2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/kernel.h>
31 #include <linux/sched.h>
32 #include <linux/signal.h>
33 #include <linux/init.h>
34 #include <linux/wait.h>
35 #include <linux/device.h>
36 #include <linux/net.h>
37 #include <linux/mutex.h>
38 #include <linux/kthread.h>
41 #include <asm/uaccess.h>
42 #include <asm/unaligned.h>
44 #include <net/bluetooth/bluetooth.h>
45 #include <net/bluetooth/hci_core.h>
46 #include <net/bluetooth/l2cap.h>
47 #include <net/bluetooth/rfcomm.h>
49 #define VERSION "1.11"
51 static int disable_cfc = 0;
52 static int channel_mtu = -1;
53 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
55 static struct task_struct *rfcomm_thread;
57 static DEFINE_MUTEX(rfcomm_mutex);
58 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
59 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
61 static unsigned long rfcomm_event;
63 static LIST_HEAD(session_list);
65 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
66 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
67 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
68 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
69 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
70 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
71 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
72 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
73 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
74 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
76 static void rfcomm_process_connect(struct rfcomm_session *s);
78 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
79 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
80 static void rfcomm_session_del(struct rfcomm_session *s);
82 /* ---- RFCOMM frame parsing macros ---- */
83 #define __get_dlci(b) ((b & 0xfc) >> 2)
84 #define __get_channel(b) ((b & 0xf8) >> 3)
85 #define __get_dir(b) ((b & 0x04) >> 2)
86 #define __get_type(b) ((b & 0xef))
88 #define __test_ea(b) ((b & 0x01))
89 #define __test_cr(b) ((b & 0x02))
90 #define __test_pf(b) ((b & 0x10))
92 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
93 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
94 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
95 #define __srv_channel(dlci) (dlci >> 1)
96 #define __dir(dlci) (dlci & 0x01)
98 #define __len8(len) (((len) << 1) | 1)
99 #define __len16(len) ((len) << 1)
102 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
103 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
104 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
107 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
108 #define __get_rpn_data_bits(line) ((line) & 0x3)
109 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
110 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
112 static inline void rfcomm_schedule(uint event)
116 //set_bit(event, &rfcomm_event);
117 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
118 wake_up_process(rfcomm_thread);
121 static inline void rfcomm_session_put(struct rfcomm_session *s)
123 if (atomic_dec_and_test(&s->refcnt))
124 rfcomm_session_del(s);
127 /* ---- RFCOMM FCS computation ---- */
129 /* reversed, 8-bit, poly=0x07 */
130 static unsigned char rfcomm_crc_table[256] = {
131 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
132 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
133 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
134 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
136 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
137 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
138 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
139 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
141 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
142 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
143 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
144 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
146 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
147 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
148 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
149 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
151 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
152 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
153 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
154 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
156 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
157 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
158 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
159 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
161 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
162 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
163 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
164 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
166 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
167 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
168 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
169 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
173 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
176 static inline u8 __fcs(u8 *data)
178 return (0xff - __crc(data));
182 static inline u8 __fcs2(u8 *data)
184 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
188 static inline int __check_fcs(u8 *data, int type, u8 fcs)
192 if (type != RFCOMM_UIH)
193 f = rfcomm_crc_table[f ^ data[2]];
