2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/kernel.h>
31 #include <linux/sched.h>
32 #include <linux/signal.h>
33 #include <linux/init.h>
34 #include <linux/wait.h>
35 #include <linux/device.h>
36 #include <linux/net.h>
37 #include <linux/mutex.h>
38 #include <linux/kthread.h>
41 #include <asm/uaccess.h>
42 #include <asm/unaligned.h>
44 #include <net/bluetooth/bluetooth.h>
45 #include <net/bluetooth/hci_core.h>
46 #include <net/bluetooth/l2cap.h>
47 #include <net/bluetooth/rfcomm.h>
49 #define VERSION "1.11"
51 static int disable_cfc = 0;
52 static int channel_mtu = -1;
53 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
54 static int l2cap_ertm = 0;
56 static struct task_struct *rfcomm_thread;
58 static DEFINE_MUTEX(rfcomm_mutex);
59 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
60 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
62 static unsigned long rfcomm_event;
64 static LIST_HEAD(session_list);
66 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
67 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
68 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
69 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
70 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
71 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
72 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
73 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
74 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
75 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
77 static void rfcomm_process_connect(struct rfcomm_session *s);
79 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
80 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
81 static void rfcomm_session_del(struct rfcomm_session *s);
83 /* ---- RFCOMM frame parsing macros ---- */
84 #define __get_dlci(b) ((b & 0xfc) >> 2)
85 #define __get_channel(b) ((b & 0xf8) >> 3)
86 #define __get_dir(b) ((b & 0x04) >> 2)
87 #define __get_type(b) ((b & 0xef))
89 #define __test_ea(b) ((b & 0x01))
90 #define __test_cr(b) ((b & 0x02))
91 #define __test_pf(b) ((b & 0x10))
93 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
94 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
95 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
96 #define __srv_channel(dlci) (dlci >> 1)
97 #define __dir(dlci) (dlci & 0x01)
99 #define __len8(len) (((len) << 1) | 1)
100 #define __len16(len) ((len) << 1)
103 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
104 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
105 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
108 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
109 #define __get_rpn_data_bits(line) ((line) & 0x3)
110 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
111 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
113 static inline void rfcomm_schedule(uint event)
117 //set_bit(event, &rfcomm_event);
118 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
119 wake_up_process(rfcomm_thread);
122 static inline void rfcomm_session_put(struct rfcomm_session *s)
124 if (atomic_dec_and_test(&s->refcnt))
125 rfcomm_session_del(s);
128 /* ---- RFCOMM FCS computation ---- */
130 /* reversed, 8-bit, poly=0x07 */
131 static unsigned char rfcomm_crc_table[256] = {
132 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
133 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
134 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
135 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
137 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
138 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
139 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
140 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
142 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
143 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
144 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
145 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
147 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
148 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
149 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
150 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
152 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
153 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
154 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
155 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
157 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
158 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
159 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
160 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
162 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
163 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
164 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
165 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
167 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
168 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
169 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
170 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
174 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
177 static inline u8 __fcs(u8 *data)
179 return (0xff - __crc(data));
183 static inline u8 __fcs2(u8 *data)
185 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
189 static inline int __check_fcs(u8 *data, int type, u8 fcs)
193 if (type != RFCOMM_UIH)
194 f = rfcomm_crc_table[f ^ data[2]];
196 return rfcomm_crc_table[f ^ fcs] != 0xcf;
199 /* ---- L2CAP callbacks ---- */
200 static void rfcomm_l2state_change(struct sock *sk)
202 BT_DBG("%p state %d", sk, sk->sk_state);
203 rfcomm_schedule(RFCOMM_SCHED_STATE);
206 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
208 BT_DBG("%p bytes %d", sk, bytes);
209 rfcomm_schedule(RFCOMM_SCHED_RX);
212 static int rfcomm_l2sock_create(struct socket **sock)
218 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
220 struct sock *sk = (*sock)->sk;
221 sk->sk_data_ready = rfcomm_l2data_ready;
222 sk->sk_state_change = rfcomm_l2state_change;
227 static inline int rfcomm_check_security(struct rfcomm_dlc *d)
229 struct sock *sk = d->session->sock->sk;
232 switch (d->sec_level) {
233 case BT_SECURITY_HIGH:
234 auth_type = HCI_AT_GENERAL_BONDING_MITM;
236 case BT_SECURITY_MEDIUM:
237 auth_type = HCI_AT_GENERAL_BONDING;
240 auth_type = HCI_AT_NO_BONDING;
