2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
27 * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $
30 #include <linux/config.h>
31 #include <linux/module.h>
32 #include <linux/errno.h>
33 #include <linux/kernel.h>
34 #include <linux/sched.h>
35 #include <linux/signal.h>
36 #include <linux/init.h>
37 #include <linux/wait.h>
38 #include <linux/device.h>
39 #include <linux/net.h>
41 #include <asm/uaccess.h>
42 #include <asm/unaligned.h>
44 #include <net/bluetooth/bluetooth.h>
45 #include <net/bluetooth/hci_core.h>
46 #include <net/bluetooth/l2cap.h>
47 #include <net/bluetooth/rfcomm.h>
51 #ifndef CONFIG_BT_RFCOMM_DEBUG
56 static struct task_struct *rfcomm_thread;
58 static DECLARE_MUTEX(rfcomm_sem);
59 #define rfcomm_lock() down(&rfcomm_sem);
60 #define rfcomm_unlock() up(&rfcomm_sem);
62 static unsigned long rfcomm_event;
64 static LIST_HEAD(session_list);
65 static atomic_t terminate, running;
67 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
68 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
69 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
70 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
71 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
72 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
73 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
74 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
75 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
76 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
78 static void rfcomm_process_connect(struct rfcomm_session *s);
80 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
81 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
82 static void rfcomm_session_del(struct rfcomm_session *s);
84 /* ---- RFCOMM frame parsing macros ---- */
85 #define __get_dlci(b) ((b & 0xfc) >> 2)
86 #define __get_channel(b) ((b & 0xf8) >> 3)
87 #define __get_dir(b) ((b & 0x04) >> 2)
88 #define __get_type(b) ((b & 0xef))
90 #define __test_ea(b) ((b & 0x01))
91 #define __test_cr(b) ((b & 0x02))
92 #define __test_pf(b) ((b & 0x10))
94 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
95 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
96 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
97 #define __srv_channel(dlci) (dlci >> 1)
98 #define __dir(dlci) (dlci & 0x01)
100 #define __len8(len) (((len) << 1) | 1)
101 #define __len16(len) ((len) << 1)
104 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
105 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
106 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
109 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
110 #define __get_rpn_data_bits(line) ((line) & 0x3)
111 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
112 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
114 static inline void rfcomm_schedule(uint event)
118 //set_bit(event, &rfcomm_event);
119 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
120 wake_up_process(rfcomm_thread);
123 static inline void rfcomm_session_put(struct rfcomm_session *s)
125 if (atomic_dec_and_test(&s->refcnt))
126 rfcomm_session_del(s);
129 /* ---- RFCOMM FCS computation ---- */
131 /* reversed, 8-bit, poly=0x07 */
132 static unsigned char rfcomm_crc_table[256] = {
133 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
134 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
135 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
136 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
138 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
139 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
140 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
141 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
143 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
144 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
145 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
146 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
148 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
149 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
150 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
151 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
153 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
154 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
155 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
156 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
158 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
159 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
160 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
161 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
163 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
164 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
165 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
166 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
168 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
169 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
170 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
171 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
175 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
178 static inline u8 __fcs(u8 *data)
180 return (0xff - __crc(data));
184 static inline u8 __fcs2(u8 *data)
186 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
190 static inline int __check_fcs(u8 *data, int type, u8 fcs)
194 if (type != RFCOMM_UIH)
195 f = rfcomm_crc_table[f ^ data[2]];
197 return rfcomm_crc_table[f ^ fcs] != 0xcf;
200 /* ---- L2CAP callbacks ---- */
201 static void rfcomm_l2state_change(struct sock *sk)
203 BT_DBG("%p state %d", sk, sk->sk_state);
204 rfcomm_schedule(RFCOMM_SCHED_STATE);
