2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/kernel.h>
31 #include <linux/sched.h>
32 #include <linux/signal.h>
33 #include <linux/init.h>
34 #include <linux/wait.h>
35 #include <linux/device.h>
36 #include <linux/net.h>
37 #include <linux/mutex.h>
38 #include <linux/kthread.h>
41 #include <asm/uaccess.h>
42 #include <asm/unaligned.h>
44 #include <net/bluetooth/bluetooth.h>
45 #include <net/bluetooth/hci_core.h>
46 #include <net/bluetooth/l2cap.h>
47 #include <net/bluetooth/rfcomm.h>
49 #define VERSION "1.11"
51 static int disable_cfc = 0;
52 static int channel_mtu = -1;
53 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
55 static struct task_struct *rfcomm_thread;
57 static DEFINE_MUTEX(rfcomm_mutex);
58 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
59 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
61 static unsigned long rfcomm_event;
63 static LIST_HEAD(session_list);
65 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
66 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
67 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
68 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
69 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
70 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
71 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
72 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
73 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
74 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
76 static void rfcomm_process_connect(struct rfcomm_session *s);
78 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
79 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
80 static void rfcomm_session_del(struct rfcomm_session *s);
82 /* ---- RFCOMM frame parsing macros ---- */
83 #define __get_dlci(b) ((b & 0xfc) >> 2)
84 #define __get_channel(b) ((b & 0xf8) >> 3)
85 #define __get_dir(b) ((b & 0x04) >> 2)
86 #define __get_type(b) ((b & 0xef))
88 #define __test_ea(b) ((b & 0x01))
89 #define __test_cr(b) ((b & 0x02))
90 #define __test_pf(b) ((b & 0x10))
92 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
93 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
94 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
95 #define __srv_channel(dlci) (dlci >> 1)
96 #define __dir(dlci) (dlci & 0x01)
98 #define __len8(len) (((len) << 1) | 1)
99 #define __len16(len) ((len) << 1)
102 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
103 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
104 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
107 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
108 #define __get_rpn_data_bits(line) ((line) & 0x3)
109 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
110 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
112 static inline void rfcomm_schedule(uint event)
116 //set_bit(event, &rfcomm_event);
117 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
118 wake_up_process(rfcomm_thread);
121 static inline void rfcomm_session_put(struct rfcomm_session *s)
123 if (atomic_dec_and_test(&s->refcnt))
124 rfcomm_session_del(s);
127 /* ---- RFCOMM FCS computation ---- */
129 /* reversed, 8-bit, poly=0x07 */
130 static unsigned char rfcomm_crc_table[256] = {
131 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
132 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
133 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
134 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
136 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
137 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
138 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
139 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
141 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
142 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
143 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
144 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
146 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
147 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
148 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
149 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
151 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
152 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
153 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
154 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
156 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
157 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
158 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
159 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
161 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
162 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
163 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
164 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
166 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
167 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
168 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
169 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
173 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
176 static inline u8 __fcs(u8 *data)
178 return (0xff - __crc(data));
182 static inline u8 __fcs2(u8 *data)
184 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
188 static inline int __check_fcs(u8 *data, int type, u8 fcs)
192 if (type != RFCOMM_UIH)
193 f = rfcomm_crc_table[f ^ data[2]];
195 return rfcomm_crc_table[f ^ fcs] != 0xcf;
198 /* ---- L2CAP callbacks ---- */
199 static void rfcomm_l2state_change(struct sock *sk)
201 BT_DBG("%p state %d", sk, sk->sk_state);
202 rfcomm_schedule(RFCOMM_SCHED_STATE);
205 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
207 BT_DBG("%p bytes %d", sk, bytes);
208 rfcomm_schedule(RFCOMM_SCHED_RX);
211 static int rfcomm_l2sock_create(struct socket **sock)
217 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
219 struct sock *sk = (*sock)->sk;
220 sk->sk_data_ready = rfcomm_l2data_ready;