244 return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level,
248 static void rfcomm_session_timeout(unsigned long arg)
250 struct rfcomm_session *s = (void *) arg;
252 BT_DBG("session %p state %ld", s, s->state);
254 set_bit(RFCOMM_TIMED_OUT, &s->flags);
255 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
258 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
260 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
262 if (!mod_timer(&s->timer, jiffies + timeout))
263 rfcomm_session_hold(s);
266 static void rfcomm_session_clear_timer(struct rfcomm_session *s)
268 BT_DBG("session %p state %ld", s, s->state);
270 if (timer_pending(&s->timer) && del_timer(&s->timer))
271 rfcomm_session_put(s);
274 /* ---- RFCOMM DLCs ---- */
275 static void rfcomm_dlc_timeout(unsigned long arg)
277 struct rfcomm_dlc *d = (void *) arg;
279 BT_DBG("dlc %p state %ld", d, d->state);
281 set_bit(RFCOMM_TIMED_OUT, &d->flags);
283 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
286 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
288 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
290 if (!mod_timer(&d->timer, jiffies + timeout))
294 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
296 BT_DBG("dlc %p state %ld", d, d->state);
298 if (timer_pending(&d->timer) && del_timer(&d->timer))
302 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
309 d->mtu = RFCOMM_DEFAULT_MTU;
310 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
312 d->cfc = RFCOMM_CFC_DISABLED;
313 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
316 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
318 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
323 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
325 skb_queue_head_init(&d->tx_queue);
326 spin_lock_init(&d->lock);
327 atomic_set(&d->refcnt, 1);
329 rfcomm_dlc_clear_state(d);
336 void rfcomm_dlc_free(struct rfcomm_dlc *d)
340 skb_queue_purge(&d->tx_queue);
344 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
346 BT_DBG("dlc %p session %p", d, s);
348 rfcomm_session_hold(s);
350 rfcomm_session_clear_timer(s);
352 list_add(&d->list, &s->dlcs);
356 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
358 struct rfcomm_session *s = d->session;
360 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
366 if (list_empty(&s->dlcs))
367 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
369 rfcomm_session_put(s);
372 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
374 struct rfcomm_dlc *d;
377 list_for_each(p, &s->dlcs) {
378 d = list_entry(p, struct rfcomm_dlc, list);
385 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
387 struct rfcomm_session *s;
391 BT_DBG("dlc %p state %ld %s %s channel %d",
392 d, d->state, batostr(src), batostr(dst), channel);
394 if (channel < 1 || channel > 30)
397 if (d->state != BT_OPEN && d->state != BT_CLOSED)
400 s = rfcomm_session_get(src, dst);
402 s = rfcomm_session_create(src, dst, &err);
407 dlci = __dlci(!s->initiator, channel);
409 /* Check if DLCI already exists */
410 if (rfcomm_dlc_get(s, dlci))
413 rfcomm_dlc_clear_state(d);
416 d->addr = __addr(s->initiator, dlci);
419 d->state = BT_CONFIG;
420 rfcomm_dlc_link(s, d);
425 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
427 if (s->state == BT_CONNECTED) {
428 if (rfcomm_check_security(d))
429 rfcomm_send_pn(s, 1, d);
431 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
434 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
439 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
445 r = __rfcomm_dlc_open(d, src, dst, channel);
451 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
453 struct rfcomm_session *s = d->session;
457 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
458 d, d->state, d->dlci, err, s);
463 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
464 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
465 rfcomm_schedule(RFCOMM_SCHED_AUTH);
471 d->state = BT_DISCONN;
472 if (skb_queue_empty(&d->tx_queue)) {
473 rfcomm_send_disc(s, d->dlci);
474 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
476 rfcomm_queue_disc(d);
477 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
483 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
484 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
485 rfcomm_schedule(RFCOMM_SCHED_AUTH);
491 rfcomm_dlc_clear_timer(d);
494 d->state = BT_CLOSED;
495 d->state_change(d, err);
496 rfcomm_dlc_unlock(d);
498 skb_queue_purge(&d->tx_queue);
499 rfcomm_dlc_unlink(d);
505 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
511 r = __rfcomm_dlc_close(d, err);
517 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
521 if (d->state != BT_CONNECTED)
524 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
529 rfcomm_make_uih(skb, d->addr);
530 skb_queue_tail(&d->tx_queue, skb);
532 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
533 rfcomm_schedule(RFCOMM_SCHED_TX);
537 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
539 BT_DBG("dlc %p state %ld", d, d->state);
542 d->v24_sig |= RFCOMM_V24_FC;
543 set_bit(RFCOMM_MSC_PENDING, &d->flags);
545 rfcomm_schedule(RFCOMM_SCHED_TX);
548 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
550 BT_DBG("dlc %p state %ld", d, d->state);
553 d->v24_sig &= ~RFCOMM_V24_FC;
554 set_bit(RFCOMM_MSC_PENDING, &d->flags);
556 rfcomm_schedule(RFCOMM_SCHED_TX);
560 Set/get modem status functions use _local_ status i.e. what we report
562 Remote status is provided by dlc->modem_status() callback.
564 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
566 BT_DBG("dlc %p state %ld v24_sig 0x%x",
567 d, d->state, v24_sig);
569 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
570 v24_sig |= RFCOMM_V24_FC;
572 v24_sig &= ~RFCOMM_V24_FC;
574 d->v24_sig = v24_sig;
576 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
577 rfcomm_schedule(RFCOMM_SCHED_TX);
582 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
584 BT_DBG("dlc %p state %ld v24_sig 0x%x",
585 d, d->state, d->v24_sig);
587 *v24_sig = d->v24_sig;
591 /* ---- RFCOMM sessions ---- */
592 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
594 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
599 BT_DBG("session %p sock %p", s, sock);
601 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
603 INIT_LIST_HEAD(&s->dlcs);
607 s->mtu = RFCOMM_DEFAULT_MTU;
608 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
610 /* Do not increment module usage count for listening sessions.
