2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
27 * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $
30 #include <linux/module.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/sched.h>
34 #include <linux/signal.h>
35 #include <linux/init.h>
36 #include <linux/freezer.h>
37 #include <linux/wait.h>
38 #include <linux/device.h>
39 #include <linux/net.h>
40 #include <linux/mutex.h>
43 #include <asm/uaccess.h>
44 #include <asm/unaligned.h>
46 #include <net/bluetooth/bluetooth.h>
47 #include <net/bluetooth/hci_core.h>
48 #include <net/bluetooth/l2cap.h>
49 #include <net/bluetooth/rfcomm.h>
51 #ifndef CONFIG_BT_RFCOMM_DEBUG
58 static int disable_cfc = 0;
59 static int channel_mtu = -1;
60 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
62 static struct task_struct *rfcomm_thread;
64 static DEFINE_MUTEX(rfcomm_mutex);
65 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
66 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
68 static unsigned long rfcomm_event;
70 static LIST_HEAD(session_list);
71 static atomic_t terminate, running;
73 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
74 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
75 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
76 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
77 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
78 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
79 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
80 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
81 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
82 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
84 static void rfcomm_process_connect(struct rfcomm_session *s);
86 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
87 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
88 static void rfcomm_session_del(struct rfcomm_session *s);
90 /* ---- RFCOMM frame parsing macros ---- */
91 #define __get_dlci(b) ((b & 0xfc) >> 2)
92 #define __get_channel(b) ((b & 0xf8) >> 3)
93 #define __get_dir(b) ((b & 0x04) >> 2)
94 #define __get_type(b) ((b & 0xef))
96 #define __test_ea(b) ((b & 0x01))
97 #define __test_cr(b) ((b & 0x02))
98 #define __test_pf(b) ((b & 0x10))
100 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
101 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
102 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
103 #define __srv_channel(dlci) (dlci >> 1)
104 #define __dir(dlci) (dlci & 0x01)
106 #define __len8(len) (((len) << 1) | 1)
107 #define __len16(len) ((len) << 1)
110 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
111 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
112 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
115 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
116 #define __get_rpn_data_bits(line) ((line) & 0x3)
117 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
118 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
120 static inline void rfcomm_schedule(uint event)
124 //set_bit(event, &rfcomm_event);
125 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
126 wake_up_process(rfcomm_thread);
129 static inline void rfcomm_session_put(struct rfcomm_session *s)
131 if (atomic_dec_and_test(&s->refcnt))
132 rfcomm_session_del(s);
135 /* ---- RFCOMM FCS computation ---- */
137 /* reversed, 8-bit, poly=0x07 */
138 static unsigned char rfcomm_crc_table[256] = {
139 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
140 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
141 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
142 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
144 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
145 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
146 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
147 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
149 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
150 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
151 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
152 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
154 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
155 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
156 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
157 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
159 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
160 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
161 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
162 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
164 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
165 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
166 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
167 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
169 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
170 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
171 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
172 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
174 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
175 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
176 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
177 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
181 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
184 static inline u8 __fcs(u8 *data)
186 return (0xff - __crc(data));
190 static inline u8 __fcs2(u8 *data)
192 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
196 static inline int __check_fcs(u8 *data, int type, u8 fcs)
200 if (type != RFCOMM_UIH)
201 f = rfcomm_crc_table[f ^ data[2]];
203 return rfcomm_crc_table[f ^ fcs] != 0xcf;
206 /* ---- L2CAP callbacks ---- */
207 static void rfcomm_l2state_change(struct sock *sk)
