2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
25 /* Bluetooth HCI connection handling. */
27 #include <linux/export.h>
29 #include <net/bluetooth/bluetooth.h>
30 #include <net/bluetooth/hci_core.h>
31 #include <net/bluetooth/a2mp.h>
32 #include <net/bluetooth/smp.h>
34 static void hci_le_create_connection(struct hci_conn
*conn
)
36 struct hci_dev
*hdev
= conn
->hdev
;
37 struct hci_cp_le_create_conn cp
;
39 conn
->state
= BT_CONNECT
;
41 conn
->link_mode
|= HCI_LM_MASTER
;
42 conn
->sec_level
= BT_SECURITY_LOW
;
44 memset(&cp
, 0, sizeof(cp
));
45 cp
.scan_interval
= __constant_cpu_to_le16(0x0060);
46 cp
.scan_window
= __constant_cpu_to_le16(0x0030);
47 bacpy(&cp
.peer_addr
, &conn
->dst
);
48 cp
.peer_addr_type
= conn
->dst_type
;
49 cp
.conn_interval_min
= __constant_cpu_to_le16(0x0028);
50 cp
.conn_interval_max
= __constant_cpu_to_le16(0x0038);
51 cp
.supervision_timeout
= __constant_cpu_to_le16(0x002a);
52 cp
.min_ce_len
= __constant_cpu_to_le16(0x0000);
53 cp
.max_ce_len
= __constant_cpu_to_le16(0x0000);
55 hci_send_cmd(hdev
, HCI_OP_LE_CREATE_CONN
, sizeof(cp
), &cp
);
58 static void hci_le_create_connection_cancel(struct hci_conn
*conn
)
60 hci_send_cmd(conn
->hdev
, HCI_OP_LE_CREATE_CONN_CANCEL
, 0, NULL
);
63 static void hci_acl_create_connection(struct hci_conn
*conn
)
65 struct hci_dev
*hdev
= conn
->hdev
;
66 struct inquiry_entry
*ie
;
67 struct hci_cp_create_conn cp
;
69 BT_DBG("hcon %p", conn
);
71 conn
->state
= BT_CONNECT
;
74 conn
->link_mode
= HCI_LM_MASTER
;
78 conn
->link_policy
= hdev
->link_policy
;
80 memset(&cp
, 0, sizeof(cp
));
81 bacpy(&cp
.bdaddr
, &conn
->dst
);
82 cp
.pscan_rep_mode
= 0x02;
84 ie
= hci_inquiry_cache_lookup(hdev
, &conn
->dst
);
86 if (inquiry_entry_age(ie
) <= INQUIRY_ENTRY_AGE_MAX
) {
87 cp
.pscan_rep_mode
= ie
->data
.pscan_rep_mode
;
88 cp
.pscan_mode
= ie
->data
.pscan_mode
;
89 cp
.clock_offset
= ie
->data
.clock_offset
|
90 __constant_cpu_to_le16(0x8000);
93 memcpy(conn
->dev_class
, ie
->data
.dev_class
, 3);
94 if (ie
->data
.ssp_mode
> 0)
95 set_bit(HCI_CONN_SSP_ENABLED
, &conn
->flags
);
98 cp
.pkt_type
= cpu_to_le16(conn
->pkt_type
);
99 if (lmp_rswitch_capable(hdev
) && !(hdev
->link_mode
& HCI_LM_MASTER
))
100 cp
.role_switch
= 0x01;
102 cp
.role_switch
= 0x00;
104 hci_send_cmd(hdev
, HCI_OP_CREATE_CONN
, sizeof(cp
), &cp
);
107 static void hci_acl_create_connection_cancel(struct hci_conn
*conn
)
109 struct hci_cp_create_conn_cancel cp
;
111 BT_DBG("hcon %p", conn
);
113 if (conn
->hdev
->hci_ver
< BLUETOOTH_VER_1_2
)
116 bacpy(&cp
.bdaddr
, &conn
->dst
);
117 hci_send_cmd(conn
->hdev
, HCI_OP_CREATE_CONN_CANCEL
, sizeof(cp
), &cp
);
120 static void hci_reject_sco(struct hci_conn
*conn
)
122 struct hci_cp_reject_sync_conn_req cp
;
124 cp
.reason
= HCI_ERROR_REMOTE_USER_TERM
;
125 bacpy(&cp
.bdaddr
, &conn
->dst
);
127 hci_send_cmd(conn
->hdev
, HCI_OP_REJECT_SYNC_CONN_REQ
, sizeof(cp
), &cp
);
