
353 skb = bt_skb_alloc(count, GFP_ATOMIC);
354 if (!skb)
355 return -ENOMEM;
356
357 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
358 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE);
359 lh->cid = cpu_to_le16(pi->dcid);
360 put_unaligned_le16(control, skb_put(skb, 2));
361
362 if (pi->fcs == L2CAP_FCS_CRC16) {
363 u16 fcs = crc16(0, (u8 *)lh, count - 2);
364 put_unaligned_le16(fcs, skb_put(skb, 2));
365 }
366
367 return hci_send_acl(pi->conn->hcon, skb, 0);
368}
369
370static inline int l2cap_send_rr_or_rnr(struct l2cap_pinfo *pi, u16 control)
371{
372 if (pi->conn_state & L2CAP_CONN_LOCAL_BUSY)
373 control |= L2CAP_SUPER_RCV_NOT_READY;
374 else
375 control |= L2CAP_SUPER_RCV_READY;
376
377 control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
378
379 return l2cap_send_sframe(pi, control);
380}
381
382static void l2cap_do_start(struct sock *sk)
383{
384 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
385
386 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) {
387 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
388 return;
389
390 if (l2cap_check_security(sk)) {
391 struct l2cap_conn_req req;
392 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
393 req.psm = l2cap_pi(sk)->psm;
394
395 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
396
397 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
398 L2CAP_CONN_REQ, sizeof(req), &req);
399 }
400 } else {
401 struct l2cap_info_req req;
402 req.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
403
404 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
405 conn->info_ident = l2cap_get_ident(conn);
406
407 mod_timer(&conn->info_timer, jiffies +
408 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
409
410 l2cap_send_cmd(conn, conn->info_ident,
411 L2CAP_INFO_REQ, sizeof(req), &req);
412 }
413}
414
415static void l2cap_send_disconn_req(struct l2cap_conn *conn, struct sock *sk)
416{
417 struct l2cap_disconn_req req;
418
419 req.dcid = cpu_to_le16(l2cap_pi(sk)->dcid);
420 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
421 l2cap_send_cmd(conn, l2cap_get_ident(conn),
422 L2CAP_DISCONN_REQ, sizeof(req), &req);
423}
424
425
426static void l2cap_conn_start(struct l2cap_conn *conn)
427{
428 struct l2cap_chan_list *l = &conn->chan_list;
429 struct sock *sk;
430
431 BT_DBG("conn %p", conn);
432
433 read_lock(&l->lock);
434
435 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
436 bh_lock_sock(sk);
437
438 if (sk->sk_type != SOCK_SEQPACKET) {
439 bh_unlock_sock(sk);
440 continue;
441 }
442
443 if (sk->sk_state == BT_CONNECT) {
444 if (l2cap_check_security(sk)) {
445 struct l2cap_conn_req req;
446 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
447 req.psm = l2cap_pi(sk)->psm;
448
449 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
450
451 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
452 L2CAP_CONN_REQ, sizeof(req), &req);
453 }
454 } else if (sk->sk_state == BT_CONNECT2) {
455 struct l2cap_conn_rsp rsp;
456 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
457 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
458
459 if (l2cap_check_security(sk)) {
460 if (bt_sk(sk)->defer_setup) {
461 struct sock *parent = bt_sk(sk)->parent;
462 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
463 rsp.status = cpu_to_le16(L2CAP_CS_AUTHOR_PEND);
464 parent->sk_data_ready(parent, 0);
465
466 } else {
467 sk->sk_state = BT_CONFIG;
468 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
469 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
470 }
471 } else {
472 rsp.result = cpu_to_le16(L2CAP_CR_PEND);
473 rsp.status = cpu_to_le16(L2CAP_CS_AUTHEN_PEND);
474 }
475
476 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
477 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
478 }
479
480 bh_unlock_sock(sk);
481 }
482
483 read_unlock(&l->lock);
484}
485
486static void l2cap_conn_ready(struct l2cap_conn *conn)
487{
488 struct l2cap_chan_list *l = &conn->chan_list;
489 struct sock *sk;
490
491 BT_DBG("conn %p", conn);
492
493 read_lock(&l->lock);
494
495 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
496 bh_lock_sock(sk);
497
498 if (sk->sk_type != SOCK_SEQPACKET) {
499 l2cap_sock_clear_timer(sk);
500 sk->sk_state = BT_CONNECTED;
501 sk->sk_state_change(sk);
502 } else if (sk->sk_state == BT_CONNECT)
503 l2cap_do_start(sk);
504
505 bh_unlock_sock(sk);
506 }
507
508 read_unlock(&l->lock);
509}
510
511
512static void l2cap_conn_unreliable(struct l2cap_conn *conn, int err)
513{
514 struct l2cap_chan_list *l = &conn->chan_list;
515 struct sock *sk;
516
517 BT_DBG("conn %p", conn);
518
519 read_lock(&l->lock);
520
521 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
522 if (l2cap_pi(sk)->force_reliable)
523 sk->sk_err = err;
524 }
525
526 read_unlock(&l->lock);
527}
528
529static void l2cap_info_timeout(unsigned long arg)
530{
531 struct l2cap_conn *conn = (void *) arg;
532
533 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
534 conn->info_ident = 0;
535
536 l2cap_conn_start(conn);
537}
538
539static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
540{
541 struct l2cap_conn *conn = hcon->l2cap_data;
542
543 if (conn || status)
544 return conn;
545
546 conn = kzalloc(sizeof(struct l2cap_conn), GFP_ATOMIC);
547 if (!conn)
548 return NULL;
549
550 hcon->l2cap_data = conn;
551 conn->hcon = hcon;
552
553 BT_DBG("hcon %p conn %p", hcon, conn);
554
555 conn->mtu = hcon->hdev->acl_mtu;
556 conn->src = &hcon->hdev->bdaddr;
557 conn->dst = &hcon->dst;
558
559 conn->feat_mask = 0;
560
561 spin_lock_init(&conn->lock);
562 rwlock_init(&conn->chan_list.lock);
563
564 setup_timer(&conn->info_timer, l2cap_info_timeout,
565 (unsigned long) conn);
566
567 conn->disc_reason = 0x13;
568
569 return conn;
570}
571
572static void l2cap_conn_del(struct hci_conn *hcon, int err)
573{
574 struct l2cap_conn *conn = hcon->l2cap_data;
575 struct sock *sk;
576
577 if (!conn)
578 return;
579
580 BT_DBG("hcon %p conn %p, err %d", hcon, conn, err);
581
582 kfree_skb(conn->rx_skb);
583
584
585 while ((sk = conn->chan_list.head)) {
586 bh_lock_sock(sk);
587 l2cap_chan_del(sk, err);
588 bh_unlock_sock(sk);
589 l2cap_sock_kill(sk);
590 }
591
592 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)
593 del_timer_sync(&conn->info_timer);
594
595 hcon->l2cap_data = NULL;
596 kfree(conn);
597}
598
599static inline void l2cap_chan_add(struct l2cap_conn *conn, struct sock *sk, struct sock *parent)
600{
601 struct l2cap_chan_list *l = &conn->chan_list;
602 write_lock_bh(&l->lock);
603 __l2cap_chan_add(conn, sk, parent);
604 write_unlock_bh(&l->lock);
605}
606
607
608static struct sock *__l2cap_get_sock_by_addr(__le16 psm, bdaddr_t *src)
609{
610 struct sock *sk;
611 struct hlist_node *node;
612 sk_for_each(sk, node, &l2cap_sk_list.head)
613 if (l2cap_pi(sk)->sport == psm && !bacmp(&bt_sk(sk)->src, src))
614 goto found;
615 sk = NULL;
616found:
617 return sk;
618}
619
620
621
622
623static struct sock *__l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
624{
625 struct sock *sk = NULL, *sk1 = NULL;
626 struct hlist_node *node;
627
628 sk_for_each(sk, node, &l2cap_sk_list.head) {
629 if (state && sk->sk_state != state)
630 continue;
631
632 if (l2cap_pi(sk)->psm == psm) {
633
634 if (!bacmp(&bt_sk(sk)->src, src))
635 break;
636
637
638 if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY))
639 sk1 = sk;
640 }
641 }
642 return node ? sk : sk1;
643}
644
645
646
647static inline struct sock *l2cap_get_sock_by_psm(int state, __le16 psm, bdaddr_t *src)
648{
649 struct sock *s;
650 read_lock(&l2cap_sk_list.lock);
651 s = __l2cap_get_sock_by_psm(state, psm, src);
652 if (s)
653 bh_lock_sock(s);
654 read_unlock(&l2cap_sk_list.lock);
655 return s;
656}
657
658static void l2cap_sock_destruct(struct sock *sk)
659{
660 BT_DBG("sk %p", sk);
661
662 skb_queue_purge(&sk->sk_receive_queue);
663 skb_queue_purge(&sk->sk_write_queue);
664}
665
666static void l2cap_sock_cleanup_listen(struct sock *parent)
667{
668 struct sock *sk;
669
670 BT_DBG("parent %p", parent);
671
672
673 while ((sk = bt_accept_dequeue(parent, NULL)))
674 l2cap_sock_close(sk);
675
676 parent->sk_state = BT_CLOSED;
677 sock_set_flag(parent, SOCK_ZAPPED);
678}
679
680
681
682
683static void l2cap_sock_kill(struct sock *sk)
684{
685 if (!sock_flag(sk, SOCK_ZAPPED) || sk->sk_socket)
686 return;
687
688 BT_DBG("sk %p state %d", sk, sk->sk_state);
689
690
691 bt_sock_unlink(&l2cap_sk_list, sk);
692 sock_set_flag(sk, SOCK_DEAD);
693 sock_put(sk);
694}
695
696static void __l2cap_sock_close(struct sock *sk, int reason)
697{
698 BT_DBG("sk %p state %d socket %p", sk, sk->sk_state, sk->sk_socket);
699
700 switch (sk->sk_state) {
701 case BT_LISTEN:
702 l2cap_sock_cleanup_listen(sk);
703 break;
704
705 case BT_CONNECTED:
706 case BT_CONFIG:
707 if (sk->sk_type == SOCK_SEQPACKET) {
708 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
709
710 sk->sk_state = BT_DISCONN;
711 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
712 l2cap_send_disconn_req(conn, sk);
713 } else
714 l2cap_chan_del(sk, reason);
715 break;
716
717 case BT_CONNECT2:
718 if (sk->sk_type == SOCK_SEQPACKET) {
719 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
720 struct l2cap_conn_rsp rsp;
721 __u16 result;
722
723 if (bt_sk(sk)->defer_setup)
724 result = L2CAP_CR_SEC_BLOCK;
725 else
726 result = L2CAP_CR_BAD_PSM;
727
728 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
729 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
730 rsp.result = cpu_to_le16(result);
731 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
732 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
733 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
734 } else
735 l2cap_chan_del(sk, reason);
736 break;
737
738 case BT_CONNECT:
739 case BT_DISCONN:
740 l2cap_chan_del(sk, reason);
741 break;
742
743 default:
744 sock_set_flag(sk, SOCK_ZAPPED);
745 break;
746 }
747}
748
749
750static void l2cap_sock_close(struct sock *sk)
751{
752 l2cap_sock_clear_timer(sk);
753 lock_sock(sk);
754 __l2cap_sock_close(sk, ECONNRESET);
755 release_sock(sk);
756 l2cap_sock_kill(sk);
757}
758
759static void l2cap_sock_init(struct sock *sk, struct sock *parent)
760{
761 struct l2cap_pinfo *pi = l2cap_pi(sk);
762
763 BT_DBG("sk %p", sk);
764
765 if (parent) {
766 sk->sk_type = parent->sk_type;
767 bt_sk(sk)->defer_setup = bt_sk(parent)->defer_setup;
768
769 pi->imtu = l2cap_pi(parent)->imtu;
770 pi->omtu = l2cap_pi(parent)->omtu;
771 pi->mode = l2cap_pi(parent)->mode;
772 pi->fcs = l2cap_pi(parent)->fcs;
773 pi->sec_level = l2cap_pi(parent)->sec_level;
774 pi->role_switch = l2cap_pi(parent)->role_switch;
775 pi->force_reliable = l2cap_pi(parent)->force_reliable;
776 } else {
777 pi->imtu = L2CAP_DEFAULT_MTU;
778 pi->omtu = 0;
779 pi->mode = L2CAP_MODE_BASIC;
780 pi->fcs = L2CAP_FCS_CRC16;
781 pi->sec_level = BT_SECURITY_LOW;
782 pi->role_switch = 0;
783 pi->force_reliable = 0;
784 }
785
786
787 pi->conf_len = 0;
788 pi->flush_to = L2CAP_DEFAULT_FLUSH_TO;
789 skb_queue_head_init(TX_QUEUE(sk));
790 skb_queue_head_init(SREJ_QUEUE(sk));
791 INIT_LIST_HEAD(SREJ_LIST(sk));
792}
793
794static struct proto l2cap_proto = {
795 .name = "L2CAP",
796 .owner = THIS_MODULE,
797 .obj_size = sizeof(struct l2cap_pinfo)
798};
799
800static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
801{
802 struct sock *sk;
803
804 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto);
805 if (!sk)
806 return NULL;
807
808 sock_init_data(sock, sk);
809 INIT_LIST_HEAD(&bt_sk(sk)->accept_q);
810
811 sk->sk_destruct = l2cap_sock_destruct;
812 sk->sk_sndtimeo = msecs_to_jiffies(L2CAP_CONN_TIMEOUT);
813
814 sock_reset_flag(sk, SOCK_ZAPPED);
815
816 sk->sk_protocol = proto;
817 sk->sk_state = BT_OPEN;
818