207 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
209 BT_DBG("%p bytes %d", sk, bytes);
210 rfcomm_schedule(RFCOMM_SCHED_RX);
213 static int rfcomm_l2sock_create(struct socket **sock)
219 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
221 struct sock *sk = (*sock)->sk;
222 sk->sk_data_ready = rfcomm_l2data_ready;
223 sk->sk_state_change = rfcomm_l2state_change;
228 /* ---- RFCOMM DLCs ---- */
229 static void rfcomm_dlc_timeout(unsigned long arg)
231 struct rfcomm_dlc *d = (void *) arg;
233 BT_DBG("dlc %p state %ld", d, d->state);
235 set_bit(RFCOMM_TIMED_OUT, &d->flags);
237 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
240 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
242 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
244 if (!mod_timer(&d->timer, jiffies + timeout))
248 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
250 BT_DBG("dlc %p state %ld", d, d->state);
252 if (timer_pending(&d->timer) && del_timer(&d->timer))
256 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
263 d->mtu = RFCOMM_DEFAULT_MTU;
264 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
266 d->cfc = RFCOMM_CFC_DISABLED;
267 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
270 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
272 struct rfcomm_dlc *d = kmalloc(sizeof(*d), prio);
275 memset(d, 0, sizeof(*d));
277 init_timer(&d->timer);
278 d->timer.function = rfcomm_dlc_timeout;
279 d->timer.data = (unsigned long) d;
281 skb_queue_head_init(&d->tx_queue);
282 spin_lock_init(&d->lock);
283 atomic_set(&d->refcnt, 1);
285 rfcomm_dlc_clear_state(d);
291 void rfcomm_dlc_free(struct rfcomm_dlc *d)
295 skb_queue_purge(&d->tx_queue);
299 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
301 BT_DBG("dlc %p session %p", d, s);
303 rfcomm_session_hold(s);
306 list_add(&d->list, &s->dlcs);
310 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
312 struct rfcomm_session *s = d->session;
314 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
320 rfcomm_session_put(s);
323 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
325 struct rfcomm_dlc *d;
328 list_for_each(p, &s->dlcs) {
329 d = list_entry(p, struct rfcomm_dlc, list);
336 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
338 struct rfcomm_session *s;
342 BT_DBG("dlc %p state %ld %s %s channel %d",
343 d, d->state, batostr(src), batostr(dst), channel);
345 if (channel < 1 || channel > 30)
348 if (d->state != BT_OPEN && d->state != BT_CLOSED)
351 s = rfcomm_session_get(src, dst);
353 s = rfcomm_session_create(src, dst, &err);
358 dlci = __dlci(!s->initiator, channel);
360 /* Check if DLCI already exists */
361 if (rfcomm_dlc_get(s, dlci))
364 rfcomm_dlc_clear_state(d);
367 d->addr = __addr(s->initiator, dlci);
370 d->state = BT_CONFIG;
371 rfcomm_dlc_link(s, d);
374 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
376 if (s->state == BT_CONNECTED)
377 rfcomm_send_pn(s, 1, d);
378 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
382 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
388 r = __rfcomm_dlc_open(d, src, dst, channel);
394 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
396 struct rfcomm_session *s = d->session;
400 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
401 d, d->state, d->dlci, err, s);
407 d->state = BT_DISCONN;
408 if (skb_queue_empty(&d->tx_queue)) {
409 rfcomm_send_disc(s, d->dlci);
410 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
412 rfcomm_queue_disc(d);
413 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
418 rfcomm_dlc_clear_timer(d);
421 d->state = BT_CLOSED;
422 d->state_change(d, err);
423 rfcomm_dlc_unlock(d);
425 skb_queue_purge(&d->tx_queue);
426 rfcomm_dlc_unlink(d);
432 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
438 r = __rfcomm_dlc_close(d, err);
444 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
448 if (d->state != BT_CONNECTED)
451 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
456 rfcomm_make_uih(skb, d->addr);
457 skb_queue_tail(&d->tx_queue, skb);
459 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
460 rfcomm_schedule(RFCOMM_SCHED_TX);
464 void fastcall __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
466 BT_DBG("dlc %p state %ld", d, d->state);
469 d->v24_sig |= RFCOMM_V24_FC;
470 set_bit(RFCOMM_MSC_PENDING, &d->flags);
472 rfcomm_schedule(RFCOMM_SCHED_TX);
475 void fastcall __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
477 BT_DBG("dlc %p state %ld", d, d->state);
480 d->v24_sig &= ~RFCOMM_V24_FC;
481 set_bit(RFCOMM_MSC_PENDING, &d->flags);
483 rfcomm_schedule(RFCOMM_SCHED_TX);
487 Set/get modem status functions use _local_ status i.e. what we report
489 Remote status is provided by dlc->modem_status() callback.
491 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
493 BT_DBG("dlc %p state %ld v24_sig 0x%x",
494 d, d->state, v24_sig);
496 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
497 v24_sig |= RFCOMM_V24_FC;
499 v24_sig &= ~RFCOMM_V24_FC;
501 d->v24_sig = v24_sig;
503 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
504 rfcomm_schedule(RFCOMM_SCHED_TX);
509 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
511 BT_DBG("dlc %p state %ld v24_sig 0x%x",
512 d, d->state, d->v24_sig);
514 *v24_sig = d->v24_sig;
518 /* ---- RFCOMM sessions ---- */
519 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
521 struct rfcomm_session *s = kmalloc(sizeof(*s), GFP_KERNEL);
524 memset(s, 0, sizeof(*s));
526 BT_DBG("session %p sock %p", s, sock);
528 INIT_LIST_HEAD(&s->dlcs);
532 s->mtu = RFCOMM_DEFAULT_MTU;
533 s->cfc = RFCOMM_CFC_UNKNOWN;
535 /* Do not increment module usage count for listening sessions.