209 BT_DBG("%p state %d", sk, sk->sk_state);
210 rfcomm_schedule(RFCOMM_SCHED_STATE);
213 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
215 BT_DBG("%p bytes %d", sk, bytes);
216 rfcomm_schedule(RFCOMM_SCHED_RX);
219 static int rfcomm_l2sock_create(struct socket **sock)
225 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
227 struct sock *sk = (*sock)->sk;
228 sk->sk_data_ready = rfcomm_l2data_ready;
229 sk->sk_state_change = rfcomm_l2state_change;
234 /* ---- RFCOMM DLCs ---- */
235 static void rfcomm_dlc_timeout(unsigned long arg)
237 struct rfcomm_dlc *d = (void *) arg;
239 BT_DBG("dlc %p state %ld", d, d->state);
241 set_bit(RFCOMM_TIMED_OUT, &d->flags);
243 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
246 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
248 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
250 if (!mod_timer(&d->timer, jiffies + timeout))
254 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
256 BT_DBG("dlc %p state %ld", d, d->state);
258 if (timer_pending(&d->timer) && del_timer(&d->timer))
262 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
269 d->mtu = RFCOMM_DEFAULT_MTU;
270 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
272 d->cfc = RFCOMM_CFC_DISABLED;
273 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
276 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
278 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
283 init_timer(&d->timer);
284 d->timer.function = rfcomm_dlc_timeout;
285 d->timer.data = (unsigned long) d;
287 skb_queue_head_init(&d->tx_queue);
288 spin_lock_init(&d->lock);
289 atomic_set(&d->refcnt, 1);
291 rfcomm_dlc_clear_state(d);
298 void rfcomm_dlc_free(struct rfcomm_dlc *d)
302 skb_queue_purge(&d->tx_queue);
306 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
308 BT_DBG("dlc %p session %p", d, s);
310 rfcomm_session_hold(s);
313 list_add(&d->list, &s->dlcs);
317 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
319 struct rfcomm_session *s = d->session;
321 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
327 rfcomm_session_put(s);
330 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
332 struct rfcomm_dlc *d;
335 list_for_each(p, &s->dlcs) {
336 d = list_entry(p, struct rfcomm_dlc, list);
343 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
345 struct rfcomm_session *s;
349 BT_DBG("dlc %p state %ld %s %s channel %d",
350 d, d->state, batostr(src), batostr(dst), channel);
352 if (channel < 1 || channel > 30)
355 if (d->state != BT_OPEN && d->state != BT_CLOSED)
358 s = rfcomm_session_get(src, dst);
360 s = rfcomm_session_create(src, dst, &err);
365 dlci = __dlci(!s->initiator, channel);
367 /* Check if DLCI already exists */
368 if (rfcomm_dlc_get(s, dlci))
371 rfcomm_dlc_clear_state(d);
374 d->addr = __addr(s->initiator, dlci);
377 d->state = BT_CONFIG;
378 rfcomm_dlc_link(s, d);
381 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
383 if (s->state == BT_CONNECTED)
384 rfcomm_send_pn(s, 1, d);
385 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
389 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
395 r = __rfcomm_dlc_open(d, src, dst, channel);
401 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
403 struct rfcomm_session *s = d->session;
407 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
408 d, d->state, d->dlci, err, s);
414 d->state = BT_DISCONN;
415 if (skb_queue_empty(&d->tx_queue)) {
416 rfcomm_send_disc(s, d->dlci);
417 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
419 rfcomm_queue_disc(d);
420 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
425 rfcomm_dlc_clear_timer(d);
428 d->state = BT_CLOSED;
429 d->state_change(d, err);
430 rfcomm_dlc_unlock(d);
432 skb_queue_purge(&d->tx_queue);
433 rfcomm_dlc_unlink(d);
439 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
445 r = __rfcomm_dlc_close(d, err);
451 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
455 if (d->state != BT_CONNECTED)
458 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
463 rfcomm_make_uih(skb, d->addr);
464 skb_queue_tail(&d->tx_queue, skb);
466 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
467 rfcomm_schedule(RFCOMM_SCHED_TX);
471 void fastcall __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
473 BT_DBG("dlc %p state %ld", d, d->state);
476 d->v24_sig |= RFCOMM_V24_FC;
477 set_bit(RFCOMM_MSC_PENDING, &d->flags);
479 rfcomm_schedule(RFCOMM_SCHED_TX);
482 void fastcall __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
484 BT_DBG("dlc %p state %ld", d, d->state);
487 d->v24_sig &= ~RFCOMM_V24_FC;
488 set_bit(RFCOMM_MSC_PENDING, &d->flags);
490 rfcomm_schedule(RFCOMM_SCHED_TX);
494 Set/get modem status functions use _local_ status i.e. what we report
496 Remote status is provided by dlc->modem_status() callback.
498 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
500 BT_DBG("dlc %p state %ld v24_sig 0x%x",
501 d, d->state, v24_sig);
503 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
504 v24_sig |= RFCOMM_V24_FC;
506 v24_sig &= ~RFCOMM_V24_FC;
508 d->v24_sig = v24_sig;
510 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
511 rfcomm_schedule(RFCOMM_SCHED_TX);
516 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
518 BT_DBG("dlc %p state %ld v24_sig 0x%x",
519 d, d->state, d->v24_sig);
521 *v24_sig = d->v24_sig;
525 /* ---- RFCOMM sessions ---- */
526 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
528 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
533 BT_DBG("session %p sock %p", s, sock);
535 INIT_LIST_HEAD(&s->dlcs);
539 s->mtu = RFCOMM_DEFAULT_MTU;
540 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
542 /* Do not increment module usage count for listening sessions.
