2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
27 * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $
30 #include <linux/module.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/sched.h>
34 #include <linux/signal.h>
35 #include <linux/init.h>
36 #include <linux/wait.h>
37 #include <linux/device.h>
38 #include <linux/net.h>
39 #include <linux/mutex.h>
42 #include <asm/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
47 #include <net/bluetooth/l2cap.h>
48 #include <net/bluetooth/rfcomm.h>
50 #ifndef CONFIG_BT_RFCOMM_DEBUG
57 static int disable_cfc = 0;
58 static int channel_mtu = -1;
59 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
61 static struct task_struct *rfcomm_thread;
63 static DEFINE_MUTEX(rfcomm_mutex);
64 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
65 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
67 static unsigned long rfcomm_event;
69 static LIST_HEAD(session_list);
70 static atomic_t terminate, running;
72 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
73 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
74 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
75 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
76 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
77 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
78 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
79 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
80 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
81 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
83 static void rfcomm_process_connect(struct rfcomm_session *s);
85 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
86 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
87 static void rfcomm_session_del(struct rfcomm_session *s);
89 /* ---- RFCOMM frame parsing macros ---- */
90 #define __get_dlci(b) ((b & 0xfc) >> 2)
91 #define __get_channel(b) ((b & 0xf8) >> 3)
92 #define __get_dir(b) ((b & 0x04) >> 2)
93 #define __get_type(b) ((b & 0xef))
95 #define __test_ea(b) ((b & 0x01))
96 #define __test_cr(b) ((b & 0x02))
97 #define __test_pf(b) ((b & 0x10))
99 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
100 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
101 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
102 #define __srv_channel(dlci) (dlci >> 1)
103 #define __dir(dlci) (dlci & 0x01)
105 #define __len8(len) (((len) << 1) | 1)
106 #define __len16(len) ((len) << 1)
109 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
110 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
111 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
114 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
115 #define __get_rpn_data_bits(line) ((line) & 0x3)
116 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
117 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
119 static inline void rfcomm_schedule(uint event)
123 //set_bit(event, &rfcomm_event);
124 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
125 wake_up_process(rfcomm_thread);
128 static inline void rfcomm_session_put(struct rfcomm_session *s)
130 if (atomic_dec_and_test(&s->refcnt))
131 rfcomm_session_del(s);
134 /* ---- RFCOMM FCS computation ---- */
136 /* reversed, 8-bit, poly=0x07 */
137 static unsigned char rfcomm_crc_table[256] = {
138 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
139 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
140 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
141 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
143 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
144 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
145 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
146 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
148 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
149 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
150 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
151 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
153 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
154 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
155 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
156 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
158 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
159 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
160 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
161 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
163 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
164 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
165 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
166 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
168 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
169 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
170 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
171 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
173 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
174 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
175 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
176 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
180 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
183 static inline u8 __fcs(u8 *data)
185 return (0xff - __crc(data));
189 static inline u8 __fcs2(u8 *data)
191 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
195 static inline int __check_fcs(u8 *data, int type, u8 fcs)
199 if (type != RFCOMM_UIH)
200 f = rfcomm_crc_table[f ^ data[2]];
202 return rfcomm_crc_table[f ^ fcs] != 0xcf;
205 /* ---- L2CAP callbacks ---- */
206 static void rfcomm_l2state_change(struct sock *sk)
208 BT_DBG("%p state %d", sk, sk->sk_state);
