2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/kernel.h>
31 #include <linux/sched.h>
32 #include <linux/signal.h>
33 #include <linux/init.h>
34 #include <linux/wait.h>
35 #include <linux/device.h>
36 #include <linux/net.h>
37 #include <linux/mutex.h>
38 #include <linux/kthread.h>
41 #include <asm/uaccess.h>
42 #include <asm/unaligned.h>
44 #include <net/bluetooth/bluetooth.h>
45 #include <net/bluetooth/hci_core.h>
46 #include <net/bluetooth/l2cap.h>
47 #include <net/bluetooth/rfcomm.h>
49 #define VERSION "1.10"
51 static int disable_cfc = 0;
52 static int channel_mtu = -1;
53 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
55 static struct task_struct *rfcomm_thread;
57 static DEFINE_MUTEX(rfcomm_mutex);
58 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
59 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
61 static unsigned long rfcomm_event;
63 static LIST_HEAD(session_list);
65 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
66 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
67 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
68 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
69 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
70 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
71 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
72 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
73 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
74 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
76 static void rfcomm_process_connect(struct rfcomm_session *s);
78 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
79 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
80 static void rfcomm_session_del(struct rfcomm_session *s);
82 /* ---- RFCOMM frame parsing macros ---- */
83 #define __get_dlci(b) ((b & 0xfc) >> 2)
84 #define __get_channel(b) ((b & 0xf8) >> 3)
85 #define __get_dir(b) ((b & 0x04) >> 2)
86 #define __get_type(b) ((b & 0xef))
88 #define __test_ea(b) ((b & 0x01))
89 #define __test_cr(b) ((b & 0x02))
90 #define __test_pf(b) ((b & 0x10))
92 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
93 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
94 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
95 #define __srv_channel(dlci) (dlci >> 1)
96 #define __dir(dlci) (dlci & 0x01)
98 #define __len8(len) (((len) << 1) | 1)
99 #define __len16(len) ((len) << 1)
102 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
103 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
104 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
107 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
108 #define __get_rpn_data_bits(line) ((line) & 0x3)
109 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
110 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
112 static inline void rfcomm_schedule(uint event)
116 //set_bit(event, &rfcomm_event);
117 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
118 wake_up_process(rfcomm_thread);
121 static inline void rfcomm_session_put(struct rfcomm_session *s)
123 if (atomic_dec_and_test(&s->refcnt))
124 rfcomm_session_del(s);
127 /* ---- RFCOMM FCS computation ---- */
129 /* reversed, 8-bit, poly=0x07 */
130 static unsigned char rfcomm_crc_table[256] = {
131 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
132 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
133 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
134 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
136 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
137 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
138 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
139 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
141 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
142 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
143 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
144 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
146 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
147 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
148 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
149 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
151 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
152 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
153 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
154 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
156 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
157 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
158 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
159 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
161 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
162 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
163 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
164 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
166 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
167 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
168 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
169 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
173 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
176 static inline u8 __fcs(u8 *data)
178 return (0xff - __crc(data));
182 static inline u8 __fcs2(u8 *data)
184 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
188 static inline int __check_fcs(u8 *data, int type, u8 fcs)
192 if (type != RFCOMM_UIH)
193 f = rfcomm_crc_table[f ^ data[2]];
195 return rfcomm_crc_table[f ^ fcs] != 0xcf;
198 /* ---- L2CAP callbacks ---- */
199 static void rfcomm_l2state_change(struct sock *sk)
201 BT_DBG("%p state %d", sk, sk->sk_state);
202 rfcomm_schedule(RFCOMM_SCHED_STATE);
205 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
207 BT_DBG("%p bytes %d", sk, bytes);
208 rfcomm_schedule(RFCOMM_SCHED_RX);
211 static int rfcomm_l2sock_create(struct socket **sock)
217 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
219 struct sock *sk = (*sock)->sk;
220 sk->sk_data_ready = rfcomm_l2data_ready;
221 sk->sk_state_change = rfcomm_l2state_change;
