2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/kernel.h>
31 #include <linux/sched.h>
32 #include <linux/signal.h>
33 #include <linux/init.h>
34 #include <linux/wait.h>
35 #include <linux/device.h>
36 #include <linux/debugfs.h>
37 #include <linux/seq_file.h>
38 #include <linux/net.h>
39 #include <linux/mutex.h>
40 #include <linux/kthread.h>
41 #include <linux/slab.h>
44 #include <linux/uaccess.h>
45 #include <asm/unaligned.h>
47 #include <net/bluetooth/bluetooth.h>
48 #include <net/bluetooth/hci_core.h>
49 #include <net/bluetooth/l2cap.h>
50 #include <net/bluetooth/rfcomm.h>
52 #define VERSION "1.11"
54 static int disable_cfc;
55 static int l2cap_ertm;
56 static int channel_mtu = -1;
57 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
59 static struct task_struct *rfcomm_thread;
61 static DEFINE_MUTEX(rfcomm_mutex);
62 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
63 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
66 static LIST_HEAD(session_list);
68 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len,
70 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
71 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
72 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
73 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
74 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
75 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
76 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
77 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
78 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
80 static void rfcomm_process_connect(struct rfcomm_session *s);
82 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
86 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
87 static void rfcomm_session_del(struct rfcomm_session *s);
89 /* ---- RFCOMM frame parsing macros ---- */
90 #define __get_dlci(b) ((b & 0xfc) >> 2)
91 #define __get_channel(b) ((b & 0xf8) >> 3)
92 #define __get_dir(b) ((b & 0x04) >> 2)
93 #define __get_type(b) ((b & 0xef))
95 #define __test_ea(b) ((b & 0x01))
96 #define __test_cr(b) ((b & 0x02))
97 #define __test_pf(b) ((b & 0x10))
99 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
100 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
101 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
102 #define __srv_channel(dlci) (dlci >> 1)
103 #define __dir(dlci) (dlci & 0x01)
105 #define __len8(len) (((len) << 1) | 1)
106 #define __len16(len) ((len) << 1)
109 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
110 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
111 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
114 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
115 #define __get_rpn_data_bits(line) ((line) & 0x3)
116 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
117 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
119 static inline void rfcomm_schedule(void)
123 wake_up_process(rfcomm_thread);
126 static inline void rfcomm_session_put(struct rfcomm_session *s)
128 if (atomic_dec_and_test(&s->refcnt))
129 rfcomm_session_del(s);
132 /* ---- RFCOMM FCS computation ---- */
134 /* reversed, 8-bit, poly=0x07 */
135 static unsigned char rfcomm_crc_table[256] = {
136 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
137 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
138 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
139 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
141 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
142 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
143 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
144 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
146 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
147 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
148 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
149 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
151 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
152 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
153 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
154 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
156 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
157 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
158 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
159 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
161 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
162 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
163 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
164 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
166 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
167 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
168 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
169 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
171 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
172 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
173 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
174 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
178 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
181 static inline u8 __fcs(u8 *data)
183 return 0xff - __crc(data);
187 static inline u8 __fcs2(u8 *data)
189 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
193 static inline int __check_fcs(u8 *data, int type, u8 fcs)
197 if (type != RFCOMM_UIH)
198 f = rfcomm_crc_table[f ^ data[2]];
200 return rfcomm_crc_table[f ^ fcs] != 0xcf;
203 /* ---- L2CAP callbacks ---- */
204 static void rfcomm_l2state_change(struct sock *sk)
206 BT_DBG("%p state %d", sk, sk->sk_state);
210 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
212 BT_DBG("%p bytes %d", sk, bytes);
216 static int rfcomm_l2sock_create(struct socket **sock)
222 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
224 struct sock *sk = (*sock)->sk;
225 sk->sk_data_ready = rfcomm_l2data_ready;
226 sk->sk_state_change = rfcomm_l2state_change;
231 static inline int rfcomm_check_security(struct rfcomm_dlc *d)
233 struct sock *sk = d->session->sock->sk;
234 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
238 switch (d->sec_level) {
239 case BT_SECURITY_HIGH:
240 auth_type = HCI_AT_GENERAL_BONDING_MITM;