209 rfcomm_schedule(RFCOMM_SCHED_STATE);
212 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
214 BT_DBG("%p bytes %d", sk, bytes);
215 rfcomm_schedule(RFCOMM_SCHED_RX);
218 static int rfcomm_l2sock_create(struct socket **sock)
224 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
226 struct sock *sk = (*sock)->sk;
227 sk->sk_data_ready = rfcomm_l2data_ready;
228 sk->sk_state_change = rfcomm_l2state_change;
233 /* ---- RFCOMM DLCs ---- */
234 static void rfcomm_dlc_timeout(unsigned long arg)
236 struct rfcomm_dlc *d = (void *) arg;
238 BT_DBG("dlc %p state %ld", d, d->state);
240 set_bit(RFCOMM_TIMED_OUT, &d->flags);
242 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
245 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
247 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
249 if (!mod_timer(&d->timer, jiffies + timeout))
253 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
255 BT_DBG("dlc %p state %ld", d, d->state);
257 if (timer_pending(&d->timer) && del_timer(&d->timer))
261 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
268 d->mtu = RFCOMM_DEFAULT_MTU;
269 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
271 d->cfc = RFCOMM_CFC_DISABLED;
272 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
275 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
277 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
282 init_timer(&d->timer);
283 d->timer.function = rfcomm_dlc_timeout;
284 d->timer.data = (unsigned long) d;
286 skb_queue_head_init(&d->tx_queue);
287 spin_lock_init(&d->lock);
288 atomic_set(&d->refcnt, 1);
290 rfcomm_dlc_clear_state(d);
297 void rfcomm_dlc_free(struct rfcomm_dlc *d)
301 skb_queue_purge(&d->tx_queue);
305 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
307 BT_DBG("dlc %p session %p", d, s);
309 rfcomm_session_hold(s);
312 list_add(&d->list, &s->dlcs);
316 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
318 struct rfcomm_session *s = d->session;
320 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
326 rfcomm_session_put(s);
329 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
331 struct rfcomm_dlc *d;
334 list_for_each(p, &s->dlcs) {
335 d = list_entry(p, struct rfcomm_dlc, list);
342 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
344 struct rfcomm_session *s;
348 BT_DBG("dlc %p state %ld %s %s channel %d",
349 d, d->state, batostr(src), batostr(dst), channel);
351 if (channel < 1 || channel > 30)
354 if (d->state != BT_OPEN && d->state != BT_CLOSED)
357 s = rfcomm_session_get(src, dst);
359 s = rfcomm_session_create(src, dst, &err);
364 dlci = __dlci(!s->initiator, channel);
366 /* Check if DLCI already exists */
367 if (rfcomm_dlc_get(s, dlci))
370 rfcomm_dlc_clear_state(d);
373 d->addr = __addr(s->initiator, dlci);
376 d->state = BT_CONFIG;
377 rfcomm_dlc_link(s, d);
380 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
382 if (s->state == BT_CONNECTED)
383 rfcomm_send_pn(s, 1, d);
384 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
388 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
394 r = __rfcomm_dlc_open(d, src, dst, channel);
400 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
402 struct rfcomm_session *s = d->session;
406 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
407 d, d->state, d->dlci, err, s);
413 d->state = BT_DISCONN;
414 if (skb_queue_empty(&d->tx_queue)) {
415 rfcomm_send_disc(s, d->dlci);
416 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
418 rfcomm_queue_disc(d);
419 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
424 rfcomm_dlc_clear_timer(d);
427 d->state = BT_CLOSED;
428 d->state_change(d, err);
429 rfcomm_dlc_unlock(d);
431 skb_queue_purge(&d->tx_queue);
432 rfcomm_dlc_unlink(d);
438 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
444 r = __rfcomm_dlc_close(d, err);
450 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
454 if (d->state != BT_CONNECTED)
457 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
462 rfcomm_make_uih(skb, d->addr);
463 skb_queue_tail(&d->tx_queue, skb);
465 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
466 rfcomm_schedule(RFCOMM_SCHED_TX);
470 void fastcall __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
472 BT_DBG("dlc %p state %ld", d, d->state);
475 d->v24_sig |= RFCOMM_V24_FC;
476 set_bit(RFCOMM_MSC_PENDING, &d->flags);
478 rfcomm_schedule(RFCOMM_SCHED_TX);
481 void fastcall __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
483 BT_DBG("dlc %p state %ld", d, d->state);
486 d->v24_sig &= ~RFCOMM_V24_FC;
487 set_bit(RFCOMM_MSC_PENDING, &d->flags);
489 rfcomm_schedule(RFCOMM_SCHED_TX);
493 Set/get modem status functions use _local_ status i.e. what we report
495 Remote status is provided by dlc->modem_status() callback.
497 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
499 BT_DBG("dlc %p state %ld v24_sig 0x%x",
500 d, d->state, v24_sig);
502 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
503 v24_sig |= RFCOMM_V24_FC;
505 v24_sig &= ~RFCOMM_V24_FC;
507 d->v24_sig = v24_sig;
509 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
510 rfcomm_schedule(RFCOMM_SCHED_TX);
515 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
517 BT_DBG("dlc %p state %ld v24_sig 0x%x",
518 d, d->state, d->v24_sig);
520 *v24_sig = d->v24_sig;
524 /* ---- RFCOMM sessions ---- */
525 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
527 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
532 BT_DBG("session %p sock %p", s, sock);
534 INIT_LIST_HEAD(&s->dlcs);
538 s->mtu = RFCOMM_DEFAULT_MTU;
539 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
541 /* Do not increment module usage count for listening sessions.