226 static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
228 struct sock *sk = d->session->sock->sk;
229 struct l2cap_conn *conn = l2cap_pi(sk)->conn;
231 if (d->link_mode & RFCOMM_LM_SECURE)
232 return hci_conn_security(conn->hcon, BT_SECURITY_HIGH);
234 if (d->link_mode & RFCOMM_LM_ENCRYPT)
235 return hci_conn_security(conn->hcon, BT_SECURITY_MEDIUM);
237 if (d->link_mode & RFCOMM_LM_AUTH)
238 return hci_conn_security(conn->hcon, BT_SECURITY_LOW);
243 /* ---- RFCOMM DLCs ---- */
244 static void rfcomm_dlc_timeout(unsigned long arg)
246 struct rfcomm_dlc *d = (void *) arg;
248 BT_DBG("dlc %p state %ld", d, d->state);
250 set_bit(RFCOMM_TIMED_OUT, &d->flags);
252 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
255 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
257 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
259 if (!mod_timer(&d->timer, jiffies + timeout))
263 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
265 BT_DBG("dlc %p state %ld", d, d->state);
267 if (timer_pending(&d->timer) && del_timer(&d->timer))
271 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
278 d->mtu = RFCOMM_DEFAULT_MTU;
279 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
281 d->cfc = RFCOMM_CFC_DISABLED;
282 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
285 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
287 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
292 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
294 skb_queue_head_init(&d->tx_queue);
295 spin_lock_init(&d->lock);
296 atomic_set(&d->refcnt, 1);
298 rfcomm_dlc_clear_state(d);
305 void rfcomm_dlc_free(struct rfcomm_dlc *d)
309 skb_queue_purge(&d->tx_queue);
313 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
315 BT_DBG("dlc %p session %p", d, s);
317 rfcomm_session_hold(s);
320 list_add(&d->list, &s->dlcs);
324 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
326 struct rfcomm_session *s = d->session;
328 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
334 rfcomm_session_put(s);
337 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
339 struct rfcomm_dlc *d;
342 list_for_each(p, &s->dlcs) {
343 d = list_entry(p, struct rfcomm_dlc, list);
350 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
352 struct rfcomm_session *s;
356 BT_DBG("dlc %p state %ld %s %s channel %d",
357 d, d->state, batostr(src), batostr(dst), channel);
359 if (channel < 1 || channel > 30)
362 if (d->state != BT_OPEN && d->state != BT_CLOSED)
365 s = rfcomm_session_get(src, dst);
367 s = rfcomm_session_create(src, dst, &err);
372 dlci = __dlci(!s->initiator, channel);
374 /* Check if DLCI already exists */
375 if (rfcomm_dlc_get(s, dlci))
378 rfcomm_dlc_clear_state(d);
381 d->addr = __addr(s->initiator, dlci);
384 d->state = BT_CONFIG;
385 rfcomm_dlc_link(s, d);
390 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
392 if (s->state == BT_CONNECTED) {
393 if (rfcomm_check_link_mode(d))
394 rfcomm_send_pn(s, 1, d);
396 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
399 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
404 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
410 r = __rfcomm_dlc_open(d, src, dst, channel);
416 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
418 struct rfcomm_session *s = d->session;
422 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
423 d, d->state, d->dlci, err, s);
428 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
429 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
430 rfcomm_schedule(RFCOMM_SCHED_AUTH);
436 d->state = BT_DISCONN;
437 if (skb_queue_empty(&d->tx_queue)) {
438 rfcomm_send_disc(s, d->dlci);
439 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
441 rfcomm_queue_disc(d);
442 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
447 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
448 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
449 rfcomm_schedule(RFCOMM_SCHED_AUTH);
455 rfcomm_dlc_clear_timer(d);
458 d->state = BT_CLOSED;
459 d->state_change(d, err);
460 rfcomm_dlc_unlock(d);
462 skb_queue_purge(&d->tx_queue);
463 rfcomm_dlc_unlink(d);
469 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
475 r = __rfcomm_dlc_close(d, err);
481 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
485 if (d->state != BT_CONNECTED)
488 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
493 rfcomm_make_uih(skb, d->addr);
494 skb_queue_tail(&d->tx_queue, skb);
496 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
497 rfcomm_schedule(RFCOMM_SCHED_TX);
501 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
503 BT_DBG("dlc %p state %ld", d, d->state);
506 d->v24_sig |= RFCOMM_V24_FC;
507 set_bit(RFCOMM_MSC_PENDING, &d->flags);
509 rfcomm_schedule(RFCOMM_SCHED_TX);
512 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
514 BT_DBG("dlc %p state %ld", d, d->state);
517 d->v24_sig &= ~RFCOMM_V24_FC;
518 set_bit(RFCOMM_MSC_PENDING, &d->flags);
520 rfcomm_schedule(RFCOMM_SCHED_TX);
524 Set/get modem status functions use _local_ status i.e. what we report
526 Remote status is provided by dlc->modem_status() callback.
528 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
530 BT_DBG("dlc %p state %ld v24_sig 0x%x",
531 d, d->state, v24_sig);
533 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
534 v24_sig |= RFCOMM_V24_FC;
536 v24_sig &= ~RFCOMM_V24_FC;
538 d->v24_sig = v24_sig;
540 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
541 rfcomm_schedule(RFCOMM_SCHED_TX);
546 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
548 BT_DBG("dlc %p state %ld v24_sig 0x%x",
549 d, d->state, d->v24_sig);
551 *v24_sig = d->v24_sig;
555 /* ---- RFCOMM sessions ---- */
556 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
558 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
563 BT_DBG("session %p sock %p", s, sock);
565 INIT_LIST_HEAD(&s->dlcs);
569 s->mtu = RFCOMM_DEFAULT_MTU;
570 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
572 /* Do not increment module usage count for listening sessions.