242 case BT_SECURITY_MEDIUM:
243 auth_type = HCI_AT_GENERAL_BONDING;
246 auth_type = HCI_AT_NO_BONDING;
250 return hci_conn_security(conn->hcon, d->sec_level, auth_type);
253 static void rfcomm_session_timeout(unsigned long arg)
255 struct rfcomm_session *s = (void *) arg;
257 BT_DBG("session %p state %ld", s, s->state);
259 set_bit(RFCOMM_TIMED_OUT, &s->flags);
263 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
265 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
267 if (!mod_timer(&s->timer, jiffies + timeout))
268 rfcomm_session_hold(s);
271 static void rfcomm_session_clear_timer(struct rfcomm_session *s)
273 BT_DBG("session %p state %ld", s, s->state);
275 if (timer_pending(&s->timer) && del_timer(&s->timer))
276 rfcomm_session_put(s);
279 /* ---- RFCOMM DLCs ---- */
280 static void rfcomm_dlc_timeout(unsigned long arg)
282 struct rfcomm_dlc *d = (void *) arg;
284 BT_DBG("dlc %p state %ld", d, d->state);
286 set_bit(RFCOMM_TIMED_OUT, &d->flags);
291 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
293 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
295 if (!mod_timer(&d->timer, jiffies + timeout))
299 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
301 BT_DBG("dlc %p state %ld", d, d->state);
303 if (timer_pending(&d->timer) && del_timer(&d->timer))
307 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
314 d->sec_level = BT_SECURITY_LOW;
315 d->mtu = RFCOMM_DEFAULT_MTU;
316 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
318 d->cfc = RFCOMM_CFC_DISABLED;
319 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
322 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
324 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
329 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
331 skb_queue_head_init(&d->tx_queue);
332 spin_lock_init(&d->lock);
333 atomic_set(&d->refcnt, 1);
335 rfcomm_dlc_clear_state(d);
342 void rfcomm_dlc_free(struct rfcomm_dlc *d)
346 skb_queue_purge(&d->tx_queue);
350 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
352 BT_DBG("dlc %p session %p", d, s);
354 rfcomm_session_hold(s);
356 rfcomm_session_clear_timer(s);
358 list_add(&d->list, &s->dlcs);
362 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
364 struct rfcomm_session *s = d->session;
366 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
372 if (list_empty(&s->dlcs))
373 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
375 rfcomm_session_put(s);
378 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
380 struct rfcomm_dlc *d;
382 list_for_each_entry(d, &s->dlcs, list)
389 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
391 struct rfcomm_session *s;
395 BT_DBG("dlc %p state %ld %s %s channel %d",
396 d, d->state, batostr(src), batostr(dst), channel);
398 if (channel < 1 || channel > 30)
401 if (d->state != BT_OPEN && d->state != BT_CLOSED)
404 s = rfcomm_session_get(src, dst);
406 s = rfcomm_session_create(src, dst, d->sec_level, &err);
411 dlci = __dlci(!s->initiator, channel);
413 /* Check if DLCI already exists */
414 if (rfcomm_dlc_get(s, dlci))
417 rfcomm_dlc_clear_state(d);
420 d->addr = __addr(s->initiator, dlci);
423 d->state = BT_CONFIG;
424 rfcomm_dlc_link(s, d);
429 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
431 if (s->state == BT_CONNECTED) {
432 if (rfcomm_check_security(d))
433 rfcomm_send_pn(s, 1, d);
435 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
438 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
443 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
449 r = __rfcomm_dlc_open(d, src, dst, channel);
455 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
457 struct rfcomm_session *s = d->session;
461 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
462 d, d->state, d->dlci, err, s);
467 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
468 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
475 d->state = BT_DISCONN;
476 if (skb_queue_empty(&d->tx_queue)) {
477 rfcomm_send_disc(s, d->dlci);
478 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
480 rfcomm_queue_disc(d);
481 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
487 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
488 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
495 rfcomm_dlc_clear_timer(d);
498 d->state = BT_CLOSED;
499 d->state_change(d, err);
500 rfcomm_dlc_unlock(d);
502 skb_queue_purge(&d->tx_queue);
503 rfcomm_dlc_unlink(d);
509 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
515 r = __rfcomm_dlc_close(d, err);
521 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
525 if (d->state != BT_CONNECTED)
528 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
533 rfcomm_make_uih(skb, d->addr);
534 skb_queue_tail(&d->tx_queue, skb);
536 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
541 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
543 BT_DBG("dlc %p state %ld", d, d->state);
546 d->v24_sig |= RFCOMM_V24_FC;
547 set_bit(RFCOMM_MSC_PENDING, &d->flags);
552 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
554 BT_DBG("dlc %p state %ld", d, d->state);
557 d->v24_sig &= ~RFCOMM_V24_FC;
558 set_bit(RFCOMM_MSC_PENDING, &d->flags);
564 Set/get modem status functions use _local_ status i.e. what we report
566 Remote status is provided by dlc->modem_status() callback.
568 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
570 BT_DBG("dlc %p state %ld v24_sig 0x%x",
571 d, d->state, v24_sig);
573 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
574 v24_sig |= RFCOMM_V24_FC;
576 v24_sig &= ~RFCOMM_V24_FC;
578 d->v24_sig = v24_sig;
580 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
586 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
588 BT_DBG("dlc %p state %ld v24_sig 0x%x",
589 d, d->state, d->v24_sig);
591 *v24_sig = d->v24_sig;
595 /* ---- RFCOMM sessions ---- */
596 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
598 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
603 BT_DBG("session %p sock %p", s, sock);
605 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
607 INIT_LIST_HEAD(&s->dlcs);
611 s->mtu = RFCOMM_DEFAULT_MTU;
612 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
614 /* Do not increment module usage count for listening sessions.