536 * Otherwise we won't be able to unload the module. */
537 if (state != BT_LISTEN)
538 if (!try_module_get(THIS_MODULE)) {
543 list_add(&s->list, &session_list);
548 static void rfcomm_session_del(struct rfcomm_session *s)
550 int state = s->state;
552 BT_DBG("session %p state %ld", s, s->state);
556 if (state == BT_CONNECTED)
557 rfcomm_send_disc(s, 0);
559 sock_release(s->sock);
562 if (state != BT_LISTEN)
563 module_put(THIS_MODULE);
566 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
568 struct rfcomm_session *s;
569 struct list_head *p, *n;
571 list_for_each_safe(p, n, &session_list) {
572 s = list_entry(p, struct rfcomm_session, list);
573 sk = bt_sk(s->sock->sk);
575 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
576 !bacmp(&sk->dst, dst))
582 static void rfcomm_session_close(struct rfcomm_session *s, int err)
584 struct rfcomm_dlc *d;
585 struct list_head *p, *n;
587 BT_DBG("session %p state %ld err %d", s, s->state, err);
589 rfcomm_session_hold(s);
591 s->state = BT_CLOSED;
594 list_for_each_safe(p, n, &s->dlcs) {
595 d = list_entry(p, struct rfcomm_dlc, list);
596 d->state = BT_CLOSED;
597 __rfcomm_dlc_close(d, err);
600 rfcomm_session_put(s);
603 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
605 struct rfcomm_session *s = NULL;
606 struct sockaddr_l2 addr;
610 BT_DBG("%s %s", batostr(src), batostr(dst));
612 *err = rfcomm_l2sock_create(&sock);
616 bacpy(&addr.l2_bdaddr, src);
617 addr.l2_family = AF_BLUETOOTH;
619 *err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
623 /* Set L2CAP options */
626 l2cap_pi(sk)->imtu = RFCOMM_MAX_L2CAP_MTU;
629 s = rfcomm_session_add(sock, BT_BOUND);
637 bacpy(&addr.l2_bdaddr, dst);
638 addr.l2_family = AF_BLUETOOTH;
639 addr.l2_psm = htobs(RFCOMM_PSM);
640 *err = sock->ops->connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
641 if (*err == 0 || *err == -EAGAIN)
644 rfcomm_session_del(s);
652 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
654 struct sock *sk = s->sock->sk;
656 bacpy(src, &bt_sk(sk)->src);
658 bacpy(dst, &bt_sk(sk)->dst);
661 /* ---- RFCOMM frame sending ---- */
662 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
664 struct socket *sock = s->sock;
665 struct kvec iv = { data, len };
668 BT_DBG("session %p len %d", s, len);
670 memset(&msg, 0, sizeof(msg));
672 return kernel_sendmsg(sock, &msg, &iv, 1, len);
675 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
677 struct rfcomm_cmd cmd;
679 BT_DBG("%p dlci %d", s, dlci);
681 cmd.addr = __addr(s->initiator, dlci);
682 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
684 cmd.fcs = __fcs2((u8 *) &cmd);
686 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
689 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
691 struct rfcomm_cmd cmd;
693 BT_DBG("%p dlci %d", s, dlci);
695 cmd.addr = __addr(!s->initiator, dlci);
696 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
698 cmd.fcs = __fcs2((u8 *) &cmd);
700 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
703 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
705 struct rfcomm_cmd cmd;
707 BT_DBG("%p dlci %d", s, dlci);
709 cmd.addr = __addr(s->initiator, dlci);
710 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
712 cmd.fcs = __fcs2((u8 *) &cmd);
714 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
717 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
719 struct rfcomm_cmd *cmd;
722 BT_DBG("dlc %p dlci %d", d, d->dlci);
724 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
728 cmd = (void *) __skb_put(skb, sizeof(*cmd));
730 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
731 cmd->len = __len8(0);
732 cmd->fcs = __fcs2((u8 *) cmd);
734 skb_queue_tail(&d->tx_queue, skb);
735 rfcomm_schedule(RFCOMM_SCHED_TX);
739 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
741 struct rfcomm_cmd cmd;
743 BT_DBG("%p dlci %d", s, dlci);
745 cmd.addr = __addr(!s->initiator, dlci);
746 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
748 cmd.fcs = __fcs2((u8 *) &cmd);
750 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
753 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
755 struct rfcomm_hdr *hdr;
756 struct rfcomm_mcc *mcc;
757 u8 buf[16], *ptr = buf;
759 BT_DBG("%p cr %d type %d", s, cr, type);
761 hdr = (void *) ptr; ptr += sizeof(*hdr);
762 hdr->addr = __addr(s->initiator, 0);
763 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
764 hdr->len = __len8(sizeof(*mcc) + 1);
766 mcc = (void *) ptr; ptr += sizeof(*mcc);
767 mcc->type = __mcc_type(cr, RFCOMM_NSC);
768 mcc->len = __len8(1);
770 /* Type that we didn't like */
771 *ptr = __mcc_type(cr, type); ptr++;
773 *ptr = __fcs(buf); ptr++;
775 return rfcomm_send_frame(s, buf, ptr - buf);
778 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
780 struct rfcomm_hdr *hdr;
781 struct rfcomm_mcc *mcc;
782 struct rfcomm_pn *pn;
783 u8 buf[16], *ptr = buf;
785 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