611 * Otherwise we won't be able to unload the module. */
612 if (state != BT_LISTEN)
613 if (!try_module_get(THIS_MODULE)) {
618 list_add(&s->list, &session_list);
623 static void rfcomm_session_del(struct rfcomm_session *s)
625 int state = s->state;
627 BT_DBG("session %p state %ld", s, s->state);
631 if (state == BT_CONNECTED)
632 rfcomm_send_disc(s, 0);
634 rfcomm_session_clear_timer(s);
635 sock_release(s->sock);
638 if (state != BT_LISTEN)
639 module_put(THIS_MODULE);
642 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
644 struct rfcomm_session *s;
645 struct list_head *p, *n;
647 list_for_each_safe(p, n, &session_list) {
648 s = list_entry(p, struct rfcomm_session, list);
649 sk = bt_sk(s->sock->sk);
651 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
652 !bacmp(&sk->dst, dst))
658 static void rfcomm_session_close(struct rfcomm_session *s, int err)
660 struct rfcomm_dlc *d;
661 struct list_head *p, *n;
663 BT_DBG("session %p state %ld err %d", s, s->state, err);
665 rfcomm_session_hold(s);
667 s->state = BT_CLOSED;
670 list_for_each_safe(p, n, &s->dlcs) {
671 d = list_entry(p, struct rfcomm_dlc, list);
672 d->state = BT_CLOSED;
673 __rfcomm_dlc_close(d, err);
676 rfcomm_session_clear_timer(s);
677 rfcomm_session_put(s);
680 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
682 struct rfcomm_session *s = NULL;
683 struct sockaddr_l2 addr;
687 BT_DBG("%s %s", batostr(src), batostr(dst));
689 *err = rfcomm_l2sock_create(&sock);
693 bacpy(&addr.l2_bdaddr, src);
694 addr.l2_family = AF_BLUETOOTH;
697 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
701 /* Set L2CAP options */
704 l2cap_pi(sk)->imtu = l2cap_mtu;
706 l2cap_pi(sk)->mode = L2CAP_MODE_ERTM;
709 s = rfcomm_session_add(sock, BT_BOUND);
717 bacpy(&addr.l2_bdaddr, dst);
718 addr.l2_family = AF_BLUETOOTH;
719 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
721 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
722 if (*err == 0 || *err == -EINPROGRESS)
725 rfcomm_session_del(s);
733 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
735 struct sock *sk = s->sock->sk;
737 bacpy(src, &bt_sk(sk)->src);
739 bacpy(dst, &bt_sk(sk)->dst);
742 /* ---- RFCOMM frame sending ---- */
743 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
745 struct socket *sock = s->sock;
746 struct kvec iv = { data, len };
749 BT_DBG("session %p len %d", s, len);
751 memset(&msg, 0, sizeof(msg));
753 return kernel_sendmsg(sock, &msg, &iv, 1, len);
756 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
758 struct rfcomm_cmd cmd;
760 BT_DBG("%p dlci %d", s, dlci);
762 cmd.addr = __addr(s->initiator, dlci);
763 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
765 cmd.fcs = __fcs2((u8 *) &cmd);
767 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
770 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
772 struct rfcomm_cmd cmd;
774 BT_DBG("%p dlci %d", s, dlci);
776 cmd.addr = __addr(!s->initiator, dlci);
777 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
779 cmd.fcs = __fcs2((u8 *) &cmd);
781 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
784 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
786 struct rfcomm_cmd cmd;
788 BT_DBG("%p dlci %d", s, dlci);
790 cmd.addr = __addr(s->initiator, dlci);
791 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
793 cmd.fcs = __fcs2((u8 *) &cmd);
795 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
798 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
800 struct rfcomm_cmd *cmd;
803 BT_DBG("dlc %p dlci %d", d, d->dlci);
805 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
809 cmd = (void *) __skb_put(skb, sizeof(*cmd));
811 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
812 cmd->len = __len8(0);
813 cmd->fcs = __fcs2((u8 *) cmd);
815 skb_queue_tail(&d->tx_queue, skb);
816 rfcomm_schedule(RFCOMM_SCHED_TX);
820 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
822 struct rfcomm_cmd cmd;
824 BT_DBG("%p dlci %d", s, dlci);
826 cmd.addr = __addr(!s->initiator, dlci);
827 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
829 cmd.fcs = __fcs2((u8 *) &cmd);
831 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
834 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
836 struct rfcomm_hdr *hdr;
837 struct rfcomm_mcc *mcc;
838 u8 buf[16], *ptr = buf;
840 BT_DBG("%p cr %d type %d", s, cr, type);
842 hdr = (void *) ptr; ptr += sizeof(*hdr);
843 hdr->addr = __addr(s->initiator, 0);
844 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
845 hdr->len = __len8(sizeof(*mcc) + 1);
847 mcc = (void *) ptr; ptr += sizeof(*mcc);
848 mcc->type = __mcc_type(cr, RFCOMM_NSC);
849 mcc->len = __len8(1);
851 /* Type that we didn't like */
852 *ptr = __mcc_type(cr, type); ptr++;
854 *ptr = __fcs(buf); ptr++;
856 return rfcomm_send_frame(s, buf, ptr - buf);
859 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
861 struct rfcomm_hdr *hdr;
862 struct rfcomm_mcc *mcc;
863 struct rfcomm_pn *pn;
864 u8 buf[16], *ptr = buf;
866 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
868 hdr = (void *) ptr; ptr += sizeof(*hdr);