615 * Otherwise we won't be able to unload the module. */
616 if (state != BT_LISTEN)
617 if (!try_module_get(THIS_MODULE)) {
622 list_add(&s->list, &session_list);
627 static void rfcomm_session_del(struct rfcomm_session *s)
629 int state = s->state;
631 BT_DBG("session %p state %ld", s, s->state);
635 if (state == BT_CONNECTED)
636 rfcomm_send_disc(s, 0);
638 rfcomm_session_clear_timer(s);
639 sock_release(s->sock);
642 if (state != BT_LISTEN)
643 module_put(THIS_MODULE);
646 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
648 struct rfcomm_session *s;
649 struct list_head *p, *n;
651 list_for_each_safe(p, n, &session_list) {
652 s = list_entry(p, struct rfcomm_session, list);
653 sk = bt_sk(s->sock->sk);
655 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
656 !bacmp(&sk->dst, dst))
662 static void rfcomm_session_close(struct rfcomm_session *s, int err)
664 struct rfcomm_dlc *d;
665 struct list_head *p, *n;
667 BT_DBG("session %p state %ld err %d", s, s->state, err);
669 rfcomm_session_hold(s);
671 s->state = BT_CLOSED;
674 list_for_each_safe(p, n, &s->dlcs) {
675 d = list_entry(p, struct rfcomm_dlc, list);
676 d->state = BT_CLOSED;
677 __rfcomm_dlc_close(d, err);
680 rfcomm_session_clear_timer(s);
681 rfcomm_session_put(s);
684 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
689 struct rfcomm_session *s = NULL;
690 struct sockaddr_l2 addr;
694 BT_DBG("%s %s", batostr(src), batostr(dst));
696 *err = rfcomm_l2sock_create(&sock);
700 bacpy(&addr.l2_bdaddr, src);
701 addr.l2_family = AF_BLUETOOTH;
704 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
708 /* Set L2CAP options */
711 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
712 l2cap_pi(sk)->chan->sec_level = sec_level;
714 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
717 s = rfcomm_session_add(sock, BT_BOUND);
725 bacpy(&addr.l2_bdaddr, dst);
726 addr.l2_family = AF_BLUETOOTH;
727 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
729 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
730 if (*err == 0 || *err == -EINPROGRESS)
733 rfcomm_session_del(s);
741 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
743 struct sock *sk = s->sock->sk;
745 bacpy(src, &bt_sk(sk)->src);
747 bacpy(dst, &bt_sk(sk)->dst);
750 /* ---- RFCOMM frame sending ---- */
751 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len,
754 struct socket *sock = s->sock;
755 struct sock *sk = sock->sk;
756 struct kvec iv = { data, len };
759 BT_DBG("session %p len %d priority %u", s, len, priority);
761 if (sk->sk_priority != priority) {
763 sk->sk_priority = priority;
767 memset(&msg, 0, sizeof(msg));
769 return kernel_sendmsg(sock, &msg, &iv, 1, len);
772 static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd)
774 BT_DBG("%p cmd %u", s, cmd->ctrl);
776 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd), HCI_PRIO_MAX);
779 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
781 struct rfcomm_cmd cmd;
783 BT_DBG("%p dlci %d", s, dlci);
785 cmd.addr = __addr(s->initiator, dlci);
786 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
788 cmd.fcs = __fcs2((u8 *) &cmd);
790 return rfcomm_send_cmd(s, &cmd);
793 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
795 struct rfcomm_cmd cmd;
797 BT_DBG("%p dlci %d", s, dlci);
799 cmd.addr = __addr(!s->initiator, dlci);
800 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
802 cmd.fcs = __fcs2((u8 *) &cmd);
804 return rfcomm_send_cmd(s, &cmd);
807 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
809 struct rfcomm_cmd cmd;
811 BT_DBG("%p dlci %d", s, dlci);
813 cmd.addr = __addr(s->initiator, dlci);
814 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
816 cmd.fcs = __fcs2((u8 *) &cmd);
818 return rfcomm_send_cmd(s, &cmd);
821 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
823 struct rfcomm_cmd *cmd;
826 BT_DBG("dlc %p dlci %d", d, d->dlci);
828 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
832 skb->priority = HCI_PRIO_MAX;
834 cmd = (void *) __skb_put(skb, sizeof(*cmd));
836 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
837 cmd->len = __len8(0);
838 cmd->fcs = __fcs2((u8 *) cmd);
840 skb_queue_tail(&d->tx_queue, skb);
845 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
847 struct rfcomm_cmd cmd;
849 BT_DBG("%p dlci %d", s, dlci);
851 cmd.addr = __addr(!s->initiator, dlci);
852 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
854 cmd.fcs = __fcs2((u8 *) &cmd);
856 return rfcomm_send_cmd(s, &cmd);
859 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
861 struct rfcomm_hdr *hdr;
862 struct rfcomm_mcc *mcc;
863 u8 buf[16], *ptr = buf;
865 BT_DBG("%p cr %d type %d", s, cr, type);
867 hdr = (void *) ptr; ptr += sizeof(*hdr);
868 hdr->addr = __addr(s->initiator, 0);
869 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
870 hdr->len = __len8(sizeof(*mcc) + 1);
872 mcc = (void *) ptr; ptr += sizeof(*mcc);
873 mcc->type = __mcc_type(cr, RFCOMM_NSC);
874 mcc->len = __len8(1);
876 /* Type that we didn't like */
877 *ptr = __mcc_type(cr, type); ptr++;
879 *ptr = __fcs(buf); ptr++;
881 return rfcomm_send_frame(s, buf, ptr - buf, HCI_PRIO_MAX);
884 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
886 struct rfcomm_hdr *hdr;
887 struct rfcomm_mcc *mcc;
888 struct rfcomm_pn *pn;
889 u8 buf[16], *ptr = buf;
891 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