130 void hci_disconnect(struct hci_conn
*conn
, __u8 reason
)
132 struct hci_cp_disconnect cp
;
134 BT_DBG("hcon %p", conn
);
136 conn
->state
= BT_DISCONN
;
138 cp
.handle
= cpu_to_le16(conn
->handle
);
140 hci_send_cmd(conn
->hdev
, HCI_OP_DISCONNECT
, sizeof(cp
), &cp
);
143 static void hci_amp_disconn(struct hci_conn
*conn
, __u8 reason
)
145 struct hci_cp_disconn_phy_link cp
;
147 BT_DBG("hcon %p", conn
);
149 conn
->state
= BT_DISCONN
;
151 cp
.phy_handle
= HCI_PHY_HANDLE(conn
->handle
);
153 hci_send_cmd(conn
->hdev
, HCI_OP_DISCONN_PHY_LINK
,
157 static void hci_add_sco(struct hci_conn
*conn
, __u16 handle
)
159 struct hci_dev
*hdev
= conn
->hdev
;
160 struct hci_cp_add_sco cp
;
162 BT_DBG("hcon %p", conn
);
164 conn
->state
= BT_CONNECT
;
169 cp
.handle
= cpu_to_le16(handle
);
170 cp
.pkt_type
= cpu_to_le16(conn
->pkt_type
);
172 hci_send_cmd(hdev
, HCI_OP_ADD_SCO
, sizeof(cp
), &cp
);
175 void hci_setup_sync(struct hci_conn
*conn
, __u16 handle
)
177 struct hci_dev
*hdev
= conn
->hdev
;
178 struct hci_cp_setup_sync_conn cp
;
180 BT_DBG("hcon %p", conn
);
182 conn
->state
= BT_CONNECT
;
187 cp
.handle
= cpu_to_le16(handle
);
188 cp
.pkt_type
= cpu_to_le16(conn
->pkt_type
);
190 cp
.tx_bandwidth
= __constant_cpu_to_le32(0x00001f40);
191 cp
.rx_bandwidth
= __constant_cpu_to_le32(0x00001f40);
192 cp
.max_latency
= __constant_cpu_to_le16(0xffff);
193 cp
.voice_setting
= cpu_to_le16(hdev
->voice_setting
);
194 cp
.retrans_effort
= 0xff;
196 hci_send_cmd(hdev
, HCI_OP_SETUP_SYNC_CONN
, sizeof(cp
), &cp
);
199 void hci_le_conn_update(struct hci_conn
*conn
, u16 min
, u16 max
,
200 u16 latency
, u16 to_multiplier
)
202 struct hci_cp_le_conn_update cp
;
203 struct hci_dev
*hdev
= conn
->hdev
;
205 memset(&cp
, 0, sizeof(cp
));
207 cp
.handle
= cpu_to_le16(conn
->handle
);
208 cp
.conn_interval_min
= cpu_to_le16(min
);
209 cp
.conn_interval_max
= cpu_to_le16(max
);
210 cp
.conn_latency
= cpu_to_le16(latency
);
211 cp
.supervision_timeout
= cpu_to_le16(to_multiplier
);
212 cp
.min_ce_len
= __constant_cpu_to_le16(0x0001);
213 cp
.max_ce_len
= __constant_cpu_to_le16(0x0001);
215 hci_send_cmd(hdev
, HCI_OP_LE_CONN_UPDATE
, sizeof(cp
), &cp
);
218 void hci_le_start_enc(struct hci_conn
*conn
, __le16 ediv
, __u8 rand
[8],
221 struct hci_dev
*hdev
= conn
->hdev
;
222 struct hci_cp_le_start_enc cp
;
224 BT_DBG("hcon %p", conn
);
226 memset(&cp
, 0, sizeof(cp
));
228 cp
.handle
= cpu_to_le16(conn
->handle
);
229 memcpy(cp
.ltk
, ltk
, sizeof(cp
.ltk
));
231 memcpy(cp
.rand
, rand
, sizeof(cp
.rand
));
233 hci_send_cmd(hdev
, HCI_OP_LE_START_ENC
, sizeof(cp
), &cp
);
236 /* Device _must_ be locked */
237 void hci_sco_setup(struct hci_conn
*conn
, __u8 status
)
239 struct hci_conn
*sco
= conn
->link
;
244 BT_DBG("hcon %p", conn
);
247 if (lmp_esco_capable(conn
->hdev
))
248 hci_setup_sync(sco
, conn
->handle
);
250 hci_add_sco(sco
, conn
->handle
);
252 hci_proto_connect_cfm(sco
, status
);
