Lines Matching +full:sar +full:- +full:threshold
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
4 Copyright (C) 2009-2010 Gustavo F. Padovan <gustavo@padovan.org>
80 return bdaddr_type(hcon->type, hcon->src_type); in bdaddr_src_type()
85 return bdaddr_type(hcon->type, hcon->dst_type); in bdaddr_dst_type()
88 /* ---- L2CAP channels ---- */
95 list_for_each_entry(c, &conn->chan_l, list) { in __l2cap_get_chan_by_dcid()
96 if (c->dcid == cid) in __l2cap_get_chan_by_dcid()
107 list_for_each_entry(c, &conn->chan_l, list) { in __l2cap_get_chan_by_scid()
108 if (c->scid == cid) in __l2cap_get_chan_by_scid()
157 list_for_each_entry(c, &conn->chan_l, list) { in __l2cap_get_chan_by_ident()
158 if (c->ident == ident) in __l2cap_get_chan_by_ident()
170 if (src_type == BDADDR_BREDR && c->src_type != BDADDR_BREDR) in __l2cap_global_chan_by_addr()
173 if (src_type != BDADDR_BREDR && c->src_type == BDADDR_BREDR) in __l2cap_global_chan_by_addr()
176 if (c->sport == psm && !bacmp(&c->src, src)) in __l2cap_global_chan_by_addr()
188 if (psm && __l2cap_global_chan_by_addr(psm, src, chan->src_type)) { in l2cap_add_psm()
189 err = -EADDRINUSE; in l2cap_add_psm()
194 chan->psm = psm; in l2cap_add_psm()
195 chan->sport = psm; in l2cap_add_psm()
200 if (chan->src_type == BDADDR_BREDR) { in l2cap_add_psm()
210 err = -EINVAL; in l2cap_add_psm()
213 chan->src_type)) { in l2cap_add_psm()
214 chan->psm = cpu_to_le16(p); in l2cap_add_psm()
215 chan->sport = cpu_to_le16(p); in l2cap_add_psm()
231 /* Override the defaults (which are for conn-oriented) */ in l2cap_add_scid()
232 chan->omtu = L2CAP_DEFAULT_MTU; in l2cap_add_scid()
233 chan->chan_type = L2CAP_CHAN_FIXED; in l2cap_add_scid()
235 chan->scid = scid; in l2cap_add_scid()
246 if (conn->hcon->type == LE_LINK) in l2cap_alloc_cid()
261 BT_DBG("chan %p %s -> %s", chan, state_to_string(chan->state), in l2cap_state_change()
264 chan->state = state; in l2cap_state_change()
265 chan->ops->state_change(chan, state, 0); in l2cap_state_change()
271 chan->state = state; in l2cap_state_change_and_error()
272 chan->ops->state_change(chan, chan->state, err); in l2cap_state_change_and_error()
277 chan->ops->state_change(chan, chan->state, err); in l2cap_chan_set_err()
282 if (!delayed_work_pending(&chan->monitor_timer) && in __set_retrans_timer()
283 chan->retrans_timeout) { in __set_retrans_timer()
284 l2cap_set_timer(chan, &chan->retrans_timer, in __set_retrans_timer()
285 msecs_to_jiffies(chan->retrans_timeout)); in __set_retrans_timer()
292 if (chan->monitor_timeout) { in __set_monitor_timer()
293 l2cap_set_timer(chan, &chan->monitor_timer, in __set_monitor_timer()
294 msecs_to_jiffies(chan->monitor_timeout)); in __set_monitor_timer()
304 if (bt_cb(skb)->l2cap.txseq == seq) in l2cap_ertm_seq_in_queue()
311 /* ---- L2CAP sequence number lists ---- */
315 * retransmitted. These seq_list functions implement a singly-linked
332 seq_list->list = kmalloc_array(alloc_size, sizeof(u16), GFP_KERNEL); in l2cap_seq_list_init()
333 if (!seq_list->list) in l2cap_seq_list_init()
334 return -ENOMEM; in l2cap_seq_list_init()
336 seq_list->mask = alloc_size - 1; in l2cap_seq_list_init()
337 seq_list->head = L2CAP_SEQ_LIST_CLEAR; in l2cap_seq_list_init()
338 seq_list->tail = L2CAP_SEQ_LIST_CLEAR; in l2cap_seq_list_init()
340 seq_list->list[i] = L2CAP_SEQ_LIST_CLEAR; in l2cap_seq_list_init()
347 kfree(seq_list->list); in l2cap_seq_list_free()
353 /* Constant-time check for list membership */ in l2cap_seq_list_contains()
354 return seq_list->list[seq & seq_list->mask] != L2CAP_SEQ_LIST_CLEAR; in l2cap_seq_list_contains()
359 u16 seq = seq_list->head; in l2cap_seq_list_pop()
360 u16 mask = seq_list->mask; in l2cap_seq_list_pop()
362 seq_list->head = seq_list->list[seq & mask]; in l2cap_seq_list_pop()
363 seq_list->list[seq & mask] = L2CAP_SEQ_LIST_CLEAR; in l2cap_seq_list_pop()
365 if (seq_list->head == L2CAP_SEQ_LIST_TAIL) { in l2cap_seq_list_pop()
366 seq_list->head = L2CAP_SEQ_LIST_CLEAR; in l2cap_seq_list_pop()
367 seq_list->tail = L2CAP_SEQ_LIST_CLEAR; in l2cap_seq_list_pop()
377 if (seq_list->head == L2CAP_SEQ_LIST_CLEAR) in l2cap_seq_list_clear()
380 for (i = 0; i <= seq_list->mask; i++) in l2cap_seq_list_clear()
381 seq_list->list[i] = L2CAP_SEQ_LIST_CLEAR; in l2cap_seq_list_clear()
383 seq_list->head = L2CAP_SEQ_LIST_CLEAR; in l2cap_seq_list_clear()
384 seq_list->tail = L2CAP_SEQ_LIST_CLEAR; in l2cap_seq_list_clear()
389 u16 mask = seq_list->mask; in l2cap_seq_list_append()
393 if (seq_list->list[seq & mask] != L2CAP_SEQ_LIST_CLEAR) in l2cap_seq_list_append()
396 if (seq_list->tail == L2CAP_SEQ_LIST_CLEAR) in l2cap_seq_list_append()
397 seq_list->head = seq; in l2cap_seq_list_append()
399 seq_list->list[seq_list->tail & mask] = seq; in l2cap_seq_list_append()
401 seq_list->tail = seq; in l2cap_seq_list_append()
402 seq_list->list[seq & mask] = L2CAP_SEQ_LIST_TAIL; in l2cap_seq_list_append()
409 struct l2cap_conn *conn = chan->conn; in l2cap_chan_timeout()
412 BT_DBG("chan %p state %s", chan, state_to_string(chan->state)); in l2cap_chan_timeout()
417 mutex_lock(&conn->lock); in l2cap_chan_timeout()
423 if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG) in l2cap_chan_timeout()
425 else if (chan->state == BT_CONNECT && in l2cap_chan_timeout()
426 chan->sec_level != BT_SECURITY_SDP) in l2cap_chan_timeout()
433 chan->ops->close(chan); in l2cap_chan_timeout()
438 mutex_unlock(&conn->lock); in l2cap_chan_timeout()
449 skb_queue_head_init(&chan->tx_q); in l2cap_chan_create()
450 skb_queue_head_init(&chan->srej_q); in l2cap_chan_create()
451 mutex_init(&chan->lock); in l2cap_chan_create()
454 atomic_set(&chan->nesting, L2CAP_NESTING_NORMAL); in l2cap_chan_create()
457 chan->rx_avail = -1; in l2cap_chan_create()
460 list_add(&chan->global_l, &chan_list); in l2cap_chan_create()
463 INIT_DELAYED_WORK(&chan->chan_timer, l2cap_chan_timeout); in l2cap_chan_create()
464 INIT_DELAYED_WORK(&chan->retrans_timer, l2cap_retrans_timeout); in l2cap_chan_create()
465 INIT_DELAYED_WORK(&chan->monitor_timer, l2cap_monitor_timeout); in l2cap_chan_create()
466 INIT_DELAYED_WORK(&chan->ack_timer, l2cap_ack_timeout); in l2cap_chan_create()
468 chan->state = BT_OPEN; in l2cap_chan_create()
470 kref_init(&chan->kref); in l2cap_chan_create()
473 set_bit(CONF_NOT_COMPLETE, &chan->conf_state); in l2cap_chan_create()
488 list_del(&chan->global_l); in l2cap_chan_destroy()
496 BT_DBG("chan %p orig refcnt %u", c, kref_read(&c->kref)); in l2cap_chan_hold()
498 kref_get(&c->kref); in l2cap_chan_hold()
503 BT_DBG("chan %p orig refcnt %u", c, kref_read(&c->kref)); in l2cap_chan_hold_unless_zero()
505 if (!kref_get_unless_zero(&c->kref)) in l2cap_chan_hold_unless_zero()
513 BT_DBG("chan %p orig refcnt %u", c, kref_read(&c->kref)); in l2cap_chan_put()
515 kref_put(&c->kref, l2cap_chan_destroy); in l2cap_chan_put()
521 chan->fcs = L2CAP_FCS_CRC16; in l2cap_chan_set_defaults()
522 chan->max_tx = L2CAP_DEFAULT_MAX_TX; in l2cap_chan_set_defaults()
523 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW; in l2cap_chan_set_defaults()
524 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW; in l2cap_chan_set_defaults()
525 chan->remote_max_tx = chan->max_tx; in l2cap_chan_set_defaults()
526 chan->remote_tx_win = chan->tx_win; in l2cap_chan_set_defaults()
527 chan->ack_win = L2CAP_DEFAULT_TX_WINDOW; in l2cap_chan_set_defaults()
528 chan->sec_level = BT_SECURITY_LOW; in l2cap_chan_set_defaults()
529 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO; in l2cap_chan_set_defaults()
530 chan->retrans_timeout = L2CAP_DEFAULT_RETRANS_TO; in l2cap_chan_set_defaults()
531 chan->monitor_timeout = L2CAP_DEFAULT_MONITOR_TO; in l2cap_chan_set_defaults()
533 chan->conf_state = 0; in l2cap_chan_set_defaults()
534 set_bit(CONF_NOT_COMPLETE, &chan->conf_state); in l2cap_chan_set_defaults()
536 set_bit(FLAG_FORCE_ACTIVE, &chan->flags); in l2cap_chan_set_defaults()
542 size_t sdu_len = chan->sdu ? chan->sdu->len : 0; in l2cap_le_rx_credits()
544 if (chan->mps == 0) in l2cap_le_rx_credits()
550 if (chan->rx_avail == -1) in l2cap_le_rx_credits()
551 return (chan->imtu / chan->mps) + 1; in l2cap_le_rx_credits()
556 if (chan->rx_avail <= sdu_len) in l2cap_le_rx_credits()
559 return DIV_ROUND_UP(chan->rx_avail - sdu_len, chan->mps); in l2cap_le_rx_credits()
564 chan->sdu = NULL; in l2cap_le_flowctl_init()
565 chan->sdu_last_frag = NULL; in l2cap_le_flowctl_init()
566 chan->sdu_len = 0; in l2cap_le_flowctl_init()
567 chan->tx_credits = tx_credits; in l2cap_le_flowctl_init()
569 chan->mps = min_t(u16, chan->imtu, chan->conn->mtu - L2CAP_HDR_SIZE); in l2cap_le_flowctl_init()
570 chan->rx_credits = l2cap_le_rx_credits(chan); in l2cap_le_flowctl_init()
572 skb_queue_head_init(&chan->tx_q); in l2cap_le_flowctl_init()
580 if (chan->mps < L2CAP_ECRED_MIN_MPS) { in l2cap_ecred_init()
581 chan->mps = L2CAP_ECRED_MIN_MPS; in l2cap_ecred_init()
582 chan->rx_credits = l2cap_le_rx_credits(chan); in l2cap_ecred_init()
589 __le16_to_cpu(chan->psm), chan->dcid); in __l2cap_chan_add()
591 conn->disc_reason = HCI_ERROR_REMOTE_USER_TERM; in __l2cap_chan_add()
593 chan->conn = conn; in __l2cap_chan_add()
595 switch (chan->chan_type) { in __l2cap_chan_add()
597 /* Alloc CID for connection-oriented socket */ in __l2cap_chan_add()
598 chan->scid = l2cap_alloc_cid(conn); in __l2cap_chan_add()
599 if (conn->hcon->type == ACL_LINK) in __l2cap_chan_add()
600 chan->omtu = L2CAP_DEFAULT_MTU; in __l2cap_chan_add()
605 chan->scid = L2CAP_CID_CONN_LESS; in __l2cap_chan_add()
606 chan->dcid = L2CAP_CID_CONN_LESS; in __l2cap_chan_add()
607 chan->omtu = L2CAP_DEFAULT_MTU; in __l2cap_chan_add()
616 chan->scid = L2CAP_CID_SIGNALING; in __l2cap_chan_add()
617 chan->dcid = L2CAP_CID_SIGNALING; in __l2cap_chan_add()
618 chan->omtu = L2CAP_DEFAULT_MTU; in __l2cap_chan_add()
621 chan->local_id = L2CAP_BESTEFFORT_ID; in __l2cap_chan_add()
622 chan->local_stype = L2CAP_SERV_BESTEFFORT; in __l2cap_chan_add()
623 chan->local_msdu = L2CAP_DEFAULT_MAX_SDU_SIZE; in __l2cap_chan_add()
624 chan->local_sdu_itime = L2CAP_DEFAULT_SDU_ITIME; in __l2cap_chan_add()
625 chan->local_acc_lat = L2CAP_DEFAULT_ACC_LAT; in __l2cap_chan_add()
626 chan->local_flush_to = L2CAP_EFS_DEFAULT_FLUSH_TO; in __l2cap_chan_add()
631 if (chan->chan_type != L2CAP_CHAN_FIXED || in __l2cap_chan_add()
632 test_bit(FLAG_HOLD_HCI_CONN, &chan->flags)) in __l2cap_chan_add()
633 hci_conn_hold(conn->hcon); in __l2cap_chan_add()
636 list_add_tail(&chan->list, &conn->chan_l); in __l2cap_chan_add()
641 mutex_lock(&conn->lock); in l2cap_chan_add()
643 mutex_unlock(&conn->lock); in l2cap_chan_add()
648 struct l2cap_conn *conn = chan->conn; in l2cap_chan_del()
653 state_to_string(chan->state)); in l2cap_chan_del()
655 chan->ops->teardown(chan, err); in l2cap_chan_del()
659 list_del(&chan->list); in l2cap_chan_del()
663 chan->conn = NULL; in l2cap_chan_del()
665 /* Reference was only held for non-fixed channels or in l2cap_chan_del()
669 if (chan->chan_type != L2CAP_CHAN_FIXED || in l2cap_chan_del()
670 test_bit(FLAG_HOLD_HCI_CONN, &chan->flags)) in l2cap_chan_del()
671 hci_conn_drop(conn->hcon); in l2cap_chan_del()
674 if (test_bit(CONF_NOT_COMPLETE, &chan->conf_state)) in l2cap_chan_del()
677 switch (chan->mode) { in l2cap_chan_del()
683 skb_queue_purge(&chan->tx_q); in l2cap_chan_del()
691 skb_queue_purge(&chan->srej_q); in l2cap_chan_del()
693 l2cap_seq_list_free(&chan->srej_list); in l2cap_chan_del()
694 l2cap_seq_list_free(&chan->retrans_list); in l2cap_chan_del()
698 skb_queue_purge(&chan->tx_q); in l2cap_chan_del()
709 list_for_each_entry_safe(chan, l, &conn->chan_l, list) { in __l2cap_chan_list_id()
710 if (chan->ident == id) in __l2cap_chan_list_id()
720 list_for_each_entry(chan, &conn->chan_l, list) { in __l2cap_chan_list()
731 mutex_lock(&conn->lock); in l2cap_chan_list()
733 mutex_unlock(&conn->lock); in l2cap_chan_list()
742 struct hci_conn *hcon = conn->hcon; in l2cap_conn_update_id_addr()
745 mutex_lock(&conn->lock); in l2cap_conn_update_id_addr()
747 list_for_each_entry(chan, &conn->chan_l, list) { in l2cap_conn_update_id_addr()
749 bacpy(&chan->dst, &hcon->dst); in l2cap_conn_update_id_addr()
750 chan->dst_type = bdaddr_dst_type(hcon); in l2cap_conn_update_id_addr()
754 mutex_unlock(&conn->lock); in l2cap_conn_update_id_addr()
759 struct l2cap_conn *conn = chan->conn; in l2cap_chan_le_connect_reject()
763 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) in l2cap_chan_le_connect_reject()
770 rsp.dcid = cpu_to_le16(chan->scid); in l2cap_chan_le_connect_reject()
771 rsp.mtu = cpu_to_le16(chan->imtu); in l2cap_chan_le_connect_reject()
772 rsp.mps = cpu_to_le16(chan->mps); in l2cap_chan_le_connect_reject()
773 rsp.credits = cpu_to_le16(chan->rx_credits); in l2cap_chan_le_connect_reject()
776 l2cap_send_cmd(conn, chan->ident, L2CAP_LE_CONN_RSP, sizeof(rsp), in l2cap_chan_le_connect_reject()
789 struct l2cap_conn *conn = chan->conn; in l2cap_chan_connect_reject()
793 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) in l2cap_chan_connect_reject()
800 rsp.scid = cpu_to_le16(chan->dcid); in l2cap_chan_connect_reject()
801 rsp.dcid = cpu_to_le16(chan->scid); in l2cap_chan_connect_reject()
805 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp); in l2cap_chan_connect_reject()
810 struct l2cap_conn *conn = chan->conn; in l2cap_chan_close()
812 BT_DBG("chan %p state %s", chan, state_to_string(chan->state)); in l2cap_chan_close()
814 switch (chan->state) { in l2cap_chan_close()
816 chan->ops->teardown(chan, 0); in l2cap_chan_close()
821 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED) { in l2cap_chan_close()
822 __set_chan_timer(chan, chan->ops->get_sndtimeo(chan)); in l2cap_chan_close()
829 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED) { in l2cap_chan_close()
830 if (conn->hcon->type == ACL_LINK) in l2cap_chan_close()
832 else if (conn->hcon->type == LE_LINK) { in l2cap_chan_close()
833 switch (chan->mode) { in l2cap_chan_close()
853 chan->ops->teardown(chan, 0); in l2cap_chan_close()
861 switch (chan->chan_type) { in l2cap_get_auth_type()
863 switch (chan->sec_level) { in l2cap_get_auth_type()
874 if (chan->psm == cpu_to_le16(L2CAP_PSM_3DSP)) { in l2cap_get_auth_type()
875 if (chan->sec_level == BT_SECURITY_LOW) in l2cap_get_auth_type()
876 chan->sec_level = BT_SECURITY_SDP; in l2cap_get_auth_type()
878 if (chan->sec_level == BT_SECURITY_HIGH || in l2cap_get_auth_type()
879 chan->sec_level == BT_SECURITY_FIPS) in l2cap_get_auth_type()
885 if (chan->psm == cpu_to_le16(L2CAP_PSM_SDP)) { in l2cap_get_auth_type()
886 if (chan->sec_level == BT_SECURITY_LOW) in l2cap_get_auth_type()
887 chan->sec_level = BT_SECURITY_SDP; in l2cap_get_auth_type()
889 if (chan->sec_level == BT_SECURITY_HIGH || in l2cap_get_auth_type()
890 chan->sec_level == BT_SECURITY_FIPS) in l2cap_get_auth_type()
898 switch (chan->sec_level) { in l2cap_get_auth_type()
914 struct l2cap_conn *conn = chan->conn; in l2cap_chan_check_security()
917 if (conn->hcon->type == LE_LINK) in l2cap_chan_check_security()
918 return smp_conn_security(conn->hcon, chan->sec_level); in l2cap_chan_check_security()
922 return hci_conn_security(conn->hcon, chan->sec_level, auth_type, in l2cap_chan_check_security()
931 * 1 - 128 are used by kernel. in l2cap_get_ident()
932 * 129 - 199 are reserved. in l2cap_get_ident()
933 * 200 - 254 are used by utilities like l2ping, etc. in l2cap_get_ident()