573 * Otherwise we won't be able to unload the module. */
574 if (state != BT_LISTEN)
575 if (!try_module_get(THIS_MODULE)) {
580 list_add(&s->list, &session_list);
585 static void rfcomm_session_del(struct rfcomm_session *s)
587 int state = s->state;
589 BT_DBG("session %p state %ld", s, s->state);
593 if (state == BT_CONNECTED)
594 rfcomm_send_disc(s, 0);
596 sock_release(s->sock);
599 if (state != BT_LISTEN)
600 module_put(THIS_MODULE);
603 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
605 struct rfcomm_session *s;
606 struct list_head *p, *n;
608 list_for_each_safe(p, n, &session_list) {
609 s = list_entry(p, struct rfcomm_session, list);
610 sk = bt_sk(s->sock->sk);
612 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
613 !bacmp(&sk->dst, dst))
619 static void rfcomm_session_close(struct rfcomm_session *s, int err)
621 struct rfcomm_dlc *d;
622 struct list_head *p, *n;
624 BT_DBG("session %p state %ld err %d", s, s->state, err);
626 rfcomm_session_hold(s);
628 s->state = BT_CLOSED;
631 list_for_each_safe(p, n, &s->dlcs) {
632 d = list_entry(p, struct rfcomm_dlc, list);
633 d->state = BT_CLOSED;
634 __rfcomm_dlc_close(d, err);
637 rfcomm_session_put(s);
640 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
642 struct rfcomm_session *s = NULL;
643 struct sockaddr_l2 addr;
647 BT_DBG("%s %s", batostr(src), batostr(dst));
649 *err = rfcomm_l2sock_create(&sock);
653 bacpy(&addr.l2_bdaddr, src);
654 addr.l2_family = AF_BLUETOOTH;
656 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
660 /* Set L2CAP options */
663 l2cap_pi(sk)->imtu = l2cap_mtu;
666 s = rfcomm_session_add(sock, BT_BOUND);
674 bacpy(&addr.l2_bdaddr, dst);
675 addr.l2_family = AF_BLUETOOTH;
676 addr.l2_psm = htobs(RFCOMM_PSM);
677 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
678 if (*err == 0 || *err == -EINPROGRESS)
681 rfcomm_session_del(s);
689 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
691 struct sock *sk = s->sock->sk;
693 bacpy(src, &bt_sk(sk)->src);
695 bacpy(dst, &bt_sk(sk)->dst);
698 /* ---- RFCOMM frame sending ---- */
699 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
701 struct socket *sock = s->sock;
702 struct kvec iv = { data, len };
705 BT_DBG("session %p len %d", s, len);
707 memset(&msg, 0, sizeof(msg));
709 return kernel_sendmsg(sock, &msg, &iv, 1, len);
712 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
714 struct rfcomm_cmd cmd;
716 BT_DBG("%p dlci %d", s, dlci);
718 cmd.addr = __addr(s->initiator, dlci);
719 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
721 cmd.fcs = __fcs2((u8 *) &cmd);
723 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
726 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
728 struct rfcomm_cmd cmd;
730 BT_DBG("%p dlci %d", s, dlci);
732 cmd.addr = __addr(!s->initiator, dlci);
733 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
735 cmd.fcs = __fcs2((u8 *) &cmd);
737 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
740 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
742 struct rfcomm_cmd cmd;
744 BT_DBG("%p dlci %d", s, dlci);
746 cmd.addr = __addr(s->initiator, dlci);
747 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
749 cmd.fcs = __fcs2((u8 *) &cmd);
751 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
754 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
756 struct rfcomm_cmd *cmd;
759 BT_DBG("dlc %p dlci %d", d, d->dlci);
761 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
765 cmd = (void *) __skb_put(skb, sizeof(*cmd));
767 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
768 cmd->len = __len8(0);
769 cmd->fcs = __fcs2((u8 *) cmd);
771 skb_queue_tail(&d->tx_queue, skb);
772 rfcomm_schedule(RFCOMM_SCHED_TX);
776 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
778 struct rfcomm_cmd cmd;
780 BT_DBG("%p dlci %d", s, dlci);
782 cmd.addr = __addr(!s->initiator, dlci);
783 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
785 cmd.fcs = __fcs2((u8 *) &cmd);
787 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
790 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
792 struct rfcomm_hdr *hdr;
793 struct rfcomm_mcc *mcc;
794 u8 buf[16], *ptr = buf;
796 BT_DBG("%p cr %d type %d", s, cr, type);
798 hdr = (void *) ptr; ptr += sizeof(*hdr);
799 hdr->addr = __addr(s->initiator, 0);
800 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
801 hdr->len = __len8(sizeof(*mcc) + 1);
803 mcc = (void *) ptr; ptr += sizeof(*mcc);
804 mcc->type = __mcc_type(cr, RFCOMM_NSC);
805 mcc->len = __len8(1);
807 /* Type that we didn't like */
808 *ptr = __mcc_type(cr, type); ptr++;
810 *ptr = __fcs(buf); ptr++;
812 return rfcomm_send_frame(s, buf, ptr - buf);
815 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
817 struct rfcomm_hdr *hdr;
818 struct rfcomm_mcc *mcc;
819 struct rfcomm_pn *pn;
820 u8 buf[16], *ptr = buf;
822 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
824 hdr = (void *) ptr; ptr += sizeof(*hdr);
825 hdr->addr = __addr(s->initiator, 0);
