2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (C) 2000-2001 Qualcomm Incorporated
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI connection handling. */
27 #include <linux/module.h>
29 #include <linux/types.h>
30 #include <linux/errno.h>
31 #include <linux/kernel.h>
32 #include <linux/slab.h>
33 #include <linux/poll.h>
34 #include <linux/fcntl.h>
35 #include <linux/init.h>
36 #include <linux/skbuff.h>
37 #include <linux/interrupt.h>
38 #include <linux/notifier.h>
41 #include <asm/system.h>
42 #include <asm/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
48 #ifndef CONFIG_BT_HCI_CORE_DEBUG
53 void hci_acl_connect(struct hci_conn *conn)
55 struct hci_dev *hdev = conn->hdev;
56 struct inquiry_entry *ie;
57 struct hci_cp_create_conn cp;
61 conn->state = BT_CONNECT;
64 conn->link_mode = HCI_LM_MASTER;
68 memset(&cp, 0, sizeof(cp));
69 bacpy(&cp.bdaddr, &conn->dst);
70 cp.pscan_rep_mode = 0x02;
72 if ((ie = hci_inquiry_cache_lookup(hdev, &conn->dst)) &&
73 inquiry_entry_age(ie) <= INQUIRY_ENTRY_AGE_MAX) {
74 cp.pscan_rep_mode = ie->data.pscan_rep_mode;
75 cp.pscan_mode = ie->data.pscan_mode;
76 cp.clock_offset = ie->data.clock_offset | cpu_to_le16(0x8000);
77 memcpy(conn->dev_class, ie->data.dev_class, 3);
80 cp.pkt_type = cpu_to_le16(conn->pkt_type);
81 if (lmp_rswitch_capable(hdev) && !(hdev->link_mode & HCI_LM_MASTER))
82 cp.role_switch = 0x01;
84 cp.role_switch = 0x00;
86 hci_send_cmd(hdev, HCI_OP_CREATE_CONN, sizeof(cp), &cp);
89 static void hci_acl_connect_cancel(struct hci_conn *conn)
91 struct hci_cp_create_conn_cancel cp;
95 if (conn->hdev->hci_ver < 2)
98 bacpy(&cp.bdaddr, &conn->dst);
99 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
102 void hci_acl_disconn(struct hci_conn *conn, __u8 reason)
104 struct hci_cp_disconnect cp;
108 conn->state = BT_DISCONN;
110 cp.handle = cpu_to_le16(conn->handle);
112 hci_send_cmd(conn->hdev, HCI_OP_DISCONNECT, sizeof(cp), &cp);
115 void hci_add_sco(struct hci_conn *conn, __u16 handle)
117 struct hci_dev *hdev = conn->hdev;
118 struct hci_cp_add_sco cp;
122 conn->state = BT_CONNECT;
125 cp.handle = cpu_to_le16(handle);
126 cp.pkt_type = cpu_to_le16(conn->pkt_type);
128 hci_send_cmd(hdev, HCI_OP_ADD_SCO, sizeof(cp), &cp);
131 void hci_setup_sync(struct hci_conn *conn, __u16 handle)
133 struct hci_dev *hdev = conn->hdev;
134 struct hci_cp_setup_sync_conn cp;
138 conn->state = BT_CONNECT;
141 cp.handle = cpu_to_le16(handle);
142 cp.pkt_type = cpu_to_le16(conn->pkt_type);
144 cp.tx_bandwidth = cpu_to_le32(0x00001f40);
145 cp.rx_bandwidth = cpu_to_le32(0x00001f40);
146 cp.max_latency = cpu_to_le16(0xffff);
147 cp.voice_setting = cpu_to_le16(hdev->voice_setting);
148 cp.retrans_effort = 0xff;
150 hci_send_cmd(hdev, HCI_OP_SETUP_SYNC_CONN, sizeof(cp), &cp);
153 static void hci_conn_timeout(unsigned long arg)
