2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/kernel.h>
31 #include <linux/sched.h>
32 #include <linux/signal.h>
33 #include <linux/init.h>
34 #include <linux/wait.h>
35 #include <linux/device.h>
36 #include <linux/net.h>
37 #include <linux/mutex.h>
38 #include <linux/kthread.h>
41 #include <asm/uaccess.h>
42 #include <asm/unaligned.h>
44 #include <net/bluetooth/bluetooth.h>
45 #include <net/bluetooth/hci_core.h>
46 #include <net/bluetooth/l2cap.h>
47 #include <net/bluetooth/rfcomm.h>
49 #define VERSION "1.11"
51 static int disable_cfc = 0;
52 static int channel_mtu = -1;
53 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
55 static struct task_struct *rfcomm_thread;
57 static DEFINE_MUTEX(rfcomm_mutex);
58 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
59 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
61 static unsigned long rfcomm_event;
63 static LIST_HEAD(session_list);
65 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
66 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
67 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
68 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
69 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
70 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
71 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
72 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
73 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
74 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
76 static void rfcomm_process_connect(struct rfcomm_session *s);
78 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
79 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
80 static void rfcomm_session_del(struct rfcomm_session *s);
82 /* ---- RFCOMM frame parsing macros ---- */
83 #define __get_dlci(b) ((b & 0xfc) >> 2)
84 #define __get_channel(b) ((b & 0xf8) >> 3)
85 #define __get_dir(b) ((b & 0x04) >> 2)
86 #define __get_type(b) ((b & 0xef))
88 #define __test_ea(b) ((b & 0x01))
89 #define __test_cr(b) ((b & 0x02))
90 #define __test_pf(b) ((b & 0x10))
92 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
93 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
94 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
95 #define __srv_channel(dlci) (dlci >> 1)
96 #define __dir(dlci) (dlci & 0x01)
98 #define __len8(len) (((len) << 1) | 1)
99 #define __len16(len) ((len) << 1)
102 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
103 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
104 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
107 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
108 #define __get_rpn_data_bits(line) ((line) & 0x3)
109 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
110 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
112 static inline void rfcomm_schedule(uint event)
116 //set_bit(event, &rfcomm_event);
117 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
118 wake_up_process(rfcomm_thread);
121 static inline void rfcomm_session_put(struct rfcomm_session *s)
123 if (atomic_dec_and_test(&s->refcnt))
124 rfcomm_session_del(s);
127 /* ---- RFCOMM FCS computation ---- */
129 /* reversed, 8-bit, poly=0x07 */
130 static unsigned char rfcomm_crc_table[256] = {
131 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
132 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
133 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
134 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
136 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
137 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
138 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
139 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
141 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
142 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
143 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
144 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
146 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
147 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
148 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
149 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
151 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
152 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
153 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
154 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
156 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
157 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
158 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
159 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
161 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
162 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
163 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
164 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
166 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
167 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
168 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
169 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
173 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
176 static inline u8 __fcs(u8 *data)
178 return (0xff - __crc(data));
182 static inline u8 __fcs2(u8 *data)
184 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
188 static inline int __check_fcs(u8 *data, int type, u8 fcs)
192 if (type != RFCOMM_UIH)
193 f = rfcomm_crc_table[f ^ data[2]];
195 return rfcomm_crc_table[f ^ fcs] != 0xcf;
198 /* ---- L2CAP callbacks ---- */
199 static void rfcomm_l2state_change(struct sock *sk)
201 BT_DBG("%p state %d", sk, sk->sk_state);
202 rfcomm_schedule(RFCOMM_SCHED_STATE);
205 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
207 BT_DBG("%p bytes %d", sk, bytes);
208 rfcomm_schedule(RFCOMM_SCHED_RX);
211 static int rfcomm_l2sock_create(struct socket **sock)
217 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
219 struct sock *sk = (*sock)->sk;
220 sk->sk_data_ready = rfcomm_l2data_ready;