819 setup_timer(&sk->sk_timer, l2cap_sock_timeout, (unsigned long) sk);
820
821 bt_sock_link(&l2cap_sk_list, sk);
822 return sk;
823}
824
825static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
826 int kern)
827{
828 struct sock *sk;
829
830 BT_DBG("sock %p", sock);
831
832 sock->state = SS_UNCONNECTED;
833
834 if (sock->type != SOCK_SEQPACKET &&
835 sock->type != SOCK_DGRAM && sock->type != SOCK_RAW)
836 return -ESOCKTNOSUPPORT;
837
838 if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW))
839 return -EPERM;
840
841 sock->ops = &l2cap_sock_ops;
842
843 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
844 if (!sk)
845 return -ENOMEM;
846
847 l2cap_sock_init(sk, NULL);
848 return 0;
849}
850
851static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
852{
853 struct sock *sk = sock->sk;
854 struct sockaddr_l2 la;
855 int len, err = 0;
856
857 BT_DBG("sk %p", sk);
858
859 if (!addr || addr->sa_family != AF_BLUETOOTH)
860 return -EINVAL;
861
862 memset(&la, 0, sizeof(la));
863 len = min_t(unsigned int, sizeof(la), alen);
864 memcpy(&la, addr, len);
865
866 if (la.l2_cid)
867 return -EINVAL;
868
869 lock_sock(sk);
870
871 if (sk->sk_state != BT_OPEN) {
872 err = -EBADFD;
873 goto done;
874 }
875
876 if (la.l2_psm && __le16_to_cpu(la.l2_psm) < 0x1001 &&
877 !capable(CAP_NET_BIND_SERVICE)) {
878 err = -EACCES;
879 goto done;
880 }
881
882 write_lock_bh(&l2cap_sk_list.lock);
883
884 if (la.l2_psm && __l2cap_get_sock_by_addr(la.l2_psm, &la.l2_bdaddr)) {
885 err = -EADDRINUSE;
886 } else {
887
888 bacpy(&bt_sk(sk)->src, &la.l2_bdaddr);
889 l2cap_pi(sk)->psm = la.l2_psm;
890 l2cap_pi(sk)->sport = la.l2_psm;
891 sk->sk_state = BT_BOUND;
892
893 if (__le16_to_cpu(la.l2_psm) == 0x0001 ||
894 __le16_to_cpu(la.l2_psm) == 0x0003)
895 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
896 }
897
898 write_unlock_bh(&l2cap_sk_list.lock);
899
900done:
901 release_sock(sk);
902 return err;
903}
904
905static int l2cap_do_connect(struct sock *sk)
906{
907 bdaddr_t *src = &bt_sk(sk)->src;
908 bdaddr_t *dst = &bt_sk(sk)->dst;
909 struct l2cap_conn *conn;
910 struct hci_conn *hcon;
911 struct hci_dev *hdev;
912 __u8 auth_type;
913 int err;
914
915 BT_DBG("%s -> %s psm 0x%2.2x", batostr(src), batostr(dst),
916 l2cap_pi(sk)->psm);
917
918 hdev = hci_get_route(dst, src);
919 if (!hdev)
920 return -EHOSTUNREACH;
921
922 hci_dev_lock_bh(hdev);
923
924 err = -ENOMEM;
925
926 if (sk->sk_type == SOCK_RAW) {
927 switch (l2cap_pi(sk)->sec_level) {
928 case BT_SECURITY_HIGH:
929 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
930 break;
931 case BT_SECURITY_MEDIUM:
932 auth_type = HCI_AT_DEDICATED_BONDING;
933 break;
934 default:
935 auth_type = HCI_AT_NO_BONDING;
936 break;
937 }
938 } else if (l2cap_pi(sk)->psm == cpu_to_le16(0x0001)) {
939 if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
940 auth_type = HCI_AT_NO_BONDING_MITM;
941 else
942 auth_type = HCI_AT_NO_BONDING;
943
944 if (l2cap_pi(sk)->sec_level == BT_SECURITY_LOW)
945 l2cap_pi(sk)->sec_level = BT_SECURITY_SDP;
946 } else {
947 switch (l2cap_pi(sk)->sec_level) {
948 case BT_SECURITY_HIGH:
949 auth_type = HCI_AT_GENERAL_BONDING_MITM;
950 break;
951 case BT_SECURITY_MEDIUM:
952 auth_type = HCI_AT_GENERAL_BONDING;
953 break;
954 default:
955 auth_type = HCI_AT_NO_BONDING;
956 break;
957 }
958 }
959
960 hcon = hci_connect(hdev, ACL_LINK, dst,
961 l2cap_pi(sk)->sec_level, auth_type);
962 if (!hcon)
963 goto done;
964
965 conn = l2cap_conn_add(hcon, 0);
966 if (!conn) {
967 hci_conn_put(hcon);
968 goto done;
969 }
970
971 err = 0;
972
973
974 bacpy(src, conn->src);
975
976 l2cap_chan_add(conn, sk, NULL);
977
978 sk->sk_state = BT_CONNECT;
979 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
980
981 if (hcon->state == BT_CONNECTED) {
982 if (sk->sk_type != SOCK_SEQPACKET) {
983 l2cap_sock_clear_timer(sk);
984 sk->sk_state = BT_CONNECTED;
985 } else
986 l2cap_do_start(sk);
987 }
988
989done:
990 hci_dev_unlock_bh(hdev);
991 hci_dev_put(hdev);
992 return err;
993}
994
995static int l2cap_sock_connect(struct socket *sock, struct sockaddr *addr, int alen, int flags)
996{
997 struct sock *sk = sock->sk;
998 struct sockaddr_l2 la;
999 int len, err = 0;
1000
1001 BT_DBG("sk %p", sk);
1002
1003 if (!addr || addr->sa_family != AF_BLUETOOTH)
1004 return -EINVAL;
1005
1006 memset(&la, 0, sizeof(la));
1007 len = min_t(unsigned int, sizeof(la), alen);
1008 memcpy(&la, addr, len);
1009
1010 if (la.l2_cid)
1011 return -EINVAL;
1012
1013 lock_sock(sk);
1014
1015 if (sk->sk_type == SOCK_SEQPACKET && !la.l2_psm) {
1016 err = -EINVAL;
1017 goto done;
1018 }
1019
1020 switch (l2cap_pi(sk)->mode) {
1021 case L2CAP_MODE_BASIC:
1022 break;
1023 case L2CAP_MODE_ERTM:
1024 case L2CAP_MODE_STREAMING:
1025 if (enable_ertm)
1026 break;
1027
1028 default:
1029 err = -ENOTSUPP;
1030 goto done;
1031 }
1032
1033 switch (sk->sk_state) {
1034 case BT_CONNECT:
1035 case BT_CONNECT2:
1036 case BT_CONFIG:
1037
1038 goto wait;
1039
1040 case BT_CONNECTED:
1041
1042 goto done;
1043
1044 case BT_OPEN:
1045 case BT_BOUND:
1046
1047 break;
1048
1049 default:
1050 err = -EBADFD;
1051 goto done;
1052 }
1053
1054
1055 bacpy(&bt_sk(sk)->dst, &la.l2_bdaddr);
1056 l2cap_pi(sk)->psm = la.l2_psm;
1057
1058 err = l2cap_do_connect(sk);
1059 if (err)
1060 goto done;
1061
1062wait:
1063 err = bt_sock_wait_state(sk, BT_CONNECTED,
1064 sock_sndtimeo(sk, flags & O_NONBLOCK));
1065done:
1066 release_sock(sk);
1067 return err;
1068}
1069
1070static int l2cap_sock_listen(struct socket *sock, int backlog)
1071{
1072 struct sock *sk = sock->sk;
1073 int err = 0;
1074
1075 BT_DBG("sk %p backlog %d", sk, backlog);
1076
1077 lock_sock(sk);
1078
1079 if (sk->sk_state != BT_BOUND || sock->type != SOCK_SEQPACKET) {
1080 err = -EBADFD;
1081 goto done;
1082 }
1083
1084 switch (l2cap_pi(sk)->mode) {
1085 case L2CAP_MODE_BASIC:
1086 break;
1087 case L2CAP_MODE_ERTM:
1088 case L2CAP_MODE_STREAMING:
1089 if (enable_ertm)
1090 break;
1091
1092 default:
1093 err = -ENOTSUPP;
1094 goto done;
1095 }
1096
1097 if (!l2cap_pi(sk)->psm) {
1098 bdaddr_t *src = &bt_sk(sk)->src;
1099 u16 psm;
1100
1101 err = -EINVAL;
1102
1103 write_lock_bh(&l2cap_sk_list.lock);
1104
1105 for (psm = 0x1001; psm < 0x1100; psm += 2)
1106 if (!__l2cap_get_sock_by_addr(cpu_to_le16(psm), src)) {
1107 l2cap_pi(sk)->psm = cpu_to_le16(psm);
1108 l2cap_pi(sk)->sport = cpu_to_le16(psm);
1109 err = 0;
1110 break;
1111 }
1112
1113 write_unlock_bh(&l2cap_sk_list.lock);
1114
1115 if (err < 0)
1116 goto done;
1117 }
1118
1119 sk->sk_max_ack_backlog = backlog;
1120 sk->sk_ack_backlog = 0;
1121 sk->sk_state = BT_LISTEN;
1122
1123done:
1124 release_sock(sk);
1125 return err;
1126}
1127
1128static int l2cap_sock_accept(struct socket *sock, struct socket *newsock, int flags)
1129{
1130 DECLARE_WAITQUEUE(wait, current);
1131 struct sock *sk = sock->sk, *nsk;
1132 long timeo;
1133 int err = 0;
1134
1135 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1136
1137 if (sk->sk_state != BT_LISTEN) {
1138 err = -EBADFD;
1139 goto done;
1140 }
1141
1142 timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
1143
1144 BT_DBG("sk %p timeo %ld", sk, timeo);
1145
1146
1147 add_wait_queue_exclusive(sk->sk_sleep, &wait);
1148 while (!(nsk = bt_accept_dequeue(sk, newsock))) {
1149 set_current_state(TASK_INTERRUPTIBLE);
1150 if (!timeo) {
1151 err = -EAGAIN;
1152 break;
1153 }
1154
1155 release_sock(sk);
1156 timeo = schedule_timeout(timeo);
1157 lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1158
1159 if (sk->sk_state != BT_LISTEN) {
1160 err = -EBADFD;
1161 break;
1162 }
1163
1164 if (signal_pending(current)) {
1165 err = sock_intr_errno(timeo);
1166 break;
1167 }
1168 }
1169 set_current_state(TASK_RUNNING);
1170 remove_wait_queue(sk->sk_sleep, &wait);
1171
1172 if (err)
1173 goto done;
1174
1175 newsock->state = SS_CONNECTED;
1176
1177 BT_DBG("new socket %p", nsk);
1178
1179done:
1180 release_sock(sk);
1181 return err;
1182}
1183
1184static int l2cap_sock_getname(struct socket *sock, struct sockaddr *addr, int *len, int peer)
1185{
1186 struct sockaddr_l2 *la = (struct sockaddr_l2 *) addr;
1187 struct sock *sk = sock->sk;
1188
1189 BT_DBG("sock %p, sk %p", sock, sk);
1190
1191 addr->sa_family = AF_BLUETOOTH;
1192 *len = sizeof(struct sockaddr_l2);
1193
1194 if (peer) {
1195 la->l2_psm = l2cap_pi(sk)->psm;
1196 bacpy(&la->l2_bdaddr, &bt_sk(sk)->dst);
1197 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1198 } else {
1199 la->l2_psm = l2cap_pi(sk)->sport;
1200 bacpy(&la->l2_bdaddr, &bt_sk(sk)->src);
1201 la->l2_cid = cpu_to_le16(l2cap_pi(sk)->scid);
1202 }
1203
1204 return 0;
1205}
1206
1207static void l2cap_monitor_timeout(unsigned long arg)
1208{
1209 struct sock *sk = (void *) arg;
1210 u16 control;
1211
1212 bh_lock_sock(sk);
1213 if (l2cap_pi(sk)->retry_count >= l2cap_pi(sk)->remote_max_tx) {
1214 l2cap_send_disconn_req(l2cap_pi(sk)->conn, sk);
1215 bh_unlock_sock(sk);
1216 return;
1217 }
1218
1219 l2cap_pi(sk)->retry_count++;
1220 __mod_monitor_timer();
1221
1222 control = L2CAP_CTRL_POLL;
1223 l2cap_send_rr_or_rnr(l2cap_pi(sk), control);
1224 bh_unlock_sock(sk);
1225}
1226
1227static void l2cap_retrans_timeout(unsigned long arg)
1228{
1229 struct sock *sk = (void *) arg;
1230 u16 control;
1231
1232 bh_lock_sock(sk);
1233 l2cap_pi(sk)->retry_count = 1;
1234 __mod_monitor_timer();
1235
1236 l2cap_pi(sk)->conn_state |= L2CAP_CONN_WAIT_F;
1237
1238 control = L2CAP_CTRL_POLL;
1239 l2cap_send_rr_or_rnr(l2cap_pi(sk), control);
1240 bh_unlock_sock(sk);
1241}
1242
1243static void l2cap_drop_acked_frames(struct sock *sk)
1244{
1245 struct sk_buff *skb;
1246
1247 while ((skb = skb_peek(TX_QUEUE(sk)))) {
1248 if (bt_cb(skb)->tx_seq == l2cap_pi(sk)->expected_ack_seq)
1249 break;
1250
1251 skb = skb_dequeue(TX_QUEUE(sk));
1252 kfree_skb(skb);
1253
1254 l2cap_pi(sk)->unacked_frames--;
1255 }
1256
1257 if (!l2cap_pi(sk)->unacked_frames)
1258 del_timer(&l2cap_pi(sk)->retrans_timer);
1259
1260 return;
1261}
1262
1263static inline int l2cap_do_send(struct sock *sk, struct sk_buff *skb)
1264{
1265 struct l2cap_pinfo *pi = l2cap_pi(sk);
1266 int err;
1267
1268 BT_DBG("sk %p, skb %p len %d", sk, skb, skb->len);
1269
1270 err = hci_send_acl(pi->conn->hcon, skb, 0);
1271 if (err < 0)
1272 kfree_skb(skb);
1273
1274 return err;
1275}
1276
1277static int l2cap_streaming_send(struct sock *sk)
1278{
1279 struct sk_buff *skb, *tx_skb;
1280 struct l2cap_pinfo *pi = l2cap_pi(sk);
1281 u16 control, fcs;
1282 int err;
1283
1284 while ((skb = sk->sk_send_head)) {
1285 tx_skb = skb_clone(skb, GFP_ATOMIC);
1286
1287 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1288 control |= pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT;
1289 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1290
1291 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16) {
1292 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1293 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1294 }
1295
1296 err = l2cap_do_send(sk, tx_skb);
1297 if (err < 0) {
1298 l2cap_send_disconn_req(pi->conn, sk);
1299 return err;
1300 }
1301
1302 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64;
1303
1304 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1305 sk->sk_send_head = NULL;
1306 else
1307 sk->sk_send_head = skb_queue_next(TX_QUEUE(sk), skb);
1308
1309 skb = skb_dequeue(TX_QUEUE(sk));
1310 kfree_skb(skb);
1311 }
1312 return 0;
1313}
1314
1315static int l2cap_retransmit_frame(struct sock *sk, u8 tx_seq)
1316{
1317 struct l2cap_pinfo *pi = l2cap_pi(sk);
1318 struct sk_buff *skb, *tx_skb;
1319 u16 control, fcs;
1320 int err;
1321
1322 skb = skb_peek(TX_QUEUE(sk));
1323 do {
1324 if (bt_cb(skb)->tx_seq != tx_seq) {
1325 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1326 break;
1327 skb = skb_queue_next(TX_QUEUE(sk), skb);