221 sk->sk_state_change = rfcomm_l2state_change;
226 static inline int rfcomm_check_security(struct rfcomm_dlc *d)
228 struct sock *sk = d->session->sock->sk;
231 switch (d->sec_level) {
232 case BT_SECURITY_HIGH:
233 auth_type = HCI_AT_GENERAL_BONDING_MITM;
235 case BT_SECURITY_MEDIUM:
236 auth_type = HCI_AT_GENERAL_BONDING;
239 auth_type = HCI_AT_NO_BONDING;
243 return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level,
247 /* ---- RFCOMM DLCs ---- */
248 static void rfcomm_dlc_timeout(unsigned long arg)
250 struct rfcomm_dlc *d = (void *) arg;
252 BT_DBG("dlc %p state %ld", d, d->state);
254 set_bit(RFCOMM_TIMED_OUT, &d->flags);
256 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
259 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
261 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
263 if (!mod_timer(&d->timer, jiffies + timeout))
267 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
269 BT_DBG("dlc %p state %ld", d, d->state);
271 if (timer_pending(&d->timer) && del_timer(&d->timer))
275 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
282 d->mtu = RFCOMM_DEFAULT_MTU;
283 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
285 d->cfc = RFCOMM_CFC_DISABLED;
286 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
289 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
291 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
296 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
298 skb_queue_head_init(&d->tx_queue);
299 spin_lock_init(&d->lock);
300 atomic_set(&d->refcnt, 1);
302 rfcomm_dlc_clear_state(d);
309 void rfcomm_dlc_free(struct rfcomm_dlc *d)
313 skb_queue_purge(&d->tx_queue);
317 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
319 BT_DBG("dlc %p session %p", d, s);
321 rfcomm_session_hold(s);
324 list_add(&d->list, &s->dlcs);
328 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
330 struct rfcomm_session *s = d->session;
332 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
338 rfcomm_session_put(s);
341 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
343 struct rfcomm_dlc *d;
346 list_for_each(p, &s->dlcs) {
347 d = list_entry(p, struct rfcomm_dlc, list);
354 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
356 struct rfcomm_session *s;
360 BT_DBG("dlc %p state %ld %s %s channel %d",
361 d, d->state, batostr(src), batostr(dst), channel);
363 if (channel < 1 || channel > 30)
366 if (d->state != BT_OPEN && d->state != BT_CLOSED)
369 s = rfcomm_session_get(src, dst);
371 s = rfcomm_session_create(src, dst, &err);
376 dlci = __dlci(!s->initiator, channel);
378 /* Check if DLCI already exists */
379 if (rfcomm_dlc_get(s, dlci))
382 rfcomm_dlc_clear_state(d);
385 d->addr = __addr(s->initiator, dlci);
388 d->state = BT_CONFIG;
389 rfcomm_dlc_link(s, d);
394 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
396 if (s->state == BT_CONNECTED) {
397 if (rfcomm_check_security(d))
398 rfcomm_send_pn(s, 1, d);
400 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
403 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
408 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
414 r = __rfcomm_dlc_open(d, src, dst, channel);
420 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
422 struct rfcomm_session *s = d->session;
426 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
427 d, d->state, d->dlci, err, s);
432 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
433 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
434 rfcomm_schedule(RFCOMM_SCHED_AUTH);
440 d->state = BT_DISCONN;
441 if (skb_queue_empty(&d->tx_queue)) {
442 rfcomm_send_disc(s, d->dlci);
443 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
445 rfcomm_queue_disc(d);
446 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
451 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
452 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
453 rfcomm_schedule(RFCOMM_SCHED_AUTH);
459 rfcomm_dlc_clear_timer(d);
462 d->state = BT_CLOSED;
463 d->state_change(d, err);
464 rfcomm_dlc_unlock(d);
466 skb_queue_purge(&d->tx_queue);
467 rfcomm_dlc_unlink(d);
473 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
479 r = __rfcomm_dlc_close(d, err);
485 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
489 if (d->state != BT_CONNECTED)
492 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
497 rfcomm_make_uih(skb, d->addr);
498 skb_queue_tail(&d->tx_queue, skb);
500 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
501 rfcomm_schedule(RFCOMM_SCHED_TX);
505 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
507 BT_DBG("dlc %p state %ld", d, d->state);
510 d->v24_sig |= RFCOMM_V24_FC;
511 set_bit(RFCOMM_MSC_PENDING, &d->flags);
513 rfcomm_schedule(RFCOMM_SCHED_TX);
516 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
518 BT_DBG("dlc %p state %ld", d, d->state);
521 d->v24_sig &= ~RFCOMM_V24_FC;
522 set_bit(RFCOMM_MSC_PENDING, &d->flags);
524 rfcomm_schedule(RFCOMM_SCHED_TX);
528 Set/get modem status functions use _local_ status i.e. what we report
530 Remote status is provided by dlc->modem_status() callback.
532 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
534 BT_DBG("dlc %p state %ld v24_sig 0x%x",
535 d, d->state, v24_sig);
537 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
538 v24_sig |= RFCOMM_V24_FC;
540 v24_sig &= ~RFCOMM_V24_FC;
542 d->v24_sig = v24_sig;
544 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
545 rfcomm_schedule(RFCOMM_SCHED_TX);
550 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
552 BT_DBG("dlc %p state %ld v24_sig 0x%x",
553 d, d->state, d->v24_sig);
555 *v24_sig = d->v24_sig;
559 /* ---- RFCOMM sessions ---- */
560 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
562 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
567 BT_DBG("session %p sock %p", s, sock);
569 INIT_LIST_HEAD(&s->dlcs);
573 s->mtu = RFCOMM_DEFAULT_MTU;
574 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
576 /* Do not increment module usage count for listening sessions.