195 return rfcomm_crc_table[f ^ fcs] != 0xcf;
198 /* ---- L2CAP callbacks ---- */
199 static void rfcomm_l2state_change(struct sock *sk)
201 BT_DBG("%p state %d", sk, sk->sk_state);
202 rfcomm_schedule(RFCOMM_SCHED_STATE);
205 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
207 BT_DBG("%p bytes %d", sk, bytes);
208 rfcomm_schedule(RFCOMM_SCHED_RX);
211 static int rfcomm_l2sock_create(struct socket **sock)
217 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
219 struct sock *sk = (*sock)->sk;
220 sk->sk_data_ready = rfcomm_l2data_ready;
221 sk->sk_state_change = rfcomm_l2state_change;
226 static inline int rfcomm_check_security(struct rfcomm_dlc *d)
228 struct sock *sk = d->session->sock->sk;
231 switch (d->sec_level) {
232 case BT_SECURITY_HIGH:
233 auth_type = HCI_AT_GENERAL_BONDING_MITM;
235 case BT_SECURITY_MEDIUM:
236 auth_type = HCI_AT_GENERAL_BONDING;
239 auth_type = HCI_AT_NO_BONDING;
243 return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level,
247 /* ---- RFCOMM DLCs ---- */
248 static void rfcomm_dlc_timeout(unsigned long arg)
250 struct rfcomm_dlc *d = (void *) arg;
252 BT_DBG("dlc %p state %ld", d, d->state);
254 set_bit(RFCOMM_TIMED_OUT, &d->flags);
256 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
259 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
261 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
263 if (!mod_timer(&d->timer, jiffies + timeout))
267 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
269 BT_DBG("dlc %p state %ld", d, d->state);
271 if (timer_pending(&d->timer) && del_timer(&d->timer))
275 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
282 d->mtu = RFCOMM_DEFAULT_MTU;
283 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
285 d->cfc = RFCOMM_CFC_DISABLED;
286 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
289 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
291 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
296 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
298 skb_queue_head_init(&d->tx_queue);
299 spin_lock_init(&d->lock);
300 atomic_set(&d->refcnt, 1);
302 rfcomm_dlc_clear_state(d);
309 void rfcomm_dlc_free(struct rfcomm_dlc *d)
313 skb_queue_purge(&d->tx_queue);
317 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
319 BT_DBG("dlc %p session %p", d, s);
321 rfcomm_session_hold(s);
324 list_add(&d->list, &s->dlcs);
328 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
330 struct rfcomm_session *s = d->session;
332 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
338 rfcomm_session_put(s);
341 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
343 struct rfcomm_dlc *d;
346 list_for_each(p, &s->dlcs) {
347 d = list_entry(p, struct rfcomm_dlc, list);
354 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
356 struct rfcomm_session *s;
360 BT_DBG("dlc %p state %ld %s %s channel %d",
361 d, d->state, batostr(src), batostr(dst), channel);
363 if (channel < 1 || channel > 30)
366 if (d->state != BT_OPEN && d->state != BT_CLOSED)
369 s = rfcomm_session_get(src, dst);
371 s = rfcomm_session_create(src, dst, &err);
376 dlci = __dlci(!s->initiator, channel);
378 /* Check if DLCI already exists */
379 if (rfcomm_dlc_get(s, dlci))
382 rfcomm_dlc_clear_state(d);
385 d->addr = __addr(s->initiator, dlci);
388 d->state = BT_CONFIG;
389 rfcomm_dlc_link(s, d);
394 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
396 if (s->state == BT_CONNECTED) {
397 if (rfcomm_check_security(d))
398 rfcomm_send_pn(s, 1, d);
400 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
403 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
408 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
414 r = __rfcomm_dlc_open(d, src, dst, channel);
420 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
422 struct rfcomm_session *s = d->session;
426 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
427 d, d->state, d->dlci, err, s);
432 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
433 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
434 rfcomm_schedule(RFCOMM_SCHED_AUTH);
440 d->state = BT_DISCONN;
441 if (skb_queue_empty(&d->tx_queue)) {
442 rfcomm_send_disc(s, d->dlci);
443 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
445 rfcomm_queue_disc(d);
446 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
452 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
453 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
454 rfcomm_schedule(RFCOMM_SCHED_AUTH);
460 rfcomm_dlc_clear_timer(d);
463 d->state = BT_CLOSED;
464 d->state_change(d, err);
465 rfcomm_dlc_unlock(d);
467 skb_queue_purge(&d->tx_queue);
468 rfcomm_dlc_unlink(d);
474 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
480 r = __rfcomm_dlc_close(d, err);
486 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
490 if (d->state != BT_CONNECTED)
493 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
498 rfcomm_make_uih(skb, d->addr);
499 skb_queue_tail(&d->tx_queue, skb);
501 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
502 rfcomm_schedule(RFCOMM_SCHED_TX);
506 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
508 BT_DBG("dlc %p state %ld", d, d->state);
511 d->v24_sig |= RFCOMM_V24_FC;
512 set_bit(RFCOMM_MSC_PENDING, &d->flags);
514 rfcomm_schedule(RFCOMM_SCHED_TX);
517 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
519 BT_DBG("dlc %p state %ld", d, d->state);
522 d->v24_sig &= ~RFCOMM_V24_FC;
523 set_bit(RFCOMM_MSC_PENDING, &d->flags);
525 rfcomm_schedule(RFCOMM_SCHED_TX);