826 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
827 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
829 mcc = (void *) ptr; ptr += sizeof(*mcc);
830 mcc->type = __mcc_type(cr, RFCOMM_PN);
831 mcc->len = __len8(sizeof(*pn));
833 pn = (void *) ptr; ptr += sizeof(*pn);
835 pn->priority = d->priority;
840 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
841 pn->credits = RFCOMM_DEFAULT_CREDITS;
847 if (cr && channel_mtu >= 0)
848 pn->mtu = htobs(channel_mtu);
850 pn->mtu = htobs(d->mtu);
852 *ptr = __fcs(buf); ptr++;
854 return rfcomm_send_frame(s, buf, ptr - buf);
857 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
858 u8 bit_rate, u8 data_bits, u8 stop_bits,
859 u8 parity, u8 flow_ctrl_settings,
860 u8 xon_char, u8 xoff_char, u16 param_mask)
862 struct rfcomm_hdr *hdr;
863 struct rfcomm_mcc *mcc;
864 struct rfcomm_rpn *rpn;
865 u8 buf[16], *ptr = buf;
867 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
868 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
869 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
870 flow_ctrl_settings, xon_char, xoff_char, param_mask);
872 hdr = (void *) ptr; ptr += sizeof(*hdr);
873 hdr->addr = __addr(s->initiator, 0);
874 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
875 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
877 mcc = (void *) ptr; ptr += sizeof(*mcc);
878 mcc->type = __mcc_type(cr, RFCOMM_RPN);
879 mcc->len = __len8(sizeof(*rpn));
881 rpn = (void *) ptr; ptr += sizeof(*rpn);
882 rpn->dlci = __addr(1, dlci);
883 rpn->bit_rate = bit_rate;
884 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
885 rpn->flow_ctrl = flow_ctrl_settings;
886 rpn->xon_char = xon_char;
887 rpn->xoff_char = xoff_char;
888 rpn->param_mask = cpu_to_le16(param_mask);
890 *ptr = __fcs(buf); ptr++;
892 return rfcomm_send_frame(s, buf, ptr - buf);
895 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
897 struct rfcomm_hdr *hdr;
898 struct rfcomm_mcc *mcc;
899 struct rfcomm_rls *rls;
900 u8 buf[16], *ptr = buf;
902 BT_DBG("%p cr %d status 0x%x", s, cr, status);
904 hdr = (void *) ptr; ptr += sizeof(*hdr);
905 hdr->addr = __addr(s->initiator, 0);
906 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
907 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
909 mcc = (void *) ptr; ptr += sizeof(*mcc);
910 mcc->type = __mcc_type(cr, RFCOMM_RLS);
911 mcc->len = __len8(sizeof(*rls));
913 rls = (void *) ptr; ptr += sizeof(*rls);
914 rls->dlci = __addr(1, dlci);
915 rls->status = status;
917 *ptr = __fcs(buf); ptr++;
919 return rfcomm_send_frame(s, buf, ptr - buf);
922 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
924 struct rfcomm_hdr *hdr;
925 struct rfcomm_mcc *mcc;
926 struct rfcomm_msc *msc;
927 u8 buf[16], *ptr = buf;
929 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
931 hdr = (void *) ptr; ptr += sizeof(*hdr);
932 hdr->addr = __addr(s->initiator, 0);
933 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
934 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
936 mcc = (void *) ptr; ptr += sizeof(*mcc);
937 mcc->type = __mcc_type(cr, RFCOMM_MSC);
938 mcc->len = __len8(sizeof(*msc));
940 msc = (void *) ptr; ptr += sizeof(*msc);
941 msc->dlci = __addr(1, dlci);
942 msc->v24_sig = v24_sig | 0x01;
944 *ptr = __fcs(buf); ptr++;
946 return rfcomm_send_frame(s, buf, ptr - buf);
949 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
951 struct rfcomm_hdr *hdr;
952 struct rfcomm_mcc *mcc;
953 u8 buf[16], *ptr = buf;
955 BT_DBG("%p cr %d", s, cr);
957 hdr = (void *) ptr; ptr += sizeof(*hdr);
958 hdr->addr = __addr(s->initiator, 0);
959 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
960 hdr->len = __len8(sizeof(*mcc));
962 mcc = (void *) ptr; ptr += sizeof(*mcc);
963 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
964 mcc->len = __len8(0);
966 *ptr = __fcs(buf); ptr++;
968 return rfcomm_send_frame(s, buf, ptr - buf);
971 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
973 struct rfcomm_hdr *hdr;
974 struct rfcomm_mcc *mcc;
975 u8 buf[16], *ptr = buf;
977 BT_DBG("%p cr %d", s, cr);
979 hdr = (void *) ptr; ptr += sizeof(*hdr);
980 hdr->addr = __addr(s->initiator, 0);
981 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
982 hdr->len = __len8(sizeof(*mcc));
984 mcc = (void *) ptr; ptr += sizeof(*mcc);
985 mcc->type = __mcc_type(cr, RFCOMM_FCON);
986 mcc->len = __len8(0);
988 *ptr = __fcs(buf); ptr++;
990 return rfcomm_send_frame(s, buf, ptr - buf);
993 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
995 struct socket *sock = s->sock;
998 unsigned char hdr[5], crc[1];
1003 BT_DBG("%p cr %d", s, cr);
1005 hdr[0] = __addr(s->initiator, 0);
1006 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1007 hdr[2] = 0x01 | ((len + 2) << 1);
1008 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1009 hdr[4] = 0x01 | (len << 1);
1011 crc[0] = __fcs(hdr);
1013 iv[0].iov_base = hdr;
1015 iv[1].iov_base = pattern;
1016 iv[1].iov_len = len;
1017 iv[2].iov_base = crc;
1020 memset(&msg, 0, sizeof(msg));