543 * Otherwise we won't be able to unload the module. */
544 if (state != BT_LISTEN)
545 if (!try_module_get(THIS_MODULE)) {
550 list_add(&s->list, &session_list);
555 static void rfcomm_session_del(struct rfcomm_session *s)
557 int state = s->state;
559 BT_DBG("session %p state %ld", s, s->state);
563 if (state == BT_CONNECTED)
564 rfcomm_send_disc(s, 0);
566 sock_release(s->sock);
569 if (state != BT_LISTEN)
570 module_put(THIS_MODULE);
573 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
575 struct rfcomm_session *s;
576 struct list_head *p, *n;
578 list_for_each_safe(p, n, &session_list) {
579 s = list_entry(p, struct rfcomm_session, list);
580 sk = bt_sk(s->sock->sk);
582 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
583 !bacmp(&sk->dst, dst))
589 static void rfcomm_session_close(struct rfcomm_session *s, int err)
591 struct rfcomm_dlc *d;
592 struct list_head *p, *n;
594 BT_DBG("session %p state %ld err %d", s, s->state, err);
596 rfcomm_session_hold(s);
598 s->state = BT_CLOSED;
601 list_for_each_safe(p, n, &s->dlcs) {
602 d = list_entry(p, struct rfcomm_dlc, list);
603 d->state = BT_CLOSED;
604 __rfcomm_dlc_close(d, err);
607 rfcomm_session_put(s);
610 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
612 struct rfcomm_session *s = NULL;
613 struct sockaddr_l2 addr;
617 BT_DBG("%s %s", batostr(src), batostr(dst));
619 *err = rfcomm_l2sock_create(&sock);
623 bacpy(&addr.l2_bdaddr, src);
624 addr.l2_family = AF_BLUETOOTH;
626 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
630 /* Set L2CAP options */
633 l2cap_pi(sk)->imtu = l2cap_mtu;
636 s = rfcomm_session_add(sock, BT_BOUND);
644 bacpy(&addr.l2_bdaddr, dst);
645 addr.l2_family = AF_BLUETOOTH;
646 addr.l2_psm = htobs(RFCOMM_PSM);
647 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
648 if (*err == 0 || *err == -EINPROGRESS)
651 rfcomm_session_del(s);
659 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
661 struct sock *sk = s->sock->sk;
663 bacpy(src, &bt_sk(sk)->src);
665 bacpy(dst, &bt_sk(sk)->dst);
668 /* ---- RFCOMM frame sending ---- */
669 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
671 struct socket *sock = s->sock;
672 struct kvec iv = { data, len };
675 BT_DBG("session %p len %d", s, len);
677 memset(&msg, 0, sizeof(msg));
679 return kernel_sendmsg(sock, &msg, &iv, 1, len);
682 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
684 struct rfcomm_cmd cmd;
686 BT_DBG("%p dlci %d", s, dlci);
688 cmd.addr = __addr(s->initiator, dlci);
689 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
691 cmd.fcs = __fcs2((u8 *) &cmd);
693 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
696 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
698 struct rfcomm_cmd cmd;
700 BT_DBG("%p dlci %d", s, dlci);
702 cmd.addr = __addr(!s->initiator, dlci);
703 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
705 cmd.fcs = __fcs2((u8 *) &cmd);
707 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
710 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
712 struct rfcomm_cmd cmd;
714 BT_DBG("%p dlci %d", s, dlci);
716 cmd.addr = __addr(s->initiator, dlci);
717 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
719 cmd.fcs = __fcs2((u8 *) &cmd);
721 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
724 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
726 struct rfcomm_cmd *cmd;
729 BT_DBG("dlc %p dlci %d", d, d->dlci);
731 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
735 cmd = (void *) __skb_put(skb, sizeof(*cmd));
737 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
738 cmd->len = __len8(0);
739 cmd->fcs = __fcs2((u8 *) cmd);
741 skb_queue_tail(&d->tx_queue, skb);
742 rfcomm_schedule(RFCOMM_SCHED_TX);
746 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
748 struct rfcomm_cmd cmd;
750 BT_DBG("%p dlci %d", s, dlci);
752 cmd.addr = __addr(!s->initiator, dlci);
753 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
755 cmd.fcs = __fcs2((u8 *) &cmd);
757 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
760 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
762 struct rfcomm_hdr *hdr;
763 struct rfcomm_mcc *mcc;
764 u8 buf[16], *ptr = buf;
766 BT_DBG("%p cr %d type %d", s, cr, type);
768 hdr = (void *) ptr; ptr += sizeof(*hdr);
769 hdr->addr = __addr(s->initiator, 0);
770 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
771 hdr->len = __len8(sizeof(*mcc) + 1);
773 mcc = (void *) ptr; ptr += sizeof(*mcc);
774 mcc->type = __mcc_type(cr, RFCOMM_NSC);
775 mcc->len = __len8(1);
777 /* Type that we didn't like */
778 *ptr = __mcc_type(cr, type); ptr++;
780 *ptr = __fcs(buf); ptr++;
782 return rfcomm_send_frame(s, buf, ptr - buf);
785 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
787 struct rfcomm_hdr *hdr;
788 struct rfcomm_mcc *mcc;
789 struct rfcomm_pn *pn;
790 u8 buf[16], *ptr = buf;
792 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
794 hdr = (void *) ptr; ptr += sizeof(*hdr);
795 hdr->addr = __addr(s->initiator, 0);
796 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