529 Set/get modem status functions use _local_ status i.e. what we report
531 Remote status is provided by dlc->modem_status() callback.
533 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
535 BT_DBG("dlc %p state %ld v24_sig 0x%x",
536 d, d->state, v24_sig);
538 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
539 v24_sig |= RFCOMM_V24_FC;
541 v24_sig &= ~RFCOMM_V24_FC;
543 d->v24_sig = v24_sig;
545 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
546 rfcomm_schedule(RFCOMM_SCHED_TX);
551 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
553 BT_DBG("dlc %p state %ld v24_sig 0x%x",
554 d, d->state, d->v24_sig);
556 *v24_sig = d->v24_sig;
560 /* ---- RFCOMM sessions ---- */
561 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
563 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
568 BT_DBG("session %p sock %p", s, sock);
570 INIT_LIST_HEAD(&s->dlcs);
574 s->mtu = RFCOMM_DEFAULT_MTU;
575 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
577 /* Do not increment module usage count for listening sessions.
578 * Otherwise we won't be able to unload the module. */
579 if (state != BT_LISTEN)
580 if (!try_module_get(THIS_MODULE)) {
585 list_add(&s->list, &session_list);
590 static void rfcomm_session_del(struct rfcomm_session *s)
592 int state = s->state;
594 BT_DBG("session %p state %ld", s, s->state);
598 if (state == BT_CONNECTED)
599 rfcomm_send_disc(s, 0);
601 sock_release(s->sock);
604 if (state != BT_LISTEN)
605 module_put(THIS_MODULE);
608 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
610 struct rfcomm_session *s;
611 struct list_head *p, *n;
613 list_for_each_safe(p, n, &session_list) {
614 s = list_entry(p, struct rfcomm_session, list);
615 sk = bt_sk(s->sock->sk);
617 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
618 !bacmp(&sk->dst, dst))
624 static void rfcomm_session_close(struct rfcomm_session *s, int err)
626 struct rfcomm_dlc *d;
627 struct list_head *p, *n;
629 BT_DBG("session %p state %ld err %d", s, s->state, err);
631 rfcomm_session_hold(s);
633 s->state = BT_CLOSED;
636 list_for_each_safe(p, n, &s->dlcs) {
637 d = list_entry(p, struct rfcomm_dlc, list);
638 d->state = BT_CLOSED;
639 __rfcomm_dlc_close(d, err);
642 rfcomm_session_put(s);
645 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
647 struct rfcomm_session *s = NULL;
648 struct sockaddr_l2 addr;
652 BT_DBG("%s %s", batostr(src), batostr(dst));
654 *err = rfcomm_l2sock_create(&sock);
658 bacpy(&addr.l2_bdaddr, src);
659 addr.l2_family = AF_BLUETOOTH;
661 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
665 /* Set L2CAP options */
668 l2cap_pi(sk)->imtu = l2cap_mtu;
671 s = rfcomm_session_add(sock, BT_BOUND);
679 bacpy(&addr.l2_bdaddr, dst);
680 addr.l2_family = AF_BLUETOOTH;
681 addr.l2_psm = htobs(RFCOMM_PSM);
682 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
683 if (*err == 0 || *err == -EINPROGRESS)
686 rfcomm_session_del(s);
694 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
696 struct sock *sk = s->sock->sk;
698 bacpy(src, &bt_sk(sk)->src);
700 bacpy(dst, &bt_sk(sk)->dst);
703 /* ---- RFCOMM frame sending ---- */
704 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
706 struct socket *sock = s->sock;
707 struct kvec iv = { data, len };
710 BT_DBG("session %p len %d", s, len);
712 memset(&msg, 0, sizeof(msg));
714 return kernel_sendmsg(sock, &msg, &iv, 1, len);
717 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
719 struct rfcomm_cmd cmd;
721 BT_DBG("%p dlci %d", s, dlci);
723 cmd.addr = __addr(s->initiator, dlci);
724 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
726 cmd.fcs = __fcs2((u8 *) &cmd);
728 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
731 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
733 struct rfcomm_cmd cmd;
735 BT_DBG("%p dlci %d", s, dlci);
737 cmd.addr = __addr(!s->initiator, dlci);
738 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
740 cmd.fcs = __fcs2((u8 *) &cmd);
742 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