577 * Otherwise we won't be able to unload the module. */
578 if (state != BT_LISTEN)
579 if (!try_module_get(THIS_MODULE)) {
584 list_add(&s->list, &session_list);
589 static void rfcomm_session_del(struct rfcomm_session *s)
591 int state = s->state;
593 BT_DBG("session %p state %ld", s, s->state);
597 if (state == BT_CONNECTED)
598 rfcomm_send_disc(s, 0);
600 sock_release(s->sock);
603 if (state != BT_LISTEN)
604 module_put(THIS_MODULE);
607 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
609 struct rfcomm_session *s;
610 struct list_head *p, *n;
612 list_for_each_safe(p, n, &session_list) {
613 s = list_entry(p, struct rfcomm_session, list);
614 sk = bt_sk(s->sock->sk);
616 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
617 !bacmp(&sk->dst, dst))
623 static void rfcomm_session_close(struct rfcomm_session *s, int err)
625 struct rfcomm_dlc *d;
626 struct list_head *p, *n;
628 BT_DBG("session %p state %ld err %d", s, s->state, err);
630 rfcomm_session_hold(s);
632 s->state = BT_CLOSED;
635 list_for_each_safe(p, n, &s->dlcs) {
636 d = list_entry(p, struct rfcomm_dlc, list);
637 d->state = BT_CLOSED;
638 __rfcomm_dlc_close(d, err);
641 rfcomm_session_put(s);
644 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
646 struct rfcomm_session *s = NULL;
647 struct sockaddr_l2 addr;
651 BT_DBG("%s %s", batostr(src), batostr(dst));
653 *err = rfcomm_l2sock_create(&sock);
657 bacpy(&addr.l2_bdaddr, src);
658 addr.l2_family = AF_BLUETOOTH;
660 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
664 /* Set L2CAP options */
667 l2cap_pi(sk)->imtu = l2cap_mtu;
670 s = rfcomm_session_add(sock, BT_BOUND);
678 bacpy(&addr.l2_bdaddr, dst);
679 addr.l2_family = AF_BLUETOOTH;
680 addr.l2_psm = htobs(RFCOMM_PSM);
681 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
682 if (*err == 0 || *err == -EINPROGRESS)
685 rfcomm_session_del(s);
693 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
695 struct sock *sk = s->sock->sk;
697 bacpy(src, &bt_sk(sk)->src);
699 bacpy(dst, &bt_sk(sk)->dst);
702 /* ---- RFCOMM frame sending ---- */
703 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
705 struct socket *sock = s->sock;
706 struct kvec iv = { data, len };
709 BT_DBG("session %p len %d", s, len);
711 memset(&msg, 0, sizeof(msg));
713 return kernel_sendmsg(sock, &msg, &iv, 1, len);
716 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
718 struct rfcomm_cmd cmd;
720 BT_DBG("%p dlci %d", s, dlci);
722 cmd.addr = __addr(s->initiator, dlci);
723 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
725 cmd.fcs = __fcs2((u8 *) &cmd);
727 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
730 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
732 struct rfcomm_cmd cmd;
734 BT_DBG("%p dlci %d", s, dlci);
736 cmd.addr = __addr(!s->initiator, dlci);
737 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
739 cmd.fcs = __fcs2((u8 *) &cmd);
741 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
744 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
746 struct rfcomm_cmd cmd;
748 BT_DBG("%p dlci %d", s, dlci);
750 cmd.addr = __addr(s->initiator, dlci);
751 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
753 cmd.fcs = __fcs2((u8 *) &cmd);
755 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
758 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
760 struct rfcomm_cmd *cmd;
763 BT_DBG("dlc %p dlci %d", d, d->dlci);
765 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
769 cmd = (void *) __skb_put(skb, sizeof(*cmd));
771 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
772 cmd->len = __len8(0);
773 cmd->fcs = __fcs2((u8 *) cmd);
775 skb_queue_tail(&d->tx_queue, skb);
776 rfcomm_schedule(RFCOMM_SCHED_TX);
780 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
782 struct rfcomm_cmd cmd;
784 BT_DBG("%p dlci %d", s, dlci);
786 cmd.addr = __addr(!s->initiator, dlci);
787 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
789 cmd.fcs = __fcs2((u8 *) &cmd);
791 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
794 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
796 struct rfcomm_hdr *hdr;
797 struct rfcomm_mcc *mcc;
798 u8 buf[16], *ptr = buf;
800 BT_DBG("%p cr %d type %d", s, cr, type);
802 hdr = (void *) ptr; ptr += sizeof(*hdr);
803 hdr->addr = __addr(s->initiator, 0);
804 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
805 hdr->len = __len8(sizeof(*mcc) + 1);
807 mcc = (void *) ptr; ptr += sizeof(*mcc);
808 mcc->type = __mcc_type(cr, RFCOMM_NSC);
809 mcc->len = __len8(1);
811 /* Type that we didn't like */
812 *ptr = __mcc_type(cr, type); ptr++;
814 *ptr = __fcs(buf); ptr++;
816 return rfcomm_send_frame(s, buf, ptr - buf);
819 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
821 struct rfcomm_hdr *hdr;
822 struct rfcomm_mcc *mcc;
823 struct rfcomm_pn *pn;
824 u8 buf[16], *ptr = buf;
826 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
828 hdr = (void *) ptr; ptr += sizeof(*hdr);
829 hdr->addr = __addr(s->initiator, 0);