257 static void hci_conn_disconnect(struct hci_conn
*conn
)
259 __u8 reason
= hci_proto_disconn_ind(conn
);
261 switch (conn
->type
) {
263 hci_amp_disconn(conn
, reason
);
266 hci_disconnect(conn
, reason
);
271 static void hci_conn_timeout(struct work_struct
*work
)
273 struct hci_conn
*conn
= container_of(work
, struct hci_conn
,
276 BT_DBG("hcon %p state %s", conn
, state_to_string(conn
->state
));
278 if (atomic_read(&conn
->refcnt
))
281 switch (conn
->state
) {
285 if (conn
->type
== ACL_LINK
)
286 hci_acl_create_connection_cancel(conn
);
287 else if (conn
->type
== LE_LINK
)
288 hci_le_create_connection_cancel(conn
);
289 } else if (conn
->type
== SCO_LINK
|| conn
->type
== ESCO_LINK
) {
290 hci_reject_sco(conn
);
295 hci_conn_disconnect(conn
);
298 conn
->state
= BT_CLOSED
;
303 /* Enter sniff mode */
304 static void hci_conn_enter_sniff_mode(struct hci_conn
*conn
)
306 struct hci_dev
*hdev
= conn
->hdev
;
308 BT_DBG("hcon %p mode %d", conn
, conn
->mode
);
310 if (test_bit(HCI_RAW
, &hdev
->flags
))
313 if (!lmp_sniff_capable(hdev
) || !lmp_sniff_capable(conn
))
316 if (conn
->mode
!= HCI_CM_ACTIVE
|| !(conn
->link_policy
& HCI_LP_SNIFF
))
319 if (lmp_sniffsubr_capable(hdev
) && lmp_sniffsubr_capable(conn
)) {
320 struct hci_cp_sniff_subrate cp
;
321 cp
.handle
= cpu_to_le16(conn
->handle
);
322 cp
.max_latency
= __constant_cpu_to_le16(0);
323 cp
.min_remote_timeout
= __constant_cpu_to_le16(0);
324 cp
.min_local_timeout
= __constant_cpu_to_le16(0);
325 hci_send_cmd(hdev
, HCI_OP_SNIFF_SUBRATE
, sizeof(cp
), &cp
);
328 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND
, &conn
->flags
)) {
329 struct hci_cp_sniff_mode cp
;
330 cp
.handle
= cpu_to_le16(conn
->handle
);
331 cp
.max_interval
= cpu_to_le16(hdev
->sniff_max_interval
);
332 cp
.min_interval
= cpu_to_le16(hdev
->sniff_min_interval
);
333 cp
.attempt
= __constant_cpu_to_le16(4);
334 cp
.timeout
= __constant_cpu_to_le16(1);
335 hci_send_cmd(hdev
, HCI_OP_SNIFF_MODE
, sizeof(cp
), &cp
);
339 static void hci_conn_idle(unsigned long arg
)
341 struct hci_conn
*conn
= (void *) arg
;
343 BT_DBG("hcon %p mode %d", conn
, conn
->mode
);
345 hci_conn_enter_sniff_mode(conn
);
348 static void hci_conn_auto_accept(unsigned long arg
)
350 struct hci_conn
*conn
= (void *) arg
;
351 struct hci_dev
*hdev
= conn
->hdev
;
353 hci_send_cmd(hdev
, HCI_OP_USER_CONFIRM_REPLY
, sizeof(conn
->dst
),
357 struct hci_conn
*hci_conn_add(struct hci_dev
*hdev
, int type
,
358 __u16 pkt_type
, bdaddr_t
*dst
)
360 struct hci_conn
*conn
;
362 BT_DBG("%s dst %pMR", hdev
->name
, dst
);
364 conn
= kzalloc(sizeof(struct hci_conn
), GFP_KERNEL
);
368 bacpy(&conn
->dst
, dst
);
371 conn
->mode
= HCI_CM_ACTIVE
;
372 conn
->state
= BT_OPEN
;
373 conn
->auth_type
= HCI_AT_GENERAL_BONDING
;
374 conn
->io_capability
= hdev
->io_capability
;
375 conn
->remote_auth
= 0xff;
376 conn
->key_type
= 0xff;
378 set_bit(HCI_CONN_POWER_SAVE
, &conn
->flags
);
379 conn
