Lines Matching refs:chan
57 static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data, size_t data_size);
58 static void l2cap_send_disconn_req(struct l2cap_chan *chan, int err);
60 static void l2cap_tx(struct l2cap_chan *chan, struct l2cap_ctrl *control,
125 /* Only lock if chan reference is not 0 */
146 /* Only lock if chan reference is not 0 */
186 int l2cap_add_psm(struct l2cap_chan *chan, bdaddr_t *src, __le16 psm)
192 if (psm && __l2cap_global_chan_by_addr(psm, src, chan->src_type)) {
198 chan->psm = psm;
199 chan->sport = psm;
204 if (chan->src_type == BDADDR_BREDR) {
217 chan->src_type)) {
218 chan->psm = cpu_to_le16(p);
219 chan->sport = cpu_to_le16(p);
231 int l2cap_add_scid(struct l2cap_chan *chan, __u16 scid)
236 chan->omtu = L2CAP_DEFAULT_MTU;
237 chan->chan_type = L2CAP_CHAN_FIXED;
239 chan->scid = scid;
263 static void l2cap_state_change(struct l2cap_chan *chan, int state)
265 BT_DBG("chan %p %s -> %s", chan, state_to_string(chan->state),
268 chan->state = state;
269 chan->ops->state_change(chan, state, 0);
272 static inline void l2cap_state_change_and_error(struct l2cap_chan *chan,
275 chan->state = state;
276 chan->ops->state_change(chan, chan->state, err);
279 static inline void l2cap_chan_set_err(struct l2cap_chan *chan, int err)
281 chan->ops->state_change(chan, chan->state, err);
284 static void __set_retrans_timer(struct l2cap_chan *chan)
286 if (!delayed_work_pending(&chan->monitor_timer) &&
287 chan->retrans_timeout) {
288 l2cap_set_timer(chan, &chan->retrans_timer,
289 msecs_to_jiffies(chan->retrans_timeout));
293 static void __set_monitor_timer(struct l2cap_chan *chan)
295 __clear_retrans_timer(chan);
296 if (chan->monitor_timeout) {
297 l2cap_set_timer(chan, &chan->monitor_timer,
298 msecs_to_jiffies(chan->monitor_timeout));
411 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
413 struct l2cap_conn *conn = chan->conn;
416 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
419 /* __set_chan_timer() calls l2cap_chan_hold(chan) while scheduling
420 * this work. No need to call l2cap_chan_hold(chan) here again.
422 l2cap_chan_lock(chan);
424 if (chan->state == BT_CONNECTED || chan->state == BT_CONFIG)
426 else if (chan->state == BT_CONNECT &&
427 chan->sec_level != BT_SECURITY_SDP)
432 l2cap_chan_close(chan, reason);
434 chan->ops->close(chan);
436 l2cap_chan_unlock(chan);
437 l2cap_chan_put(chan);
444 struct l2cap_chan *chan;
446 chan = kzalloc(sizeof(*chan), GFP_ATOMIC);
447 if (!chan)
450 skb_queue_head_init(&chan->tx_q);
451 skb_queue_head_init(&chan->srej_q);
452 mutex_init(&chan->lock);
455 atomic_set(&chan->nesting, L2CAP_NESTING_NORMAL);
458 list_add(&chan->global_l, &chan_list);
461 INIT_DELAYED_WORK(&chan->chan_timer, l2cap_chan_timeout);
462 INIT_DELAYED_WORK(&chan->retrans_timer, l2cap_retrans_timeout);
463 INIT_DELAYED_WORK(&chan->monitor_timer, l2cap_monitor_timeout);
464 INIT_DELAYED_WORK(&chan->ack_timer, l2cap_ack_timeout);
466 chan->state = BT_OPEN;
468 kref_init(&chan->kref);
471 set_bit(CONF_NOT_COMPLETE, &chan->conf_state);
473 BT_DBG("chan %p", chan);
475 return chan;
481 struct l2cap_chan *chan = container_of(kref, struct l2cap_chan, kref);
483 BT_DBG("chan %p", chan);
486 list_del(&chan->global_l);
489 kfree(chan);
494 BT_DBG("chan %p orig refcnt %u", c, kref_read(&c->kref));
501 BT_DBG("chan %p orig refcnt %u", c, kref_read(&c->kref));
511 BT_DBG("chan %p orig refcnt %u", c, kref_read(&c->kref));
517 void l2cap_chan_set_defaults(struct l2cap_chan *chan)
519 chan->fcs = L2CAP_FCS_CRC16;
520 chan->max_tx = L2CAP_DEFAULT_MAX_TX;
521 chan->tx_win = L2CAP_DEFAULT_TX_WINDOW;
522 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
523 chan->remote_max_tx = chan->max_tx;
524 chan->remote_tx_win = chan->tx_win;
525 chan->ack_win = L2CAP_DEFAULT_TX_WINDOW;
526 chan->sec_level = BT_SECURITY_LOW;
527 chan->flush_to = L2CAP_DEFAULT_FLUSH_TO;
528 chan->retrans_timeout = L2CAP_DEFAULT_RETRANS_TO;
529 chan->monitor_timeout = L2CAP_DEFAULT_MONITOR_TO;
531 chan->conf_state = 0;
532 set_bit(CONF_NOT_COMPLETE, &chan->conf_state);
534 set_bit(FLAG_FORCE_ACTIVE, &chan->flags);
538 static void l2cap_le_flowctl_init(struct l2cap_chan *chan, u16 tx_credits)
540 chan->sdu = NULL;
541 chan->sdu_last_frag = NULL;
542 chan->sdu_len = 0;
543 chan->tx_credits = tx_credits;
545 chan->mps = min_t(u16, chan->imtu, chan->conn->mtu - L2CAP_HDR_SIZE);
547 chan->rx_credits = (chan->imtu / chan->mps) + 1;
549 skb_queue_head_init(&chan->tx_q);
552 static void l2cap_ecred_init(struct l2cap_chan *chan, u16 tx_credits)
554 l2cap_le_flowctl_init(chan, tx_credits);
557 if (chan->mps < L2CAP_ECRED_MIN_MPS) {
558 chan->mps = L2CAP_ECRED_MIN_MPS;
559 chan->rx_credits = (chan->imtu / chan->mps) + 1;
563 void __l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
566 __le16_to_cpu(chan->psm), chan->dcid);
570 chan->conn = conn;
572 switch (chan->chan_type) {
575 chan->scid = l2cap_alloc_cid(conn);
577 chan->omtu = L2CAP_DEFAULT_MTU;
582 chan->scid = L2CAP_CID_CONN_LESS;
583 chan->dcid = L2CAP_CID_CONN_LESS;
584 chan->omtu = L2CAP_DEFAULT_MTU;
593 chan->scid = L2CAP_CID_SIGNALING;
594 chan->dcid = L2CAP_CID_SIGNALING;
595 chan->omtu = L2CAP_DEFAULT_MTU;
598 chan->local_id = L2CAP_BESTEFFORT_ID;
599 chan->local_stype = L2CAP_SERV_BESTEFFORT;
600 chan->local_msdu = L2CAP_DEFAULT_MAX_SDU_SIZE;
601 chan->local_sdu_itime = L2CAP_DEFAULT_SDU_ITIME;
602 chan->local_acc_lat = L2CAP_DEFAULT_ACC_LAT;
603 chan->local_flush_to = L2CAP_EFS_DEFAULT_FLUSH_TO;
605 l2cap_chan_hold(chan);
608 if (chan->chan_type != L2CAP_CHAN_FIXED ||
609 test_bit(FLAG_HOLD_HCI_CONN, &chan->flags))
612 list_add(&chan->list, &conn->chan_l);
615 void l2cap_chan_add(struct l2cap_conn *conn, struct l2cap_chan *chan)
618 __l2cap_chan_add(conn, chan);
622 void l2cap_chan_del(struct l2cap_chan *chan, int err)
624 struct l2cap_conn *conn = chan->conn;
626 __clear_chan_timer(chan);
628 BT_DBG("chan %p, conn %p, err %d, state %s", chan, conn, err,
629 state_to_string(chan->state));
631 chan->ops->teardown(chan, err);
635 list_del(&chan->list);
637 l2cap_chan_put(chan);
639 chan->conn = NULL;
645 if (chan->chan_type != L2CAP_CHAN_FIXED ||
646 test_bit(FLAG_HOLD_HCI_CONN, &chan->flags))
650 if (test_bit(CONF_NOT_COMPLETE, &chan->conf_state))
653 switch (chan->mode) {
659 skb_queue_purge(&chan->tx_q);
663 __clear_retrans_timer(chan);
664 __clear_monitor_timer(chan);
665 __clear_ack_timer(chan);
667 skb_queue_purge(&chan->srej_q);
669 l2cap_seq_list_free(&chan->srej_list);
670 l2cap_seq_list_free(&chan->retrans_list);
674 skb_queue_purge(&chan->tx_q);
683 struct l2cap_chan *chan, *l;
685 list_for_each_entry_safe(chan, l, &conn->chan_l, list) {
686 if (chan->ident == id)
687 func(chan, data);
694 struct l2cap_chan *chan;
696 list_for_each_entry(chan, &conn->chan_l, list) {
697 func(chan, data);
719 struct l2cap_chan *chan;
723 list_for_each_entry(chan, &conn->chan_l, list) {
724 l2cap_chan_lock(chan);
725 bacpy(&chan->dst, &hcon->dst);
726 chan->dst_type = bdaddr_dst_type(hcon);
727 l2cap_chan_unlock(chan);
733 static void l2cap_chan_le_connect_reject(struct l2cap_chan *chan)
735 struct l2cap_conn *conn = chan->conn;
739 if (test_bit(FLAG_DEFER_SETUP, &chan->flags))
744 l2cap_state_change(chan, BT_DISCONN);
746 rsp.dcid = cpu_to_le16(chan->scid);
747 rsp.mtu = cpu_to_le16(chan->imtu);
748 rsp.mps = cpu_to_le16(chan->mps);
749 rsp.credits = cpu_to_le16(chan->rx_credits);
752 l2cap_send_cmd(conn, chan->ident, L2CAP_LE_CONN_RSP, sizeof(rsp),
756 static void l2cap_chan_ecred_connect_reject(struct l2cap_chan *chan)
758 l2cap_state_change(chan, BT_DISCONN);
760 __l2cap_ecred_conn_rsp_defer(chan);
763 static void l2cap_chan_connect_reject(struct l2cap_chan *chan)
765 struct l2cap_conn *conn = chan->conn;
769 if (test_bit(FLAG_DEFER_SETUP, &chan->flags))
774 l2cap_state_change(chan, BT_DISCONN);
776 rsp.scid = cpu_to_le16(chan->dcid);
777 rsp.dcid = cpu_to_le16(chan->scid);
781 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP, sizeof(rsp), &rsp);
784 void l2cap_chan_close(struct l2cap_chan *chan, int reason)
786 struct l2cap_conn *conn = chan->conn;
788 BT_DBG("chan %p state %s", chan, state_to_string(chan->state));
790 switch (chan->state) {
792 chan->ops->teardown(chan, 0);
797 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED) {
798 __set_chan_timer(chan, chan->ops->get_sndtimeo(chan));
799 l2cap_send_disconn_req(chan, reason);
801 l2cap_chan_del(chan, reason);
805 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED) {
807 l2cap_chan_connect_reject(chan);
809 switch (chan->mode) {
811 l2cap_chan_le_connect_reject(chan);
814 l2cap_chan_ecred_connect_reject(chan);
820 l2cap_chan_del(chan, reason);
825 l2cap_chan_del(chan, reason);
829 chan->ops->teardown(chan, 0);
835 static inline u8 l2cap_get_auth_type(struct l2cap_chan *chan)
837 switch (chan->chan_type) {
839 switch (chan->sec_level) {