869 hdr->addr = __addr(s->initiator, 0);
870 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
871 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
873 mcc = (void *) ptr; ptr += sizeof(*mcc);
874 mcc->type = __mcc_type(cr, RFCOMM_PN);
875 mcc->len = __len8(sizeof(*pn));
877 pn = (void *) ptr; ptr += sizeof(*pn);
879 pn->priority = d->priority;
884 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
885 pn->credits = RFCOMM_DEFAULT_CREDITS;
891 if (cr && channel_mtu >= 0)
892 pn->mtu = cpu_to_le16(channel_mtu);
894 pn->mtu = cpu_to_le16(d->mtu);
896 *ptr = __fcs(buf); ptr++;
898 return rfcomm_send_frame(s, buf, ptr - buf);
901 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
902 u8 bit_rate, u8 data_bits, u8 stop_bits,
903 u8 parity, u8 flow_ctrl_settings,
904 u8 xon_char, u8 xoff_char, u16 param_mask)
906 struct rfcomm_hdr *hdr;
907 struct rfcomm_mcc *mcc;
908 struct rfcomm_rpn *rpn;
909 u8 buf[16], *ptr = buf;
911 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
912 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
913 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
914 flow_ctrl_settings, xon_char, xoff_char, param_mask);
916 hdr = (void *) ptr; ptr += sizeof(*hdr);
917 hdr->addr = __addr(s->initiator, 0);
918 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
919 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
921 mcc = (void *) ptr; ptr += sizeof(*mcc);
922 mcc->type = __mcc_type(cr, RFCOMM_RPN);
923 mcc->len = __len8(sizeof(*rpn));
925 rpn = (void *) ptr; ptr += sizeof(*rpn);
926 rpn->dlci = __addr(1, dlci);
927 rpn->bit_rate = bit_rate;
928 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
929 rpn->flow_ctrl = flow_ctrl_settings;
930 rpn->xon_char = xon_char;
931 rpn->xoff_char = xoff_char;
932 rpn->param_mask = cpu_to_le16(param_mask);
934 *ptr = __fcs(buf); ptr++;
936 return rfcomm_send_frame(s, buf, ptr - buf);
939 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
941 struct rfcomm_hdr *hdr;
942 struct rfcomm_mcc *mcc;
943 struct rfcomm_rls *rls;
944 u8 buf[16], *ptr = buf;
946 BT_DBG("%p cr %d status 0x%x", s, cr, status);
948 hdr = (void *) ptr; ptr += sizeof(*hdr);
949 hdr->addr = __addr(s->initiator, 0);
950 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
951 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
953 mcc = (void *) ptr; ptr += sizeof(*mcc);
954 mcc->type = __mcc_type(cr, RFCOMM_RLS);
955 mcc->len = __len8(sizeof(*rls));
957 rls = (void *) ptr; ptr += sizeof(*rls);
958 rls->dlci = __addr(1, dlci);
959 rls->status = status;
961 *ptr = __fcs(buf); ptr++;
963 return rfcomm_send_frame(s, buf, ptr - buf);
966 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
968 struct rfcomm_hdr *hdr;
969 struct rfcomm_mcc *mcc;
970 struct rfcomm_msc *msc;
971 u8 buf[16], *ptr = buf;
973 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
975 hdr = (void *) ptr; ptr += sizeof(*hdr);
976 hdr->addr = __addr(s->initiator, 0);
977 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
978 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
980 mcc = (void *) ptr; ptr += sizeof(*mcc);
981 mcc->type = __mcc_type(cr, RFCOMM_MSC);
982 mcc->len = __len8(sizeof(*msc));
984 msc = (void *) ptr; ptr += sizeof(*msc);
985 msc->dlci = __addr(1, dlci);
986 msc->v24_sig = v24_sig | 0x01;
988 *ptr = __fcs(buf); ptr++;
990 return rfcomm_send_frame(s, buf, ptr - buf);
993 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
995 struct rfcomm_hdr *hdr;
996 struct rfcomm_mcc *mcc;
997 u8 buf[16], *ptr = buf;
999 BT_DBG("%p cr %d", s, cr);
1001 hdr = (void *) ptr; ptr += sizeof(*hdr);
1002 hdr->addr = __addr(s->initiator, 0);
1003 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1004 hdr->len = __len8(sizeof(*mcc));
1006 mcc = (void *) ptr; ptr += sizeof(*mcc);
1007 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1008 mcc->len = __len8(0);
1010 *ptr = __fcs(buf); ptr++;
1012 return rfcomm_send_frame(s, buf, ptr - buf);
1015 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1017 struct rfcomm_hdr *hdr;
1018 struct rfcomm_mcc *mcc;
1019 u8 buf[16], *ptr = buf;
1021 BT_DBG("%p cr %d", s, cr);
1023 hdr = (void *) ptr; ptr += sizeof(*hdr);
1024 hdr->addr = __addr(s->initiator, 0);
1025 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1026 hdr->len = __len8(sizeof(*mcc));
1028 mcc = (void *) ptr; ptr += sizeof(*mcc);
1029 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1030 mcc->len = __len8(0);
1032 *ptr = __fcs(buf); ptr++;
1034 return rfcomm_send_frame(s, buf, ptr - buf);
1037 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1039 struct socket *sock = s->sock;
1042 unsigned char hdr[5], crc[1];
1047 BT_DBG("%p cr %d", s, cr);
1049 hdr[0] = __addr(s->initiator, 0);
1050 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1051 hdr[2] = 0x01 | ((len + 2) << 1);
1052 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1053 hdr[4] = 0x01 | (len << 1);
1055 crc[0] = __fcs(hdr);
1057 iv[0].iov_base = hdr;
1059 iv[1].iov_base = pattern;
1060 iv[1].iov_len = len;
1061 iv[2].iov_base = crc;
1064 memset(&msg, 0, sizeof(msg));