830 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
831 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
833 mcc = (void *) ptr; ptr += sizeof(*mcc);
834 mcc->type = __mcc_type(cr, RFCOMM_PN);
835 mcc->len = __len8(sizeof(*pn));
837 pn = (void *) ptr; ptr += sizeof(*pn);
839 pn->priority = d->priority;
844 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
845 pn->credits = RFCOMM_DEFAULT_CREDITS;
851 if (cr && channel_mtu >= 0)
852 pn->mtu = htobs(channel_mtu);
854 pn->mtu = htobs(d->mtu);
856 *ptr = __fcs(buf); ptr++;
858 return rfcomm_send_frame(s, buf, ptr - buf);
861 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
862 u8 bit_rate, u8 data_bits, u8 stop_bits,
863 u8 parity, u8 flow_ctrl_settings,
864 u8 xon_char, u8 xoff_char, u16 param_mask)
866 struct rfcomm_hdr *hdr;
867 struct rfcomm_mcc *mcc;
868 struct rfcomm_rpn *rpn;
869 u8 buf[16], *ptr = buf;
871 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
872 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
873 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
874 flow_ctrl_settings, xon_char, xoff_char, param_mask);
876 hdr = (void *) ptr; ptr += sizeof(*hdr);
877 hdr->addr = __addr(s->initiator, 0);
878 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
879 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
881 mcc = (void *) ptr; ptr += sizeof(*mcc);
882 mcc->type = __mcc_type(cr, RFCOMM_RPN);
883 mcc->len = __len8(sizeof(*rpn));
885 rpn = (void *) ptr; ptr += sizeof(*rpn);
886 rpn->dlci = __addr(1, dlci);
887 rpn->bit_rate = bit_rate;
888 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
889 rpn->flow_ctrl = flow_ctrl_settings;
890 rpn->xon_char = xon_char;
891 rpn->xoff_char = xoff_char;
892 rpn->param_mask = cpu_to_le16(param_mask);
894 *ptr = __fcs(buf); ptr++;
896 return rfcomm_send_frame(s, buf, ptr - buf);
899 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
901 struct rfcomm_hdr *hdr;
902 struct rfcomm_mcc *mcc;
903 struct rfcomm_rls *rls;
904 u8 buf[16], *ptr = buf;
906 BT_DBG("%p cr %d status 0x%x", s, cr, status);
908 hdr = (void *) ptr; ptr += sizeof(*hdr);
909 hdr->addr = __addr(s->initiator, 0);
910 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
911 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
913 mcc = (void *) ptr; ptr += sizeof(*mcc);
914 mcc->type = __mcc_type(cr, RFCOMM_RLS);
915 mcc->len = __len8(sizeof(*rls));
917 rls = (void *) ptr; ptr += sizeof(*rls);
918 rls->dlci = __addr(1, dlci);
919 rls->status = status;
921 *ptr = __fcs(buf); ptr++;
923 return rfcomm_send_frame(s, buf, ptr - buf);
926 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
928 struct rfcomm_hdr *hdr;
929 struct rfcomm_mcc *mcc;
930 struct rfcomm_msc *msc;
931 u8 buf[16], *ptr = buf;
933 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
935 hdr = (void *) ptr; ptr += sizeof(*hdr);
936 hdr->addr = __addr(s->initiator, 0);
937 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
938 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
940 mcc = (void *) ptr; ptr += sizeof(*mcc);
941 mcc->type = __mcc_type(cr, RFCOMM_MSC);
942 mcc->len = __len8(sizeof(*msc));
944 msc = (void *) ptr; ptr += sizeof(*msc);
945 msc->dlci = __addr(1, dlci);
946 msc->v24_sig = v24_sig | 0x01;
948 *ptr = __fcs(buf); ptr++;
950 return rfcomm_send_frame(s, buf, ptr - buf);
953 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
955 struct rfcomm_hdr *hdr;
956 struct rfcomm_mcc *mcc;
957 u8 buf[16], *ptr = buf;
959 BT_DBG("%p cr %d", s, cr);
961 hdr = (void *) ptr; ptr += sizeof(*hdr);
962 hdr->addr = __addr(s->initiator, 0);
963 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
964 hdr->len = __len8(sizeof(*mcc));
966 mcc = (void *) ptr; ptr += sizeof(*mcc);
967 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
968 mcc->len = __len8(0);
970 *ptr = __fcs(buf); ptr++;
972 return rfcomm_send_frame(s, buf, ptr - buf);
975 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
977 struct rfcomm_hdr *hdr;
978 struct rfcomm_mcc *mcc;
979 u8 buf[16], *ptr = buf;
981 BT_DBG("%p cr %d", s, cr);
983 hdr = (void *) ptr; ptr += sizeof(*hdr);
984 hdr->addr = __addr(s->initiator, 0);
985 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
986 hdr->len = __len8(sizeof(*mcc));
988 mcc = (void *) ptr; ptr += sizeof(*mcc);
989 mcc->type = __mcc_type(cr, RFCOMM_FCON);
990 mcc->len = __len8(0);
992 *ptr = __fcs(buf); ptr++;
994 return rfcomm_send_frame(s, buf, ptr - buf);
997 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
999 struct socket *sock = s->sock;
1002 unsigned char hdr[5], crc[1];
1007 BT_DBG("%p cr %d", s, cr);
1009 hdr[0] = __addr(s->initiator, 0);
1010 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1011 hdr[2] = 0x01 | ((len + 2) << 1);
1012 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1013 hdr[4] = 0x01 | (len << 1);
1015 crc[0] = __fcs(hdr);
1017 iv[0].iov_base = hdr;
1019 iv[1].iov_base = pattern;
1020 iv[1].iov_len = len;
1021 iv[2].iov_base = crc;