1022 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1025 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1027 struct rfcomm_hdr *hdr;
1028 u8 buf[16], *ptr = buf;
1030 BT_DBG("%p addr %d credits %d", s, addr, credits);
1032 hdr = (void *) ptr; ptr += sizeof(*hdr);
1034 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1035 hdr->len = __len8(0);
1037 *ptr = credits; ptr++;
1039 *ptr = __fcs(buf); ptr++;
1041 return rfcomm_send_frame(s, buf, ptr - buf);
1044 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1046 struct rfcomm_hdr *hdr;
1051 hdr = (void *) skb_push(skb, 4);
1052 put_unaligned(htobs(__len16(len)), (__le16 *) &hdr->len);
1054 hdr = (void *) skb_push(skb, 3);
1055 hdr->len = __len8(len);
1058 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1060 crc = skb_put(skb, 1);
1061 *crc = __fcs((void *) hdr);
1064 /* ---- RFCOMM frame reception ---- */
1065 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1067 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1071 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1073 rfcomm_send_dm(s, dlci);
1079 rfcomm_dlc_clear_timer(d);
1082 d->state = BT_CONNECTED;
1083 d->state_change(d, 0);
1084 rfcomm_dlc_unlock(d);
1086 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1090 d->state = BT_CLOSED;
1091 __rfcomm_dlc_close(d, 0);
1093 if (list_empty(&s->dlcs)) {
1094 s->state = BT_DISCONN;
1095 rfcomm_send_disc(s, 0);
1101 /* Control channel */
1104 s->state = BT_CONNECTED;
1105 rfcomm_process_connect(s);
1109 rfcomm_session_put(s);
1116 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1120 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1124 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1126 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1131 d->state = BT_CLOSED;
1132 __rfcomm_dlc_close(d, err);
1135 if (s->state == BT_CONNECT)
1140 s->state = BT_CLOSED;
1141 rfcomm_session_close(s, err);
1146 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1150 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1153 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1155 rfcomm_send_ua(s, dlci);
1157 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1162 d->state = BT_CLOSED;
1163 __rfcomm_dlc_close(d, err);
1165 rfcomm_send_dm(s, dlci);
1168 rfcomm_send_ua(s, 0);
1170 if (s->state == BT_CONNECT)
1175 s->state = BT_CLOSED;
1176 rfcomm_session_close(s, err);
1182 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1184 struct sock *sk = d->session->sock->sk;
1186 BT_DBG("dlc %p", d);
1188 rfcomm_send_ua(d->session, d->dlci);
1191 d->state = BT_CONNECTED;
1192 d->state_change(d, 0);
1193 rfcomm_dlc_unlock(d);
1195 if (d->link_mode & RFCOMM_LM_MASTER)
1196 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);
1198 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1201 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1203 if (rfcomm_check_link_mode(d)) {
1204 if (d->defer_setup) {
1205 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1206 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1208 rfcomm_dlc_accept(d);
1210 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1211 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1215 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1217 struct rfcomm_dlc *d;
1220 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1223 rfcomm_send_ua(s, 0);
1225 if (s->state == BT_OPEN) {
1226 s->state = BT_CONNECTED;
1227 rfcomm_process_connect(s);
1232 /* Check if DLC exists */
1233 d = rfcomm_dlc_get(s, dlci);
1235 if (d->state == BT_OPEN) {
1236 /* DLC was previously opened by PN request */
1237 rfcomm_check_accept(d);
1242 /* Notify socket layer about incoming connection */
1243 channel = __srv_channel(dlci);
1244 if (rfcomm_connect_ind(s, channel, &d)) {
1246 d->addr = __addr(s->initiator, dlci);
1247 rfcomm_dlc_link(s, d);
1249 rfcomm_check_accept(d);
1251 rfcomm_send_dm(s, dlci);
1257 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1259 struct rfcomm_session *s = d->session;
1261 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1262 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1264 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1265 pn->flow_ctrl == 0xe0) {
1266 d->cfc = RFCOMM_CFC_ENABLED;
1267 d->tx_credits = pn->credits;
1269 d->cfc = RFCOMM_CFC_DISABLED;
1270 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1273 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1276 d->priority = pn->priority;
1278 d->mtu = btohs(pn->mtu);
1280 if (cr && d->mtu > s->mtu)
1286 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1288 struct rfcomm_pn *pn = (void *) skb->data;
1289 struct rfcomm_dlc *d;
1292 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1297 d = rfcomm_dlc_get(s, dlci);
1301 rfcomm_apply_pn(d, cr, pn);
1302 rfcomm_send_pn(s, 0, d);
1307 rfcomm_apply_pn(d, cr, pn);
1309 d->state = BT_CONNECT;
1310 rfcomm_send_sabm(s, d->dlci);
1315 u8 channel = __srv_channel(dlci);
1320 /* PN request for non existing DLC.