787 hdr = (void *) ptr; ptr += sizeof(*hdr);
788 hdr->addr = __addr(s->initiator, 0);
789 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
790 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
792 mcc = (void *) ptr; ptr += sizeof(*mcc);
793 mcc->type = __mcc_type(cr, RFCOMM_PN);
794 mcc->len = __len8(sizeof(*pn));
796 pn = (void *) ptr; ptr += sizeof(*pn);
798 pn->priority = d->priority;
803 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
804 pn->credits = RFCOMM_DEFAULT_CREDITS;
810 pn->mtu = htobs(d->mtu);
812 *ptr = __fcs(buf); ptr++;
814 return rfcomm_send_frame(s, buf, ptr - buf);
817 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
818 u8 bit_rate, u8 data_bits, u8 stop_bits,
819 u8 parity, u8 flow_ctrl_settings,
820 u8 xon_char, u8 xoff_char, u16 param_mask)
822 struct rfcomm_hdr *hdr;
823 struct rfcomm_mcc *mcc;
824 struct rfcomm_rpn *rpn;
825 u8 buf[16], *ptr = buf;
827 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
828 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
829 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
830 flow_ctrl_settings, xon_char, xoff_char, param_mask);
832 hdr = (void *) ptr; ptr += sizeof(*hdr);
833 hdr->addr = __addr(s->initiator, 0);
834 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
835 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
837 mcc = (void *) ptr; ptr += sizeof(*mcc);
838 mcc->type = __mcc_type(cr, RFCOMM_RPN);
839 mcc->len = __len8(sizeof(*rpn));
841 rpn = (void *) ptr; ptr += sizeof(*rpn);
842 rpn->dlci = __addr(1, dlci);
843 rpn->bit_rate = bit_rate;
844 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
845 rpn->flow_ctrl = flow_ctrl_settings;
846 rpn->xon_char = xon_char;
847 rpn->xoff_char = xoff_char;
848 rpn->param_mask = param_mask;
850 *ptr = __fcs(buf); ptr++;
852 return rfcomm_send_frame(s, buf, ptr - buf);
855 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
857 struct rfcomm_hdr *hdr;
858 struct rfcomm_mcc *mcc;
859 struct rfcomm_rls *rls;
860 u8 buf[16], *ptr = buf;
862 BT_DBG("%p cr %d status 0x%x", s, cr, status);
864 hdr = (void *) ptr; ptr += sizeof(*hdr);
865 hdr->addr = __addr(s->initiator, 0);
866 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
867 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
869 mcc = (void *) ptr; ptr += sizeof(*mcc);
870 mcc->type = __mcc_type(cr, RFCOMM_RLS);
871 mcc->len = __len8(sizeof(*rls));
873 rls = (void *) ptr; ptr += sizeof(*rls);
874 rls->dlci = __addr(1, dlci);
875 rls->status = status;
877 *ptr = __fcs(buf); ptr++;
879 return rfcomm_send_frame(s, buf, ptr - buf);
882 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
884 struct rfcomm_hdr *hdr;
885 struct rfcomm_mcc *mcc;
886 struct rfcomm_msc *msc;
887 u8 buf[16], *ptr = buf;
889 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
891 hdr = (void *) ptr; ptr += sizeof(*hdr);
892 hdr->addr = __addr(s->initiator, 0);
893 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
894 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
896 mcc = (void *) ptr; ptr += sizeof(*mcc);
897 mcc->type = __mcc_type(cr, RFCOMM_MSC);
898 mcc->len = __len8(sizeof(*msc));
900 msc = (void *) ptr; ptr += sizeof(*msc);
901 msc->dlci = __addr(1, dlci);
902 msc->v24_sig = v24_sig | 0x01;
904 *ptr = __fcs(buf); ptr++;
906 return rfcomm_send_frame(s, buf, ptr - buf);
909 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
911 struct rfcomm_hdr *hdr;
912 struct rfcomm_mcc *mcc;
913 u8 buf[16], *ptr = buf;
915 BT_DBG("%p cr %d", s, cr);
917 hdr = (void *) ptr; ptr += sizeof(*hdr);
918 hdr->addr = __addr(s->initiator, 0);
919 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
920 hdr->len = __len8(sizeof(*mcc));
922 mcc = (void *) ptr; ptr += sizeof(*mcc);
923 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
924 mcc->len = __len8(0);
926 *ptr = __fcs(buf); ptr++;
928 return rfcomm_send_frame(s, buf, ptr - buf);
931 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
933 struct rfcomm_hdr *hdr;
934 struct rfcomm_mcc *mcc;
935 u8 buf[16], *ptr = buf;
937 BT_DBG("%p cr %d", s, cr);
939 hdr = (void *) ptr; ptr += sizeof(*hdr);
940 hdr->addr = __addr(s->initiator, 0);
941 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
942 hdr->len = __len8(sizeof(*mcc));
944 mcc = (void *) ptr; ptr += sizeof(*mcc);
945 mcc->type = __mcc_type(cr, RFCOMM_FCON);
946 mcc->len = __len8(0);
948 *ptr = __fcs(buf); ptr++;
950 return rfcomm_send_frame(s, buf, ptr - buf);
953 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
955 struct socket *sock = s->sock;
958 unsigned char hdr[5], crc[1];
963 BT_DBG("%p cr %d", s, cr);
965 hdr[0] = __addr(s->initiator, 0);
966 hdr[1] = __ctrl(RFCOMM_UIH, 0);
967 hdr[2] = 0x01 | ((len + 2) << 1);
968 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
969 hdr[4] = 0x01 | (len << 1);
973 iv[0].iov_base = hdr;
975 iv[1].iov_base = pattern;
977 iv[2].iov_base = crc;