745 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
747 struct rfcomm_cmd cmd;
749 BT_DBG("%p dlci %d", s, dlci);
751 cmd.addr = __addr(s->initiator, dlci);
752 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
754 cmd.fcs = __fcs2((u8 *) &cmd);
756 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
759 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
761 struct rfcomm_cmd *cmd;
764 BT_DBG("dlc %p dlci %d", d, d->dlci);
766 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
770 cmd = (void *) __skb_put(skb, sizeof(*cmd));
772 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
773 cmd->len = __len8(0);
774 cmd->fcs = __fcs2((u8 *) cmd);
776 skb_queue_tail(&d->tx_queue, skb);
777 rfcomm_schedule(RFCOMM_SCHED_TX);
781 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
783 struct rfcomm_cmd cmd;
785 BT_DBG("%p dlci %d", s, dlci);
787 cmd.addr = __addr(!s->initiator, dlci);
788 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
790 cmd.fcs = __fcs2((u8 *) &cmd);
792 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
795 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
797 struct rfcomm_hdr *hdr;
798 struct rfcomm_mcc *mcc;
799 u8 buf[16], *ptr = buf;
801 BT_DBG("%p cr %d type %d", s, cr, type);
803 hdr = (void *) ptr; ptr += sizeof(*hdr);
804 hdr->addr = __addr(s->initiator, 0);
805 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
806 hdr->len = __len8(sizeof(*mcc) + 1);
808 mcc = (void *) ptr; ptr += sizeof(*mcc);
809 mcc->type = __mcc_type(cr, RFCOMM_NSC);
810 mcc->len = __len8(1);
812 /* Type that we didn't like */
813 *ptr = __mcc_type(cr, type); ptr++;
815 *ptr = __fcs(buf); ptr++;
817 return rfcomm_send_frame(s, buf, ptr - buf);
820 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
822 struct rfcomm_hdr *hdr;
823 struct rfcomm_mcc *mcc;
824 struct rfcomm_pn *pn;
825 u8 buf[16], *ptr = buf;
827 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
829 hdr = (void *) ptr; ptr += sizeof(*hdr);
830 hdr->addr = __addr(s->initiator, 0);
831 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
832 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
834 mcc = (void *) ptr; ptr += sizeof(*mcc);
835 mcc->type = __mcc_type(cr, RFCOMM_PN);
836 mcc->len = __len8(sizeof(*pn));
838 pn = (void *) ptr; ptr += sizeof(*pn);
840 pn->priority = d->priority;
845 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
846 pn->credits = RFCOMM_DEFAULT_CREDITS;
852 if (cr && channel_mtu >= 0)
853 pn->mtu = htobs(channel_mtu);
855 pn->mtu = htobs(d->mtu);
857 *ptr = __fcs(buf); ptr++;
859 return rfcomm_send_frame(s, buf, ptr - buf);
862 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
863 u8 bit_rate, u8 data_bits, u8 stop_bits,
864 u8 parity, u8 flow_ctrl_settings,
865 u8 xon_char, u8 xoff_char, u16 param_mask)
867 struct rfcomm_hdr *hdr;
868 struct rfcomm_mcc *mcc;
869 struct rfcomm_rpn *rpn;
870 u8 buf[16], *ptr = buf;
872 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
873 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
874 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
875 flow_ctrl_settings, xon_char, xoff_char, param_mask);
877 hdr = (void *) ptr; ptr += sizeof(*hdr);
878 hdr->addr = __addr(s->initiator, 0);
879 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
880 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
882 mcc = (void *) ptr; ptr += sizeof(*mcc);
883 mcc->type = __mcc_type(cr, RFCOMM_RPN);
884 mcc->len = __len8(sizeof(*rpn));
886 rpn = (void *) ptr; ptr += sizeof(*rpn);
887 rpn->dlci = __addr(1, dlci);
888 rpn->bit_rate = bit_rate;
889 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
890 rpn->flow_ctrl = flow_ctrl_settings;
891 rpn->xon_char = xon_char;
892 rpn->xoff_char = xoff_char;
893 rpn->param_mask = cpu_to_le16(param_mask);
895 *ptr = __fcs(buf); ptr++;
897 return rfcomm_send_frame(s, buf, ptr - buf);
900 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
902 struct rfcomm_hdr *hdr;
903 struct rfcomm_mcc *mcc;
904 struct rfcomm_rls *rls;
905 u8 buf[16], *ptr = buf;