936 mutex_lock(&conn->ident_lock); in l2cap_get_ident()
938 if (++conn->tx_ident > 128) in l2cap_get_ident()
939 conn->tx_ident = 1; in l2cap_get_ident()
941 id = conn->tx_ident; in l2cap_get_ident()
943 mutex_unlock(&conn->ident_lock); in l2cap_get_ident()
952 if (hci_conn_valid(conn->hcon->hdev, conn->hcon)) in l2cap_send_acl()
953 hci_send_acl(conn->hchan, skb, flags); in l2cap_send_acl()
970 * not support auto-flushing packets) */ in l2cap_send_cmd()
971 if (lmp_no_flush_capable(conn->hcon->hdev) || in l2cap_send_cmd()
972 conn->hcon->type == LE_LINK) in l2cap_send_cmd()
977 bt_cb(skb)->force_active = BT_POWER_FORCE_ACTIVE_ON; in l2cap_send_cmd()
978 skb->priority = HCI_PRIO_MAX; in l2cap_send_cmd()
985 struct hci_conn *hcon = chan->conn->hcon; in l2cap_do_send()
988 BT_DBG("chan %p, skb %p len %d priority %u", chan, skb, skb->len, in l2cap_do_send()
989 skb->priority); in l2cap_do_send()
995 if (hcon->type == LE_LINK || in l2cap_do_send()
996 (!test_bit(FLAG_FLUSHABLE, &chan->flags) && in l2cap_do_send()
997 lmp_no_flush_capable(hcon->hdev))) in l2cap_do_send()
1002 bt_cb(skb)->force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags); in l2cap_do_send()
1003 hci_send_acl(chan->conn->hchan, skb, flags); in l2cap_do_send()
1008 control->reqseq = (enh & L2CAP_CTRL_REQSEQ) >> L2CAP_CTRL_REQSEQ_SHIFT; in __unpack_enhanced_control()
1009 control->final = (enh & L2CAP_CTRL_FINAL) >> L2CAP_CTRL_FINAL_SHIFT; in __unpack_enhanced_control()
1012 /* S-Frame */ in __unpack_enhanced_control()
1013 control->sframe = 1; in __unpack_enhanced_control()
1014 control->poll = (enh & L2CAP_CTRL_POLL) >> L2CAP_CTRL_POLL_SHIFT; in __unpack_enhanced_control()
1015 control->super = (enh & L2CAP_CTRL_SUPERVISE) >> L2CAP_CTRL_SUPER_SHIFT; in __unpack_enhanced_control()
1017 control->sar = 0; in __unpack_enhanced_control()
1018 control->txseq = 0; in __unpack_enhanced_control()
1020 /* I-Frame */ in __unpack_enhanced_control()
1021 control->sframe = 0; in __unpack_enhanced_control()
1022 control->sar = (enh & L2CAP_CTRL_SAR) >> L2CAP_CTRL_SAR_SHIFT; in __unpack_enhanced_control()
1023 control->txseq = (enh & L2CAP_CTRL_TXSEQ) >> L2CAP_CTRL_TXSEQ_SHIFT; in __unpack_enhanced_control()
1025 control->poll = 0; in __unpack_enhanced_control()
1026 control->super = 0; in __unpack_enhanced_control()
1032 control->reqseq = (ext & L2CAP_EXT_CTRL_REQSEQ) >> L2CAP_EXT_CTRL_REQSEQ_SHIFT; in __unpack_extended_control()
1033 control->final = (ext & L2CAP_EXT_CTRL_FINAL) >> L2CAP_EXT_CTRL_FINAL_SHIFT; in __unpack_extended_control()
1036 /* S-Frame */ in __unpack_extended_control()
1037 control->sframe = 1; in __unpack_extended_control()
1038 control->poll = (ext & L2CAP_EXT_CTRL_POLL) >> L2CAP_EXT_CTRL_POLL_SHIFT; in __unpack_extended_control()
1039 control->super = (ext & L2CAP_EXT_CTRL_SUPERVISE) >> L2CAP_EXT_CTRL_SUPER_SHIFT; in __unpack_extended_control()
1041 control->sar = 0; in __unpack_extended_control()
1042 control->txseq = 0; in __unpack_extended_control()
1044 /* I-Frame */ in __unpack_extended_control()
1045 control->sframe = 0; in __unpack_extended_control()
1046 control->sar = (ext & L2CAP_EXT_CTRL_SAR) >> L2CAP_EXT_CTRL_SAR_SHIFT; in __unpack_extended_control()
1047 control->txseq = (ext & L2CAP_EXT_CTRL_TXSEQ) >> L2CAP_EXT_CTRL_TXSEQ_SHIFT; in __unpack_extended_control()
1049 control->poll = 0; in __unpack_extended_control()
1050 control->super = 0; in __unpack_extended_control()
1057 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) { in __unpack_control()
1058 __unpack_extended_control(get_unaligned_le32(skb->data), in __unpack_control()
1059 &bt_cb(skb)->l2cap); in __unpack_control()
1062 __unpack_enhanced_control(get_unaligned_le16(skb->data), in __unpack_control()
1063 &bt_cb(skb)->l2cap); in __unpack_control()
1072 packed = control->reqseq << L2CAP_EXT_CTRL_REQSEQ_SHIFT; in __pack_extended_control()
1073 packed |= control->final << L2CAP_EXT_CTRL_FINAL_SHIFT; in __pack_extended_control()
1075 if (control->sframe) { in __pack_extended_control()
1076 packed |= control->poll << L2CAP_EXT_CTRL_POLL_SHIFT; in __pack_extended_control()
1077 packed |= control->super << L2CAP_EXT_CTRL_SUPER_SHIFT; in __pack_extended_control()
1080 packed |= control->sar << L2CAP_EXT_CTRL_SAR_SHIFT; in __pack_extended_control()
1081 packed |= control->txseq << L2CAP_EXT_CTRL_TXSEQ_SHIFT; in __pack_extended_control()
1091 packed = control->reqseq << L2CAP_CTRL_REQSEQ_SHIFT; in __pack_enhanced_control()
1092 packed |= control->final << L2CAP_CTRL_FINAL_SHIFT; in __pack_enhanced_control()
1094 if (control->sframe) { in __pack_enhanced_control()
1095 packed |= control->poll << L2CAP_CTRL_POLL_SHIFT; in __pack_enhanced_control()
1096 packed |= control->super << L2CAP_CTRL_SUPER_SHIFT; in __pack_enhanced_control()
1099 packed |= control->sar << L2CAP_CTRL_SAR_SHIFT; in __pack_enhanced_control()
1100 packed |= control->txseq << L2CAP_CTRL_TXSEQ_SHIFT; in __pack_enhanced_control()
1110 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) { in __pack_control()
1112 skb->data + L2CAP_HDR_SIZE); in __pack_control()
1115 skb->data + L2CAP_HDR_SIZE); in __pack_control()
1121 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) in __ertm_hdr_size()
1134 if (chan->fcs == L2CAP_FCS_CRC16) in l2cap_create_sframe_pdu()
1140 return ERR_PTR(-ENOMEM); in l2cap_create_sframe_pdu()
1143 lh->len = cpu_to_le16(hlen - L2CAP_HDR_SIZE); in l2cap_create_sframe_pdu()
1144 lh->cid = cpu_to_le16(chan->dcid); in l2cap_create_sframe_pdu()
1146 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) in l2cap_create_sframe_pdu()
1151 if (chan->fcs == L2CAP_FCS_CRC16) { in l2cap_create_sframe_pdu()
1152 u16 fcs = crc16(0, (u8 *)skb->data, skb->len); in l2cap_create_sframe_pdu()
1156 skb->priority = HCI_PRIO_MAX; in l2cap_create_sframe_pdu()
1168 if (!control->sframe) in l2cap_send_sframe()
1171 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state) && in l2cap_send_sframe()
1172 !control->poll) in l2cap_send_sframe()
1173 control->final = 1; in l2cap_send_sframe()
1175 if (control->super == L2CAP_SUPER_RR) in l2cap_send_sframe()
1176 clear_bit(CONN_RNR_SENT, &chan->conn_state); in l2cap_send_sframe()
1177 else if (control->super == L2CAP_SUPER_RNR) in l2cap_send_sframe()
1178 set_bit(CONN_RNR_SENT, &chan->conn_state); in l2cap_send_sframe()
1180 if (control->super != L2CAP_SUPER_SREJ) { in l2cap_send_sframe()
1181 chan->last_acked_seq = control->reqseq; in l2cap_send_sframe()
1185 BT_DBG("reqseq %d, final %d, poll %d, super %d", control->reqseq, in l2cap_send_sframe()
1186 control->final, control->poll, control->super); in l2cap_send_sframe()
1188 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) in l2cap_send_sframe()
1208 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) in l2cap_send_rr_or_rnr()
1213 control.reqseq = chan->buffer_seq; in l2cap_send_rr_or_rnr()
1219 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) in __l2cap_no_conn_pending()
1222 return !test_bit(CONF_CONNECT_PEND, &chan->conf_state); in __l2cap_no_conn_pending()
1227 struct l2cap_conn *conn = chan->conn; in l2cap_send_conn_req()
1230 req.scid = cpu_to_le16(chan->scid); in l2cap_send_conn_req()
1231 req.psm = chan->psm; in l2cap_send_conn_req()
1233 chan->ident = l2cap_get_ident(conn); in l2cap_send_conn_req()
1235 set_bit(CONF_CONNECT_PEND, &chan->conf_state); in l2cap_send_conn_req()
1237 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ, sizeof(req), &req); in l2cap_send_conn_req()
1246 if (chan->state == BT_CONNECTED) in l2cap_chan_ready()
1250 chan->conf_state = 0; in l2cap_chan_ready()
1253 switch (chan->mode) { in l2cap_chan_ready()
1256 if (!chan->tx_credits) in l2cap_chan_ready()
1257 chan->ops->suspend(chan); in l2cap_chan_ready()
1261 chan->state = BT_CONNECTED; in l2cap_chan_ready()
1263 chan->ops->ready(chan); in l2cap_chan_ready()
1268 struct l2cap_conn *conn = chan->conn; in l2cap_le_connect()
1271 if (test_and_set_bit(FLAG_LE_CONN_REQ_SENT, &chan->flags)) in l2cap_le_connect()
1274 if (!chan->imtu) in l2cap_le_connect()
1275 chan->imtu = chan->conn->mtu; in l2cap_le_connect()
1280 req.psm = chan->psm; in l2cap_le_connect()
1281 req.scid = cpu_to_le16(chan->scid); in l2cap_le_connect()
1282 req.mtu = cpu_to_le16(chan->imtu); in l2cap_le_connect()
1283 req.mps = cpu_to_le16(chan->mps); in l2cap_le_connect()
1284 req.credits = cpu_to_le16(chan->rx_credits); in l2cap_le_connect()
1286 chan->ident = l2cap_get_ident(conn); in l2cap_le_connect()
1288 l2cap_send_cmd(conn, chan->ident, L2CAP_LE_CONN_REQ, in l2cap_le_connect()
1307 if (chan == conn->chan) in l2cap_ecred_defer_connect()
1310 if (!test_and_clear_bit(FLAG_DEFER_SETUP, &chan->flags)) in l2cap_ecred_defer_connect()
1313 pid = chan->ops->get_peer_pid(chan); in l2cap_ecred_defer_connect()
1316 if (conn->pid != pid || chan->psm != conn->chan->psm || chan->ident || in l2cap_ecred_defer_connect()
1317 chan->mode != L2CAP_MODE_EXT_FLOWCTL || chan->state != BT_CONNECT) in l2cap_ecred_defer_connect()
1320 if (test_and_set_bit(FLAG_ECRED_CONN_REQ_SENT, &chan->flags)) in l2cap_ecred_defer_connect()
1326 chan->ident = conn->chan->ident; in l2cap_ecred_defer_connect()
1329 conn->pdu.scid[conn->count] = cpu_to_le16(chan->scid); in l2cap_ecred_defer_connect()
1331 conn->count++; in l2cap_ecred_defer_connect()
1336 struct l2cap_conn *conn = chan->conn; in l2cap_ecred_connect()
1339 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) in l2cap_ecred_connect()
1342 if (test_and_set_bit(FLAG_ECRED_CONN_REQ_SENT, &chan->flags)) in l2cap_ecred_connect()
1348 data.pdu.req.psm = chan->psm; in l2cap_ecred_connect()
1349 data.pdu.req.mtu = cpu_to_le16(chan->imtu); in l2cap_ecred_connect()
1350 data.pdu.req.mps = cpu_to_le16(chan->mps); in l2cap_ecred_connect()
1351 data.pdu.req.credits = cpu_to_le16(chan->rx_credits); in l2cap_ecred_connect()
1352 data.pdu.scid[0] = cpu_to_le16(chan->scid); in l2cap_ecred_connect()
1354 chan->ident = l2cap_get_ident(conn); in l2cap_ecred_connect()
1358 data.pid = chan->ops->get_peer_pid(chan); in l2cap_ecred_connect()
1362 l2cap_send_cmd(conn, chan->ident, L2CAP_ECRED_CONN_REQ, in l2cap_ecred_connect()
1369 struct l2cap_conn *conn = chan->conn; in l2cap_le_start()
1371 if (!smp_conn_security(conn->hcon, chan->sec_level)) in l2cap_le_start()
1374 if (!chan->psm) { in l2cap_le_start()
1379 if (chan->state == BT_CONNECT) { in l2cap_le_start()
1380 if (chan->mode == L2CAP_MODE_EXT_FLOWCTL) in l2cap_le_start()
1389 if (chan->conn->hcon->type == LE_LINK) { in l2cap_start_connection()
1400 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) in l2cap_request_info()
1405 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT; in l2cap_request_info()
1406 conn->info_ident = l2cap_get_ident(conn); in l2cap_request_info()
1408 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT); in l2cap_request_info()
1410 l2cap_send_cmd(conn, conn->info_ident, L2CAP_INFO_REQ, in l2cap_request_info()
1425 int min_key_size = hcon->hdev->min_enc_key_size; in l2cap_check_enc_key_size()
1428 if (hcon->sec_level == BT_SECURITY_FIPS) in l2cap_check_enc_key_size()
1431 return (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags) || in l2cap_check_enc_key_size()
1432 hcon->enc_key_size >= min_key_size); in l2cap_check_enc_key_size()
1437 struct l2cap_conn *conn = chan->conn; in l2cap_do_start()
1439 if (conn->hcon->type == LE_LINK) { in l2cap_do_start()
1444 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT)) { in l2cap_do_start()
1449 if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE)) in l2cap_do_start()
1456 if (l2cap_check_enc_key_size(conn->hcon)) in l2cap_do_start()
1480 struct l2cap_conn *conn = chan->conn; in l2cap_send_disconn_req()
1486 if (chan->mode == L2CAP_MODE_ERTM && chan->state == BT_CONNECTED) { in l2cap_send_disconn_req()
1492 req.dcid = cpu_to_le16(chan->dcid); in l2cap_send_disconn_req()
1493 req.scid = cpu_to_le16(chan->scid); in l2cap_send_disconn_req()
1500 /* ---- L2CAP connections ---- */
1507 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) { in l2cap_conn_start()
1510 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) { in l2cap_conn_start()
1516 if (chan->state == BT_CONNECT) { in l2cap_conn_start()
1523 if (!l2cap_mode_supported(chan->mode, conn->feat_mask) in l2cap_conn_start()
1525 &chan->conf_state)) { in l2cap_conn_start()
1531 if (l2cap_check_enc_key_size(conn->hcon)) in l2cap_conn_start()
1536 } else if (chan->state == BT_CONNECT2) { in l2cap_conn_start()
1539 rsp.scid = cpu_to_le16(chan->dcid); in l2cap_conn_start()
1540 rsp.dcid = cpu_to_le16(chan->scid); in l2cap_conn_start()
1543 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) { in l2cap_conn_start()
1546 chan->ops->defer(chan); in l2cap_conn_start()
1558 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, in l2cap_conn_start()
1561 if (test_bit(CONF_REQ_SENT, &chan->conf_state) || in l2cap_conn_start()
1567 set_bit(CONF_REQ_SENT, &chan->conf_state); in l2cap_conn_start()
1570 chan->num_conf_req++; in l2cap_conn_start()
1579 struct hci_conn *hcon = conn->hcon; in l2cap_le_conn_ready()
1580 struct hci_dev *hdev = hcon->hdev; in l2cap_le_conn_ready()
1582 BT_DBG("%s conn %p", hdev->name, conn); in l2cap_le_conn_ready()
1587 if (hcon->out) in l2cap_le_conn_ready()
1588 smp_conn_security(hcon, hcon->pending_sec_level); in l2cap_le_conn_ready()
1595 if (hcon->role == HCI_ROLE_SLAVE && in l2cap_le_conn_ready()
1596 (hcon->le_conn_interval < hcon->le_conn_min_interval || in l2cap_le_conn_ready()
1597 hcon->le_conn_interval > hcon->le_conn_max_interval)) { in l2cap_le_conn_ready()
1600 req.min = cpu_to_le16(hcon->le_conn_min_interval); in l2cap_le_conn_ready()
1601 req.max = cpu_to_le16(hcon->le_conn_max_interval); in l2cap_le_conn_ready()
1602 req.latency = cpu_to_le16(hcon->le_conn_latency); in l2cap_le_conn_ready()
1603 req.to_multiplier = cpu_to_le16(hcon->le_supv_timeout); in l2cap_le_conn_ready()
1613 struct hci_conn *hcon = conn->hcon; in l2cap_conn_ready()
1617 if (hcon->type == ACL_LINK) in l2cap_conn_ready()
1620 mutex_lock(&conn->lock); in l2cap_conn_ready()
1622 list_for_each_entry(chan, &conn->chan_l, list) { in l2cap_conn_ready()
1626 if (hcon->type == LE_LINK) { in l2cap_conn_ready()
1628 } else if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) { in l2cap_conn_ready()
1629 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) in l2cap_conn_ready()
1631 } else if (chan->state == BT_CONNECT) { in l2cap_conn_ready()
1638 mutex_unlock(&conn->lock); in l2cap_conn_ready()
1640 if (hcon->type == LE_LINK) in l2cap_conn_ready()
1643 queue_work(hcon->hdev->workqueue, &conn->pending_rx_work); in l2cap_conn_ready()
1653 list_for_each_entry(chan, &conn->chan_l, list) { in l2cap_conn_unreliable()
1654 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags)) in l2cap_conn_unreliable()
1664 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE; in l2cap_info_timeout()
1665 conn->info_ident = 0; in l2cap_info_timeout()
1667 mutex_lock(&conn->lock); in l2cap_info_timeout()
1669 mutex_unlock(&conn->lock); in l2cap_info_timeout()
1674 * External modules can register l2cap_user objects on l2cap_conn. The ->probe
1675 * callback is called during registration. The ->remove callback is called
1678 * underlying l2cap_conn object is deleted. This guarantees that l2cap->hcon,
1679 * l2cap->hchan, .. are valid as long as the remove callback hasn't been called.