221 sk->sk_state_change = rfcomm_l2state_change;
226 static inline int rfcomm_check_security(struct rfcomm_dlc *d)
228 struct sock *sk = d->session->sock->sk;
231 switch (d->sec_level) {
232 case BT_SECURITY_HIGH:
233 auth_type = HCI_AT_GENERAL_BONDING_MITM;
235 case BT_SECURITY_MEDIUM:
236 auth_type = HCI_AT_GENERAL_BONDING;
239 auth_type = HCI_AT_NO_BONDING;
243 return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level,
247 /* ---- RFCOMM DLCs ---- */
248 static void rfcomm_dlc_timeout(unsigned long arg)
250 struct rfcomm_dlc *d = (void *) arg;
252 BT_DBG("dlc %p state %ld", d, d->state);
254 set_bit(RFCOMM_TIMED_OUT, &d->flags);
256 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
259 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
261 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
263 if (!mod_timer(&d->timer, jiffies + timeout))
267 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
269 BT_DBG("dlc %p state %ld", d, d->state);
271 if (timer_pending(&d->timer) && del_timer(&d->timer))
275 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
282 d->mtu = RFCOMM_DEFAULT_MTU;
283 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
285 d->cfc = RFCOMM_CFC_DISABLED;
286 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
289 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
291 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
296 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
298 skb_queue_head_init(&d->tx_queue);
299 spin_lock_init(&d->lock);
300 atomic_set(&d->refcnt, 1);
302 rfcomm_dlc_clear_state(d);
309 void rfcomm_dlc_free(struct rfcomm_dlc *d)
313 skb_queue_purge(&d->tx_queue);
317 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
319 BT_DBG("dlc %p session %p", d, s);
321 rfcomm_session_hold(s);
324 list_add(&d->list, &s->dlcs);
328 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
330 struct rfcomm_session *s = d->session;
332 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
338 rfcomm_session_put(s);
341 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
343 struct rfcomm_dlc *d;
346 list_for_each(p, &s->dlcs) {
347 d = list_entry(p, struct rfcomm_dlc, list);
354 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
356 struct rfcomm_session *s;
360 BT_DBG("dlc %p state %ld %s %s channel %d",
361 d, d->state, batostr(src), batostr(dst), channel);
363 if (channel < 1 || channel > 30)
366 if (d->state != BT_OPEN && d->state != BT_CLOSED)
369 s = rfcomm_session_get(src, dst);
371 s = rfcomm_session_create(src, dst, &err);
376 dlci = __dlci(!s->initiator, channel);
378 /* Check if DLCI already exists */
379 if (rfcomm_dlc_get(s, dlci))
382 rfcomm_dlc_clear_state(d);
385 d->addr = __addr(s->initiator, dlci);
388 d->state = BT_CONFIG;
389 rfcomm_dlc_link(s, d);
394 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
396 if (s->state == BT_CONNECTED) {
397 if (rfcomm_check_security(d))
398 rfcomm_send_pn(s, 1, d);
400 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
403 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
408 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
414 r = __rfcomm_dlc_open(d, src, dst, channel);
420 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
422 struct rfcomm_session *s = d->session;
426 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
427 d, d->state, d->dlci, err, s);
432 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
433 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
434 rfcomm_schedule(RFCOMM_SCHED_AUTH);
440 d->state = BT_DISCONN;
441 if (skb_queue_empty(&d->tx_queue)) {
442 rfcomm_send_disc(s, d->dlci);
443 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
445 rfcomm_queue_disc(d);
446 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
452 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
453 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
454 rfcomm_schedule(RFCOMM_SCHED_AUTH);
460 rfcomm_dlc_clear_timer(d);
463 d->state = BT_CLOSED;
464 d->state_change(d, err);
465 rfcomm_dlc_unlock(d);
467 skb_queue_purge(&d->tx_queue);
468 rfcomm_dlc_unlink(d);
474 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
480 r = __rfcomm_dlc_close(d, err);
486 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
490 if (d->state != BT_CONNECTED)
493 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
498 rfcomm_make_uih(skb, d->addr);
499 skb_queue_tail(&d->tx_queue, skb);
501 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
502 rfcomm_schedule(RFCOMM_SCHED_TX);
506 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
508 BT_DBG("dlc %p state %ld", d, d->state);
511 d->v24_sig |= RFCOMM_V24_FC;
512 set_bit(RFCOMM_MSC_PENDING, &d->flags);
514 rfcomm_schedule(RFCOMM_SCHED_TX);
517 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
519 BT_DBG("dlc %p state %ld", d, d->state);
522 d->v24_sig &= ~RFCOMM_V24_FC;
523 set_bit(RFCOMM_MSC_PENDING, &d->flags);
525 rfcomm_schedule(RFCOMM_SCHED_TX);
529 Set/get modem status functions use _local_ status i.e. what we report
531 Remote status is provided by dlc->modem_status() callback.
533 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
535 BT_DBG("dlc %p state %ld v24_sig 0x%x",
536 d, d->state, v24_sig);
538 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
539 v24_sig |= RFCOMM_V24_FC;
541 v24_sig &= ~RFCOMM_V24_FC;
543 d->v24_sig = v24_sig;
545 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
546 rfcomm_schedule(RFCOMM_SCHED_TX);
551 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
553 BT_DBG("dlc %p state %ld v24_sig 0x%x",
554 d, d->state, d->v24_sig);
556 *v24_sig = d->v24_sig;
560 /* ---- RFCOMM sessions ---- */
561 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
563 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
568 BT_DBG("session %p sock %p", s, sock);
570 INIT_LIST_HEAD(&s->dlcs);
574 s->mtu = RFCOMM_DEFAULT_MTU;
575 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
577 /* Do not increment module usage count for listening sessions.