907 BT_DBG("%p cr %d status 0x%x", s, cr, status);
909 hdr = (void *) ptr; ptr += sizeof(*hdr);
910 hdr->addr = __addr(s->initiator, 0);
911 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
912 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
914 mcc = (void *) ptr; ptr += sizeof(*mcc);
915 mcc->type = __mcc_type(cr, RFCOMM_RLS);
916 mcc->len = __len8(sizeof(*rls));
918 rls = (void *) ptr; ptr += sizeof(*rls);
919 rls->dlci = __addr(1, dlci);
920 rls->status = status;
922 *ptr = __fcs(buf); ptr++;
924 return rfcomm_send_frame(s, buf, ptr - buf);
927 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
929 struct rfcomm_hdr *hdr;
930 struct rfcomm_mcc *mcc;
931 struct rfcomm_msc *msc;
932 u8 buf[16], *ptr = buf;
934 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
936 hdr = (void *) ptr; ptr += sizeof(*hdr);
937 hdr->addr = __addr(s->initiator, 0);
938 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
939 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
941 mcc = (void *) ptr; ptr += sizeof(*mcc);
942 mcc->type = __mcc_type(cr, RFCOMM_MSC);
943 mcc->len = __len8(sizeof(*msc));
945 msc = (void *) ptr; ptr += sizeof(*msc);
946 msc->dlci = __addr(1, dlci);
947 msc->v24_sig = v24_sig | 0x01;
949 *ptr = __fcs(buf); ptr++;
951 return rfcomm_send_frame(s, buf, ptr - buf);
954 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
956 struct rfcomm_hdr *hdr;
957 struct rfcomm_mcc *mcc;
958 u8 buf[16], *ptr = buf;
960 BT_DBG("%p cr %d", s, cr);
962 hdr = (void *) ptr; ptr += sizeof(*hdr);
963 hdr->addr = __addr(s->initiator, 0);
964 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
965 hdr->len = __len8(sizeof(*mcc));
967 mcc = (void *) ptr; ptr += sizeof(*mcc);
968 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
969 mcc->len = __len8(0);
971 *ptr = __fcs(buf); ptr++;
973 return rfcomm_send_frame(s, buf, ptr - buf);
976 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
978 struct rfcomm_hdr *hdr;
979 struct rfcomm_mcc *mcc;
980 u8 buf[16], *ptr = buf;
982 BT_DBG("%p cr %d", s, cr);
984 hdr = (void *) ptr; ptr += sizeof(*hdr);
985 hdr->addr = __addr(s->initiator, 0);
986 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
987 hdr->len = __len8(sizeof(*mcc));
989 mcc = (void *) ptr; ptr += sizeof(*mcc);
990 mcc->type = __mcc_type(cr, RFCOMM_FCON);
991 mcc->len = __len8(0);
993 *ptr = __fcs(buf); ptr++;
995 return rfcomm_send_frame(s, buf, ptr - buf);
998 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1000 struct socket *sock = s->sock;
1003 unsigned char hdr[5], crc[1];
1008 BT_DBG("%p cr %d", s, cr);
1010 hdr[0] = __addr(s->initiator, 0);
1011 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1012 hdr[2] = 0x01 | ((len + 2) << 1);
1013 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1014 hdr[4] = 0x01 | (len << 1);
1016 crc[0] = __fcs(hdr);
1018 iv[0].iov_base = hdr;
1020 iv[1].iov_base = pattern;
1021 iv[1].iov_len = len;
1022 iv[2].iov_base = crc;
1025 memset(&msg, 0, sizeof(msg));
1027 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1030 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1032 struct rfcomm_hdr *hdr;
1033 u8 buf[16], *ptr = buf;
1035 BT_DBG("%p addr %d credits %d", s, addr, credits);
1037 hdr = (void *) ptr; ptr += sizeof(*hdr);
1039 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1040 hdr->len = __len8(0);
1042 *ptr = credits; ptr++;
1044 *ptr = __fcs(buf); ptr++;
1046 return rfcomm_send_frame(s, buf, ptr - buf);
1049 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1051 struct rfcomm_hdr *hdr;
1056 hdr = (void *) skb_push(skb, 4);
1057 put_unaligned(htobs(__len16(len)), (__le16 *) &hdr->len);
1059 hdr = (void *) skb_push(skb, 3);
1060 hdr->len = __len8(len);
1063 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1065 crc = skb_put(skb, 1);
1066 *crc = __fcs((void *) hdr);
1069 /* ---- RFCOMM frame reception ---- */
1070 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1072 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1076 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1078 rfcomm_send_dm(s, dlci);