1687 struct hci_dev *hdev = conn->hcon->hdev; in l2cap_register_user()
1699 if (!list_empty(&user->list)) { in l2cap_register_user()
1700 ret = -EINVAL; in l2cap_register_user()
1704 /* conn->hchan is NULL after l2cap_conn_del() was called */ in l2cap_register_user()
1705 if (!conn->hchan) { in l2cap_register_user()
1706 ret = -ENODEV; in l2cap_register_user()
1710 ret = user->probe(conn, user); in l2cap_register_user()
1714 list_add(&user->list, &conn->users); in l2cap_register_user()
1725 struct hci_dev *hdev = conn->hcon->hdev; in l2cap_unregister_user()
1729 if (list_empty(&user->list)) in l2cap_unregister_user()
1732 list_del_init(&user->list); in l2cap_unregister_user()
1733 user->remove(conn, user); in l2cap_unregister_user()
1744 while (!list_empty(&conn->users)) { in l2cap_unregister_all_users()
1745 user = list_first_entry(&conn->users, struct l2cap_user, list); in l2cap_unregister_all_users()
1746 list_del_init(&user->list); in l2cap_unregister_all_users()
1747 user->remove(conn, user); in l2cap_unregister_all_users()
1753 struct l2cap_conn *conn = hcon->l2cap_data; in l2cap_conn_del()
1761 mutex_lock(&conn->lock); in l2cap_conn_del()
1763 kfree_skb(conn->rx_skb); in l2cap_conn_del()
1765 skb_queue_purge(&conn->pending_rx); in l2cap_conn_del()
1767 /* We can not call flush_work(&conn->pending_rx_work) here since we in l2cap_conn_del()
1771 if (work_pending(&conn->pending_rx_work)) in l2cap_conn_del()
1772 cancel_work_sync(&conn->pending_rx_work); in l2cap_conn_del()
1774 cancel_delayed_work_sync(&conn->id_addr_timer); in l2cap_conn_del()
1779 hcon->disc_timeout = 0; in l2cap_conn_del()
1782 list_for_each_entry_safe(chan, l, &conn->chan_l, list) { in l2cap_conn_del()
1788 chan->ops->close(chan); in l2cap_conn_del()
1794 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) in l2cap_conn_del()
1795 cancel_delayed_work_sync(&conn->info_timer); in l2cap_conn_del()
1797 hci_chan_del(conn->hchan); in l2cap_conn_del()
1798 conn->hchan = NULL; in l2cap_conn_del()
1800 hcon->l2cap_data = NULL; in l2cap_conn_del()
1801 mutex_unlock(&conn->lock); in l2cap_conn_del()
1809 hci_conn_put(conn->hcon); in l2cap_conn_free()
1815 kref_get(&conn->ref); in l2cap_conn_get()
1822 kref_put(&conn->ref, l2cap_conn_free); in l2cap_conn_put()
1826 /* ---- Socket interface ---- */
1841 if (state && c->state != state) in l2cap_global_chan_by_psm()
1844 if (link_type == ACL_LINK && c->src_type != BDADDR_BREDR) in l2cap_global_chan_by_psm()
1847 if (link_type == LE_LINK && c->src_type == BDADDR_BREDR) in l2cap_global_chan_by_psm()
1850 if (c->chan_type != L2CAP_CHAN_FIXED && c->psm == psm) { in l2cap_global_chan_by_psm()
1855 src_match = !bacmp(&c->src, src); in l2cap_global_chan_by_psm()
1856 dst_match = !bacmp(&c->dst, dst); in l2cap_global_chan_by_psm()
1866 src_any = !bacmp(&c->src, BDADDR_ANY); in l2cap_global_chan_by_psm()
1867 dst_any = !bacmp(&c->dst, BDADDR_ANY); in l2cap_global_chan_by_psm()
1891 if (!chan->conn) { in l2cap_monitor_timeout()
1912 if (!chan->conn) { in l2cap_retrans_timeout()
1931 skb_queue_splice_tail_init(skbs, &chan->tx_q); in l2cap_streaming_send()
1933 while (!skb_queue_empty(&chan->tx_q)) { in l2cap_streaming_send()
1935 skb = skb_dequeue(&chan->tx_q); in l2cap_streaming_send()
1937 bt_cb(skb)->l2cap.retries = 1; in l2cap_streaming_send()
1938 control = &bt_cb(skb)->l2cap; in l2cap_streaming_send()
1940 control->reqseq = 0; in l2cap_streaming_send()
1941 control->txseq = chan->next_tx_seq; in l2cap_streaming_send()
1945 if (chan->fcs == L2CAP_FCS_CRC16) { in l2cap_streaming_send()
1946 u16 fcs = crc16(0, (u8 *) skb->data, skb->len); in l2cap_streaming_send()
1952 BT_DBG("Sent txseq %u", control->txseq); in l2cap_streaming_send()
1954 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq); in l2cap_streaming_send()
1955 chan->frames_sent++; in l2cap_streaming_send()
1967 if (chan->state != BT_CONNECTED) in l2cap_ertm_send()
1968 return -ENOTCONN; in l2cap_ertm_send()
1970 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state)) in l2cap_ertm_send()
1973 while (chan->tx_send_head && in l2cap_ertm_send()
1974 chan->unacked_frames < chan->remote_tx_win && in l2cap_ertm_send()
1975 chan->tx_state == L2CAP_TX_STATE_XMIT) { in l2cap_ertm_send()
1977 skb = chan->tx_send_head; in l2cap_ertm_send()
1979 bt_cb(skb)->l2cap.retries = 1; in l2cap_ertm_send()
1980 control = &bt_cb(skb)->l2cap; in l2cap_ertm_send()
1982 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state)) in l2cap_ertm_send()
1983 control->final = 1; in l2cap_ertm_send()
1985 control->reqseq = chan->buffer_seq; in l2cap_ertm_send()
1986 chan->last_acked_seq = chan->buffer_seq; in l2cap_ertm_send()
1987 control->txseq = chan->next_tx_seq; in l2cap_ertm_send()
1991 if (chan->fcs == L2CAP_FCS_CRC16) { in l2cap_ertm_send()
1992 u16 fcs = crc16(0, (u8 *) skb->data, skb->len); in l2cap_ertm_send()
1997 read-only (for locking purposes) on cloned sk_buffs. in l2cap_ertm_send()
2006 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq); in l2cap_ertm_send()
2007 chan->unacked_frames++; in l2cap_ertm_send()
2008 chan->frames_sent++; in l2cap_ertm_send()
2011 if (skb_queue_is_last(&chan->tx_q, skb)) in l2cap_ertm_send()
2012 chan->tx_send_head = NULL; in l2cap_ertm_send()
2014 chan->tx_send_head = skb_queue_next(&chan->tx_q, skb); in l2cap_ertm_send()
2017 BT_DBG("Sent txseq %u", control->txseq); in l2cap_ertm_send()
2021 chan->unacked_frames, skb_queue_len(&chan->tx_q)); in l2cap_ertm_send()
2035 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state)) in l2cap_ertm_resend()
2038 while (chan->retrans_list.head != L2CAP_SEQ_LIST_CLEAR) { in l2cap_ertm_resend()
2039 seq = l2cap_seq_list_pop(&chan->retrans_list); in l2cap_ertm_resend()
2041 skb = l2cap_ertm_seq_in_queue(&chan->tx_q, seq); in l2cap_ertm_resend()
2048 bt_cb(skb)->l2cap.retries++; in l2cap_ertm_resend()
2049 control = bt_cb(skb)->l2cap; in l2cap_ertm_resend()
2051 if (chan->max_tx != 0 && in l2cap_ertm_resend()
2052 bt_cb(skb)->l2cap.retries > chan->max_tx) { in l2cap_ertm_resend()
2053 BT_DBG("Retry limit exceeded (%d)", chan->max_tx); in l2cap_ertm_resend()
2055 l2cap_seq_list_clear(&chan->retrans_list); in l2cap_ertm_resend()
2059 control.reqseq = chan->buffer_seq; in l2cap_ertm_resend()
2060 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state)) in l2cap_ertm_resend()
2066 /* Cloned sk_buffs are read-only, so we need a in l2cap_ertm_resend()
2075 l2cap_seq_list_clear(&chan->retrans_list); in l2cap_ertm_resend()
2080 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) { in l2cap_ertm_resend()
2082 tx_skb->data + L2CAP_HDR_SIZE); in l2cap_ertm_resend()
2085 tx_skb->data + L2CAP_HDR_SIZE); in l2cap_ertm_resend()
2089 if (chan->fcs == L2CAP_FCS_CRC16) { in l2cap_ertm_resend()
2090 u16 fcs = crc16(0, (u8 *) tx_skb->data, in l2cap_ertm_resend()
2091 tx_skb->len - L2CAP_FCS_SIZE); in l2cap_ertm_resend()
2092 put_unaligned_le16(fcs, skb_tail_pointer(tx_skb) - in l2cap_ertm_resend()
2100 chan->last_acked_seq = chan->buffer_seq; in l2cap_ertm_resend()
2109 l2cap_seq_list_append(&chan->retrans_list, control->reqseq); in l2cap_retransmit()
2120 if (control->poll) in l2cap_retransmit_all()
2121 set_bit(CONN_SEND_FBIT, &chan->conn_state); in l2cap_retransmit_all()
2123 l2cap_seq_list_clear(&chan->retrans_list); in l2cap_retransmit_all()
2125 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state)) in l2cap_retransmit_all()
2128 if (chan->unacked_frames) { in l2cap_retransmit_all()
2129 skb_queue_walk(&chan->tx_q, skb) { in l2cap_retransmit_all()
2130 if (bt_cb(skb)->l2cap.txseq == control->reqseq || in l2cap_retransmit_all()
2131 skb == chan->tx_send_head) in l2cap_retransmit_all()
2135 skb_queue_walk_from(&chan->tx_q, skb) { in l2cap_retransmit_all()
2136 if (skb == chan->tx_send_head) in l2cap_retransmit_all()
2139 l2cap_seq_list_append(&chan->retrans_list, in l2cap_retransmit_all()
2140 bt_cb(skb)->l2cap.txseq); in l2cap_retransmit_all()
2150 u16 frames_to_ack = __seq_offset(chan, chan->buffer_seq, in l2cap_send_ack()
2151 chan->last_acked_seq); in l2cap_send_ack()
2152 int threshold; in l2cap_send_ack() local
2155 chan, chan->last_acked_seq, chan->buffer_seq); in l2cap_send_ack()
2160 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state) && in l2cap_send_ack()
2161 chan->rx_state == L2CAP_RX_STATE_RECV) { in l2cap_send_ack()
2164 control.reqseq = chan->buffer_seq; in l2cap_send_ack()
2167 if (!test_bit(CONN_REMOTE_BUSY, &chan->conn_state)) { in l2cap_send_ack()
2169 /* If any i-frames were sent, they included an ack */ in l2cap_send_ack()
2170 if (chan->buffer_seq == chan->last_acked_seq) in l2cap_send_ack()
2177 threshold = chan->ack_win; in l2cap_send_ack()
2178 threshold += threshold << 1; in l2cap_send_ack()
2179 threshold >>= 2; in l2cap_send_ack()
2181 BT_DBG("frames_to_ack %u, threshold %d", frames_to_ack, in l2cap_send_ack()
2182 threshold); in l2cap_send_ack()
2184 if (frames_to_ack >= threshold) { in l2cap_send_ack()
2187 control.reqseq = chan->buffer_seq; in l2cap_send_ack()
2201 struct l2cap_conn *conn = chan->conn; in l2cap_skbuff_fromiovec()
2205 if (!copy_from_iter_full(skb_put(skb, count), count, &msg->msg_iter)) in l2cap_skbuff_fromiovec()
2206 return -EFAULT; in l2cap_skbuff_fromiovec()
2209 len -= count; in l2cap_skbuff_fromiovec()
2212 frag = &skb_shinfo(skb)->frag_list; in l2cap_skbuff_fromiovec()
2216 count = min_t(unsigned int, conn->mtu, len); in l2cap_skbuff_fromiovec()
2218 tmp = chan->ops->alloc_skb(chan, 0, count, in l2cap_skbuff_fromiovec()
2219 msg->msg_flags & MSG_DONTWAIT); in l2cap_skbuff_fromiovec()
2226 &msg->msg_iter)) in l2cap_skbuff_fromiovec()
2227 return -EFAULT; in l2cap_skbuff_fromiovec()
2230 len -= count; in l2cap_skbuff_fromiovec()
2232 skb->len += (*frag)->len; in l2cap_skbuff_fromiovec()
2233 skb->data_len += (*frag)->len; in l2cap_skbuff_fromiovec()
2235 frag = &(*frag)->next; in l2cap_skbuff_fromiovec()
2244 struct l2cap_conn *conn = chan->conn; in l2cap_create_connless_pdu()
2250 __le16_to_cpu(chan->psm), len); in l2cap_create_connless_pdu()
2252 count = min_t(unsigned int, (conn->mtu - hlen), len); in l2cap_create_connless_pdu()
2254 skb = chan->ops->alloc_skb(chan, hlen, count, in l2cap_create_connless_pdu()
2255 msg->msg_flags & MSG_DONTWAIT); in l2cap_create_connless_pdu()
2261 lh->cid = cpu_to_le16(chan->dcid); in l2cap_create_connless_pdu()
2262 lh->len = cpu_to_le16(len + L2CAP_PSMLEN_SIZE); in l2cap_create_connless_pdu()
2263 put_unaligned(chan->psm, (__le16 *) skb_put(skb, L2CAP_PSMLEN_SIZE)); in l2cap_create_connless_pdu()
2276 struct l2cap_conn *conn = chan->conn; in l2cap_create_basic_pdu()
2283 count = min_t(unsigned int, (conn->mtu - L2CAP_HDR_SIZE), len); in l2cap_create_basic_pdu()
2285 skb = chan->ops->alloc_skb(chan, L2CAP_HDR_SIZE, count, in l2cap_create_basic_pdu()
2286 msg->msg_flags & MSG_DONTWAIT); in l2cap_create_basic_pdu()
2292 lh->cid = cpu_to_le16(chan->dcid); in l2cap_create_basic_pdu()
2293 lh->len = cpu_to_le16(len); in l2cap_create_basic_pdu()
2307 struct l2cap_conn *conn = chan->conn; in l2cap_create_iframe_pdu()
2315 return ERR_PTR(-ENOTCONN); in l2cap_create_iframe_pdu()
2322 if (chan->fcs == L2CAP_FCS_CRC16) in l2cap_create_iframe_pdu()
2325 count = min_t(unsigned int, (conn->mtu - hlen), len); in l2cap_create_iframe_pdu()
2327 skb = chan->ops->alloc_skb(chan, hlen, count, in l2cap_create_iframe_pdu()
2328 msg->msg_flags & MSG_DONTWAIT); in l2cap_create_iframe_pdu()
2334 lh->cid = cpu_to_le16(chan->dcid); in l2cap_create_iframe_pdu()
2335 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE)); in l2cap_create_iframe_pdu()
2338 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) in l2cap_create_iframe_pdu()
2352 bt_cb(skb)->l2cap.fcs = chan->fcs; in l2cap_create_iframe_pdu()
2353 bt_cb(skb)->l2cap.retries = 0; in l2cap_create_iframe_pdu()
2364 u8 sar; in l2cap_segment_sdu() local
2374 pdu_len = chan->conn->mtu; in l2cap_segment_sdu()
2380 if (chan->fcs) in l2cap_segment_sdu()
2381 pdu_len -= L2CAP_FCS_SIZE; in l2cap_segment_sdu()
2383 pdu_len -= __ertm_hdr_size(chan); in l2cap_segment_sdu()
2386 pdu_len = min_t(size_t, pdu_len, chan->remote_mps); in l2cap_segment_sdu()
2389 sar = L2CAP_SAR_UNSEGMENTED; in l2cap_segment_sdu()
2393 sar = L2CAP_SAR_START; in l2cap_segment_sdu()
2405 bt_cb(skb)->l2cap.sar = sar; in l2cap_segment_sdu()
2408 len -= pdu_len; in l2cap_segment_sdu()
2413 sar = L2CAP_SAR_END; in l2cap_segment_sdu()
2416 sar = L2CAP_SAR_CONTINUE; in l2cap_segment_sdu()
2427 struct l2cap_conn *conn = chan->conn; in l2cap_create_le_flowctl_pdu()
2435 return ERR_PTR(-ENOTCONN); in l2cap_create_le_flowctl_pdu()
2442 count = min_t(unsigned int, (conn->mtu - hlen), len); in l2cap_create_le_flowctl_pdu()
2444 skb = chan->ops->alloc_skb(chan, hlen, count, in l2cap_create_le_flowctl_pdu()
2445 msg->msg_flags & MSG_DONTWAIT); in l2cap_create_le_flowctl_pdu()
2451 lh->cid = cpu_to_le16(chan->dcid); in l2cap_create_le_flowctl_pdu()
2452 lh->len = cpu_to_le16(len + (hlen - L2CAP_HDR_SIZE)); in l2cap_create_le_flowctl_pdu()
2477 pdu_len = chan->remote_mps - L2CAP_SDULEN_SIZE; in l2cap_segment_le_sdu()
2491 len -= pdu_len; in l2cap_segment_le_sdu()
2508 while (chan->tx_credits && !skb_queue_empty(&chan->tx_q)) { in l2cap_le_flowctl_send()
2509 l2cap_do_send(chan, skb_dequeue(&chan->tx_q)); in l2cap_le_flowctl_send()
2510 chan->tx_credits--; in l2cap_le_flowctl_send()
2514 BT_DBG("Sent %d credits %u queued %u", sent, chan->tx_credits, in l2cap_le_flowctl_send()
2515 skb_queue_len(&chan->tx_q)); in l2cap_le_flowctl_send()
2524 if (!chan->conn) in l2cap_chan_send()
2525 return -ENOTCONN; in l2cap_chan_send()
2528 if (chan->chan_type == L2CAP_CHAN_CONN_LESS) { in l2cap_chan_send()
2537 switch (chan->mode) { in l2cap_chan_send()
2541 if (len > chan->omtu) in l2cap_chan_send()
2542 return -EMSGSIZE; in l2cap_chan_send()
2548 if (chan->state != BT_CONNECTED) { in l2cap_chan_send()
2550 err = -ENOTCONN; in l2cap_chan_send()
2556 skb_queue_splice_tail_init(&seg_queue, &chan->tx_q); in l2cap_chan_send()
2560 if (!chan->tx_credits) in l2cap_chan_send()
2561 chan->ops->suspend(chan); in l2cap_chan_send()
2569 if (len > chan->omtu) in l2cap_chan_send()
2570 return -EMSGSIZE; in l2cap_chan_send()
2584 if (len > chan->omtu) { in l2cap_chan_send()
2585 err = -EMSGSIZE; in l2cap_chan_send()
2600 if (chan->mode == L2CAP_MODE_ERTM) in l2cap_chan_send()
2614 BT_DBG("bad state %1.1x", chan->mode); in l2cap_chan_send()
2615 err = -EBADFD; in l2cap_chan_send()
2633 for (seq = chan->expected_tx_seq; seq != txseq; in l2cap_send_srej()
2635 if (!l2cap_ertm_seq_in_queue(&chan->srej_q, seq)) { in l2cap_send_srej()
2638 l2cap_seq_list_append(&chan->srej_list, seq); in l2cap_send_srej()
2642 chan->expected_tx_seq = __next_seq(chan, txseq); in l2cap_send_srej()
2651 if (chan->srej_list.tail == L2CAP_SEQ_LIST_CLEAR) in l2cap_send_srej_tail()
2657 control.reqseq = chan->srej_list.tail; in l2cap_send_srej_tail()
2674 initial_head = chan->srej_list.head; in l2cap_send_srej_list()
2677 seq = l2cap_seq_list_pop(&chan->srej_list); in l2cap_send_srej_list()
2683 l2cap_seq_list_append(&chan->srej_list, seq); in l2cap_send_srej_list()
2684 } while (chan->srej_list.head != initial_head); in l2cap_send_srej_list()
2694 if (chan->unacked_frames == 0 || reqseq == chan->expected_ack_seq) in l2cap_process_reqseq()
2698 chan->expected_ack_seq, chan->unacked_frames); in l2cap_process_reqseq()