1024 memset(&msg, 0, sizeof(msg));
1026 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1029 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1031 struct rfcomm_hdr *hdr;
1032 u8 buf[16], *ptr = buf;
1034 BT_DBG("%p addr %d credits %d", s, addr, credits);
1036 hdr = (void *) ptr; ptr += sizeof(*hdr);
1038 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1039 hdr->len = __len8(0);
1041 *ptr = credits; ptr++;
1043 *ptr = __fcs(buf); ptr++;
1045 return rfcomm_send_frame(s, buf, ptr - buf);
1048 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1050 struct rfcomm_hdr *hdr;
1055 hdr = (void *) skb_push(skb, 4);
1056 put_unaligned(htobs(__len16(len)), (__le16 *) &hdr->len);
1058 hdr = (void *) skb_push(skb, 3);
1059 hdr->len = __len8(len);
1062 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1064 crc = skb_put(skb, 1);
1065 *crc = __fcs((void *) hdr);
1068 /* ---- RFCOMM frame reception ---- */
1069 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1071 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1075 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1077 rfcomm_send_dm(s, dlci);
1083 rfcomm_dlc_clear_timer(d);
1086 d->state = BT_CONNECTED;
1087 d->state_change(d, 0);
1088 rfcomm_dlc_unlock(d);
1090 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1094 d->state = BT_CLOSED;
1095 __rfcomm_dlc_close(d, 0);
1097 if (list_empty(&s->dlcs)) {
1098 s->state = BT_DISCONN;
1099 rfcomm_send_disc(s, 0);
1105 /* Control channel */
1108 s->state = BT_CONNECTED;
1109 rfcomm_process_connect(s);
1113 rfcomm_session_put(s);
1120 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1124 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1128 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1130 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1135 d->state = BT_CLOSED;
1136 __rfcomm_dlc_close(d, err);
1139 if (s->state == BT_CONNECT)
1144 s->state = BT_CLOSED;
1145 rfcomm_session_close(s, err);
1150 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1154 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1157 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1159 rfcomm_send_ua(s, dlci);
1161 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1166 d->state = BT_CLOSED;
1167 __rfcomm_dlc_close(d, err);
1169 rfcomm_send_dm(s, dlci);
1172 rfcomm_send_ua(s, 0);
1174 if (s->state == BT_CONNECT)
1179 s->state = BT_CLOSED;
1180 rfcomm_session_close(s, err);
1186 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1188 struct sock *sk = d->session->sock->sk;
1190 BT_DBG("dlc %p", d);
1192 rfcomm_send_ua(d->session, d->dlci);
1195 d->state = BT_CONNECTED;
1196 d->state_change(d, 0);
1197 rfcomm_dlc_unlock(d);
1200 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);
1202 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1205 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1207 if (rfcomm_check_security(d)) {
1208 if (d->defer_setup) {
1209 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1210 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1212 rfcomm_dlc_accept(d);
1214 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1215 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1219 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1221 struct rfcomm_dlc *d;
1224 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1227 rfcomm_send_ua(s, 0);
1229 if (s->state == BT_OPEN) {
1230 s->state = BT_CONNECTED;
1231 rfcomm_process_connect(s);
1236 /* Check if DLC exists */
1237 d = rfcomm_dlc_get(s, dlci);
1239 if (d->state == BT_OPEN) {
1240 /* DLC was previously opened by PN request */
1241 rfcomm_check_accept(d);
1246 /* Notify socket layer about incoming connection */
1247 channel = __srv_channel(dlci);
1248 if (rfcomm_connect_ind(s, channel, &d)) {
1250 d->addr = __addr(s->initiator, dlci);
1251 rfcomm_dlc_link(s, d);
1253 rfcomm_check_accept(d);
1255 rfcomm_send_dm(s, dlci);
1261 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1263 struct rfcomm_session *s = d->session;
1265 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1266 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1268 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1269 pn->flow_ctrl == 0xe0) {
1270 d->cfc = RFCOMM_CFC_ENABLED;
1271 d->tx_credits = pn->credits;
1273 d->cfc = RFCOMM_CFC_DISABLED;
1274 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1277 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1280 d->priority = pn->priority;
1282 d->mtu = btohs(pn->mtu);
1284 if (cr && d->mtu > s->mtu)
1290 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1292 struct rfcomm_pn *pn = (void *) skb->data;
1293 struct rfcomm_dlc *d;
1296 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1301 d = rfcomm_dlc_get(s, dlci);
1305 rfcomm_apply_pn(d, cr, pn);
1306 rfcomm_send_pn(s, 0, d);
1311 rfcomm_apply_pn(d, cr, pn);
1313 d->state = BT_CONNECT;
1314 rfcomm_send_sabm(s, d->dlci);
1319 u8 channel = __srv_channel(dlci);
1324 /* PN request for non existing DLC.