1321 * Assume incoming connection. */
1322 if (rfcomm_connect_ind(s, channel, &d)) {
1324 d->addr = __addr(s->initiator, dlci);
1325 rfcomm_dlc_link(s, d);
1327 rfcomm_apply_pn(d, cr, pn);
1330 rfcomm_send_pn(s, 0, d);
1332 rfcomm_send_dm(s, dlci);
1338 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1340 struct rfcomm_rpn *rpn = (void *) skb->data;
1341 u8 dlci = __get_dlci(rpn->dlci);
1350 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1352 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1353 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1354 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1360 /* This is a request, return default settings */
1361 bit_rate = RFCOMM_RPN_BR_115200;
1362 data_bits = RFCOMM_RPN_DATA_8;
1363 stop_bits = RFCOMM_RPN_STOP_1;
1364 parity = RFCOMM_RPN_PARITY_NONE;
1365 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1366 xon_char = RFCOMM_RPN_XON_CHAR;
1367 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1371 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1372 * no parity, no flow control lines, normal XON/XOFF chars */
1374 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1375 bit_rate = rpn->bit_rate;
1376 if (bit_rate != RFCOMM_RPN_BR_115200) {
1377 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1378 bit_rate = RFCOMM_RPN_BR_115200;
1379 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1383 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1384 data_bits = __get_rpn_data_bits(rpn->line_settings);
1385 if (data_bits != RFCOMM_RPN_DATA_8) {
1386 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1387 data_bits = RFCOMM_RPN_DATA_8;
1388 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1392 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1393 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1394 if (stop_bits != RFCOMM_RPN_STOP_1) {
1395 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1396 stop_bits = RFCOMM_RPN_STOP_1;
1397 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1401 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1402 parity = __get_rpn_parity(rpn->line_settings);
1403 if (parity != RFCOMM_RPN_PARITY_NONE) {
1404 BT_DBG("RPN parity mismatch 0x%x", parity);
1405 parity = RFCOMM_RPN_PARITY_NONE;
1406 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1410 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1411 flow_ctrl = rpn->flow_ctrl;
1412 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1413 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1414 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1415 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1419 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1420 xon_char = rpn->xon_char;
1421 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1422 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1423 xon_char = RFCOMM_RPN_XON_CHAR;
1424 rpn_mask ^= RFCOMM_RPN_PM_XON;
1428 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1429 xoff_char = rpn->xoff_char;
1430 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1431 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1432 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1433 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1438 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1439 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1444 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1446 struct rfcomm_rls *rls = (void *) skb->data;
1447 u8 dlci = __get_dlci(rls->dlci);
1449 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1454 /* We should probably do something with this information here. But
1455 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1456 * mandatory to recognise and respond to RLS */
1458 rfcomm_send_rls(s, 0, dlci, rls->status);
1463 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1465 struct rfcomm_msc *msc = (void *) skb->data;
1466 struct rfcomm_dlc *d;
1467 u8 dlci = __get_dlci(msc->dlci);
1469 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1471 d = rfcomm_dlc_get(s, dlci);
1476 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1477 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1479 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1483 d->remote_v24_sig = msc->v24_sig;
1485 if (d->modem_status)
1486 d->modem_status(d, msc->v24_sig);
1488 rfcomm_dlc_unlock(d);
1490 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1492 d->mscex |= RFCOMM_MSCEX_RX;
1494 d->mscex |= RFCOMM_MSCEX_TX;
1499 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1501 struct rfcomm_mcc *mcc = (void *) skb->data;
1504 cr = __test_cr(mcc->type);
1505 type = __get_mcc_type(mcc->type);
1506 len = __get_mcc_len(mcc->len);
1508 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1514 rfcomm_recv_pn(s, cr, skb);
1518 rfcomm_recv_rpn(s, cr, len, skb);
1522 rfcomm_recv_rls(s, cr, skb);
1526 rfcomm_recv_msc(s, cr, skb);
1531 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1532 rfcomm_send_fcoff(s, 0);
1538 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1539 rfcomm_send_fcon(s, 0);
1545 rfcomm_send_test(s, 0, skb->data, skb->len);
1552 BT_ERR("Unknown control type 0x%02x", type);
1553 rfcomm_send_nsc(s, cr, type);
1559 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1561 struct rfcomm_dlc *d;
1563 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1565 d = rfcomm_dlc_get(s, dlci);