2700 for (ackseq = chan->expected_ack_seq; ackseq != reqseq; in l2cap_process_reqseq()
2703 acked_skb = l2cap_ertm_seq_in_queue(&chan->tx_q, ackseq); in l2cap_process_reqseq()
2705 skb_unlink(acked_skb, &chan->tx_q); in l2cap_process_reqseq()
2707 chan->unacked_frames--; in l2cap_process_reqseq()
2711 chan->expected_ack_seq = reqseq; in l2cap_process_reqseq()
2713 if (chan->unacked_frames == 0) in l2cap_process_reqseq()
2716 BT_DBG("unacked_frames %u", chan->unacked_frames); in l2cap_process_reqseq()
2723 chan->expected_tx_seq = chan->buffer_seq; in l2cap_abort_rx_srej_sent()
2724 l2cap_seq_list_clear(&chan->srej_list); in l2cap_abort_rx_srej_sent()
2725 skb_queue_purge(&chan->srej_q); in l2cap_abort_rx_srej_sent()
2726 chan->rx_state = L2CAP_RX_STATE_RECV; in l2cap_abort_rx_srej_sent()
2738 if (chan->tx_send_head == NULL) in l2cap_tx_state_xmit()
2739 chan->tx_send_head = skb_peek(skbs); in l2cap_tx_state_xmit()
2741 skb_queue_splice_tail_init(skbs, &chan->tx_q); in l2cap_tx_state_xmit()
2746 set_bit(CONN_LOCAL_BUSY, &chan->conn_state); in l2cap_tx_state_xmit()
2748 if (chan->rx_state == L2CAP_RX_STATE_SREJ_SENT) { in l2cap_tx_state_xmit()
2760 clear_bit(CONN_LOCAL_BUSY, &chan->conn_state); in l2cap_tx_state_xmit()
2762 if (test_bit(CONN_RNR_SENT, &chan->conn_state)) { in l2cap_tx_state_xmit()
2769 local_control.reqseq = chan->buffer_seq; in l2cap_tx_state_xmit()
2772 chan->retry_count = 1; in l2cap_tx_state_xmit()
2774 chan->tx_state = L2CAP_TX_STATE_WAIT_F; in l2cap_tx_state_xmit()
2778 l2cap_process_reqseq(chan, control->reqseq); in l2cap_tx_state_xmit()
2782 chan->retry_count = 1; in l2cap_tx_state_xmit()
2785 chan->tx_state = L2CAP_TX_STATE_WAIT_F; in l2cap_tx_state_xmit()
2789 chan->retry_count = 1; in l2cap_tx_state_xmit()
2791 chan->tx_state = L2CAP_TX_STATE_WAIT_F; in l2cap_tx_state_xmit()
2810 if (chan->tx_send_head == NULL) in l2cap_tx_state_wait_f()
2811 chan->tx_send_head = skb_peek(skbs); in l2cap_tx_state_wait_f()
2813 skb_queue_splice_tail_init(skbs, &chan->tx_q); in l2cap_tx_state_wait_f()
2817 set_bit(CONN_LOCAL_BUSY, &chan->conn_state); in l2cap_tx_state_wait_f()
2819 if (chan->rx_state == L2CAP_RX_STATE_SREJ_SENT) { in l2cap_tx_state_wait_f()
2831 clear_bit(CONN_LOCAL_BUSY, &chan->conn_state); in l2cap_tx_state_wait_f()
2833 if (test_bit(CONN_RNR_SENT, &chan->conn_state)) { in l2cap_tx_state_wait_f()
2839 local_control.reqseq = chan->buffer_seq; in l2cap_tx_state_wait_f()
2842 chan->retry_count = 1; in l2cap_tx_state_wait_f()
2844 chan->tx_state = L2CAP_TX_STATE_WAIT_F; in l2cap_tx_state_wait_f()
2848 l2cap_process_reqseq(chan, control->reqseq); in l2cap_tx_state_wait_f()
2852 if (control && control->final) { in l2cap_tx_state_wait_f()
2854 if (chan->unacked_frames > 0) in l2cap_tx_state_wait_f()
2856 chan->retry_count = 0; in l2cap_tx_state_wait_f()
2857 chan->tx_state = L2CAP_TX_STATE_XMIT; in l2cap_tx_state_wait_f()
2858 BT_DBG("recv fbit tx_state 0x2.2%x", chan->tx_state); in l2cap_tx_state_wait_f()
2865 if (chan->max_tx == 0 || chan->retry_count < chan->max_tx) { in l2cap_tx_state_wait_f()
2868 chan->retry_count++; in l2cap_tx_state_wait_f()
2882 chan, control, skbs, event, chan->tx_state); in l2cap_tx()
2884 switch (chan->tx_state) { in l2cap_tx()
2919 list_for_each_entry(chan, &conn->chan_l, list) { in l2cap_raw_recv()
2920 if (chan->chan_type != L2CAP_CHAN_RAW) in l2cap_raw_recv()
2924 if (bt_cb(skb)->l2cap.chan == chan) in l2cap_raw_recv()
2930 if (chan->ops->recv(chan, nskb)) in l2cap_raw_recv()
2935 /* ---- L2CAP signalling commands ---- */
2947 if (conn->mtu < L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE) in l2cap_build_cmd()
2951 count = min_t(unsigned int, conn->mtu, len); in l2cap_build_cmd()
2958 lh->len = cpu_to_le16(L2CAP_CMD_HDR_SIZE + dlen); in l2cap_build_cmd()
2960 if (conn->hcon->type == LE_LINK) in l2cap_build_cmd()
2961 lh->cid = cpu_to_le16(L2CAP_CID_LE_SIGNALING); in l2cap_build_cmd()
2963 lh->cid = cpu_to_le16(L2CAP_CID_SIGNALING); in l2cap_build_cmd()
2966 cmd->code = code; in l2cap_build_cmd()
2967 cmd->ident = ident; in l2cap_build_cmd()
2968 cmd->len = cpu_to_le16(dlen); in l2cap_build_cmd()
2971 count -= L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE; in l2cap_build_cmd()
2976 len -= skb->len; in l2cap_build_cmd()
2979 frag = &skb_shinfo(skb)->frag_list; in l2cap_build_cmd()
2981 count = min_t(unsigned int, conn->mtu, len); in l2cap_build_cmd()
2989 len -= count; in l2cap_build_cmd()
2992 frag = &(*frag)->next; in l2cap_build_cmd()
3008 len = L2CAP_CONF_OPT_SIZE + opt->len; in l2cap_get_conf_opt()
3011 *type = opt->type; in l2cap_get_conf_opt()
3012 *olen = opt->len; in l2cap_get_conf_opt()
3014 switch (opt->len) { in l2cap_get_conf_opt()
3016 *val = *((u8 *) opt->val); in l2cap_get_conf_opt()
3020 *val = get_unaligned_le16(opt->val); in l2cap_get_conf_opt()
3024 *val = get_unaligned_le32(opt->val); in l2cap_get_conf_opt()
3028 *val = (unsigned long) opt->val; in l2cap_get_conf_opt()
3032 BT_DBG("type 0x%2.2x len %u val 0x%lx", *type, opt->len, *val); in l2cap_get_conf_opt()
3045 opt->type = type; in l2cap_add_conf_opt()
3046 opt->len = len; in l2cap_add_conf_opt()
3050 *((u8 *) opt->val) = val; in l2cap_add_conf_opt()
3054 put_unaligned_le16(val, opt->val); in l2cap_add_conf_opt()
3058 put_unaligned_le32(val, opt->val); in l2cap_add_conf_opt()
3062 memcpy(opt->val, (void *) val, len); in l2cap_add_conf_opt()
3073 switch (chan->mode) { in l2cap_add_opt_efs()
3075 efs.id = chan->local_id; in l2cap_add_opt_efs()
3076 efs.stype = chan->local_stype; in l2cap_add_opt_efs()
3077 efs.msdu = cpu_to_le16(chan->local_msdu); in l2cap_add_opt_efs()
3078 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime); in l2cap_add_opt_efs()
3086 efs.msdu = cpu_to_le16(chan->local_msdu); in l2cap_add_opt_efs()
3087 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime); in l2cap_add_opt_efs()
3110 frames_to_ack = __seq_offset(chan, chan->buffer_seq, in l2cap_ack_timeout()
3111 chan->last_acked_seq); in l2cap_ack_timeout()
3124 chan->next_tx_seq = 0; in l2cap_ertm_init()
3125 chan->expected_tx_seq = 0; in l2cap_ertm_init()
3126 chan->expected_ack_seq = 0; in l2cap_ertm_init()
3127 chan->unacked_frames = 0; in l2cap_ertm_init()
3128 chan->buffer_seq = 0; in l2cap_ertm_init()
3129 chan->frames_sent = 0; in l2cap_ertm_init()
3130 chan->last_acked_seq = 0; in l2cap_ertm_init()
3131 chan->sdu = NULL; in l2cap_ertm_init()
3132 chan->sdu_last_frag = NULL; in l2cap_ertm_init()
3133 chan->sdu_len = 0; in l2cap_ertm_init()
3135 skb_queue_head_init(&chan->tx_q); in l2cap_ertm_init()
3137 if (chan->mode != L2CAP_MODE_ERTM) in l2cap_ertm_init()
3140 chan->rx_state = L2CAP_RX_STATE_RECV; in l2cap_ertm_init()
3141 chan->tx_state = L2CAP_TX_STATE_XMIT; in l2cap_ertm_init()
3143 skb_queue_head_init(&chan->srej_q); in l2cap_ertm_init()
3145 err = l2cap_seq_list_init(&chan->srej_list, chan->tx_win); in l2cap_ertm_init()
3149 err = l2cap_seq_list_init(&chan->retrans_list, chan->remote_tx_win); in l2cap_ertm_init()
3151 l2cap_seq_list_free(&chan->srej_list); in l2cap_ertm_init()
3171 return (conn->feat_mask & L2CAP_FEAT_EXT_WINDOW); in __l2cap_ews_supported()
3176 return (conn->feat_mask & L2CAP_FEAT_EXT_FLOW); in __l2cap_efs_supported()
3182 rfc->retrans_timeout = cpu_to_le16(L2CAP_DEFAULT_RETRANS_TO); in __l2cap_set_ertm_timeouts()
3183 rfc->monitor_timeout = cpu_to_le16(L2CAP_DEFAULT_MONITOR_TO); in __l2cap_set_ertm_timeouts()
3188 if (chan->tx_win > L2CAP_DEFAULT_TX_WINDOW && in l2cap_txwin_setup()
3189 __l2cap_ews_supported(chan->conn)) { in l2cap_txwin_setup()
3191 set_bit(FLAG_EXT_CTRL, &chan->flags); in l2cap_txwin_setup()
3192 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW; in l2cap_txwin_setup()
3194 chan->tx_win = min_t(u16, chan->tx_win, in l2cap_txwin_setup()
3196 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW; in l2cap_txwin_setup()
3198 chan->ack_win = chan->tx_win; in l2cap_txwin_setup()
3203 struct hci_conn *conn = chan->conn->hcon; in l2cap_mtu_auto()
3205 chan->imtu = L2CAP_DEFAULT_MIN_MTU; in l2cap_mtu_auto()
3207 /* The 2-DH1 packet has between 2 and 56 information bytes in l2cap_mtu_auto()
3208 * (including the 2-byte payload header) in l2cap_mtu_auto()
3210 if (!(conn->pkt_type & HCI_2DH1)) in l2cap_mtu_auto()
3211 chan->imtu = 54; in l2cap_mtu_auto()
3213 /* The 3-DH1 packet has between 2 and 85 information bytes in l2cap_mtu_auto()
3214 * (including the 2-byte payload header) in l2cap_mtu_auto()
3216 if (!(conn->pkt_type & HCI_3DH1)) in l2cap_mtu_auto()
3217 chan->imtu = 83; in l2cap_mtu_auto()
3219 /* The 2-DH3 packet has between 2 and 369 information bytes in l2cap_mtu_auto()
3220 * (including the 2-byte payload header) in l2cap_mtu_auto()
3222 if (!(conn->pkt_type & HCI_2DH3)) in l2cap_mtu_auto()
3223 chan->imtu = 367; in l2cap_mtu_auto()
3225 /* The 3-DH3 packet has between 2 and 554 information bytes in l2cap_mtu_auto()
3226 * (including the 2-byte payload header) in l2cap_mtu_auto()
3228 if (!(conn->pkt_type & HCI_3DH3)) in l2cap_mtu_auto()
3229 chan->imtu = 552; in l2cap_mtu_auto()
3231 /* The 2-DH5 packet has between 2 and 681 information bytes in l2cap_mtu_auto()
3232 * (including the 2-byte payload header) in l2cap_mtu_auto()
3234 if (!(conn->pkt_type & HCI_2DH5)) in l2cap_mtu_auto()
3235 chan->imtu = 679; in l2cap_mtu_auto()
3237 /* The 3-DH5 packet has between 2 and 1023 information bytes in l2cap_mtu_auto()
3238 * (including the 2-byte payload header) in l2cap_mtu_auto()
3240 if (!(conn->pkt_type & HCI_3DH5)) in l2cap_mtu_auto()
3241 chan->imtu = 1021; in l2cap_mtu_auto()
3247 struct l2cap_conf_rfc rfc = { .mode = chan->mode }; in l2cap_build_conf_req()
3248 void *ptr = req->data; in l2cap_build_conf_req()
3254 if (chan->num_conf_req || chan->num_conf_rsp) in l2cap_build_conf_req()
3257 switch (chan->mode) { in l2cap_build_conf_req()
3260 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state)) in l2cap_build_conf_req()
3263 if (__l2cap_efs_supported(chan->conn)) in l2cap_build_conf_req()
3264 set_bit(FLAG_EFS_ENABLE, &chan->flags); in l2cap_build_conf_req()
3268 chan->mode = l2cap_select_mode(rfc.mode, chan->conn->feat_mask); in l2cap_build_conf_req()
3273 if (chan->imtu != L2CAP_DEFAULT_MTU) { in l2cap_build_conf_req()
3274 if (!chan->imtu) in l2cap_build_conf_req()
3276 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu, in l2cap_build_conf_req()
3277 endptr - ptr); in l2cap_build_conf_req()
3280 switch (chan->mode) { in l2cap_build_conf_req()
3285 if (!(chan->conn->feat_mask & L2CAP_FEAT_ERTM) && in l2cap_build_conf_req()
3286 !(chan->conn->feat_mask & L2CAP_FEAT_STREAMING)) in l2cap_build_conf_req()
3297 (unsigned long) &rfc, endptr - ptr); in l2cap_build_conf_req()
3302 rfc.max_transmit = chan->max_tx; in l2cap_build_conf_req()
3306 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu - in l2cap_build_conf_req()
3307 L2CAP_EXT_HDR_SIZE - L2CAP_SDULEN_SIZE - in l2cap_build_conf_req()
3313 rfc.txwin_size = min_t(u16, chan->tx_win, in l2cap_build_conf_req()
3317 (unsigned long) &rfc, endptr - ptr); in l2cap_build_conf_req()
3319 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) in l2cap_build_conf_req()
3320 l2cap_add_opt_efs(&ptr, chan, endptr - ptr); in l2cap_build_conf_req()
3322 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) in l2cap_build_conf_req()
3324 chan->tx_win, endptr - ptr); in l2cap_build_conf_req()
3326 if (chan->conn->feat_mask & L2CAP_FEAT_FCS) in l2cap_build_conf_req()
3327 if (chan->fcs == L2CAP_FCS_NONE || in l2cap_build_conf_req()
3328 test_bit(CONF_RECV_NO_FCS, &chan->conf_state)) { in l2cap_build_conf_req()
3329 chan->fcs = L2CAP_FCS_NONE; in l2cap_build_conf_req()
3331 chan->fcs, endptr - ptr); in l2cap_build_conf_req()
3343 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu - in l2cap_build_conf_req()
3344 L2CAP_EXT_HDR_SIZE - L2CAP_SDULEN_SIZE - in l2cap_build_conf_req()
3349 (unsigned long) &rfc, endptr - ptr); in l2cap_build_conf_req()
3351 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) in l2cap_build_conf_req()
3352 l2cap_add_opt_efs(&ptr, chan, endptr - ptr); in l2cap_build_conf_req()
3354 if (chan->conn->feat_mask & L2CAP_FEAT_FCS) in l2cap_build_conf_req()
3355 if (chan->fcs == L2CAP_FCS_NONE || in l2cap_build_conf_req()
3356 test_bit(CONF_RECV_NO_FCS, &chan->conf_state)) { in l2cap_build_conf_req()
3357 chan->fcs = L2CAP_FCS_NONE; in l2cap_build_conf_req()
3359 chan->fcs, endptr - ptr); in l2cap_build_conf_req()
3364 req->dcid = cpu_to_le16(chan->dcid); in l2cap_build_conf_req()
3365 req->flags = cpu_to_le16(0); in l2cap_build_conf_req()
3367 return ptr - data; in l2cap_build_conf_req()
3373 void *ptr = rsp->data; in l2cap_parse_conf_req()
3375 void *req = chan->conf_req; in l2cap_parse_conf_req()
3376 int len = chan->conf_len; in l2cap_parse_conf_req()
3389 len -= l2cap_get_conf_opt(&req, &type, &olen, &val); in l2cap_parse_conf_req()
3406 chan->flush_to = val; in l2cap_parse_conf_req()
3422 set_bit(CONF_RECV_NO_FCS, &chan->conf_state); in l2cap_parse_conf_req()
3435 return -ECONNREFUSED; in l2cap_parse_conf_req()
3441 l2cap_add_conf_opt(&ptr, (u8)type, sizeof(u8), type, endptr - ptr); in l2cap_parse_conf_req()
3446 if (chan->num_conf_rsp || chan->num_conf_req > 1) in l2cap_parse_conf_req()
3449 switch (chan->mode) { in l2cap_parse_conf_req()
3452 if (!test_bit(CONF_STATE2_DEVICE, &chan->conf_state)) { in l2cap_parse_conf_req()
3453 chan->mode = l2cap_select_mode(rfc.mode, in l2cap_parse_conf_req()
3454 chan->conn->feat_mask); in l2cap_parse_conf_req()
3459 if (__l2cap_efs_supported(chan->conn)) in l2cap_parse_conf_req()
3460 set_bit(FLAG_EFS_ENABLE, &chan->flags); in l2cap_parse_conf_req()
3462 return -ECONNREFUSED; in l2cap_parse_conf_req()
3465 if (chan->mode != rfc.mode) in l2cap_parse_conf_req()
3466 return -ECONNREFUSED; in l2cap_parse_conf_req()
3472 if (chan->mode != rfc.mode) { in l2cap_parse_conf_req()
3474 rfc.mode = chan->mode; in l2cap_parse_conf_req()
3476 if (chan->num_conf_rsp == 1) in l2cap_parse_conf_req()
3477 return -ECONNREFUSED; in l2cap_parse_conf_req()
3480 (unsigned long) &rfc, endptr - ptr); in l2cap_parse_conf_req()
3490 chan->omtu = mtu; in l2cap_parse_conf_req()
3491 set_bit(CONF_MTU_DONE, &chan->conf_state); in l2cap_parse_conf_req()
3493 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->omtu, endptr - ptr); in l2cap_parse_conf_req()
3496 if (chan->local_stype != L2CAP_SERV_NOTRAFIC && in l2cap_parse_conf_req()
3498 efs.stype != chan->local_stype) { in l2cap_parse_conf_req()
3502 if (chan->num_conf_req >= 1) in l2cap_parse_conf_req()
3503 return -ECONNREFUSED; in l2cap_parse_conf_req()
3507 (unsigned long) &efs, endptr - ptr); in l2cap_parse_conf_req()
3511 set_bit(CONF_LOC_CONF_PEND, &chan->conf_state); in l2cap_parse_conf_req()
3517 chan->fcs = L2CAP_FCS_NONE; in l2cap_parse_conf_req()
3518 set_bit(CONF_MODE_DONE, &chan->conf_state); in l2cap_parse_conf_req()
3522 if (!test_bit(CONF_EWS_RECV, &chan->conf_state)) in l2cap_parse_conf_req()
3523 chan->remote_tx_win = rfc.txwin_size; in l2cap_parse_conf_req()
3527 chan->remote_max_tx = rfc.max_transmit; in l2cap_parse_conf_req()
3530 chan->conn->mtu - L2CAP_EXT_HDR_SIZE - in l2cap_parse_conf_req()
3531 L2CAP_SDULEN_SIZE - L2CAP_FCS_SIZE); in l2cap_parse_conf_req()
3533 chan->remote_mps = size; in l2cap_parse_conf_req()
3537 set_bit(CONF_MODE_DONE, &chan->conf_state); in l2cap_parse_conf_req()
3540 sizeof(rfc), (unsigned long) &rfc, endptr - ptr); in l2cap_parse_conf_req()