1066 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1069 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1071 struct rfcomm_hdr *hdr;
1072 u8 buf[16], *ptr = buf;
1074 BT_DBG("%p addr %d credits %d", s, addr, credits);
1076 hdr = (void *) ptr; ptr += sizeof(*hdr);
1078 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1079 hdr->len = __len8(0);
1081 *ptr = credits; ptr++;
1083 *ptr = __fcs(buf); ptr++;
1085 return rfcomm_send_frame(s, buf, ptr - buf);
1088 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1090 struct rfcomm_hdr *hdr;
1095 hdr = (void *) skb_push(skb, 4);
1096 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1098 hdr = (void *) skb_push(skb, 3);
1099 hdr->len = __len8(len);
1102 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1104 crc = skb_put(skb, 1);
1105 *crc = __fcs((void *) hdr);
1108 /* ---- RFCOMM frame reception ---- */
1109 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1111 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1115 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1117 rfcomm_send_dm(s, dlci);
1123 rfcomm_dlc_clear_timer(d);
1126 d->state = BT_CONNECTED;
1127 d->state_change(d, 0);
1128 rfcomm_dlc_unlock(d);
1130 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1134 d->state = BT_CLOSED;
1135 __rfcomm_dlc_close(d, 0);
1137 if (list_empty(&s->dlcs)) {
1138 s->state = BT_DISCONN;
1139 rfcomm_send_disc(s, 0);
1145 /* Control channel */
1148 s->state = BT_CONNECTED;
1149 rfcomm_process_connect(s);
1153 rfcomm_session_put(s);
1160 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1164 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1168 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1170 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1175 d->state = BT_CLOSED;
1176 __rfcomm_dlc_close(d, err);
1179 if (s->state == BT_CONNECT)
1184 s->state = BT_CLOSED;
1185 rfcomm_session_close(s, err);
1190 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1194 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1197 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1199 rfcomm_send_ua(s, dlci);
1201 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1206 d->state = BT_CLOSED;
1207 __rfcomm_dlc_close(d, err);
1209 rfcomm_send_dm(s, dlci);
1212 rfcomm_send_ua(s, 0);
1214 if (s->state == BT_CONNECT)
1219 s->state = BT_CLOSED;
1220 rfcomm_session_close(s, err);
1226 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1228 struct sock *sk = d->session->sock->sk;
1230 BT_DBG("dlc %p", d);
1232 rfcomm_send_ua(d->session, d->dlci);
1234 rfcomm_dlc_clear_timer(d);
1237 d->state = BT_CONNECTED;
1238 d->state_change(d, 0);
1239 rfcomm_dlc_unlock(d);
1242 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);
1244 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1247 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1249 if (rfcomm_check_security(d)) {
1250 if (d->defer_setup) {
1251 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1252 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1255 d->state = BT_CONNECT2;
1256 d->state_change(d, 0);
1257 rfcomm_dlc_unlock(d);
1259 rfcomm_dlc_accept(d);
1261 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1262 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1266 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1268 struct rfcomm_dlc *d;
1271 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1274 rfcomm_send_ua(s, 0);
1276 if (s->state == BT_OPEN) {
1277 s->state = BT_CONNECTED;
1278 rfcomm_process_connect(s);
1283 /* Check if DLC exists */
1284 d = rfcomm_dlc_get(s, dlci);
1286 if (d->state == BT_OPEN) {
1287 /* DLC was previously opened by PN request */
1288 rfcomm_check_accept(d);
1293 /* Notify socket layer about incoming connection */
1294 channel = __srv_channel(dlci);
1295 if (rfcomm_connect_ind(s, channel, &d)) {
1297 d->addr = __addr(s->initiator, dlci);
1298 rfcomm_dlc_link(s, d);
1300 rfcomm_check_accept(d);
1302 rfcomm_send_dm(s, dlci);
1308 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1310 struct rfcomm_session *s = d->session;
1312 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1313 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1315 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1316 pn->flow_ctrl == 0xe0) {
1317 d->cfc = RFCOMM_CFC_ENABLED;
1318 d->tx_credits = pn->credits;
1320 d->cfc = RFCOMM_CFC_DISABLED;
1321 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1324 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1327 d->priority = pn->priority;
1329 d->mtu = __le16_to_cpu(pn->mtu);
1331 if (cr && d->mtu > s->mtu)
1337 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1339 struct rfcomm_pn *pn = (void *) skb->data;
1340 struct rfcomm_dlc *d;
1343 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1348 d = rfcomm_dlc_get(s, dlci);
1352 rfcomm_apply_pn(d, cr, pn);
1353 rfcomm_send_pn(s, 0, d);
1358 rfcomm_apply_pn(d, cr, pn);
1360 d->state = BT_CONNECT;
1361 rfcomm_send_sabm(s, d->dlci);
1366 u8 channel = __srv_channel(dlci);
1371 /* PN request for non existing DLC.