->disc_timeout
= HCI_DISCONN_TIMEOUT
;
383 conn
->pkt_type
= hdev
->pkt_type
& ACL_PTYPE_MASK
;
387 pkt_type
= SCO_ESCO_MASK
;
390 pkt_type
= ALL_ESCO_MASK
;
391 if (lmp_esco_capable(hdev
)) {
392 /* HCI Setup Synchronous Connection Command uses
393 reverse logic on the EDR_ESCO_MASK bits */
394 conn
->pkt_type
= (pkt_type
^ EDR_ESCO_MASK
) &
397 /* Legacy HCI Add Sco Connection Command uses a
399 conn
->pkt_type
= (pkt_type
<< 5) & hdev
->pkt_type
&
405 skb_queue_head_init(&conn
->data_q
);
407 INIT_LIST_HEAD(&conn
->chan_list
);
409 INIT_DELAYED_WORK(&conn
->disc_work
, hci_conn_timeout
);
410 setup_timer(&conn
->idle_timer
, hci_conn_idle
, (unsigned long)conn
);
411 setup_timer(&conn
->auto_accept_timer
, hci_conn_auto_accept
,
412 (unsigned long) conn
);
414 atomic_set(&conn
->refcnt
, 0);
418 hci_conn_hash_add(hdev
, conn
);
420 hdev
->notify(hdev
, HCI_NOTIFY_CONN_ADD
);
422 hci_conn_init_sysfs(conn
);
427 int hci_conn_del(struct hci_conn
*conn
)
429 struct hci_dev
*hdev
= conn
->hdev
;
431 BT_DBG("%s hcon %p handle %d", hdev
->name
, conn
, conn
->handle
);
433 del_timer(&conn
->idle_timer
);
435 cancel_delayed_work_sync(&conn
->disc_work
);
437 del_timer(&conn
->auto_accept_timer
);
439 if (conn
->type
== ACL_LINK
) {
440 struct hci_conn
*sco
= conn
->link
;
445 hdev
->acl_cnt
+= conn
->sent
;
446 } else if (conn
->type
== LE_LINK
) {
448 hdev
->le_cnt
+= conn
->sent
;
450 hdev
->acl_cnt
+= conn
->sent
;
452 struct hci_conn
*acl
= conn
->link
;
459 hci_chan_list_flush(conn
);
462 amp_mgr_put(conn
->amp_mgr
);
464 hci_conn_hash_del(hdev
, conn
);
466 hdev
->notify(hdev
, HCI_NOTIFY_CONN_DEL
);
468 skb_queue_purge(&conn
->data_q
);
470 hci_conn_del_sysfs(conn
);
479 struct hci_dev
*hci_get_route(bdaddr_t
*dst
, bdaddr_t
*src
)
481 int use_src
= bacmp(src
, BDADDR_ANY
);
482 struct hci_dev
*hdev
= NULL
, *d
;
484 BT_DBG("%pMR -> %pMR", src
, dst
);
486 read_lock(&hci_dev_list_lock
);
488 list_for_each_entry(d
, &hci_dev_list
, list
) {
489 if (!test_bit(HCI_UP
, &d
->flags
) ||
490 test_bit(HCI_RAW
, &d
->flags
) ||
491 d
->dev_type
!= HCI_BREDR
)
495 * No source address - find interface with bdaddr != dst
496 * Source address - find interface with bdaddr == src
500 if (!bacmp(&d
->bdaddr
, src
)) {
504 if (bacmp(&d
->bdaddr
, dst
)) {
511 hdev
= hci_dev_hold(hdev
);
513 read_unlock(&hci_dev_list_lock
);
516 EXPORT_SYMBOL(hci_get_route
);
518 static struct hci_conn
*hci_connect_le(struct hci_dev
*hdev
, bdaddr_t
*dst
,
519 u8 dst_type
, u8 sec_level
, u8 auth_type
)
523 if (test_bit(HCI_LE_PERIPHERAL
, &hdev
->flags
))
524 return ERR_PTR(-ENOTSUPP
);
526 le
= hci_conn_hash_lookup_ba(hdev
, LE_LINK
, dst
);
528 le
= hci_conn_hash_lookup_state(hdev
, LE_LINK
, BT_CONNECT
);
530 return ERR_PTR(-EBUSY
);
532 le
= hci_conn_add(hdev
, LE_LINK
, 0, dst
);
534 return ERR_PTR(-ENOMEM
);
536 le
->dst_type
= bdaddr_to_le(dst_type
);
537 hci_le_create_connection(le
);
540 le
->pending_sec_level