578 * Otherwise we won't be able to unload the module. */
579 if (state != BT_LISTEN)
580 if (!try_module_get(THIS_MODULE)) {
585 list_add(&s->list, &session_list);
590 static void rfcomm_session_del(struct rfcomm_session *s)
592 int state = s->state;
594 BT_DBG("session %p state %ld", s, s->state);
598 if (state == BT_CONNECTED)
599 rfcomm_send_disc(s, 0);
601 sock_release(s->sock);
604 if (state != BT_LISTEN)
605 module_put(THIS_MODULE);
608 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
610 struct rfcomm_session *s;
611 struct list_head *p, *n;
613 list_for_each_safe(p, n, &session_list) {
614 s = list_entry(p, struct rfcomm_session, list);
615 sk = bt_sk(s->sock->sk);
617 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
618 !bacmp(&sk->dst, dst))
624 static void rfcomm_session_close(struct rfcomm_session *s, int err)
626 struct rfcomm_dlc *d;
627 struct list_head *p, *n;
629 BT_DBG("session %p state %ld err %d", s, s->state, err);
631 rfcomm_session_hold(s);
633 s->state = BT_CLOSED;
636 list_for_each_safe(p, n, &s->dlcs) {
637 d = list_entry(p, struct rfcomm_dlc, list);
638 d->state = BT_CLOSED;
639 __rfcomm_dlc_close(d, err);
642 rfcomm_session_put(s);
645 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
647 struct rfcomm_session *s = NULL;
648 struct sockaddr_l2 addr;
652 BT_DBG("%s %s", batostr(src), batostr(dst));
654 *err = rfcomm_l2sock_create(&sock);
658 bacpy(&addr.l2_bdaddr, src);
659 addr.l2_family = AF_BLUETOOTH;
662 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
666 /* Set L2CAP options */
669 l2cap_pi(sk)->imtu = l2cap_mtu;
672 s = rfcomm_session_add(sock, BT_BOUND);
680 bacpy(&addr.l2_bdaddr, dst);
681 addr.l2_family = AF_BLUETOOTH;
682 addr.l2_psm = htobs(RFCOMM_PSM);
684 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
685 if (*err == 0 || *err == -EINPROGRESS)
688 rfcomm_session_del(s);
696 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
698 struct sock *sk = s->sock->sk;
700 bacpy(src, &bt_sk(sk)->src);
702 bacpy(dst, &bt_sk(sk)->dst);
705 /* ---- RFCOMM frame sending ---- */
706 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
708 struct socket *sock = s->sock;
709 struct kvec iv = { data, len };
712 BT_DBG("session %p len %d", s, len);
714 memset(&msg, 0, sizeof(msg));
716 return kernel_sendmsg(sock, &msg, &iv, 1, len);
719 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
721 struct rfcomm_cmd cmd;
723 BT_DBG("%p dlci %d", s, dlci);
725 cmd.addr = __addr(s->initiator, dlci);
726 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
728 cmd.fcs = __fcs2((u8 *) &cmd);
730 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
733 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
735 struct rfcomm_cmd cmd;
737 BT_DBG("%p dlci %d", s, dlci);
739 cmd.addr = __addr(!s->initiator, dlci);
740 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
742 cmd.fcs = __fcs2((u8 *) &cmd);
744 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
747 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
749 struct rfcomm_cmd cmd;
751 BT_DBG("%p dlci %d", s, dlci);
753 cmd.addr = __addr(s->initiator, dlci);
754 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
756 cmd.fcs = __fcs2((u8 *) &cmd);
758 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
761 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
763 struct rfcomm_cmd *cmd;
766 BT_DBG("dlc %p dlci %d", d, d->dlci);
768 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
772 cmd = (void *) __skb_put(skb, sizeof(*cmd));
774 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
775 cmd->len = __len8(0);
776 cmd->fcs = __fcs2((u8 *) cmd);
778 skb_queue_tail(&d->tx_queue, skb);
779 rfcomm_schedule(RFCOMM_SCHED_TX);
783 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
785 struct rfcomm_cmd cmd;
787 BT_DBG("%p dlci %d", s, dlci);
789 cmd.addr = __addr(!s->initiator, dlci);
790 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
792 cmd.fcs = __fcs2((u8 *) &cmd);
794 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
797 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
799 struct rfcomm_hdr *hdr;
800 struct rfcomm_mcc *mcc;
801 u8 buf[16], *ptr = buf;
803 BT_DBG("%p cr %d type %d", s, cr, type);
805 hdr = (void *) ptr; ptr += sizeof(*hdr);
806 hdr->addr = __addr(s->initiator, 0);
807 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
808 hdr->len = __len8(sizeof(*mcc) + 1);
810 mcc = (void *) ptr; ptr += sizeof(*mcc);
811 mcc->type = __mcc_type(cr, RFCOMM_NSC);
812 mcc->len = __len8(1);
814 /* Type that we didn't like */
815 *ptr = __mcc_type(cr, type); ptr++;
817 *ptr = __fcs(buf); ptr++;
819 return rfcomm_send_frame(s, buf, ptr - buf);
822 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
824 struct rfcomm_hdr *hdr;
825 struct rfcomm_mcc *mcc;
826 struct rfcomm_pn *pn;
827 u8 buf[16], *ptr = buf;
829 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
831 hdr = (void *) ptr; ptr += sizeof(*hdr);
832 hdr->addr = __addr(s->initiator, 0);
833 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