1084 rfcomm_dlc_clear_timer(d);
1087 d->state = BT_CONNECTED;
1088 d->state_change(d, 0);
1089 rfcomm_dlc_unlock(d);
1091 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1095 d->state = BT_CLOSED;
1096 __rfcomm_dlc_close(d, 0);
1098 if (list_empty(&s->dlcs)) {
1099 s->state = BT_DISCONN;
1100 rfcomm_send_disc(s, 0);
1106 /* Control channel */
1109 s->state = BT_CONNECTED;
1110 rfcomm_process_connect(s);
1114 rfcomm_session_put(s);
1121 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1125 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1129 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1131 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1136 d->state = BT_CLOSED;
1137 __rfcomm_dlc_close(d, err);
1140 if (s->state == BT_CONNECT)
1145 s->state = BT_CLOSED;
1146 rfcomm_session_close(s, err);
1151 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1155 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1158 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1160 rfcomm_send_ua(s, dlci);
1162 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1167 d->state = BT_CLOSED;
1168 __rfcomm_dlc_close(d, err);
1170 rfcomm_send_dm(s, dlci);
1173 rfcomm_send_ua(s, 0);
1175 if (s->state == BT_CONNECT)
1180 s->state = BT_CLOSED;
1181 rfcomm_session_close(s, err);
1187 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1189 struct sock *sk = d->session->sock->sk;
1191 BT_DBG("dlc %p", d);
1193 rfcomm_send_ua(d->session, d->dlci);
1196 d->state = BT_CONNECTED;
1197 d->state_change(d, 0);
1198 rfcomm_dlc_unlock(d);
1201 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);
1203 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1206 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1208 if (rfcomm_check_security(d)) {
1209 if (d->defer_setup) {
1210 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1211 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1214 d->state = BT_CONNECT2;
1215 d->state_change(d, 0);
1216 rfcomm_dlc_unlock(d);
1218 rfcomm_dlc_accept(d);
1220 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1221 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1225 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1227 struct rfcomm_dlc *d;
1230 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1233 rfcomm_send_ua(s, 0);
1235 if (s->state == BT_OPEN) {
1236 s->state = BT_CONNECTED;
1237 rfcomm_process_connect(s);
1242 /* Check if DLC exists */
1243 d = rfcomm_dlc_get(s, dlci);
1245 if (d->state == BT_OPEN) {
1246 /* DLC was previously opened by PN request */
1247 rfcomm_check_accept(d);
1252 /* Notify socket layer about incoming connection */
1253 channel = __srv_channel(dlci);
1254 if (rfcomm_connect_ind(s, channel, &d)) {
1256 d->addr = __addr(s->initiator, dlci);
1257 rfcomm_dlc_link(s, d);
1259 rfcomm_check_accept(d);
1261 rfcomm_send_dm(s, dlci);
1267 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1269 struct rfcomm_session *s = d->session;
1271 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1272 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1274 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1275 pn->flow_ctrl == 0xe0) {
1276 d->cfc = RFCOMM_CFC_ENABLED;
1277 d->tx_credits = pn->credits;
1279 d->cfc = RFCOMM_CFC_DISABLED;
1280 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1283 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1286 d->priority = pn->priority;
1288 d->mtu = btohs(pn->mtu);
1290 if (cr && d->mtu > s->mtu)
1296 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1298 struct rfcomm_pn *pn = (void *) skb->data;
1299 struct rfcomm_dlc *d;
1302 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1307 d = rfcomm_dlc_get(s, dlci);
1311 rfcomm_apply_pn(d, cr, pn);
1312 rfcomm_send_pn(s, 0, d);
1317 rfcomm_apply_pn(d, cr, pn);
1319 d->state = BT_CONNECT;
1320 rfcomm_send_sabm(s, d->dlci);
1325 u8 channel = __srv_channel(dlci);
1330 /* PN request for non existing DLC.