893 hdr = (void *) ptr; ptr += sizeof(*hdr);
894 hdr->addr = __addr(s->initiator, 0);
895 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
896 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
898 mcc = (void *) ptr; ptr += sizeof(*mcc);
899 mcc->type = __mcc_type(cr, RFCOMM_PN);
900 mcc->len = __len8(sizeof(*pn));
902 pn = (void *) ptr; ptr += sizeof(*pn);
904 pn->priority = d->priority;
909 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
910 pn->credits = RFCOMM_DEFAULT_CREDITS;
916 if (cr && channel_mtu >= 0)
917 pn->mtu = cpu_to_le16(channel_mtu);
919 pn->mtu = cpu_to_le16(d->mtu);
921 *ptr = __fcs(buf); ptr++;
923 return rfcomm_send_frame(s, buf, ptr - buf, HCI_PRIO_MAX);
926 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
927 u8 bit_rate, u8 data_bits, u8 stop_bits,
928 u8 parity, u8 flow_ctrl_settings,
929 u8 xon_char, u8 xoff_char, u16 param_mask)
931 struct rfcomm_hdr *hdr;
932 struct rfcomm_mcc *mcc;
933 struct rfcomm_rpn *rpn;
934 u8 buf[16], *ptr = buf;
936 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
937 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
938 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
939 flow_ctrl_settings, xon_char, xoff_char, param_mask);
941 hdr = (void *) ptr; ptr += sizeof(*hdr);
942 hdr->addr = __addr(s->initiator, 0);
943 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
944 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
946 mcc = (void *) ptr; ptr += sizeof(*mcc);
947 mcc->type = __mcc_type(cr, RFCOMM_RPN);
948 mcc->len = __len8(sizeof(*rpn));
950 rpn = (void *) ptr; ptr += sizeof(*rpn);
951 rpn->dlci = __addr(1, dlci);
952 rpn->bit_rate = bit_rate;
953 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
954 rpn->flow_ctrl = flow_ctrl_settings;
955 rpn->xon_char = xon_char;
956 rpn->xoff_char = xoff_char;
957 rpn->param_mask = cpu_to_le16(param_mask);
959 *ptr = __fcs(buf); ptr++;
961 return rfcomm_send_frame(s, buf, ptr - buf, HCI_PRIO_MAX);
964 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
966 struct rfcomm_hdr *hdr;
967 struct rfcomm_mcc *mcc;
968 struct rfcomm_rls *rls;
969 u8 buf[16], *ptr = buf;
971 BT_DBG("%p cr %d status 0x%x", s, cr, status);
973 hdr = (void *) ptr; ptr += sizeof(*hdr);
974 hdr->addr = __addr(s->initiator, 0);
975 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
976 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
978 mcc = (void *) ptr; ptr += sizeof(*mcc);
979 mcc->type = __mcc_type(cr, RFCOMM_RLS);
980 mcc->len = __len8(sizeof(*rls));
982 rls = (void *) ptr; ptr += sizeof(*rls);
983 rls->dlci = __addr(1, dlci);
984 rls->status = status;
986 *ptr = __fcs(buf); ptr++;
988 return rfcomm_send_frame(s, buf, ptr - buf, HCI_PRIO_MAX);
991 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
993 struct rfcomm_hdr *hdr;
994 struct rfcomm_mcc *mcc;
995 struct rfcomm_msc *msc;
996 u8 buf[16], *ptr = buf;
998 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
1000 hdr = (void *) ptr; ptr += sizeof(*hdr);
1001 hdr->addr = __addr(s->initiator, 0);
1002 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1003 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
1005 mcc = (void *) ptr; ptr += sizeof(*mcc);
1006 mcc->type = __mcc_type(cr, RFCOMM_MSC);
1007 mcc->len = __len8(sizeof(*msc));
1009 msc = (void *) ptr; ptr += sizeof(*msc);
1010 msc->dlci = __addr(1, dlci);
1011 msc->v24_sig = v24_sig | 0x01;
1013 *ptr = __fcs(buf); ptr++;
1015 return rfcomm_send_frame(s, buf, ptr - buf, HCI_PRIO_MAX);
1018 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
1020 struct rfcomm_hdr *hdr;
1021 struct rfcomm_mcc *mcc;
1022 u8 buf[16], *ptr = buf;
1024 BT_DBG("%p cr %d", s, cr);
1026 hdr = (void *) ptr; ptr += sizeof(*hdr);
1027 hdr->addr = __addr(s->initiator, 0);
1028 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1029 hdr->len = __len8(sizeof(*mcc));
1031 mcc = (void *) ptr; ptr += sizeof(*mcc);
1032 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1033 mcc->len = __len8(0);
1035 *ptr = __fcs(buf); ptr++;
1037 return rfcomm_send_frame(s, buf, ptr - buf, HCI_PRIO_MAX);
1040 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1042 struct rfcomm_hdr *hdr;
1043 struct rfcomm_mcc *mcc;
1044 u8 buf[16], *ptr = buf;
1046 BT_DBG("%p cr %d", s, cr);
1048 hdr = (void *) ptr; ptr += sizeof(*hdr);
1049 hdr->addr = __addr(s->initiator, 0);
1050 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1051 hdr->len = __len8(sizeof(*mcc));
1053 mcc = (void *) ptr; ptr += sizeof(*mcc);
1054 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1055 mcc->len = __len8(0);
1057 *ptr = __fcs(buf); ptr++;
1059 return rfcomm_send_frame(s, buf, ptr - buf, HCI_PRIO_MAX);
1062 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1064 struct socket *sock = s->sock;
1067 unsigned char hdr[5], crc[1];
1072 BT_DBG("%p cr %d", s, cr);
1074 hdr[0] = __addr(s->initiator, 0);
1075 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1076 hdr[2] = 0x01 | ((len + 2) << 1);
1077 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1078 hdr[4] = 0x01 | (len << 1);
1080 crc[0] = __fcs(hdr);
1082 iv[0].iov_base = hdr;
1084 iv[1].iov_base = pattern;
1085 iv[1].iov_len = len;
1086 iv[2].iov_base = crc;
1089 memset(&msg, 0, sizeof(msg));