1328 continue;
1329 }
1330
1331 if (pi->remote_max_tx &&
1332 bt_cb(skb)->retries == pi->remote_max_tx) {
1333 l2cap_send_disconn_req(pi->conn, sk);
1334 break;
1335 }
1336
1337 tx_skb = skb_clone(skb, GFP_ATOMIC);
1338 bt_cb(skb)->retries++;
1339 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1340 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1341 | (tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1342 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1343
1344 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16) {
1345 fcs = crc16(0, (u8 *)tx_skb->data, tx_skb->len - 2);
1346 put_unaligned_le16(fcs, tx_skb->data + tx_skb->len - 2);
1347 }
1348
1349 err = l2cap_do_send(sk, tx_skb);
1350 if (err < 0) {
1351 l2cap_send_disconn_req(pi->conn, sk);
1352 return err;
1353 }
1354 break;
1355 } while(1);
1356 return 0;
1357}
1358
1359static int l2cap_ertm_send(struct sock *sk)
1360{
1361 struct sk_buff *skb, *tx_skb;
1362 struct l2cap_pinfo *pi = l2cap_pi(sk);
1363 u16 control, fcs;
1364 int err;
1365
1366 if (pi->conn_state & L2CAP_CONN_WAIT_F)
1367 return 0;
1368
1369 while ((skb = sk->sk_send_head) && (!l2cap_tx_window_full(sk)) &&
1370 !(pi->conn_state & L2CAP_CONN_REMOTE_BUSY)) {
1371
1372 if (pi->remote_max_tx &&
1373 bt_cb(skb)->retries == pi->remote_max_tx) {
1374 l2cap_send_disconn_req(pi->conn, sk);
1375 break;
1376 }
1377
1378 tx_skb = skb_clone(skb, GFP_ATOMIC);
1379
1380 bt_cb(skb)->retries++;
1381
1382 control = get_unaligned_le16(tx_skb->data + L2CAP_HDR_SIZE);
1383 control |= (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT)
1384 | (pi->next_tx_seq << L2CAP_CTRL_TXSEQ_SHIFT);
1385 put_unaligned_le16(control, tx_skb->data + L2CAP_HDR_SIZE);
1386
1387
1388 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16) {
1389 fcs = crc16(0, (u8 *)skb->data, tx_skb->len - 2);
1390 put_unaligned_le16(fcs, skb->data + tx_skb->len - 2);
1391 }
1392
1393 err = l2cap_do_send(sk, tx_skb);
1394 if (err < 0) {
1395 l2cap_send_disconn_req(pi->conn, sk);
1396 return err;
1397 }
1398 __mod_retrans_timer();
1399
1400 bt_cb(skb)->tx_seq = pi->next_tx_seq;
1401 pi->next_tx_seq = (pi->next_tx_seq + 1) % 64;
1402
1403 pi->unacked_frames++;
1404
1405 if (skb_queue_is_last(TX_QUEUE(sk), skb))
1406 sk->sk_send_head = NULL;
1407 else
1408 sk->sk_send_head = skb_queue_next(TX_QUEUE(sk), skb);
1409 }
1410
1411 return 0;
1412}
1413
1414static inline int l2cap_skbuff_fromiovec(struct sock *sk, struct msghdr *msg, int len, int count, struct sk_buff *skb)
1415{
1416 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1417 struct sk_buff **frag;
1418 int err, sent = 0;
1419
1420 if (memcpy_fromiovec(skb_put(skb, count), msg->msg_iov, count)) {
1421 return -EFAULT;
1422 }
1423
1424 sent += count;
1425 len -= count;
1426
1427
1428 frag = &skb_shinfo(skb)->frag_list;
1429 while (len) {
1430 count = min_t(unsigned int, conn->mtu, len);
1431
1432 *frag = bt_skb_send_alloc(sk, count, msg->msg_flags & MSG_DONTWAIT, &err);
1433 if (!*frag)
1434 return -EFAULT;
1435 if (memcpy_fromiovec(skb_put(*frag, count), msg->msg_iov, count))
1436 return -EFAULT;
1437
1438 sent += count;
1439 len -= count;
1440
1441 frag = &(*frag)->next;
1442 }
1443
1444 return sent;
1445}
1446
1447static struct sk_buff *l2cap_create_connless_pdu(struct sock *sk, struct msghdr *msg, size_t len)
1448{
1449 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1450 struct sk_buff *skb;
1451 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1452 struct l2cap_hdr *lh;
1453
1454 BT_DBG("sk %p len %d", sk, (int)len);
1455
1456 count = min_t(unsigned int, (conn->mtu - hlen), len);
1457 skb = bt_skb_send_alloc(sk, count + hlen,
1458 msg->msg_flags & MSG_DONTWAIT, &err);
1459 if (!skb)
1460 return ERR_PTR(-ENOMEM);
1461
1462
1463 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1464 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1465 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1466 put_unaligned_le16(l2cap_pi(sk)->psm, skb_put(skb, 2));
1467
1468 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1469 if (unlikely(err < 0)) {
1470 kfree_skb(skb);
1471 return ERR_PTR(err);
1472 }
1473 return skb;
1474}
1475
1476static struct sk_buff *l2cap_create_basic_pdu(struct sock *sk, struct msghdr *msg, size_t len)
1477{
1478 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1479 struct sk_buff *skb;
1480 int err, count, hlen = L2CAP_HDR_SIZE;
1481 struct l2cap_hdr *lh;
1482
1483 BT_DBG("sk %p len %d", sk, (int)len);
1484
1485 count = min_t(unsigned int, (conn->mtu - hlen), len);
1486 skb = bt_skb_send_alloc(sk, count + hlen,
1487 msg->msg_flags & MSG_DONTWAIT, &err);
1488 if (!skb)
1489 return ERR_PTR(-ENOMEM);
1490
1491
1492 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1493 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1494 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1495
1496 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1497 if (unlikely(err < 0)) {
1498 kfree_skb(skb);
1499 return ERR_PTR(err);
1500 }
1501 return skb;
1502}
1503
1504static struct sk_buff *l2cap_create_iframe_pdu(struct sock *sk, struct msghdr *msg, size_t len, u16 control, u16 sdulen)
1505{
1506 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
1507 struct sk_buff *skb;
1508 int err, count, hlen = L2CAP_HDR_SIZE + 2;
1509 struct l2cap_hdr *lh;
1510
1511 BT_DBG("sk %p len %d", sk, (int)len);
1512
1513 if (sdulen)
1514 hlen += 2;
1515
1516 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16)
1517 hlen += 2;
1518
1519 count = min_t(unsigned int, (conn->mtu - hlen), len);
1520 skb = bt_skb_send_alloc(sk, count + hlen,
1521 msg->msg_flags & MSG_DONTWAIT, &err);
1522 if (!skb)
1523 return ERR_PTR(-ENOMEM);
1524
1525
1526 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
1527 lh->cid = cpu_to_le16(l2cap_pi(sk)->dcid);
1528 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE));
1529 put_unaligned_le16(control, skb_put(skb, 2));
1530 if (sdulen)
1531 put_unaligned_le16(sdulen, skb_put(skb, 2));
1532
1533 err = l2cap_skbuff_fromiovec(sk, msg, len, count, skb);
1534 if (unlikely(err < 0)) {
1535 kfree_skb(skb);
1536 return ERR_PTR(err);
1537 }
1538
1539 if (l2cap_pi(sk)->fcs == L2CAP_FCS_CRC16)
1540 put_unaligned_le16(0, skb_put(skb, 2));
1541
1542 bt_cb(skb)->retries = 0;
1543 return skb;
1544}
1545
1546static inline int l2cap_sar_segment_sdu(struct sock *sk, struct msghdr *msg, size_t len)
1547{
1548 struct l2cap_pinfo *pi = l2cap_pi(sk);
1549 struct sk_buff *skb;
1550 struct sk_buff_head sar_queue;
1551 u16 control;
1552 size_t size = 0;
1553
1554 __skb_queue_head_init(&sar_queue);
1555 control = L2CAP_SDU_START;
1556 skb = l2cap_create_iframe_pdu(sk, msg, pi->max_pdu_size, control, len);
1557 if (IS_ERR(skb))
1558 return PTR_ERR(skb);
1559
1560 __skb_queue_tail(&sar_queue, skb);
1561 len -= pi->max_pdu_size;
1562 size +=pi->max_pdu_size;
1563 control = 0;
1564
1565 while (len > 0) {
1566 size_t buflen;
1567
1568 if (len > pi->max_pdu_size) {
1569 control |= L2CAP_SDU_CONTINUE;
1570 buflen = pi->max_pdu_size;
1571 } else {
1572 control |= L2CAP_SDU_END;
1573 buflen = len;
1574 }
1575
1576 skb = l2cap_create_iframe_pdu(sk, msg, buflen, control, 0);
1577 if (IS_ERR(skb)) {
1578 skb_queue_purge(&sar_queue);
1579 return PTR_ERR(skb);
1580 }
1581
1582 __skb_queue_tail(&sar_queue, skb);
1583 len -= buflen;
1584 size += buflen;
1585 control = 0;
1586 }
1587 skb_queue_splice_tail(&sar_queue, TX_QUEUE(sk));
1588 if (sk->sk_send_head == NULL)
1589 sk->sk_send_head = sar_queue.next;
1590
1591 return size;
1592}
1593
1594static int l2cap_sock_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len)
1595{
1596 struct sock *sk = sock->sk;
1597 struct l2cap_pinfo *pi = l2cap_pi(sk);
1598 struct sk_buff *skb;
1599 u16 control;
1600 int err;
1601
1602 BT_DBG("sock %p, sk %p", sock, sk);
1603
1604 err = sock_error(sk);
1605 if (err)
1606 return err;
1607
1608 if (msg->msg_flags & MSG_OOB)
1609 return -EOPNOTSUPP;
1610
1611
1612 if (sk->sk_type == SOCK_SEQPACKET && pi->mode == L2CAP_MODE_BASIC &&
1613 len > pi->omtu)
1614 return -EINVAL;
1615
1616 lock_sock(sk);
1617
1618 if (sk->sk_state != BT_CONNECTED) {
1619 err = -ENOTCONN;
1620 goto done;
1621 }
1622
1623
1624 if (sk->sk_type == SOCK_DGRAM) {
1625 skb = l2cap_create_connless_pdu(sk, msg, len);
1626 err = l2cap_do_send(sk, skb);
1627 goto done;
1628 }
1629
1630 switch (pi->mode) {
1631 case L2CAP_MODE_BASIC:
1632
1633 skb = l2cap_create_basic_pdu(sk, msg, len);
1634 if (IS_ERR(skb)) {
1635 err = PTR_ERR(skb);
1636 goto done;
1637 }
1638
1639 err = l2cap_do_send(sk, skb);
1640 if (!err)
1641 err = len;
1642 break;
1643
1644 case L2CAP_MODE_ERTM:
1645 case L2CAP_MODE_STREAMING:
1646
1647 if (len <= pi->max_pdu_size) {
1648 control = L2CAP_SDU_UNSEGMENTED;
1649 skb = l2cap_create_iframe_pdu(sk, msg, len, control, 0);
1650 if (IS_ERR(skb)) {
1651 err = PTR_ERR(skb);
1652 goto done;
1653 }
1654 __skb_queue_tail(TX_QUEUE(sk), skb);
1655 if (sk->sk_send_head == NULL)
1656 sk->sk_send_head = skb;
1657 } else {
1658
1659 err = l2cap_sar_segment_sdu(sk, msg, len);
1660 if (err < 0)
1661 goto done;
1662 }
1663
1664 if (pi->mode == L2CAP_MODE_STREAMING)
1665 err = l2cap_streaming_send(sk);
1666 else
1667 err = l2cap_ertm_send(sk);
1668
1669 if (!err)
1670 err = len;
1671 break;
1672
1673 default:
1674 BT_DBG("bad state %1.1x", pi->mode);
1675 err = -EINVAL;
1676 }
1677
1678done:
1679 release_sock(sk);
1680 return err;
1681}
1682
1683static int l2cap_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, size_t len, int flags)
1684{
1685 struct sock *sk = sock->sk;
1686
1687 lock_sock(sk);
1688
1689 if (sk->sk_state == BT_CONNECT2 && bt_sk(sk)->defer_setup) {
1690 struct l2cap_conn_rsp rsp;
1691
1692 sk->sk_state = BT_CONFIG;
1693
1694 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
1695 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
1696 rsp.result = cpu_to_le16(L2CAP_CR_SUCCESS);
1697 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
1698 l2cap_send_cmd(l2cap_pi(sk)->conn, l2cap_pi(sk)->ident,
1699 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
1700
1701 release_sock(sk);
1702 return 0;
1703 }
1704
1705 release_sock(sk);
1706
1707 return bt_sock_recvmsg(iocb, sock, msg, len, flags);
1708}
1709
1710static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __user *optval, unsigned int optlen)
1711{
1712 struct sock *sk = sock->sk;
1713 struct l2cap_options opts;
1714 int len, err = 0;
1715 u32 opt;
1716
1717 BT_DBG("sk %p", sk);
1718
1719 lock_sock(sk);
1720
1721 switch (optname) {
1722 case L2CAP_OPTIONS:
1723 opts.imtu = l2cap_pi(sk)->imtu;
1724 opts.omtu = l2cap_pi(sk)->omtu;
1725 opts.flush_to = l2cap_pi(sk)->flush_to;
1726 opts.mode = l2cap_pi(sk)->mode;
1727 opts.fcs = l2cap_pi(sk)->fcs;
1728
1729 len = min_t(unsigned int, sizeof(opts), optlen);
1730 if (copy_from_user((char *) &opts, optval, len)) {
1731 err = -EFAULT;
1732 break;
1733 }
1734
1735 l2cap_pi(sk)->imtu = opts.imtu;
1736 l2cap_pi(sk)->omtu = opts.omtu;
1737 l2cap_pi(sk)->mode = opts.mode;
1738 l2cap_pi(sk)->fcs = opts.fcs;
1739 break;
1740
1741 case L2CAP_LM:
1742 if (get_user(opt, (u32 __user *) optval)) {
1743 err = -EFAULT;
1744 break;
1745 }
1746
1747 if (opt & L2CAP_LM_AUTH)
1748 l2cap_pi(sk)->sec_level = BT_SECURITY_LOW;
1749 if (opt & L2CAP_LM_ENCRYPT)
1750 l2cap_pi(sk)->sec_level = BT_SECURITY_MEDIUM;
1751 if (opt & L2CAP_LM_SECURE)
1752 l2cap_pi(sk)->sec_level = BT_SECURITY_HIGH;
1753
1754 l2cap_pi(sk)->role_switch = (opt & L2CAP_LM_MASTER);
1755 l2cap_pi(sk)->force_reliable = (opt & L2CAP_LM_RELIABLE);
1756 break;
1757
1758 default:
1759 err = -ENOPROTOOPT;
1760 break;
1761 }
1762
1763 release_sock(sk);
1764 return err;
1765}
1766
1767static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, char __user *optval, unsigned int optlen)