1331 * Assume incoming connection. */
1332 if (rfcomm_connect_ind(s, channel, &d)) {
1334 d->addr = __addr(s->initiator, dlci);
1335 rfcomm_dlc_link(s, d);
1337 rfcomm_apply_pn(d, cr, pn);
1340 rfcomm_send_pn(s, 0, d);
1342 rfcomm_send_dm(s, dlci);
1348 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1350 struct rfcomm_rpn *rpn = (void *) skb->data;
1351 u8 dlci = __get_dlci(rpn->dlci);
1360 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1362 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1363 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1364 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1370 /* This is a request, return default settings */
1371 bit_rate = RFCOMM_RPN_BR_115200;
1372 data_bits = RFCOMM_RPN_DATA_8;
1373 stop_bits = RFCOMM_RPN_STOP_1;
1374 parity = RFCOMM_RPN_PARITY_NONE;
1375 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1376 xon_char = RFCOMM_RPN_XON_CHAR;
1377 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1381 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1382 * no parity, no flow control lines, normal XON/XOFF chars */
1384 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1385 bit_rate = rpn->bit_rate;
1386 if (bit_rate != RFCOMM_RPN_BR_115200) {
1387 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1388 bit_rate = RFCOMM_RPN_BR_115200;
1389 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1393 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1394 data_bits = __get_rpn_data_bits(rpn->line_settings);
1395 if (data_bits != RFCOMM_RPN_DATA_8) {
1396 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1397 data_bits = RFCOMM_RPN_DATA_8;
1398 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1402 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1403 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1404 if (stop_bits != RFCOMM_RPN_STOP_1) {
1405 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1406 stop_bits = RFCOMM_RPN_STOP_1;
1407 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1411 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1412 parity = __get_rpn_parity(rpn->line_settings);
1413 if (parity != RFCOMM_RPN_PARITY_NONE) {
1414 BT_DBG("RPN parity mismatch 0x%x", parity);
1415 parity = RFCOMM_RPN_PARITY_NONE;
1416 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1420 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1421 flow_ctrl = rpn->flow_ctrl;
1422 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1423 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1424 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1425 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1429 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1430 xon_char = rpn->xon_char;
1431 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1432 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1433 xon_char = RFCOMM_RPN_XON_CHAR;
1434 rpn_mask ^= RFCOMM_RPN_PM_XON;
1438 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1439 xoff_char = rpn->xoff_char;
1440 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1441 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1442 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1443 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1448 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1449 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1454 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1456 struct rfcomm_rls *rls = (void *) skb->data;
1457 u8 dlci = __get_dlci(rls->dlci);
1459 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1464 /* We should probably do something with this information here. But
1465 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1466 * mandatory to recognise and respond to RLS */
1468 rfcomm_send_rls(s, 0, dlci, rls->status);
1473 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1475 struct rfcomm_msc *msc = (void *) skb->data;
1476 struct rfcomm_dlc *d;
1477 u8 dlci = __get_dlci(msc->dlci);
1479 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1481 d = rfcomm_dlc_get(s, dlci);
1486 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1487 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1489 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1493 d->remote_v24_sig = msc->v24_sig;