1091 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1094 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1096 struct rfcomm_hdr *hdr;
1097 u8 buf[16], *ptr = buf;
1099 BT_DBG("%p addr %d credits %d", s, addr, credits);
1101 hdr = (void *) ptr; ptr += sizeof(*hdr);
1103 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1104 hdr->len = __len8(0);
1106 *ptr = credits; ptr++;
1108 *ptr = __fcs(buf); ptr++;
1110 return rfcomm_send_frame(s, buf, ptr - buf, HCI_PRIO_MAX);
1113 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1115 struct rfcomm_hdr *hdr;
1120 hdr = (void *) skb_push(skb, 4);
1121 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1123 hdr = (void *) skb_push(skb, 3);
1124 hdr->len = __len8(len);
1127 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1129 crc = skb_put(skb, 1);
1130 *crc = __fcs((void *) hdr);
1133 /* ---- RFCOMM frame reception ---- */
1134 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1136 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1140 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1142 rfcomm_send_dm(s, dlci);
1148 rfcomm_dlc_clear_timer(d);
1151 d->state = BT_CONNECTED;
1152 d->state_change(d, 0);
1153 rfcomm_dlc_unlock(d);
1155 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1159 d->state = BT_CLOSED;
1160 __rfcomm_dlc_close(d, 0);
1162 if (list_empty(&s->dlcs)) {
1163 s->state = BT_DISCONN;
1164 rfcomm_send_disc(s, 0);
1165 rfcomm_session_clear_timer(s);
1171 /* Control channel */
1174 s->state = BT_CONNECTED;
1175 rfcomm_process_connect(s);
1179 /* When socket is closed and we are not RFCOMM
1180 * initiator rfcomm_process_rx already calls
1181 * rfcomm_session_put() */
1182 if (s->sock->sk->sk_state != BT_CLOSED)
1183 if (list_empty(&s->dlcs))
1184 rfcomm_session_put(s);
1191 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1195 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1199 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1201 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1206 d->state = BT_CLOSED;
1207 __rfcomm_dlc_close(d, err);
1210 if (s->state == BT_CONNECT)
1215 s->state = BT_CLOSED;
1216 rfcomm_session_close(s, err);
1221 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1225 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1228 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1230 rfcomm_send_ua(s, dlci);
1232 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1237 d->state = BT_CLOSED;
1238 __rfcomm_dlc_close(d, err);
1240 rfcomm_send_dm(s, dlci);
1243 rfcomm_send_ua(s, 0);
1245 if (s->state == BT_CONNECT)
1250 s->state = BT_CLOSED;
1251 rfcomm_session_close(s, err);
1257 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1259 struct sock *sk = d->session->sock->sk;
1260 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1262 BT_DBG("dlc %p", d);
1264 rfcomm_send_ua(d->session, d->dlci);
1266 rfcomm_dlc_clear_timer(d);
1269 d->state = BT_CONNECTED;
1270 d->state_change(d, 0);
1271 rfcomm_dlc_unlock(d);
1274 hci_conn_switch_role(conn->hcon, 0x00);
1276 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1279 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1281 if (rfcomm_check_security(d)) {
1282 if (d->defer_setup) {
1283 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1284 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1287 d->state = BT_CONNECT2;
1288 d->state_change(d, 0);
1289 rfcomm_dlc_unlock(d);
1291 rfcomm_dlc_accept(d);
1293 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1294 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1298 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1300 struct rfcomm_dlc *d;
1303 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1306 rfcomm_send_ua(s, 0);
1308 if (s->state == BT_OPEN) {
1309 s->state = BT_CONNECTED;
1310 rfcomm_process_connect(s);
1315 /* Check if DLC exists */
1316 d = rfcomm_dlc_get(s, dlci);
1318 if (d->state == BT_OPEN) {
1319 /* DLC was previously opened by PN request */
1320 rfcomm_check_accept(d);
1325 /* Notify socket layer about incoming connection */
1326 channel = __srv_channel(dlci);
1327 if (rfcomm_connect_ind(s, channel, &d)) {
1329 d->addr = __addr(s->initiator, dlci);
1330 rfcomm_dlc_link(s, d);
1332 rfcomm_check_accept(d);
1334 rfcomm_send_dm(s, dlci);
1340 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1342 struct rfcomm_session *s = d->session;
1344 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1345 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1347 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1348 pn->flow_ctrl == 0xe0) {
1349 d->cfc = RFCOMM_CFC_ENABLED;
1350 d->tx_credits = pn->credits;
1352 d->cfc = RFCOMM_CFC_DISABLED;
1353 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1356 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1359 d->priority = pn->priority;
1361 d->mtu = __le16_to_cpu(pn->mtu);
1363 if (cr && d->mtu > s->mtu)
1369 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1371 struct rfcomm_pn *pn = (void *) skb->data;
1372 struct rfcomm_dlc *d;
1375 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1380 d = rfcomm_dlc_get(s, dlci);
1384 rfcomm_apply_pn(d, cr, pn);
1385 rfcomm_send_pn(s, 0, d);
1390 rfcomm_apply_pn(d, cr, pn);
1392 d->state = BT_CONNECT;
1393 rfcomm_send_sabm(s, d->dlci);
1398 u8 channel = __srv_channel(dlci);
1403 /* PN request for non existing DLC.