1768{
1769 struct sock *sk = sock->sk;
1770 struct bt_security sec;
1771 int len, err = 0;
1772 u32 opt;
1773
1774 BT_DBG("sk %p", sk);
1775
1776 if (level == SOL_L2CAP)
1777 return l2cap_sock_setsockopt_old(sock, optname, optval, optlen);
1778
1779 if (level != SOL_BLUETOOTH)
1780 return -ENOPROTOOPT;
1781
1782 lock_sock(sk);
1783
1784 switch (optname) {
1785 case BT_SECURITY:
1786 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_RAW) {
1787 err = -EINVAL;
1788 break;
1789 }
1790
1791 sec.level = BT_SECURITY_LOW;
1792
1793 len = min_t(unsigned int, sizeof(sec), optlen);
1794 if (copy_from_user((char *) &sec, optval, len)) {
1795 err = -EFAULT;
1796 break;
1797 }
1798
1799 if (sec.level < BT_SECURITY_LOW ||
1800 sec.level > BT_SECURITY_HIGH) {
1801 err = -EINVAL;
1802 break;
1803 }
1804
1805 l2cap_pi(sk)->sec_level = sec.level;
1806 break;
1807
1808 case BT_DEFER_SETUP:
1809 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1810 err = -EINVAL;
1811 break;
1812 }
1813
1814 if (get_user(opt, (u32 __user *) optval)) {
1815 err = -EFAULT;
1816 break;
1817 }
1818
1819 bt_sk(sk)->defer_setup = opt;
1820 break;
1821
1822 default:
1823 err = -ENOPROTOOPT;
1824 break;
1825 }
1826
1827 release_sock(sk);
1828 return err;
1829}
1830
1831static int l2cap_sock_getsockopt_old(struct socket *sock, int optname, char __user *optval, int __user *optlen)
1832{
1833 struct sock *sk = sock->sk;
1834 struct l2cap_options opts;
1835 struct l2cap_conninfo cinfo;
1836 int len, err = 0;
1837 u32 opt;
1838
1839 BT_DBG("sk %p", sk);
1840
1841 if (get_user(len, optlen))
1842 return -EFAULT;
1843
1844 lock_sock(sk);
1845
1846 switch (optname) {
1847 case L2CAP_OPTIONS:
1848 opts.imtu = l2cap_pi(sk)->imtu;
1849 opts.omtu = l2cap_pi(sk)->omtu;
1850 opts.flush_to = l2cap_pi(sk)->flush_to;
1851 opts.mode = l2cap_pi(sk)->mode;
1852 opts.fcs = l2cap_pi(sk)->fcs;
1853
1854 len = min_t(unsigned int, len, sizeof(opts));
1855 if (copy_to_user(optval, (char *) &opts, len))
1856 err = -EFAULT;
1857
1858 break;
1859
1860 case L2CAP_LM:
1861 switch (l2cap_pi(sk)->sec_level) {
1862 case BT_SECURITY_LOW:
1863 opt = L2CAP_LM_AUTH;
1864 break;
1865 case BT_SECURITY_MEDIUM:
1866 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT;
1867 break;
1868 case BT_SECURITY_HIGH:
1869 opt = L2CAP_LM_AUTH | L2CAP_LM_ENCRYPT |
1870 L2CAP_LM_SECURE;
1871 break;
1872 default:
1873 opt = 0;
1874 break;
1875 }
1876
1877 if (l2cap_pi(sk)->role_switch)
1878 opt |= L2CAP_LM_MASTER;
1879
1880 if (l2cap_pi(sk)->force_reliable)
1881 opt |= L2CAP_LM_RELIABLE;
1882
1883 if (put_user(opt, (u32 __user *) optval))
1884 err = -EFAULT;
1885 break;
1886
1887 case L2CAP_CONNINFO:
1888 if (sk->sk_state != BT_CONNECTED &&
1889 !(sk->sk_state == BT_CONNECT2 &&
1890 bt_sk(sk)->defer_setup)) {
1891 err = -ENOTCONN;
1892 break;
1893 }
1894
1895 cinfo.hci_handle = l2cap_pi(sk)->conn->hcon->handle;
1896 memcpy(cinfo.dev_class, l2cap_pi(sk)->conn->hcon->dev_class, 3);
1897
1898 len = min_t(unsigned int, len, sizeof(cinfo));
1899 if (copy_to_user(optval, (char *) &cinfo, len))
1900 err = -EFAULT;
1901
1902 break;
1903
1904 default:
1905 err = -ENOPROTOOPT;
1906 break;
1907 }
1908
1909 release_sock(sk);
1910 return err;
1911}
1912
1913static int l2cap_sock_getsockopt(struct socket *sock, int level, int optname, char __user *optval, int __user *optlen)
1914{
1915 struct sock *sk = sock->sk;
1916 struct bt_security sec;
1917 int len, err = 0;
1918
1919 BT_DBG("sk %p", sk);
1920
1921 if (level == SOL_L2CAP)
1922 return l2cap_sock_getsockopt_old(sock, optname, optval, optlen);
1923
1924 if (level != SOL_BLUETOOTH)
1925 return -ENOPROTOOPT;
1926
1927 if (get_user(len, optlen))
1928 return -EFAULT;
1929
1930 lock_sock(sk);
1931
1932 switch (optname) {
1933 case BT_SECURITY:
1934 if (sk->sk_type != SOCK_SEQPACKET && sk->sk_type != SOCK_RAW) {
1935 err = -EINVAL;
1936 break;
1937 }
1938
1939 sec.level = l2cap_pi(sk)->sec_level;
1940
1941 len = min_t(unsigned int, len, sizeof(sec));
1942 if (copy_to_user(optval, (char *) &sec, len))
1943 err = -EFAULT;
1944
1945 break;
1946
1947 case BT_DEFER_SETUP:
1948 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_LISTEN) {
1949 err = -EINVAL;
1950 break;
1951 }
1952
1953 if (put_user(bt_sk(sk)->defer_setup, (u32 __user *) optval))
1954 err = -EFAULT;
1955
1956 break;
1957
1958 default:
1959 err = -ENOPROTOOPT;
1960 break;
1961 }
1962
1963 release_sock(sk);
1964 return err;
1965}
1966
1967static int l2cap_sock_shutdown(struct socket *sock, int how)
1968{
1969 struct sock *sk = sock->sk;
1970 int err = 0;
1971
1972 BT_DBG("sock %p, sk %p", sock, sk);
1973
1974 if (!sk)
1975 return 0;
1976
1977 lock_sock(sk);
1978 if (!sk->sk_shutdown) {
1979 sk->sk_shutdown = SHUTDOWN_MASK;
1980 l2cap_sock_clear_timer(sk);
1981 __l2cap_sock_close(sk, 0);
1982
1983 if (sock_flag(sk, SOCK_LINGER) && sk->sk_lingertime)
1984 err = bt_sock_wait_state(sk, BT_CLOSED,
1985 sk->sk_lingertime);
1986 }
1987 release_sock(sk);
1988 return err;
1989}
1990
1991static int l2cap_sock_release(struct socket *sock)
1992{
1993 struct sock *sk = sock->sk;
1994 int err;
1995
1996 BT_DBG("sock %p, sk %p", sock, sk);
1997
1998 if (!sk)
1999 return 0;
2000
2001 err = l2cap_sock_shutdown(sock, 2);
2002
2003 sock_orphan(sk);
2004 l2cap_sock_kill(sk);
2005 return err;
2006}
2007
2008static void l2cap_chan_ready(struct sock *sk)
2009{
2010 struct sock *parent = bt_sk(sk)->parent;
2011
2012 BT_DBG("sk %p, parent %p", sk, parent);
2013
2014 l2cap_pi(sk)->conf_state = 0;
2015 l2cap_sock_clear_timer(sk);
2016
2017 if (!parent) {
2018
2019
2020
2021 sk->sk_state = BT_CONNECTED;
2022 sk->sk_state_change(sk);
2023 } else {
2024
2025
2026
2027 parent->sk_data_ready(parent, 0);
2028 }
2029}
2030
2031
2032static void l2cap_raw_recv(struct l2cap_conn *conn, struct sk_buff *skb)
2033{
2034 struct l2cap_chan_list *l = &conn->chan_list;
2035 struct sk_buff *nskb;
2036 struct sock *sk;
2037
2038 BT_DBG("conn %p", conn);
2039
2040 read_lock(&l->lock);
2041 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
2042 if (sk->sk_type != SOCK_RAW)
2043 continue;
2044
2045
2046 if (skb->sk == sk)
2047 continue;
2048 nskb = skb_clone(skb, GFP_ATOMIC);
2049 if (!nskb)
2050 continue;
2051
2052 if (sock_queue_rcv_skb(sk, nskb))
2053 kfree_skb(nskb);
2054 }
2055 read_unlock(&l->lock);
2056}
2057
2058
2059static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn,
2060 u8 code, u8 ident, u16 dlen, void *data)
2061{
2062 struct sk_buff *skb, **frag;
2063 struct l2cap_cmd_hdr *cmd;
2064 struct l2cap_hdr *lh;
2065 int len, count;
2066
2067 BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %d",
2068 conn, code, ident, dlen);
2069
2070 len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen;
2071 count = min_t(unsigned int, conn->mtu, len);
2072
2073 skb = bt_skb_alloc(count, GFP_ATOMIC);
2074 if (!skb)
2075 return NULL;
2076
2077 lh = (struct l2cap_hdr *) skb_put(skb, L2CAP_HDR_SIZE);
2078 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen);
2079 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING);
2080
2081 cmd = (struct l2cap_cmd_hdr *) skb_put(skb, L2CAP_CMD_HDR_SIZE);
2082 cmd->code = code;
2083 cmd->ident = ident;
2084 cmd->len = cpu_to_le16(dlen);
2085
2086 if (dlen) {
2087 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE;
2088 memcpy(skb_put(skb, count), data, count);
2089 data += count;
2090 }
2091
2092 len -= skb->len;
2093
2094
2095 frag = &skb_shinfo(skb)->frag_list;
2096 while (len) {
2097 count = min_t(unsigned int, conn->mtu, len);
2098
2099 *frag = bt_skb_alloc(count, GFP_ATOMIC);
2100 if (!*frag)
2101 goto fail;
2102
2103 memcpy(skb_put(*frag, count), data, count);
2104
2105 len -= count;
2106 data += count;
2107
2108 frag = &(*frag)->next;
2109 }
2110
2111 return skb;
2112
2113fail:
2114 kfree_skb(skb);
2115 return NULL;
2116}
2117
2118static inline int l2cap_get_conf_opt(void **ptr, int *type, int *olen, unsigned long *val)
2119{
2120 struct l2cap_conf_opt *opt = *ptr;
2121 int len;
2122
2123 len = L2CAP_CONF_OPT_SIZE + opt->len;
2124 *ptr += len;
2125
2126 *type = opt->type;
2127 *olen = opt->len;
2128
2129 switch (opt->len) {
2130 case 1:
2131 *val = *((u8 *) opt->val);
2132 break;
2133
2134 case 2:
2135 *val = __le16_to_cpu(*((__le16 *) opt->val));
2136 break;
2137
2138 case 4:
2139 *val = __le32_to_cpu(*((__le32 *) opt->val));
2140 break;
2141
2142 default:
2143 *val = (unsigned long) opt->val;
2144 break;
2145 }
2146
2147 BT_DBG("type 0x%2.2x len %d val 0x%lx", *type, opt->len, *val);
2148 return len;
2149}
2150
2151static void l2cap_add_conf_opt(void **ptr, u8 type, u8 len, unsigned long val)
2152{
2153 struct l2cap_conf_opt *opt = *ptr;
2154
2155 BT_DBG("type 0x%2.2x len %d val 0x%lx", type, len, val);
2156
2157 opt->type = type;
2158 opt->len = len;
2159
2160 switch (len) {
2161 case 1:
2162 *((u8 *) opt->val) = val;
2163 break;
2164
2165 case 2:
2166 *((__le16 *) opt->val) = cpu_to_le16(val);
2167 break;
2168
2169 case 4:
2170 *((__le32 *) opt->val) = cpu_to_le32(val);
2171 break;
2172
2173 default:
2174 memcpy(opt->val, (void *) val, len);
2175 break;
2176 }
2177
2178 *ptr += L2CAP_CONF_OPT_SIZE + len;
2179}
2180
2181static inline void l2cap_ertm_init(struct sock *sk)
2182{
2183 l2cap_pi(sk)->expected_ack_seq = 0;
2184 l2cap_pi(sk)->unacked_frames = 0;
2185 l2cap_pi(sk)->buffer_seq = 0;
2186 l2cap_pi(sk)->num_to_ack = 0;
2187
2188 setup_timer(&l2cap_pi(sk)->retrans_timer,
2189 l2cap_retrans_timeout, (unsigned long) sk);
2190 setup_timer(&l2cap_pi(sk)->monitor_timer,
2191 l2cap_monitor_timeout, (unsigned long) sk);
2192
2193 __skb_queue_head_init(SREJ_QUEUE(sk));
2194}
2195
2196static int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
2197{
2198 u32 local_feat_mask = l2cap_feat_mask;
2199 if (enable_ertm)
2200 local_feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING;
2201
2202 switch (mode) {
2203 case L2CAP_MODE_ERTM:
2204 return L2CAP_FEAT_ERTM & feat_mask & local_feat_mask;
2205 case L2CAP_MODE_STREAMING:
2206 return L2CAP_FEAT_STREAMING & feat_mask & local_feat_mask;
2207 default:
2208 return 0x00;
2209 }
2210}
2211
2212static inline __u8 l2cap_select_mode(__u8 mode, __u16 remote_feat_mask)
2213{
2214 switch (mode) {
2215 case L2CAP_MODE_STREAMING:
2216 case L2CAP_MODE_ERTM:
2217 if (l2cap_mode_supported(mode, remote_feat_mask))
2218 return mode;
2219
2220 default:
2221 return L2CAP_MODE_BASIC;
2222 }
2223}
2224
2225static int l2cap_build_conf_req(struct sock *sk, void *data)
2226{
2227 struct l2cap_pinfo *pi = l2cap_pi(sk);
2228 struct l2cap_conf_req *req = data;
2229 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
2230 void *ptr = req->data;
2231
2232 BT_DBG("sk %p", sk);
2233
2234 if (pi->num_conf_req || pi->num_conf_rsp)
2235 goto done;
2236
2237 switch (pi->mode) {
2238 case L2CAP_MODE_STREAMING:
2239 case L2CAP_MODE_ERTM:
2240 pi->conf_state |= L2CAP_CONF_STATE2_DEVICE;
2241 if (!l2cap_mode_supported(pi->mode, pi->conn->feat_mask))
2242 l2cap_send_disconn_req(pi->conn, sk);
2243 break;
2244 default:
2245 pi->mode = l2cap_select_mode(rfc.mode, pi->conn->feat_mask);
2246 break;
2247 }
2248
2249done:
2250 switch (pi->mode) {
2251 case L2CAP_MODE_BASIC:
2252 if (pi->imtu != L2CAP_DEFAULT_MTU)
2253 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->imtu);
2254 break;
2255
2256 case L2CAP_MODE_ERTM:
2257 rfc.mode = L2CAP_MODE_ERTM;
2258 rfc.txwin_size = L2CAP_DEFAULT_TX_WINDOW;
2259 rfc.max_transmit = max_transmit;
2260 rfc.retrans_timeout = 0;
2261 rfc.monitor_timeout = 0;
2262 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
2263
2264 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2265 sizeof(rfc), (unsigned long) &rfc);
2266
2267 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))
2268 break;