797 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
799 mcc = (void *) ptr; ptr += sizeof(*mcc);
800 mcc->type = __mcc_type(cr, RFCOMM_PN);
801 mcc->len = __len8(sizeof(*pn));
803 pn = (void *) ptr; ptr += sizeof(*pn);
805 pn->priority = d->priority;
810 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
811 pn->credits = RFCOMM_DEFAULT_CREDITS;
817 if (cr && channel_mtu >= 0)
818 pn->mtu = htobs(channel_mtu);
820 pn->mtu = htobs(d->mtu);
822 *ptr = __fcs(buf); ptr++;
824 return rfcomm_send_frame(s, buf, ptr - buf);
827 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
828 u8 bit_rate, u8 data_bits, u8 stop_bits,
829 u8 parity, u8 flow_ctrl_settings,
830 u8 xon_char, u8 xoff_char, u16 param_mask)
832 struct rfcomm_hdr *hdr;
833 struct rfcomm_mcc *mcc;
834 struct rfcomm_rpn *rpn;
835 u8 buf[16], *ptr = buf;
837 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
838 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
839 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
840 flow_ctrl_settings, xon_char, xoff_char, param_mask);
842 hdr = (void *) ptr; ptr += sizeof(*hdr);
843 hdr->addr = __addr(s->initiator, 0);
844 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
845 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
847 mcc = (void *) ptr; ptr += sizeof(*mcc);
848 mcc->type = __mcc_type(cr, RFCOMM_RPN);
849 mcc->len = __len8(sizeof(*rpn));
851 rpn = (void *) ptr; ptr += sizeof(*rpn);
852 rpn->dlci = __addr(1, dlci);
853 rpn->bit_rate = bit_rate;
854 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
855 rpn->flow_ctrl = flow_ctrl_settings;
856 rpn->xon_char = xon_char;
857 rpn->xoff_char = xoff_char;
858 rpn->param_mask = cpu_to_le16(param_mask);
860 *ptr = __fcs(buf); ptr++;
862 return rfcomm_send_frame(s, buf, ptr - buf);
865 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
867 struct rfcomm_hdr *hdr;
868 struct rfcomm_mcc *mcc;
869 struct rfcomm_rls *rls;
870 u8 buf[16], *ptr = buf;
872 BT_DBG("%p cr %d status 0x%x", s, cr, status);
874 hdr = (void *) ptr; ptr += sizeof(*hdr);
875 hdr->addr = __addr(s->initiator, 0);
876 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
877 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
879 mcc = (void *) ptr; ptr += sizeof(*mcc);
880 mcc->type = __mcc_type(cr, RFCOMM_RLS);
881 mcc->len = __len8(sizeof(*rls));
883 rls = (void *) ptr; ptr += sizeof(*rls);
884 rls->dlci = __addr(1, dlci);
885 rls->status = status;
887 *ptr = __fcs(buf); ptr++;
889 return rfcomm_send_frame(s, buf, ptr - buf);
892 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
894 struct rfcomm_hdr *hdr;
895 struct rfcomm_mcc *mcc;
896 struct rfcomm_msc *msc;
897 u8 buf[16], *ptr = buf;
899 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
901 hdr = (void *) ptr; ptr += sizeof(*hdr);
902 hdr->addr = __addr(s->initiator, 0);
903 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
904 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
906 mcc = (void *) ptr; ptr += sizeof(*mcc);
907 mcc->type = __mcc_type(cr, RFCOMM_MSC);
908 mcc->len = __len8(sizeof(*msc));
910 msc = (void *) ptr; ptr += sizeof(*msc);
911 msc->dlci = __addr(1, dlci);
912 msc->v24_sig = v24_sig | 0x01;
914 *ptr = __fcs(buf); ptr++;
916 return rfcomm_send_frame(s, buf, ptr - buf);
919 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
921 struct rfcomm_hdr *hdr;
922 struct rfcomm_mcc *mcc;
923 u8 buf[16], *ptr = buf;
925 BT_DBG("%p cr %d", s, cr);
927 hdr = (void *) ptr; ptr += sizeof(*hdr);
928 hdr->addr = __addr(s->initiator, 0);
929 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
930 hdr->len = __len8(sizeof(*mcc));
932 mcc = (void *) ptr; ptr += sizeof(*mcc);
933 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
934 mcc->len = __len8(0);
936 *ptr = __fcs(buf); ptr++;
938 return rfcomm_send_frame(s, buf, ptr - buf);
941 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
943 struct rfcomm_hdr *hdr;
944 struct rfcomm_mcc *mcc;
945 u8 buf[16], *ptr = buf;
947 BT_DBG("%p cr %d", s, cr);
949 hdr = (void *) ptr; ptr += sizeof(*hdr);
950 hdr->addr = __addr(s->initiator, 0);
951 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
952 hdr->len = __len8(sizeof(*mcc));
954 mcc = (void *) ptr; ptr += sizeof(*mcc);
955 mcc->type = __mcc_type(cr, RFCOMM_FCON);
956 mcc->len = __len8(0);
958 *ptr = __fcs(buf); ptr++;
960 return rfcomm_send_frame(s, buf, ptr - buf);
963 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
965 struct socket *sock = s->sock;
968 unsigned char hdr[5], crc[1];
973 BT_DBG("%p cr %d", s, cr);
975 hdr[0] = __addr(s->initiator, 0);
976 hdr[1] = __ctrl(RFCOMM_UIH, 0);
977 hdr[2] = 0x01 | ((len + 2) << 1);
978 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
979 hdr[4] = 0x01 | (len << 1);
983 iv[0].iov_base = hdr;
985 iv[1].iov_base = pattern;
987 iv[2].iov_base = crc;
990 memset(&msg, 0, sizeof(msg));
992 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
995 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
997 struct rfcomm_hdr *hdr;
998 u8 buf[16], *ptr = buf;
1000 BT_DBG("%p addr %d credits %d", s, addr, credits);