3543 test_bit(FLAG_EFS_ENABLE, &chan->flags)) { in l2cap_parse_conf_req()
3544 chan->remote_id = efs.id; in l2cap_parse_conf_req()
3545 chan->remote_stype = efs.stype; in l2cap_parse_conf_req()
3546 chan->remote_msdu = le16_to_cpu(efs.msdu); in l2cap_parse_conf_req()
3547 chan->remote_flush_to = in l2cap_parse_conf_req()
3549 chan->remote_acc_lat = in l2cap_parse_conf_req()
3551 chan->remote_sdu_itime = in l2cap_parse_conf_req()
3555 (unsigned long) &efs, endptr - ptr); in l2cap_parse_conf_req()
3561 chan->conn->mtu - L2CAP_EXT_HDR_SIZE - in l2cap_parse_conf_req()
3562 L2CAP_SDULEN_SIZE - L2CAP_FCS_SIZE); in l2cap_parse_conf_req()
3564 chan->remote_mps = size; in l2cap_parse_conf_req()
3566 set_bit(CONF_MODE_DONE, &chan->conf_state); in l2cap_parse_conf_req()
3569 (unsigned long) &rfc, endptr - ptr); in l2cap_parse_conf_req()
3577 rfc.mode = chan->mode; in l2cap_parse_conf_req()
3581 set_bit(CONF_OUTPUT_DONE, &chan->conf_state); in l2cap_parse_conf_req()
3583 rsp->scid = cpu_to_le16(chan->dcid); in l2cap_parse_conf_req()
3584 rsp->result = cpu_to_le16(result); in l2cap_parse_conf_req()
3585 rsp->flags = cpu_to_le16(0); in l2cap_parse_conf_req()
3587 return ptr - data; in l2cap_parse_conf_req()
3594 void *ptr = req->data; in l2cap_parse_conf_rsp()
3604 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val); in l2cap_parse_conf_rsp()
3614 chan->imtu = L2CAP_DEFAULT_MIN_MTU; in l2cap_parse_conf_rsp()
3616 chan->imtu = val; in l2cap_parse_conf_rsp()
3617 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu, in l2cap_parse_conf_rsp()
3618 endptr - ptr); in l2cap_parse_conf_rsp()
3624 chan->flush_to = val; in l2cap_parse_conf_rsp()
3626 chan->flush_to, endptr - ptr); in l2cap_parse_conf_rsp()
3633 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) && in l2cap_parse_conf_rsp()
3634 rfc.mode != chan->mode) in l2cap_parse_conf_rsp()
3635 return -ECONNREFUSED; in l2cap_parse_conf_rsp()
3636 chan->fcs = 0; in l2cap_parse_conf_rsp()
3638 (unsigned long) &rfc, endptr - ptr); in l2cap_parse_conf_rsp()
3644 chan->ack_win = min_t(u16, val, chan->ack_win); in l2cap_parse_conf_rsp()
3646 chan->tx_win, endptr - ptr); in l2cap_parse_conf_rsp()
3653 if (chan->local_stype != L2CAP_SERV_NOTRAFIC && in l2cap_parse_conf_rsp()
3655 efs.stype != chan->local_stype) in l2cap_parse_conf_rsp()
3656 return -ECONNREFUSED; in l2cap_parse_conf_rsp()
3658 (unsigned long) &efs, endptr - ptr); in l2cap_parse_conf_rsp()
3667 &chan->conf_state); in l2cap_parse_conf_rsp()
3672 if (chan->mode == L2CAP_MODE_BASIC && chan->mode != rfc.mode) in l2cap_parse_conf_rsp()
3673 return -ECONNREFUSED; in l2cap_parse_conf_rsp()
3675 chan->mode = rfc.mode; in l2cap_parse_conf_rsp()
3680 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout); in l2cap_parse_conf_rsp()
3681 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout); in l2cap_parse_conf_rsp()
3682 chan->mps = le16_to_cpu(rfc.max_pdu_size); in l2cap_parse_conf_rsp()
3683 if (!test_bit(FLAG_EXT_CTRL, &chan->flags)) in l2cap_parse_conf_rsp()
3684 chan->ack_win = min_t(u16, chan->ack_win, in l2cap_parse_conf_rsp()
3687 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) { in l2cap_parse_conf_rsp()
3688 chan->local_msdu = le16_to_cpu(efs.msdu); in l2cap_parse_conf_rsp()
3689 chan->local_sdu_itime = in l2cap_parse_conf_rsp()
3691 chan->local_acc_lat = le32_to_cpu(efs.acc_lat); in l2cap_parse_conf_rsp()
3692 chan->local_flush_to = in l2cap_parse_conf_rsp()
3698 chan->mps = le16_to_cpu(rfc.max_pdu_size); in l2cap_parse_conf_rsp()
3702 req->dcid = cpu_to_le16(chan->dcid); in l2cap_parse_conf_rsp()
3703 req->flags = cpu_to_le16(0); in l2cap_parse_conf_rsp()
3705 return ptr - data; in l2cap_parse_conf_rsp()
3712 void *ptr = rsp->data; in l2cap_build_conf_rsp()
3716 rsp->scid = cpu_to_le16(chan->dcid); in l2cap_build_conf_rsp()
3717 rsp->result = cpu_to_le16(result); in l2cap_build_conf_rsp()
3718 rsp->flags = cpu_to_le16(flags); in l2cap_build_conf_rsp()
3720 return ptr - data; in l2cap_build_conf_rsp()
3726 struct l2cap_conn *conn = chan->conn; in __l2cap_le_connect_rsp_defer()
3730 rsp.dcid = cpu_to_le16(chan->scid); in __l2cap_le_connect_rsp_defer()
3731 rsp.mtu = cpu_to_le16(chan->imtu); in __l2cap_le_connect_rsp_defer()
3732 rsp.mps = cpu_to_le16(chan->mps); in __l2cap_le_connect_rsp_defer()
3733 rsp.credits = cpu_to_le16(chan->rx_credits); in __l2cap_le_connect_rsp_defer()
3736 l2cap_send_cmd(conn, chan->ident, L2CAP_LE_CONN_RSP, sizeof(rsp), in __l2cap_le_connect_rsp_defer()
3744 if (*result || test_bit(FLAG_ECRED_CONN_REQ_SENT, &chan->flags)) in l2cap_ecred_list_defer()
3747 switch (chan->state) { in l2cap_ecred_list_defer()
3756 *result = -ECONNREFUSED; in l2cap_ecred_list_defer()
3776 if (test_bit(FLAG_ECRED_CONN_REQ_SENT, &chan->flags) || in l2cap_ecred_rsp_defer()
3777 !test_and_clear_bit(FLAG_DEFER_SETUP, &chan->flags)) in l2cap_ecred_rsp_defer()
3781 chan->ident = 0; in l2cap_ecred_rsp_defer()
3784 if (!rsp->pdu.rsp.result) in l2cap_ecred_rsp_defer()
3785 rsp->pdu.rsp.dcid[rsp->count++] = cpu_to_le16(chan->scid); in l2cap_ecred_rsp_defer()
3792 struct l2cap_conn *conn = chan->conn; in __l2cap_ecred_conn_rsp_defer()
3794 u16 id = chan->ident; in __l2cap_ecred_conn_rsp_defer()
3804 data.pdu.rsp.mtu = cpu_to_le16(chan->imtu); in __l2cap_ecred_conn_rsp_defer()
3805 data.pdu.rsp.mps = cpu_to_le16(chan->mps); in __l2cap_ecred_conn_rsp_defer()
3806 data.pdu.rsp.credits = cpu_to_le16(chan->rx_credits); in __l2cap_ecred_conn_rsp_defer()
3829 struct l2cap_conn *conn = chan->conn; in __l2cap_connect_rsp_defer()
3833 rsp.scid = cpu_to_le16(chan->dcid); in __l2cap_connect_rsp_defer()
3834 rsp.dcid = cpu_to_le16(chan->scid); in __l2cap_connect_rsp_defer()
3841 l2cap_send_cmd(conn, chan->ident, rsp_code, sizeof(rsp), &rsp); in __l2cap_connect_rsp_defer()
3843 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) in __l2cap_connect_rsp_defer()
3848 chan->num_conf_req++; in __l2cap_connect_rsp_defer()
3858 u16 txwin_ext = chan->ack_win; in l2cap_conf_rfc_get()
3860 .mode = chan->mode, in l2cap_conf_rfc_get()
3863 .max_pdu_size = cpu_to_le16(chan->imtu), in l2cap_conf_rfc_get()
3864 .txwin_size = min_t(u16, chan->ack_win, L2CAP_DEFAULT_TX_WINDOW), in l2cap_conf_rfc_get()
3869 if ((chan->mode != L2CAP_MODE_ERTM) && (chan->mode != L2CAP_MODE_STREAMING)) in l2cap_conf_rfc_get()
3873 len -= l2cap_get_conf_opt(&rsp, &type, &olen, &val); in l2cap_conf_rfc_get()
3893 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout); in l2cap_conf_rfc_get()
3894 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout); in l2cap_conf_rfc_get()
3895 chan->mps = le16_to_cpu(rfc.max_pdu_size); in l2cap_conf_rfc_get()
3896 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) in l2cap_conf_rfc_get()
3897 chan->ack_win = min_t(u16, chan->ack_win, txwin_ext); in l2cap_conf_rfc_get()
3899 chan->ack_win = min_t(u16, chan->ack_win, in l2cap_conf_rfc_get()
3903 chan->mps = le16_to_cpu(rfc.max_pdu_size); in l2cap_conf_rfc_get()
3914 return -EPROTO; in l2cap_command_rej()
3916 if (rej->reason != L2CAP_REJ_NOT_UNDERSTOOD) in l2cap_command_rej()
3919 if ((conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_SENT) && in l2cap_command_rej()
3920 cmd->ident == conn->info_ident) { in l2cap_command_rej()
3921 cancel_delayed_work(&conn->info_timer); in l2cap_command_rej()
3923 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE; in l2cap_command_rej()
3924 conn->info_ident = 0; in l2cap_command_rej()
3940 u16 dcid = 0, scid = __le16_to_cpu(req->scid); in l2cap_connect()
3941 __le16 psm = req->psm; in l2cap_connect()
3946 pchan = l2cap_global_chan_by_psm(BT_LISTEN, psm, &conn->hcon->src, in l2cap_connect()
3947 &conn->hcon->dst, ACL_LINK); in l2cap_connect()
3957 !hci_conn_check_link_mode(conn->hcon)) { in l2cap_connect()
3958 conn->disc_reason = HCI_ERROR_AUTH_FAILURE; in l2cap_connect()
3977 chan = pchan->ops->new_connection(pchan); in l2cap_connect()
3986 conn->hcon->disc_timeout = HCI_DISCONN_TIMEOUT; in l2cap_connect()
3988 bacpy(&chan->src, &conn->hcon->src); in l2cap_connect()
3989 bacpy(&chan->dst, &conn->hcon->dst); in l2cap_connect()
3990 chan->src_type = bdaddr_src_type(conn->hcon); in l2cap_connect()
3991 chan->dst_type = bdaddr_dst_type(conn->hcon); in l2cap_connect()
3992 chan->psm = psm; in l2cap_connect()
3993 chan->dcid = scid; in l2cap_connect()
3997 dcid = chan->scid; in l2cap_connect()
3999 __set_chan_timer(chan, chan->ops->get_sndtimeo(chan)); in l2cap_connect()
4001 chan->ident = cmd->ident; in l2cap_connect()
4003 if (conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) { in l2cap_connect()
4005 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) { in l2cap_connect()
4009 chan->ops->defer(chan); in l2cap_connect()
4031 l2cap_send_cmd(conn, cmd->ident, rsp_code, sizeof(rsp), &rsp); in l2cap_connect()
4040 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_SENT; in l2cap_connect()
4041 conn->info_ident = l2cap_get_ident(conn); in l2cap_connect()
4043 schedule_delayed_work(&conn->info_timer, L2CAP_INFO_TIMEOUT); in l2cap_connect()
4045 l2cap_send_cmd(conn, conn->info_ident, L2CAP_INFO_REQ, in l2cap_connect()
4049 if (chan && !test_bit(CONF_REQ_SENT, &chan->conf_state) && in l2cap_connect()
4052 set_bit(CONF_REQ_SENT, &chan->conf_state); in l2cap_connect()
4055 chan->num_conf_req++; in l2cap_connect()
4066 return -EPROTO; in l2cap_connect_req()
4083 return -EPROTO; in l2cap_connect_create_rsp()
4085 scid = __le16_to_cpu(rsp->scid); in l2cap_connect_create_rsp()
4086 dcid = __le16_to_cpu(rsp->dcid); in l2cap_connect_create_rsp()
4087 result = __le16_to_cpu(rsp->result); in l2cap_connect_create_rsp()
4088 status = __le16_to_cpu(rsp->status); in l2cap_connect_create_rsp()
4092 return -EPROTO; in l2cap_connect_create_rsp()
4100 return -EBADSLT; in l2cap_connect_create_rsp()
4102 chan = __l2cap_get_chan_by_ident(conn, cmd->ident); in l2cap_connect_create_rsp()
4104 return -EBADSLT; in l2cap_connect_create_rsp()
4109 return -EBADSLT; in l2cap_connect_create_rsp()
4118 err = -EBADSLT; in l2cap_connect_create_rsp()
4123 chan->ident = 0; in l2cap_connect_create_rsp()
4124 chan->dcid = dcid; in l2cap_connect_create_rsp()
4125 clear_bit(CONF_CONNECT_PEND, &chan->conf_state); in l2cap_connect_create_rsp()
4127 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) in l2cap_connect_create_rsp()
4132 chan->num_conf_req++; in l2cap_connect_create_rsp()
4136 set_bit(CONF_CONNECT_PEND, &chan->conf_state); in l2cap_connect_create_rsp()
4155 if (chan->mode != L2CAP_MODE_ERTM && chan->mode != L2CAP_MODE_STREAMING) in set_default_fcs()
4156 chan->fcs = L2CAP_FCS_NONE; in set_default_fcs()
4157 else if (!test_bit(CONF_RECV_NO_FCS, &chan->conf_state)) in set_default_fcs()
4158 chan->fcs = L2CAP_FCS_CRC16; in set_default_fcs()
4164 struct l2cap_conn *conn = chan->conn; in l2cap_send_efs_conf_rsp()
4169 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state); in l2cap_send_efs_conf_rsp()
4170 set_bit(CONF_OUTPUT_DONE, &chan->conf_state); in l2cap_send_efs_conf_rsp()
4200 return -EPROTO; in l2cap_config_req()
4202 dcid = __le16_to_cpu(req->dcid); in l2cap_config_req()
4203 flags = __le16_to_cpu(req->flags); in l2cap_config_req()
4209 cmd_reject_invalid_cid(conn, cmd->ident, dcid, 0); in l2cap_config_req()
4213 if (chan->state != BT_CONFIG && chan->state != BT_CONNECT2 && in l2cap_config_req()
4214 chan->state != BT_CONNECTED) { in l2cap_config_req()
4215 cmd_reject_invalid_cid(conn, cmd->ident, chan->scid, in l2cap_config_req()
4216 chan->dcid); in l2cap_config_req()
4221 len = cmd_len - sizeof(*req); in l2cap_config_req()
4222 if (chan->conf_len + len > sizeof(chan->conf_req)) { in l2cap_config_req()
4223 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, in l2cap_config_req()
4230 memcpy(chan->conf_req + chan->conf_len, req->data, len); in l2cap_config_req()
4231 chan->conf_len += len; in l2cap_config_req()
4235 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, in l2cap_config_req()
4248 chan->ident = cmd->ident; in l2cap_config_req()
4249 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, len, rsp); in l2cap_config_req()
4250 if (chan->num_conf_rsp < L2CAP_CONF_MAX_CONF_RSP) in l2cap_config_req()
4251 chan->num_conf_rsp++; in l2cap_config_req()
4254 chan->conf_len = 0; in l2cap_config_req()
4256 if (!test_bit(CONF_OUTPUT_DONE, &chan->conf_state)) in l2cap_config_req()
4259 if (test_bit(CONF_INPUT_DONE, &chan->conf_state)) { in l2cap_config_req()
4262 if (chan->mode == L2CAP_MODE_ERTM || in l2cap_config_req()
4263 chan->mode == L2CAP_MODE_STREAMING) in l2cap_config_req()
4267 l2cap_send_disconn_req(chan, -err); in l2cap_config_req()
4274 if (!test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) { in l2cap_config_req()
4278 chan->num_conf_req++; in l2cap_config_req()
4283 if (test_bit(CONF_REM_CONF_PEND, &chan->conf_state) && in l2cap_config_req()
4284 test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) { in l2cap_config_req()
4289 l2cap_send_efs_conf_rsp(chan, rsp, cmd->ident, flags); in l2cap_config_req()
4305 int len = cmd_len - sizeof(*rsp); in l2cap_config_rsp()
4309 return -EPROTO; in l2cap_config_rsp()
4311 scid = __le16_to_cpu(rsp->scid); in l2cap_config_rsp()
4312 flags = __le16_to_cpu(rsp->flags); in l2cap_config_rsp()
4313 result = __le16_to_cpu(rsp->result); in l2cap_config_rsp()
4324 l2cap_conf_rfc_get(chan, rsp->data, len); in l2cap_config_rsp()
4325 clear_bit(CONF_REM_CONF_PEND, &chan->conf_state); in l2cap_config_rsp()
4329 set_bit(CONF_REM_CONF_PEND, &chan->conf_state); in l2cap_config_rsp()
4331 if (test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) { in l2cap_config_rsp()
4334 len = l2cap_parse_conf_rsp(chan, rsp->data, len, in l2cap_config_rsp()
4341 l2cap_send_efs_conf_rsp(chan, buf, cmd->ident, 0); in l2cap_config_rsp()
4347 if (chan->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) { in l2cap_config_rsp()
4350 if (len > sizeof(req) - sizeof(struct l2cap_conf_req)) { in l2cap_config_rsp()
4357 len = l2cap_parse_conf_rsp(chan, rsp->data, len, in l2cap_config_rsp()
4366 chan->num_conf_req++; in l2cap_config_rsp()
4384 set_bit(CONF_INPUT_DONE, &chan->conf_state); in l2cap_config_rsp()
4386 if (test_bit(CONF_OUTPUT_DONE, &chan->conf_state)) { in l2cap_config_rsp()
4389 if (chan->mode == L2CAP_MODE_ERTM || in l2cap_config_rsp()
4390 chan->mode == L2CAP_MODE_STREAMING) in l2cap_config_rsp()
4394 l2cap_send_disconn_req(chan, -err); in l2cap_config_rsp()
4415 return -EPROTO; in l2cap_disconnect_req()
4417 scid = __le16_to_cpu(req->scid); in l2cap_disconnect_req()
4418 dcid = __le16_to_cpu(req->dcid); in l2cap_disconnect_req()
4424 cmd_reject_invalid_cid(conn, cmd->ident, dcid, scid); in l2cap_disconnect_req()
4428 rsp.dcid = cpu_to_le16(chan->scid); in l2cap_disconnect_req()
4429 rsp.scid = cpu_to_le16(chan->dcid); in l2cap_disconnect_req()
4430 l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp); in l2cap_disconnect_req()
4432 chan->ops->set_shutdown(chan); in l2cap_disconnect_req()
4436 chan->ops->close(chan); in l2cap_disconnect_req()
4453 return -EPROTO; in l2cap_disconnect_rsp()
4455 scid = __le16_to_cpu(rsp->scid); in l2cap_disconnect_rsp()
4456 dcid = __le16_to_cpu(rsp->dcid); in l2cap_disconnect_rsp()
4465 if (chan->state != BT_DISCONN) { in l2cap_disconnect_rsp()
4473 chan->ops->close(chan); in l2cap_disconnect_rsp()
4489 return -EPROTO; in l2cap_information_req()
4491 type = __le16_to_cpu(req->type); in l2cap_information_req()