1404 * Assume incoming connection. */
1405 if (rfcomm_connect_ind(s, channel, &d)) {
1407 d->addr = __addr(s->initiator, dlci);
1408 rfcomm_dlc_link(s, d);
1410 rfcomm_apply_pn(d, cr, pn);
1413 rfcomm_send_pn(s, 0, d);
1415 rfcomm_send_dm(s, dlci);
1421 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1423 struct rfcomm_rpn *rpn = (void *) skb->data;
1424 u8 dlci = __get_dlci(rpn->dlci);
1433 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1435 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1436 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1437 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1443 /* This is a request, return default (according to ETSI TS 07.10) settings */
1444 bit_rate = RFCOMM_RPN_BR_9600;
1445 data_bits = RFCOMM_RPN_DATA_8;
1446 stop_bits = RFCOMM_RPN_STOP_1;
1447 parity = RFCOMM_RPN_PARITY_NONE;
1448 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1449 xon_char = RFCOMM_RPN_XON_CHAR;
1450 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1454 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1455 * no parity, no flow control lines, normal XON/XOFF chars */
1457 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1458 bit_rate = rpn->bit_rate;
1459 if (bit_rate > RFCOMM_RPN_BR_230400) {
1460 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1461 bit_rate = RFCOMM_RPN_BR_9600;
1462 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1466 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1467 data_bits = __get_rpn_data_bits(rpn->line_settings);
1468 if (data_bits != RFCOMM_RPN_DATA_8) {
1469 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1470 data_bits = RFCOMM_RPN_DATA_8;
1471 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1475 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1476 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1477 if (stop_bits != RFCOMM_RPN_STOP_1) {
1478 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1479 stop_bits = RFCOMM_RPN_STOP_1;
1480 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1484 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1485 parity = __get_rpn_parity(rpn->line_settings);
1486 if (parity != RFCOMM_RPN_PARITY_NONE) {
1487 BT_DBG("RPN parity mismatch 0x%x", parity);
1488 parity = RFCOMM_RPN_PARITY_NONE;
1489 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1493 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1494 flow_ctrl = rpn->flow_ctrl;
1495 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1496 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1497 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1498 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1502 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1503 xon_char = rpn->xon_char;
1504 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1505 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1506 xon_char = RFCOMM_RPN_XON_CHAR;
1507 rpn_mask ^= RFCOMM_RPN_PM_XON;
1511 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1512 xoff_char = rpn->xoff_char;
1513 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1514 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1515 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1516 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1521 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1522 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1527 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1529 struct rfcomm_rls *rls = (void *) skb->data;
1530 u8 dlci = __get_dlci(rls->dlci);
1532 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1537 /* We should probably do something with this information here. But
1538 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1539 * mandatory to recognise and respond to RLS */
1541 rfcomm_send_rls(s, 0, dlci, rls->status);
1546 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1548 struct rfcomm_msc *msc = (void *) skb->data;
1549 struct rfcomm_dlc *d;
1550 u8 dlci = __get_dlci(msc->dlci);
1552 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1554 d = rfcomm_dlc_get(s, dlci);
1559 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1560 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1562 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1566 d->remote_v24_sig = msc->v24_sig;
1568 if (d->modem_status)
1569 d->modem_status(d, msc->v24_sig);
1571 rfcomm_dlc_unlock(d);
1573 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1575 d->mscex |= RFCOMM_MSCEX_RX;
1577 d->mscex |= RFCOMM_MSCEX_TX;
1582 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1584 struct rfcomm_mcc *mcc = (void *) skb->data;
1587 cr = __test_cr(mcc->type);
1588 type = __get_mcc_type(mcc->type);
1589 len = __get_mcc_len(mcc->len);
1591 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1597 rfcomm_recv_pn(s, cr, skb);
1601 rfcomm_recv_rpn(s, cr, len, skb);
1605 rfcomm_recv_rls(s, cr, skb);
1609 rfcomm_recv_msc(s, cr, skb);
1614 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1615 rfcomm_send_fcoff(s, 0);
1621 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1622 rfcomm_send_fcon(s, 0);
1628 rfcomm_send_test(s, 0, skb->data, skb->len);
1635 BT_ERR("Unknown control type 0x%02x", type);
1636 rfcomm_send_nsc(s, cr, type);
1642 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1644 struct rfcomm_dlc *d;
1646 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1648 d = rfcomm_dlc_get(s, dlci);
1650 rfcomm_send_dm(s, dlci);
1655 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1657 d->tx_credits += credits;
1659 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1662 if (skb->len && d->state == BT_CONNECTED) {
1665 d->data_ready(d, skb);
1666 rfcomm_dlc_unlock(d);
1675 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1677 struct rfcomm_hdr *hdr = (void *) skb->data;
1680 dlci = __get_dlci(hdr->addr);
1681 type = __get_type(hdr->ctrl);
1684 skb->len--; skb->tail--;
1685 fcs = *(u8 *)skb_tail_pointer(skb);
1687 if (__check_fcs(skb->data, type, fcs)) {
1688 BT_ERR("bad checksum in packet");
1693 if (__test_ea(hdr->len))
1700 if (__test_pf(hdr->ctrl))
1701 rfcomm_recv_sabm(s, dlci);
1705 if (__test_pf(hdr->ctrl))
1706 rfcomm_recv_disc(s, dlci);
1710 if (__test_pf(hdr->ctrl))
1711 rfcomm_recv_ua(s, dlci);
1715 rfcomm_recv_dm(s, dlci);
1720 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1722 rfcomm_recv_mcc(s, skb);
1726 BT_ERR("Unknown packet type 0x%02x", type);
1733 /* ---- Connection and data processing ---- */
1735 static void rfcomm_process_connect(struct rfcomm_session *s)
1737 struct rfcomm_dlc *d;
1738 struct list_head *p, *n;
1740 BT_DBG("session %p state %ld", s, s->state);
1742 list_for_each_safe(p, n, &s->dlcs) {
1743 d = list_entry(p, struct rfcomm_dlc, list);
1744 if (d->state == BT_CONFIG) {
1746 if (rfcomm_check_security(d)) {
1747 rfcomm_send_pn(s, 1, d);
1749 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1750 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1756 /* Send data queued for the DLC.