850 if (chan->psm == cpu_to_le16(L2CAP_PSM_3DSP)) {
851 if (chan->sec_level == BT_SECURITY_LOW)
852 chan->sec_level = BT_SECURITY_SDP;
854 if (chan->sec_level == BT_SECURITY_HIGH ||
855 chan->sec_level == BT_SECURITY_FIPS)
861 if (chan->psm == cpu_to_le16(L2CAP_PSM_SDP)) {
862 if (chan->sec_level == BT_SECURITY_LOW)
863 chan->sec_level = BT_SECURITY_SDP;
865 if (chan->sec_level == BT_SECURITY_HIGH ||
866 chan->sec_level == BT_SECURITY_FIPS)
874 switch (chan->sec_level) {
888 int l2cap_chan_check_security(struct l2cap_chan *chan, bool initiator)
890 struct l2cap_conn *conn = chan->conn;
894 return smp_conn_security(conn->hcon, chan->sec_level);
896 auth_type = l2cap_get_auth_type(chan);
898 return hci_conn_security(conn->hcon, chan->sec_level, auth_type,
949 static void l2cap_do_send(struct l2cap_chan *chan, struct sk_buff *skb)
951 struct hci_conn *hcon = chan->conn->hcon;
954 BT_DBG("chan %p, skb %p len %d priority %u", chan, skb, skb->len,
962 (!test_bit(FLAG_FLUSHABLE, &chan->flags) &&
968 bt_cb(skb)->force_active = test_bit(FLAG_FORCE_ACTIVE, &chan->flags);
969 hci_send_acl(chan->conn->hchan, skb, flags);
1020 static inline void __unpack_control(struct l2cap_chan *chan,
1023 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) {
1072 static inline void __pack_control(struct l2cap_chan *chan,
1076 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) {
1085 static inline unsigned int __ertm_hdr_size(struct l2cap_chan *chan)
1087 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
1093 static struct sk_buff *l2cap_create_sframe_pdu(struct l2cap_chan *chan,
1098 int hlen = __ertm_hdr_size(chan);
1100 if (chan->fcs == L2CAP_FCS_CRC16)
1110 lh->cid = cpu_to_le16(chan->dcid);
1112 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
1117 if (chan->fcs == L2CAP_FCS_CRC16) {
1126 static void l2cap_send_sframe(struct l2cap_chan *chan,
1132 BT_DBG("chan %p, control %p", chan, control);
1137 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state) &&
1142 clear_bit(CONN_RNR_SENT, &chan->conn_state);
1144 set_bit(CONN_RNR_SENT, &chan->conn_state);
1147 chan->last_acked_seq = control->reqseq;
1148 __clear_ack_timer(chan);
1154 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
1159 skb = l2cap_create_sframe_pdu(chan, control_field);
1161 l2cap_do_send(chan, skb);
1164 static void l2cap_send_rr_or_rnr(struct l2cap_chan *chan, bool poll)
1168 BT_DBG("chan %p, poll %d", chan, poll);
1174 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state))
1179 control.reqseq = chan->buffer_seq;
1180 l2cap_send_sframe(chan, &control);
1183 static inline int __l2cap_no_conn_pending(struct l2cap_chan *chan)
1185 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED)
1188 return !test_bit(CONF_CONNECT_PEND, &chan->conf_state);
1191 void l2cap_send_conn_req(struct l2cap_chan *chan)
1193 struct l2cap_conn *conn = chan->conn;
1196 req.scid = cpu_to_le16(chan->scid);
1197 req.psm = chan->psm;
1199 chan->ident = l2cap_get_ident(conn);
1201 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
1203 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_REQ, sizeof(req), &req);
1206 static void l2cap_chan_ready(struct l2cap_chan *chan)
1212 if (chan->state == BT_CONNECTED)
1216 chan->conf_state = 0;
1217 __clear_chan_timer(chan);
1219 switch (chan->mode) {
1222 if (!chan->tx_credits)
1223 chan->ops->suspend(chan);
1227 chan->state = BT_CONNECTED;
1229 chan->ops->ready(chan);
1232 static void l2cap_le_connect(struct l2cap_chan *chan)
1234 struct l2cap_conn *conn = chan->conn;
1237 if (test_and_set_bit(FLAG_LE_CONN_REQ_SENT, &chan->flags))
1240 if (!chan->imtu)
1241 chan->imtu = chan->conn->mtu;
1243 l2cap_le_flowctl_init(chan, 0);
1246 req.psm = chan->psm;
1247 req.scid = cpu_to_le16(chan->scid);
1248 req.mtu = cpu_to_le16(chan->imtu);
1249 req.mps = cpu_to_le16(chan->mps);
1250 req.credits = cpu_to_le16(chan->rx_credits);
1252 chan->ident = l2cap_get_ident(conn);
1254 l2cap_send_cmd(conn, chan->ident, L2CAP_LE_CONN_REQ,
1263 struct l2cap_chan *chan;
1268 static void l2cap_ecred_defer_connect(struct l2cap_chan *chan, void *data)
1273 if (chan == conn->chan)
1276 if (!test_and_clear_bit(FLAG_DEFER_SETUP, &chan->flags))
1279 pid = chan->ops->get_peer_pid(chan);
1282 if (conn->pid != pid || chan->psm != conn->chan->psm || chan->ident ||
1283 chan->mode != L2CAP_MODE_EXT_FLOWCTL || chan->state != BT_CONNECT)
1286 if (test_and_set_bit(FLAG_ECRED_CONN_REQ_SENT, &chan->flags))
1289 l2cap_ecred_init(chan, 0);
1292 chan->ident = conn->chan->ident;
1295 conn->pdu.scid[conn->count] = cpu_to_le16(chan->scid);
1300 static void l2cap_ecred_connect(struct l2cap_chan *chan)
1302 struct l2cap_conn *conn = chan->conn;
1305 if (test_bit(FLAG_DEFER_SETUP, &chan->flags))
1308 if (test_and_set_bit(FLAG_ECRED_CONN_REQ_SENT, &chan->flags))
1311 l2cap_ecred_init(chan, 0);
1314 data.pdu.req.psm = chan->psm;
1315 data.pdu.req.mtu = cpu_to_le16(chan->imtu);
1316 data.pdu.req.mps = cpu_to_le16(chan->mps);
1317 data.pdu.req.credits = cpu_to_le16(chan->rx_credits);
1318 data.pdu.scid[0] = cpu_to_le16(chan->scid);
1320 chan->ident = l2cap_get_ident(conn);
1323 data.chan = chan;
1324 data.pid = chan->ops->get_peer_pid(chan);
1328 l2cap_send_cmd(conn, chan->ident, L2CAP_ECRED_CONN_REQ,
1333 static void l2cap_le_start(struct l2cap_chan *chan)
1335 struct l2cap_conn *conn = chan->conn;
1337 if (!smp_conn_security(conn->hcon, chan->sec_level))
1340 if (!chan->psm) {
1341 l2cap_chan_ready(chan);
1345 if (chan->state == BT_CONNECT) {
1346 if (chan->mode == L2CAP_MODE_EXT_FLOWCTL)
1347 l2cap_ecred_connect(chan);
1349 l2cap_le_connect(chan);
1353 static void l2cap_start_connection(struct l2cap_chan *chan)
1355 if (chan->conn->hcon->type == LE_LINK) {
1356 l2cap_le_start(chan);
1358 l2cap_send_conn_req(chan);
1401 static void l2cap_do_start(struct l2cap_chan *chan)
1403 struct l2cap_conn *conn = chan->conn;
1406 l2cap_le_start(chan);
1418 if (!l2cap_chan_check_security(chan, true) ||
1419 !__l2cap_no_conn_pending(chan))
1423 l2cap_start_connection(chan);
1425 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
1444 static void l2cap_send_disconn_req(struct l2cap_chan *chan, int err)
1446 struct l2cap_conn *conn = chan->conn;
1452 if (chan->mode == L2CAP_MODE_ERTM && chan->state == BT_CONNECTED) {
1453 __clear_retrans_timer(chan);
1454 __clear_monitor_timer(chan);
1455 __clear_ack_timer(chan);
1458 req.dcid = cpu_to_le16(chan->dcid);
1459 req.scid = cpu_to_le16(chan->scid);
1463 l2cap_state_change_and_error(chan, BT_DISCONN, err);
1469 struct l2cap_chan *chan, *tmp;
1475 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) {
1476 l2cap_chan_lock(chan);
1478 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
1479 l2cap_chan_ready(chan);
1480 l2cap_chan_unlock(chan);
1484 if (chan->state == BT_CONNECT) {
1485 if (!l2cap_chan_check_security(chan, true) ||
1486 !__l2cap_no_conn_pending(chan)) {
1487 l2cap_chan_unlock(chan);
1491 if (!l2cap_mode_supported(chan->mode, conn->feat_mask)
1493 &chan->conf_state)) {
1494 l2cap_chan_close(chan, ECONNRESET);
1495 l2cap_chan_unlock(chan);
1500 l2cap_start_connection(chan);
1502 l2cap_chan_close(chan, ECONNREFUSED);
1504 } else if (chan->state == BT_CONNECT2) {
1507 rsp.scid = cpu_to_le16(chan->dcid);
1508 rsp.dcid = cpu_to_le16(chan->scid);
1510 if (l2cap_chan_check_security(chan, false)) {
1511 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) {
1514 chan->ops->defer(chan);
1517 l2cap_state_change(chan, BT_CONFIG);
1526 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
1529 if (test_bit(CONF_REQ_SENT, &chan->conf_state) ||
1531 l2cap_chan_unlock(chan);
1535 set_bit(CONF_REQ_SENT, &chan->conf_state);
1537 l2cap_build_conf_req(chan, buf, sizeof(buf)), buf);
1538 chan->num_conf_req++;
1541 l2cap_chan_unlock(chan);
1582 struct l2cap_chan *chan;
1592 list_for_each_entry(chan, &conn->chan_l, list) {
1594 l2cap_chan_lock(chan);
1597 l2cap_le_start(chan);
1598 } else if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
1600 l2cap_chan_ready(chan);
1601 } else if (chan->state == BT_CONNECT) {
1602 l2cap_do_start(chan);
1605 l2cap_chan_unlock(chan);
1619 struct l2cap_chan *chan;
1625 list_for_each_entry(chan, &conn->chan_l, list) {
1626 if (test_bit(FLAG_FORCE_RELIABLE, &chan->flags))
1627 l2cap_chan_set_err(chan, err);
1726 struct l2cap_chan *chan, *l;
1754 list_for_each_entry_safe(chan, l, &conn->chan_l, list) {
1755 l2cap_chan_hold(chan);
1756 l2cap_chan_lock(chan);
1758 l2cap_chan_del(chan, err);
1760 chan->ops->close(chan);
1762 l2cap_chan_unlock(chan);
1763 l2cap_chan_put(chan);
1857 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
1860 BT_DBG("chan %p", chan);
1862 l2cap_chan_lock(chan);
1864 if (!chan->conn) {
1865 l2cap_chan_unlock(chan);
1866 l2cap_chan_put(chan);
1870 l2cap_tx(chan, NULL, NULL, L2CAP_EV_MONITOR_TO);
1872 l2cap_chan_unlock(chan);
1873 l2cap_chan_put(chan);