2269
2270 if (pi->fcs == L2CAP_FCS_NONE ||
2271 pi->conf_state & L2CAP_CONF_NO_FCS_RECV) {
2272 pi->fcs = L2CAP_FCS_NONE;
2273 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs);
2274 }
2275 break;
2276
2277 case L2CAP_MODE_STREAMING:
2278 rfc.mode = L2CAP_MODE_STREAMING;
2279 rfc.txwin_size = 0;
2280 rfc.max_transmit = 0;
2281 rfc.retrans_timeout = 0;
2282 rfc.monitor_timeout = 0;
2283 rfc.max_pdu_size = cpu_to_le16(L2CAP_DEFAULT_MAX_PDU_SIZE);
2284
2285 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2286 sizeof(rfc), (unsigned long) &rfc);
2287
2288 if (!(pi->conn->feat_mask & L2CAP_FEAT_FCS))
2289 break;
2290
2291 if (pi->fcs == L2CAP_FCS_NONE ||
2292 pi->conf_state & L2CAP_CONF_NO_FCS_RECV) {
2293 pi->fcs = L2CAP_FCS_NONE;
2294 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FCS, 1, pi->fcs);
2295 }
2296 break;
2297 }
2298
2299
2300
2301
2302
2303 req->dcid = cpu_to_le16(pi->dcid);
2304 req->flags = cpu_to_le16(0);
2305
2306 return ptr - data;
2307}
2308
2309static int l2cap_parse_conf_req(struct sock *sk, void *data)
2310{
2311 struct l2cap_pinfo *pi = l2cap_pi(sk);
2312 struct l2cap_conf_rsp *rsp = data;
2313 void *ptr = rsp->data;
2314 void *req = pi->conf_req;
2315 int len = pi->conf_len;
2316 int type, hint, olen;
2317 unsigned long val;
2318 struct l2cap_conf_rfc rfc = { .mode = L2CAP_MODE_BASIC };
2319 u16 mtu = L2CAP_DEFAULT_MTU;
2320 u16 result = L2CAP_CONF_SUCCESS;
2321
2322 BT_DBG("sk %p", sk);
2323
2324 while (len >= L2CAP_CONF_OPT_SIZE) {
2325 len -= l2cap_get_conf_opt(&req, &type, &olen, &val);
2326
2327 hint = type & L2CAP_CONF_HINT;
2328 type &= L2CAP_CONF_MASK;
2329
2330 switch (type) {
2331 case L2CAP_CONF_MTU:
2332 mtu = val;
2333 break;
2334
2335 case L2CAP_CONF_FLUSH_TO:
2336 pi->flush_to = val;
2337 break;
2338
2339 case L2CAP_CONF_QOS:
2340 break;
2341
2342 case L2CAP_CONF_RFC:
2343 if (olen == sizeof(rfc))
2344 memcpy(&rfc, (void *) val, olen);
2345 break;
2346
2347 case L2CAP_CONF_FCS:
2348 if (val == L2CAP_FCS_NONE)
2349 pi->conf_state |= L2CAP_CONF_NO_FCS_RECV;
2350
2351 break;
2352
2353 default:
2354 if (hint)
2355 break;
2356
2357 result = L2CAP_CONF_UNKNOWN;
2358 *((u8 *) ptr++) = type;
2359 break;
2360 }
2361 }
2362
2363 if (pi->num_conf_rsp || pi->num_conf_req)
2364 goto done;
2365
2366 switch (pi->mode) {
2367 case L2CAP_MODE_STREAMING:
2368 case L2CAP_MODE_ERTM:
2369 pi->conf_state |= L2CAP_CONF_STATE2_DEVICE;
2370 if (!l2cap_mode_supported(pi->mode, pi->conn->feat_mask))
2371 return -ECONNREFUSED;
2372 break;
2373 default:
2374 pi->mode = l2cap_select_mode(rfc.mode, pi->conn->feat_mask);
2375 break;
2376 }
2377
2378done:
2379 if (pi->mode != rfc.mode) {
2380 result = L2CAP_CONF_UNACCEPT;
2381 rfc.mode = pi->mode;
2382
2383 if (pi->num_conf_rsp == 1)
2384 return -ECONNREFUSED;
2385
2386 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2387 sizeof(rfc), (unsigned long) &rfc);
2388 }
2389
2390
2391 if (result == L2CAP_CONF_SUCCESS) {
2392
2393
2394
2395 if (mtu < L2CAP_DEFAULT_MIN_MTU)
2396 result = L2CAP_CONF_UNACCEPT;
2397 else {
2398 pi->omtu = mtu;
2399 pi->conf_state |= L2CAP_CONF_MTU_DONE;
2400 }
2401 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
2402
2403 switch (rfc.mode) {
2404 case L2CAP_MODE_BASIC:
2405 pi->fcs = L2CAP_FCS_NONE;
2406 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2407 break;
2408
2409 case L2CAP_MODE_ERTM:
2410 pi->remote_tx_win = rfc.txwin_size;
2411 pi->remote_max_tx = rfc.max_transmit;
2412 pi->max_pdu_size = rfc.max_pdu_size;
2413
2414 rfc.retrans_timeout = L2CAP_DEFAULT_RETRANS_TO;
2415 rfc.monitor_timeout = L2CAP_DEFAULT_MONITOR_TO;
2416
2417 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2418
2419 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2420 sizeof(rfc), (unsigned long) &rfc);
2421
2422 break;
2423
2424 case L2CAP_MODE_STREAMING:
2425 pi->remote_tx_win = rfc.txwin_size;
2426 pi->max_pdu_size = rfc.max_pdu_size;
2427
2428 pi->conf_state |= L2CAP_CONF_MODE_DONE;
2429
2430 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2431 sizeof(rfc), (unsigned long) &rfc);
2432
2433 break;
2434
2435 default:
2436 result = L2CAP_CONF_UNACCEPT;
2437
2438 memset(&rfc, 0, sizeof(rfc));
2439 rfc.mode = pi->mode;
2440 }
2441
2442 if (result == L2CAP_CONF_SUCCESS)
2443 pi->conf_state |= L2CAP_CONF_OUTPUT_DONE;
2444 }
2445 rsp->scid = cpu_to_le16(pi->dcid);
2446 rsp->result = cpu_to_le16(result);
2447 rsp->flags = cpu_to_le16(0x0000);
2448
2449 return ptr - data;
2450}
2451
2452static int l2cap_parse_conf_rsp(struct sock *sk, void *rsp, int len, void *data, u16 *result)
2453{
2454 struct l2cap_pinfo *pi = l2cap_pi(sk);
2455 struct l2cap_conf_req *req = data;
2456 void *ptr = req->data;
2457 int type, olen;
2458 unsigned long val;
2459 struct l2cap_conf_rfc rfc;
2460
2461 BT_DBG("sk %p, rsp %p, len %d, req %p", sk, rsp, len, data);
2462
2463 while (len >= L2CAP_CONF_OPT_SIZE) {
2464 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val);
2465
2466 switch (type) {
2467 case L2CAP_CONF_MTU:
2468 if (val < L2CAP_DEFAULT_MIN_MTU) {
2469 *result = L2CAP_CONF_UNACCEPT;
2470 pi->omtu = L2CAP_DEFAULT_MIN_MTU;
2471 } else
2472 pi->omtu = val;
2473 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, pi->omtu);
2474 break;
2475
2476 case L2CAP_CONF_FLUSH_TO:
2477 pi->flush_to = val;
2478 l2cap_add_conf_opt(&ptr, L2CAP_CONF_FLUSH_TO,
2479 2, pi->flush_to);
2480 break;
2481
2482 case L2CAP_CONF_RFC:
2483 if (olen == sizeof(rfc))
2484 memcpy(&rfc, (void *)val, olen);
2485
2486 if ((pi->conf_state & L2CAP_CONF_STATE2_DEVICE) &&
2487 rfc.mode != pi->mode)
2488 return -ECONNREFUSED;
2489
2490 pi->mode = rfc.mode;
2491 pi->fcs = 0;
2492
2493 l2cap_add_conf_opt(&ptr, L2CAP_CONF_RFC,
2494 sizeof(rfc), (unsigned long) &rfc);
2495 break;
2496 }
2497 }
2498
2499 if (*result == L2CAP_CONF_SUCCESS) {
2500 switch (rfc.mode) {
2501 case L2CAP_MODE_ERTM:
2502 pi->remote_tx_win = rfc.txwin_size;
2503 pi->retrans_timeout = rfc.retrans_timeout;
2504 pi->monitor_timeout = rfc.monitor_timeout;
2505 pi->max_pdu_size = le16_to_cpu(rfc.max_pdu_size);
2506 break;
2507 case L2CAP_MODE_STREAMING:
2508 pi->max_pdu_size = le16_to_cpu(rfc.max_pdu_size);
2509 break;
2510 }
2511 }
2512
2513 req->dcid = cpu_to_le16(pi->dcid);
2514 req->flags = cpu_to_le16(0x0000);
2515
2516 return ptr - data;
2517}
2518
2519static int l2cap_build_conf_rsp(struct sock *sk, void *data, u16 result, u16 flags)
2520{
2521 struct l2cap_conf_rsp *rsp = data;
2522 void *ptr = rsp->data;
2523
2524 BT_DBG("sk %p", sk);
2525
2526 rsp->scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2527 rsp->result = cpu_to_le16(result);
2528 rsp->flags = cpu_to_le16(flags);
2529
2530 return ptr - data;
2531}
2532
2533static inline int l2cap_command_rej(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2534{
2535 struct l2cap_cmd_rej *rej = (struct l2cap_cmd_rej *) data;
2536
2537 if (rej->reason != 0x0000)
2538 return 0;
2539
2540 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) &&
2541 cmd->ident == conn->info_ident) {
2542 del_timer(&conn->info_timer);
2543
2544 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
2545 conn->info_ident = 0;
2546
2547 l2cap_conn_start(conn);
2548 }
2549
2550 return 0;
2551}
2552
2553static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2554{
2555 struct l2cap_chan_list *list = &conn->chan_list;
2556 struct l2cap_conn_req *req = (struct l2cap_conn_req *) data;
2557 struct l2cap_conn_rsp rsp;
2558 struct sock *sk, *parent;
2559 int result, status = L2CAP_CS_NO_INFO;
2560
2561 u16 dcid = 0, scid = __le16_to_cpu(req->scid);
2562 __le16 psm = req->psm;
2563
2564 BT_DBG("psm 0x%2.2x scid 0x%4.4x", psm, scid);
2565
2566
2567 parent = l2cap_get_sock_by_psm(BT_LISTEN, psm, conn->src);
2568 if (!parent) {
2569 result = L2CAP_CR_BAD_PSM;
2570 goto sendresp;
2571 }
2572
2573
2574 if (psm != cpu_to_le16(0x0001) &&
2575 !hci_conn_check_link_mode(conn->hcon)) {
2576 conn->disc_reason = 0x05;
2577 result = L2CAP_CR_SEC_BLOCK;
2578 goto response;
2579 }
2580
2581 result = L2CAP_CR_NO_MEM;
2582
2583
2584 if (sk_acceptq_is_full(parent)) {
2585 BT_DBG("backlog full %d", parent->sk_ack_backlog);
2586 goto response;
2587 }
2588
2589 sk = l2cap_sock_alloc(sock_net(parent), NULL, BTPROTO_L2CAP, GFP_ATOMIC);
2590 if (!sk)
2591 goto response;
2592
2593 write_lock_bh(&list->lock);
2594
2595
2596 if (__l2cap_get_chan_by_dcid(list, scid)) {
2597 write_unlock_bh(&list->lock);
2598 sock_set_flag(sk, SOCK_ZAPPED);
2599 l2cap_sock_kill(sk);
2600 goto response;
2601 }
2602
2603 hci_conn_hold(conn->hcon);
2604
2605 l2cap_sock_init(sk, parent);
2606 bacpy(&bt_sk(sk)->src, conn->src);
2607 bacpy(&bt_sk(sk)->dst, conn->dst);
2608 l2cap_pi(sk)->psm = psm;
2609 l2cap_pi(sk)->dcid = scid;
2610
2611 __l2cap_chan_add(conn, sk, parent);
2612 dcid = l2cap_pi(sk)->scid;
2613
2614 l2cap_sock_set_timer(sk, sk->sk_sndtimeo);
2615
2616 l2cap_pi(sk)->ident = cmd->ident;
2617
2618 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) {
2619 if (l2cap_check_security(sk)) {
2620 if (bt_sk(sk)->defer_setup) {
2621 sk->sk_state = BT_CONNECT2;
2622 result = L2CAP_CR_PEND;
2623 status = L2CAP_CS_AUTHOR_PEND;
2624 parent->sk_data_ready(parent, 0);
2625 } else {
2626 sk->sk_state = BT_CONFIG;
2627 result = L2CAP_CR_SUCCESS;
2628 status = L2CAP_CS_NO_INFO;
2629 }
2630 } else {
2631 sk->sk_state = BT_CONNECT2;
2632 result = L2CAP_CR_PEND;
2633 status = L2CAP_CS_AUTHEN_PEND;
2634 }
2635 } else {
2636 sk->sk_state = BT_CONNECT2;
2637 result = L2CAP_CR_PEND;
2638 status = L2CAP_CS_NO_INFO;
2639 }
2640
2641 write_unlock_bh(&list->lock);
2642
2643response:
2644 bh_unlock_sock(parent);
2645
2646sendresp:
2647 rsp.scid = cpu_to_le16(scid);
2648 rsp.dcid = cpu_to_le16(dcid);
2649 rsp.result = cpu_to_le16(result);
2650 rsp.status = cpu_to_le16(status);
2651 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
2652
2653 if (result == L2CAP_CR_PEND && status == L2CAP_CS_NO_INFO) {
2654 struct l2cap_info_req info;
2655 info.type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2656
2657 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT;
2658 conn->info_ident = l2cap_get_ident(conn);
2659
2660 mod_timer(&conn->info_timer, jiffies +
2661 msecs_to_jiffies(L2CAP_INFO_TIMEOUT));
2662
2663 l2cap_send_cmd(conn, conn->info_ident,
2664 L2CAP_INFO_REQ, sizeof(info), &info);
2665 }
2666
2667 return 0;
2668}
2669
2670static inline int l2cap_connect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2671{
2672 struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
2673 u16 scid, dcid, result, status;
2674 struct sock *sk;
2675 u8 req[128];
2676
2677 scid = __le16_to_cpu(rsp->scid);
2678 dcid = __le16_to_cpu(rsp->dcid);
2679 result = __le16_to_cpu(rsp->result);
2680 status = __le16_to_cpu(rsp->status);
2681
2682 BT_DBG("dcid 0x%4.4x scid 0x%4.4x result 0x%2.2x status 0x%2.2x", dcid, scid, result, status);
2683
2684 if (scid) {
2685 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2686 if (!sk)
2687 return 0;
2688 } else {
2689 sk = l2cap_get_chan_by_ident(&conn->chan_list, cmd->ident);
2690 if (!sk)
2691 return 0;
2692 }
2693
2694 switch (result) {
2695 case L2CAP_CR_SUCCESS:
2696 sk->sk_state = BT_CONFIG;
2697 l2cap_pi(sk)->ident = 0;
2698 l2cap_pi(sk)->dcid = dcid;
2699 l2cap_pi(sk)->conf_state |= L2CAP_CONF_REQ_SENT;
2700
2701 l2cap_pi(sk)->conf_state &= ~L2CAP_CONF_CONNECT_PEND;
2702
2703 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2704 l2cap_build_conf_req(sk, req), req);
2705 l2cap_pi(sk)->num_conf_req++;
2706 break;
2707
2708 case L2CAP_CR_PEND:
2709 l2cap_pi(sk)->conf_state |= L2CAP_CONF_CONNECT_PEND;
2710 break;
2711
2712 default:
2713 l2cap_chan_del(sk, ECONNREFUSED);
2714 break;
2715 }
2716
2717 bh_unlock_sock(sk);
2718 return 0;
2719}
2720