155 struct hci_conn *conn = (void *) arg;
156 struct hci_dev *hdev = conn->hdev;
158 BT_DBG("conn %p state %d", conn, conn->state);
160 if (atomic_read(&conn->refcnt))
165 switch (conn->state) {
167 if (conn->type == ACL_LINK)
168 hci_acl_connect_cancel(conn);
170 hci_acl_disconn(conn, 0x13);
173 hci_acl_disconn(conn, 0x13);
176 conn->state = BT_CLOSED;
180 hci_dev_unlock(hdev);
183 static void hci_conn_idle(unsigned long arg)
185 struct hci_conn *conn = (void *) arg;
187 BT_DBG("conn %p mode %d", conn, conn->mode);
189 hci_conn_enter_sniff_mode(conn);
192 struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
194 struct hci_conn *conn;
196 BT_DBG("%s dst %s", hdev->name, batostr(dst));
198 conn = kzalloc(sizeof(struct hci_conn), GFP_ATOMIC);
202 bacpy(&conn->dst, dst);
205 conn->mode = HCI_CM_ACTIVE;
206 conn->state = BT_OPEN;
208 conn->power_save = 1;
212 conn->pkt_type = hdev->pkt_type & ACL_PTYPE_MASK;
215 if (lmp_esco_capable(hdev))
216 conn->pkt_type = hdev->esco_type & SCO_ESCO_MASK;
218 conn->pkt_type = hdev->pkt_type & SCO_PTYPE_MASK;
221 conn->pkt_type = hdev->esco_type;
225 skb_queue_head_init(&conn->data_q);
227 setup_timer(&conn->disc_timer, hci_conn_timeout, (unsigned long)conn);
228 setup_timer(&conn->idle_timer, hci_conn_idle, (unsigned long)conn);
230 atomic_set(&conn->refcnt, 0);
234 tasklet_disable(&hdev->tx_task);
236 hci_conn_hash_add(hdev, conn);
238 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
240 hci_conn_add_sysfs(conn);
242 tasklet_enable(&hdev->tx_task);
247 int hci_conn_del(struct hci_conn *conn)
249 struct hci_dev *hdev = conn->hdev;
251 BT_DBG("%s conn %p handle %d", hdev->name, conn, conn->handle);
253 del_timer(&conn->idle_timer);
255 del_timer(&conn->disc_timer);
257 if (conn->type == ACL_LINK) {
258 struct hci_conn *sco = conn->link;
263 hdev->acl_cnt += conn->sent;
265 struct hci_conn *acl = conn->link;
272 tasklet_disable(&hdev->tx_task);
273 hci_conn_hash_del(hdev, conn);
275 hdev->notify(hdev, HCI_NOTIFY_CONN_DEL);
276 tasklet_enable(&hdev->tx_task);
277 skb_queue_purge(&conn->data_q);
278 hci_conn_del_sysfs(conn);
283 struct hci_dev *hci_get_route(bdaddr_t *dst, bdaddr_t *src)
285 int use_src = bacmp(src, BDADDR_ANY);
286 struct hci_dev *hdev = NULL;
289 BT_DBG("%s -> %s", batostr(src), batostr(dst));
291 read_lock_bh(&hci_dev_list_lock);
293 list_for_each(p, &hci_dev_list) {
294 struct hci_dev *d = list_entry(p, struct hci_dev, list);
296 if (!test_bit(HCI_UP, &d->flags) || test_bit(HCI_RAW, &d->flags))
300 * No source address - find interface with bdaddr != dst
301 * Source address - find interface with bdaddr == src
305 if (!bacmp(&d->bdaddr, src)) {
309 if (bacmp(&d->bdaddr, dst)) {
316 hdev = hci_dev_hold(hdev);
318 read_unlock_bh(&hci_dev_list_lock);
321 EXPORT_SYMBOL(hci_get_route);
323 /* Create SCO or ACL connection.