1325 * Assume incoming connection. */
1326 if (rfcomm_connect_ind(s, channel, &d)) {
1328 d->addr = __addr(s->initiator, dlci);
1329 rfcomm_dlc_link(s, d);
1331 rfcomm_apply_pn(d, cr, pn);
1334 rfcomm_send_pn(s, 0, d);
1336 rfcomm_send_dm(s, dlci);
1342 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1344 struct rfcomm_rpn *rpn = (void *) skb->data;
1345 u8 dlci = __get_dlci(rpn->dlci);
1354 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1356 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1357 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1358 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1364 /* This is a request, return default settings */
1365 bit_rate = RFCOMM_RPN_BR_115200;
1366 data_bits = RFCOMM_RPN_DATA_8;
1367 stop_bits = RFCOMM_RPN_STOP_1;
1368 parity = RFCOMM_RPN_PARITY_NONE;
1369 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1370 xon_char = RFCOMM_RPN_XON_CHAR;
1371 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1375 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1376 * no parity, no flow control lines, normal XON/XOFF chars */
1378 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1379 bit_rate = rpn->bit_rate;
1380 if (bit_rate != RFCOMM_RPN_BR_115200) {
1381 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1382 bit_rate = RFCOMM_RPN_BR_115200;
1383 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1387 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1388 data_bits = __get_rpn_data_bits(rpn->line_settings);
1389 if (data_bits != RFCOMM_RPN_DATA_8) {
1390 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1391 data_bits = RFCOMM_RPN_DATA_8;
1392 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1396 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1397 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1398 if (stop_bits != RFCOMM_RPN_STOP_1) {
1399 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1400 stop_bits = RFCOMM_RPN_STOP_1;
1401 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1405 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1406 parity = __get_rpn_parity(rpn->line_settings);
1407 if (parity != RFCOMM_RPN_PARITY_NONE) {
1408 BT_DBG("RPN parity mismatch 0x%x", parity);
1409 parity = RFCOMM_RPN_PARITY_NONE;
1410 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1414 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1415 flow_ctrl = rpn->flow_ctrl;
1416 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1417 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1418 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1419 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1423 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1424 xon_char = rpn->xon_char;
1425 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1426 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1427 xon_char = RFCOMM_RPN_XON_CHAR;
1428 rpn_mask ^= RFCOMM_RPN_PM_XON;
1432 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1433 xoff_char = rpn->xoff_char;
1434 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1435 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1436 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1437 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1442 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1443 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1448 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1450 struct rfcomm_rls *rls = (void *) skb->data;
1451 u8 dlci = __get_dlci(rls->dlci);
1453 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1458 /* We should probably do something with this information here. But
1459 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1460 * mandatory to recognise and respond to RLS */
1462 rfcomm_send_rls(s, 0, dlci, rls->status);
1467 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1469 struct rfcomm_msc *msc = (void *) skb->data;
1470 struct rfcomm_dlc *d;
1471 u8 dlci = __get_dlci(msc->dlci);
1473 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1475 d = rfcomm_dlc_get(s, dlci);
1480 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1481 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1483 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1487 d->remote_v24_sig = msc->v24_sig;
1489 if (d->modem_status)
1490 d->modem_status(d, msc->v24_sig);
1492 rfcomm_dlc_unlock(d);
1494 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1496 d->mscex |= RFCOMM_MSCEX_RX;
1498 d->mscex |= RFCOMM_MSCEX_TX;
1503 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1505 struct rfcomm_mcc *mcc = (void *) skb->data;
1508 cr = __test_cr(mcc->type);
1509 type = __get_mcc_type(mcc->type);
1510 len = __get_mcc_len(mcc->len);
1512 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1518 rfcomm_recv_pn(s, cr, skb);
1522 rfcomm_recv_rpn(s, cr, len, skb);
1526 rfcomm_recv_rls(s, cr, skb);
1530 rfcomm_recv_msc(s, cr, skb);
1535 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1536 rfcomm_send_fcoff(s, 0);
1542 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1543 rfcomm_send_fcon(s, 0);
1549 rfcomm_send_test(s, 0, skb->data, skb->len);
1556 BT_ERR("Unknown control type 0x%02x", type);
1557 rfcomm_send_nsc(s, cr, type);
1563 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1565 struct rfcomm_dlc *d;
1567 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1569 d = rfcomm_dlc_get(s, dlci);