1757 * Return number of frames left in the queue.
1759 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1761 struct sk_buff *skb;
1764 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1765 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1767 /* Send pending MSC */
1768 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1769 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1773 * Give them some credits */
1774 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1775 d->rx_credits <= (d->cfc >> 2)) {
1776 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1777 d->rx_credits = d->cfc;
1781 * Give ourselves some credits */
1785 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1786 return skb_queue_len(&d->tx_queue);
1788 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1789 err = rfcomm_send_frame(d->session, skb->data, skb->len,
1792 skb_queue_head(&d->tx_queue, skb);
1799 if (d->cfc && !d->tx_credits) {
1800 /* We're out of TX credits.
1801 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1802 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1805 return skb_queue_len(&d->tx_queue);
1808 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1810 struct rfcomm_dlc *d;
1811 struct list_head *p, *n;
1813 BT_DBG("session %p state %ld", s, s->state);
1815 list_for_each_safe(p, n, &s->dlcs) {
1816 d = list_entry(p, struct rfcomm_dlc, list);
1818 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1819 __rfcomm_dlc_close(d, ETIMEDOUT);
1823 if (test_bit(RFCOMM_ENC_DROP, &d->flags)) {
1824 __rfcomm_dlc_close(d, ECONNREFUSED);
1828 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1829 rfcomm_dlc_clear_timer(d);
1831 rfcomm_send_pn(s, 1, d);
1832 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1834 if (d->defer_setup) {
1835 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1836 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1839 d->state = BT_CONNECT2;
1840 d->state_change(d, 0);
1841 rfcomm_dlc_unlock(d);
1843 rfcomm_dlc_accept(d);
1846 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1847 rfcomm_dlc_clear_timer(d);
1849 rfcomm_send_dm(s, d->dlci);
1851 d->state = BT_CLOSED;
1852 __rfcomm_dlc_close(d, ECONNREFUSED);
1856 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1859 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1862 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1863 d->mscex == RFCOMM_MSCEX_OK)
1864 rfcomm_process_tx(d);
1868 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1870 struct socket *sock = s->sock;
1871 struct sock *sk = sock->sk;
1872 struct sk_buff *skb;
1874 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1876 /* Get data directly from socket receive queue without copying it. */
1877 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1879 if (!skb_linearize(skb))
1880 rfcomm_recv_frame(s, skb);
1885 if (sk->sk_state == BT_CLOSED) {
1887 rfcomm_session_put(s);
1889 rfcomm_session_close(s, sk->sk_err);
1893 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1895 struct socket *sock = s->sock, *nsock;
1898 /* Fast check for a new connection.
1899 * Avoids unnesesary socket allocations. */
1900 if (list_empty(&bt_sk(sock->sk)->accept_q))
1903 BT_DBG("session %p", s);
1905 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1909 /* Set our callbacks */
1910 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1911 nsock->sk->sk_state_change = rfcomm_l2state_change;
1913 s = rfcomm_session_add(nsock, BT_OPEN);
1915 rfcomm_session_hold(s);
1917 /* We should adjust MTU on incoming sessions.
1918 * L2CAP MTU minus UIH header and FCS. */
1919 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1920 l2cap_pi(nsock->sk)->chan->imtu) - 5;
1924 sock_release(nsock);
1927 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1929 struct sock *sk = s->sock->sk;
1931 BT_DBG("%p state %ld", s, s->state);
1933 switch (sk->sk_state) {
1935 s->state = BT_CONNECT;
1937 /* We can adjust MTU on outgoing sessions.