2721static inline int l2cap_config_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
2722{
2723 struct l2cap_conf_req *req = (struct l2cap_conf_req *) data;
2724 u16 dcid, flags;
2725 u8 rsp[64];
2726 struct sock *sk;
2727 int len;
2728
2729 dcid = __le16_to_cpu(req->dcid);
2730 flags = __le16_to_cpu(req->flags);
2731
2732 BT_DBG("dcid 0x%4.4x flags 0x%2.2x", dcid, flags);
2733
2734 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
2735 if (!sk)
2736 return -ENOENT;
2737
2738 if (sk->sk_state == BT_DISCONN)
2739 goto unlock;
2740
2741
2742 len = cmd_len - sizeof(*req);
2743 if (l2cap_pi(sk)->conf_len + len > sizeof(l2cap_pi(sk)->conf_req)) {
2744 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2745 l2cap_build_conf_rsp(sk, rsp,
2746 L2CAP_CONF_REJECT, flags), rsp);
2747 goto unlock;
2748 }
2749
2750
2751 memcpy(l2cap_pi(sk)->conf_req + l2cap_pi(sk)->conf_len, req->data, len);
2752 l2cap_pi(sk)->conf_len += len;
2753
2754 if (flags & 0x0001) {
2755
2756 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
2757 l2cap_build_conf_rsp(sk, rsp,
2758 L2CAP_CONF_SUCCESS, 0x0001), rsp);
2759 goto unlock;
2760 }
2761
2762
2763 len = l2cap_parse_conf_req(sk, rsp);
2764 if (len < 0) {
2765 l2cap_send_disconn_req(conn, sk);
2766 goto unlock;
2767 }
2768
2769 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp);
2770 l2cap_pi(sk)->num_conf_rsp++;
2771
2772
2773 l2cap_pi(sk)->conf_len = 0;
2774
2775 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE))
2776 goto unlock;
2777
2778 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_INPUT_DONE) {
2779 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_NO_FCS_RECV) ||
2780 l2cap_pi(sk)->fcs != L2CAP_FCS_NONE)
2781 l2cap_pi(sk)->fcs = L2CAP_FCS_CRC16;
2782
2783 sk->sk_state = BT_CONNECTED;
2784
2785 l2cap_pi(sk)->next_tx_seq = 0;
2786 l2cap_pi(sk)->expected_tx_seq = 0;
2787 __skb_queue_head_init(TX_QUEUE(sk));
2788 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
2789 l2cap_ertm_init(sk);
2790
2791 l2cap_chan_ready(sk);
2792 goto unlock;
2793 }
2794
2795 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_REQ_SENT)) {
2796 u8 buf[64];
2797 l2cap_send_cmd(conn, l2cap_get_ident(conn), L2CAP_CONF_REQ,
2798 l2cap_build_conf_req(sk, buf), buf);
2799 l2cap_pi(sk)->num_conf_req++;
2800 }
2801
2802unlock:
2803 bh_unlock_sock(sk);
2804 return 0;
2805}
2806
2807static inline int l2cap_config_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2808{
2809 struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
2810 u16 scid, flags, result;
2811 struct sock *sk;
2812
2813 scid = __le16_to_cpu(rsp->scid);
2814 flags = __le16_to_cpu(rsp->flags);
2815 result = __le16_to_cpu(rsp->result);
2816
2817 BT_DBG("scid 0x%4.4x flags 0x%2.2x result 0x%2.2x",
2818 scid, flags, result);
2819
2820 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2821 if (!sk)
2822 return 0;
2823
2824 switch (result) {
2825 case L2CAP_CONF_SUCCESS:
2826 break;
2827
2828 case L2CAP_CONF_UNACCEPT:
2829 if (l2cap_pi(sk)->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
2830 int len = cmd->len - sizeof(*rsp);
2831 char req[64];
2832
2833
2834 result = L2CAP_CONF_SUCCESS;
2835 len = l2cap_parse_conf_rsp(sk, rsp->data,
2836 len, req, &result);
2837 if (len < 0) {
2838 l2cap_send_disconn_req(conn, sk);
2839 goto done;
2840 }
2841
2842 l2cap_send_cmd(conn, l2cap_get_ident(conn),
2843 L2CAP_CONF_REQ, len, req);
2844 l2cap_pi(sk)->num_conf_req++;
2845 if (result != L2CAP_CONF_SUCCESS)
2846 goto done;
2847 break;
2848 }
2849
2850 default:
2851 sk->sk_state = BT_DISCONN;
2852 sk->sk_err = ECONNRESET;
2853 l2cap_sock_set_timer(sk, HZ * 5);
2854 l2cap_send_disconn_req(conn, sk);
2855 goto done;
2856 }
2857
2858 if (flags & 0x01)
2859 goto done;
2860
2861 l2cap_pi(sk)->conf_state |= L2CAP_CONF_INPUT_DONE;
2862
2863 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_OUTPUT_DONE) {
2864 if (!(l2cap_pi(sk)->conf_state & L2CAP_CONF_NO_FCS_RECV) ||
2865 l2cap_pi(sk)->fcs != L2CAP_FCS_NONE)
2866 l2cap_pi(sk)->fcs = L2CAP_FCS_CRC16;
2867
2868 sk->sk_state = BT_CONNECTED;
2869 l2cap_pi(sk)->next_tx_seq = 0;
2870 l2cap_pi(sk)->expected_tx_seq = 0;
2871 __skb_queue_head_init(TX_QUEUE(sk));
2872 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM)
2873 l2cap_ertm_init(sk);
2874
2875 l2cap_chan_ready(sk);
2876 }
2877
2878done:
2879 bh_unlock_sock(sk);
2880 return 0;
2881}
2882
2883static inline int l2cap_disconnect_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2884{
2885 struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
2886 struct l2cap_disconn_rsp rsp;
2887 u16 dcid, scid;
2888 struct sock *sk;
2889
2890 scid = __le16_to_cpu(req->scid);
2891 dcid = __le16_to_cpu(req->dcid);
2892
2893 BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
2894
2895 sk = l2cap_get_chan_by_scid(&conn->chan_list, dcid);
2896 if (!sk)
2897 return 0;
2898
2899 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
2900 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
2901 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
2902
2903 sk->sk_shutdown = SHUTDOWN_MASK;
2904
2905 skb_queue_purge(TX_QUEUE(sk));
2906
2907 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
2908 skb_queue_purge(SREJ_QUEUE(sk));
2909 del_timer(&l2cap_pi(sk)->retrans_timer);
2910 del_timer(&l2cap_pi(sk)->monitor_timer);
2911 }
2912
2913 l2cap_chan_del(sk, ECONNRESET);
2914 bh_unlock_sock(sk);
2915
2916 l2cap_sock_kill(sk);
2917 return 0;
2918}
2919
2920static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2921{
2922 struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
2923 u16 dcid, scid;
2924 struct sock *sk;
2925
2926 scid = __le16_to_cpu(rsp->scid);
2927 dcid = __le16_to_cpu(rsp->dcid);
2928
2929 BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
2930
2931 sk = l2cap_get_chan_by_scid(&conn->chan_list, scid);
2932 if (!sk)
2933 return 0;
2934
2935 skb_queue_purge(TX_QUEUE(sk));
2936
2937 if (l2cap_pi(sk)->mode == L2CAP_MODE_ERTM) {
2938 skb_queue_purge(SREJ_QUEUE(sk));
2939 del_timer(&l2cap_pi(sk)->retrans_timer);
2940 del_timer(&l2cap_pi(sk)->monitor_timer);
2941 }
2942
2943 l2cap_chan_del(sk, 0);
2944 bh_unlock_sock(sk);
2945
2946 l2cap_sock_kill(sk);
2947 return 0;
2948}
2949
2950static inline int l2cap_information_req(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2951{
2952 struct l2cap_info_req *req = (struct l2cap_info_req *) data;
2953 u16 type;
2954
2955 type = __le16_to_cpu(req->type);
2956
2957 BT_DBG("type 0x%4.4x", type);
2958
2959 if (type == L2CAP_IT_FEAT_MASK) {
2960 u8 buf[8];
2961 u32 feat_mask = l2cap_feat_mask;
2962 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2963 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK);
2964 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2965 if (enable_ertm)
2966 feat_mask |= L2CAP_FEAT_ERTM | L2CAP_FEAT_STREAMING
2967 | L2CAP_FEAT_FCS;
2968 put_unaligned_le32(feat_mask, rsp->data);
2969 l2cap_send_cmd(conn, cmd->ident,
2970 L2CAP_INFO_RSP, sizeof(buf), buf);
2971 } else if (type == L2CAP_IT_FIXED_CHAN) {
2972 u8 buf[12];
2973 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) buf;
2974 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
2975 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS);
2976 memcpy(buf + 4, l2cap_fixed_chan, 8);
2977 l2cap_send_cmd(conn, cmd->ident,
2978 L2CAP_INFO_RSP, sizeof(buf), buf);
2979 } else {
2980 struct l2cap_info_rsp rsp;
2981 rsp.type = cpu_to_le16(type);
2982 rsp.result = cpu_to_le16(L2CAP_IR_NOTSUPP);
2983 l2cap_send_cmd(conn, cmd->ident,
2984 L2CAP_INFO_RSP, sizeof(rsp), &rsp);
2985 }
2986
2987 return 0;
2988}
2989
2990static inline int l2cap_information_rsp(struct l2cap_conn *conn, struct l2cap_cmd_hdr *cmd, u8 *data)
2991{
2992 struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
2993 u16 type, result;
2994
2995 type = __le16_to_cpu(rsp->type);
2996 result = __le16_to_cpu(rsp->result);
2997
2998 BT_DBG("type 0x%4.4x result 0x%2.2x", type, result);
2999
3000 del_timer(&conn->info_timer);
3001
3002 if (type == L2CAP_IT_FEAT_MASK) {
3003 conn->feat_mask = get_unaligned_le32(rsp->data);
3004
3005 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) {
3006 struct l2cap_info_req req;
3007 req.type = cpu_to_le16(L2CAP_IT_FIXED_CHAN);
3008
3009 conn->info_ident = l2cap_get_ident(conn);
3010
3011 l2cap_send_cmd(conn, conn->info_ident,
3012 L2CAP_INFO_REQ, sizeof(req), &req);
3013 } else {
3014 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3015 conn->info_ident = 0;
3016
3017 l2cap_conn_start(conn);
3018 }
3019 } else if (type == L2CAP_IT_FIXED_CHAN) {
3020 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE;
3021 conn->info_ident = 0;
3022
3023 l2cap_conn_start(conn);
3024 }
3025
3026 return 0;
3027}
3028
3029static inline void l2cap_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb)
3030{
3031 u8 *data = skb->data;
3032 int len = skb->len;
3033 struct l2cap_cmd_hdr cmd;
3034 int err = 0;
3035
3036 l2cap_raw_recv(conn, skb);
3037
3038 while (len >= L2CAP_CMD_HDR_SIZE) {
3039 u16 cmd_len;
3040 memcpy(&cmd, data, L2CAP_CMD_HDR_SIZE);
3041 data += L2CAP_CMD_HDR_SIZE;
3042 len -= L2CAP_CMD_HDR_SIZE;
3043
3044 cmd_len = le16_to_cpu(cmd.len);
3045
3046 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd.code, cmd_len, cmd.ident);
3047
3048 if (cmd_len > len || !cmd.ident) {
3049 BT_DBG("corrupted command");
3050 break;
3051 }
3052
3053 switch (cmd.code) {
3054 case L2CAP_COMMAND_REJ:
3055 l2cap_command_rej(conn, &cmd, data);
3056 break;
3057
3058 case L2CAP_CONN_REQ:
3059 err = l2cap_connect_req(conn, &cmd, data);
3060 break;
3061
3062 case L2CAP_CONN_RSP:
3063 err = l2cap_connect_rsp(conn, &cmd, data);
3064 break;
3065
3066 case L2CAP_CONF_REQ:
3067 err = l2cap_config_req(conn, &cmd, cmd_len, data);
3068 break;
3069
3070 case L2CAP_CONF_RSP:
3071 err = l2cap_config_rsp(conn, &cmd, data);
3072 break;
3073
3074 case L2CAP_DISCONN_REQ:
3075 err = l2cap_disconnect_req(conn, &cmd, data);
3076 break;
3077
3078 case L2CAP_DISCONN_RSP:
3079 err = l2cap_disconnect_rsp(conn, &cmd, data);
3080 break;
3081
3082 case L2CAP_ECHO_REQ:
3083 l2cap_send_cmd(conn, cmd.ident, L2CAP_ECHO_RSP, cmd_len, data);
3084 break;
3085
3086 case L2CAP_ECHO_RSP:
3087 break;
3088
3089 case L2CAP_INFO_REQ:
3090 err = l2cap_information_req(conn, &cmd, data);
3091 break;
3092
3093 case L2CAP_INFO_RSP:
3094 err = l2cap_information_rsp(conn, &cmd, data);
3095 break;
3096
3097 default:
3098 BT_ERR("Unknown signaling command 0x%2.2x", cmd.code);
3099 err = -EINVAL;
3100 break;
3101 }
3102
3103 if (err) {
3104 struct l2cap_cmd_rej rej;
3105 BT_DBG("error %d", err);
3106
3107
3108 rej.reason = cpu_to_le16(0);
3109 l2cap_send_cmd(conn, cmd.ident, L2CAP_COMMAND_REJ, sizeof(rej), &rej);
3110 }
3111
3112 data += cmd_len;
3113 len -= cmd_len;
3114 }
3115
3116 kfree_skb(skb);
3117}
3118
3119static int l2cap_check_fcs(struct l2cap_pinfo *pi, struct sk_buff *skb)
3120{
3121 u16 our_fcs, rcv_fcs;
3122 int hdr_size = L2CAP_HDR_SIZE + 2;
3123
3124 if (pi->fcs == L2CAP_FCS_CRC16) {
3125 skb_trim(skb, skb->len - 2);
3126 rcv_fcs = get_unaligned_le16(skb->data + skb->len);
3127 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size);
3128
3129 if (our_fcs != rcv_fcs)
3130 return -EINVAL;
3131 }
3132 return 0;
3133}
3134
3135static void l2cap_add_to_srej_queue(struct sock *sk, struct sk_buff *skb, u8 tx_seq, u8 sar)
3136{
3137 struct sk_buff *next_skb;
3138
3139 bt_cb(skb)->tx_seq = tx_seq;
3140 bt_cb(skb)->sar = sar;
3141
3142 next_skb = skb_peek(SREJ_QUEUE(sk));
3143 if (!next_skb) {
3144 __skb_queue_tail(SREJ_QUEUE(sk), skb);
3145 return;
3146 }
3147
3148 do {
3149 if (bt_cb(next_skb)->tx_seq > tx_seq) {
3150 __skb_queue_before(SREJ_QUEUE(sk), next_skb, skb);
3151 return;
3152 }
3153
3154 if (skb_queue_is_last(SREJ_QUEUE(sk), next_skb))
3155 break;
3156