1571 rfcomm_send_dm(s, dlci);
1576 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1578 d->tx_credits += credits;
1580 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1583 if (skb->len && d->state == BT_CONNECTED) {
1586 d->data_ready(d, skb);
1587 rfcomm_dlc_unlock(d);
1596 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1598 struct rfcomm_hdr *hdr = (void *) skb->data;
1601 dlci = __get_dlci(hdr->addr);
1602 type = __get_type(hdr->ctrl);
1605 skb->len--; skb->tail--;
1606 fcs = *(u8 *)skb_tail_pointer(skb);
1608 if (__check_fcs(skb->data, type, fcs)) {
1609 BT_ERR("bad checksum in packet");
1614 if (__test_ea(hdr->len))
1621 if (__test_pf(hdr->ctrl))
1622 rfcomm_recv_sabm(s, dlci);
1626 if (__test_pf(hdr->ctrl))
1627 rfcomm_recv_disc(s, dlci);
1631 if (__test_pf(hdr->ctrl))
1632 rfcomm_recv_ua(s, dlci);
1636 rfcomm_recv_dm(s, dlci);
1641 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1643 rfcomm_recv_mcc(s, skb);
1647 BT_ERR("Unknown packet type 0x%02x\n", type);
1654 /* ---- Connection and data processing ---- */
1656 static void rfcomm_process_connect(struct rfcomm_session *s)
1658 struct rfcomm_dlc *d;
1659 struct list_head *p, *n;
1661 BT_DBG("session %p state %ld", s, s->state);
1663 list_for_each_safe(p, n, &s->dlcs) {
1664 d = list_entry(p, struct rfcomm_dlc, list);
1665 if (d->state == BT_CONFIG) {
1667 if (rfcomm_check_security(d)) {
1668 rfcomm_send_pn(s, 1, d);
1670 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1671 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1677 /* Send data queued for the DLC.
1678 * Return number of frames left in the queue.
1680 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1682 struct sk_buff *skb;
1685 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1686 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1688 /* Send pending MSC */
1689 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1690 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1694 * Give them some credits */
1695 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1696 d->rx_credits <= (d->cfc >> 2)) {
1697 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1698 d->rx_credits = d->cfc;
1702 * Give ourselves some credits */
1706 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1707 return skb_queue_len(&d->tx_queue);
1709 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1710 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1712 skb_queue_head(&d->tx_queue, skb);
1719 if (d->cfc && !d->tx_credits) {
1720 /* We're out of TX credits.
1721 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1722 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1725 return skb_queue_len(&d->tx_queue);
1728 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1730 struct rfcomm_dlc *d;
1731 struct list_head *p, *n;
1733 BT_DBG("session %p state %ld", s, s->state);
1735 list_for_each_safe(p, n, &s->dlcs) {
1736 d = list_entry(p, struct rfcomm_dlc, list);
1738 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1739 __rfcomm_dlc_close(d, ETIMEDOUT);
1743 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1744 rfcomm_dlc_clear_timer(d);
1746 rfcomm_send_pn(s, 1, d);
1747 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1749 if (d->defer_setup) {
1750 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1751 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1753 rfcomm_dlc_accept(d);
1756 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1757 rfcomm_dlc_clear_timer(d);
1759 rfcomm_send_dm(s, d->dlci);
1761 d->state = BT_CLOSED;
1762 __rfcomm_dlc_close(d, ECONNREFUSED);
1766 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1769 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1772 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1773 d->mscex == RFCOMM_MSCEX_OK)
1774 rfcomm_process_tx(d);
1778 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1780 struct socket *sock = s->sock;
1781 struct sock *sk = sock->sk;
1782 struct sk_buff *skb;
1784 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1786 /* Get data directly from socket receive queue without copying it. */
1787 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1789 rfcomm_recv_frame(s, skb);
1792 if (sk->sk_state == BT_CLOSED) {
1794 rfcomm_session_put(s);
1796 rfcomm_session_close(s, sk->sk_err);
1800 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1802 struct socket *sock = s->sock, *nsock;
1805 /* Fast check for a new connection.
1806 * Avoids unnesesary socket allocations. */
1807 if (list_empty(&bt_sk(sock->sk)->accept_q))
1810 BT_DBG("session %p", s);
1812 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1816 /* Set our callbacks */
1817 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1818 nsock->sk->sk_state_change = rfcomm_l2state_change;
1820 s = rfcomm_session_add(nsock, BT_OPEN);
1822 rfcomm_session_hold(s);
1824 /* We should adjust MTU on incoming sessions.
1825 * L2CAP MTU minus UIH header and FCS. */
1826 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5;
1828 rfcomm_schedule(RFCOMM_SCHED_RX);
1830 sock_release(nsock);
1833 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1835 struct sock *sk = s->sock->sk;
1837 BT_DBG("%p state %ld", s, s->state);
1839 switch(sk->sk_state) {
1841 s->state = BT_CONNECT;
1843 /* We can adjust MTU on outgoing sessions.