542 * Otherwise we won't be able to unload the module. */
543 if (state != BT_LISTEN)
544 if (!try_module_get(THIS_MODULE)) {
549 list_add(&s->list, &session_list);
554 static void rfcomm_session_del(struct rfcomm_session *s)
556 int state = s->state;
558 BT_DBG("session %p state %ld", s, s->state);
562 if (state == BT_CONNECTED)
563 rfcomm_send_disc(s, 0);
565 sock_release(s->sock);
568 if (state != BT_LISTEN)
569 module_put(THIS_MODULE);
572 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
574 struct rfcomm_session *s;
575 struct list_head *p, *n;
577 list_for_each_safe(p, n, &session_list) {
578 s = list_entry(p, struct rfcomm_session, list);
579 sk = bt_sk(s->sock->sk);
581 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
582 !bacmp(&sk->dst, dst))
588 static void rfcomm_session_close(struct rfcomm_session *s, int err)
590 struct rfcomm_dlc *d;
591 struct list_head *p, *n;
593 BT_DBG("session %p state %ld err %d", s, s->state, err);
595 rfcomm_session_hold(s);
597 s->state = BT_CLOSED;
600 list_for_each_safe(p, n, &s->dlcs) {
601 d = list_entry(p, struct rfcomm_dlc, list);
602 d->state = BT_CLOSED;
603 __rfcomm_dlc_close(d, err);
606 rfcomm_session_put(s);
609 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
611 struct rfcomm_session *s = NULL;
612 struct sockaddr_l2 addr;
616 BT_DBG("%s %s", batostr(src), batostr(dst));
618 *err = rfcomm_l2sock_create(&sock);
622 bacpy(&addr.l2_bdaddr, src);
623 addr.l2_family = AF_BLUETOOTH;
625 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
629 /* Set L2CAP options */
632 l2cap_pi(sk)->imtu = l2cap_mtu;
635 s = rfcomm_session_add(sock, BT_BOUND);
643 bacpy(&addr.l2_bdaddr, dst);
644 addr.l2_family = AF_BLUETOOTH;
645 addr.l2_psm = htobs(RFCOMM_PSM);
646 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
647 if (*err == 0 || *err == -EINPROGRESS)
650 rfcomm_session_del(s);
658 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
660 struct sock *sk = s->sock->sk;
662 bacpy(src, &bt_sk(sk)->src);
664 bacpy(dst, &bt_sk(sk)->dst);
667 /* ---- RFCOMM frame sending ---- */
668 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
670 struct socket *sock = s->sock;
671 struct kvec iv = { data, len };
674 BT_DBG("session %p len %d", s, len);
676 memset(&msg, 0, sizeof(msg));
678 return kernel_sendmsg(sock, &msg, &iv, 1, len);
681 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
683 struct rfcomm_cmd cmd;
685 BT_DBG("%p dlci %d", s, dlci);
687 cmd.addr = __addr(s->initiator, dlci);
688 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
690 cmd.fcs = __fcs2((u8 *) &cmd);
692 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
695 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
697 struct rfcomm_cmd cmd;
699 BT_DBG("%p dlci %d", s, dlci);
701 cmd.addr = __addr(!s->initiator, dlci);
702 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
704 cmd.fcs = __fcs2((u8 *) &cmd);
706 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
709 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
711 struct rfcomm_cmd cmd;
713 BT_DBG("%p dlci %d", s, dlci);
715 cmd.addr = __addr(s->initiator, dlci);
716 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
718 cmd.fcs = __fcs2((u8 *) &cmd);
720 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
723 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
725 struct rfcomm_cmd *cmd;
728 BT_DBG("dlc %p dlci %d", d, d->dlci);
730 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
734 cmd = (void *) __skb_put(skb, sizeof(*cmd));
736 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
737 cmd->len = __len8(0);
738 cmd->fcs = __fcs2((u8 *) cmd);
740 skb_queue_tail(&d->tx_queue, skb);
741 rfcomm_schedule(RFCOMM_SCHED_TX);
745 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
747 struct rfcomm_cmd cmd;
749 BT_DBG("%p dlci %d", s, dlci);
751 cmd.addr = __addr(!s->initiator, dlci);
752 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
754 cmd.fcs = __fcs2((u8 *) &cmd);
756 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
759 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
761 struct rfcomm_hdr *hdr;
762 struct rfcomm_mcc *mcc;
763 u8 buf[16], *ptr = buf;
765 BT_DBG("%p cr %d type %d", s, cr, type);
767 hdr = (void *) ptr; ptr += sizeof(*hdr);
768 hdr->addr = __addr(s->initiator, 0);
769 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
770 hdr->len = __len8(sizeof(*mcc) + 1);
772 mcc = (void *) ptr; ptr += sizeof(*mcc);
773 mcc->type = __mcc_type(cr, RFCOMM_NSC);
774 mcc->len = __len8(1);
776 /* Type that we didn't like */
777 *ptr = __mcc_type(cr, type); ptr++;
779 *ptr = __fcs(buf); ptr++;
781 return rfcomm_send_frame(s, buf, ptr - buf);
784 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
786 struct rfcomm_hdr *hdr;
787 struct rfcomm_mcc *mcc;
788 struct rfcomm_pn *pn;
789 u8 buf[16], *ptr = buf;
791 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
793 hdr = (void *) ptr; ptr += sizeof(*hdr);
794 hdr->addr = __addr(s->initiator, 0);
795 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