3157 } while((next_skb = skb_queue_next(SREJ_QUEUE(sk), next_skb)));
3158
3159 __skb_queue_tail(SREJ_QUEUE(sk), skb);
3160}
3161
3162static int l2cap_sar_reassembly_sdu(struct sock *sk, struct sk_buff *skb, u16 control)
3163{
3164 struct l2cap_pinfo *pi = l2cap_pi(sk);
3165 struct sk_buff *_skb;
3166 int err = -EINVAL;
3167
3168 switch (control & L2CAP_CTRL_SAR) {
3169 case L2CAP_SDU_UNSEGMENTED:
3170 if (pi->conn_state & L2CAP_CONN_SAR_SDU) {
3171 kfree_skb(pi->sdu);
3172 break;
3173 }
3174
3175 err = sock_queue_rcv_skb(sk, skb);
3176 if (!err)
3177 return 0;
3178
3179 break;
3180
3181 case L2CAP_SDU_START:
3182 if (pi->conn_state & L2CAP_CONN_SAR_SDU) {
3183 kfree_skb(pi->sdu);
3184 break;
3185 }
3186
3187 pi->sdu_len = get_unaligned_le16(skb->data);
3188 skb_pull(skb, 2);
3189
3190 pi->sdu = bt_skb_alloc(pi->sdu_len, GFP_ATOMIC);
3191 if (!pi->sdu) {
3192 err = -ENOMEM;
3193 break;
3194 }
3195
3196 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3197
3198 pi->conn_state |= L2CAP_CONN_SAR_SDU;
3199 pi->partial_sdu_len = skb->len;
3200 err = 0;
3201 break;
3202
3203 case L2CAP_SDU_CONTINUE:
3204 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3205 break;
3206
3207 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3208
3209 pi->partial_sdu_len += skb->len;
3210 if (pi->partial_sdu_len > pi->sdu_len)
3211 kfree_skb(pi->sdu);
3212 else
3213 err = 0;
3214
3215 break;
3216
3217 case L2CAP_SDU_END:
3218 if (!(pi->conn_state & L2CAP_CONN_SAR_SDU))
3219 break;
3220
3221 memcpy(skb_put(pi->sdu, skb->len), skb->data, skb->len);
3222
3223 pi->conn_state &= ~L2CAP_CONN_SAR_SDU;
3224 pi->partial_sdu_len += skb->len;
3225
3226 if (pi->partial_sdu_len == pi->sdu_len) {
3227 _skb = skb_clone(pi->sdu, GFP_ATOMIC);
3228 err = sock_queue_rcv_skb(sk, _skb);
3229 if (err < 0)
3230 kfree_skb(_skb);
3231 }
3232 kfree_skb(pi->sdu);
3233 err = 0;
3234
3235 break;
3236 }
3237
3238 kfree_skb(skb);
3239 return err;
3240}
3241
3242static void l2cap_check_srej_gap(struct sock *sk, u8 tx_seq)
3243{
3244 struct sk_buff *skb;
3245 u16 control = 0;
3246
3247 while((skb = skb_peek(SREJ_QUEUE(sk)))) {
3248 if (bt_cb(skb)->tx_seq != tx_seq)
3249 break;
3250
3251 skb = skb_dequeue(SREJ_QUEUE(sk));
3252 control |= bt_cb(skb)->sar << L2CAP_CTRL_SAR_SHIFT;
3253 l2cap_sar_reassembly_sdu(sk, skb, control);
3254 l2cap_pi(sk)->buffer_seq_srej =
3255 (l2cap_pi(sk)->buffer_seq_srej + 1) % 64;
3256 tx_seq++;
3257 }
3258}
3259
3260static void l2cap_resend_srejframe(struct sock *sk, u8 tx_seq)
3261{
3262 struct l2cap_pinfo *pi = l2cap_pi(sk);
3263 struct srej_list *l, *tmp;
3264 u16 control;
3265
3266 list_for_each_entry_safe(l,tmp, SREJ_LIST(sk), list) {
3267 if (l->tx_seq == tx_seq) {
3268 list_del(&l->list);
3269 kfree(l);
3270 return;
3271 }
3272 control = L2CAP_SUPER_SELECT_REJECT;
3273 control |= l->tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3274 l2cap_send_sframe(pi, control);
3275 list_del(&l->list);
3276 list_add_tail(&l->list, SREJ_LIST(sk));
3277 }
3278}
3279
3280static void l2cap_send_srejframe(struct sock *sk, u8 tx_seq)
3281{
3282 struct l2cap_pinfo *pi = l2cap_pi(sk);
3283 struct srej_list *new;
3284 u16 control;
3285
3286 while (tx_seq != pi->expected_tx_seq) {
3287 control = L2CAP_SUPER_SELECT_REJECT;
3288 control |= pi->expected_tx_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3289 if (pi->conn_state & L2CAP_CONN_SEND_PBIT) {
3290 control |= L2CAP_CTRL_POLL;
3291 pi->conn_state &= ~L2CAP_CONN_SEND_PBIT;
3292 }
3293 l2cap_send_sframe(pi, control);
3294
3295 new = kzalloc(sizeof(struct srej_list), GFP_ATOMIC);
3296 new->tx_seq = pi->expected_tx_seq++;
3297 list_add_tail(&new->list, SREJ_LIST(sk));
3298 }
3299 pi->expected_tx_seq++;
3300}
3301
3302static inline int l2cap_data_channel_iframe(struct sock *sk, u16 rx_control, struct sk_buff *skb)
3303{
3304 struct l2cap_pinfo *pi = l2cap_pi(sk);
3305 u8 tx_seq = __get_txseq(rx_control);
3306 u8 req_seq = __get_reqseq(rx_control);
3307 u16 tx_control = 0;
3308 u8 sar = rx_control >> L2CAP_CTRL_SAR_SHIFT;
3309 int err = 0;
3310
3311 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len);
3312
3313 pi->expected_ack_seq = req_seq;
3314 l2cap_drop_acked_frames(sk);
3315
3316 if (tx_seq == pi->expected_tx_seq)
3317 goto expected;
3318
3319 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3320 struct srej_list *first;
3321
3322 first = list_first_entry(SREJ_LIST(sk),
3323 struct srej_list, list);
3324 if (tx_seq == first->tx_seq) {
3325 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3326 l2cap_check_srej_gap(sk, tx_seq);
3327
3328 list_del(&first->list);
3329 kfree(first);
3330
3331 if (list_empty(SREJ_LIST(sk))) {
3332 pi->buffer_seq = pi->buffer_seq_srej;
3333 pi->conn_state &= ~L2CAP_CONN_SREJ_SENT;
3334 }
3335 } else {
3336 struct srej_list *l;
3337 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3338
3339 list_for_each_entry(l, SREJ_LIST(sk), list) {
3340 if (l->tx_seq == tx_seq) {
3341 l2cap_resend_srejframe(sk, tx_seq);
3342 return 0;
3343 }
3344 }
3345 l2cap_send_srejframe(sk, tx_seq);
3346 }
3347 } else {
3348 pi->conn_state |= L2CAP_CONN_SREJ_SENT;
3349
3350 INIT_LIST_HEAD(SREJ_LIST(sk));
3351 pi->buffer_seq_srej = pi->buffer_seq;
3352
3353 __skb_queue_head_init(SREJ_QUEUE(sk));
3354 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3355
3356 pi->conn_state |= L2CAP_CONN_SEND_PBIT;
3357
3358 l2cap_send_srejframe(sk, tx_seq);
3359 }
3360 return 0;
3361
3362expected:
3363 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3364
3365 if (pi->conn_state & L2CAP_CONN_SREJ_SENT) {
3366 l2cap_add_to_srej_queue(sk, skb, tx_seq, sar);
3367 return 0;
3368 }
3369
3370 if (rx_control & L2CAP_CTRL_FINAL) {
3371 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
3372 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
3373 else {
3374 sk->sk_send_head = TX_QUEUE(sk)->next;
3375 pi->next_tx_seq = pi->expected_ack_seq;
3376 l2cap_ertm_send(sk);
3377 }
3378 }
3379
3380 pi->buffer_seq = (pi->buffer_seq + 1) % 64;
3381
3382 err = l2cap_sar_reassembly_sdu(sk, skb, rx_control);
3383 if (err < 0)
3384 return err;
3385
3386 pi->num_to_ack = (pi->num_to_ack + 1) % L2CAP_DEFAULT_NUM_TO_ACK;
3387 if (pi->num_to_ack == L2CAP_DEFAULT_NUM_TO_ACK - 1) {
3388 tx_control |= L2CAP_SUPER_RCV_READY;
3389 tx_control |= pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT;
3390 l2cap_send_sframe(pi, tx_control);
3391 }
3392 return 0;
3393}
3394
3395static inline int l2cap_data_channel_sframe(struct sock *sk, u16 rx_control, struct sk_buff *skb)
3396{
3397 struct l2cap_pinfo *pi = l2cap_pi(sk);
3398 u8 tx_seq = __get_reqseq(rx_control);
3399
3400 BT_DBG("sk %p rx_control 0x%4.4x len %d", sk, rx_control, skb->len);
3401
3402 switch (rx_control & L2CAP_CTRL_SUPERVISE) {
3403 case L2CAP_SUPER_RCV_READY:
3404 if (rx_control & L2CAP_CTRL_POLL) {
3405 u16 control = L2CAP_CTRL_FINAL;
3406 control |= L2CAP_SUPER_RCV_READY |
3407 (pi->buffer_seq << L2CAP_CTRL_REQSEQ_SHIFT);
3408 l2cap_send_sframe(l2cap_pi(sk), control);
3409 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3410
3411 } else if (rx_control & L2CAP_CTRL_FINAL) {
3412 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3413 pi->expected_ack_seq = tx_seq;
3414 l2cap_drop_acked_frames(sk);
3415
3416 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
3417 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
3418 else {
3419 sk->sk_send_head = TX_QUEUE(sk)->next;
3420 pi->next_tx_seq = pi->expected_ack_seq;
3421 l2cap_ertm_send(sk);
3422 }
3423
3424 if (!(pi->conn_state & L2CAP_CONN_WAIT_F))
3425 break;
3426
3427 pi->conn_state &= ~L2CAP_CONN_WAIT_F;
3428 del_timer(&pi->monitor_timer);
3429
3430 if (pi->unacked_frames > 0)
3431 __mod_retrans_timer();
3432 } else {
3433 pi->expected_ack_seq = tx_seq;
3434 l2cap_drop_acked_frames(sk);
3435
3436 if ((pi->conn_state & L2CAP_CONN_REMOTE_BUSY) &&
3437 (pi->unacked_frames > 0))
3438 __mod_retrans_timer();
3439
3440 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3441 l2cap_ertm_send(sk);
3442 }
3443 break;
3444
3445 case L2CAP_SUPER_REJECT:
3446 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3447
3448 pi->expected_ack_seq = __get_reqseq(rx_control);
3449 l2cap_drop_acked_frames(sk);
3450
3451 if (rx_control & L2CAP_CTRL_FINAL) {
3452 if (pi->conn_state & L2CAP_CONN_REJ_ACT)
3453 pi->conn_state &= ~L2CAP_CONN_REJ_ACT;
3454 else {
3455 sk->sk_send_head = TX_QUEUE(sk)->next;
3456 pi->next_tx_seq = pi->expected_ack_seq;
3457 l2cap_ertm_send(sk);
3458 }
3459 } else {
3460 sk->sk_send_head = TX_QUEUE(sk)->next;
3461 pi->next_tx_seq = pi->expected_ack_seq;
3462 l2cap_ertm_send(sk);
3463
3464 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
3465 pi->srej_save_reqseq = tx_seq;
3466 pi->conn_state |= L2CAP_CONN_REJ_ACT;
3467 }
3468 }
3469
3470 break;
3471
3472 case L2CAP_SUPER_SELECT_REJECT:
3473 pi->conn_state &= ~L2CAP_CONN_REMOTE_BUSY;
3474
3475 if (rx_control & L2CAP_CTRL_POLL) {
3476 pi->expected_ack_seq = tx_seq;
3477 l2cap_drop_acked_frames(sk);
3478 l2cap_retransmit_frame(sk, tx_seq);
3479 l2cap_ertm_send(sk);
3480 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
3481 pi->srej_save_reqseq = tx_seq;
3482 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
3483 }
3484 } else if (rx_control & L2CAP_CTRL_FINAL) {
3485 if ((pi->conn_state & L2CAP_CONN_SREJ_ACT) &&
3486 pi->srej_save_reqseq == tx_seq)
3487 pi->conn_state &= ~L2CAP_CONN_SREJ_ACT;
3488 else
3489 l2cap_retransmit_frame(sk, tx_seq);
3490 }
3491 else {
3492 l2cap_retransmit_frame(sk, tx_seq);
3493 if (pi->conn_state & L2CAP_CONN_WAIT_F) {
3494 pi->srej_save_reqseq = tx_seq;
3495 pi->conn_state |= L2CAP_CONN_SREJ_ACT;
3496 }
3497 }
3498 break;
3499
3500 case L2CAP_SUPER_RCV_NOT_READY:
3501 pi->conn_state |= L2CAP_CONN_REMOTE_BUSY;
3502 pi->expected_ack_seq = tx_seq;
3503 l2cap_drop_acked_frames(sk);
3504
3505 del_timer(&l2cap_pi(sk)->retrans_timer);
3506 if (rx_control & L2CAP_CTRL_POLL) {
3507 u16 control = L2CAP_CTRL_FINAL;
3508 l2cap_send_rr_or_rnr(l2cap_pi(sk), control);
3509 }
3510 break;
3511 }
3512
3513 return 0;
3514}
3515
3516static inline int l2cap_data_channel(struct l2cap_conn *conn, u16 cid, struct sk_buff *skb)
3517{
3518 struct sock *sk;
3519 struct l2cap_pinfo *pi;
3520 u16 control, len;
3521 u8 tx_seq;
3522
3523 sk = l2cap_get_chan_by_scid(&conn->chan_list, cid);
3524 if (!sk) {
3525 BT_DBG("unknown cid 0x%4.4x", cid);
3526 goto drop;
3527 }
3528
3529 pi = l2cap_pi(sk);
3530
3531 BT_DBG("sk %p, len %d", sk, skb->len);
3532
3533 if (sk->sk_state != BT_CONNECTED)
3534 goto drop;
3535
3536 switch (pi->mode) {
3537 case L2CAP_MODE_BASIC:
3538
3539
3540
3541
3542
3543 if (pi->imtu < skb->len)
3544 goto drop;
3545
3546 if (!sock_queue_rcv_skb(sk, skb))
3547 goto done;
3548 break;
3549
3550 case L2CAP_MODE_ERTM:
3551 control = get_unaligned_le16(skb->data);
3552 skb_pull(skb, 2);
3553 len = skb->len;
3554
3555 if (__is_sar_start(control))
3556 len -= 2;
3557
3558 if (pi->fcs == L2CAP_FCS_CRC16)
3559 len -= 2;
3560
3561
3562
3563
3564
3565
3566 if (len > L2CAP_DEFAULT_MAX_PDU_SIZE)
3567 goto drop;
3568
3569 if (l2cap_check_fcs(pi, skb))
3570 goto drop;
3571
3572 if (__is_iframe(control))
3573 l2cap_data_channel_iframe(sk, control, skb);
3574 else
3575 l2cap_data_channel_sframe(sk, control, skb);
3576
3577 goto done;
3578
3579 case L2CAP_MODE_STREAMING:
3580 control = get_unaligned_le16(skb->data);
3581 skb_pull(skb, 2);
3582 len = skb->len;
3583
3584 if (__is_sar_start(control))
3585 len -= 2;
3586
3587 if (pi->fcs == L2CAP_FCS_CRC16)
3588 len -= 2;
3589
3590 if (len > L2CAP_DEFAULT_MAX_PDU_SIZE || __is_sframe(control))
3591 goto drop;
3592
3593 if (l2cap_check_fcs(pi, skb))
3594 goto drop;
3595
3596 tx_seq = __get_txseq(control);
3597
3598 if (pi->expected_tx_seq == tx_seq)