4499 rsp->type = cpu_to_le16(L2CAP_IT_FEAT_MASK); in l2cap_information_req()
4500 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS); in l2cap_information_req()
4505 put_unaligned_le32(feat_mask, rsp->data); in l2cap_information_req()
4506 l2cap_send_cmd(conn, cmd->ident, L2CAP_INFO_RSP, sizeof(buf), in l2cap_information_req()
4512 rsp->type = cpu_to_le16(L2CAP_IT_FIXED_CHAN); in l2cap_information_req()
4513 rsp->result = cpu_to_le16(L2CAP_IR_SUCCESS); in l2cap_information_req()
4514 rsp->data[0] = conn->local_fixed_chan; in l2cap_information_req()
4515 memset(rsp->data + 1, 0, 7); in l2cap_information_req()
4516 l2cap_send_cmd(conn, cmd->ident, L2CAP_INFO_RSP, sizeof(buf), in l2cap_information_req()
4522 l2cap_send_cmd(conn, cmd->ident, L2CAP_INFO_RSP, sizeof(rsp), in l2cap_information_req()
4537 return -EPROTO; in l2cap_information_rsp()
4539 type = __le16_to_cpu(rsp->type); in l2cap_information_rsp()
4540 result = __le16_to_cpu(rsp->result); in l2cap_information_rsp()
4545 if (cmd->ident != conn->info_ident || in l2cap_information_rsp()
4546 conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE) in l2cap_information_rsp()
4549 cancel_delayed_work(&conn->info_timer); in l2cap_information_rsp()
4552 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE; in l2cap_information_rsp()
4553 conn->info_ident = 0; in l2cap_information_rsp()
4562 conn->feat_mask = get_unaligned_le32(rsp->data); in l2cap_information_rsp()
4564 if (conn->feat_mask & L2CAP_FEAT_FIXED_CHAN) { in l2cap_information_rsp()
4568 conn->info_ident = l2cap_get_ident(conn); in l2cap_information_rsp()
4570 l2cap_send_cmd(conn, conn->info_ident, in l2cap_information_rsp()
4573 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE; in l2cap_information_rsp()
4574 conn->info_ident = 0; in l2cap_information_rsp()
4581 conn->remote_fixed_chan = rsp->data[0]; in l2cap_information_rsp()
4582 conn->info_state |= L2CAP_INFO_FEAT_MASK_REQ_DONE; in l2cap_information_rsp()
4583 conn->info_ident = 0; in l2cap_information_rsp()
4596 struct hci_conn *hcon = conn->hcon; in l2cap_conn_param_update_req()
4602 if (hcon->role != HCI_ROLE_MASTER) in l2cap_conn_param_update_req()
4603 return -EINVAL; in l2cap_conn_param_update_req()
4606 return -EPROTO; in l2cap_conn_param_update_req()
4609 min = __le16_to_cpu(req->min); in l2cap_conn_param_update_req()
4610 max = __le16_to_cpu(req->max); in l2cap_conn_param_update_req()
4611 latency = __le16_to_cpu(req->latency); in l2cap_conn_param_update_req()
4612 to_multiplier = __le16_to_cpu(req->to_multiplier); in l2cap_conn_param_update_req()
4625 l2cap_send_cmd(conn, cmd->ident, L2CAP_CONN_PARAM_UPDATE_RSP, in l2cap_conn_param_update_req()
4633 mgmt_new_conn_param(hcon->hdev, &hcon->dst, hcon->dst_type, in l2cap_conn_param_update_req()
4647 struct hci_conn *hcon = conn->hcon; in l2cap_le_connect_rsp()
4653 return -EPROTO; in l2cap_le_connect_rsp()
4655 dcid = __le16_to_cpu(rsp->dcid); in l2cap_le_connect_rsp()
4656 mtu = __le16_to_cpu(rsp->mtu); in l2cap_le_connect_rsp()
4657 mps = __le16_to_cpu(rsp->mps); in l2cap_le_connect_rsp()
4658 credits = __le16_to_cpu(rsp->credits); in l2cap_le_connect_rsp()
4659 result = __le16_to_cpu(rsp->result); in l2cap_le_connect_rsp()
4664 return -EPROTO; in l2cap_le_connect_rsp()
4669 chan = __l2cap_get_chan_by_ident(conn, cmd->ident); in l2cap_le_connect_rsp()
4671 return -EBADSLT; in l2cap_le_connect_rsp()
4680 err = -EBADSLT; in l2cap_le_connect_rsp()
4684 chan->ident = 0; in l2cap_le_connect_rsp()
4685 chan->dcid = dcid; in l2cap_le_connect_rsp()
4686 chan->omtu = mtu; in l2cap_le_connect_rsp()
4687 chan->remote_mps = mps; in l2cap_le_connect_rsp()
4688 chan->tx_credits = credits; in l2cap_le_connect_rsp()
4697 if (hcon->sec_level > BT_SECURITY_MEDIUM) { in l2cap_le_connect_rsp()
4702 sec_level = hcon->sec_level + 1; in l2cap_le_connect_rsp()
4703 if (chan->sec_level < sec_level) in l2cap_le_connect_rsp()
4704 chan->sec_level = sec_level; in l2cap_le_connect_rsp()
4707 clear_bit(FLAG_LE_CONN_REQ_SENT, &chan->flags); in l2cap_le_connect_rsp()
4709 smp_conn_security(hcon, chan->sec_level); in l2cap_le_connect_rsp()
4728 switch (cmd->code) { in l2cap_bredr_sig_cmd()
4758 l2cap_send_cmd(conn, cmd->ident, L2CAP_ECHO_RSP, cmd_len, data); in l2cap_bredr_sig_cmd()
4773 BT_ERR("Unknown BR/EDR signaling command 0x%2.2x", cmd->code); in l2cap_bredr_sig_cmd()
4774 err = -EINVAL; in l2cap_bredr_sig_cmd()
4793 return -EPROTO; in l2cap_le_connect_req()
4795 scid = __le16_to_cpu(req->scid); in l2cap_le_connect_req()
4796 mtu = __le16_to_cpu(req->mtu); in l2cap_le_connect_req()
4797 mps = __le16_to_cpu(req->mps); in l2cap_le_connect_req()
4798 psm = req->psm; in l2cap_le_connect_req()
4803 return -EPROTO; in l2cap_le_connect_req()
4811 * Valid range: 0x0001-0x00ff in l2cap_le_connect_req()
4822 pchan = l2cap_global_chan_by_psm(BT_LISTEN, psm, &conn->hcon->src, in l2cap_le_connect_req()
4823 &conn->hcon->dst, LE_LINK); in l2cap_le_connect_req()
4832 if (!smp_sufficient_security(conn->hcon, pchan->sec_level, in l2cap_le_connect_req()
4853 chan = pchan->ops->new_connection(pchan); in l2cap_le_connect_req()
4859 bacpy(&chan->src, &conn->hcon->src); in l2cap_le_connect_req()
4860 bacpy(&chan->dst, &conn->hcon->dst); in l2cap_le_connect_req()
4861 chan->src_type = bdaddr_src_type(conn->hcon); in l2cap_le_connect_req()
4862 chan->dst_type = bdaddr_dst_type(conn->hcon); in l2cap_le_connect_req()
4863 chan->psm = psm; in l2cap_le_connect_req()
4864 chan->dcid = scid; in l2cap_le_connect_req()
4865 chan->omtu = mtu; in l2cap_le_connect_req()
4866 chan->remote_mps = mps; in l2cap_le_connect_req()
4870 l2cap_le_flowctl_init(chan, __le16_to_cpu(req->credits)); in l2cap_le_connect_req()
4872 dcid = chan->scid; in l2cap_le_connect_req()
4873 credits = chan->rx_credits; in l2cap_le_connect_req()
4875 __set_chan_timer(chan, chan->ops->get_sndtimeo(chan)); in l2cap_le_connect_req()
4877 chan->ident = cmd->ident; in l2cap_le_connect_req()
4879 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) { in l2cap_le_connect_req()
4887 chan->ops->defer(chan); in l2cap_le_connect_req()
4902 rsp.mtu = cpu_to_le16(chan->imtu); in l2cap_le_connect_req()
4903 rsp.mps = cpu_to_le16(chan->mps); in l2cap_le_connect_req()
4913 l2cap_send_cmd(conn, cmd->ident, L2CAP_LE_CONN_RSP, sizeof(rsp), &rsp); in l2cap_le_connect_req()
4927 return -EPROTO; in l2cap_le_credits()
4930 cid = __le16_to_cpu(pkt->cid); in l2cap_le_credits()
4931 credits = __le16_to_cpu(pkt->credits); in l2cap_le_credits()
4937 return -EBADSLT; in l2cap_le_credits()
4939 max_credits = LE_FLOWCTL_MAX_CREDITS - chan->tx_credits; in l2cap_le_credits()
4950 chan->tx_credits += credits; in l2cap_le_credits()
4955 if (chan->tx_credits) in l2cap_le_credits()
4956 chan->ops->resume(chan); in l2cap_le_credits()
4982 return -EINVAL; in l2cap_ecred_conn_req()
4984 if (cmd_len < sizeof(*req) || (cmd_len - sizeof(*req)) % sizeof(u16)) { in l2cap_ecred_conn_req()
4989 cmd_len -= sizeof(*req); in l2cap_ecred_conn_req()
4997 mtu = __le16_to_cpu(req->mtu); in l2cap_ecred_conn_req()
4998 mps = __le16_to_cpu(req->mps); in l2cap_ecred_conn_req()
5005 psm = req->psm; in l2cap_ecred_conn_req()
5010 * Valid range: 0x0001-0x00ff in l2cap_ecred_conn_req()
5024 pchan = l2cap_global_chan_by_psm(BT_LISTEN, psm, &conn->hcon->src, in l2cap_ecred_conn_req()
5025 &conn->hcon->dst, LE_LINK); in l2cap_ecred_conn_req()
5033 if (!smp_sufficient_security(conn->hcon, pchan->sec_level, in l2cap_ecred_conn_req()
5042 u16 scid = __le16_to_cpu(req->scid[i]); in l2cap_ecred_conn_req()
5061 chan = pchan->ops->new_connection(pchan); in l2cap_ecred_conn_req()
5067 bacpy(&chan->src, &conn->hcon->src); in l2cap_ecred_conn_req()
5068 bacpy(&chan->dst, &conn->hcon->dst); in l2cap_ecred_conn_req()
5069 chan->src_type = bdaddr_src_type(conn->hcon); in l2cap_ecred_conn_req()
5070 chan->dst_type = bdaddr_dst_type(conn->hcon); in l2cap_ecred_conn_req()
5071 chan->psm = psm; in l2cap_ecred_conn_req()
5072 chan->dcid = scid; in l2cap_ecred_conn_req()
5073 chan->omtu = mtu; in l2cap_ecred_conn_req()
5074 chan->remote_mps = mps; in l2cap_ecred_conn_req()
5078 l2cap_ecred_init(chan, __le16_to_cpu(req->credits)); in l2cap_ecred_conn_req()
5082 pdu.rsp.mtu = cpu_to_le16(chan->imtu); in l2cap_ecred_conn_req()
5083 pdu.rsp.mps = cpu_to_le16(chan->mps); in l2cap_ecred_conn_req()
5084 pdu.rsp.credits = cpu_to_le16(chan->rx_credits); in l2cap_ecred_conn_req()
5087 pdu.dcid[i] = cpu_to_le16(chan->scid); in l2cap_ecred_conn_req()
5089 __set_chan_timer(chan, chan->ops->get_sndtimeo(chan)); in l2cap_ecred_conn_req()
5091 chan->ident = cmd->ident; in l2cap_ecred_conn_req()
5092 chan->mode = L2CAP_MODE_EXT_FLOWCTL; in l2cap_ecred_conn_req()
5094 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) { in l2cap_ecred_conn_req()
5097 chan->ops->defer(chan); in l2cap_ecred_conn_req()
5113 l2cap_send_cmd(conn, cmd->ident, L2CAP_ECRED_CONN_RSP, in l2cap_ecred_conn_req()
5124 struct hci_conn *hcon = conn->hcon; in l2cap_ecred_conn_rsp()
5131 return -EPROTO; in l2cap_ecred_conn_rsp()
5133 mtu = __le16_to_cpu(rsp->mtu); in l2cap_ecred_conn_rsp()
5134 mps = __le16_to_cpu(rsp->mps); in l2cap_ecred_conn_rsp()
5135 credits = __le16_to_cpu(rsp->credits); in l2cap_ecred_conn_rsp()
5136 result = __le16_to_cpu(rsp->result); in l2cap_ecred_conn_rsp()
5141 cmd_len -= sizeof(*rsp); in l2cap_ecred_conn_rsp()
5143 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) { in l2cap_ecred_conn_rsp()
5146 if (chan->ident != cmd->ident || in l2cap_ecred_conn_rsp()
5147 chan->mode != L2CAP_MODE_EXT_FLOWCTL || in l2cap_ecred_conn_rsp()
5148 chan->state == BT_CONNECTED) in l2cap_ecred_conn_rsp()
5160 dcid = __le16_to_cpu(rsp->dcid[i++]); in l2cap_ecred_conn_rsp()
5161 cmd_len -= sizeof(u16); in l2cap_ecred_conn_rsp()
5169 * already-assigned Destination CID, then both the in l2cap_ecred_conn_rsp()
5188 if (hcon->sec_level > BT_SECURITY_MEDIUM) { in l2cap_ecred_conn_rsp()
5193 sec_level = hcon->sec_level + 1; in l2cap_ecred_conn_rsp()
5194 if (chan->sec_level < sec_level) in l2cap_ecred_conn_rsp()
5195 chan->sec_level = sec_level; in l2cap_ecred_conn_rsp()
5198 clear_bit(FLAG_ECRED_CONN_REQ_SENT, &chan->flags); in l2cap_ecred_conn_rsp()
5200 smp_conn_security(hcon, chan->sec_level); in l2cap_ecred_conn_rsp()
5214 chan->ident = 0; in l2cap_ecred_conn_rsp()
5215 chan->dcid = dcid; in l2cap_ecred_conn_rsp()
5216 chan->omtu = mtu; in l2cap_ecred_conn_rsp()
5217 chan->remote_mps = mps; in l2cap_ecred_conn_rsp()
5218 chan->tx_credits = credits; in l2cap_ecred_conn_rsp()
5240 return -EINVAL; in l2cap_ecred_reconf_req()
5242 if (cmd_len < sizeof(*req) || cmd_len - sizeof(*req) % sizeof(u16)) { in l2cap_ecred_reconf_req()
5247 mtu = __le16_to_cpu(req->mtu); in l2cap_ecred_reconf_req()
5248 mps = __le16_to_cpu(req->mps); in l2cap_ecred_reconf_req()
5262 cmd_len -= sizeof(*req); in l2cap_ecred_reconf_req()
5269 scid = __le16_to_cpu(req->scid[i]); in l2cap_ecred_reconf_req()
5271 return -EPROTO; in l2cap_ecred_reconf_req()
5281 if (chan->omtu > mtu) { in l2cap_ecred_reconf_req()
5282 BT_ERR("chan %p decreased MTU %u -> %u", chan, in l2cap_ecred_reconf_req()
5283 chan->omtu, mtu); in l2cap_ecred_reconf_req()
5287 chan->omtu = mtu; in l2cap_ecred_reconf_req()
5288 chan->remote_mps = mps; in l2cap_ecred_reconf_req()
5294 l2cap_send_cmd(conn, cmd->ident, L2CAP_ECRED_RECONF_RSP, sizeof(rsp), in l2cap_ecred_reconf_req()
5309 return -EPROTO; in l2cap_ecred_reconf_rsp()
5311 result = __le16_to_cpu(rsp->result); in l2cap_ecred_reconf_rsp()
5313 BT_DBG("result 0x%4.4x", rsp->result); in l2cap_ecred_reconf_rsp()
5318 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) { in l2cap_ecred_reconf_rsp()
5319 if (chan->ident != cmd->ident) in l2cap_ecred_reconf_rsp()
5336 return -EPROTO; in l2cap_le_command_rej()
5338 chan = __l2cap_get_chan_by_ident(conn, cmd->ident); in l2cap_le_command_rej()
5361 switch (cmd->code) { in l2cap_le_sig_cmd()
5410 BT_ERR("Unknown LE signaling command 0x%2.2x", cmd->code); in l2cap_le_sig_cmd()
5411 err = -EINVAL; in l2cap_le_sig_cmd()
5421 struct hci_conn *hcon = conn->hcon; in l2cap_le_sig_channel()
5426 if (hcon->type != LE_LINK) in l2cap_le_sig_channel()
5429 if (skb->len < L2CAP_CMD_HDR_SIZE) in l2cap_le_sig_channel()
5432 cmd = (void *) skb->data; in l2cap_le_sig_channel()
5435 len = le16_to_cpu(cmd->len); in l2cap_le_sig_channel()
5437 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd->code, len, cmd->ident); in l2cap_le_sig_channel()
5439 if (len != skb->len || !cmd->ident) { in l2cap_le_sig_channel()
5444 err = l2cap_le_sig_cmd(conn, cmd, len, skb->data); in l2cap_le_sig_channel()
5451 l2cap_send_cmd(conn, cmd->ident, L2CAP_COMMAND_REJ, in l2cap_le_sig_channel()
5470 struct hci_conn *hcon = conn->hcon; in l2cap_sig_channel()
5476 if (hcon->type != ACL_LINK) in l2cap_sig_channel()
5479 while (skb->len >= L2CAP_CMD_HDR_SIZE) { in l2cap_sig_channel()
5482 cmd = (void *) skb->data; in l2cap_sig_channel()
5485 len = le16_to_cpu(cmd->len); in l2cap_sig_channel()
5487 BT_DBG("code 0x%2.2x len %d id 0x%2.2x", cmd->code, len, in l2cap_sig_channel()
5488 cmd->ident); in l2cap_sig_channel()
5490 if (len > skb->len || !cmd->ident) { in l2cap_sig_channel()
5492 l2cap_sig_send_rej(conn, cmd->ident); in l2cap_sig_channel()
5493 skb_pull(skb, len > skb->len ? skb->len : len); in l2cap_sig_channel()
5497 err = l2cap_bredr_sig_cmd(conn, cmd, len, skb->data); in l2cap_sig_channel()
5500 l2cap_sig_send_rej(conn, cmd->ident); in l2cap_sig_channel()
5506 if (skb->len > 0) { in l2cap_sig_channel()
5520 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) in l2cap_check_fcs()
5525 if (chan->fcs == L2CAP_FCS_CRC16) { in l2cap_check_fcs()
5526 skb_trim(skb, skb->len - L2CAP_FCS_SIZE); in l2cap_check_fcs()
5527 rcv_fcs = get_unaligned_le16(skb->data + skb->len); in l2cap_check_fcs()
5528 our_fcs = crc16(0, skb->data - hdr_size, skb->len + hdr_size); in l2cap_check_fcs()
5531 return -EBADMSG; in l2cap_check_fcs()
5545 control.reqseq = chan->buffer_seq; in l2cap_send_i_or_rr_or_rnr()
5546 set_bit(CONN_SEND_FBIT, &chan->conn_state); in l2cap_send_i_or_rr_or_rnr()
5548 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) { in l2cap_send_i_or_rr_or_rnr()
5553 if (test_and_clear_bit(CONN_REMOTE_BUSY, &chan->conn_state) && in l2cap_send_i_or_rr_or_rnr()
5554 chan->unacked_frames > 0) in l2cap_send_i_or_rr_or_rnr()
5560 if (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state) && in l2cap_send_i_or_rr_or_rnr()
5561 test_bit(CONN_SEND_FBIT, &chan->conn_state)) { in l2cap_send_i_or_rr_or_rnr()
5562 /* F-bit wasn't sent in an s-frame or i-frame yet, so in l2cap_send_i_or_rr_or_rnr()
5573 /* skb->len reflects data in skb as well as all fragments in append_skb_frag()
5574 * skb->data_len reflects only data in fragments in append_skb_frag()
5577 skb_shinfo(skb)->frag_list = new_frag; in append_skb_frag()
5579 new_frag->next = NULL; in append_skb_frag()
5581 (*last_frag)->next = new_frag; in append_skb_frag()
5584 skb->len += new_frag->len; in append_skb_frag()
5585 skb->data_len += new_frag->len; in append_skb_frag()
5586 skb->truesize += new_frag->truesize; in append_skb_frag()
5592 int err = -EINVAL; in l2cap_reassemble_sdu()
5594 switch (control->sar) { in l2cap_reassemble_sdu()
5596 if (chan->sdu) in l2cap_reassemble_sdu()
5599 err = chan->ops->recv(chan, skb); in l2cap_reassemble_sdu()
5603 if (chan->sdu) in l2cap_reassemble_sdu()
5609 chan->sdu_len = get_unaligned_le16(skb->data); in l2cap_reassemble_sdu()