1002 hdr = (void *) ptr; ptr += sizeof(*hdr);
1004 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1005 hdr->len = __len8(0);
1007 *ptr = credits; ptr++;
1009 *ptr = __fcs(buf); ptr++;
1011 return rfcomm_send_frame(s, buf, ptr - buf);
1014 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1016 struct rfcomm_hdr *hdr;
1021 hdr = (void *) skb_push(skb, 4);
1022 put_unaligned(htobs(__len16(len)), (__le16 *) &hdr->len);
1024 hdr = (void *) skb_push(skb, 3);
1025 hdr->len = __len8(len);
1028 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1030 crc = skb_put(skb, 1);
1031 *crc = __fcs((void *) hdr);
1034 /* ---- RFCOMM frame reception ---- */
1035 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1037 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1041 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1043 rfcomm_send_dm(s, dlci);
1049 rfcomm_dlc_clear_timer(d);
1052 d->state = BT_CONNECTED;
1053 d->state_change(d, 0);
1054 rfcomm_dlc_unlock(d);
1056 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1060 d->state = BT_CLOSED;
1061 __rfcomm_dlc_close(d, 0);
1063 if (list_empty(&s->dlcs)) {
1064 s->state = BT_DISCONN;
1065 rfcomm_send_disc(s, 0);
1071 /* Control channel */
1074 s->state = BT_CONNECTED;
1075 rfcomm_process_connect(s);
1079 rfcomm_session_put(s);
1086 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1090 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1094 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1096 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1101 d->state = BT_CLOSED;
1102 __rfcomm_dlc_close(d, err);
1105 if (s->state == BT_CONNECT)
1110 s->state = BT_CLOSED;
1111 rfcomm_session_close(s, err);
1116 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1120 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1123 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1125 rfcomm_send_ua(s, dlci);
1127 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1132 d->state = BT_CLOSED;
1133 __rfcomm_dlc_close(d, err);
1135 rfcomm_send_dm(s, dlci);
1138 rfcomm_send_ua(s, 0);
1140 if (s->state == BT_CONNECT)
1145 s->state = BT_CLOSED;
1146 rfcomm_session_close(s, err);
1152 static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
1154 struct sock *sk = d->session->sock->sk;
1156 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
1157 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
1159 } else if (d->link_mode & RFCOMM_LM_AUTH) {
1160 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
1167 static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1169 struct sock *sk = d->session->sock->sk;
1171 BT_DBG("dlc %p", d);
1173 rfcomm_send_ua(d->session, d->dlci);
1176 d->state = BT_CONNECTED;
1177 d->state_change(d, 0);
1178 rfcomm_dlc_unlock(d);
1180 if (d->link_mode & RFCOMM_LM_MASTER)
1181 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);
1183 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1186 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1188 struct rfcomm_dlc *d;
1191 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1194 rfcomm_send_ua(s, 0);
1196 if (s->state == BT_OPEN) {
1197 s->state = BT_CONNECTED;
1198 rfcomm_process_connect(s);
1203 /* Check if DLC exists */
1204 d = rfcomm_dlc_get(s, dlci);
1206 if (d->state == BT_OPEN) {
1207 /* DLC was previously opened by PN request */
1208 if (rfcomm_check_link_mode(d)) {
1209 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1210 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1214 rfcomm_dlc_accept(d);
1219 /* Notify socket layer about incoming connection */
1220 channel = __srv_channel(dlci);
1221 if (rfcomm_connect_ind(s, channel, &d)) {
1223 d->addr = __addr(s->initiator, dlci);
1224 rfcomm_dlc_link(s, d);
1226 if (rfcomm_check_link_mode(d)) {
1227 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1228 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1232 rfcomm_dlc_accept(d);
1234 rfcomm_send_dm(s, dlci);
1240 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1242 struct rfcomm_session *s = d->session;
1244 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1245 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1247 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1248 pn->flow_ctrl == 0xe0) {
1249 d->cfc = RFCOMM_CFC_ENABLED;
1250 d->tx_credits = pn->credits;
1252 d->cfc = RFCOMM_CFC_DISABLED;
1253 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1256 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1259 d->priority = pn->priority;
1261 d->mtu = btohs(pn->mtu);
1263 if (cr && d->mtu > s->mtu)
1269 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1271 struct rfcomm_pn *pn = (void *) skb->data;
1272 struct rfcomm_dlc *d;
1275 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1280 d = rfcomm_dlc_get(s, dlci);
1284 rfcomm_apply_pn(d, cr, pn);
1285 rfcomm_send_pn(s, 0, d);
1290 rfcomm_apply_pn(d, cr, pn);
1292 d->state = BT_CONNECT;
1293 rfcomm_send_sabm(s, d->dlci);
1298 u8 channel = __srv_channel(dlci);
1303 /* PN request for non existing DLC.