1878 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
1881 BT_DBG("chan %p", chan);
1883 l2cap_chan_lock(chan);
1885 if (!chan->conn) {
1886 l2cap_chan_unlock(chan);
1887 l2cap_chan_put(chan);
1891 l2cap_tx(chan, NULL, NULL, L2CAP_EV_RETRANS_TO);
1892 l2cap_chan_unlock(chan);
1893 l2cap_chan_put(chan);
1896 static void l2cap_streaming_send(struct l2cap_chan *chan,
1902 BT_DBG("chan %p, skbs %p", chan, skbs);
1904 skb_queue_splice_tail_init(skbs, &chan->tx_q);
1906 while (!skb_queue_empty(&chan->tx_q)) {
1908 skb = skb_dequeue(&chan->tx_q);
1914 control->txseq = chan->next_tx_seq;
1916 __pack_control(chan, control, skb);
1918 if (chan->fcs == L2CAP_FCS_CRC16) {
1923 l2cap_do_send(chan, skb);
1927 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq);
1928 chan->frames_sent++;
1932 static int l2cap_ertm_send(struct l2cap_chan *chan)
1938 BT_DBG("chan %p", chan);
1940 if (chan->state != BT_CONNECTED)
1943 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state))
1946 while (chan->tx_send_head &&
1947 chan->unacked_frames < chan->remote_tx_win &&
1948 chan->tx_state == L2CAP_TX_STATE_XMIT) {
1950 skb = chan->tx_send_head;
1955 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
1958 control->reqseq = chan->buffer_seq;
1959 chan->last_acked_seq = chan->buffer_seq;
1960 control->txseq = chan->next_tx_seq;
1962 __pack_control(chan, control, skb);
1964 if (chan->fcs == L2CAP_FCS_CRC16) {
1977 __set_retrans_timer(chan);
1979 chan->next_tx_seq = __next_seq(chan, chan->next_tx_seq);
1980 chan->unacked_frames++;
1981 chan->frames_sent++;
1984 if (skb_queue_is_last(&chan->tx_q, skb))
1985 chan->tx_send_head = NULL;
1987 chan->tx_send_head = skb_queue_next(&chan->tx_q, skb);
1989 l2cap_do_send(chan, tx_skb);
1994 chan->unacked_frames, skb_queue_len(&chan->tx_q));
1999 static void l2cap_ertm_resend(struct l2cap_chan *chan)
2006 BT_DBG("chan %p", chan);
2008 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state))
2011 while (chan->retrans_list.head != L2CAP_SEQ_LIST_CLEAR) {
2012 seq = l2cap_seq_list_pop(&chan->retrans_list);
2014 skb = l2cap_ertm_seq_in_queue(&chan->tx_q, seq);
2024 if (chan->max_tx != 0 &&
2025 bt_cb(skb)->l2cap.retries > chan->max_tx) {
2026 BT_DBG("Retry limit exceeded (%d)", chan->max_tx);
2027 l2cap_send_disconn_req(chan, ECONNRESET);
2028 l2cap_seq_list_clear(&chan->retrans_list);
2032 control.reqseq = chan->buffer_seq;
2033 if (test_and_clear_bit(CONN_SEND_FBIT, &chan->conn_state))
2048 l2cap_seq_list_clear(&chan->retrans_list);
2053 if (test_bit(FLAG_EXT_CTRL, &chan->flags)) {
2062 if (chan->fcs == L2CAP_FCS_CRC16) {
2069 l2cap_do_send(chan, tx_skb);
2073 chan->last_acked_seq = chan->buffer_seq;
2077 static void l2cap_retransmit(struct l2cap_chan *chan,
2080 BT_DBG("chan %p, control %p", chan, control);
2082 l2cap_seq_list_append(&chan->retrans_list, control->reqseq);
2083 l2cap_ertm_resend(chan);
2086 static void l2cap_retransmit_all(struct l2cap_chan *chan,
2091 BT_DBG("chan %p, control %p", chan, control);
2094 set_bit(CONN_SEND_FBIT, &chan->conn_state);
2096 l2cap_seq_list_clear(&chan->retrans_list);
2098 if (test_bit(CONN_REMOTE_BUSY, &chan->conn_state))
2101 if (chan->unacked_frames) {
2102 skb_queue_walk(&chan->tx_q, skb) {
2104 skb == chan->tx_send_head)
2108 skb_queue_walk_from(&chan->tx_q, skb) {
2109 if (skb == chan->tx_send_head)
2112 l2cap_seq_list_append(&chan->retrans_list,
2116 l2cap_ertm_resend(chan);
2120 static void l2cap_send_ack(struct l2cap_chan *chan)
2123 u16 frames_to_ack = __seq_offset(chan, chan->buffer_seq,
2124 chan->last_acked_seq);
2127 BT_DBG("chan %p last_acked_seq %d buffer_seq %d",
2128 chan, chan->last_acked_seq, chan->buffer_seq);
2133 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state) &&
2134 chan->rx_state == L2CAP_RX_STATE_RECV) {
2135 __clear_ack_timer(chan);
2137 control.reqseq = chan->buffer_seq;
2138 l2cap_send_sframe(chan, &control);
2140 if (!test_bit(CONN_REMOTE_BUSY, &chan->conn_state)) {
2141 l2cap_ertm_send(chan);
2143 if (chan->buffer_seq == chan->last_acked_seq)
2150 threshold = chan->ack_win;
2158 __clear_ack_timer(chan);
2160 control.reqseq = chan->buffer_seq;
2161 l2cap_send_sframe(chan, &control);
2166 __set_ack_timer(chan);
2170 static inline int l2cap_skbuff_fromiovec(struct l2cap_chan *chan,
2174 struct l2cap_conn *conn = chan->conn;
2191 tmp = chan->ops->alloc_skb(chan, 0, count,
2214 static struct sk_buff *l2cap_create_connless_pdu(struct l2cap_chan *chan,
2217 struct l2cap_conn *conn = chan->conn;
2222 BT_DBG("chan %p psm 0x%2.2x len %zu", chan,
2223 __le16_to_cpu(chan->psm), len);
2227 skb = chan->ops->alloc_skb(chan, hlen, count,
2234 lh->cid = cpu_to_le16(chan->dcid);
2236 put_unaligned(chan->psm, (__le16 *) skb_put(skb, L2CAP_PSMLEN_SIZE));
2238 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
2246 static struct sk_buff *l2cap_create_basic_pdu(struct l2cap_chan *chan,
2249 struct l2cap_conn *conn = chan->conn;
2254 BT_DBG("chan %p len %zu", chan, len);
2258 skb = chan->ops->alloc_skb(chan, L2CAP_HDR_SIZE, count,
2265 lh->cid = cpu_to_le16(chan->dcid);
2268 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
2276 static struct sk_buff *l2cap_create_iframe_pdu(struct l2cap_chan *chan,
2280 struct l2cap_conn *conn = chan->conn;
2285 BT_DBG("chan %p len %zu", chan, len);
2290 hlen = __ertm_hdr_size(chan);
2295 if (chan->fcs == L2CAP_FCS_CRC16)
2300 skb = chan->ops->alloc_skb(chan, hlen, count,
2307 lh->cid = cpu_to_le16(chan->dcid);
2311 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
2319 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
2325 bt_cb(skb)->l2cap.fcs = chan->fcs;
2330 static int l2cap_segment_sdu(struct l2cap_chan *chan,
2339 BT_DBG("chan %p, msg %p, len %zu", chan, msg, len);
2347 pdu_len = chan->conn->mtu;
2353 if (chan->fcs)
2356 pdu_len -= __ertm_hdr_size(chan);
2359 pdu_len = min_t(size_t, pdu_len, chan->remote_mps);
2371 skb = l2cap_create_iframe_pdu(chan, msg, pdu_len, sdu_len);
2396 static struct sk_buff *l2cap_create_le_flowctl_pdu(struct l2cap_chan *chan,
2400 struct l2cap_conn *conn = chan->conn;
2405 BT_DBG("chan %p len %zu", chan, len);
2417 skb = chan->ops->alloc_skb(chan, hlen, count,
2424 lh->cid = cpu_to_le16(chan->dcid);
2430 err = l2cap_skbuff_fromiovec(chan, msg, len, count, skb);
2439 static int l2cap_segment_le_sdu(struct l2cap_chan *chan,
2447 BT_DBG("chan %p, msg %p, len %zu", chan, msg, len);
2450 pdu_len = chan->remote_mps - L2CAP_SDULEN_SIZE;
2456 skb = l2cap_create_le_flowctl_pdu(chan, msg, pdu_len, sdu_len);
2475 static void l2cap_le_flowctl_send(struct l2cap_chan *chan)
2479 BT_DBG("chan %p", chan);
2481 while (chan->tx_credits && !skb_queue_empty(&chan->tx_q)) {
2482 l2cap_do_send(chan, skb_dequeue(&chan->tx_q));
2483 chan->tx_credits--;
2487 BT_DBG("Sent %d credits %u queued %u", sent, chan->tx_credits,
2488 skb_queue_len(&chan->tx_q));
2491 int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len)
2497 if (!chan->conn)
2501 if (chan->chan_type == L2CAP_CHAN_CONN_LESS) {
2502 skb = l2cap_create_connless_pdu(chan, msg, len);
2506 l2cap_do_send(chan, skb);
2510 switch (chan->mode) {
2514 if (len > chan->omtu)
2519 err = l2cap_segment_le_sdu(chan, &seg_queue, msg, len);
2521 if (chan->state != BT_CONNECTED) {
2529 skb_queue_splice_tail_init(&seg_queue, &chan->tx_q);
2531 l2cap_le_flowctl_send(chan);
2533 if (!chan->tx_credits)
2534 chan->ops->suspend(chan);
2542 if (len > chan->omtu)
2546 skb = l2cap_create_basic_pdu(chan, msg, len);
2550 l2cap_do_send(chan, skb);
2557 if (len > chan->omtu) {
2568 err = l2cap_segment_sdu(chan, &seg_queue, msg, len);
2573 if (chan->mode == L2CAP_MODE_ERTM)
2574 l2cap_tx(chan, NULL, &seg_queue, L2CAP_EV_DATA_REQUEST);
2576 l2cap_streaming_send(chan, &seg_queue);
2587 BT_DBG("bad state %1.1x", chan->mode);
2595 static void l2cap_send_srej(struct l2cap_chan *chan, u16 txseq)
2600 BT_DBG("chan %p, txseq %u", chan, txseq);
2606 for (seq = chan->expected_tx_seq; seq != txseq;
2607 seq = __next_seq(chan, seq)) {
2608 if (!l2cap_ertm_seq_in_queue(&chan->srej_q, seq)) {
2610 l2cap_send_sframe(chan, &control);
2611 l2cap_seq_list_append(&chan->srej_list, seq);
2615 chan->expected_tx_seq = __next_seq(chan, txseq);
2618 static void l2cap_send_srej_tail(struct l2cap_chan *chan)
2622 BT_DBG("chan %p", chan);
2624 if (chan->srej_list.tail == L2CAP_SEQ_LIST_CLEAR)
2630 control.reqseq = chan->srej_list.tail;
2631 l2cap_send_sframe(chan, &control);
2634 static void l2cap_send_srej_list(struct l2cap_chan *chan, u16 txseq)
2640 BT_DBG("chan %p, txseq %u", chan, txseq);
2647 initial_head = chan->srej_list.head;
2650 seq = l2cap_seq_list_pop(&chan->srej_list);
2655 l2cap_send_sframe(chan, &control);
2656 l2cap_seq_list_append(&chan->srej_list, seq);
2657 } while (chan->srej_list.head != initial_head);
2660 static void l2cap_process_reqseq(struct l2cap_chan *chan, u16 reqseq)
2665 BT_DBG("chan %p, reqseq %u", chan, reqseq);