796 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
798 mcc = (void *) ptr; ptr += sizeof(*mcc);
799 mcc->type = __mcc_type(cr, RFCOMM_PN);
800 mcc->len = __len8(sizeof(*pn));
802 pn = (void *) ptr; ptr += sizeof(*pn);
804 pn->priority = d->priority;
809 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
810 pn->credits = RFCOMM_DEFAULT_CREDITS;
816 if (cr && channel_mtu >= 0)
817 pn->mtu = htobs(channel_mtu);
819 pn->mtu = htobs(d->mtu);
821 *ptr = __fcs(buf); ptr++;
823 return rfcomm_send_frame(s, buf, ptr - buf);
826 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
827 u8 bit_rate, u8 data_bits, u8 stop_bits,
828 u8 parity, u8 flow_ctrl_settings,
829 u8 xon_char, u8 xoff_char, u16 param_mask)
831 struct rfcomm_hdr *hdr;
832 struct rfcomm_mcc *mcc;
833 struct rfcomm_rpn *rpn;
834 u8 buf[16], *ptr = buf;
836 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
837 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
838 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
839 flow_ctrl_settings, xon_char, xoff_char, param_mask);
841 hdr = (void *) ptr; ptr += sizeof(*hdr);
842 hdr->addr = __addr(s->initiator, 0);
843 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
844 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
846 mcc = (void *) ptr; ptr += sizeof(*mcc);
847 mcc->type = __mcc_type(cr, RFCOMM_RPN);
848 mcc->len = __len8(sizeof(*rpn));
850 rpn = (void *) ptr; ptr += sizeof(*rpn);
851 rpn->dlci = __addr(1, dlci);
852 rpn->bit_rate = bit_rate;
853 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
854 rpn->flow_ctrl = flow_ctrl_settings;
855 rpn->xon_char = xon_char;
856 rpn->xoff_char = xoff_char;
857 rpn->param_mask = cpu_to_le16(param_mask);
859 *ptr = __fcs(buf); ptr++;
861 return rfcomm_send_frame(s, buf, ptr - buf);
864 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
866 struct rfcomm_hdr *hdr;
867 struct rfcomm_mcc *mcc;
868 struct rfcomm_rls *rls;
869 u8 buf[16], *ptr = buf;
871 BT_DBG("%p cr %d status 0x%x", s, cr, status);
873 hdr = (void *) ptr; ptr += sizeof(*hdr);
874 hdr->addr = __addr(s->initiator, 0);
875 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
876 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
878 mcc = (void *) ptr; ptr += sizeof(*mcc);
879 mcc->type = __mcc_type(cr, RFCOMM_RLS);
880 mcc->len = __len8(sizeof(*rls));
882 rls = (void *) ptr; ptr += sizeof(*rls);
883 rls->dlci = __addr(1, dlci);
884 rls->status = status;
886 *ptr = __fcs(buf); ptr++;
888 return rfcomm_send_frame(s, buf, ptr - buf);
891 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
893 struct rfcomm_hdr *hdr;
894 struct rfcomm_mcc *mcc;
895 struct rfcomm_msc *msc;
896 u8 buf[16], *ptr = buf;
898 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
900 hdr = (void *) ptr; ptr += sizeof(*hdr);
901 hdr->addr = __addr(s->initiator, 0);
902 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
903 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
905 mcc = (void *) ptr; ptr += sizeof(*mcc);
906 mcc->type = __mcc_type(cr, RFCOMM_MSC);
907 mcc->len = __len8(sizeof(*msc));
909 msc = (void *) ptr; ptr += sizeof(*msc);
910 msc->dlci = __addr(1, dlci);
911 msc->v24_sig = v24_sig | 0x01;
913 *ptr = __fcs(buf); ptr++;
915 return rfcomm_send_frame(s, buf, ptr - buf);
918 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
920 struct rfcomm_hdr *hdr;
921 struct rfcomm_mcc *mcc;
922 u8 buf[16], *ptr = buf;
924 BT_DBG("%p cr %d", s, cr);
926 hdr = (void *) ptr; ptr += sizeof(*hdr);
927 hdr->addr = __addr(s->initiator, 0);
928 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
929 hdr->len = __len8(sizeof(*mcc));
931 mcc = (void *) ptr; ptr += sizeof(*mcc);
932 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
933 mcc->len = __len8(0);
935 *ptr = __fcs(buf); ptr++;
937 return rfcomm_send_frame(s, buf, ptr - buf);
940 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
942 struct rfcomm_hdr *hdr;
943 struct rfcomm_mcc *mcc;
944 u8 buf[16], *ptr = buf;
946 BT_DBG("%p cr %d", s, cr);
948 hdr = (void *) ptr; ptr += sizeof(*hdr);
949 hdr->addr = __addr(s->initiator, 0);
950 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
951 hdr->len = __len8(sizeof(*mcc));
953 mcc = (void *) ptr; ptr += sizeof(*mcc);
954 mcc->type = __mcc_type(cr, RFCOMM_FCON);
955 mcc->len = __len8(0);
957 *ptr = __fcs(buf); ptr++;
959 return rfcomm_send_frame(s, buf, ptr - buf);
962 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
964 struct socket *sock = s->sock;
967 unsigned char hdr[5], crc[1];
972 BT_DBG("%p cr %d", s, cr);
974 hdr[0] = __addr(s->initiator, 0);
975 hdr[1] = __ctrl(RFCOMM_UIH, 0);
976 hdr[2] = 0x01 | ((len + 2) << 1);
977 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
978 hdr[4] = 0x01 | (len << 1);
982 iv[0].iov_base = hdr;
984 iv[1].iov_base = pattern;
986 iv[2].iov_base = crc;
989 memset(&msg, 0, sizeof(msg));
991 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
994 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