1304 * Assume incoming connection. */
1305 if (rfcomm_connect_ind(s, channel, &d)) {
1307 d->addr = __addr(s->initiator, dlci);
1308 rfcomm_dlc_link(s, d);
1310 rfcomm_apply_pn(d, cr, pn);
1313 rfcomm_send_pn(s, 0, d);
1315 rfcomm_send_dm(s, dlci);
1321 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1323 struct rfcomm_rpn *rpn = (void *) skb->data;
1324 u8 dlci = __get_dlci(rpn->dlci);
1333 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1335 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1336 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1337 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1343 /* This is a request, return default settings */
1344 bit_rate = RFCOMM_RPN_BR_115200;
1345 data_bits = RFCOMM_RPN_DATA_8;
1346 stop_bits = RFCOMM_RPN_STOP_1;
1347 parity = RFCOMM_RPN_PARITY_NONE;
1348 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1349 xon_char = RFCOMM_RPN_XON_CHAR;
1350 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1354 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1355 * no parity, no flow control lines, normal XON/XOFF chars */
1357 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1358 bit_rate = rpn->bit_rate;
1359 if (bit_rate != RFCOMM_RPN_BR_115200) {
1360 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1361 bit_rate = RFCOMM_RPN_BR_115200;
1362 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1366 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1367 data_bits = __get_rpn_data_bits(rpn->line_settings);
1368 if (data_bits != RFCOMM_RPN_DATA_8) {
1369 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1370 data_bits = RFCOMM_RPN_DATA_8;
1371 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1375 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1376 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1377 if (stop_bits != RFCOMM_RPN_STOP_1) {
1378 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1379 stop_bits = RFCOMM_RPN_STOP_1;
1380 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1384 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1385 parity = __get_rpn_parity(rpn->line_settings);
1386 if (parity != RFCOMM_RPN_PARITY_NONE) {
1387 BT_DBG("RPN parity mismatch 0x%x", parity);
1388 parity = RFCOMM_RPN_PARITY_NONE;
1389 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1393 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1394 flow_ctrl = rpn->flow_ctrl;
1395 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1396 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1397 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1398 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1402 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1403 xon_char = rpn->xon_char;
1404 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1405 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1406 xon_char = RFCOMM_RPN_XON_CHAR;
1407 rpn_mask ^= RFCOMM_RPN_PM_XON;
1411 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1412 xoff_char = rpn->xoff_char;
1413 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1414 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1415 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1416 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1421 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1422 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1427 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1429 struct rfcomm_rls *rls = (void *) skb->data;
1430 u8 dlci = __get_dlci(rls->dlci);
1432 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1437 /* We should probably do something with this information here. But
1438 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1439 * mandatory to recognise and respond to RLS */
1441 rfcomm_send_rls(s, 0, dlci, rls->status);
1446 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1448 struct rfcomm_msc *msc = (void *) skb->data;
1449 struct rfcomm_dlc *d;
1450 u8 dlci = __get_dlci(msc->dlci);
1452 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1454 d = rfcomm_dlc_get(s, dlci);
1459 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1460 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1462 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1465 if (d->modem_status)
1466 d->modem_status(d, msc->v24_sig);
1467 rfcomm_dlc_unlock(d);
1469 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1471 d->mscex |= RFCOMM_MSCEX_RX;
1473 d->mscex |= RFCOMM_MSCEX_TX;
1478 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1480 struct rfcomm_mcc *mcc = (void *) skb->data;
1483 cr = __test_cr(mcc->type);
1484 type = __get_mcc_type(mcc->type);
1485 len = __get_mcc_len(mcc->len);
1487 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1493 rfcomm_recv_pn(s, cr, skb);
1497 rfcomm_recv_rpn(s, cr, len, skb);
1501 rfcomm_recv_rls(s, cr, skb);
1505 rfcomm_recv_msc(s, cr, skb);
1510 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1511 rfcomm_send_fcoff(s, 0);
1517 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1518 rfcomm_send_fcon(s, 0);
1524 rfcomm_send_test(s, 0, skb->data, skb->len);
1531 BT_ERR("Unknown control type 0x%02x", type);
1532 rfcomm_send_nsc(s, cr, type);
1538 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1540 struct rfcomm_dlc *d;
1542 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1544 d = rfcomm_dlc_get(s, dlci);
1546 rfcomm_send_dm(s, dlci);
1551 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1553 d->tx_credits += credits;
1555 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1558 if (skb->len && d->state == BT_CONNECTED) {
1561 d->data_ready(d, skb);
1562 rfcomm_dlc_unlock(d);
1571 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1573 struct rfcomm_hdr *hdr = (void *) skb->data;
1576 dlci = __get_dlci(hdr->addr);
1577 type = __get_type(hdr->ctrl);
1580 skb->len--; skb->tail--;
1581 fcs = *(u8 *)skb_tail_pointer(skb);
1583 if (__check_fcs(skb->data, type, fcs)) {
1584 BT_ERR("bad checksum in packet");
1589 if (__test_ea(hdr->len))
1596 if (__test_pf(hdr->ctrl))
1597 rfcomm_recv_sabm(s, dlci);
1601 if (__test_pf(hdr->ctrl))
1602 rfcomm_recv_disc(s, dlci);
1606 if (__test_pf(hdr->ctrl))
1607 rfcomm_recv_ua(s, dlci);
1611 rfcomm_recv_dm(s, dlci);
1616 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1618 rfcomm_recv_mcc(s, skb);
1622 BT_ERR("Unknown packet type 0x%02x\n", type);
1629 /* ---- Connection and data processing ---- */
1631 static void rfcomm_process_connect(struct rfcomm_session *s)
1633 struct rfcomm_dlc *d;
1634 struct list_head *p, *n;
1636 BT_DBG("session %p state %ld", s, s->state);
1638 list_for_each_safe(p, n, &s->dlcs) {
1639 d = list_entry(p, struct rfcomm_dlc, list);
1640 if (d->state == BT_CONFIG) {
1642 rfcomm_send_pn(s, 1, d);
1647 /* Send data queued for the DLC.