980 memset(&msg, 0, sizeof(msg));
982 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
985 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
987 struct rfcomm_hdr *hdr;
988 u8 buf[16], *ptr = buf;
990 BT_DBG("%p addr %d credits %d", s, addr, credits);
992 hdr = (void *) ptr; ptr += sizeof(*hdr);
994 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
995 hdr->len = __len8(0);
997 *ptr = credits; ptr++;
999 *ptr = __fcs(buf); ptr++;
1001 return rfcomm_send_frame(s, buf, ptr - buf);
1004 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1006 struct rfcomm_hdr *hdr;
1011 hdr = (void *) skb_push(skb, 4);
1012 put_unaligned(htobs(__len16(len)), (u16 *) &hdr->len);
1014 hdr = (void *) skb_push(skb, 3);
1015 hdr->len = __len8(len);
1018 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1020 crc = skb_put(skb, 1);
1021 *crc = __fcs((void *) hdr);
1024 /* ---- RFCOMM frame reception ---- */
1025 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1027 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1031 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1033 rfcomm_send_dm(s, dlci);
1039 rfcomm_dlc_clear_timer(d);
1042 d->state = BT_CONNECTED;
1043 d->state_change(d, 0);
1044 rfcomm_dlc_unlock(d);
1046 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1050 d->state = BT_CLOSED;
1051 __rfcomm_dlc_close(d, 0);
1055 /* Control channel */
1058 s->state = BT_CONNECTED;
1059 rfcomm_process_connect(s);
1066 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1070 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1074 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1076 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1081 d->state = BT_CLOSED;
1082 __rfcomm_dlc_close(d, err);
1085 if (s->state == BT_CONNECT)
1090 s->state = BT_CLOSED;
1091 rfcomm_session_close(s, err);
1096 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1100 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1103 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1105 rfcomm_send_ua(s, dlci);
1107 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1112 d->state = BT_CLOSED;
1113 __rfcomm_dlc_close(d, err);
1115 rfcomm_send_dm(s, dlci);
1118 rfcomm_send_ua(s, 0);
1120 if (s->state == BT_CONNECT)
1125 s->state = BT_CLOSED;
1126 rfcomm_session_close(s, err);
1132 static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
1134 struct sock *sk = d->session->sock->sk;
1136 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
1137 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
1139 } else if (d->link_mode & RFCOMM_LM_AUTH) {
1140 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
1147 static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1149 BT_DBG("dlc %p", d);
1151 rfcomm_send_ua(d->session, d->dlci);
1154 d->state = BT_CONNECTED;
1155 d->state_change(d, 0);
1156 rfcomm_dlc_unlock(d);
1158 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1161 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1163 struct rfcomm_dlc *d;
1166 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1169 rfcomm_send_ua(s, 0);
1171 if (s->state == BT_OPEN) {
1172 s->state = BT_CONNECTED;
1173 rfcomm_process_connect(s);
1178 /* Check if DLC exists */
1179 d = rfcomm_dlc_get(s, dlci);
1181 if (d->state == BT_OPEN) {
1182 /* DLC was previously opened by PN request */
1183 if (rfcomm_check_link_mode(d)) {
1184 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1185 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1189 rfcomm_dlc_accept(d);
1194 /* Notify socket layer about incoming connection */
1195 channel = __srv_channel(dlci);
1196 if (rfcomm_connect_ind(s, channel, &d)) {
1198 d->addr = __addr(s->initiator, dlci);
1199 rfcomm_dlc_link(s, d);
1201 if (rfcomm_check_link_mode(d)) {
1202 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1203 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1207 rfcomm_dlc_accept(d);
1209 rfcomm_send_dm(s, dlci);
1215 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1217 struct rfcomm_session *s = d->session;
1219 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1220 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1222 if (pn->flow_ctrl == 0xf0 || pn->flow_ctrl == 0xe0) {
1223 d->cfc = s->cfc = RFCOMM_CFC_ENABLED;
1224 d->tx_credits = pn->credits;
1226 d->cfc = s->cfc = RFCOMM_CFC_DISABLED;
1227 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1230 d->priority = pn->priority;
1232 d->mtu = s->mtu = btohs(pn->mtu);
1237 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1239 struct rfcomm_pn *pn = (void *) skb->data;
1240 struct rfcomm_dlc *d;
1243 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1248 d = rfcomm_dlc_get(s, dlci);
1252 rfcomm_apply_pn(d, cr, pn);
1253 rfcomm_send_pn(s, 0, d);
1258 rfcomm_apply_pn(d, cr, pn);
1260 d->state = BT_CONNECT;
1261 rfcomm_send_sabm(s, d->dlci);
1266 u8 channel = __srv_channel(dlci);
1271 /* PN request for non existing DLC.