834 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
836 mcc = (void *) ptr; ptr += sizeof(*mcc);
837 mcc->type = __mcc_type(cr, RFCOMM_PN);
838 mcc->len = __len8(sizeof(*pn));
840 pn = (void *) ptr; ptr += sizeof(*pn);
842 pn->priority = d->priority;
847 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
848 pn->credits = RFCOMM_DEFAULT_CREDITS;
854 if (cr && channel_mtu >= 0)
855 pn->mtu = htobs(channel_mtu);
857 pn->mtu = htobs(d->mtu);
859 *ptr = __fcs(buf); ptr++;
861 return rfcomm_send_frame(s, buf, ptr - buf);
864 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
865 u8 bit_rate, u8 data_bits, u8 stop_bits,
866 u8 parity, u8 flow_ctrl_settings,
867 u8 xon_char, u8 xoff_char, u16 param_mask)
869 struct rfcomm_hdr *hdr;
870 struct rfcomm_mcc *mcc;
871 struct rfcomm_rpn *rpn;
872 u8 buf[16], *ptr = buf;
874 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
875 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
876 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
877 flow_ctrl_settings, xon_char, xoff_char, param_mask);
879 hdr = (void *) ptr; ptr += sizeof(*hdr);
880 hdr->addr = __addr(s->initiator, 0);
881 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
882 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
884 mcc = (void *) ptr; ptr += sizeof(*mcc);
885 mcc->type = __mcc_type(cr, RFCOMM_RPN);
886 mcc->len = __len8(sizeof(*rpn));
888 rpn = (void *) ptr; ptr += sizeof(*rpn);
889 rpn->dlci = __addr(1, dlci);
890 rpn->bit_rate = bit_rate;
891 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
892 rpn->flow_ctrl = flow_ctrl_settings;
893 rpn->xon_char = xon_char;
894 rpn->xoff_char = xoff_char;
895 rpn->param_mask = cpu_to_le16(param_mask);
897 *ptr = __fcs(buf); ptr++;
899 return rfcomm_send_frame(s, buf, ptr - buf);
902 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
904 struct rfcomm_hdr *hdr;
905 struct rfcomm_mcc *mcc;
906 struct rfcomm_rls *rls;
907 u8 buf[16], *ptr = buf;
909 BT_DBG("%p cr %d status 0x%x", s, cr, status);
911 hdr = (void *) ptr; ptr += sizeof(*hdr);
912 hdr->addr = __addr(s->initiator, 0);
913 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
914 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
916 mcc = (void *) ptr; ptr += sizeof(*mcc);
917 mcc->type = __mcc_type(cr, RFCOMM_RLS);
918 mcc->len = __len8(sizeof(*rls));
920 rls = (void *) ptr; ptr += sizeof(*rls);
921 rls->dlci = __addr(1, dlci);
922 rls->status = status;
924 *ptr = __fcs(buf); ptr++;
926 return rfcomm_send_frame(s, buf, ptr - buf);
929 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
931 struct rfcomm_hdr *hdr;
932 struct rfcomm_mcc *mcc;
933 struct rfcomm_msc *msc;
934 u8 buf[16], *ptr = buf;
936 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
938 hdr = (void *) ptr; ptr += sizeof(*hdr);
939 hdr->addr = __addr(s->initiator, 0);
940 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
941 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
943 mcc = (void *) ptr; ptr += sizeof(*mcc);
944 mcc->type = __mcc_type(cr, RFCOMM_MSC);
945 mcc->len = __len8(sizeof(*msc));
947 msc = (void *) ptr; ptr += sizeof(*msc);
948 msc->dlci = __addr(1, dlci);
949 msc->v24_sig = v24_sig | 0x01;
951 *ptr = __fcs(buf); ptr++;
953 return rfcomm_send_frame(s, buf, ptr - buf);
956 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
958 struct rfcomm_hdr *hdr;
959 struct rfcomm_mcc *mcc;
960 u8 buf[16], *ptr = buf;
962 BT_DBG("%p cr %d", s, cr);
964 hdr = (void *) ptr; ptr += sizeof(*hdr);
965 hdr->addr = __addr(s->initiator, 0);
966 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
967 hdr->len = __len8(sizeof(*mcc));
969 mcc = (void *) ptr; ptr += sizeof(*mcc);
970 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
971 mcc->len = __len8(0);
973 *ptr = __fcs(buf); ptr++;
975 return rfcomm_send_frame(s, buf, ptr - buf);
978 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
980 struct rfcomm_hdr *hdr;
981 struct rfcomm_mcc *mcc;
982 u8 buf[16], *ptr = buf;
984 BT_DBG("%p cr %d", s, cr);
986 hdr = (void *) ptr; ptr += sizeof(*hdr);
987 hdr->addr = __addr(s->initiator, 0);
988 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
989 hdr->len = __len8(sizeof(*mcc));
991 mcc = (void *) ptr; ptr += sizeof(*mcc);
992 mcc->type = __mcc_type(cr, RFCOMM_FCON);
993 mcc->len = __len8(0);
995 *ptr = __fcs(buf); ptr++;
997 return rfcomm_send_frame(s, buf, ptr - buf);
1000 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1002 struct socket *sock = s->sock;
1005 unsigned char hdr[5], crc[1];
1010 BT_DBG("%p cr %d", s, cr);
1012 hdr[0] = __addr(s->initiator, 0);
1013 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1014 hdr[2] = 0x01 | ((len + 2) << 1);
1015 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1016 hdr[4] = 0x01 | (len << 1);
1018 crc[0] = __fcs(hdr);
1020 iv[0].iov_base = hdr;
1022 iv[1].iov_base = pattern;
1023 iv[1].iov_len = len;
1024 iv[2].iov_base = crc;
1027 memset(&msg, 0, sizeof(msg));