1648 * Return number of frames left in the queue.
1650 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1652 struct sk_buff *skb;
1655 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1656 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1658 /* Send pending MSC */
1659 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1660 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1664 * Give them some credits */
1665 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1666 d->rx_credits <= (d->cfc >> 2)) {
1667 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1668 d->rx_credits = d->cfc;
1672 * Give ourselves some credits */
1676 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1677 return skb_queue_len(&d->tx_queue);
1679 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1680 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1682 skb_queue_head(&d->tx_queue, skb);
1689 if (d->cfc && !d->tx_credits) {
1690 /* We're out of TX credits.
1691 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1692 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1695 return skb_queue_len(&d->tx_queue);
1698 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1700 struct rfcomm_dlc *d;
1701 struct list_head *p, *n;
1703 BT_DBG("session %p state %ld", s, s->state);
1705 list_for_each_safe(p, n, &s->dlcs) {
1706 d = list_entry(p, struct rfcomm_dlc, list);
1708 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1709 __rfcomm_dlc_close(d, ETIMEDOUT);
1713 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1714 rfcomm_dlc_clear_timer(d);
1715 rfcomm_dlc_accept(d);
1716 if (d->link_mode & RFCOMM_LM_SECURE) {
1717 struct sock *sk = s->sock->sk;
1718 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
1721 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1722 rfcomm_dlc_clear_timer(d);
1723 rfcomm_send_dm(s, d->dlci);
1724 __rfcomm_dlc_close(d, ECONNREFUSED);
1728 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1731 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1732 d->mscex == RFCOMM_MSCEX_OK)
1733 rfcomm_process_tx(d);
1737 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1739 struct socket *sock = s->sock;
1740 struct sock *sk = sock->sk;
1741 struct sk_buff *skb;
1743 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1745 /* Get data directly from socket receive queue without copying it. */
1746 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1748 rfcomm_recv_frame(s, skb);
1751 if (sk->sk_state == BT_CLOSED) {
1753 rfcomm_session_put(s);
1755 rfcomm_session_close(s, sk->sk_err);
1759 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1761 struct socket *sock = s->sock, *nsock;
1764 /* Fast check for a new connection.
1765 * Avoids unnesesary socket allocations. */
1766 if (list_empty(&bt_sk(sock->sk)->accept_q))
1769 BT_DBG("session %p", s);
1771 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1775 __module_get(nsock->ops->owner);
1777 /* Set our callbacks */
1778 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1779 nsock->sk->sk_state_change = rfcomm_l2state_change;
1781 s = rfcomm_session_add(nsock, BT_OPEN);
1783 rfcomm_session_hold(s);
1785 /* We should adjust MTU on incoming sessions.
1786 * L2CAP MTU minus UIH header and FCS. */
1787 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5;
1789 rfcomm_schedule(RFCOMM_SCHED_RX);
1791 sock_release(nsock);
1794 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1796 struct sock *sk = s->sock->sk;
1798 BT_DBG("%p state %ld", s, s->state);
1800 switch(sk->sk_state) {
1802 s->state = BT_CONNECT;
1804 /* We can adjust MTU on outgoing sessions.
1805 * L2CAP MTU minus UIH header and FCS. */
1806 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1808 rfcomm_send_sabm(s, 0);
1812 s->state = BT_CLOSED;
1813 rfcomm_session_close(s, sk->sk_err);
1818 static inline void rfcomm_process_sessions(void)
1820 struct list_head *p, *n;
1824 list_for_each_safe(p, n, &session_list) {
1825 struct rfcomm_session *s;
1826 s = list_entry(p, struct rfcomm_session, list);
1828 if (s->state == BT_LISTEN) {
1829 rfcomm_accept_connection(s);
1833 rfcomm_session_hold(s);
1837 rfcomm_check_connection(s);
1841 rfcomm_process_rx(s);
1845 rfcomm_process_dlcs(s);
1847 rfcomm_session_put(s);
1853 static void rfcomm_worker(void)
1857 while (!atomic_read(&terminate)) {
1858 set_current_state(TASK_INTERRUPTIBLE);
1859 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1860 /* No pending events. Let's sleep.