1372 * Assume incoming connection. */
1373 if (rfcomm_connect_ind(s, channel, &d)) {
1375 d->addr = __addr(s->initiator, dlci);
1376 rfcomm_dlc_link(s, d);
1378 rfcomm_apply_pn(d, cr, pn);
1381 rfcomm_send_pn(s, 0, d);
1383 rfcomm_send_dm(s, dlci);
1389 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1391 struct rfcomm_rpn *rpn = (void *) skb->data;
1392 u8 dlci = __get_dlci(rpn->dlci);
1401 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1403 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1404 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1405 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1411 /* This is a request, return default settings */
1412 bit_rate = RFCOMM_RPN_BR_115200;
1413 data_bits = RFCOMM_RPN_DATA_8;
1414 stop_bits = RFCOMM_RPN_STOP_1;
1415 parity = RFCOMM_RPN_PARITY_NONE;
1416 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1417 xon_char = RFCOMM_RPN_XON_CHAR;
1418 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1422 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1423 * no parity, no flow control lines, normal XON/XOFF chars */
1425 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1426 bit_rate = rpn->bit_rate;
1427 if (bit_rate != RFCOMM_RPN_BR_115200) {
1428 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1429 bit_rate = RFCOMM_RPN_BR_115200;
1430 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1434 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1435 data_bits = __get_rpn_data_bits(rpn->line_settings);
1436 if (data_bits != RFCOMM_RPN_DATA_8) {
1437 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1438 data_bits = RFCOMM_RPN_DATA_8;
1439 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1443 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1444 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1445 if (stop_bits != RFCOMM_RPN_STOP_1) {
1446 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1447 stop_bits = RFCOMM_RPN_STOP_1;
1448 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1452 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1453 parity = __get_rpn_parity(rpn->line_settings);
1454 if (parity != RFCOMM_RPN_PARITY_NONE) {
1455 BT_DBG("RPN parity mismatch 0x%x", parity);
1456 parity = RFCOMM_RPN_PARITY_NONE;
1457 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1461 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1462 flow_ctrl = rpn->flow_ctrl;
1463 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1464 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1465 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1466 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1470 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1471 xon_char = rpn->xon_char;
1472 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1473 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1474 xon_char = RFCOMM_RPN_XON_CHAR;
1475 rpn_mask ^= RFCOMM_RPN_PM_XON;
1479 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1480 xoff_char = rpn->xoff_char;
1481 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1482 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1483 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1484 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1489 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1490 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1495 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1497 struct rfcomm_rls *rls = (void *) skb->data;
1498 u8 dlci = __get_dlci(rls->dlci);
1500 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1505 /* We should probably do something with this information here. But
1506 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1507 * mandatory to recognise and respond to RLS */
1509 rfcomm_send_rls(s, 0, dlci, rls->status);
1514 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1516 struct rfcomm_msc *msc = (void *) skb->data;
1517 struct rfcomm_dlc *d;
1518 u8 dlci = __get_dlci(msc->dlci);
1520 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1522 d = rfcomm_dlc_get(s, dlci);
1527 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1528 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1530 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1534 d->remote_v24_sig = msc->v24_sig;
1536 if (d->modem_status)
1537 d->modem_status(d, msc->v24_sig);
1539 rfcomm_dlc_unlock(d);
1541 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1543 d->mscex |= RFCOMM_MSCEX_RX;
1545 d->mscex |= RFCOMM_MSCEX_TX;
1550 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1552 struct rfcomm_mcc *mcc = (void *) skb->data;
1555 cr = __test_cr(mcc->type);
1556 type = __get_mcc_type(mcc->type);
1557 len = __get_mcc_len(mcc->len);
1559 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1565 rfcomm_recv_pn(s, cr, skb);
1569 rfcomm_recv_rpn(s, cr, len, skb);
1573 rfcomm_recv_rls(s, cr, skb);
1577 rfcomm_recv_msc(s, cr, skb);
1582 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1583 rfcomm_send_fcoff(s, 0);
1589 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1590 rfcomm_send_fcon(s, 0);
1596 rfcomm_send_test(s, 0, skb->data, skb->len);
1603 BT_ERR("Unknown control type 0x%02x", type);
1604 rfcomm_send_nsc(s, cr, type);
1610 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1612 struct rfcomm_dlc *d;
1614 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1616 d = rfcomm_dlc_get(s, dlci);