5612 if (chan->sdu_len > chan->imtu) { in l2cap_reassemble_sdu()
5613 err = -EMSGSIZE; in l2cap_reassemble_sdu()
5617 if (skb->len >= chan->sdu_len) in l2cap_reassemble_sdu()
5620 chan->sdu = skb; in l2cap_reassemble_sdu()
5621 chan->sdu_last_frag = skb; in l2cap_reassemble_sdu()
5628 if (!chan->sdu) in l2cap_reassemble_sdu()
5631 append_skb_frag(chan->sdu, skb, in l2cap_reassemble_sdu()
5632 &chan->sdu_last_frag); in l2cap_reassemble_sdu()
5635 if (chan->sdu->len >= chan->sdu_len) in l2cap_reassemble_sdu()
5642 if (!chan->sdu) in l2cap_reassemble_sdu()
5645 append_skb_frag(chan->sdu, skb, in l2cap_reassemble_sdu()
5646 &chan->sdu_last_frag); in l2cap_reassemble_sdu()
5649 if (chan->sdu->len != chan->sdu_len) in l2cap_reassemble_sdu()
5652 err = chan->ops->recv(chan, chan->sdu); in l2cap_reassemble_sdu()
5656 chan->sdu = NULL; in l2cap_reassemble_sdu()
5657 chan->sdu_last_frag = NULL; in l2cap_reassemble_sdu()
5658 chan->sdu_len = 0; in l2cap_reassemble_sdu()
5665 kfree_skb(chan->sdu); in l2cap_reassemble_sdu()
5666 chan->sdu = NULL; in l2cap_reassemble_sdu()
5667 chan->sdu_last_frag = NULL; in l2cap_reassemble_sdu()
5668 chan->sdu_len = 0; in l2cap_reassemble_sdu()
5684 if (chan->mode != L2CAP_MODE_ERTM) in l2cap_chan_busy()
5700 while (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) { in l2cap_rx_queued_iframes()
5703 chan->buffer_seq, skb_queue_len(&chan->srej_q)); in l2cap_rx_queued_iframes()
5705 skb = l2cap_ertm_seq_in_queue(&chan->srej_q, chan->buffer_seq); in l2cap_rx_queued_iframes()
5710 skb_unlink(skb, &chan->srej_q); in l2cap_rx_queued_iframes()
5711 chan->buffer_seq = __next_seq(chan, chan->buffer_seq); in l2cap_rx_queued_iframes()
5712 err = l2cap_reassemble_sdu(chan, skb, &bt_cb(skb)->l2cap); in l2cap_rx_queued_iframes()
5717 if (skb_queue_empty(&chan->srej_q)) { in l2cap_rx_queued_iframes()
5718 chan->rx_state = L2CAP_RX_STATE_RECV; in l2cap_rx_queued_iframes()
5732 if (control->reqseq == chan->next_tx_seq) { in l2cap_handle_srej()
5733 BT_DBG("Invalid reqseq %d, disconnecting", control->reqseq); in l2cap_handle_srej()
5738 skb = l2cap_ertm_seq_in_queue(&chan->tx_q, control->reqseq); in l2cap_handle_srej()
5742 control->reqseq); in l2cap_handle_srej()
5746 if (chan->max_tx != 0 && bt_cb(skb)->l2cap.retries >= chan->max_tx) { in l2cap_handle_srej()
5747 BT_DBG("Retry limit exceeded (%d)", chan->max_tx); in l2cap_handle_srej()
5752 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state); in l2cap_handle_srej()
5754 if (control->poll) { in l2cap_handle_srej()
5757 set_bit(CONN_SEND_FBIT, &chan->conn_state); in l2cap_handle_srej()
5761 if (chan->tx_state == L2CAP_TX_STATE_WAIT_F) { in l2cap_handle_srej()
5762 set_bit(CONN_SREJ_ACT, &chan->conn_state); in l2cap_handle_srej()
5763 chan->srej_save_reqseq = control->reqseq; in l2cap_handle_srej()
5768 if (control->final) { in l2cap_handle_srej()
5769 if (chan->srej_save_reqseq != control->reqseq || in l2cap_handle_srej()
5771 &chan->conn_state)) in l2cap_handle_srej()
5775 if (chan->tx_state == L2CAP_TX_STATE_WAIT_F) { in l2cap_handle_srej()
5776 set_bit(CONN_SREJ_ACT, &chan->conn_state); in l2cap_handle_srej()
5777 chan->srej_save_reqseq = control->reqseq; in l2cap_handle_srej()
5790 if (control->reqseq == chan->next_tx_seq) { in l2cap_handle_rej()
5791 BT_DBG("Invalid reqseq %d, disconnecting", control->reqseq); in l2cap_handle_rej()
5796 skb = l2cap_ertm_seq_in_queue(&chan->tx_q, control->reqseq); in l2cap_handle_rej()
5798 if (chan->max_tx && skb && in l2cap_handle_rej()
5799 bt_cb(skb)->l2cap.retries >= chan->max_tx) { in l2cap_handle_rej()
5800 BT_DBG("Retry limit exceeded (%d)", chan->max_tx); in l2cap_handle_rej()
5805 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state); in l2cap_handle_rej()
5809 if (control->final) { in l2cap_handle_rej()
5810 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state)) in l2cap_handle_rej()
5815 if (chan->tx_state == L2CAP_TX_STATE_WAIT_F) in l2cap_handle_rej()
5816 set_bit(CONN_REJ_ACT, &chan->conn_state); in l2cap_handle_rej()
5824 BT_DBG("last_acked_seq %d, expected_tx_seq %d", chan->last_acked_seq, in l2cap_classify_txseq()
5825 chan->expected_tx_seq); in l2cap_classify_txseq()
5827 if (chan->rx_state == L2CAP_RX_STATE_SREJ_SENT) { in l2cap_classify_txseq()
5828 if (__seq_offset(chan, txseq, chan->last_acked_seq) >= in l2cap_classify_txseq()
5829 chan->tx_win) { in l2cap_classify_txseq()
5833 if (chan->tx_win <= ((chan->tx_win_max + 1) >> 1)) { in l2cap_classify_txseq()
5834 BT_DBG("Invalid/Ignore - after SREJ"); in l2cap_classify_txseq()
5837 BT_DBG("Invalid - in window after SREJ sent"); in l2cap_classify_txseq()
5842 if (chan->srej_list.head == txseq) { in l2cap_classify_txseq()
5847 if (l2cap_ertm_seq_in_queue(&chan->srej_q, txseq)) { in l2cap_classify_txseq()
5848 BT_DBG("Duplicate SREJ - txseq already stored"); in l2cap_classify_txseq()
5852 if (l2cap_seq_list_contains(&chan->srej_list, txseq)) { in l2cap_classify_txseq()
5853 BT_DBG("Unexpected SREJ - not requested"); in l2cap_classify_txseq()
5858 if (chan->expected_tx_seq == txseq) { in l2cap_classify_txseq()
5859 if (__seq_offset(chan, txseq, chan->last_acked_seq) >= in l2cap_classify_txseq()
5860 chan->tx_win) { in l2cap_classify_txseq()
5861 BT_DBG("Invalid - txseq outside tx window"); in l2cap_classify_txseq()
5869 if (__seq_offset(chan, txseq, chan->last_acked_seq) < in l2cap_classify_txseq()
5870 __seq_offset(chan, chan->expected_tx_seq, chan->last_acked_seq)) { in l2cap_classify_txseq()
5871 BT_DBG("Duplicate - expected_tx_seq later than txseq"); in l2cap_classify_txseq()
5875 if (__seq_offset(chan, txseq, chan->last_acked_seq) >= chan->tx_win) { in l2cap_classify_txseq()
5893 if (chan->tx_win <= ((chan->tx_win_max + 1) >> 1)) { in l2cap_classify_txseq()
5894 BT_DBG("Invalid/Ignore - txseq outside tx window"); in l2cap_classify_txseq()
5897 BT_DBG("Invalid - txseq outside tx window"); in l2cap_classify_txseq()
5901 BT_DBG("Unexpected - txseq indicates missing frames"); in l2cap_classify_txseq()
5919 switch (l2cap_classify_txseq(chan, control->txseq)) { in l2cap_rx_state_recv()
5923 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) { in l2cap_rx_state_recv()
5925 control->txseq); in l2cap_rx_state_recv()
5929 chan->expected_tx_seq = __next_seq(chan, in l2cap_rx_state_recv()
5930 control->txseq); in l2cap_rx_state_recv()
5932 chan->buffer_seq = chan->expected_tx_seq; in l2cap_rx_state_recv()
5942 * chan->ops->recv == l2cap_sock_recv_cb in l2cap_rx_state_recv()
5958 &chan->conn_state)) { in l2cap_rx_state_recv()
5965 if (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) in l2cap_rx_state_recv()
5975 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) { in l2cap_rx_state_recv()
5977 control->txseq); in l2cap_rx_state_recv()
5985 skb_queue_tail(&chan->srej_q, skb); in l2cap_rx_state_recv()
5988 skb_queue_len(&chan->srej_q)); in l2cap_rx_state_recv()
5990 clear_bit(CONN_SREJ_ACT, &chan->conn_state); in l2cap_rx_state_recv()
5991 l2cap_seq_list_clear(&chan->srej_list); in l2cap_rx_state_recv()
5992 l2cap_send_srej(chan, control->txseq); in l2cap_rx_state_recv()
5994 chan->rx_state = L2CAP_RX_STATE_SREJ_SENT; in l2cap_rx_state_recv()
6009 if (control->final) { in l2cap_rx_state_recv()
6010 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state); in l2cap_rx_state_recv()
6013 &chan->conn_state)) { in l2cap_rx_state_recv()
6014 control->final = 0; in l2cap_rx_state_recv()
6019 } else if (control->poll) { in l2cap_rx_state_recv()
6023 &chan->conn_state) && in l2cap_rx_state_recv()
6024 chan->unacked_frames) in l2cap_rx_state_recv()
6031 set_bit(CONN_REMOTE_BUSY, &chan->conn_state); in l2cap_rx_state_recv()
6033 if (control && control->poll) { in l2cap_rx_state_recv()
6034 set_bit(CONN_SEND_FBIT, &chan->conn_state); in l2cap_rx_state_recv()
6038 l2cap_seq_list_clear(&chan->retrans_list); in l2cap_rx_state_recv()
6063 u16 txseq = control->txseq; in l2cap_rx_state_srej_sent()
6075 skb_queue_tail(&chan->srej_q, skb); in l2cap_rx_state_srej_sent()
6078 skb_queue_len(&chan->srej_q)); in l2cap_rx_state_srej_sent()
6080 chan->expected_tx_seq = __next_seq(chan, txseq); in l2cap_rx_state_srej_sent()
6083 l2cap_seq_list_pop(&chan->srej_list); in l2cap_rx_state_srej_sent()
6086 skb_queue_tail(&chan->srej_q, skb); in l2cap_rx_state_srej_sent()
6089 skb_queue_len(&chan->srej_q)); in l2cap_rx_state_srej_sent()
6101 skb_queue_tail(&chan->srej_q, skb); in l2cap_rx_state_srej_sent()
6104 skb_queue_len(&chan->srej_q)); in l2cap_rx_state_srej_sent()
6107 l2cap_send_srej(chan, control->txseq); in l2cap_rx_state_srej_sent()
6115 skb_queue_tail(&chan->srej_q, skb); in l2cap_rx_state_srej_sent()
6118 skb_queue_len(&chan->srej_q)); in l2cap_rx_state_srej_sent()
6121 l2cap_send_srej_list(chan, control->txseq); in l2cap_rx_state_srej_sent()
6142 if (control->final) { in l2cap_rx_state_srej_sent()
6143 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state); in l2cap_rx_state_srej_sent()
6146 &chan->conn_state)) { in l2cap_rx_state_srej_sent()
6147 control->final = 0; in l2cap_rx_state_srej_sent()
6152 } else if (control->poll) { in l2cap_rx_state_srej_sent()
6154 &chan->conn_state) && in l2cap_rx_state_srej_sent()
6155 chan->unacked_frames) { in l2cap_rx_state_srej_sent()
6159 set_bit(CONN_SEND_FBIT, &chan->conn_state); in l2cap_rx_state_srej_sent()
6163 &chan->conn_state) && in l2cap_rx_state_srej_sent()
6164 chan->unacked_frames) in l2cap_rx_state_srej_sent()
6171 set_bit(CONN_REMOTE_BUSY, &chan->conn_state); in l2cap_rx_state_srej_sent()
6173 if (control->poll) { in l2cap_rx_state_srej_sent()
6180 rr_control.reqseq = chan->buffer_seq; in l2cap_rx_state_srej_sent()
6205 chan->rx_state = L2CAP_RX_STATE_RECV; in l2cap_finish_move()
6206 chan->conn->mtu = chan->conn->hcon->mtu; in l2cap_finish_move()
6220 if (!control->poll) in l2cap_rx_state_wait_p()
6221 return -EPROTO; in l2cap_rx_state_wait_p()
6223 l2cap_process_reqseq(chan, control->reqseq); in l2cap_rx_state_wait_p()
6225 if (!skb_queue_empty(&chan->tx_q)) in l2cap_rx_state_wait_p()
6226 chan->tx_send_head = skb_peek(&chan->tx_q); in l2cap_rx_state_wait_p()
6228 chan->tx_send_head = NULL; in l2cap_rx_state_wait_p()
6233 chan->next_tx_seq = control->reqseq; in l2cap_rx_state_wait_p()
6234 chan->unacked_frames = 0; in l2cap_rx_state_wait_p()
6240 set_bit(CONN_SEND_FBIT, &chan->conn_state); in l2cap_rx_state_wait_p()
6244 return -EPROTO; in l2cap_rx_state_wait_p()
6255 if (!control->final) in l2cap_rx_state_wait_f()
6256 return -EPROTO; in l2cap_rx_state_wait_f()
6258 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state); in l2cap_rx_state_wait_f()
6260 chan->rx_state = L2CAP_RX_STATE_RECV; in l2cap_rx_state_wait_f()
6261 l2cap_process_reqseq(chan, control->reqseq); in l2cap_rx_state_wait_f()
6263 if (!skb_queue_empty(&chan->tx_q)) in l2cap_rx_state_wait_f()
6264 chan->tx_send_head = skb_peek(&chan->tx_q); in l2cap_rx_state_wait_f()
6266 chan->tx_send_head = NULL; in l2cap_rx_state_wait_f()
6271 chan->next_tx_seq = control->reqseq; in l2cap_rx_state_wait_f()
6272 chan->unacked_frames = 0; in l2cap_rx_state_wait_f()
6273 chan->conn->mtu = chan->conn->hcon->mtu; in l2cap_rx_state_wait_f()
6288 unacked = __seq_offset(chan, chan->next_tx_seq, chan->expected_ack_seq); in __valid_reqseq()
6289 return __seq_offset(chan, chan->next_tx_seq, reqseq) <= unacked; in __valid_reqseq()
6298 control, skb, event, chan->rx_state); in l2cap_rx()
6300 if (__valid_reqseq(chan, control->reqseq)) { in l2cap_rx()
6301 switch (chan->rx_state) { in l2cap_rx()
6321 control->reqseq, chan->next_tx_seq, in l2cap_rx()
6322 chan->expected_ack_seq); in l2cap_rx()
6338 * chan->ops->recv == l2cap_sock_recv_cb in l2cap_stream_rx()
6347 u16 txseq = control->txseq; in l2cap_stream_rx()
6350 chan->rx_state); in l2cap_stream_rx()
6355 BT_DBG("buffer_seq %u->%u", chan->buffer_seq, in l2cap_stream_rx()
6356 __next_seq(chan, chan->buffer_seq)); in l2cap_stream_rx()
6358 chan->buffer_seq = __next_seq(chan, chan->buffer_seq); in l2cap_stream_rx()
6362 if (chan->sdu) { in l2cap_stream_rx()
6363 kfree_skb(chan->sdu); in l2cap_stream_rx()
6364 chan->sdu = NULL; in l2cap_stream_rx()
6366 chan->sdu_last_frag = NULL; in l2cap_stream_rx()
6367 chan->sdu_len = 0; in l2cap_stream_rx()
6375 chan->last_acked_seq = txseq; in l2cap_stream_rx()
6376 chan->expected_tx_seq = __next_seq(chan, txseq); in l2cap_stream_rx()
6383 struct l2cap_ctrl *control = &bt_cb(skb)->l2cap; in l2cap_data_rcv()
6389 len = skb->len; in l2cap_data_rcv()
6392 * We can just drop the corrupted I-frame here. in l2cap_data_rcv()
6399 if (!control->sframe && control->sar == L2CAP_SAR_START) in l2cap_data_rcv()
6400 len -= L2CAP_SDULEN_SIZE; in l2cap_data_rcv()
6402 if (chan->fcs == L2CAP_FCS_CRC16) in l2cap_data_rcv()
6403 len -= L2CAP_FCS_SIZE; in l2cap_data_rcv()
6405 if (len > chan->mps) { in l2cap_data_rcv()
6410 if (chan->ops->filter) { in l2cap_data_rcv()
6411 if (chan->ops->filter(chan, skb)) in l2cap_data_rcv()
6415 if (!control->sframe) { in l2cap_data_rcv()
6418 BT_DBG("iframe sar %d, reqseq %d, final %d, txseq %d", in l2cap_data_rcv()
6419 control->sar, control->reqseq, control->final, in l2cap_data_rcv()
6420 control->txseq); in l2cap_data_rcv()
6422 /* Validate F-bit - F=0 always valid, F=1 only in l2cap_data_rcv()
6425 if (control->final && chan->tx_state != L2CAP_TX_STATE_WAIT_F) in l2cap_data_rcv()
6428 if (chan->mode != L2CAP_MODE_STREAMING) { in l2cap_data_rcv()
6443 /* Only I-frames are expected in streaming mode */ in l2cap_data_rcv()
6444 if (chan->mode == L2CAP_MODE_STREAMING) in l2cap_data_rcv()
6448 control->reqseq, control->final, control->poll, in l2cap_data_rcv()
6449 control->super); in l2cap_data_rcv()
6458 if (control->final && (control->poll || in l2cap_data_rcv()
6459 chan->tx_state != L2CAP_TX_STATE_WAIT_F)) in l2cap_data_rcv()
6462 event = rx_func_to_event[control->super]; in l2cap_data_rcv()
6476 struct l2cap_conn *conn = chan->conn; in l2cap_chan_le_send_credits()
6480 if (chan->rx_credits >= return_credits) in l2cap_chan_le_send_credits()
6483 return_credits -= chan->rx_credits; in l2cap_chan_le_send_credits()
6487 chan->rx_credits += return_credits; in l2cap_chan_le_send_credits()
6489 pkt.cid = cpu_to_le16(chan->scid); in l2cap_chan_le_send_credits()
6492 chan->ident = l2cap_get_ident(conn); in l2cap_chan_le_send_credits()
6494 l2cap_send_cmd(conn, chan->ident, L2CAP_LE_CREDITS, sizeof(pkt), &pkt); in l2cap_chan_le_send_credits()
6499 if (chan->rx_avail == rx_avail) in l2cap_chan_rx_avail()
6504 chan->rx_avail = rx_avail; in l2cap_chan_rx_avail()
6506 if (chan->state == BT_CONNECTED) in l2cap_chan_rx_avail()
6514 BT_DBG("SDU reassemble complete: chan %p skb->len %u", chan, skb->len); in l2cap_ecred_recv()
6517 err = chan->ops->recv(chan, skb); in l2cap_ecred_recv()
6519 if (err < 0 && chan->rx_avail != -1) { in l2cap_ecred_recv()
6535 if (!chan->rx_credits) { in l2cap_ecred_data_rcv()
6538 return -ENOBUFS; in l2cap_ecred_data_rcv()
6541 if (chan->imtu < skb->len) { in l2cap_ecred_data_rcv()
6543 return -ENOBUFS; in l2cap_ecred_data_rcv()
6546 chan->rx_credits--; in l2cap_ecred_data_rcv()
6547 BT_DBG("chan %p: rx_credits %u -> %u", in l2cap_ecred_data_rcv()
6548 chan, chan->rx_credits + 1, chan->rx_credits); in l2cap_ecred_data_rcv()
6553 if (!chan->rx_credits) in l2cap_ecred_data_rcv()
6558 if (!chan->sdu) { in l2cap_ecred_data_rcv()
6561 sdu_len = get_unaligned_le16(skb->data); in l2cap_ecred_data_rcv()