1861 * Incoming connections and data will wake us up. */
1864 set_current_state(TASK_RUNNING);
1867 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1868 rfcomm_process_sessions();
1873 static int rfcomm_add_listener(bdaddr_t *ba)
1875 struct sockaddr_l2 addr;
1876 struct socket *sock;
1878 struct rfcomm_session *s;
1882 err = rfcomm_l2sock_create(&sock);
1884 BT_ERR("Create socket failed %d", err);
1889 bacpy(&addr.l2_bdaddr, ba);
1890 addr.l2_family = AF_BLUETOOTH;
1891 addr.l2_psm = htobs(RFCOMM_PSM);
1892 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1894 BT_ERR("Bind failed %d", err);
1898 /* Set L2CAP options */
1901 l2cap_pi(sk)->imtu = l2cap_mtu;
1904 /* Start listening on the socket */
1905 err = kernel_listen(sock, 10);
1907 BT_ERR("Listen failed %d", err);
1911 /* Add listening session */
1912 s = rfcomm_session_add(sock, BT_LISTEN);
1916 rfcomm_session_hold(s);
1923 static void rfcomm_kill_listener(void)
1925 struct rfcomm_session *s;
1926 struct list_head *p, *n;
1930 list_for_each_safe(p, n, &session_list) {
1931 s = list_entry(p, struct rfcomm_session, list);
1932 rfcomm_session_del(s);
1936 static int rfcomm_run(void *unused)
1938 rfcomm_thread = current;
1940 atomic_inc(&running);
1942 daemonize("krfcommd");
1943 set_user_nice(current, -10);
1947 rfcomm_add_listener(BDADDR_ANY);
1951 rfcomm_kill_listener();
1953 atomic_dec(&running);
1957 static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
1959 struct rfcomm_session *s;
1960 struct rfcomm_dlc *d;
1961 struct list_head *p, *n;
1963 BT_DBG("conn %p status 0x%02x", conn, status);
1965 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1969 rfcomm_session_hold(s);
1971 list_for_each_safe(p, n, &s->dlcs) {
1972 d = list_entry(p, struct rfcomm_dlc, list);
1974 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE))
1977 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1981 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1983 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1986 rfcomm_session_put(s);
1988 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1991 static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1993 struct rfcomm_session *s;
1994 struct rfcomm_dlc *d;
1995 struct list_head *p, *n;
1997 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
1999 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2003 rfcomm_session_hold(s);
2005 list_for_each_safe(p, n, &s->dlcs) {
2006 d = list_entry(p, struct rfcomm_dlc, list);
2008 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2011 if (!status && encrypt)
2012 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2014 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2017 rfcomm_session_put(s);
2019 rfcomm_schedule(RFCOMM_SCHED_AUTH);
2022 static struct hci_cb rfcomm_cb = {
2024 .auth_cfm = rfcomm_auth_cfm,
2025 .encrypt_cfm = rfcomm_encrypt_cfm
2028 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
2030 struct rfcomm_session *s;
2031 struct list_head *pp, *p;
2036 list_for_each(p, &session_list) {
2037 s = list_entry(p, struct rfcomm_session, list);
2038 list_for_each(pp, &s->dlcs) {
2039 struct sock *sk = s->sock->sk;
2040 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
2042 str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2043 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2044 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
2053 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
2055 /* ---- Initialization ---- */
2056 static int __init rfcomm_init(void)
2060 hci_register_cb(&rfcomm_cb);
2062 kernel_thread(rfcomm_run, NULL, CLONE_KERNEL);
2064 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0)
2065 BT_ERR("Failed to create RFCOMM info file");
2067 rfcomm_init_sockets();
2069 #ifdef CONFIG_BT_RFCOMM_TTY
2073 BT_INFO("RFCOMM ver %s", VERSION);
2078 static void __exit rfcomm_exit(void)
2080 class_remove_file(bt_class, &class_attr_rfcomm_dlc);
2082 hci_unregister_cb(&rfcomm_cb);
2084 /* Terminate working thread.
2085 * ie. Set terminate flag and wake it up */
2086 atomic_inc(&terminate);
2087 rfcomm_schedule(RFCOMM_SCHED_STATE);
2089 /* Wait until thread is running */
2090 while (atomic_read(&running))
2093 #ifdef CONFIG_BT_RFCOMM_TTY
2094 rfcomm_cleanup_ttys();
2097 rfcomm_cleanup_sockets();
2100 module_init(rfcomm_init);
2101 module_exit(rfcomm_exit);
2103 module_param(disable_cfc, bool, 0644);
2104 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2106 module_param(channel_mtu, int, 0644);
2107 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2109 module_param(l2cap_mtu, uint, 0644);
2110 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2112 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
2113 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2114 MODULE_VERSION(VERSION);
2115 MODULE_LICENSE("GPL");
2116 MODULE_ALIAS("bt-proto-3");
projects / linux-2.6 / blob