1938 * L2CAP MTU minus UIH header and FCS. */
1939 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
1941 rfcomm_send_sabm(s, 0);
1945 s->state = BT_CLOSED;
1946 rfcomm_session_close(s, sk->sk_err);
1951 static inline void rfcomm_process_sessions(void)
1953 struct list_head *p, *n;
1957 list_for_each_safe(p, n, &session_list) {
1958 struct rfcomm_session *s;
1959 s = list_entry(p, struct rfcomm_session, list);
1961 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1962 s->state = BT_DISCONN;
1963 rfcomm_send_disc(s, 0);
1964 rfcomm_session_put(s);
1968 if (s->state == BT_LISTEN) {
1969 rfcomm_accept_connection(s);
1973 rfcomm_session_hold(s);
1977 rfcomm_check_connection(s);
1981 rfcomm_process_rx(s);
1985 rfcomm_process_dlcs(s);
1987 rfcomm_session_put(s);
1993 static int rfcomm_add_listener(bdaddr_t *ba)
1995 struct sockaddr_l2 addr;
1996 struct socket *sock;
1998 struct rfcomm_session *s;
2002 err = rfcomm_l2sock_create(&sock);
2004 BT_ERR("Create socket failed %d", err);
2009 bacpy(&addr.l2_bdaddr, ba);
2010 addr.l2_family = AF_BLUETOOTH;
2011 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
2013 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
2015 BT_ERR("Bind failed %d", err);
2019 /* Set L2CAP options */
2022 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
2025 /* Start listening on the socket */
2026 err = kernel_listen(sock, 10);
2028 BT_ERR("Listen failed %d", err);
2032 /* Add listening session */
2033 s = rfcomm_session_add(sock, BT_LISTEN);
2037 rfcomm_session_hold(s);
2044 static void rfcomm_kill_listener(void)
2046 struct rfcomm_session *s;
2047 struct list_head *p, *n;
2051 list_for_each_safe(p, n, &session_list) {
2052 s = list_entry(p, struct rfcomm_session, list);
2053 rfcomm_session_del(s);
2057 static int rfcomm_run(void *unused)
2061 set_user_nice(current, -10);
2063 rfcomm_add_listener(BDADDR_ANY);
2066 set_current_state(TASK_INTERRUPTIBLE);
2068 if (kthread_should_stop())
2072 rfcomm_process_sessions();
2076 __set_current_state(TASK_RUNNING);
2078 rfcomm_kill_listener();
2083 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2085 struct rfcomm_session *s;
2086 struct rfcomm_dlc *d;
2087 struct list_head *p, *n;
2089 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2091 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2095 rfcomm_session_hold(s);
2097 list_for_each_safe(p, n, &s->dlcs) {
2098 d = list_entry(p, struct rfcomm_dlc, list);
2100 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2101 rfcomm_dlc_clear_timer(d);
2102 if (status || encrypt == 0x00) {
2103 set_bit(RFCOMM_ENC_DROP, &d->flags);
2108 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2109 if (d->sec_level == BT_SECURITY_MEDIUM) {
2110 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2111 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2113 } else if (d->sec_level == BT_SECURITY_HIGH) {
2114 set_bit(RFCOMM_ENC_DROP, &d->flags);
2119 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2122 if (!status && hci_conn_check_secure(conn, d->sec_level))
2123 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2125 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2128 rfcomm_session_put(s);
2133 static struct hci_cb rfcomm_cb = {
2135 .security_cfm = rfcomm_security_cfm
2138 static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2140 struct rfcomm_session *s;
2144 list_for_each_entry(s, &session_list, list) {
2145 struct rfcomm_dlc *d;
2146 list_for_each_entry(d, &s->dlcs, list) {
2147 struct sock *sk = s->sock->sk;
2149 seq_printf(f, "%s %s %ld %d %d %d %d\n",
2150 batostr(&bt_sk(sk)->src),
2151 batostr(&bt_sk(sk)->dst),
2152 d->state, d->dlci, d->mtu,
2153 d->rx_credits, d->tx_credits);
2162 static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file)
2164 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private);
2167 static const struct file_operations rfcomm_dlc_debugfs_fops = {
2168 .open = rfcomm_dlc_debugfs_open,
2170 .llseek = seq_lseek,
2171 .release = single_release,
2174 static struct dentry *rfcomm_dlc_debugfs;
2176 /* ---- Initialization ---- */
2177 static int __init rfcomm_init(void)
2181 hci_register_cb(&rfcomm_cb);
2183 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2184 if (IS_ERR(rfcomm_thread)) {
2185 err = PTR_ERR(rfcomm_thread);
2190 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2191 bt_debugfs, NULL, &rfcomm_dlc_debugfs_fops);
2192 if (!rfcomm_dlc_debugfs)
2193 BT_ERR("Failed to create RFCOMM debug file");
2196 err = rfcomm_init_ttys();
2200 err = rfcomm_init_sockets();
2204 BT_INFO("RFCOMM ver %s", VERSION);
2209 rfcomm_cleanup_ttys();
2212 kthread_stop(rfcomm_thread);
2215 hci_unregister_cb(&rfcomm_cb);
2220 static void __exit rfcomm_exit(void)
2222 debugfs_remove(rfcomm_dlc_debugfs);
2224 hci_unregister_cb(&rfcomm_cb);
2226 kthread_stop(rfcomm_thread);
2228 rfcomm_cleanup_ttys();
2230 rfcomm_cleanup_sockets();
2233 module_init(rfcomm_init);
2234 module_exit(rfcomm_exit);
2236 module_param(disable_cfc, bool, 0644);
2237 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2239 module_param(channel_mtu, int, 0644);
2240 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2242 module_param(l2cap_mtu, uint, 0644);
2243 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2245 module_param(l2cap_ertm, bool, 0644);
2246 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2248 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2249 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2250 MODULE_VERSION(VERSION);
2251 MODULE_LICENSE("GPL");
2252 MODULE_ALIAS("bt-proto-3");