1029 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1032 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1034 struct rfcomm_hdr *hdr;
1035 u8 buf[16], *ptr = buf;
1037 BT_DBG("%p addr %d credits %d", s, addr, credits);
1039 hdr = (void *) ptr; ptr += sizeof(*hdr);
1041 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1042 hdr->len = __len8(0);
1044 *ptr = credits; ptr++;
1046 *ptr = __fcs(buf); ptr++;
1048 return rfcomm_send_frame(s, buf, ptr - buf);
1051 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1053 struct rfcomm_hdr *hdr;
1058 hdr = (void *) skb_push(skb, 4);
1059 put_unaligned(htobs(__len16(len)), (__le16 *) &hdr->len);
1061 hdr = (void *) skb_push(skb, 3);
1062 hdr->len = __len8(len);
1065 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1067 crc = skb_put(skb, 1);
1068 *crc = __fcs((void *) hdr);
1071 /* ---- RFCOMM frame reception ---- */
1072 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1074 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1078 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1080 rfcomm_send_dm(s, dlci);
1086 rfcomm_dlc_clear_timer(d);
1089 d->state = BT_CONNECTED;
1090 d->state_change(d, 0);
1091 rfcomm_dlc_unlock(d);
1093 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1097 d->state = BT_CLOSED;
1098 __rfcomm_dlc_close(d, 0);
1100 if (list_empty(&s->dlcs)) {
1101 s->state = BT_DISCONN;
1102 rfcomm_send_disc(s, 0);
1108 /* Control channel */
1111 s->state = BT_CONNECTED;
1112 rfcomm_process_connect(s);
1116 rfcomm_session_put(s);
1123 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1127 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1131 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1133 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1138 d->state = BT_CLOSED;
1139 __rfcomm_dlc_close(d, err);
1142 if (s->state == BT_CONNECT)
1147 s->state = BT_CLOSED;
1148 rfcomm_session_close(s, err);
1153 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1157 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1160 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1162 rfcomm_send_ua(s, dlci);
1164 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1169 d->state = BT_CLOSED;
1170 __rfcomm_dlc_close(d, err);
1172 rfcomm_send_dm(s, dlci);
1175 rfcomm_send_ua(s, 0);
1177 if (s->state == BT_CONNECT)
1182 s->state = BT_CLOSED;
1183 rfcomm_session_close(s, err);
1189 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1191 struct sock *sk = d->session->sock->sk;
1193 BT_DBG("dlc %p", d);
1195 rfcomm_send_ua(d->session, d->dlci);
1198 d->state = BT_CONNECTED;
1199 d->state_change(d, 0);
1200 rfcomm_dlc_unlock(d);
1203 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);
1205 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1208 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1210 if (rfcomm_check_security(d)) {
1211 if (d->defer_setup) {
1212 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1213 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1216 d->state = BT_CONNECT2;
1217 d->state_change(d, 0);
1218 rfcomm_dlc_unlock(d);
1220 rfcomm_dlc_accept(d);
1222 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1223 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1227 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1229 struct rfcomm_dlc *d;
1232 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1235 rfcomm_send_ua(s, 0);
1237 if (s->state == BT_OPEN) {
1238 s->state = BT_CONNECTED;
1239 rfcomm_process_connect(s);
1244 /* Check if DLC exists */
1245 d = rfcomm_dlc_get(s, dlci);
1247 if (d->state == BT_OPEN) {
1248 /* DLC was previously opened by PN request */
1249 rfcomm_check_accept(d);
1254 /* Notify socket layer about incoming connection */
1255 channel = __srv_channel(dlci);
1256 if (rfcomm_connect_ind(s, channel, &d)) {
1258 d->addr = __addr(s->initiator, dlci);
1259 rfcomm_dlc_link(s, d);
1261 rfcomm_check_accept(d);
1263 rfcomm_send_dm(s, dlci);
1269 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1271 struct rfcomm_session *s = d->session;
1273 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1274 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1276 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1277 pn->flow_ctrl == 0xe0) {
1278 d->cfc = RFCOMM_CFC_ENABLED;
1279 d->tx_credits = pn->credits;
1281 d->cfc = RFCOMM_CFC_DISABLED;
1282 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1285 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1288 d->priority = pn->priority;
1290 d->mtu = btohs(pn->mtu);
1292 if (cr && d->mtu > s->mtu)
1298 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1300 struct rfcomm_pn *pn = (void *) skb->data;
1301 struct rfcomm_dlc *d;
1304 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1309 d = rfcomm_dlc_get(s, dlci);
1313 rfcomm_apply_pn(d, cr, pn);
1314 rfcomm_send_pn(s, 0, d);
1319 rfcomm_apply_pn(d, cr, pn);
1321 d->state = BT_CONNECT;
1322 rfcomm_send_sabm(s, d->dlci);
1327 u8 channel = __srv_channel(dlci);
1332 /* PN request for non existing DLC.