6564 BT_DBG("Start of new SDU. sdu_len %u skb->len %u imtu %u", in l2cap_ecred_data_rcv()
6565 sdu_len, skb->len, chan->imtu); in l2cap_ecred_data_rcv()
6567 if (sdu_len > chan->imtu) { in l2cap_ecred_data_rcv()
6569 err = -EMSGSIZE; in l2cap_ecred_data_rcv()
6573 if (skb->len > sdu_len) { in l2cap_ecred_data_rcv()
6575 err = -EINVAL; in l2cap_ecred_data_rcv()
6579 if (skb->len == sdu_len) in l2cap_ecred_data_rcv()
6582 chan->sdu = skb; in l2cap_ecred_data_rcv()
6583 chan->sdu_len = sdu_len; in l2cap_ecred_data_rcv()
6584 chan->sdu_last_frag = skb; in l2cap_ecred_data_rcv()
6587 if (skb->len + L2CAP_SDULEN_SIZE < chan->mps) { in l2cap_ecred_data_rcv()
6588 u16 mps_len = skb->len + L2CAP_SDULEN_SIZE; in l2cap_ecred_data_rcv()
6591 BT_DBG("chan->mps %u -> %u", chan->mps, mps_len); in l2cap_ecred_data_rcv()
6592 chan->mps = mps_len; in l2cap_ecred_data_rcv()
6599 BT_DBG("SDU fragment. chan->sdu->len %u skb->len %u chan->sdu_len %u", in l2cap_ecred_data_rcv()
6600 chan->sdu->len, skb->len, chan->sdu_len); in l2cap_ecred_data_rcv()
6602 if (chan->sdu->len + skb->len > chan->sdu_len) { in l2cap_ecred_data_rcv()
6604 err = -EINVAL; in l2cap_ecred_data_rcv()
6608 append_skb_frag(chan->sdu, skb, &chan->sdu_last_frag); in l2cap_ecred_data_rcv()
6611 if (chan->sdu->len == chan->sdu_len) { in l2cap_ecred_data_rcv()
6612 err = l2cap_ecred_recv(chan, chan->sdu); in l2cap_ecred_data_rcv()
6614 chan->sdu = NULL; in l2cap_ecred_data_rcv()
6615 chan->sdu_last_frag = NULL; in l2cap_ecred_data_rcv()
6616 chan->sdu_len = 0; in l2cap_ecred_data_rcv()
6623 kfree_skb(chan->sdu); in l2cap_ecred_data_rcv()
6624 chan->sdu = NULL; in l2cap_ecred_data_rcv()
6625 chan->sdu_last_frag = NULL; in l2cap_ecred_data_rcv()
6626 chan->sdu_len = 0; in l2cap_ecred_data_rcv()
6631 * do a double-free of the skb. in l2cap_ecred_data_rcv()
6649 BT_DBG("chan %p, len %d", chan, skb->len); in l2cap_data_channel()
6655 if (chan->chan_type == L2CAP_CHAN_FIXED) in l2cap_data_channel()
6658 if (chan->state != BT_CONNECTED) in l2cap_data_channel()
6661 switch (chan->mode) { in l2cap_data_channel()
6675 if (chan->imtu < skb->len) { in l2cap_data_channel()
6680 if (!chan->ops->recv(chan, skb)) in l2cap_data_channel()
6690 BT_DBG("chan %p: bad mode 0x%2.2x", chan, chan->mode); in l2cap_data_channel()
6705 struct hci_conn *hcon = conn->hcon; in l2cap_conless_channel()
6708 if (hcon->type != ACL_LINK) in l2cap_conless_channel()
6711 chan = l2cap_global_chan_by_psm(0, psm, &hcon->src, &hcon->dst, in l2cap_conless_channel()
6716 BT_DBG("chan %p, len %d", chan, skb->len); in l2cap_conless_channel()
6720 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED) in l2cap_conless_channel()
6723 if (chan->imtu < skb->len) in l2cap_conless_channel()
6727 bacpy(&bt_cb(skb)->l2cap.bdaddr, &hcon->dst); in l2cap_conless_channel()
6728 bt_cb(skb)->l2cap.psm = psm; in l2cap_conless_channel()
6730 if (!chan->ops->recv(chan, skb)) { in l2cap_conless_channel()
6745 struct l2cap_hdr *lh = (void *) skb->data; in l2cap_recv_frame()
6746 struct hci_conn *hcon = conn->hcon; in l2cap_recv_frame()
6750 if (hcon->state != BT_CONNECTED) { in l2cap_recv_frame()
6752 skb_queue_tail(&conn->pending_rx, skb); in l2cap_recv_frame()
6757 cid = __le16_to_cpu(lh->cid); in l2cap_recv_frame()
6758 len = __le16_to_cpu(lh->len); in l2cap_recv_frame()
6760 if (len != skb->len) { in l2cap_recv_frame()
6768 if (hcon->type == LE_LINK && in l2cap_recv_frame()
6769 hci_bdaddr_list_lookup(&hcon->hdev->reject_list, &hcon->dst, in l2cap_recv_frame()
6783 psm = get_unaligned((__le16 *) skb->data); in l2cap_recv_frame()
6806 mutex_lock(&conn->lock); in process_pending_rx()
6808 while ((skb = skb_dequeue(&conn->pending_rx))) in process_pending_rx()
6811 mutex_unlock(&conn->lock); in process_pending_rx()
6816 struct l2cap_conn *conn = hcon->l2cap_data; in l2cap_conn_add()
6832 kref_init(&conn->ref); in l2cap_conn_add()
6833 hcon->l2cap_data = conn; in l2cap_conn_add()
6834 conn->hcon = hci_conn_get(hcon); in l2cap_conn_add()
6835 conn->hchan = hchan; in l2cap_conn_add()
6839 conn->mtu = hcon->mtu; in l2cap_conn_add()
6840 conn->feat_mask = 0; in l2cap_conn_add()
6842 conn->local_fixed_chan = L2CAP_FC_SIG_BREDR | L2CAP_FC_CONNLESS; in l2cap_conn_add()
6844 if (hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED) && in l2cap_conn_add()
6845 (bredr_sc_enabled(hcon->hdev) || in l2cap_conn_add()
6846 hci_dev_test_flag(hcon->hdev, HCI_FORCE_BREDR_SMP))) in l2cap_conn_add()
6847 conn->local_fixed_chan |= L2CAP_FC_SMP_BREDR; in l2cap_conn_add()
6849 mutex_init(&conn->ident_lock); in l2cap_conn_add()
6850 mutex_init(&conn->lock); in l2cap_conn_add()
6852 INIT_LIST_HEAD(&conn->chan_l); in l2cap_conn_add()
6853 INIT_LIST_HEAD(&conn->users); in l2cap_conn_add()
6855 INIT_DELAYED_WORK(&conn->info_timer, l2cap_info_timeout); in l2cap_conn_add()
6857 skb_queue_head_init(&conn->pending_rx); in l2cap_conn_add()
6858 INIT_WORK(&conn->pending_rx_work, process_pending_rx); in l2cap_conn_add()
6859 INIT_DELAYED_WORK(&conn->id_addr_timer, l2cap_conn_update_id_addr); in l2cap_conn_add()
6861 conn->disc_reason = HCI_ERROR_REMOTE_USER_TERM; in l2cap_conn_add()
6889 if (chan == d->chan) in l2cap_chan_by_pid()
6892 if (!test_bit(FLAG_DEFER_SETUP, &chan->flags)) in l2cap_chan_by_pid()
6895 pid = chan->ops->get_peer_pid(chan); in l2cap_chan_by_pid()
6898 if (d->pid != pid || chan->psm != d->chan->psm || chan->ident || in l2cap_chan_by_pid()
6899 chan->mode != L2CAP_MODE_EXT_FLOWCTL || chan->state != BT_CONNECT) in l2cap_chan_by_pid()
6902 d->count++; in l2cap_chan_by_pid()
6913 BT_DBG("%pMR -> %pMR (type %u) psm 0x%4.4x mode 0x%2.2x", &chan->src, in l2cap_chan_connect()
6914 dst, dst_type, __le16_to_cpu(psm), chan->mode); in l2cap_chan_connect()
6916 hdev = hci_get_route(dst, &chan->src, chan->src_type); in l2cap_chan_connect()
6918 return -EHOSTUNREACH; in l2cap_chan_connect()
6923 chan->chan_type != L2CAP_CHAN_RAW) { in l2cap_chan_connect()
6924 err = -EINVAL; in l2cap_chan_connect()
6928 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && !psm) { in l2cap_chan_connect()
6929 err = -EINVAL; in l2cap_chan_connect()
6933 if (chan->chan_type == L2CAP_CHAN_FIXED && !cid) { in l2cap_chan_connect()
6934 err = -EINVAL; in l2cap_chan_connect()
6938 switch (chan->mode) { in l2cap_chan_connect()
6945 err = -EOPNOTSUPP; in l2cap_chan_connect()
6955 err = -EOPNOTSUPP; in l2cap_chan_connect()
6959 switch (chan->state) { in l2cap_chan_connect()
6969 err = -EISCONN; in l2cap_chan_connect()
6978 err = -EBADFD; in l2cap_chan_connect()
6983 bacpy(&chan->dst, dst); in l2cap_chan_connect()
6984 chan->dst_type = dst_type; in l2cap_chan_connect()
6986 chan->psm = psm; in l2cap_chan_connect()
6987 chan->dcid = cid; in l2cap_chan_connect()
6999 chan->sec_level, in l2cap_chan_connect()
7004 chan->sec_level, in l2cap_chan_connect()
7010 hcon = hci_connect_acl(hdev, dst, chan->sec_level, auth_type, in l2cap_chan_connect()
7022 err = -ENOMEM; in l2cap_chan_connect()
7026 if (chan->mode == L2CAP_MODE_EXT_FLOWCTL) { in l2cap_chan_connect()
7030 data.pid = chan->ops->get_peer_pid(chan); in l2cap_chan_connect()
7038 err = -EPROTO; in l2cap_chan_connect()
7043 mutex_lock(&conn->lock); in l2cap_chan_connect()
7048 err = -EBUSY; in l2cap_chan_connect()
7053 bacpy(&chan->src, &hcon->src); in l2cap_chan_connect()
7054 chan->src_type = bdaddr_src_type(hcon); in l2cap_chan_connect()
7062 __set_chan_timer(chan, chan->ops->get_sndtimeo(chan)); in l2cap_chan_connect()
7064 /* Release chan->sport so that it can be reused by other in l2cap_chan_connect()
7068 chan->sport = 0; in l2cap_chan_connect()
7071 if (hcon->state == BT_CONNECTED) { in l2cap_chan_connect()
7072 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) { in l2cap_chan_connect()
7084 mutex_unlock(&conn->lock); in l2cap_chan_connect()
7094 struct l2cap_conn *conn = chan->conn; in l2cap_ecred_reconfigure()
7100 pdu.req.mtu = cpu_to_le16(chan->imtu); in l2cap_ecred_reconfigure()
7101 pdu.req.mps = cpu_to_le16(chan->mps); in l2cap_ecred_reconfigure()
7102 pdu.scid = cpu_to_le16(chan->scid); in l2cap_ecred_reconfigure()
7104 chan->ident = l2cap_get_ident(conn); in l2cap_ecred_reconfigure()
7106 l2cap_send_cmd(conn, chan->ident, L2CAP_ECRED_RECONF_REQ, in l2cap_ecred_reconfigure()
7112 if (chan->imtu > mtu) in l2cap_chan_reconfigure()
7113 return -EINVAL; in l2cap_chan_reconfigure()
7117 chan->imtu = mtu; in l2cap_chan_reconfigure()
7124 /* ---- L2CAP interface with lower layer (HCI) ---- */
7131 BT_DBG("hdev %s, bdaddr %pMR", hdev->name, bdaddr); in l2cap_connect_ind()
7136 if (c->state != BT_LISTEN) in l2cap_connect_ind()
7139 if (!bacmp(&c->src, &hdev->bdaddr)) { in l2cap_connect_ind()
7141 if (test_bit(FLAG_ROLE_SWITCH, &c->flags)) in l2cap_connect_ind()
7144 } else if (!bacmp(&c->src, BDADDR_ANY)) { in l2cap_connect_ind()
7146 if (test_bit(FLAG_ROLE_SWITCH, &c->flags)) in l2cap_connect_ind()
7172 if (c->chan_type != L2CAP_CHAN_FIXED) in l2cap_global_fixed_chan()
7174 if (c->state != BT_LISTEN) in l2cap_global_fixed_chan()
7176 if (bacmp(&c->src, &hcon->src) && bacmp(&c->src, BDADDR_ANY)) in l2cap_global_fixed_chan()
7178 if (src_type != c->src_type) in l2cap_global_fixed_chan()
7193 struct hci_dev *hdev = hcon->hdev; in l2cap_connect_cfm()
7198 if (hcon->type != ACL_LINK && hcon->type != LE_LINK) in l2cap_connect_cfm()
7201 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status); in l2cap_connect_cfm()
7215 if (hci_bdaddr_list_lookup(&hdev->reject_list, &hcon->dst, dst_type)) in l2cap_connect_cfm()
7228 if (__l2cap_get_chan_by_dcid(conn, pchan->scid)) in l2cap_connect_cfm()
7232 chan = pchan->ops->new_connection(pchan); in l2cap_connect_cfm()
7234 bacpy(&chan->src, &hcon->src); in l2cap_connect_cfm()
7235 bacpy(&chan->dst, &hcon->dst); in l2cap_connect_cfm()
7236 chan->src_type = bdaddr_src_type(hcon); in l2cap_connect_cfm()
7237 chan->dst_type = dst_type; in l2cap_connect_cfm()
7254 struct l2cap_conn *conn = hcon->l2cap_data; in l2cap_disconn_ind()
7260 return conn->disc_reason; in l2cap_disconn_ind()
7265 if (hcon->type != ACL_LINK && hcon->type != LE_LINK) in l2cap_disconn_cfm()
7275 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) in l2cap_check_encryption()
7279 if (chan->sec_level == BT_SECURITY_MEDIUM) { in l2cap_check_encryption()
7281 } else if (chan->sec_level == BT_SECURITY_HIGH || in l2cap_check_encryption()
7282 chan->sec_level == BT_SECURITY_FIPS) in l2cap_check_encryption()
7285 if (chan->sec_level == BT_SECURITY_MEDIUM) in l2cap_check_encryption()
7292 struct l2cap_conn *conn = hcon->l2cap_data; in l2cap_security_cfm()
7300 mutex_lock(&conn->lock); in l2cap_security_cfm()
7302 list_for_each_entry(chan, &conn->chan_l, list) { in l2cap_security_cfm()
7305 BT_DBG("chan %p scid 0x%4.4x state %s", chan, chan->scid, in l2cap_security_cfm()
7306 state_to_string(chan->state)); in l2cap_security_cfm()
7309 chan->sec_level = hcon->sec_level; in l2cap_security_cfm()
7316 if (!status && (chan->state == BT_CONNECTED || in l2cap_security_cfm()
7317 chan->state == BT_CONFIG)) { in l2cap_security_cfm()
7318 chan->ops->resume(chan); in l2cap_security_cfm()
7324 if (chan->state == BT_CONNECT) { in l2cap_security_cfm()
7329 } else if (chan->state == BT_CONNECT2 && in l2cap_security_cfm()
7330 !(chan->mode == L2CAP_MODE_EXT_FLOWCTL || in l2cap_security_cfm()
7331 chan->mode == L2CAP_MODE_LE_FLOWCTL)) { in l2cap_security_cfm()
7336 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) { in l2cap_security_cfm()
7339 chan->ops->defer(chan); in l2cap_security_cfm()
7352 rsp.scid = cpu_to_le16(chan->dcid); in l2cap_security_cfm()
7353 rsp.dcid = cpu_to_le16(chan->scid); in l2cap_security_cfm()
7356 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, in l2cap_security_cfm()
7359 if (!test_bit(CONF_REQ_SENT, &chan->conf_state) && in l2cap_security_cfm()
7362 set_bit(CONF_REQ_SENT, &chan->conf_state); in l2cap_security_cfm()
7367 chan->num_conf_req++; in l2cap_security_cfm()
7374 mutex_unlock(&conn->lock); in l2cap_security_cfm()
7381 if (!conn->rx_skb) { in l2cap_recv_frag()
7383 conn->rx_skb = bt_skb_alloc(len, GFP_KERNEL); in l2cap_recv_frag()
7384 if (!conn->rx_skb) in l2cap_recv_frag()
7385 return -ENOMEM; in l2cap_recv_frag()
7387 conn->rx_len = len; in l2cap_recv_frag()
7391 len = min_t(u16, len, skb->len); in l2cap_recv_frag()
7392 skb_copy_from_linear_data(skb, skb_put(conn->rx_skb, len), len); in l2cap_recv_frag()
7394 conn->rx_len -= len; in l2cap_recv_frag()
7405 len = l2cap_recv_frag(conn, skb, L2CAP_LEN_SIZE - conn->rx_skb->len); in l2cap_recv_len()
7408 if (len < 0 || conn->rx_skb->len < L2CAP_LEN_SIZE) in l2cap_recv_len()
7411 rx_skb = conn->rx_skb; in l2cap_recv_len()
7412 len = get_unaligned_le16(rx_skb->data); in l2cap_recv_len()
7415 if (len + (L2CAP_HDR_SIZE - L2CAP_LEN_SIZE) <= skb_tailroom(rx_skb)) { in l2cap_recv_len()
7417 conn->rx_len = len + (L2CAP_HDR_SIZE - L2CAP_LEN_SIZE); in l2cap_recv_len()
7421 /* Reset conn->rx_skb since it will need to be reallocated in order to in l2cap_recv_len()
7424 conn->rx_skb = NULL; in l2cap_recv_len()
7428 len + (L2CAP_HDR_SIZE - L2CAP_LEN_SIZE)); in l2cap_recv_len()
7436 kfree_skb(conn->rx_skb); in l2cap_recv_reset()
7437 conn->rx_skb = NULL; in l2cap_recv_reset()
7438 conn->rx_len = 0; in l2cap_recv_reset()
7446 BT_DBG("conn %p orig refcnt %u", c, kref_read(&c->ref)); in l2cap_conn_hold_unless_zero()
7448 if (!kref_get_unless_zero(&c->ref)) in l2cap_conn_hold_unless_zero()
7460 hci_dev_lock(hcon->hdev); in l2cap_recv_acldata()
7462 conn = hcon->l2cap_data; in l2cap_recv_acldata()
7469 hci_dev_unlock(hcon->hdev); in l2cap_recv_acldata()
7476 BT_DBG("conn %p len %u flags 0x%x", conn, skb->len, flags); in l2cap_recv_acldata()
7478 mutex_lock(&conn->lock); in l2cap_recv_acldata()
7484 if (conn->rx_skb) { in l2cap_recv_acldata()
7485 BT_ERR("Unexpected start frame (len %d)", skb->len); in l2cap_recv_acldata()
7491 * copy the initial byte when that happens and use conn->mtu as in l2cap_recv_acldata()
7494 if (skb->len < L2CAP_LEN_SIZE) { in l2cap_recv_acldata()
7495 l2cap_recv_frag(conn, skb, conn->mtu); in l2cap_recv_acldata()
7499 len = get_unaligned_le16(skb->data) + L2CAP_HDR_SIZE; in l2cap_recv_acldata()
7501 if (len == skb->len) { in l2cap_recv_acldata()
7507 BT_DBG("Start: total len %d, frag len %u", len, skb->len); in l2cap_recv_acldata()
7509 if (skb->len > len) { in l2cap_recv_acldata()
7511 skb->len, len); in l2cap_recv_acldata()
7523 BT_DBG("Cont: frag len %u (expecting %u)", skb->len, conn->rx_len); in l2cap_recv_acldata()
7525 if (!conn->rx_skb) { in l2cap_recv_acldata()
7526 BT_ERR("Unexpected continuation frame (len %d)", skb->len); in l2cap_recv_acldata()
7532 if (conn->rx_skb->len < L2CAP_LEN_SIZE) { in l2cap_recv_acldata()
7539 if (conn->rx_skb->len < L2CAP_LEN_SIZE) in l2cap_recv_acldata()
7543 if (skb->len > conn->rx_len) { in l2cap_recv_acldata()
7545 skb->len, conn->rx_len); in l2cap_recv_acldata()
7552 l2cap_recv_frag(conn, skb, skb->len); in l2cap_recv_acldata()
7554 if (!conn->rx_len) { in l2cap_recv_acldata()
7559 struct sk_buff *rx_skb = conn->rx_skb; in l2cap_recv_acldata()
7560 conn->rx_skb = NULL; in l2cap_recv_acldata()
7569 mutex_unlock(&conn->lock); in l2cap_recv_acldata()
7588 &c->src, c->src_type, &c->dst, c->dst_type, in l2cap_debugfs_show()
7589 c->state, __le16_to_cpu(c->psm), in l2cap_debugfs_show()
7590 c->scid, c->dcid, c->imtu, c->omtu, in l2cap_debugfs_show()
7591 c->sec_level, c->mode); in l2cap_debugfs_show()