3599 pi->expected_tx_seq = (pi->expected_tx_seq + 1) % 64;
3600 else
3601 pi->expected_tx_seq = tx_seq + 1;
3602
3603 l2cap_sar_reassembly_sdu(sk, skb, control);
3604
3605 goto done;
3606
3607 default:
3608 BT_DBG("sk %p: bad mode 0x%2.2x", sk, l2cap_pi(sk)->mode);
3609 break;
3610 }
3611
3612drop:
3613 kfree_skb(skb);
3614
3615done:
3616 if (sk)
3617 bh_unlock_sock(sk);
3618
3619 return 0;
3620}
3621
3622static inline int l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, struct sk_buff *skb)
3623{
3624 struct sock *sk;
3625
3626 sk = l2cap_get_sock_by_psm(0, psm, conn->src);
3627 if (!sk)
3628 goto drop;
3629
3630 BT_DBG("sk %p, len %d", sk, skb->len);
3631
3632 if (sk->sk_state != BT_BOUND && sk->sk_state != BT_CONNECTED)
3633 goto drop;
3634
3635 if (l2cap_pi(sk)->imtu < skb->len)
3636 goto drop;
3637
3638 if (!sock_queue_rcv_skb(sk, skb))
3639 goto done;
3640
3641drop:
3642 kfree_skb(skb);
3643
3644done:
3645 if (sk)
3646 bh_unlock_sock(sk);
3647 return 0;
3648}
3649
3650static void l2cap_recv_frame(struct l2cap_conn *conn, struct sk_buff *skb)
3651{
3652 struct l2cap_hdr *lh = (void *) skb->data;
3653 u16 cid, len;
3654 __le16 psm;
3655
3656 skb_pull(skb, L2CAP_HDR_SIZE);
3657 cid = __le16_to_cpu(lh->cid);
3658 len = __le16_to_cpu(lh->len);
3659
3660 if (len != skb->len) {
3661 kfree_skb(skb);
3662 return;
3663 }
3664
3665 BT_DBG("len %d, cid 0x%4.4x", len, cid);
3666
3667 switch (cid) {
3668 case L2CAP_CID_SIGNALING:
3669 l2cap_sig_channel(conn, skb);
3670 break;
3671
3672 case L2CAP_CID_CONN_LESS:
3673 psm = get_unaligned_le16(skb->data);
3674 skb_pull(skb, 2);
3675 l2cap_conless_channel(conn, psm, skb);
3676 break;
3677
3678 default:
3679 l2cap_data_channel(conn, cid, skb);
3680 break;
3681 }
3682}
3683
3684
3685
3686static int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
3687{
3688 int exact = 0, lm1 = 0, lm2 = 0;
3689 register struct sock *sk;
3690 struct hlist_node *node;
3691
3692 if (type != ACL_LINK)
3693 return 0;
3694
3695 BT_DBG("hdev %s, bdaddr %s", hdev->name, batostr(bdaddr));
3696
3697
3698 read_lock(&l2cap_sk_list.lock);
3699 sk_for_each(sk, node, &l2cap_sk_list.head) {
3700 if (sk->sk_state != BT_LISTEN)
3701 continue;
3702
3703 if (!bacmp(&bt_sk(sk)->src, &hdev->bdaddr)) {
3704 lm1 |= HCI_LM_ACCEPT;
3705 if (l2cap_pi(sk)->role_switch)
3706 lm1 |= HCI_LM_MASTER;
3707 exact++;
3708 } else if (!bacmp(&bt_sk(sk)->src, BDADDR_ANY)) {
3709 lm2 |= HCI_LM_ACCEPT;
3710 if (l2cap_pi(sk)->role_switch)
3711 lm2 |= HCI_LM_MASTER;
3712 }
3713 }
3714 read_unlock(&l2cap_sk_list.lock);
3715
3716 return exact ? lm1 : lm2;
3717}
3718
3719static int l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
3720{
3721 struct l2cap_conn *conn;
3722
3723 BT_DBG("hcon %p bdaddr %s status %d", hcon, batostr(&hcon->dst), status);
3724
3725 if (hcon->type != ACL_LINK)
3726 return 0;
3727
3728 if (!status) {
3729 conn = l2cap_conn_add(hcon, status);
3730 if (conn)
3731 l2cap_conn_ready(conn);
3732 } else
3733 l2cap_conn_del(hcon, bt_err(status));
3734
3735 return 0;
3736}
3737
3738static int l2cap_disconn_ind(struct hci_conn *hcon)
3739{
3740 struct l2cap_conn *conn = hcon->l2cap_data;
3741
3742 BT_DBG("hcon %p", hcon);
3743
3744 if (hcon->type != ACL_LINK || !conn)
3745 return 0x13;
3746
3747 return conn->disc_reason;
3748}
3749
3750static int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason)
3751{
3752 BT_DBG("hcon %p reason %d", hcon, reason);
3753
3754 if (hcon->type != ACL_LINK)
3755 return 0;
3756
3757 l2cap_conn_del(hcon, bt_err(reason));
3758
3759 return 0;
3760}
3761
3762static inline void l2cap_check_encryption(struct sock *sk, u8 encrypt)
3763{
3764 if (sk->sk_type != SOCK_SEQPACKET)
3765 return;
3766
3767 if (encrypt == 0x00) {
3768 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM) {
3769 l2cap_sock_clear_timer(sk);
3770 l2cap_sock_set_timer(sk, HZ * 5);
3771 } else if (l2cap_pi(sk)->sec_level == BT_SECURITY_HIGH)
3772 __l2cap_sock_close(sk, ECONNREFUSED);
3773 } else {
3774 if (l2cap_pi(sk)->sec_level == BT_SECURITY_MEDIUM)
3775 l2cap_sock_clear_timer(sk);
3776 }
3777}
3778
3779static int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt)
3780{
3781 struct l2cap_chan_list *l;
3782 struct l2cap_conn *conn = hcon->l2cap_data;
3783 struct sock *sk;
3784
3785 if (!conn)
3786 return 0;
3787
3788 l = &conn->chan_list;
3789
3790 BT_DBG("conn %p", conn);
3791
3792 read_lock(&l->lock);
3793
3794 for (sk = l->head; sk; sk = l2cap_pi(sk)->next_c) {
3795 bh_lock_sock(sk);
3796
3797 if (l2cap_pi(sk)->conf_state & L2CAP_CONF_CONNECT_PEND) {
3798 bh_unlock_sock(sk);
3799 continue;
3800 }
3801
3802 if (!status && (sk->sk_state == BT_CONNECTED ||
3803 sk->sk_state == BT_CONFIG)) {
3804 l2cap_check_encryption(sk, encrypt);
3805 bh_unlock_sock(sk);
3806 continue;
3807 }
3808
3809 if (sk->sk_state == BT_CONNECT) {
3810 if (!status) {
3811 struct l2cap_conn_req req;
3812 req.scid = cpu_to_le16(l2cap_pi(sk)->scid);
3813 req.psm = l2cap_pi(sk)->psm;
3814
3815 l2cap_pi(sk)->ident = l2cap_get_ident(conn);
3816
3817 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
3818 L2CAP_CONN_REQ, sizeof(req), &req);
3819 } else {
3820 l2cap_sock_clear_timer(sk);
3821 l2cap_sock_set_timer(sk, HZ / 10);
3822 }
3823 } else if (sk->sk_state == BT_CONNECT2) {
3824 struct l2cap_conn_rsp rsp;
3825 __u16 result;
3826
3827 if (!status) {
3828 sk->sk_state = BT_CONFIG;
3829 result = L2CAP_CR_SUCCESS;
3830 } else {
3831 sk->sk_state = BT_DISCONN;
3832 l2cap_sock_set_timer(sk, HZ / 10);
3833 result = L2CAP_CR_SEC_BLOCK;
3834 }
3835
3836 rsp.scid = cpu_to_le16(l2cap_pi(sk)->dcid);
3837 rsp.dcid = cpu_to_le16(l2cap_pi(sk)->scid);
3838 rsp.result = cpu_to_le16(result);
3839 rsp.status = cpu_to_le16(L2CAP_CS_NO_INFO);
3840 l2cap_send_cmd(conn, l2cap_pi(sk)->ident,
3841 L2CAP_CONN_RSP, sizeof(rsp), &rsp);
3842 }
3843
3844 bh_unlock_sock(sk);
3845 }
3846
3847 read_unlock(&l->lock);
3848
3849 return 0;
3850}
3851
3852static int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
3853{
3854 struct l2cap_conn *conn = hcon->l2cap_data;
3855
3856 if (!conn && !(conn = l2cap_conn_add(hcon, 0)))
3857 goto drop;
3858
3859 BT_DBG("conn %p len %d flags 0x%x", conn, skb->len, flags);
3860
3861 if (flags & ACL_START) {
3862 struct l2cap_hdr *hdr;
3863 int len;
3864
3865 if (conn->rx_len) {
3866 BT_ERR("Unexpected start frame (len %d)", skb->len);
3867 kfree_skb(conn->rx_skb);
3868 conn->rx_skb = NULL;
3869 conn->rx_len = 0;
3870 l2cap_conn_unreliable(conn, ECOMM);
3871 }
3872
3873 if (skb->len < 2) {
3874 BT_ERR("Frame is too short (len %d)", skb->len);
3875 l2cap_conn_unreliable(conn, ECOMM);
3876 goto drop;
3877 }
3878
3879 hdr = (struct l2cap_hdr *) skb->data;
3880 len = __le16_to_cpu(hdr->len) + L2CAP_HDR_SIZE;
3881
3882 if (len == skb->len) {
3883
3884 l2cap_recv_frame(conn, skb);
3885 return 0;
3886 }
3887
3888 BT_DBG("Start: total len %d, frag len %d", len, skb->len);
3889
3890 if (skb->len > len) {
3891 BT_ERR("Frame is too long (len %d, expected len %d)",
3892 skb->len, len);
3893 l2cap_conn_unreliable(conn, ECOMM);
3894 goto drop;
3895 }
3896
3897
3898 conn->rx_skb = bt_skb_alloc(len, GFP_ATOMIC);
3899 if (!conn->rx_skb)
3900 goto drop;
3901
3902 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
3903 skb->len);
3904 conn->rx_len = len - skb->len;
3905 } else {
3906 BT_DBG("Cont: frag len %d (expecting %d)", skb->len, conn->rx_len);
3907
3908 if (!conn->rx_len) {
3909 BT_ERR("Unexpected continuation frame (len %d)", skb->len);
3910 l2cap_conn_unreliable(conn, ECOMM);
3911 goto drop;
3912 }
3913
3914 if (skb->len > conn->rx_len) {
3915 BT_ERR("Fragment is too long (len %d, expected %d)",
3916 skb->len, conn->rx_len);
3917 kfree_skb(conn->rx_skb);
3918 conn->rx_skb = NULL;
3919 conn->rx_len = 0;
3920 l2cap_conn_unreliable(conn, ECOMM);
3921 goto drop;
3922 }
3923
3924 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, skb->len),
3925 skb->len);
3926 conn->rx_len -= skb->len;
3927
3928 if (!conn->rx_len) {
3929
3930 l2cap_recv_frame(conn, conn->rx_skb);
3931 conn->rx_skb = NULL;
3932 }
3933 }
3934
3935drop:
3936 kfree_skb(skb);
3937 return 0;
3938}
3939
3940static ssize_t l2cap_sysfs_show(struct class *dev, char *buf)
3941{
3942 struct sock *sk;
3943 struct hlist_node *node;
3944 char *str = buf;
3945
3946 read_lock_bh(&l2cap_sk_list.lock);
3947
3948 sk_for_each(sk, node, &l2cap_sk_list.head) {
3949 struct l2cap_pinfo *pi = l2cap_pi(sk);
3950
3951 str += sprintf(str, "%s %s %d %d 0x%4.4x 0x%4.4x %d %d %d\n",
3952 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
3953 sk->sk_state, __le16_to_cpu(pi->psm), pi->scid,
3954 pi->dcid, pi->imtu, pi->omtu, pi->sec_level);
3955 }
3956
3957 read_unlock_bh(&l2cap_sk_list.lock);
3958
3959 return str - buf;
3960}
3961
3962static CLASS_ATTR(l2cap, S_IRUGO, l2cap_sysfs_show, NULL);
3963
3964static const struct proto_ops l2cap_sock_ops = {
3965 .family = PF_BLUETOOTH,
3966 .owner = THIS_MODULE,
3967 .release = l2cap_sock_release,
3968 .bind = l2cap_sock_bind,
3969 .connect = l2cap_sock_connect,
3970 .listen = l2cap_sock_listen,
3971 .accept = l2cap_sock_accept,
3972 .getname = l2cap_sock_getname,
3973 .sendmsg = l2cap_sock_sendmsg,
3974 .recvmsg = l2cap_sock_recvmsg,
3975 .poll = bt_sock_poll,
3976 .ioctl = bt_sock_ioctl,
3977 .mmap = sock_no_mmap,
3978 .socketpair = sock_no_socketpair,
3979 .shutdown = l2cap_sock_shutdown,
3980 .setsockopt = l2cap_sock_setsockopt,
3981 .getsockopt = l2cap_sock_getsockopt
3982};
3983
3984static const struct net_proto_family l2cap_sock_family_ops = {
3985 .family = PF_BLUETOOTH,
3986 .owner = THIS_MODULE,
3987 .create = l2cap_sock_create,
3988};
3989
3990static struct hci_proto l2cap_hci_proto = {
3991 .name = "L2CAP",
3992 .id = HCI_PROTO_L2CAP,
3993 .connect_ind = l2cap_connect_ind,
3994 .connect_cfm = l2cap_connect_cfm,
3995 .disconn_ind = l2cap_disconn_ind,
3996 .disconn_cfm = l2cap_disconn_cfm,
3997 .security_cfm = l2cap_security_cfm,
3998 .recv_acldata = l2cap_recv_acldata
3999};
4000
4001static int __init l2cap_init(void)
4002{
4003 int err;
4004
4005 err = proto_register(&l2cap_proto, 0);
4006 if (err < 0)
4007 return err;
4008
4009 err = bt_sock_register(BTPROTO_L2CAP, &l2cap_sock_family_ops);
4010 if (err < 0) {
4011 BT_ERR("L2CAP socket registration failed");
4012 goto error;
4013 }
4014
4015 err = hci_register_proto(&l2cap_hci_proto);
4016 if (err < 0) {
4017 BT_ERR("L2CAP protocol registration failed");
4018 bt_sock_unregister(BTPROTO_L2CAP);
4019 goto error;
4020 }
4021
4022 if (class_create_file(bt_class, &class_attr_l2cap) < 0)
4023 BT_ERR("Failed to create L2CAP info file");
4024
4025 BT_INFO("L2CAP ver %s", VERSION);
4026 BT_INFO("L2CAP socket layer initialized");
4027
4028 return 0;
4029
4030error:
4031 proto_unregister(&l2cap_proto);
4032 return err;
4033}
4034
4035static void __exit l2cap_exit(void)
4036{
4037 class_remove_file(bt_class, &class_attr_l2cap);
4038
4039 if (bt_sock_unregister(BTPROTO_L2CAP) < 0)
4040 BT_ERR("L2CAP socket unregistration failed");
4041
4042 if (hci_unregister_proto(&l2cap_hci_proto) < 0)
4043 BT_ERR("L2CAP protocol unregistration failed");
4044
4045 proto_unregister(&l2cap_proto);
4046}
4047
4048void l2cap_load(void)
4049{
4050
4051
4052
4053 return;
4054}
4055EXPORT_SYMBOL(l2cap_load);
4056
4057module_init(l2cap_init);
4058module_exit(l2cap_exit);
4059
4060module_param(enable_ertm, bool, 0644);
4061MODULE_PARM_DESC(enable_ertm, "Enable enhanced retransmission mode");
4062
4063module_param(max_transmit, uint, 0644);
4064MODULE_PARM_DESC(max_transmit, "Max transmit value (default = 3)");
4065
4066MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
4067MODULE_DESCRIPTION("Bluetooth L2CAP ver " VERSION);
4068MODULE_VERSION(VERSION);
4069MODULE_LICENSE("GPL");
4070MODULE_ALIAS("bt-proto-0");
4071