= sec_level
;
541 le
->auth_type
= auth_type
;
548 static struct hci_conn
*hci_connect_acl(struct hci_dev
*hdev
, bdaddr_t
*dst
,
549 u8 sec_level
, u8 auth_type
)
551 struct hci_conn
*acl
;
553 acl
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, dst
);
555 acl
= hci_conn_add(hdev
, ACL_LINK
, 0, dst
);
557 return ERR_PTR(-ENOMEM
);
562 if (acl
->state
== BT_OPEN
|| acl
->state
== BT_CLOSED
) {
563 acl
->sec_level
= BT_SECURITY_LOW
;
564 acl
->pending_sec_level
= sec_level
;
565 acl
->auth_type
= auth_type
;
566 hci_acl_create_connection(acl
);
572 static struct hci_conn
*hci_connect_sco(struct hci_dev
*hdev
, int type
,
573 __u16 pkt_type
, bdaddr_t
*dst
,
574 u8 sec_level
, u8 auth_type
)
576 struct hci_conn
*acl
;
577 struct hci_conn
*sco
;
579 acl
= hci_connect_acl(hdev
, dst
, sec_level
, auth_type
);
583 sco
= hci_conn_hash_lookup_ba(hdev
, type
, dst
);
585 sco
= hci_conn_add(hdev
, type
, pkt_type
, dst
);
588 return ERR_PTR(-ENOMEM
);
597 if (acl
->state
== BT_CONNECTED
&&
598 (sco
->state
== BT_OPEN
|| sco
->state
== BT_CLOSED
)) {
599 set_bit(HCI_CONN_POWER_SAVE
, &acl
->flags
);
600 hci_conn_enter_active_mode(acl
, BT_POWER_FORCE_ACTIVE_ON
);
602 if (test_bit(HCI_CONN_MODE_CHANGE_PEND
, &acl
->flags
)) {
603 /* defer SCO setup until mode change completed */
604 set_bit(HCI_CONN_SCO_SETUP_PEND
, &acl
->flags
);
608 hci_sco_setup(acl
, 0x00);
614 /* Create SCO, ACL or LE connection. */
615 struct hci_conn
*hci_connect(struct hci_dev
*hdev
, int type
,
616 __u16 pkt_type
, bdaddr_t
*dst
,
617 __u8 dst_type
, __u8 sec_level
, __u8 auth_type
)
619 BT_DBG("%s dst %pMR type 0x%x", hdev
->name
, dst
, type
);
623 return hci_connect_le(hdev
, dst
, dst_type
, sec_level
, auth_type
);
625 return hci_connect_acl(hdev
, dst
, sec_level
, auth_type
);
628 return hci_connect_sco(hdev
, type
, pkt_type
, dst
, sec_level
, auth_type
);
631 return ERR_PTR(-EINVAL
);
634 /* Check link security requirement */
635 int hci_conn_check_link_mode(struct hci_conn
*conn
)
637 BT_DBG("hcon %p", conn
);
639 if (hci_conn_ssp_enabled(conn
) && !(conn
->link_mode
& HCI_LM_ENCRYPT
))
645 /* Authenticate remote device */
646 static int hci_conn_auth(struct hci_conn
*conn
, __u8 sec_level
, __u8 auth_type
)
648 BT_DBG("hcon %p", conn
);
650 if (conn
->pending_sec_level
> sec_level
)
651 sec_level
= conn
->pending_sec_level
;
653 if (sec_level
> conn
->sec_level
)
654 conn
->pending_sec_level
= sec_level
;
655 else if (conn
->link_mode
& HCI_LM_AUTH
)
658 /* Make sure we preserve an existing MITM requirement*/
659 auth_type
|= (conn
->auth_type
& 0x01);
661 conn
->auth_type
= auth_type
;
663 if (!test_and_set_bit(HCI_CONN_AUTH_PEND
, &conn
->flags
)) {
664 struct hci_cp_auth_requested cp
;
666 cp
.handle
= cpu_to_le16(conn
->handle
);
667 hci_send_cmd(conn
->hdev
, HCI_OP_AUTH_REQUESTED
,
670 /* If we're already encrypted set the REAUTH_PEND flag,
671 * otherwise set the ENCRYPT_PEND.