1618 rfcomm_send_dm(s, dlci);
1623 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1625 d->tx_credits += credits;
1627 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1630 if (skb->len && d->state == BT_CONNECTED) {
1633 d->data_ready(d, skb);
1634 rfcomm_dlc_unlock(d);
1643 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1645 struct rfcomm_hdr *hdr = (void *) skb->data;
1648 dlci = __get_dlci(hdr->addr);
1649 type = __get_type(hdr->ctrl);
1652 skb->len--; skb->tail--;
1653 fcs = *(u8 *)skb_tail_pointer(skb);
1655 if (__check_fcs(skb->data, type, fcs)) {
1656 BT_ERR("bad checksum in packet");
1661 if (__test_ea(hdr->len))
1668 if (__test_pf(hdr->ctrl))
1669 rfcomm_recv_sabm(s, dlci);
1673 if (__test_pf(hdr->ctrl))
1674 rfcomm_recv_disc(s, dlci);
1678 if (__test_pf(hdr->ctrl))
1679 rfcomm_recv_ua(s, dlci);
1683 rfcomm_recv_dm(s, dlci);
1688 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1690 rfcomm_recv_mcc(s, skb);
1694 BT_ERR("Unknown packet type 0x%02x\n", type);
1701 /* ---- Connection and data processing ---- */
1703 static void rfcomm_process_connect(struct rfcomm_session *s)
1705 struct rfcomm_dlc *d;
1706 struct list_head *p, *n;
1708 BT_DBG("session %p state %ld", s, s->state);
1710 list_for_each_safe(p, n, &s->dlcs) {
1711 d = list_entry(p, struct rfcomm_dlc, list);
1712 if (d->state == BT_CONFIG) {
1714 if (rfcomm_check_security(d)) {
1715 rfcomm_send_pn(s, 1, d);
1717 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1718 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1724 /* Send data queued for the DLC.
1725 * Return number of frames left in the queue.
1727 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1729 struct sk_buff *skb;
1732 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1733 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1735 /* Send pending MSC */
1736 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1737 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1741 * Give them some credits */
1742 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1743 d->rx_credits <= (d->cfc >> 2)) {
1744 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1745 d->rx_credits = d->cfc;
1749 * Give ourselves some credits */
1753 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1754 return skb_queue_len(&d->tx_queue);
1756 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1757 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1759 skb_queue_head(&d->tx_queue, skb);
1766 if (d->cfc && !d->tx_credits) {
1767 /* We're out of TX credits.
1768 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1769 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1772 return skb_queue_len(&d->tx_queue);
1775 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1777 struct rfcomm_dlc *d;
1778 struct list_head *p, *n;
1780 BT_DBG("session %p state %ld", s, s->state);
1782 list_for_each_safe(p, n, &s->dlcs) {
1783 d = list_entry(p, struct rfcomm_dlc, list);
1785 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1786 __rfcomm_dlc_close(d, ETIMEDOUT);
1790 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1791 rfcomm_dlc_clear_timer(d);
1793 rfcomm_send_pn(s, 1, d);
1794 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1796 if (d->defer_setup) {
1797 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1798 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1801 d->state = BT_CONNECT2;
1802 d->state_change(d, 0);
1803 rfcomm_dlc_unlock(d);
1805 rfcomm_dlc_accept(d);
1808 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1809 rfcomm_dlc_clear_timer(d);
1811 rfcomm_send_dm(s, d->dlci);
1813 d->state = BT_CLOSED;
1814 __rfcomm_dlc_close(d, ECONNREFUSED);
1818 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1821 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1824 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1825 d->mscex == RFCOMM_MSCEX_OK)
1826 rfcomm_process_tx(d);
1830 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1832 struct socket *sock = s->sock;
1833 struct sock *sk = sock->sk;
1834 struct sk_buff *skb;
1836 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1838 /* Get data directly from socket receive queue without copying it. */
1839 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1841 rfcomm_recv_frame(s, skb);
1844 if (sk->sk_state == BT_CLOSED) {
1846 rfcomm_session_put(s);
1848 rfcomm_session_close(s, sk->sk_err);
1852 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1854 struct socket *sock = s->sock, *nsock;
1857 /* Fast check for a new connection.
1858 * Avoids unnesesary socket allocations. */
1859 if (list_empty(&bt_sk(sock->sk)->accept_q))
1862 BT_DBG("session %p", s);
1864 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1868 /* Set our callbacks */
1869 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1870 nsock->sk->sk_state_change = rfcomm_l2state_change;
1872 s = rfcomm_session_add(nsock, BT_OPEN);
1874 rfcomm_session_hold(s);
1876 /* We should adjust MTU on incoming sessions.
1877 * L2CAP MTU minus UIH header and FCS. */
1878 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5;
1880 rfcomm_schedule(RFCOMM_SCHED_RX);
1882 sock_release(nsock);
1885 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1887 struct sock *sk = s->sock->sk;
1889 BT_DBG("%p state %ld", s, s->state);
1891 switch(sk->sk_state) {
1893 s->state = BT_CONNECT;
1895 /* We can adjust MTU on outgoing sessions.