2667 if (chan->unacked_frames == 0 || reqseq == chan->expected_ack_seq)
2671 chan->expected_ack_seq, chan->unacked_frames);
2673 for (ackseq = chan->expected_ack_seq; ackseq != reqseq;
2674 ackseq = __next_seq(chan, ackseq)) {
2676 acked_skb = l2cap_ertm_seq_in_queue(&chan->tx_q, ackseq);
2678 skb_unlink(acked_skb, &chan->tx_q);
2680 chan->unacked_frames--;
2684 chan->expected_ack_seq = reqseq;
2686 if (chan->unacked_frames == 0)
2687 __clear_retrans_timer(chan);
2689 BT_DBG("unacked_frames %u", chan->unacked_frames);
2692 static void l2cap_abort_rx_srej_sent(struct l2cap_chan *chan)
2694 BT_DBG("chan %p", chan);
2696 chan->expected_tx_seq = chan->buffer_seq;
2697 l2cap_seq_list_clear(&chan->srej_list);
2698 skb_queue_purge(&chan->srej_q);
2699 chan->rx_state = L2CAP_RX_STATE_RECV;
2702 static void l2cap_tx_state_xmit(struct l2cap_chan *chan,
2706 BT_DBG("chan %p, control %p, skbs %p, event %d", chan, control, skbs,
2711 if (chan->tx_send_head == NULL)
2712 chan->tx_send_head = skb_peek(skbs);
2714 skb_queue_splice_tail_init(skbs, &chan->tx_q);
2715 l2cap_ertm_send(chan);
2719 set_bit(CONN_LOCAL_BUSY, &chan->conn_state);
2721 if (chan->rx_state == L2CAP_RX_STATE_SREJ_SENT) {
2725 l2cap_abort_rx_srej_sent(chan);
2728 l2cap_send_ack(chan);
2733 clear_bit(CONN_LOCAL_BUSY, &chan->conn_state);
2735 if (test_bit(CONN_RNR_SENT, &chan->conn_state)) {
2742 local_control.reqseq = chan->buffer_seq;
2743 l2cap_send_sframe(chan, &local_control);
2745 chan->retry_count = 1;
2746 __set_monitor_timer(chan);
2747 chan->tx_state = L2CAP_TX_STATE_WAIT_F;
2751 l2cap_process_reqseq(chan, control->reqseq);
2754 l2cap_send_rr_or_rnr(chan, 1);
2755 chan->retry_count = 1;
2756 __set_monitor_timer(chan);
2757 __clear_ack_timer(chan);
2758 chan->tx_state = L2CAP_TX_STATE_WAIT_F;
2761 l2cap_send_rr_or_rnr(chan, 1);
2762 chan->retry_count = 1;
2763 __set_monitor_timer(chan);
2764 chan->tx_state = L2CAP_TX_STATE_WAIT_F;
2774 static void l2cap_tx_state_wait_f(struct l2cap_chan *chan,
2778 BT_DBG("chan %p, control %p, skbs %p, event %d", chan, control, skbs,
2783 if (chan->tx_send_head == NULL)
2784 chan->tx_send_head = skb_peek(skbs);
2786 skb_queue_splice_tail_init(skbs, &chan->tx_q);
2790 set_bit(CONN_LOCAL_BUSY, &chan->conn_state);
2792 if (chan->rx_state == L2CAP_RX_STATE_SREJ_SENT) {
2796 l2cap_abort_rx_srej_sent(chan);
2799 l2cap_send_ack(chan);
2804 clear_bit(CONN_LOCAL_BUSY, &chan->conn_state);
2806 if (test_bit(CONN_RNR_SENT, &chan->conn_state)) {
2812 local_control.reqseq = chan->buffer_seq;
2813 l2cap_send_sframe(chan, &local_control);
2815 chan->retry_count = 1;
2816 __set_monitor_timer(chan);
2817 chan->tx_state = L2CAP_TX_STATE_WAIT_F;
2821 l2cap_process_reqseq(chan, control->reqseq);
2826 __clear_monitor_timer(chan);
2827 if (chan->unacked_frames > 0)
2828 __set_retrans_timer(chan);
2829 chan->retry_count = 0;
2830 chan->tx_state = L2CAP_TX_STATE_XMIT;
2831 BT_DBG("recv fbit tx_state 0x2.2%x", chan->tx_state);
2838 if (chan->max_tx == 0 || chan->retry_count < chan->max_tx) {
2839 l2cap_send_rr_or_rnr(chan, 1);
2840 __set_monitor_timer(chan);
2841 chan->retry_count++;
2843 l2cap_send_disconn_req(chan, ECONNABORTED);
2851 static void l2cap_tx(struct l2cap_chan *chan, struct l2cap_ctrl *control,
2854 BT_DBG("chan %p, control %p, skbs %p, event %d, state %d",
2855 chan, control, skbs, event, chan->tx_state);
2857 switch (chan->tx_state) {
2859 l2cap_tx_state_xmit(chan, control, skbs, event);
2862 l2cap_tx_state_wait_f(chan, control, skbs, event);
2870 static void l2cap_pass_to_tx(struct l2cap_chan *chan,
2873 BT_DBG("chan %p, control %p", chan, control);
2874 l2cap_tx(chan, control, NULL, L2CAP_EV_RECV_REQSEQ_AND_FBIT);
2877 static void l2cap_pass_to_tx_fbit(struct l2cap_chan *chan,
2880 BT_DBG("chan %p, control %p", chan, control);
2881 l2cap_tx(chan, control, NULL, L2CAP_EV_RECV_FBIT);
2888 struct l2cap_chan *chan;
2894 list_for_each_entry(chan, &conn->chan_l, list) {
2895 if (chan->chan_type != L2CAP_CHAN_RAW)
2899 if (bt_cb(skb)->l2cap.chan == chan)
2905 if (chan->ops->recv(chan, nskb))
3046 static void l2cap_add_opt_efs(void **ptr, struct l2cap_chan *chan, size_t size)
3050 switch (chan->mode) {
3052 efs.id = chan->local_id;
3053 efs.stype = chan->local_stype;
3054 efs.msdu = cpu_to_le16(chan->local_msdu);
3055 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime);
3063 efs.msdu = cpu_to_le16(chan->local_msdu);
3064 efs.sdu_itime = cpu_to_le32(chan->local_sdu_itime);
3079 struct l2cap_chan *chan = container_of(work, struct l2cap_chan,
3083 BT_DBG("chan %p", chan);
3085 l2cap_chan_lock(chan);
3087 frames_to_ack = __seq_offset(chan, chan->buffer_seq,
3088 chan->last_acked_seq);
3091 l2cap_send_rr_or_rnr(chan, 0);
3093 l2cap_chan_unlock(chan);
3094 l2cap_chan_put(chan);
3097 int l2cap_ertm_init(struct l2cap_chan *chan)
3101 chan->next_tx_seq = 0;
3102 chan->expected_tx_seq = 0;
3103 chan->expected_ack_seq = 0;
3104 chan->unacked_frames = 0;
3105 chan->buffer_seq = 0;
3106 chan->frames_sent = 0;
3107 chan->last_acked_seq = 0;
3108 chan->sdu = NULL;
3109 chan->sdu_last_frag = NULL;
3110 chan->sdu_len = 0;
3112 skb_queue_head_init(&chan->tx_q);
3114 if (chan->mode != L2CAP_MODE_ERTM)
3117 chan->rx_state = L2CAP_RX_STATE_RECV;
3118 chan->tx_state = L2CAP_TX_STATE_XMIT;
3120 skb_queue_head_init(&chan->srej_q);
3122 err = l2cap_seq_list_init(&chan->srej_list, chan->tx_win);
3126 err = l2cap_seq_list_init(&chan->retrans_list, chan->remote_tx_win);
3128 l2cap_seq_list_free(&chan->srej_list);
3156 static void __l2cap_set_ertm_timeouts(struct l2cap_chan *chan,
3163 static inline void l2cap_txwin_setup(struct l2cap_chan *chan)
3165 if (chan->tx_win > L2CAP_DEFAULT_TX_WINDOW &&
3166 __l2cap_ews_supported(chan->conn)) {
3168 set_bit(FLAG_EXT_CTRL, &chan->flags);
3169 chan->tx_win_max = L2CAP_DEFAULT_EXT_WINDOW;
3171 chan->tx_win = min_t(u16, chan->tx_win,
3173 chan->tx_win_max = L2CAP_DEFAULT_TX_WINDOW;
3175 chan->ack_win = chan->tx_win;
3178 static void l2cap_mtu_auto(struct l2cap_chan *chan)
3180 struct hci_conn *conn = chan->conn->hcon;
3182 chan->imtu = L2CAP_DEFAULT_MIN_MTU;
3188 chan->imtu = 54;
3194 chan->imtu = 83;
3200 chan->imtu = 367;
3206 chan->imtu = 552;
3212 chan->imtu = 679;
3218 chan->imtu = 1021;
3221 static int l2cap_build_conf_req(struct l2cap_chan *chan, void *data, size_t data_size)
3224 struct l2cap_conf_rfc rfc = { .mode = chan->mode };
3229 BT_DBG("chan %p", chan);
3231 if (chan->num_conf_req || chan->num_conf_rsp)
3234 switch (chan->mode) {
3237 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state))
3240 if (__l2cap_efs_supported(chan->conn))
3241 set_bit(FLAG_EFS_ENABLE, &chan->flags);
3245 chan->mode = l2cap_select_mode(rfc.mode, chan->conn->feat_mask);
3250 if (chan->imtu != L2CAP_DEFAULT_MTU) {
3251 if (!chan->imtu)
3252 l2cap_mtu_auto(chan);
3253 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu,
3257 switch (chan->mode) {
3262 if (!(chan->conn->feat_mask & L2CAP_FEAT_ERTM) &&
3263 !(chan->conn->feat_mask & L2CAP_FEAT_STREAMING))
3279 rfc.max_transmit = chan->max_tx;
3281 __l2cap_set_ertm_timeouts(chan, &rfc);
3283 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
3288 l2cap_txwin_setup(chan);
3290 rfc.txwin_size = min_t(u16, chan->tx_win,
3296 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
3297 l2cap_add_opt_efs(&ptr, chan, endptr - ptr);
3299 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
3301 chan->tx_win, endptr - ptr);
3303 if (chan->conn->feat_mask & L2CAP_FEAT_FCS)
3304 if (chan->fcs == L2CAP_FCS_NONE ||
3305 test_bit(CONF_RECV_NO_FCS, &chan->conf_state)) {
3306 chan->fcs = L2CAP_FCS_NONE;
3308 chan->fcs, endptr - ptr);
3313 l2cap_txwin_setup(chan);
3320 size = min_t(u16, L2CAP_DEFAULT_MAX_PDU_SIZE, chan->conn->mtu -
3328 if (test_bit(FLAG_EFS_ENABLE, &chan->flags))
3329 l2cap_add_opt_efs(&ptr, chan, endptr - ptr);
3331 if (chan->conn->feat_mask & L2CAP_FEAT_FCS)
3332 if (chan->fcs == L2CAP_FCS_NONE ||
3333 test_bit(CONF_RECV_NO_FCS, &chan->conf_state)) {
3334 chan->fcs = L2CAP_FCS_NONE;
3336 chan->fcs, endptr - ptr);
3341 req->dcid = cpu_to_le16(chan->dcid);
3347 static int l2cap_parse_conf_req(struct l2cap_chan *chan, void *data, size_t data_size)
3352 void *req = chan->conf_req;
3353 int len = chan->conf_len;
3363 BT_DBG("chan %p", chan);
3383 chan->flush_to = val;
3399 set_bit(CONF_RECV_NO_FCS, &chan->conf_state);
3423 if (chan->num_conf_rsp || chan->num_conf_req > 1)
3426 switch (chan->mode) {
3429 if (!test_bit(CONF_STATE2_DEVICE, &chan->conf_state)) {
3430 chan->mode = l2cap_select_mode(rfc.mode,
3431 chan->conn->feat_mask);
3436 if (__l2cap_efs_supported(chan->conn))
3437 set_bit(FLAG_EFS_ENABLE, &chan->flags);
3442 if (chan->mode != rfc.mode)
3449 if (chan->mode != rfc.mode) {
3451 rfc.mode = chan->mode;
3453 if (chan->num_conf_rsp == 1)
3467 chan->omtu = mtu;
3468 set_bit(CONF_MTU_DONE, &chan->conf_state);