673 if (conn
->link_mode
& HCI_LM_ENCRYPT
)
674 set_bit(HCI_CONN_REAUTH_PEND
, &conn
->flags
);
676 set_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->flags
);
682 /* Encrypt the the link */
683 static void hci_conn_encrypt(struct hci_conn
*conn
)
685 BT_DBG("hcon %p", conn
);
687 if (!test_and_set_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->flags
)) {
688 struct hci_cp_set_conn_encrypt cp
;
689 cp
.handle
= cpu_to_le16(conn
->handle
);
691 hci_send_cmd(conn
->hdev
, HCI_OP_SET_CONN_ENCRYPT
, sizeof(cp
),
696 /* Enable security */
697 int hci_conn_security(struct hci_conn
*conn
, __u8 sec_level
, __u8 auth_type
)
699 BT_DBG("hcon %p", conn
);
701 if (conn
->type
== LE_LINK
)
702 return smp_conn_security(conn
, sec_level
);
704 /* For sdp we don't need the link key. */
705 if (sec_level
== BT_SECURITY_SDP
)
708 /* For non 2.1 devices and low security level we don't need the link
710 if (sec_level
== BT_SECURITY_LOW
&& !hci_conn_ssp_enabled(conn
))
713 /* For other security levels we need the link key. */
714 if (!(conn
->link_mode
& HCI_LM_AUTH
))
717 /* An authenticated combination key has sufficient security for any
719 if (conn
->key_type
== HCI_LK_AUTH_COMBINATION
)
722 /* An unauthenticated combination key has sufficient security for
723 security level 1 and 2. */
724 if (conn
->key_type
== HCI_LK_UNAUTH_COMBINATION
&&
725 (sec_level
== BT_SECURITY_MEDIUM
|| sec_level
== BT_SECURITY_LOW
))
728 /* A combination key has always sufficient security for the security
729 levels 1 or 2. High security level requires the combination key
730 is generated using maximum PIN code length (16).
731 For pre 2.1 units. */
732 if (conn
->key_type
== HCI_LK_COMBINATION
&&
733 (sec_level
!= BT_SECURITY_HIGH
|| conn
->pin_length
== 16))
737 if (test_bit(HCI_CONN_ENCRYPT_PEND
, &conn
->flags
))
740 if (!hci_conn_auth(conn
, sec_level
, auth_type
))
744 if (conn
->link_mode
& HCI_LM_ENCRYPT
)
747 hci_conn_encrypt(conn
);
750 EXPORT_SYMBOL(hci_conn_security
);
752 /* Check secure link requirement */
753 int hci_conn_check_secure(struct hci_conn
*conn
, __u8 sec_level
)
755 BT_DBG("hcon %p", conn
);
757 if (sec_level
!= BT_SECURITY_HIGH
)
758 return 1; /* Accept if non-secure is required */
760 if (conn
->sec_level
== BT_SECURITY_HIGH
)
763 return 0; /* Reject not secure link */
765 EXPORT_SYMBOL(hci_conn_check_secure
);
767 /* Change link key */
768 int hci_conn_change_link_key(struct hci_conn
*conn
)
770 BT_DBG("hcon %p", conn
);
772 if (!test_and_set_bit(HCI_CONN_AUTH_PEND
, &conn
->flags
)) {
773 struct hci_cp_change_conn_link_key cp
;
774 cp
.handle
= cpu_to_le16(conn
->handle
);
775 hci_send_cmd(conn
->hdev
, HCI_OP_CHANGE_CONN_LINK_KEY
,
783 int hci_conn_switch_role(struct hci_conn