1567 rfcomm_send_dm(s, dlci);
1572 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1574 d->tx_credits += credits;
1576 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1579 if (skb->len && d->state == BT_CONNECTED) {
1582 d->data_ready(d, skb);
1583 rfcomm_dlc_unlock(d);
1592 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1594 struct rfcomm_hdr *hdr = (void *) skb->data;
1597 dlci = __get_dlci(hdr->addr);
1598 type = __get_type(hdr->ctrl);
1601 skb->len--; skb->tail--;
1602 fcs = *(u8 *)skb_tail_pointer(skb);
1604 if (__check_fcs(skb->data, type, fcs)) {
1605 BT_ERR("bad checksum in packet");
1610 if (__test_ea(hdr->len))
1617 if (__test_pf(hdr->ctrl))
1618 rfcomm_recv_sabm(s, dlci);
1622 if (__test_pf(hdr->ctrl))
1623 rfcomm_recv_disc(s, dlci);
1627 if (__test_pf(hdr->ctrl))
1628 rfcomm_recv_ua(s, dlci);
1632 rfcomm_recv_dm(s, dlci);
1637 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1639 rfcomm_recv_mcc(s, skb);
1643 BT_ERR("Unknown packet type 0x%02x\n", type);
1650 /* ---- Connection and data processing ---- */
1652 static void rfcomm_process_connect(struct rfcomm_session *s)
1654 struct rfcomm_dlc *d;
1655 struct list_head *p, *n;
1657 BT_DBG("session %p state %ld", s, s->state);
1659 list_for_each_safe(p, n, &s->dlcs) {
1660 d = list_entry(p, struct rfcomm_dlc, list);
1661 if (d->state == BT_CONFIG) {
1663 if (rfcomm_check_link_mode(d)) {
1664 rfcomm_send_pn(s, 1, d);
1666 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1667 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1673 /* Send data queued for the DLC.
1674 * Return number of frames left in the queue.
1676 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1678 struct sk_buff *skb;
1681 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1682 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1684 /* Send pending MSC */
1685 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1686 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1690 * Give them some credits */
1691 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1692 d->rx_credits <= (d->cfc >> 2)) {
1693 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1694 d->rx_credits = d->cfc;
1698 * Give ourselves some credits */
1702 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1703 return skb_queue_len(&d->tx_queue);
1705 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1706 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1708 skb_queue_head(&d->tx_queue, skb);
1715 if (d->cfc && !d->tx_credits) {
1716 /* We're out of TX credits.
1717 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1718 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1721 return skb_queue_len(&d->tx_queue);
1724 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1726 struct rfcomm_dlc *d;
1727 struct list_head *p, *n;
1729 BT_DBG("session %p state %ld", s, s->state);
1731 list_for_each_safe(p, n, &s->dlcs) {
1732 d = list_entry(p, struct rfcomm_dlc, list);
1734 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1735 __rfcomm_dlc_close(d, ETIMEDOUT);
1739 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1740 rfcomm_dlc_clear_timer(d);
1742 rfcomm_send_pn(s, 1, d);
1743 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1745 if (d->defer_setup) {
1746 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1747 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1749 rfcomm_dlc_accept(d);
1751 if (d->link_mode & RFCOMM_LM_SECURE) {
1752 struct sock *sk = s->sock->sk;
1753 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
1756 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1757 rfcomm_dlc_clear_timer(d);
1759 rfcomm_send_dm(s, d->dlci);
1761 d->state = BT_CLOSED;
1762 __rfcomm_dlc_close(d, ECONNREFUSED);
1766 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1769 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1770 d->mscex == RFCOMM_MSCEX_OK)
1771 rfcomm_process_tx(d);
1775 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1777 struct socket *sock = s->sock;
1778 struct sock *sk = sock->sk;
1779 struct sk_buff *skb;
1781 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1783 /* Get data directly from socket receive queue without copying it. */
1784 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1786 rfcomm_recv_frame(s, skb);
1789 if (sk->sk_state == BT_CLOSED) {
1791 rfcomm_session_put(s);
1793 rfcomm_session_close(s, sk->sk_err);
1797 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1799 struct socket *sock = s->sock, *nsock;
1802 /* Fast check for a new connection.
1803 * Avoids unnesesary socket allocations. */
1804 if (list_empty(&bt_sk(sock->sk)->accept_q))
1807 BT_DBG("session %p", s);
1809 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1813 /* Set our callbacks */
1814 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1815 nsock->sk->sk_state_change = rfcomm_l2state_change;
1817 s = rfcomm_session_add(nsock, BT_OPEN);
1819 rfcomm_session_hold(s);
1821 /* We should adjust MTU on incoming sessions.
1822 * L2CAP MTU minus UIH header and FCS. */
1823 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5;
1825 rfcomm_schedule(RFCOMM_SCHED_RX);
1827 sock_release(nsock);
1830 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1832 struct sock *sk = s->sock->sk;
1834 BT_DBG("%p state %ld", s, s->state);
1836 switch(sk->sk_state) {
1838 s->state = BT_CONNECT;
1840 /* We can adjust MTU on outgoing sessions.