3470 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->omtu, endptr - ptr);
3473 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
3475 efs.stype != chan->local_stype) {
3479 if (chan->num_conf_req >= 1)
3488 set_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
3494 chan->fcs = L2CAP_FCS_NONE;
3495 set_bit(CONF_MODE_DONE, &chan->conf_state);
3499 if (!test_bit(CONF_EWS_RECV, &chan->conf_state))
3500 chan->remote_tx_win = rfc.txwin_size;
3504 chan->remote_max_tx = rfc.max_transmit;
3507 chan->conn->mtu - L2CAP_EXT_HDR_SIZE -
3510 chan->remote_mps = size;
3512 __l2cap_set_ertm_timeouts(chan, &rfc);
3514 set_bit(CONF_MODE_DONE, &chan->conf_state);
3520 test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
3521 chan->remote_id = efs.id;
3522 chan->remote_stype = efs.stype;
3523 chan->remote_msdu = le16_to_cpu(efs.msdu);
3524 chan->remote_flush_to =
3526 chan->remote_acc_lat =
3528 chan->remote_sdu_itime =
3538 chan->conn->mtu - L2CAP_EXT_HDR_SIZE -
3541 chan->remote_mps = size;
3543 set_bit(CONF_MODE_DONE, &chan->conf_state);
3554 rfc.mode = chan->mode;
3558 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
3560 rsp->scid = cpu_to_le16(chan->dcid);
3567 static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len,
3578 BT_DBG("chan %p, rsp %p, len %d, req %p", chan, rsp, len, data);
3591 chan->imtu = L2CAP_DEFAULT_MIN_MTU;
3593 chan->imtu = val;
3594 l2cap_add_conf_opt(&ptr, L2CAP_CONF_MTU, 2, chan->imtu,
3601 chan->flush_to = val;
3603 chan->flush_to, endptr - ptr);
3610 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
3611 rfc.mode != chan->mode)
3613 chan->fcs = 0;
3621 chan->ack_win = min_t(u16, val, chan->ack_win);
3623 chan->tx_win, endptr - ptr);
3630 if (chan->local_stype != L2CAP_SERV_NOTRAFIC &&
3632 efs.stype != chan->local_stype)
3644 &chan->conf_state);
3649 if (chan->mode == L2CAP_MODE_BASIC && chan->mode != rfc.mode)
3652 chan->mode = rfc.mode;
3657 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
3658 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
3659 chan->mps = le16_to_cpu(rfc.max_pdu_size);
3660 if (!test_bit(FLAG_EXT_CTRL, &chan->flags))
3661 chan->ack_win = min_t(u16, chan->ack_win,
3664 if (test_bit(FLAG_EFS_ENABLE, &chan->flags)) {
3665 chan->local_msdu = le16_to_cpu(efs.msdu);
3666 chan->local_sdu_itime =
3668 chan->local_acc_lat = le32_to_cpu(efs.acc_lat);
3669 chan->local_flush_to =
3675 chan->mps = le16_to_cpu(rfc.max_pdu_size);
3679 req->dcid = cpu_to_le16(chan->dcid);
3685 static int l2cap_build_conf_rsp(struct l2cap_chan *chan, void *data,
3691 BT_DBG("chan %p", chan);
3693 rsp->scid = cpu_to_le16(chan->dcid);
3700 void __l2cap_le_connect_rsp_defer(struct l2cap_chan *chan)
3703 struct l2cap_conn *conn = chan->conn;
3705 BT_DBG("chan %p", chan);
3707 rsp.dcid = cpu_to_le16(chan->scid);
3708 rsp.mtu = cpu_to_le16(chan->imtu);
3709 rsp.mps = cpu_to_le16(chan->mps);
3710 rsp.credits = cpu_to_le16(chan->rx_credits);
3713 l2cap_send_cmd(conn, chan->ident, L2CAP_LE_CONN_RSP, sizeof(rsp),
3717 static void l2cap_ecred_list_defer(struct l2cap_chan *chan, void *data)
3721 if (*result || test_bit(FLAG_ECRED_CONN_REQ_SENT, &chan->flags))
3724 switch (chan->state) {
3746 static void l2cap_ecred_rsp_defer(struct l2cap_chan *chan, void *data)
3750 if (test_bit(FLAG_ECRED_CONN_REQ_SENT, &chan->flags))
3754 chan->ident = 0;
3758 rsp->pdu.rsp.dcid[rsp->count++] = cpu_to_le16(chan->scid);
3760 l2cap_chan_del(chan, ECONNRESET);
3763 void __l2cap_ecred_conn_rsp_defer(struct l2cap_chan *chan)
3765 struct l2cap_conn *conn = chan->conn;
3767 u16 id = chan->ident;
3773 BT_DBG("chan %p id %d", chan, id);
3777 data.pdu.rsp.mtu = cpu_to_le16(chan->imtu);
3778 data.pdu.rsp.mps = cpu_to_le16(chan->mps);
3779 data.pdu.rsp.credits = cpu_to_le16(chan->rx_credits);
3799 void __l2cap_connect_rsp_defer(struct l2cap_chan *chan)
3802 struct l2cap_conn *conn = chan->conn;
3806 rsp.scid = cpu_to_le16(chan->dcid);
3807 rsp.dcid = cpu_to_le16(chan->scid);
3812 BT_DBG("chan %p rsp_code %u", chan, rsp_code);
3814 l2cap_send_cmd(conn, chan->ident, rsp_code, sizeof(rsp), &rsp);
3816 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
3820 l2cap_build_conf_req(chan, buf, sizeof(buf)), buf);
3821 chan->num_conf_req++;
3824 static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
3831 u16 txwin_ext = chan->ack_win;
3833 .mode = chan->mode,
3836 .max_pdu_size = cpu_to_le16(chan->imtu),
3837 .txwin_size = min_t(u16, chan->ack_win, L2CAP_DEFAULT_TX_WINDOW),
3840 BT_DBG("chan %p, rsp %p, len %d", chan, rsp, len);
3842 if ((chan->mode != L2CAP_MODE_ERTM) && (chan->mode != L2CAP_MODE_STREAMING))
3866 chan->retrans_timeout = le16_to_cpu(rfc.retrans_timeout);
3867 chan->monitor_timeout = le16_to_cpu(rfc.monitor_timeout);
3868 chan->mps = le16_to_cpu(rfc.max_pdu_size);
3869 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
3870 chan->ack_win = min_t(u16, chan->ack_win, txwin_ext);
3872 chan->ack_win = min_t(u16, chan->ack_win,
3876 chan->mps = le16_to_cpu(rfc.max_pdu_size);
3911 struct l2cap_chan *chan = NULL, *pchan;
3952 chan = pchan->ops->new_connection(pchan);
3953 if (!chan)
3963 bacpy(&chan->src, &conn->hcon->src);
3964 bacpy(&chan->dst, &conn->hcon->dst);
3965 chan->src_type = bdaddr_src_type(conn->hcon);
3966 chan->dst_type = bdaddr_dst_type(conn->hcon);
3967 chan->psm = psm;
3968 chan->dcid = scid;
3970 __l2cap_chan_add(conn, chan);
3972 dcid = chan->scid;
3974 __set_chan_timer(chan, chan->ops->get_sndtimeo(chan));
3976 chan->ident = cmd->ident;
3979 if (l2cap_chan_check_security(chan, false)) {
3980 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) {
3981 l2cap_state_change(chan, BT_CONNECT2);
3984 chan->ops->defer(chan);
3991 l2cap_state_change(chan, BT_CONFIG);
3994 l2cap_state_change(chan, BT_CONNECT2);
4000 l2cap_state_change(chan, BT_CONNECT2);
4005 l2cap_state_change(chan, BT_CONNECT2);
4035 if (chan && !test_bit(CONF_REQ_SENT, &chan->conf_state) &&
4038 set_bit(CONF_REQ_SENT, &chan->conf_state);
4040 l2cap_build_conf_req(chan, buf, sizeof(buf)), buf);
4041 chan->num_conf_req++;
4044 return chan;
4071 struct l2cap_chan *chan;
4093 chan = __l2cap_get_chan_by_scid(conn, scid);
4094 if (!chan) {
4099 chan = __l2cap_get_chan_by_ident(conn, cmd->ident);
4100 if (!chan) {
4106 chan = l2cap_chan_hold_unless_zero(chan);
4107 if (!chan) {
4114 l2cap_chan_lock(chan);
4123 l2cap_state_change(chan, BT_CONFIG);
4124 chan->ident = 0;
4125 chan->dcid = dcid;
4126 clear_bit(CONF_CONNECT_PEND, &chan->conf_state);
4128 if (test_and_set_bit(CONF_REQ_SENT, &chan->conf_state))
4132 l2cap_build_conf_req(chan, req, sizeof(req)), req);
4133 chan->num_conf_req++;
4137 set_bit(CONF_CONNECT_PEND, &chan->conf_state);
4141 l2cap_chan_del(chan, ECONNREFUSED);
4145 l2cap_chan_unlock(chan);
4146 l2cap_chan_put(chan);
4154 static inline void set_default_fcs(struct l2cap_chan *chan)
4159 if (chan->mode != L2CAP_MODE_ERTM && chan->mode != L2CAP_MODE_STREAMING)
4160 chan->fcs = L2CAP_FCS_NONE;
4161 else if (!test_bit(CONF_RECV_NO_FCS, &chan->conf_state))
4162 chan->fcs = L2CAP_FCS_CRC16;
4165 static void l2cap_send_efs_conf_rsp(struct l2cap_chan *chan, void *data,
4168 struct l2cap_conn *conn = chan->conn;
4170 BT_DBG("conn %p chan %p ident %d flags 0x%4.4x", conn, chan, ident,
4173 clear_bit(CONF_LOC_CONF_PEND, &chan->conf_state);
4174 set_bit(CONF_OUTPUT_DONE, &chan->conf_state);
4177 l2cap_build_conf_rsp(chan, data,
4200 struct l2cap_chan *chan;
4211 chan = l2cap_get_chan_by_scid(conn, dcid);
4212 if (!chan) {
4217 if (chan->state != BT_CONFIG && chan->state != BT_CONNECT2 &&
4218 chan->state != BT_CONNECTED) {
4219 cmd_reject_invalid_cid(conn, cmd->ident, chan->scid,
4220 chan->dcid);
4226 if (chan->conf_len + len > sizeof(chan->conf_req)) {
4228 l2cap_build_conf_rsp(chan, rsp,
4234 memcpy(chan->conf_req + chan->conf_len, req->data, len);
4235 chan->conf_len += len;
4240 l2cap_build_conf_rsp(chan, rsp,
4246 len = l2cap_parse_conf_req(chan, rsp, sizeof(rsp));
4248 l2cap_send_disconn_req(chan, ECONNRESET);
4252 chan->ident = cmd->ident;
4254 if (chan->num_conf_rsp < L2CAP_CONF_MAX_CONF_RSP)
4255 chan->num_conf_rsp++;
4258 chan->conf_len = 0;
4260 if (!test_bit(CONF_OUTPUT_DONE, &chan->conf_state))
4263 if (test_bit(CONF_INPUT_DONE, &chan->conf_state)) {
4264 set_default_fcs(chan);
4266 if (chan->mode == L2CAP_MODE_ERTM ||
4267 chan->mode == L2CAP_MODE_STREAMING)
4268 err = l2cap_ertm_init(chan);
4271 l2cap_send_disconn_req(chan, -err);
4273 l2cap_chan_ready(chan);
4278 if (!test_and_set_bit(CONF_REQ_SENT, &chan->conf_state)) {
4281 l2cap_build_conf_req(chan, buf, sizeof(buf)), buf);
4282 chan->num_conf_req++;
4287 if (test_bit(CONF_REM_CONF_PEND, &chan->conf_state) &&
4288 test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) {
4293 l2cap_send_efs_conf_rsp(chan, rsp, cmd->ident, flags);
4297 l2cap_chan_unlock(chan);
4298 l2cap_chan_put(chan);
4308 struct l2cap_chan *chan;
4322 chan = l2cap_get_chan_by_scid(conn, scid);