1333 * Assume incoming connection. */
1334 if (rfcomm_connect_ind(s, channel, &d)) {
1336 d->addr = __addr(s->initiator, dlci);
1337 rfcomm_dlc_link(s, d);
1339 rfcomm_apply_pn(d, cr, pn);
1342 rfcomm_send_pn(s, 0, d);
1344 rfcomm_send_dm(s, dlci);
1350 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1352 struct rfcomm_rpn *rpn = (void *) skb->data;
1353 u8 dlci = __get_dlci(rpn->dlci);
1362 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1364 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1365 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1366 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1372 /* This is a request, return default settings */
1373 bit_rate = RFCOMM_RPN_BR_115200;
1374 data_bits = RFCOMM_RPN_DATA_8;
1375 stop_bits = RFCOMM_RPN_STOP_1;
1376 parity = RFCOMM_RPN_PARITY_NONE;
1377 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1378 xon_char = RFCOMM_RPN_XON_CHAR;
1379 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1383 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1384 * no parity, no flow control lines, normal XON/XOFF chars */
1386 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1387 bit_rate = rpn->bit_rate;
1388 if (bit_rate != RFCOMM_RPN_BR_115200) {
1389 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1390 bit_rate = RFCOMM_RPN_BR_115200;
1391 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1395 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1396 data_bits = __get_rpn_data_bits(rpn->line_settings);
1397 if (data_bits != RFCOMM_RPN_DATA_8) {
1398 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1399 data_bits = RFCOMM_RPN_DATA_8;
1400 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1404 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1405 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1406 if (stop_bits != RFCOMM_RPN_STOP_1) {
1407 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1408 stop_bits = RFCOMM_RPN_STOP_1;
1409 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1413 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1414 parity = __get_rpn_parity(rpn->line_settings);
1415 if (parity != RFCOMM_RPN_PARITY_NONE) {
1416 BT_DBG("RPN parity mismatch 0x%x", parity);
1417 parity = RFCOMM_RPN_PARITY_NONE;
1418 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1422 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1423 flow_ctrl = rpn->flow_ctrl;
1424 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1425 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1426 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1427 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1431 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1432 xon_char = rpn->xon_char;
1433 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1434 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1435 xon_char = RFCOMM_RPN_XON_CHAR;
1436 rpn_mask ^= RFCOMM_RPN_PM_XON;
1440 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1441 xoff_char = rpn->xoff_char;
1442 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1443 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1444 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1445 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1450 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1451 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1456 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1458 struct rfcomm_rls *rls = (void *) skb->data;
1459 u8 dlci = __get_dlci(rls->dlci);
1461 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1466 /* We should probably do something with this information here. But
1467 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1468 * mandatory to recognise and respond to RLS */
1470 rfcomm_send_rls(s, 0, dlci, rls->status);
1475 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1477 struct rfcomm_msc *msc = (void *) skb->data;
1478 struct rfcomm_dlc *d;
1479 u8 dlci = __get_dlci(msc->dlci);
1481 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1483 d = rfcomm_dlc_get(s, dlci);
1488 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1489 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1491 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1495 d->remote_v24_sig = msc->v24_sig;
1497 if (d->modem_status)
1498 d->modem_status(d, msc->v24_sig);
1500 rfcomm_dlc_unlock(d);
1502 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1504 d->mscex |= RFCOMM_MSCEX_RX;
1506 d->mscex |= RFCOMM_MSCEX_TX;
1511 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1513 struct rfcomm_mcc *mcc = (void *) skb->data;
1516 cr = __test_cr(mcc->type);
1517 type = __get_mcc_type(mcc->type);
1518 len = __get_mcc_len(mcc->len);
1520 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1526 rfcomm_recv_pn(s, cr, skb);
1530 rfcomm_recv_rpn(s, cr, len, skb);
1534 rfcomm_recv_rls(s, cr, skb);
1538 rfcomm_recv_msc(s, cr, skb);
1543 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1544 rfcomm_send_fcoff(s, 0);
1550 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1551 rfcomm_send_fcon(s, 0);
1557 rfcomm_send_test(s, 0, skb->data, skb->len);
1564 BT_ERR("Unknown control type 0x%02x", type);
1565 rfcomm_send_nsc(s, cr, type);
1571 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1573 struct rfcomm_dlc *d;
1575 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1577 d = rfcomm_dlc_get(s, dlci);
1579 rfcomm_send_dm(s, dlci);
1584 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1586 d->tx_credits += credits;
1588 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1591 if (skb->len && d->state == BT_CONNECTED) {
1594 d->data_ready(d, skb);
1595 rfcomm_dlc_unlock(d);
1604 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1606 struct rfcomm_hdr *hdr = (void *) skb->data;
1609 dlci = __get_dlci(hdr->addr);
1610 type = __get_type(hdr->ctrl);
1613 skb->len--; skb->tail--;
1614 fcs = *(u8 *)skb_tail_pointer(skb);
1616 if (__check_fcs(skb->data, type, fcs)) {
1617 BT_ERR("bad checksum in packet");
1622 if (__test_ea(hdr->len))
1629 if (__test_pf(hdr->ctrl))
1630 rfcomm_recv_sabm(s, dlci);
1634 if (__test_pf(hdr->ctrl))
1635 rfcomm_recv_disc(s, dlci);
1639 if (__test_pf(hdr->ctrl))
1640 rfcomm_recv_ua(s, dlci);
1644 rfcomm_recv_dm(s, dlci);
1649 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1651 rfcomm_recv_mcc(s, skb);
1655 BT_ERR("Unknown packet type 0x%02x\n", type);
1662 /* ---- Connection and data processing ---- */
1664 static void rfcomm_process_connect(struct rfcomm_session *s)
1666 struct rfcomm_dlc *d;
1667 struct list_head *p, *n;
1669 BT_DBG("session %p state %ld", s, s->state);
1671 list_for_each_safe(p, n, &s->dlcs) {
1672 d = list_entry(p, struct rfcomm_dlc, list);
1673 if (d->state == BT_CONFIG) {
1675 if (rfcomm_check_security(d)) {
1676 rfcomm_send_pn(s, 1, d);
1678 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1679 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1685 /* Send data queued for the DLC.