1272 * Assume incoming connection. */
1273 if (rfcomm_connect_ind(s, channel, &d)) {
1275 d->addr = __addr(s->initiator, dlci);
1276 rfcomm_dlc_link(s, d);
1278 rfcomm_apply_pn(d, cr, pn);
1281 rfcomm_send_pn(s, 0, d);
1283 rfcomm_send_dm(s, dlci);
1289 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1291 struct rfcomm_rpn *rpn = (void *) skb->data;
1292 u8 dlci = __get_dlci(rpn->dlci);
1301 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1303 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1304 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1305 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1311 /* This is a request, return default settings */
1312 bit_rate = RFCOMM_RPN_BR_115200;
1313 data_bits = RFCOMM_RPN_DATA_8;
1314 stop_bits = RFCOMM_RPN_STOP_1;
1315 parity = RFCOMM_RPN_PARITY_NONE;
1316 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1317 xon_char = RFCOMM_RPN_XON_CHAR;
1318 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1322 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1323 * no parity, no flow control lines, normal XON/XOFF chars */
1325 if (rpn->param_mask & RFCOMM_RPN_PM_BITRATE) {
1326 bit_rate = rpn->bit_rate;
1327 if (bit_rate != RFCOMM_RPN_BR_115200) {
1328 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1329 bit_rate = RFCOMM_RPN_BR_115200;
1330 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1334 if (rpn->param_mask & RFCOMM_RPN_PM_DATA) {
1335 data_bits = __get_rpn_data_bits(rpn->line_settings);
1336 if (data_bits != RFCOMM_RPN_DATA_8) {
1337 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1338 data_bits = RFCOMM_RPN_DATA_8;
1339 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1343 if (rpn->param_mask & RFCOMM_RPN_PM_STOP) {
1344 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1345 if (stop_bits != RFCOMM_RPN_STOP_1) {
1346 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1347 stop_bits = RFCOMM_RPN_STOP_1;
1348 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1352 if (rpn->param_mask & RFCOMM_RPN_PM_PARITY) {
1353 parity = __get_rpn_parity(rpn->line_settings);
1354 if (parity != RFCOMM_RPN_PARITY_NONE) {
1355 BT_DBG("RPN parity mismatch 0x%x", parity);
1356 parity = RFCOMM_RPN_PARITY_NONE;
1357 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1361 if (rpn->param_mask & RFCOMM_RPN_PM_FLOW) {
1362 flow_ctrl = rpn->flow_ctrl;
1363 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1364 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1365 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1366 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1370 if (rpn->param_mask & RFCOMM_RPN_PM_XON) {
1371 xon_char = rpn->xon_char;
1372 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1373 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1374 xon_char = RFCOMM_RPN_XON_CHAR;
1375 rpn_mask ^= RFCOMM_RPN_PM_XON;
1379 if (rpn->param_mask & RFCOMM_RPN_PM_XOFF) {
1380 xoff_char = rpn->xoff_char;
1381 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1382 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1383 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1384 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1389 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1390 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1395 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1397 struct rfcomm_rls *rls = (void *) skb->data;
1398 u8 dlci = __get_dlci(rls->dlci);
1400 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1405 /* We should probably do something with this information here. But
1406 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1407 * mandatory to recognise and respond to RLS */
1409 rfcomm_send_rls(s, 0, dlci, rls->status);
1414 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1416 struct rfcomm_msc *msc = (void *) skb->data;
1417 struct rfcomm_dlc *d;
1418 u8 dlci = __get_dlci(msc->dlci);
1420 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1422 d = rfcomm_dlc_get(s, dlci);
1427 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1428 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1430 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1433 if (d->modem_status)
1434 d->modem_status(d, msc->v24_sig);
1435 rfcomm_dlc_unlock(d);
1437 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1439 d->mscex |= RFCOMM_MSCEX_RX;
1441 d->mscex |= RFCOMM_MSCEX_TX;
1446 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1448 struct rfcomm_mcc *mcc = (void *) skb->data;
1451 cr = __test_cr(mcc->type);
1452 type = __get_mcc_type(mcc->type);
1453 len = __get_mcc_len(mcc->len);
1455 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1461 rfcomm_recv_pn(s, cr, skb);
1465 rfcomm_recv_rpn(s, cr, len, skb);
1469 rfcomm_recv_rls(s, cr, skb);
1473 rfcomm_recv_msc(s, cr, skb);
1478 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1479 rfcomm_send_fcoff(s, 0);
1485 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1486 rfcomm_send_fcon(s, 0);
1492 rfcomm_send_test(s, 0, skb->data, skb->len);
1499 BT_ERR("Unknown control type 0x%02x", type);
1500 rfcomm_send_nsc(s, cr, type);
1506 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1508 struct rfcomm_dlc *d;
1510 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1512 d = rfcomm_dlc_get(s, dlci);
1514 rfcomm_send_dm(s, dlci);
1519 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1521 d->tx_credits += credits;
1523 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1526 if (skb->len && d->state == BT_CONNECTED) {
1529 d->data_ready(d, skb);
1530 rfcomm_dlc_unlock(d);
1539 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1541 struct rfcomm_hdr *hdr = (void *) skb->data;
1544 dlci = __get_dlci(hdr->addr);
1545 type = __get_type(hdr->ctrl);
1548 skb->len--; skb->tail--;
1549 fcs = *(u8 *) skb->tail;
1551 if (__check_fcs(skb->data, type, fcs)) {
1552 BT_ERR("bad checksum in packet");
1557 if (__test_ea(hdr->len))
1564 if (__test_pf(hdr->ctrl))
1565 rfcomm_recv_sabm(s, dlci);
1569 if (__test_pf(hdr->ctrl))
1570 rfcomm_recv_disc(s, dlci);
1574 if (__test_pf(hdr->ctrl))
1575 rfcomm_recv_ua(s, dlci);
1579 rfcomm_recv_dm(s, dlci);
1584 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1586 rfcomm_recv_mcc(s, skb);
1590 BT_ERR("Unknown packet type 0x%02x\n", type);
1597 /* ---- Connection and data processing ---- */
1599 static void rfcomm_process_connect(struct rfcomm_session *s)
1601 struct rfcomm_dlc *d;
1602 struct list_head *p, *n;
1604 BT_DBG("session %p state %ld", s, s->state);
1606 list_for_each_safe(p, n, &s->dlcs) {
1607 d = list_entry(p, struct rfcomm_dlc, list);
1608 if (d->state == BT_CONFIG) {
1610 rfcomm_send_pn(s, 1, d);
1615 /* Send data queued for the DLC.