324 * Device _must_ be locked */
325 struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst)
327 struct hci_conn *acl;
328 struct hci_conn *sco;
330 BT_DBG("%s dst %s", hdev->name, batostr(dst));
332 if (!(acl = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst))) {
333 if (!(acl = hci_conn_add(hdev, ACL_LINK, dst)))
339 if (acl->state == BT_OPEN || acl->state == BT_CLOSED)
340 hci_acl_connect(acl);
342 if (type == ACL_LINK)
345 if (!(sco = hci_conn_hash_lookup_ba(hdev, type, dst))) {
346 if (!(sco = hci_conn_add(hdev, type, dst))) {
357 if (acl->state == BT_CONNECTED &&
358 (sco->state == BT_OPEN || sco->state == BT_CLOSED)) {
359 if (lmp_esco_capable(hdev))
360 hci_setup_sync(sco, acl->handle);
362 hci_add_sco(sco, acl->handle);
367 EXPORT_SYMBOL(hci_connect);
369 /* Authenticate remote device */
370 int hci_conn_auth(struct hci_conn *conn)
372 BT_DBG("conn %p", conn);
374 if (conn->link_mode & HCI_LM_AUTH)
377 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
378 struct hci_cp_auth_requested cp;
379 cp.handle = cpu_to_le16(conn->handle);
380 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
384 EXPORT_SYMBOL(hci_conn_auth);
386 /* Enable encryption */
387 int hci_conn_encrypt(struct hci_conn *conn)
389 BT_DBG("conn %p", conn);
391 if (conn->link_mode & HCI_LM_ENCRYPT)
394 if (test_and_set_bit(HCI_CONN_ENCRYPT_PEND, &conn->pend))
397 if (hci_conn_auth(conn)) {
398 struct hci_cp_set_conn_encrypt cp;
399 cp.handle = cpu_to_le16(conn->handle);
401 hci_send_cmd(conn->hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp), &cp);
405 EXPORT_SYMBOL(hci_conn_encrypt);
407 /* Change link key */
408 int hci_conn_change_link_key(struct hci_conn *conn)
410 BT_DBG("conn %p", conn);
412 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->pend)) {
413 struct hci_cp_change_conn_link_key cp;
414 cp.handle = cpu_to_le16(conn->handle);
415 hci_send_cmd(conn->hdev, HCI_OP_CHANGE_CONN_LINK_KEY, sizeof(cp), &cp);
419 EXPORT_SYMBOL(hci_conn_change_link_key);
422 int hci_conn_switch_role(struct hci_conn *conn, uint8_t role)
424 BT_DBG("conn %p", conn);
426 if (!role && conn->link_mode & HCI_LM_MASTER)
429 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND, &conn->pend)) {
430 struct hci_cp_switch_role cp;
431 bacpy(&cp.bdaddr, &conn->dst);
433 hci_send_cmd(conn->hdev, HCI_OP_SWITCH_ROLE, sizeof(cp), &cp);
437 EXPORT_SYMBOL(hci_conn_switch_role);
439 /* Enter active mode */
440 void hci_conn_enter_active_mode(struct hci_conn *conn)
442 struct hci_dev *hdev = conn->hdev;
444 BT_DBG("conn %p mode %d", conn, conn->mode);
446 if (test_bit(HCI_RAW, &hdev->flags))
449 if (conn->mode != HCI_CM_SNIFF || !conn->power_save)
452 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
453 struct hci_cp_exit_sniff_mode cp;
454 cp.handle = cpu_to_le16(conn->handle);
455 hci_send_cmd(hdev, HCI_OP_EXIT_SNIFF_MODE, sizeof(cp), &cp);
459 if (hdev->idle_timeout > 0)
460 mod_timer(&conn->idle_timer,
461 jiffies + msecs_to_jiffies(hdev->idle_timeout));
464 /* Enter sniff mode */
465 void hci_conn_enter_sniff_mode(struct hci_conn *conn)
467 struct hci_dev *hdev = conn->hdev;