4323 if (!chan)
4328 l2cap_conf_rfc_get(chan, rsp->data, len);
4329 clear_bit(CONF_REM_CONF_PEND, &chan->conf_state);
4333 set_bit(CONF_REM_CONF_PEND, &chan->conf_state);
4335 if (test_bit(CONF_LOC_CONF_PEND, &chan->conf_state)) {
4338 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
4341 l2cap_send_disconn_req(chan, ECONNRESET);
4345 l2cap_send_efs_conf_rsp(chan, buf, cmd->ident, 0);
4351 if (chan->num_conf_rsp <= L2CAP_CONF_MAX_CONF_RSP) {
4355 l2cap_send_disconn_req(chan, ECONNRESET);
4361 len = l2cap_parse_conf_rsp(chan, rsp->data, len,
4364 l2cap_send_disconn_req(chan, ECONNRESET);
4370 chan->num_conf_req++;
4378 l2cap_chan_set_err(chan, ECONNRESET);
4380 __set_chan_timer(chan, L2CAP_DISC_REJ_TIMEOUT);
4381 l2cap_send_disconn_req(chan, ECONNRESET);
4388 set_bit(CONF_INPUT_DONE, &chan->conf_state);
4390 if (test_bit(CONF_OUTPUT_DONE, &chan->conf_state)) {
4391 set_default_fcs(chan);
4393 if (chan->mode == L2CAP_MODE_ERTM ||
4394 chan->mode == L2CAP_MODE_STREAMING)
4395 err = l2cap_ertm_init(chan);
4398 l2cap_send_disconn_req(chan, -err);
4400 l2cap_chan_ready(chan);
4404 l2cap_chan_unlock(chan);
4405 l2cap_chan_put(chan);
4416 struct l2cap_chan *chan;
4426 chan = l2cap_get_chan_by_scid(conn, dcid);
4427 if (!chan) {
4432 rsp.dcid = cpu_to_le16(chan->scid);
4433 rsp.scid = cpu_to_le16(chan->dcid);
4436 chan->ops->set_shutdown(chan);
4438 l2cap_chan_unlock(chan);
4440 l2cap_chan_lock(chan);
4441 l2cap_chan_del(chan, ECONNRESET);
4444 chan->ops->close(chan);
4446 l2cap_chan_unlock(chan);
4447 l2cap_chan_put(chan);
4458 struct l2cap_chan *chan;
4468 chan = l2cap_get_chan_by_scid(conn, scid);
4469 if (!chan) {
4473 if (chan->state != BT_DISCONN) {
4474 l2cap_chan_unlock(chan);
4475 l2cap_chan_put(chan);
4479 l2cap_chan_unlock(chan);
4481 l2cap_chan_lock(chan);
4482 l2cap_chan_del(chan, 0);
4485 chan->ops->close(chan);
4487 l2cap_chan_unlock(chan);
4488 l2cap_chan_put(chan);
4667 struct l2cap_chan *chan;
4689 chan = __l2cap_get_chan_by_ident(conn, cmd->ident);
4690 if (!chan) {
4697 l2cap_chan_lock(chan);
4706 chan->ident = 0;
4707 chan->dcid = dcid;
4708 chan->omtu = mtu;
4709 chan->remote_mps = mps;
4710 chan->tx_credits = credits;
4711 l2cap_chan_ready(chan);
4720 l2cap_chan_del(chan, ECONNREFUSED);
4725 if (chan->sec_level < sec_level)
4726 chan->sec_level = sec_level;
4729 clear_bit(FLAG_LE_CONN_REQ_SENT, &chan->flags);
4731 smp_conn_security(hcon, chan->sec_level);
4735 l2cap_chan_del(chan, ECONNREFUSED);
4739 l2cap_chan_unlock(chan);
4812 struct l2cap_chan *chan, *pchan;
4842 chan = NULL;
4851 chan = NULL;
4861 chan = NULL;
4868 chan = NULL;
4875 chan = NULL;
4879 chan = pchan->ops->new_connection(pchan);
4880 if (!chan) {
4885 bacpy(&chan->src, &conn->hcon->src);
4886 bacpy(&chan->dst, &conn->hcon->dst);
4887 chan->src_type = bdaddr_src_type(conn->hcon);
4888 chan->dst_type = bdaddr_dst_type(conn->hcon);
4889 chan->psm = psm;
4890 chan->dcid = scid;
4891 chan->omtu = mtu;
4892 chan->remote_mps = mps;
4894 __l2cap_chan_add(conn, chan);
4896 l2cap_le_flowctl_init(chan, __le16_to_cpu(req->credits));
4898 dcid = chan->scid;
4899 credits = chan->rx_credits;
4901 __set_chan_timer(chan, chan->ops->get_sndtimeo(chan));
4903 chan->ident = cmd->ident;
4905 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) {
4906 l2cap_state_change(chan, BT_CONNECT2);
4913 chan->ops->defer(chan);
4915 l2cap_chan_ready(chan);
4928 if (chan) {
4929 rsp.mtu = cpu_to_le16(chan->imtu);
4930 rsp.mps = cpu_to_le16(chan->mps);
4950 struct l2cap_chan *chan;
4962 chan = l2cap_get_chan_by_dcid(conn, cid);
4963 if (!chan)
4966 max_credits = LE_FLOWCTL_MAX_CREDITS - chan->tx_credits;
4969 l2cap_send_disconn_req(chan, ECONNRESET);
4977 chan->tx_credits += credits;
4980 l2cap_le_flowctl_send(chan);
4982 if (chan->tx_credits)
4983 chan->ops->resume(chan);
4986 l2cap_chan_unlock(chan);
4987 l2cap_chan_put(chan);
5001 struct l2cap_chan *chan, *pchan;
5089 chan = pchan->ops->new_connection(pchan);
5090 if (!chan) {
5095 bacpy(&chan->src, &conn->hcon->src);
5096 bacpy(&chan->dst, &conn->hcon->dst);
5097 chan->src_type = bdaddr_src_type(conn->hcon);
5098 chan->dst_type = bdaddr_dst_type(conn->hcon);
5099 chan->psm = psm;
5100 chan->dcid = scid;
5101 chan->omtu = mtu;
5102 chan->remote_mps = mps;
5104 __l2cap_chan_add(conn, chan);
5106 l2cap_ecred_init(chan, __le16_to_cpu(req->credits));
5110 pdu.rsp.mtu = cpu_to_le16(chan->imtu);
5111 pdu.rsp.mps = cpu_to_le16(chan->mps);
5112 pdu.rsp.credits = cpu_to_le16(chan->rx_credits);
5115 pdu.dcid[i] = cpu_to_le16(chan->scid);
5117 __set_chan_timer(chan, chan->ops->get_sndtimeo(chan));
5119 chan->ident = cmd->ident;
5120 chan->mode = L2CAP_MODE_EXT_FLOWCTL;
5122 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) {
5123 l2cap_state_change(chan, BT_CONNECT2);
5125 chan->ops->defer(chan);
5127 l2cap_chan_ready(chan);
5155 struct l2cap_chan *chan, *tmp;
5174 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) {
5177 if (chan->ident != cmd->ident ||
5178 chan->mode != L2CAP_MODE_EXT_FLOWCTL ||
5179 chan->state == BT_CONNECTED)
5182 l2cap_chan_lock(chan);
5186 l2cap_chan_del(chan, ECONNREFUSED);
5187 l2cap_chan_unlock(chan);
5204 l2cap_chan_del(chan, ECONNREFUSED);
5205 l2cap_chan_unlock(chan);
5206 chan = __l2cap_get_chan_by_dcid(conn, dcid);
5207 l2cap_chan_lock(chan);
5208 l2cap_chan_del(chan, ECONNRESET);
5209 l2cap_chan_unlock(chan);
5220 l2cap_chan_del(chan, ECONNREFUSED);
5225 if (chan->sec_level < sec_level)
5226 chan->sec_level = sec_level;
5229 clear_bit(FLAG_ECRED_CONN_REQ_SENT, &chan->flags);
5231 smp_conn_security(hcon, chan->sec_level);
5235 l2cap_chan_del(chan, ECONNREFUSED);
5241 l2cap_chan_del(chan, ECONNREFUSED);
5245 chan->ident = 0;
5246 chan->dcid = dcid;
5247 chan->omtu = mtu;
5248 chan->remote_mps = mps;
5249 chan->tx_credits = credits;
5250 l2cap_chan_ready(chan);
5254 l2cap_chan_unlock(chan);
5269 struct l2cap_chan *chan;
5306 chan = __l2cap_get_chan_by_dcid(conn, scid);
5307 if (!chan)
5314 if (chan->omtu > mtu) {
5315 BT_ERR("chan %p decreased MTU %u -> %u", chan,
5316 chan->omtu, mtu);
5320 chan->omtu = mtu;
5321 chan->remote_mps = mps;
5337 struct l2cap_chan *chan, *tmp;
5351 list_for_each_entry_safe(chan, tmp, &conn->chan_l, list) {
5352 if (chan->ident != cmd->ident)
5355 l2cap_chan_del(chan, ECONNRESET);
5366 struct l2cap_chan *chan;
5373 chan = __l2cap_get_chan_by_ident(conn, cmd->ident);
5374 if (!chan)
5377 chan = l2cap_chan_hold_unless_zero(chan);
5378 if (!chan)
5381 l2cap_chan_lock(chan);
5382 l2cap_chan_del(chan, ECONNREFUSED);
5383 l2cap_chan_unlock(chan);
5384 l2cap_chan_put(chan);
5551 static int l2cap_check_fcs(struct l2cap_chan *chan, struct sk_buff *skb)
5556 if (test_bit(FLAG_EXT_CTRL, &chan->flags))
5561 if (chan->fcs == L2CAP_FCS_CRC16) {
5572 static void l2cap_send_i_or_rr_or_rnr(struct l2cap_chan *chan)
5576 BT_DBG("chan %p", chan);
5581 control.reqseq = chan->buffer_seq;
5582 set_bit(CONN_SEND_FBIT, &chan->conn_state);
5584 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
5586 l2cap_send_sframe(chan, &control);
5589 if (test_and_clear_bit(CONN_REMOTE_BUSY, &chan->conn_state) &&
5590 chan->unacked_frames > 0)
5591 __set_retrans_timer(chan);
5594 l2cap_ertm_send(chan);
5596 if (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state) &&
5597 test_bit(CONN_SEND_FBIT, &chan->conn_state)) {
5602 l2cap_send_sframe(chan, &control);
5625 static int l2cap_reassemble_sdu(struct l2cap_chan *chan, struct sk_buff *skb,
5632 if (chan->sdu)
5635 err = chan->ops->recv(chan, skb);
5639 if (chan->sdu)
5645 chan->sdu_len = get_unaligned_le16(skb->data);
5648 if (chan->sdu_len > chan->imtu) {
5653 if (skb->len >= chan->sdu_len)
5656 chan->sdu = skb;
5657 chan->sdu_last_frag = skb;
5664 if (!chan->sdu)
5667 append_skb_frag(chan->sdu, skb,
5668 &chan->sdu_last_frag);
5671 if (chan->sdu->len >= chan->sdu_len)
5678 if (!chan->sdu)
5681 append_skb_frag(chan->sdu, skb,
5682 &chan->sdu_last_frag);
5685 if (chan->sdu->len != chan->sdu_len)
5688 err = chan->ops->recv(chan, chan->sdu);
5692 chan->sdu = NULL;
5693 chan->sdu_last_frag = NULL;
5694 chan->sdu_len = 0;
5701 kfree_skb(chan->sdu);
5702 chan->sdu = NULL;
5703 chan->sdu_last_frag = NULL;
5704 chan->sdu_len = 0;
5710 static int l2cap_resegment(struct l2cap_chan *chan)
5716 void l2cap_chan_busy(struct l2cap_chan *chan, int busy)
5720 if (chan->mode != L2CAP_MODE_ERTM)
5724 l2cap_tx(chan, NULL, NULL, event);
5727 static int l2cap_rx_queued_iframes(struct l2cap_chan *chan)
5734 BT_DBG("chan %p", chan);
5736 while (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
5739 chan->buffer_seq, skb_queue_len(&chan->srej_q));
5741 skb = l2cap_ertm_seq_in_queue(&chan->srej_q, chan->buffer_seq);
5746 skb_unlink(skb, &chan->srej_q);
5747 chan->buffer_seq = __next_seq(chan, chan->buffer_seq);
5748 err = l2cap_reassemble_sdu(chan, skb, &bt_cb(skb)->l2cap);
5753 if (skb_queue_empty(&chan->srej_q)) {