996 struct rfcomm_hdr *hdr;
997 u8 buf[16], *ptr = buf;
999 BT_DBG("%p addr %d credits %d", s, addr, credits);
1001 hdr = (void *) ptr; ptr += sizeof(*hdr);
1003 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1004 hdr->len = __len8(0);
1006 *ptr = credits; ptr++;
1008 *ptr = __fcs(buf); ptr++;
1010 return rfcomm_send_frame(s, buf, ptr - buf);
1013 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1015 struct rfcomm_hdr *hdr;
1020 hdr = (void *) skb_push(skb, 4);
1021 put_unaligned(htobs(__len16(len)), (__le16 *) &hdr->len);
1023 hdr = (void *) skb_push(skb, 3);
1024 hdr->len = __len8(len);
1027 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1029 crc = skb_put(skb, 1);
1030 *crc = __fcs((void *) hdr);
1033 /* ---- RFCOMM frame reception ---- */
1034 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1036 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1040 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1042 rfcomm_send_dm(s, dlci);
1048 rfcomm_dlc_clear_timer(d);
1051 d->state = BT_CONNECTED;
1052 d->state_change(d, 0);
1053 rfcomm_dlc_unlock(d);
1055 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1059 d->state = BT_CLOSED;
1060 __rfcomm_dlc_close(d, 0);
1064 /* Control channel */
1067 s->state = BT_CONNECTED;
1068 rfcomm_process_connect(s);
1075 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1079 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1083 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1085 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1090 d->state = BT_CLOSED;
1091 __rfcomm_dlc_close(d, err);
1094 if (s->state == BT_CONNECT)
1099 s->state = BT_CLOSED;
1100 rfcomm_session_close(s, err);
1105 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1109 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1112 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1114 rfcomm_send_ua(s, dlci);
1116 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1121 d->state = BT_CLOSED;
1122 __rfcomm_dlc_close(d, err);
1124 rfcomm_send_dm(s, dlci);
1127 rfcomm_send_ua(s, 0);
1129 if (s->state == BT_CONNECT)
1134 s->state = BT_CLOSED;
1135 rfcomm_session_close(s, err);
1141 static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
1143 struct sock *sk = d->session->sock->sk;
1145 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
1146 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
1148 } else if (d->link_mode & RFCOMM_LM_AUTH) {
1149 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
1156 static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1158 struct sock *sk = d->session->sock->sk;
1160 BT_DBG("dlc %p", d);
1162 rfcomm_send_ua(d->session, d->dlci);
1165 d->state = BT_CONNECTED;
1166 d->state_change(d, 0);
1167 rfcomm_dlc_unlock(d);
1169 if (d->link_mode & RFCOMM_LM_MASTER)
1170 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);
1172 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1175 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1177 struct rfcomm_dlc *d;
1180 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1183 rfcomm_send_ua(s, 0);
1185 if (s->state == BT_OPEN) {
1186 s->state = BT_CONNECTED;
1187 rfcomm_process_connect(s);
1192 /* Check if DLC exists */
1193 d = rfcomm_dlc_get(s, dlci);
1195 if (d->state == BT_OPEN) {
1196 /* DLC was previously opened by PN request */
1197 if (rfcomm_check_link_mode(d)) {
1198 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1199 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1203 rfcomm_dlc_accept(d);
1208 /* Notify socket layer about incoming connection */
1209 channel = __srv_channel(dlci);
1210 if (rfcomm_connect_ind(s, channel, &d)) {
1212 d->addr = __addr(s->initiator, dlci);
1213 rfcomm_dlc_link(s, d);
1215 if (rfcomm_check_link_mode(d)) {
1216 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1217 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1221 rfcomm_dlc_accept(d);
1223 rfcomm_send_dm(s, dlci);
1229 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1231 struct rfcomm_session *s = d->session;
1233 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1234 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1236 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1237 pn->flow_ctrl == 0xe0) {
1238 d->cfc = RFCOMM_CFC_ENABLED;
1239 d->tx_credits = pn->credits;
1241 d->cfc = RFCOMM_CFC_DISABLED;
1242 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1245 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1248 d->priority = pn->priority;
1250 d->mtu = btohs(pn->mtu);
1252 if (cr && d->mtu > s->mtu)
1258 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1260 struct rfcomm_pn *pn = (void *) skb->data;
1261 struct rfcomm_dlc *d;
1264 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1269 d = rfcomm_dlc_get(s, dlci);
1273 rfcomm_apply_pn(d, cr, pn);
1274 rfcomm_send_pn(s, 0, d);
1279 rfcomm_apply_pn(d, cr, pn);
1281 d->state = BT_CONNECT;
1282 rfcomm_send_sabm(s, d->dlci);
1287 u8 channel = __srv_channel(dlci);
1292 /* PN request for non existing DLC.