469 BT_DBG("conn %p mode %d", conn, conn->mode);
471 if (test_bit(HCI_RAW, &hdev->flags))
474 if (!lmp_sniff_capable(hdev) || !lmp_sniff_capable(conn))
477 if (conn->mode != HCI_CM_ACTIVE || !(conn->link_policy & HCI_LP_SNIFF))
480 if (lmp_sniffsubr_capable(hdev) && lmp_sniffsubr_capable(conn)) {
481 struct hci_cp_sniff_subrate cp;
482 cp.handle = cpu_to_le16(conn->handle);
483 cp.max_latency = cpu_to_le16(0);
484 cp.min_remote_timeout = cpu_to_le16(0);
485 cp.min_local_timeout = cpu_to_le16(0);
486 hci_send_cmd(hdev, HCI_OP_SNIFF_SUBRATE, sizeof(cp), &cp);
489 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->pend)) {
490 struct hci_cp_sniff_mode cp;
491 cp.handle = cpu_to_le16(conn->handle);
492 cp.max_interval = cpu_to_le16(hdev->sniff_max_interval);
493 cp.min_interval = cpu_to_le16(hdev->sniff_min_interval);
494 cp.attempt = cpu_to_le16(4);
495 cp.timeout = cpu_to_le16(1);
496 hci_send_cmd(hdev, HCI_OP_SNIFF_MODE, sizeof(cp), &cp);
500 /* Drop all connection on the device */
501 void hci_conn_hash_flush(struct hci_dev *hdev)
503 struct hci_conn_hash *h = &hdev->conn_hash;
506 BT_DBG("hdev %s", hdev->name);
509 while (p != &h->list) {
512 c = list_entry(p, struct hci_conn, list);
515 c->state = BT_CLOSED;
517 hci_proto_disconn_ind(c, 0x16);
522 /* Check pending connect attempts */
523 void hci_conn_check_pending(struct hci_dev *hdev)
525 struct hci_conn *conn;
527 BT_DBG("hdev %s", hdev->name);
531 conn = hci_conn_hash_lookup_state(hdev, ACL_LINK, BT_CONNECT2);
533 hci_acl_connect(conn);
535 hci_dev_unlock(hdev);
538 int hci_get_conn_list(void __user *arg)
540 struct hci_conn_list_req req, *cl;
541 struct hci_conn_info *ci;
542 struct hci_dev *hdev;
544 int n = 0, size, err;
546 if (copy_from_user(&req, arg, sizeof(req)))
549 if (!req.conn_num || req.conn_num > (PAGE_SIZE * 2) / sizeof(*ci))
552 size = sizeof(req) + req.conn_num * sizeof(*ci);
554 if (!(cl = kmalloc(size, GFP_KERNEL)))
557 if (!(hdev = hci_dev_get(req.dev_id))) {
564 hci_dev_lock_bh(hdev);
565 list_for_each(p, &hdev->conn_hash.list) {
566 register struct hci_conn *c;
567 c = list_entry(p, struct hci_conn, list);
569 bacpy(&(ci + n)->bdaddr, &c->dst);
570 (ci + n)->handle = c->handle;
571 (ci + n)->type = c->type;
572 (ci + n)->out = c->out;
573 (ci + n)->state = c->state;
574 (ci + n)->link_mode = c->link_mode;
575 if (++n >= req.conn_num)
578 hci_dev_unlock_bh(hdev);
580 cl->dev_id = hdev->id;
582 size = sizeof(req) + n * sizeof(*ci);
586 err = copy_to_user(arg, cl, size);
589 return err ? -EFAULT : 0;
592 int hci_get_conn_info(struct hci_dev *hdev, void __user *arg)
594 struct hci_conn_info_req req;
595 struct hci_conn_info ci;
596 struct hci_conn *conn;
597 char __user *ptr = arg + sizeof(req);
599 if (copy_from_user(&req, arg, sizeof(req)))
602 hci_dev_lock_bh(hdev);
603 conn = hci_conn_hash_lookup_ba(hdev, req.type, &req.bdaddr);
605 bacpy(&ci.bdaddr, &conn->dst);
606 ci.handle = conn->handle;
607 ci.type = conn->type;
609 ci.state = conn->state;
610 ci.link_mode = conn->link_mode;
612 hci_dev_unlock_bh(hdev);
617 return copy_to_user(ptr, &ci, sizeof(ci)) ? -EFAULT : 0;