5754 chan->rx_state = L2CAP_RX_STATE_RECV;
5755 l2cap_send_ack(chan);
5761 static void l2cap_handle_srej(struct l2cap_chan *chan,
5766 BT_DBG("chan %p, control %p", chan, control);
5768 if (control->reqseq == chan->next_tx_seq) {
5770 l2cap_send_disconn_req(chan, ECONNRESET);
5774 skb = l2cap_ertm_seq_in_queue(&chan->tx_q, control->reqseq);
5782 if (chan->max_tx != 0 && bt_cb(skb)->l2cap.retries >= chan->max_tx) {
5783 BT_DBG("Retry limit exceeded (%d)", chan->max_tx);
5784 l2cap_send_disconn_req(chan, ECONNRESET);
5788 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
5791 l2cap_pass_to_tx(chan, control);
5793 set_bit(CONN_SEND_FBIT, &chan->conn_state);
5794 l2cap_retransmit(chan, control);
5795 l2cap_ertm_send(chan);
5797 if (chan->tx_state == L2CAP_TX_STATE_WAIT_F) {
5798 set_bit(CONN_SREJ_ACT, &chan->conn_state);
5799 chan->srej_save_reqseq = control->reqseq;
5802 l2cap_pass_to_tx_fbit(chan, control);
5805 if (chan->srej_save_reqseq != control->reqseq ||
5807 &chan->conn_state))
5808 l2cap_retransmit(chan, control);
5810 l2cap_retransmit(chan, control);
5811 if (chan->tx_state == L2CAP_TX_STATE_WAIT_F) {
5812 set_bit(CONN_SREJ_ACT, &chan->conn_state);
5813 chan->srej_save_reqseq = control->reqseq;
5819 static void l2cap_handle_rej(struct l2cap_chan *chan,
5824 BT_DBG("chan %p, control %p", chan, control);
5826 if (control->reqseq == chan->next_tx_seq) {
5828 l2cap_send_disconn_req(chan, ECONNRESET);
5832 skb = l2cap_ertm_seq_in_queue(&chan->tx_q, control->reqseq);
5834 if (chan->max_tx && skb &&
5835 bt_cb(skb)->l2cap.retries >= chan->max_tx) {
5836 BT_DBG("Retry limit exceeded (%d)", chan->max_tx);
5837 l2cap_send_disconn_req(chan, ECONNRESET);
5841 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
5843 l2cap_pass_to_tx(chan, control);
5846 if (!test_and_clear_bit(CONN_REJ_ACT, &chan->conn_state))
5847 l2cap_retransmit_all(chan, control);
5849 l2cap_retransmit_all(chan, control);
5850 l2cap_ertm_send(chan);
5851 if (chan->tx_state == L2CAP_TX_STATE_WAIT_F)
5852 set_bit(CONN_REJ_ACT, &chan->conn_state);
5856 static u8 l2cap_classify_txseq(struct l2cap_chan *chan, u16 txseq)
5858 BT_DBG("chan %p, txseq %d", chan, txseq);
5860 BT_DBG("last_acked_seq %d, expected_tx_seq %d", chan->last_acked_seq,
5861 chan->expected_tx_seq);
5863 if (chan->rx_state == L2CAP_RX_STATE_SREJ_SENT) {
5864 if (__seq_offset(chan, txseq, chan->last_acked_seq) >=
5865 chan->tx_win) {
5869 if (chan->tx_win <= ((chan->tx_win_max + 1) >> 1)) {
5878 if (chan->srej_list.head == txseq) {
5883 if (l2cap_ertm_seq_in_queue(&chan->srej_q, txseq)) {
5888 if (l2cap_seq_list_contains(&chan->srej_list, txseq)) {
5894 if (chan->expected_tx_seq == txseq) {
5895 if (__seq_offset(chan, txseq, chan->last_acked_seq) >=
5896 chan->tx_win) {
5905 if (__seq_offset(chan, txseq, chan->last_acked_seq) <
5906 __seq_offset(chan, chan->expected_tx_seq, chan->last_acked_seq)) {
5911 if (__seq_offset(chan, txseq, chan->last_acked_seq) >= chan->tx_win) {
5929 if (chan->tx_win <= ((chan->tx_win_max + 1) >> 1)) {
5942 static int l2cap_rx_state_recv(struct l2cap_chan *chan,
5950 BT_DBG("chan %p, control %p, skb %p, event %d", chan, control, skb,
5955 switch (l2cap_classify_txseq(chan, control->txseq)) {
5957 l2cap_pass_to_tx(chan, control);
5959 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
5965 chan->expected_tx_seq = __next_seq(chan,
5968 chan->buffer_seq = chan->expected_tx_seq;
5978 * chan->ops->recv == l2cap_sock_recv_cb
5988 err = l2cap_reassemble_sdu(chan, skb, control);
5994 &chan->conn_state)) {
5996 l2cap_retransmit_all(chan, &local_control);
5997 l2cap_ertm_send(chan);
6001 if (!test_bit(CONN_LOCAL_BUSY, &chan->conn_state))
6002 l2cap_send_ack(chan);
6005 l2cap_pass_to_tx(chan, control);
6011 if (test_bit(CONN_LOCAL_BUSY, &chan->conn_state)) {
6021 skb_queue_tail(&chan->srej_q, skb);
6024 skb_queue_len(&chan->srej_q));
6026 clear_bit(CONN_SREJ_ACT, &chan->conn_state);
6027 l2cap_seq_list_clear(&chan->srej_list);
6028 l2cap_send_srej(chan, control->txseq);
6030 chan->rx_state = L2CAP_RX_STATE_SREJ_SENT;
6033 l2cap_pass_to_tx(chan, control);
6039 l2cap_send_disconn_req(chan, ECONNRESET);
6044 l2cap_pass_to_tx(chan, control);
6046 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
6049 &chan->conn_state)) {
6051 l2cap_retransmit_all(chan, control);
6054 l2cap_ertm_send(chan);
6056 l2cap_send_i_or_rr_or_rnr(chan);
6059 &chan->conn_state) &&
6060 chan->unacked_frames)
6061 __set_retrans_timer(chan);
6063 l2cap_ertm_send(chan);
6067 set_bit(CONN_REMOTE_BUSY, &chan->conn_state);
6068 l2cap_pass_to_tx(chan, control);
6070 set_bit(CONN_SEND_FBIT, &chan->conn_state);
6071 l2cap_send_rr_or_rnr(chan, 0);
6073 __clear_retrans_timer(chan);
6074 l2cap_seq_list_clear(&chan->retrans_list);
6077 l2cap_handle_rej(chan, control);
6080 l2cap_handle_srej(chan, control);
6094 static int l2cap_rx_state_srej_sent(struct l2cap_chan *chan,
6102 BT_DBG("chan %p, control %p, skb %p, event %d", chan, control, skb,
6107 switch (l2cap_classify_txseq(chan, txseq)) {
6110 l2cap_pass_to_tx(chan, control);
6111 skb_queue_tail(&chan->srej_q, skb);
6114 skb_queue_len(&chan->srej_q));
6116 chan->expected_tx_seq = __next_seq(chan, txseq);
6119 l2cap_seq_list_pop(&chan->srej_list);
6121 l2cap_pass_to_tx(chan, control);
6122 skb_queue_tail(&chan->srej_q, skb);
6125 skb_queue_len(&chan->srej_q));
6127 err = l2cap_rx_queued_iframes(chan);
6137 skb_queue_tail(&chan->srej_q, skb);
6140 skb_queue_len(&chan->srej_q));
6142 l2cap_pass_to_tx(chan, control);
6143 l2cap_send_srej(chan, control->txseq);
6151 skb_queue_tail(&chan->srej_q, skb);
6154 skb_queue_len(&chan->srej_q));
6156 l2cap_pass_to_tx(chan, control);
6157 l2cap_send_srej_list(chan, control->txseq);
6161 l2cap_pass_to_tx(chan, control);
6172 l2cap_send_disconn_req(chan, ECONNRESET);
6177 l2cap_pass_to_tx(chan, control);
6179 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
6182 &chan->conn_state)) {
6184 l2cap_retransmit_all(chan, control);
6187 l2cap_ertm_send(chan);
6190 &chan->conn_state) &&
6191 chan->unacked_frames) {
6192 __set_retrans_timer(chan);
6195 set_bit(CONN_SEND_FBIT, &chan->conn_state);
6196 l2cap_send_srej_tail(chan);
6199 &chan->conn_state) &&
6200 chan->unacked_frames)
6201 __set_retrans_timer(chan);
6203 l2cap_send_ack(chan);
6207 set_bit(CONN_REMOTE_BUSY, &chan->conn_state);
6208 l2cap_pass_to_tx(chan, control);
6210 l2cap_send_srej_tail(chan);
6216 rr_control.reqseq = chan->buffer_seq;
6217 l2cap_send_sframe(chan, &rr_control);
6222 l2cap_handle_rej(chan, control);
6225 l2cap_handle_srej(chan, control);
6237 static int l2cap_finish_move(struct l2cap_chan *chan)
6239 BT_DBG("chan %p", chan);
6241 chan->rx_state = L2CAP_RX_STATE_RECV;
6242 chan->conn->mtu = chan->conn->hcon->hdev->acl_mtu;
6244 return l2cap_resegment(chan);
6247 static int l2cap_rx_state_wait_p(struct l2cap_chan *chan,
6253 BT_DBG("chan %p, control %p, skb %p, event %d", chan, control, skb,
6259 l2cap_process_reqseq(chan, control->reqseq);
6261 if (!skb_queue_empty(&chan->tx_q))
6262 chan->tx_send_head = skb_peek(&chan->tx_q);
6264 chan->tx_send_head = NULL;
6269 chan->next_tx_seq = control->reqseq;
6270 chan->unacked_frames = 0;
6272 err = l2cap_finish_move(chan);
6276 set_bit(CONN_SEND_FBIT, &chan->conn_state);
6277 l2cap_send_i_or_rr_or_rnr(chan);
6282 return l2cap_rx_state_recv(chan, control, NULL, event);
6285 static int l2cap_rx_state_wait_f(struct l2cap_chan *chan,
6294 clear_bit(CONN_REMOTE_BUSY, &chan->conn_state);
6296 chan->rx_state = L2CAP_RX_STATE_RECV;
6297 l2cap_process_reqseq(chan, control->reqseq);
6299 if (!skb_queue_empty(&chan->tx_q))
6300 chan->tx_send_head = skb_peek(&chan->tx_q);
6302 chan->tx_send_head = NULL;
6307 chan->next_tx_seq = control->reqseq;
6308 chan->unacked_frames = 0;
6309 chan->conn->mtu = chan->conn->hcon->hdev->acl_mtu;
6311 err = l2cap_resegment(chan);
6314 err = l2cap_rx_state_recv(chan, control, skb, event);
6319 static bool __valid_reqseq(struct l2cap_chan *chan, u16 reqseq)
6324 unacked = __seq_offset(chan, chan->next_tx_seq, chan->expected_ack_seq);
6325 return __seq_offset(chan, chan->next_tx_seq, reqseq) <= unacked;
6328 static int l2cap_rx(struct l2cap_chan *chan, struct l2cap_ctrl *control,
6333 BT_DBG("chan %p, control %p, skb %p, event %d, state %d", chan,
6334 control, skb, event, chan->rx_state);
6336 if (__valid_reqseq(chan, control->reqseq)) {
6337 switch (chan->rx_state) {
6339 err = l2cap_rx_state_recv(chan, control, skb, event);
6342 err = l2cap_rx_state_srej_sent(chan, control, skb,
6346 err = l2cap_rx_state_wait_p(chan, control, skb, event);
6349 err = l2cap_rx_state_wait_f(chan, control, skb, event);
6357 control->reqseq, chan->next_tx_seq,
6358 chan->expected_ack_seq);
6359 l2cap_send_disconn_req(chan, ECONNRESET);
6365 static int l2cap_stream_rx(struct l2cap_chan *chan, struct l2cap_ctrl *control,
6374 * chan->ops->recv == l2cap_sock_recv_cb