1293 * Assume incoming connection. */
1294 if (rfcomm_connect_ind(s, channel, &d)) {
1296 d->addr = __addr(s->initiator, dlci);
1297 rfcomm_dlc_link(s, d);
1299 rfcomm_apply_pn(d, cr, pn);
1302 rfcomm_send_pn(s, 0, d);
1304 rfcomm_send_dm(s, dlci);
1310 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1312 struct rfcomm_rpn *rpn = (void *) skb->data;
1313 u8 dlci = __get_dlci(rpn->dlci);
1322 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1324 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1325 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1326 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1332 /* This is a request, return default settings */
1333 bit_rate = RFCOMM_RPN_BR_115200;
1334 data_bits = RFCOMM_RPN_DATA_8;
1335 stop_bits = RFCOMM_RPN_STOP_1;
1336 parity = RFCOMM_RPN_PARITY_NONE;
1337 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1338 xon_char = RFCOMM_RPN_XON_CHAR;
1339 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1343 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1344 * no parity, no flow control lines, normal XON/XOFF chars */
1346 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1347 bit_rate = rpn->bit_rate;
1348 if (bit_rate != RFCOMM_RPN_BR_115200) {
1349 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1350 bit_rate = RFCOMM_RPN_BR_115200;
1351 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1355 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1356 data_bits = __get_rpn_data_bits(rpn->line_settings);
1357 if (data_bits != RFCOMM_RPN_DATA_8) {
1358 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1359 data_bits = RFCOMM_RPN_DATA_8;
1360 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1364 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1365 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1366 if (stop_bits != RFCOMM_RPN_STOP_1) {
1367 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1368 stop_bits = RFCOMM_RPN_STOP_1;
1369 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1373 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1374 parity = __get_rpn_parity(rpn->line_settings);
1375 if (parity != RFCOMM_RPN_PARITY_NONE) {
1376 BT_DBG("RPN parity mismatch 0x%x", parity);
1377 parity = RFCOMM_RPN_PARITY_NONE;
1378 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1382 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1383 flow_ctrl = rpn->flow_ctrl;
1384 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1385 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1386 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1387 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1391 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1392 xon_char = rpn->xon_char;
1393 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1394 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1395 xon_char = RFCOMM_RPN_XON_CHAR;
1396 rpn_mask ^= RFCOMM_RPN_PM_XON;
1400 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1401 xoff_char = rpn->xoff_char;
1402 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1403 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1404 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1405 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1410 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1411 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1416 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1418 struct rfcomm_rls *rls = (void *) skb->data;
1419 u8 dlci = __get_dlci(rls->dlci);
1421 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1426 /* We should probably do something with this information here. But
1427 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1428 * mandatory to recognise and respond to RLS */
1430 rfcomm_send_rls(s, 0, dlci, rls->status);
1435 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1437 struct rfcomm_msc *msc = (void *) skb->data;
1438 struct rfcomm_dlc *d;
1439 u8 dlci = __get_dlci(msc->dlci);
1441 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1443 d = rfcomm_dlc_get(s, dlci);
1448 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1449 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1451 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1454 if (d->modem_status)
1455 d->modem_status(d, msc->v24_sig);
1456 rfcomm_dlc_unlock(d);
1458 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1460 d->mscex |= RFCOMM_MSCEX_RX;
1462 d->mscex |= RFCOMM_MSCEX_TX;
1467 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1469 struct rfcomm_mcc *mcc = (void *) skb->data;
1472 cr = __test_cr(mcc->type);
1473 type = __get_mcc_type(mcc->type);
1474 len = __get_mcc_len(mcc->len);
1476 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1482 rfcomm_recv_pn(s, cr, skb);
1486 rfcomm_recv_rpn(s, cr, len, skb);
1490 rfcomm_recv_rls(s, cr, skb);
1494 rfcomm_recv_msc(s, cr, skb);
1499 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1500 rfcomm_send_fcoff(s, 0);
1506 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1507 rfcomm_send_fcon(s, 0);
1513 rfcomm_send_test(s, 0, skb->data, skb->len);
1520 BT_ERR("Unknown control type 0x%02x", type);
1521 rfcomm_send_nsc(s, cr, type);
1527 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1529 struct rfcomm_dlc *d;
1531 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1533 d = rfcomm_dlc_get(s, dlci);
1535 rfcomm_send_dm(s, dlci);
1540 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1542 d->tx_credits += credits;
1544 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1547 if (skb->len && d->state == BT_CONNECTED) {
1550 d->data_ready(d, skb);
1551 rfcomm_dlc_unlock(d);
1560 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1562 struct rfcomm_hdr *hdr = (void *) skb->data;
1565 dlci = __get_dlci(hdr->addr);
1566 type = __get_type(hdr->ctrl);
1569 skb->len--; skb->tail--;
1570 fcs = *(u8 *)skb_tail_pointer(skb);
1572 if (__check_fcs(skb->data, type, fcs)) {
1573 BT_ERR("bad checksum in packet");
1578 if (__test_ea(hdr->len))
1585 if (__test_pf(hdr->ctrl))
1586 rfcomm_recv_sabm(s, dlci);
1590 if (__test_pf(hdr->ctrl))
1591 rfcomm_recv_disc(s, dlci);
1595 if (__test_pf(hdr->ctrl))
1596 rfcomm_recv_ua(s, dlci);
1600 rfcomm_recv_dm(s, dlci);
1605 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1607 rfcomm_recv_mcc(s, skb);
1611 BT_ERR("Unknown packet type 0x%02x\n", type);
1618 /* ---- Connection and data processing ---- */
1620 static void rfcomm_process_connect(struct rfcomm_session *s)
1622 struct rfcomm_dlc *d;
1623 struct list_head *p, *n;
1625 BT_DBG("session %p state %ld", s, s->state);
1627 list_for_each_safe(p, n, &s->dlcs) {
1628 d = list_entry(p, struct rfcomm_dlc, list);
1629 if (d->state == BT_CONFIG) {
1631 rfcomm_send_pn(s, 1, d);
1636 /* Send data queued for the DLC.