1686 * Return number of frames left in the queue.
1688 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1690 struct sk_buff *skb;
1693 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1694 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1696 /* Send pending MSC */
1697 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1698 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1702 * Give them some credits */
1703 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1704 d->rx_credits <= (d->cfc >> 2)) {
1705 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1706 d->rx_credits = d->cfc;
1710 * Give ourselves some credits */
1714 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1715 return skb_queue_len(&d->tx_queue);
1717 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1718 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1720 skb_queue_head(&d->tx_queue, skb);
1727 if (d->cfc && !d->tx_credits) {
1728 /* We're out of TX credits.
1729 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1730 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1733 return skb_queue_len(&d->tx_queue);
1736 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1738 struct rfcomm_dlc *d;
1739 struct list_head *p, *n;
1741 BT_DBG("session %p state %ld", s, s->state);
1743 list_for_each_safe(p, n, &s->dlcs) {
1744 d = list_entry(p, struct rfcomm_dlc, list);
1746 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1747 __rfcomm_dlc_close(d, ETIMEDOUT);
1751 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1752 rfcomm_dlc_clear_timer(d);
1754 rfcomm_send_pn(s, 1, d);
1755 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1757 if (d->defer_setup) {
1758 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1759 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1762 d->state = BT_CONNECT2;
1763 d->state_change(d, 0);
1764 rfcomm_dlc_unlock(d);
1766 rfcomm_dlc_accept(d);
1769 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1770 rfcomm_dlc_clear_timer(d);
1772 rfcomm_send_dm(s, d->dlci);
1774 d->state = BT_CLOSED;
1775 __rfcomm_dlc_close(d, ECONNREFUSED);
1779 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1782 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1785 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1786 d->mscex == RFCOMM_MSCEX_OK)
1787 rfcomm_process_tx(d);
1791 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1793 struct socket *sock = s->sock;
1794 struct sock *sk = sock->sk;
1795 struct sk_buff *skb;
1797 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1799 /* Get data directly from socket receive queue without copying it. */
1800 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1802 rfcomm_recv_frame(s, skb);
1805 if (sk->sk_state == BT_CLOSED) {
1807 rfcomm_session_put(s);
1809 rfcomm_session_close(s, sk->sk_err);
1813 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1815 struct socket *sock = s->sock, *nsock;
1818 /* Fast check for a new connection.
1819 * Avoids unnesesary socket allocations. */
1820 if (list_empty(&bt_sk(sock->sk)->accept_q))
1823 BT_DBG("session %p", s);
1825 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1829 /* Set our callbacks */
1830 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1831 nsock->sk->sk_state_change = rfcomm_l2state_change;
1833 s = rfcomm_session_add(nsock, BT_OPEN);
1835 rfcomm_session_hold(s);
1837 /* We should adjust MTU on incoming sessions.
1838 * L2CAP MTU minus UIH header and FCS. */
1839 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5;
1841 rfcomm_schedule(RFCOMM_SCHED_RX);
1843 sock_release(nsock);
1846 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1848 struct sock *sk = s->sock->sk;
1850 BT_DBG("%p state %ld", s, s->state);
1852 switch(sk->sk_state) {
1854 s->state = BT_CONNECT;
1856 /* We can adjust MTU on outgoing sessions.