1616 * Return number of frames left in the queue.
1618 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1620 struct sk_buff *skb;
1623 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1624 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1626 /* Send pending MSC */
1627 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1628 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1632 * Give them some credits */
1633 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1634 d->rx_credits <= (d->cfc >> 2)) {
1635 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1636 d->rx_credits = d->cfc;
1640 * Give ourselves some credits */
1644 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1645 return skb_queue_len(&d->tx_queue);
1647 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1648 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1650 skb_queue_head(&d->tx_queue, skb);
1657 if (d->cfc && !d->tx_credits) {
1658 /* We're out of TX credits.
1659 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1660 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1663 return skb_queue_len(&d->tx_queue);
1666 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1668 struct rfcomm_dlc *d;
1669 struct list_head *p, *n;
1671 BT_DBG("session %p state %ld", s, s->state);
1673 list_for_each_safe(p, n, &s->dlcs) {
1674 d = list_entry(p, struct rfcomm_dlc, list);
1676 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1677 __rfcomm_dlc_close(d, ETIMEDOUT);
1681 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1682 rfcomm_dlc_clear_timer(d);
1683 rfcomm_dlc_accept(d);
1684 if (d->link_mode & RFCOMM_LM_SECURE) {
1685 struct sock *sk = s->sock->sk;
1686 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
1689 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1690 rfcomm_dlc_clear_timer(d);
1691 rfcomm_send_dm(s, d->dlci);
1692 __rfcomm_dlc_close(d, ECONNREFUSED);
1696 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1699 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1700 d->mscex == RFCOMM_MSCEX_OK)
1701 rfcomm_process_tx(d);
1705 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1707 struct socket *sock = s->sock;
1708 struct sock *sk = sock->sk;
1709 struct sk_buff *skb;
1711 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1713 /* Get data directly from socket receive queue without copying it. */
1714 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1716 rfcomm_recv_frame(s, skb);
1719 if (sk->sk_state == BT_CLOSED) {
1721 rfcomm_session_put(s);
1723 rfcomm_session_close(s, sk->sk_err);
1727 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1729 struct socket *sock = s->sock, *nsock;
1732 /* Fast check for a new connection.
1733 * Avoids unnesesary socket allocations. */
1734 if (list_empty(&bt_sk(sock->sk)->accept_q))
1737 BT_DBG("session %p", s);
1739 if (sock_create_lite(PF_BLUETOOTH, sock->type, BTPROTO_L2CAP, &nsock))
1742 nsock->ops = sock->ops;
1744 __module_get(nsock->ops->owner);
1746 err = sock->ops->accept(sock, nsock, O_NONBLOCK);
1748 sock_release(nsock);
1752 /* Set our callbacks */
1753 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1754 nsock->sk->sk_state_change = rfcomm_l2state_change;
1756 s = rfcomm_session_add(nsock, BT_OPEN);
1758 rfcomm_session_hold(s);
1759 rfcomm_schedule(RFCOMM_SCHED_RX);
1761 sock_release(nsock);
1764 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1766 struct sock *sk = s->sock->sk;
1768 BT_DBG("%p state %ld", s, s->state);
1770 switch(sk->sk_state) {
1772 s->state = BT_CONNECT;
1774 /* We can adjust MTU on outgoing sessions.
1775 * L2CAP MTU minus UIH header and FCS. */
1776 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1778 rfcomm_send_sabm(s, 0);
1782 s->state = BT_CLOSED;
1783 rfcomm_session_close(s, sk->sk_err);
1788 static inline void rfcomm_process_sessions(void)
1790 struct list_head *p, *n;
1794 list_for_each_safe(p, n, &session_list) {
1795 struct rfcomm_session *s;
1796 s = list_entry(p, struct rfcomm_session, list);
1798 if (s->state == BT_LISTEN) {
1799 rfcomm_accept_connection(s);
1803 rfcomm_session_hold(s);
1807 rfcomm_check_connection(s);
1811 rfcomm_process_rx(s);
1815 rfcomm_process_dlcs(s);
1817 rfcomm_session_put(s);
1823 static void rfcomm_worker(void)
1827 while (!atomic_read(&terminate)) {
1828 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1829 /* No pending events. Let's sleep.