1637 * Return number of frames left in the queue.
1639 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1641 struct sk_buff *skb;
1644 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1645 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1647 /* Send pending MSC */
1648 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1649 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1653 * Give them some credits */
1654 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1655 d->rx_credits <= (d->cfc >> 2)) {
1656 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1657 d->rx_credits = d->cfc;
1661 * Give ourselves some credits */
1665 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1666 return skb_queue_len(&d->tx_queue);
1668 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1669 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1671 skb_queue_head(&d->tx_queue, skb);
1678 if (d->cfc && !d->tx_credits) {
1679 /* We're out of TX credits.
1680 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1681 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1684 return skb_queue_len(&d->tx_queue);
1687 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1689 struct rfcomm_dlc *d;
1690 struct list_head *p, *n;
1692 BT_DBG("session %p state %ld", s, s->state);
1694 list_for_each_safe(p, n, &s->dlcs) {
1695 d = list_entry(p, struct rfcomm_dlc, list);
1697 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1698 __rfcomm_dlc_close(d, ETIMEDOUT);
1702 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1703 rfcomm_dlc_clear_timer(d);
1704 rfcomm_dlc_accept(d);
1705 if (d->link_mode & RFCOMM_LM_SECURE) {
1706 struct sock *sk = s->sock->sk;
1707 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
1710 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1711 rfcomm_dlc_clear_timer(d);
1712 rfcomm_send_dm(s, d->dlci);
1713 __rfcomm_dlc_close(d, ECONNREFUSED);
1717 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1720 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1721 d->mscex == RFCOMM_MSCEX_OK)
1722 rfcomm_process_tx(d);
1726 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1728 struct socket *sock = s->sock;
1729 struct sock *sk = sock->sk;
1730 struct sk_buff *skb;
1732 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1734 /* Get data directly from socket receive queue without copying it. */
1735 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1737 rfcomm_recv_frame(s, skb);
1740 if (sk->sk_state == BT_CLOSED) {
1742 rfcomm_session_put(s);
1744 rfcomm_session_close(s, sk->sk_err);
1748 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1750 struct socket *sock = s->sock, *nsock;
1753 /* Fast check for a new connection.
1754 * Avoids unnesesary socket allocations. */
1755 if (list_empty(&bt_sk(sock->sk)->accept_q))
1758 BT_DBG("session %p", s);
1760 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1764 __module_get(nsock->ops->owner);
1766 /* Set our callbacks */
1767 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1768 nsock->sk->sk_state_change = rfcomm_l2state_change;
1770 s = rfcomm_session_add(nsock, BT_OPEN);
1772 rfcomm_session_hold(s);
1774 /* We should adjust MTU on incoming sessions.
1775 * L2CAP MTU minus UIH header and FCS. */
1776 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5;
1778 rfcomm_schedule(RFCOMM_SCHED_RX);
1780 sock_release(nsock);
1783 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1785 struct sock *sk = s->sock->sk;
1787 BT_DBG("%p state %ld", s, s->state);
1789 switch(sk->sk_state) {
1791 s->state = BT_CONNECT;
1793 /* We can adjust MTU on outgoing sessions.
1794 * L2CAP MTU minus UIH header and FCS. */
1795 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1797 rfcomm_send_sabm(s, 0);
1801 s->state = BT_CLOSED;
1802 rfcomm_session_close(s, sk->sk_err);
1807 static inline void rfcomm_process_sessions(void)
1809 struct list_head *p, *n;
1813 list_for_each_safe(p, n, &session_list) {
1814 struct rfcomm_session *s;
1815 s = list_entry(p, struct rfcomm_session, list);
1817 if (s->state == BT_LISTEN) {
1818 rfcomm_accept_connection(s);
1822 rfcomm_session_hold(s);
1826 rfcomm_check_connection(s);
1830 rfcomm_process_rx(s);
1834 rfcomm_process_dlcs(s);
1836 rfcomm_session_put(s);
1842 static void rfcomm_worker(void)
1846 while (!atomic_read(&terminate)) {
1847 set_current_state(TASK_INTERRUPTIBLE);
1848 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1849 /* No pending events. Let's sleep.