1844 * L2CAP MTU minus UIH header and FCS. */
1845 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1847 rfcomm_send_sabm(s, 0);
1851 s->state = BT_CLOSED;
1852 rfcomm_session_close(s, sk->sk_err);
1857 static inline void rfcomm_process_sessions(void)
1859 struct list_head *p, *n;
1863 list_for_each_safe(p, n, &session_list) {
1864 struct rfcomm_session *s;
1865 s = list_entry(p, struct rfcomm_session, list);
1867 if (s->state == BT_LISTEN) {
1868 rfcomm_accept_connection(s);
1872 rfcomm_session_hold(s);
1876 rfcomm_check_connection(s);
1880 rfcomm_process_rx(s);
1884 rfcomm_process_dlcs(s);
1886 rfcomm_session_put(s);
1892 static int rfcomm_add_listener(bdaddr_t *ba)
1894 struct sockaddr_l2 addr;
1895 struct socket *sock;
1897 struct rfcomm_session *s;
1901 err = rfcomm_l2sock_create(&sock);
1903 BT_ERR("Create socket failed %d", err);
1908 bacpy(&addr.l2_bdaddr, ba);
1909 addr.l2_family = AF_BLUETOOTH;
1910 addr.l2_psm = htobs(RFCOMM_PSM);
1911 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1913 BT_ERR("Bind failed %d", err);
1917 /* Set L2CAP options */
1920 l2cap_pi(sk)->imtu = l2cap_mtu;
1923 /* Start listening on the socket */
1924 err = kernel_listen(sock, 10);
1926 BT_ERR("Listen failed %d", err);
1930 /* Add listening session */
1931 s = rfcomm_session_add(sock, BT_LISTEN);
1935 rfcomm_session_hold(s);
1942 static void rfcomm_kill_listener(void)
1944 struct rfcomm_session *s;
1945 struct list_head *p, *n;
1949 list_for_each_safe(p, n, &session_list) {
1950 s = list_entry(p, struct rfcomm_session, list);
1951 rfcomm_session_del(s);
1955 static int rfcomm_run(void *unused)
1959 set_user_nice(current, -10);
1961 rfcomm_add_listener(BDADDR_ANY);
1963 while (!kthread_should_stop()) {
1964 set_current_state(TASK_INTERRUPTIBLE);
1965 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1966 /* No pending events. Let's sleep.
1967 * Incoming connections and data will wake us up. */
1970 set_current_state(TASK_RUNNING);
1973 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1974 rfcomm_process_sessions();
1977 rfcomm_kill_listener();
1982 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1984 struct rfcomm_session *s;
1985 struct rfcomm_dlc *d;
1986 struct list_head *p, *n;
1988 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
1990 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1994 rfcomm_session_hold(s);
1996 list_for_each_safe(p, n, &s->dlcs) {
1997 d = list_entry(p, struct rfcomm_dlc, list);
1999 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2000 rfcomm_dlc_clear_timer(d);
2001 if (status || encrypt == 0x00) {
2002 __rfcomm_dlc_close(d, ECONNREFUSED);
2007 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2008 if (d->sec_level == BT_SECURITY_MEDIUM) {
2009 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2010 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2012 } else if (d->sec_level == BT_SECURITY_HIGH) {
2013 __rfcomm_dlc_close(d, ECONNREFUSED);
2018 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2022 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2024 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2027 rfcomm_session_put(s);
2029 rfcomm_schedule(RFCOMM_SCHED_AUTH);
2032 static struct hci_cb rfcomm_cb = {
2034 .security_cfm = rfcomm_security_cfm
2037 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
2039 struct rfcomm_session *s;
2040 struct list_head *pp, *p;
2045 list_for_each(p, &session_list) {
2046 s = list_entry(p, struct rfcomm_session, list);
2047 list_for_each(pp, &s->dlcs) {
2048 struct sock *sk = s->sock->sk;
2049 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
2051 str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2052 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2053 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
2062 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
2064 /* ---- Initialization ---- */
2065 static int __init rfcomm_init(void)
2069 hci_register_cb(&rfcomm_cb);
2071 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2072 if (IS_ERR(rfcomm_thread)) {
2073 hci_unregister_cb(&rfcomm_cb);
2074 return PTR_ERR(rfcomm_thread);
2077 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0)
2078 BT_ERR("Failed to create RFCOMM info file");
2080 rfcomm_init_sockets();
2082 #ifdef CONFIG_BT_RFCOMM_TTY
2086 BT_INFO("RFCOMM ver %s", VERSION);
2091 static void __exit rfcomm_exit(void)
2093 class_remove_file(bt_class, &class_attr_rfcomm_dlc);
2095 hci_unregister_cb(&rfcomm_cb);
2097 kthread_stop(rfcomm_thread);
2099 #ifdef CONFIG_BT_RFCOMM_TTY
2100 rfcomm_cleanup_ttys();
2103 rfcomm_cleanup_sockets();
2106 module_init(rfcomm_init);
2107 module_exit(rfcomm_exit);
2109 module_param(disable_cfc, bool, 0644);
2110 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2112 module_param(channel_mtu, int, 0644);
2113 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2115 module_param(l2cap_mtu, uint, 0644);
2116 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2118 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2119 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2120 MODULE_VERSION(VERSION);
2121 MODULE_LICENSE("GPL");
2122 MODULE_ALIAS("bt-proto-3");
git.openpandora.org / pandora-kernel.git / blob