*conn
, __u8 role
)
785 BT_DBG("hcon %p", conn
);
787 if (!role
&& conn
->link_mode
& HCI_LM_MASTER
)
790 if (!test_and_set_bit(HCI_CONN_RSWITCH_PEND
, &conn
->flags
)) {
791 struct hci_cp_switch_role cp
;
792 bacpy(&cp
.bdaddr
, &conn
->dst
);
794 hci_send_cmd(conn
->hdev
, HCI_OP_SWITCH_ROLE
, sizeof(cp
), &cp
);
799 EXPORT_SYMBOL(hci_conn_switch_role
);
801 /* Enter active mode */
802 void hci_conn_enter_active_mode(struct hci_conn
*conn
, __u8 force_active
)
804 struct hci_dev
*hdev
= conn
->hdev
;
806 BT_DBG("hcon %p mode %d", conn
, conn
->mode
);
808 if (test_bit(HCI_RAW
, &hdev
->flags
))
811 if (conn
->mode
!= HCI_CM_SNIFF
)
814 if (!test_bit(HCI_CONN_POWER_SAVE
, &conn
->flags
) && !force_active
)
817 if (!test_and_set_bit(HCI_CONN_MODE_CHANGE_PEND
, &conn
->flags
)) {
818 struct hci_cp_exit_sniff_mode cp
;
819 cp
.handle
= cpu_to_le16(conn
->handle
);
820 hci_send_cmd(hdev
, HCI_OP_EXIT_SNIFF_MODE
, sizeof(cp
), &cp
);
824 if (hdev
->idle_timeout
> 0)
825 mod_timer(&conn
->idle_timer
,
826 jiffies
+ msecs_to_jiffies(hdev
->idle_timeout
));
829 /* Drop all connection on the device */
830 void hci_conn_hash_flush(struct hci_dev
*hdev
)
832 struct hci_conn_hash
*h
= &hdev
->conn_hash
;
833 struct hci_conn
*c
, *n
;
835 BT_DBG("hdev %s", hdev
->name
);
837 list_for_each_entry_safe(c
, n
, &h
->list
, list
) {
838 c
->state
= BT_CLOSED
;
840 hci_proto_disconn_cfm(c
, HCI_ERROR_LOCAL_HOST_TERM
);
845 /* Check pending connect attempts */
846 void hci_conn_check_pending(struct hci_dev
*hdev
)
848 struct hci_conn
*conn
;
850 BT_DBG("hdev %s", hdev
->name
);
854 conn
= hci_conn_hash_lookup_state(hdev
, ACL_LINK
, BT_CONNECT2
);
856 hci_acl_create_connection(conn
);
858 hci_dev_unlock(hdev
);
861 int hci_get_conn_list(void __user
*arg
)
864 struct hci_conn_list_req req
, *cl
;
865 struct hci_conn_info
*ci
;
866 struct hci_dev
*hdev
;
867 int n
= 0, size
, err
;
869 if (copy_from_user(&req
, arg
, sizeof(req
)))
872 if (!req
.conn_num
|| req
.conn_num
> (PAGE_SIZE
* 2) / sizeof(*ci
))
875 size
= sizeof(req
) + req
.conn_num
* sizeof(*ci
);
877 cl
= kmalloc(size
, GFP_KERNEL
);
881 hdev
= hci_dev_get(req
.dev_id
);
890 list_for_each_entry(c
, &hdev
->conn_hash
.list
, list
) {
891 bacpy(&(ci
+ n
)->bdaddr
, &c
->dst
);
892 (ci
+ n
)->handle
= c
->handle
;
893 (ci
+ n
)->type
= c
->type
;
894 (ci
+ n
)->out
= c
->out
;
895 (ci
+ n
)->state
= c
->state
;
896 (ci
+ n
)->link_mode
= c
->link_mode
;
897 if (c
->type
== SCO_LINK
) {
898 (ci
+ n
)->mtu
= hdev
->sco_mtu
;
899 (ci
+ n
)->cnt
= hdev
->sco_cnt
;
900 (ci
+ n
)->pkts
= hdev
->sco_pkts
;
902 (ci
+ n
)->mtu
= hdev
->acl_mtu
;
903 (ci
+ n
)->cnt
= hdev
->acl_cnt
;
904 (ci
+ n
)->pkts
= hdev
->acl_pkts
;
906 if (++n
>= req
.conn_num