1841 * L2CAP MTU minus UIH header and FCS. */
1842 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1844 rfcomm_send_sabm(s, 0);
1848 s->state = BT_CLOSED;
1849 rfcomm_session_close(s, sk->sk_err);
1854 static inline void rfcomm_process_sessions(void)
1856 struct list_head *p, *n;
1860 list_for_each_safe(p, n, &session_list) {
1861 struct rfcomm_session *s;
1862 s = list_entry(p, struct rfcomm_session, list);
1864 if (s->state == BT_LISTEN) {
1865 rfcomm_accept_connection(s);
1869 rfcomm_session_hold(s);
1873 rfcomm_check_connection(s);
1877 rfcomm_process_rx(s);
1881 rfcomm_process_dlcs(s);
1883 rfcomm_session_put(s);
1889 static int rfcomm_add_listener(bdaddr_t *ba)
1891 struct sockaddr_l2 addr;
1892 struct socket *sock;
1894 struct rfcomm_session *s;
1898 err = rfcomm_l2sock_create(&sock);
1900 BT_ERR("Create socket failed %d", err);
1905 bacpy(&addr.l2_bdaddr, ba);
1906 addr.l2_family = AF_BLUETOOTH;
1907 addr.l2_psm = htobs(RFCOMM_PSM);
1908 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1910 BT_ERR("Bind failed %d", err);
1914 /* Set L2CAP options */
1917 l2cap_pi(sk)->imtu = l2cap_mtu;
1920 /* Start listening on the socket */
1921 err = kernel_listen(sock, 10);
1923 BT_ERR("Listen failed %d", err);
1927 /* Add listening session */
1928 s = rfcomm_session_add(sock, BT_LISTEN);
1932 rfcomm_session_hold(s);
1939 static void rfcomm_kill_listener(void)
1941 struct rfcomm_session *s;
1942 struct list_head *p, *n;
1946 list_for_each_safe(p, n, &session_list) {
1947 s = list_entry(p, struct rfcomm_session, list);
1948 rfcomm_session_del(s);
1952 static int rfcomm_run(void *unused)
1956 set_user_nice(current, -10);
1958 rfcomm_add_listener(BDADDR_ANY);
1960 while (!kthread_should_stop()) {
1961 set_current_state(TASK_INTERRUPTIBLE);
1962 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1963 /* No pending events. Let's sleep.
1964 * Incoming connections and data will wake us up. */
1967 set_current_state(TASK_RUNNING);
1970 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1971 rfcomm_process_sessions();
1974 rfcomm_kill_listener();
1979 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1981 struct rfcomm_session *s;
1982 struct rfcomm_dlc *d;
1983 struct list_head *p, *n;
1985 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
1987 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1991 rfcomm_session_hold(s);
1993 list_for_each_safe(p, n, &s->dlcs) {
1994 d = list_entry(p, struct rfcomm_dlc, list);
1996 if (!status && encrypt == 0x00 &&
1997 (d->link_mode & RFCOMM_LM_ENCRYPT) &&
1998 (d->state == BT_CONNECTED ||
1999 d->state == BT_CONFIG)) {
2000 __rfcomm_dlc_close(d, ECONNREFUSED);
2004 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2008 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2010 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2013 rfcomm_session_put(s);
2015 rfcomm_schedule(RFCOMM_SCHED_AUTH);
2018 static struct hci_cb rfcomm_cb = {
2020 .security_cfm = rfcomm_security_cfm
2023 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
2025 struct rfcomm_session *s;
2026 struct list_head *pp, *p;
2031 list_for_each(p, &session_list) {
2032 s = list_entry(p, struct rfcomm_session, list);
2033 list_for_each(pp, &s->dlcs) {
2034 struct sock *sk = s->sock->sk;
2035 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
2037 str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2038 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2039 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
2048 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
2050 /* ---- Initialization ---- */
2051 static int __init rfcomm_init(void)
2055 hci_register_cb(&rfcomm_cb);
2057 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2058 if (IS_ERR(rfcomm_thread)) {
2059 hci_unregister_cb(&rfcomm_cb);
2060 return PTR_ERR(rfcomm_thread);
2063 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0)
2064 BT_ERR("Failed to create RFCOMM info file");
2066 rfcomm_init_sockets();
2068 #ifdef CONFIG_BT_RFCOMM_TTY
2072 BT_INFO("RFCOMM ver %s", VERSION);
2077 static void __exit rfcomm_exit(void)
2079 class_remove_file(bt_class, &class_attr_rfcomm_dlc);
2081 hci_unregister_cb(&rfcomm_cb);
2083 kthread_stop(rfcomm_thread);
2085 #ifdef CONFIG_BT_RFCOMM_TTY
2086 rfcomm_cleanup_ttys();
2089 rfcomm_cleanup_sockets();
2092 module_init(rfcomm_init);
2093 module_exit(rfcomm_exit);
2095 module_param(disable_cfc, bool, 0644);
2096 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2098 module_param(channel_mtu, int, 0644);
2099 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2101 module_param(l2cap_mtu, uint, 0644);
2102 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2104 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2105 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2106 MODULE_VERSION(VERSION);
2107 MODULE_LICENSE("GPL");
2108 MODULE_ALIAS("bt-proto-3");