6385 BT_DBG("chan %p, control %p, skb %p, state %d", chan, control, skb,
6386 chan->rx_state);
6388 if (l2cap_classify_txseq(chan, txseq) == L2CAP_TXSEQ_EXPECTED) {
6389 l2cap_pass_to_tx(chan, control);
6391 BT_DBG("buffer_seq %u->%u", chan->buffer_seq,
6392 __next_seq(chan, chan->buffer_seq));
6394 chan->buffer_seq = __next_seq(chan, chan->buffer_seq);
6396 l2cap_reassemble_sdu(chan, skb, control);
6398 if (chan->sdu) {
6399 kfree_skb(chan->sdu);
6400 chan->sdu = NULL;
6402 chan->sdu_last_frag = NULL;
6403 chan->sdu_len = 0;
6411 chan->last_acked_seq = txseq;
6412 chan->expected_tx_seq = __next_seq(chan, txseq);
6417 static int l2cap_data_rcv(struct l2cap_chan *chan, struct sk_buff *skb)
6423 __unpack_control(chan, skb);
6432 if (l2cap_check_fcs(chan, skb))
6438 if (chan->fcs == L2CAP_FCS_CRC16)
6441 if (len > chan->mps) {
6442 l2cap_send_disconn_req(chan, ECONNRESET);
6446 if (chan->ops->filter) {
6447 if (chan->ops->filter(chan, skb))
6461 if (control->final && chan->tx_state != L2CAP_TX_STATE_WAIT_F)
6464 if (chan->mode != L2CAP_MODE_STREAMING) {
6466 err = l2cap_rx(chan, control, skb, event);
6468 err = l2cap_stream_rx(chan, control, skb);
6472 l2cap_send_disconn_req(chan, ECONNRESET);
6480 if (chan->mode == L2CAP_MODE_STREAMING)
6489 l2cap_send_disconn_req(chan, ECONNRESET);
6495 chan->tx_state != L2CAP_TX_STATE_WAIT_F))
6499 if (l2cap_rx(chan, control, skb, event))
6500 l2cap_send_disconn_req(chan, ECONNRESET);
6510 static void l2cap_chan_le_send_credits(struct l2cap_chan *chan)
6512 struct l2cap_conn *conn = chan->conn;
6516 return_credits = (chan->imtu / chan->mps) + 1;
6518 if (chan->rx_credits >= return_credits)
6521 return_credits -= chan->rx_credits;
6523 BT_DBG("chan %p returning %u credits to sender", chan, return_credits);
6525 chan->rx_credits += return_credits;
6527 pkt.cid = cpu_to_le16(chan->scid);
6530 chan->ident = l2cap_get_ident(conn);
6532 l2cap_send_cmd(conn, chan->ident, L2CAP_LE_CREDITS, sizeof(pkt), &pkt);
6535 static int l2cap_ecred_recv(struct l2cap_chan *chan, struct sk_buff *skb)
6539 BT_DBG("SDU reassemble complete: chan %p skb->len %u", chan, skb->len);
6542 err = chan->ops->recv(chan, skb);
6545 l2cap_chan_le_send_credits(chan);
6550 static int l2cap_ecred_data_rcv(struct l2cap_chan *chan, struct sk_buff *skb)
6554 if (!chan->rx_credits) {
6556 l2cap_send_disconn_req(chan, ECONNRESET);
6560 if (chan->imtu < skb->len) {
6565 chan->rx_credits--;
6566 BT_DBG("rx_credits %u -> %u", chan->rx_credits + 1, chan->rx_credits);
6571 if (!chan->rx_credits)
6572 l2cap_chan_le_send_credits(chan);
6576 if (!chan->sdu) {
6583 sdu_len, skb->len, chan->imtu);
6585 if (sdu_len > chan->imtu) {
6598 return l2cap_ecred_recv(chan, skb);
6600 chan->sdu = skb;
6601 chan->sdu_len = sdu_len;
6602 chan->sdu_last_frag = skb;
6605 if (skb->len + L2CAP_SDULEN_SIZE < chan->mps) {
6609 BT_DBG("chan->mps %u -> %u", chan->mps, mps_len);
6610 chan->mps = mps_len;
6611 l2cap_chan_le_send_credits(chan);
6617 BT_DBG("SDU fragment. chan->sdu->len %u skb->len %u chan->sdu_len %u",
6618 chan->sdu->len, skb->len, chan->sdu_len);
6620 if (chan->sdu->len + skb->len > chan->sdu_len) {
6626 append_skb_frag(chan->sdu, skb, &chan->sdu_last_frag);
6629 if (chan->sdu->len == chan->sdu_len) {
6630 err = l2cap_ecred_recv(chan, chan->sdu);
6632 chan->sdu = NULL;
6633 chan->sdu_last_frag = NULL;
6634 chan->sdu_len = 0;
6641 kfree_skb(chan->sdu);
6642 chan->sdu = NULL;
6643 chan->sdu_last_frag = NULL;
6644 chan->sdu_len = 0;
6657 struct l2cap_chan *chan;
6659 chan = l2cap_get_chan_by_scid(conn, cid);
6660 if (!chan) {
6667 BT_DBG("chan %p, len %d", chan, skb->len);
6673 if (chan->chan_type == L2CAP_CHAN_FIXED)
6674 l2cap_chan_ready(chan);
6676 if (chan->state != BT_CONNECTED)
6679 switch (chan->mode) {
6682 if (l2cap_ecred_data_rcv(chan, skb) < 0)
6693 if (chan->imtu < skb->len) {
6698 if (!chan->ops->recv(chan, skb))
6704 l2cap_data_rcv(chan, skb);
6708 BT_DBG("chan %p: bad mode 0x%2.2x", chan, chan->mode);
6716 l2cap_chan_unlock(chan);
6717 l2cap_chan_put(chan);
6724 struct l2cap_chan *chan;
6729 chan = l2cap_global_chan_by_psm(0, psm, &hcon->src, &hcon->dst,
6731 if (!chan)
6734 BT_DBG("chan %p, len %d", chan, skb->len);
6736 if (chan->state != BT_BOUND && chan->state != BT_CONNECTED)
6739 if (chan->imtu < skb->len)
6746 if (!chan->ops->recv(chan, skb)) {
6747 l2cap_chan_put(chan);
6752 l2cap_chan_put(chan);
6900 struct l2cap_chan *chan;
6905 static void l2cap_chan_by_pid(struct l2cap_chan *chan, void *data)
6910 if (chan == d->chan)
6913 if (!test_bit(FLAG_DEFER_SETUP, &chan->flags))
6916 pid = chan->ops->get_peer_pid(chan);
6919 if (d->pid != pid || chan->psm != d->chan->psm || chan->ident ||
6920 chan->mode != L2CAP_MODE_EXT_FLOWCTL || chan->state != BT_CONNECT)
6926 int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid,
6934 BT_DBG("%pMR -> %pMR (type %u) psm 0x%4.4x mode 0x%2.2x", &chan->src,
6935 dst, dst_type, __le16_to_cpu(psm), chan->mode);
6937 hdev = hci_get_route(dst, &chan->src, chan->src_type);
6944 chan->chan_type != L2CAP_CHAN_RAW) {
6949 if (chan->chan_type == L2CAP_CHAN_CONN_ORIENTED && !psm) {
6954 if (chan->chan_type == L2CAP_CHAN_FIXED && !cid) {
6959 switch (chan->mode) {
6980 switch (chan->state) {
7004 bacpy(&chan->dst, dst);
7005 chan->dst_type = dst_type;
7007 chan->psm = psm;
7008 chan->dcid = cid;
7020 chan->sec_level, timeout,
7024 chan->sec_level, timeout,
7028 u8 auth_type = l2cap_get_auth_type(chan);
7029 hcon = hci_connect_acl(hdev, dst, chan->sec_level, auth_type,
7045 if (chan->mode == L2CAP_MODE_EXT_FLOWCTL) {
7048 data.chan = chan;
7049 data.pid = chan->ops->get_peer_pid(chan);
7063 l2cap_chan_lock(chan);
7072 bacpy(&chan->src, &hcon->src);
7073 chan->src_type = bdaddr_src_type(hcon);
7075 __l2cap_chan_add(conn, chan);
7080 l2cap_state_change(chan, BT_CONNECT);
7081 __set_chan_timer(chan, chan->ops->get_sndtimeo(chan));
7083 /* Release chan->sport so that it can be reused by other
7087 chan->sport = 0;
7091 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED) {
7092 __clear_chan_timer(chan);
7093 if (l2cap_chan_check_security(chan, true))
7094 l2cap_state_change(chan, BT_CONNECTED);
7096 l2cap_do_start(chan);
7102 l2cap_chan_unlock(chan);
7111 static void l2cap_ecred_reconfigure(struct l2cap_chan *chan)
7113 struct l2cap_conn *conn = chan->conn;
7119 pdu.req.mtu = cpu_to_le16(chan->imtu);
7120 pdu.req.mps = cpu_to_le16(chan->mps);
7121 pdu.scid = cpu_to_le16(chan->scid);
7123 chan->ident = l2cap_get_ident(conn);
7125 l2cap_send_cmd(conn, chan->ident, L2CAP_ECRED_RECONF_REQ,
7129 int l2cap_chan_reconfigure(struct l2cap_chan *chan, __u16 mtu)
7131 if (chan->imtu > mtu)
7134 BT_DBG("chan %p mtu 0x%4.4x", chan, mtu);
7136 chan->imtu = mtu;
7138 l2cap_ecred_reconfigure(chan);
7244 struct l2cap_chan *chan, *next;
7251 chan = pchan->ops->new_connection(pchan);
7252 if (chan) {
7253 bacpy(&chan->src, &hcon->src);
7254 bacpy(&chan->dst, &hcon->dst);
7255 chan->src_type = bdaddr_src_type(hcon);
7256 chan->dst_type = dst_type;
7258 __l2cap_chan_add(conn, chan);
7292 static inline void l2cap_check_encryption(struct l2cap_chan *chan, u8 encrypt)
7294 if (chan->chan_type != L2CAP_CHAN_CONN_ORIENTED)
7298 if (chan->sec_level == BT_SECURITY_MEDIUM) {
7299 __set_chan_timer(chan, L2CAP_ENC_TIMEOUT);
7300 } else if (chan->sec_level == BT_SECURITY_HIGH ||
7301 chan->sec_level == BT_SECURITY_FIPS)
7302 l2cap_chan_close(chan, ECONNREFUSED);
7304 if (chan->sec_level == BT_SECURITY_MEDIUM)
7305 __clear_chan_timer(chan);
7312 struct l2cap_chan *chan;
7321 list_for_each_entry(chan, &conn->chan_l, list) {
7322 l2cap_chan_lock(chan);
7324 BT_DBG("chan %p scid 0x%4.4x state %s", chan, chan->scid,
7325 state_to_string(chan->state));
7328 chan->sec_level = hcon->sec_level;
7330 if (!__l2cap_no_conn_pending(chan)) {
7331 l2cap_chan_unlock(chan);
7335 if (!status && (chan->state == BT_CONNECTED ||
7336 chan->state == BT_CONFIG)) {
7337 chan->ops->resume(chan);
7338 l2cap_check_encryption(chan, encrypt);
7339 l2cap_chan_unlock(chan);
7343 if (chan->state == BT_CONNECT) {
7345 l2cap_start_connection(chan);
7347 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
7348 } else if (chan->state == BT_CONNECT2 &&
7349 !(chan->mode == L2CAP_MODE_EXT_FLOWCTL ||
7350 chan->mode == L2CAP_MODE_LE_FLOWCTL)) {
7355 if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) {
7358 chan->ops->defer(chan);
7360 l2cap_state_change(chan, BT_CONFIG);
7365 l2cap_state_change(chan, BT_DISCONN);
7366 __set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
7371 rsp.scid = cpu_to_le16(chan->dcid);
7372 rsp.dcid = cpu_to_le16(chan->scid);
7375 l2cap_send_cmd(conn, chan->ident, L2CAP_CONN_RSP,
7378 if (!test_bit(CONF_REQ_SENT, &chan->conf_state) &&
7381 set_bit(CONF_REQ_SENT, &chan->conf_state);
7384 l2cap_build_conf_req(chan, buf, sizeof(buf)),
7386 chan->num_conf_req++;
7390 l2cap_chan_unlock(chan);