)
909 hci_dev_unlock(hdev
);
911 cl
->dev_id
= hdev
->id
;
913 size
= sizeof(req
) + n
* sizeof(*ci
);
917 err
= copy_to_user(arg
, cl
, size
);
920 return err
? -EFAULT
: 0;
923 int hci_get_conn_info(struct hci_dev
*hdev
, void __user
*arg
)
925 struct hci_conn_info_req req
;
926 struct hci_conn_info ci
;
927 struct hci_conn
*conn
;
928 char __user
*ptr
= arg
+ sizeof(req
);
930 if (copy_from_user(&req
, arg
, sizeof(req
)))
934 conn
= hci_conn_hash_lookup_ba(hdev
, req
.type
, &req
.bdaddr
);
936 bacpy(&ci
.bdaddr
, &conn
->dst
);
937 ci
.handle
= conn
->handle
;
938 ci
.type
= conn
->type
;
940 ci
.state
= conn
->state
;
941 ci
.link_mode
= conn
->link_mode
;
942 if (req
.type
== SCO_LINK
) {
943 ci
.mtu
= hdev
->sco_mtu
;
944 ci
.cnt
= hdev
->sco_cnt
;
945 ci
.pkts
= hdev
->sco_pkts
;
947 ci
.mtu
= hdev
->acl_mtu
;
948 ci
.cnt
= hdev
->acl_cnt
;
949 ci
.pkts
= hdev
->acl_pkts
;
952 hci_dev_unlock(hdev
);
957 return copy_to_user(ptr
, &ci
, sizeof(ci
)) ? -EFAULT
: 0;
960 int hci_get_auth_info(struct hci_dev
*hdev
, void __user
*arg
)
962 struct hci_auth_info_req req
;
963 struct hci_conn
*conn
;
965 if (copy_from_user(&req
, arg
, sizeof(req
)))
969 conn
= hci_conn_hash_lookup_ba(hdev
, ACL_LINK
, &req
.bdaddr
);
971 req
.type
= conn
->auth_type
;
972 hci_dev_unlock(hdev
);
977 return copy_to_user(arg
, &req
, sizeof(req
)) ? -EFAULT
: 0;
980 struct hci_chan
*hci_chan_create(struct hci_conn
*conn
)
982 struct hci_dev
*hdev
= conn
->hdev
;
983 struct hci_chan
*chan
;
985 BT_DBG("%s hcon %p", hdev
->name
, conn
);
987 chan
= kzalloc(sizeof(struct hci_chan
), GFP_KERNEL
);
992 skb_queue_head_init(&chan
->data_q
);
993 chan
->state
= BT_CONNECTED
;
995 list_add_rcu(&chan
->list
, &conn
->chan_list
);
1000 void hci_chan_del(struct hci_chan
*chan
)
1002 struct hci_conn
*conn
= chan
->conn
;
1003 struct hci_dev
*hdev
= conn
->hdev
;
1005 BT_DBG("%s hcon %p chan %p", hdev
->name
, conn
, chan
);
1007 list_del_rcu(&chan
->list
);
1011 hci_conn_drop(conn
);
1013 skb_queue_purge(&chan
->data_q
);
1017 void hci_chan_list_flush(struct hci_conn
*conn
)
1019 struct hci_chan
*chan
, *n
;
1021 BT_DBG("hcon %p", conn
);
1023 list_for_each_entry_safe(chan
, n
, &conn
->chan_list
, list
)
1027 static struct hci_chan
*__hci_chan_lookup_handle(struct hci_conn
*hcon
,
1030 struct hci_chan
*hchan
;
1032 list_for_each_entry(hchan
, &hcon
->chan_list
, list
) {
1033 if (hchan
->handle
== handle
)
1040 struct hci_chan
*hci_chan_lookup_handle(struct hci_dev
*hdev
, __u16 handle
)
1042 struct hci_conn_hash
*h
= &hdev
->conn_hash
;
1043 struct hci_conn
*hcon
;
1044 struct hci_chan
*hchan
= NULL
;
1048 list_for_each_entry_rcu(hcon
, &h
->list
, list
) {
1049 hchan
= __hci_chan_lookup_handle(hcon
, handle
);