1857 * L2CAP MTU minus UIH header and FCS. */
1858 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1860 rfcomm_send_sabm(s, 0);
1864 s->state = BT_CLOSED;
1865 rfcomm_session_close(s, sk->sk_err);
1870 static inline void rfcomm_process_sessions(void)
1872 struct list_head *p, *n;
1876 list_for_each_safe(p, n, &session_list) {
1877 struct rfcomm_session *s;
1878 s = list_entry(p, struct rfcomm_session, list);
1880 if (s->state == BT_LISTEN) {
1881 rfcomm_accept_connection(s);
1885 rfcomm_session_hold(s);
1889 rfcomm_check_connection(s);
1893 rfcomm_process_rx(s);
1897 rfcomm_process_dlcs(s);
1899 rfcomm_session_put(s);
1905 static int rfcomm_add_listener(bdaddr_t *ba)
1907 struct sockaddr_l2 addr;
1908 struct socket *sock;
1910 struct rfcomm_session *s;
1914 err = rfcomm_l2sock_create(&sock);
1916 BT_ERR("Create socket failed %d", err);
1921 bacpy(&addr.l2_bdaddr, ba);
1922 addr.l2_family = AF_BLUETOOTH;
1923 addr.l2_psm = htobs(RFCOMM_PSM);
1925 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1927 BT_ERR("Bind failed %d", err);
1931 /* Set L2CAP options */
1934 l2cap_pi(sk)->imtu = l2cap_mtu;
1937 /* Start listening on the socket */
1938 err = kernel_listen(sock, 10);
1940 BT_ERR("Listen failed %d", err);
1944 /* Add listening session */
1945 s = rfcomm_session_add(sock, BT_LISTEN);
1949 rfcomm_session_hold(s);
1956 static void rfcomm_kill_listener(void)
1958 struct rfcomm_session *s;
1959 struct list_head *p, *n;
1963 list_for_each_safe(p, n, &session_list) {
1964 s = list_entry(p, struct rfcomm_session, list);
1965 rfcomm_session_del(s);
1969 static int rfcomm_run(void *unused)
1973 set_user_nice(current, -10);
1975 rfcomm_add_listener(BDADDR_ANY);
1977 while (!kthread_should_stop()) {
1978 set_current_state(TASK_INTERRUPTIBLE);
1979 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1980 /* No pending events. Let's sleep.
1981 * Incoming connections and data will wake us up. */
1984 set_current_state(TASK_RUNNING);
1987 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1988 rfcomm_process_sessions();
1991 rfcomm_kill_listener();
1996 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1998 struct rfcomm_session *s;
1999 struct rfcomm_dlc *d;
2000 struct list_head *p, *n;
2002 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2004 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2008 rfcomm_session_hold(s);
2010 list_for_each_safe(p, n, &s->dlcs) {
2011 d = list_entry(p, struct rfcomm_dlc, list);
2013 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2014 rfcomm_dlc_clear_timer(d);
2015 if (status || encrypt == 0x00) {
2016 __rfcomm_dlc_close(d, ECONNREFUSED);
2021 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2022 if (d->sec_level == BT_SECURITY_MEDIUM) {
2023 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2024 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2026 } else if (d->sec_level == BT_SECURITY_HIGH) {
2027 __rfcomm_dlc_close(d, ECONNREFUSED);
2032 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2036 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2038 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2041 rfcomm_session_put(s);
2043 rfcomm_schedule(RFCOMM_SCHED_AUTH);
2046 static struct hci_cb rfcomm_cb = {
2048 .security_cfm = rfcomm_security_cfm
2051 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
2053 struct rfcomm_session *s;
2054 struct list_head *pp, *p;
2059 list_for_each(p, &session_list) {
2060 s = list_entry(p, struct rfcomm_session, list);
2061 list_for_each(pp, &s->dlcs) {
2062 struct sock *sk = s->sock->sk;
2063 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
2065 str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2066 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2067 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
2076 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
2078 /* ---- Initialization ---- */
2079 static int __init rfcomm_init(void)
2083 hci_register_cb(&rfcomm_cb);
2085 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2086 if (IS_ERR(rfcomm_thread)) {
2087 hci_unregister_cb(&rfcomm_cb);
2088 return PTR_ERR(rfcomm_thread);
2091 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0)
2092 BT_ERR("Failed to create RFCOMM info file");
2094 rfcomm_init_sockets();
2096 #ifdef CONFIG_BT_RFCOMM_TTY
2100 BT_INFO("RFCOMM ver %s", VERSION);
2105 static void __exit rfcomm_exit(void)
2107 class_remove_file(bt_class, &class_attr_rfcomm_dlc);
2109 hci_unregister_cb(&rfcomm_cb);
2111 kthread_stop(rfcomm_thread);
2113 #ifdef CONFIG_BT_RFCOMM_TTY
2114 rfcomm_cleanup_ttys();
2117 rfcomm_cleanup_sockets();
2120 module_init(rfcomm_init);
2121 module_exit(rfcomm_exit);
2123 module_param(disable_cfc, bool, 0644);
2124 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2126 module_param(channel_mtu, int, 0644);
2127 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2129 module_param(l2cap_mtu, uint, 0644);
2130 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2132 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2133 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2134 MODULE_VERSION(VERSION);
2135 MODULE_LICENSE("GPL");
2136 MODULE_ALIAS("bt-proto-3");
projects / linux-2.6 / blob