1896 * L2CAP MTU minus UIH header and FCS. */
1897 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1899 rfcomm_send_sabm(s, 0);
1903 s->state = BT_CLOSED;
1904 rfcomm_session_close(s, sk->sk_err);
1909 static inline void rfcomm_process_sessions(void)
1911 struct list_head *p, *n;
1915 list_for_each_safe(p, n, &session_list) {
1916 struct rfcomm_session *s;
1917 s = list_entry(p, struct rfcomm_session, list);
1919 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1920 s->state = BT_DISCONN;
1921 rfcomm_send_disc(s, 0);
1922 rfcomm_session_put(s);
1926 if (s->state == BT_LISTEN) {
1927 rfcomm_accept_connection(s);
1931 rfcomm_session_hold(s);
1935 rfcomm_check_connection(s);
1939 rfcomm_process_rx(s);
1943 rfcomm_process_dlcs(s);
1945 rfcomm_session_put(s);
1951 static int rfcomm_add_listener(bdaddr_t *ba)
1953 struct sockaddr_l2 addr;
1954 struct socket *sock;
1956 struct rfcomm_session *s;
1960 err = rfcomm_l2sock_create(&sock);
1962 BT_ERR("Create socket failed %d", err);
1967 bacpy(&addr.l2_bdaddr, ba);
1968 addr.l2_family = AF_BLUETOOTH;
1969 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
1971 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1973 BT_ERR("Bind failed %d", err);
1977 /* Set L2CAP options */
1980 l2cap_pi(sk)->imtu = l2cap_mtu;
1983 /* Start listening on the socket */
1984 err = kernel_listen(sock, 10);
1986 BT_ERR("Listen failed %d", err);
1990 /* Add listening session */
1991 s = rfcomm_session_add(sock, BT_LISTEN);
1995 rfcomm_session_hold(s);
2002 static void rfcomm_kill_listener(void)
2004 struct rfcomm_session *s;
2005 struct list_head *p, *n;
2009 list_for_each_safe(p, n, &session_list) {
2010 s = list_entry(p, struct rfcomm_session, list);
2011 rfcomm_session_del(s);
2015 static int rfcomm_run(void *unused)
2019 set_user_nice(current, -10);
2021 rfcomm_add_listener(BDADDR_ANY);
2023 while (!kthread_should_stop()) {
2024 set_current_state(TASK_INTERRUPTIBLE);
2025 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
2026 /* No pending events. Let's sleep.
2027 * Incoming connections and data will wake us up. */
2030 set_current_state(TASK_RUNNING);
2033 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
2034 rfcomm_process_sessions();
2037 rfcomm_kill_listener();
2042 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2044 struct rfcomm_session *s;
2045 struct rfcomm_dlc *d;
2046 struct list_head *p, *n;
2048 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2050 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2054 rfcomm_session_hold(s);
2056 list_for_each_safe(p, n, &s->dlcs) {
2057 d = list_entry(p, struct rfcomm_dlc, list);
2059 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2060 rfcomm_dlc_clear_timer(d);
2061 if (status || encrypt == 0x00) {
2062 __rfcomm_dlc_close(d, ECONNREFUSED);
2067 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2068 if (d->sec_level == BT_SECURITY_MEDIUM) {
2069 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2070 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2072 } else if (d->sec_level == BT_SECURITY_HIGH) {
2073 __rfcomm_dlc_close(d, ECONNREFUSED);
2078 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2082 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2084 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2087 rfcomm_session_put(s);
2089 rfcomm_schedule(RFCOMM_SCHED_AUTH);
2092 static struct hci_cb rfcomm_cb = {
2094 .security_cfm = rfcomm_security_cfm
2097 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
2099 struct rfcomm_session *s;
2100 struct list_head *pp, *p;
2105 list_for_each(p, &session_list) {
2106 s = list_entry(p, struct rfcomm_session, list);
2107 list_for_each(pp, &s->dlcs) {
2108 struct sock *sk = s->sock->sk;
2109 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
2111 str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2112 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2113 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
2122 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
2124 /* ---- Initialization ---- */
2125 static int __init rfcomm_init(void)
2131 hci_register_cb(&rfcomm_cb);
2133 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2134 if (IS_ERR(rfcomm_thread)) {
2135 err = PTR_ERR(rfcomm_thread);
2139 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0)
2140 BT_ERR("Failed to create RFCOMM info file");
2142 err = rfcomm_init_ttys();
2146 err = rfcomm_init_sockets();
2150 BT_INFO("RFCOMM ver %s", VERSION);
2155 rfcomm_cleanup_ttys();
2158 kthread_stop(rfcomm_thread);
2161 hci_unregister_cb(&rfcomm_cb);
2166 static void __exit rfcomm_exit(void)
2168 class_remove_file(bt_class, &class_attr_rfcomm_dlc);
2170 hci_unregister_cb(&rfcomm_cb);
2172 kthread_stop(rfcomm_thread);
2174 rfcomm_cleanup_ttys();
2176 rfcomm_cleanup_sockets();
2179 module_init(rfcomm_init);
2180 module_exit(rfcomm_exit);
2182 module_param(disable_cfc, bool, 0644);
2183 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2185 module_param(channel_mtu, int, 0644);
2186 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2188 module_param(l2cap_mtu, uint, 0644);
2189 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2191 module_param(l2cap_ertm, bool, 0644);
2192 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2194 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2195 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2196 MODULE_VERSION(VERSION);
2197 MODULE_LICENSE("GPL");
2198 MODULE_ALIAS("bt-proto-3");
git.openpandora.org / pandora-kernel.git / blob