1850 * Incoming connections and data will wake us up. */
1853 set_current_state(TASK_RUNNING);
1856 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1857 rfcomm_process_sessions();
1862 static int rfcomm_add_listener(bdaddr_t *ba)
1864 struct sockaddr_l2 addr;
1865 struct socket *sock;
1867 struct rfcomm_session *s;
1871 err = rfcomm_l2sock_create(&sock);
1873 BT_ERR("Create socket failed %d", err);
1878 bacpy(&addr.l2_bdaddr, ba);
1879 addr.l2_family = AF_BLUETOOTH;
1880 addr.l2_psm = htobs(RFCOMM_PSM);
1881 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1883 BT_ERR("Bind failed %d", err);
1887 /* Set L2CAP options */
1890 l2cap_pi(sk)->imtu = l2cap_mtu;
1893 /* Start listening on the socket */
1894 err = kernel_listen(sock, 10);
1896 BT_ERR("Listen failed %d", err);
1900 /* Add listening session */
1901 s = rfcomm_session_add(sock, BT_LISTEN);
1905 rfcomm_session_hold(s);
1912 static void rfcomm_kill_listener(void)
1914 struct rfcomm_session *s;
1915 struct list_head *p, *n;
1919 list_for_each_safe(p, n, &session_list) {
1920 s = list_entry(p, struct rfcomm_session, list);
1921 rfcomm_session_del(s);
1925 static int rfcomm_run(void *unused)
1927 rfcomm_thread = current;
1929 atomic_inc(&running);
1931 daemonize("krfcommd");
1932 set_user_nice(current, -10);
1933 current->flags |= PF_NOFREEZE;
1937 rfcomm_add_listener(BDADDR_ANY);
1941 rfcomm_kill_listener();
1943 atomic_dec(&running);
1947 static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
1949 struct rfcomm_session *s;
1950 struct rfcomm_dlc *d;
1951 struct list_head *p, *n;
1953 BT_DBG("conn %p status 0x%02x", conn, status);
1955 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1959 rfcomm_session_hold(s);
1961 list_for_each_safe(p, n, &s->dlcs) {
1962 d = list_entry(p, struct rfcomm_dlc, list);
1964 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE))
1967 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1971 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1973 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1976 rfcomm_session_put(s);
1978 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1981 static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1983 struct rfcomm_session *s;
1984 struct rfcomm_dlc *d;
1985 struct list_head *p, *n;
1987 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
1989 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1993 rfcomm_session_hold(s);
1995 list_for_each_safe(p, n, &s->dlcs) {
1996 d = list_entry(p, struct rfcomm_dlc, list);
1998 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2001 if (!status && encrypt)
2002 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2004 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2007 rfcomm_session_put(s);
2009 rfcomm_schedule(RFCOMM_SCHED_AUTH);
2012 static struct hci_cb rfcomm_cb = {
2014 .auth_cfm = rfcomm_auth_cfm,
2015 .encrypt_cfm = rfcomm_encrypt_cfm
2018 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
2020 struct rfcomm_session *s;
2021 struct list_head *pp, *p;
2026 list_for_each(p, &session_list) {
2027 s = list_entry(p, struct rfcomm_session, list);
2028 list_for_each(pp, &s->dlcs) {
2029 struct sock *sk = s->sock->sk;
2030 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
2032 str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2033 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2034 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
2043 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
2045 /* ---- Initialization ---- */
2046 static int __init rfcomm_init(void)
2050 hci_register_cb(&rfcomm_cb);
2052 kernel_thread(rfcomm_run, NULL, CLONE_KERNEL);
2054 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0)
2055 BT_ERR("Failed to create RFCOMM info file");
2057 rfcomm_init_sockets();
2059 #ifdef CONFIG_BT_RFCOMM_TTY
2063 BT_INFO("RFCOMM ver %s", VERSION);
2068 static void __exit rfcomm_exit(void)
2070 class_remove_file(bt_class, &class_attr_rfcomm_dlc);
2072 hci_unregister_cb(&rfcomm_cb);
2074 /* Terminate working thread.
2075 * ie. Set terminate flag and wake it up */
2076 atomic_inc(&terminate);
2077 rfcomm_schedule(RFCOMM_SCHED_STATE);
2079 /* Wait until thread is running */
2080 while (atomic_read(&running))
2083 #ifdef CONFIG_BT_RFCOMM_TTY
2084 rfcomm_cleanup_ttys();
2087 rfcomm_cleanup_sockets();
2090 module_init(rfcomm_init);
2091 module_exit(rfcomm_exit);
2093 module_param(disable_cfc, bool, 0644);
2094 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2096 module_param(channel_mtu, int, 0644);
2097 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2099 module_param(l2cap_mtu, uint, 0644);
2100 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2102 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
2103 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2104 MODULE_VERSION(VERSION);
2105 MODULE_LICENSE("GPL");
2106 MODULE_ALIAS("bt-proto-3");
projects / linux-2.6 / blob