1830 * Incoming connections and data will wake us up. */
1831 set_current_state(TASK_INTERRUPTIBLE);
1836 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1837 rfcomm_process_sessions();
1839 set_current_state(TASK_RUNNING);
1843 static int rfcomm_add_listener(bdaddr_t *ba)
1845 struct sockaddr_l2 addr;
1846 struct socket *sock;
1848 struct rfcomm_session *s;
1852 err = rfcomm_l2sock_create(&sock);
1854 BT_ERR("Create socket failed %d", err);
1859 bacpy(&addr.l2_bdaddr, ba);
1860 addr.l2_family = AF_BLUETOOTH;
1861 addr.l2_psm = htobs(RFCOMM_PSM);
1862 err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1864 BT_ERR("Bind failed %d", err);
1868 /* Set L2CAP options */
1871 l2cap_pi(sk)->imtu = RFCOMM_MAX_L2CAP_MTU;
1874 /* Start listening on the socket */
1875 err = sock->ops->listen(sock, 10);
1877 BT_ERR("Listen failed %d", err);
1881 /* Add listening session */
1882 s = rfcomm_session_add(sock, BT_LISTEN);
1886 rfcomm_session_hold(s);
1893 static void rfcomm_kill_listener(void)
1895 struct rfcomm_session *s;
1896 struct list_head *p, *n;
1900 list_for_each_safe(p, n, &session_list) {
1901 s = list_entry(p, struct rfcomm_session, list);
1902 rfcomm_session_del(s);
1906 static int rfcomm_run(void *unused)
1908 rfcomm_thread = current;
1910 atomic_inc(&running);
1912 daemonize("krfcommd");
1913 set_user_nice(current, -10);
1914 current->flags |= PF_NOFREEZE;
1918 rfcomm_add_listener(BDADDR_ANY);
1922 rfcomm_kill_listener();
1924 atomic_dec(&running);
1928 static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
1930 struct rfcomm_session *s;
1931 struct rfcomm_dlc *d;
1932 struct list_head *p, *n;
1934 BT_DBG("conn %p status 0x%02x", conn, status);
1936 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1940 rfcomm_session_hold(s);
1942 list_for_each_safe(p, n, &s->dlcs) {
1943 d = list_entry(p, struct rfcomm_dlc, list);
1945 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE))
1948 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1952 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1954 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1957 rfcomm_session_put(s);
1959 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1962 static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1964 struct rfcomm_session *s;
1965 struct rfcomm_dlc *d;
1966 struct list_head *p, *n;
1968 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
1970 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1974 rfcomm_session_hold(s);
1976 list_for_each_safe(p, n, &s->dlcs) {
1977 d = list_entry(p, struct rfcomm_dlc, list);
1979 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1982 if (!status && encrypt)
1983 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1985 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1988 rfcomm_session_put(s);
1990 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1993 static struct hci_cb rfcomm_cb = {
1995 .auth_cfm = rfcomm_auth_cfm,
1996 .encrypt_cfm = rfcomm_encrypt_cfm
1999 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
2001 struct rfcomm_session *s;
2002 struct list_head *pp, *p;
2007 list_for_each(p, &session_list) {
2008 s = list_entry(p, struct rfcomm_session, list);
2009 list_for_each(pp, &s->dlcs) {
2010 struct sock *sk = s->sock->sk;
2011 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
2013 str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2014 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2015 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
2024 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
2026 /* ---- Initialization ---- */
2027 static int __init rfcomm_init(void)
2031 hci_register_cb(&rfcomm_cb);
2033 kernel_thread(rfcomm_run, NULL, CLONE_KERNEL);
2035 class_create_file(&bt_class, &class_attr_rfcomm_dlc);
2037 rfcomm_init_sockets();
2039 #ifdef CONFIG_BT_RFCOMM_TTY
2043 BT_INFO("RFCOMM ver %s", VERSION);
2048 static void __exit rfcomm_exit(void)
2050 class_remove_file(&bt_class, &class_attr_rfcomm_dlc);
2052 hci_unregister_cb(&rfcomm_cb);
2054 /* Terminate working thread.
2055 * ie. Set terminate flag and wake it up */
2056 atomic_inc(&terminate);
2057 rfcomm_schedule(RFCOMM_SCHED_STATE);
2059 /* Wait until thread is running */
2060 while (atomic_read(&running))
2063 #ifdef CONFIG_BT_RFCOMM_TTY
2064 rfcomm_cleanup_ttys();
2067 rfcomm_cleanup_sockets();
2070 module_init(rfcomm_init);
2071 module_exit(rfcomm_exit);
2073 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
2074 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2075 MODULE_VERSION(VERSION);
2076 MODULE_LICENSE("GPL");
2077 MODULE_ALIAS("bt-proto-3");
projects / linux-2.6 / blob