1495 if (d->modem_status)
1496 d->modem_status(d, msc->v24_sig);
1498 rfcomm_dlc_unlock(d);
1500 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1502 d->mscex |= RFCOMM_MSCEX_RX;
1504 d->mscex |= RFCOMM_MSCEX_TX;
1509 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1511 struct rfcomm_mcc *mcc = (void *) skb->data;
1514 cr = __test_cr(mcc->type);
1515 type = __get_mcc_type(mcc->type);
1516 len = __get_mcc_len(mcc->len);
1518 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1524 rfcomm_recv_pn(s, cr, skb);
1528 rfcomm_recv_rpn(s, cr, len, skb);
1532 rfcomm_recv_rls(s, cr, skb);
1536 rfcomm_recv_msc(s, cr, skb);
1541 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1542 rfcomm_send_fcoff(s, 0);
1548 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1549 rfcomm_send_fcon(s, 0);
1555 rfcomm_send_test(s, 0, skb->data, skb->len);
1562 BT_ERR("Unknown control type 0x%02x", type);
1563 rfcomm_send_nsc(s, cr, type);
1569 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1571 struct rfcomm_dlc *d;
1573 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1575 d = rfcomm_dlc_get(s, dlci);
1577 rfcomm_send_dm(s, dlci);
1582 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1584 d->tx_credits += credits;
1586 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1589 if (skb->len && d->state == BT_CONNECTED) {
1592 d->data_ready(d, skb);
1593 rfcomm_dlc_unlock(d);
1602 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1604 struct rfcomm_hdr *hdr = (void *) skb->data;
1607 dlci = __get_dlci(hdr->addr);
1608 type = __get_type(hdr->ctrl);
1611 skb->len--; skb->tail--;
1612 fcs = *(u8 *)skb_tail_pointer(skb);
1614 if (__check_fcs(skb->data, type, fcs)) {
1615 BT_ERR("bad checksum in packet");
1620 if (__test_ea(hdr->len))
1627 if (__test_pf(hdr->ctrl))
1628 rfcomm_recv_sabm(s, dlci);
1632 if (__test_pf(hdr->ctrl))
1633 rfcomm_recv_disc(s, dlci);
1637 if (__test_pf(hdr->ctrl))
1638 rfcomm_recv_ua(s, dlci);
1642 rfcomm_recv_dm(s, dlci);
1647 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1649 rfcomm_recv_mcc(s, skb);
1653 BT_ERR("Unknown packet type 0x%02x\n", type);
1660 /* ---- Connection and data processing ---- */
1662 static void rfcomm_process_connect(struct rfcomm_session *s)
1664 struct rfcomm_dlc *d;
1665 struct list_head *p, *n;
1667 BT_DBG("session %p state %ld", s, s->state);
1669 list_for_each_safe(p, n, &s->dlcs) {
1670 d = list_entry(p, struct rfcomm_dlc, list);
1671 if (d->state == BT_CONFIG) {
1673 if (rfcomm_check_security(d)) {
1674 rfcomm_send_pn(s, 1, d);
1676 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1677 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1683 /* Send data queued for the DLC.
1684 * Return number of frames left in the queue.
1686 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1688 struct sk_buff *skb;
1691 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1692 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1694 /* Send pending MSC */
1695 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1696 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1700 * Give them some credits */
1701 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1702 d->rx_credits <= (d->cfc >> 2)) {
1703 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1704 d->rx_credits = d->cfc;
1708 * Give ourselves some credits */
1712 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1713 return skb_queue_len(&d->tx_queue);
1715 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1716 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1718 skb_queue_head(&d->tx_queue, skb);
1725 if (d->cfc && !d->tx_credits) {
1726 /* We're out of TX credits.
1727 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1728 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1731 return skb_queue_len(&d->tx_queue);
1734 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1736 struct rfcomm_dlc *d;
1737 struct list_head *p, *n;
1739 BT_DBG("session %p state %ld", s, s->state);
1741 list_for_each_safe(p, n, &s->dlcs) {
1742 d = list_entry(p, struct rfcomm_dlc, list);
1744 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1745 __rfcomm_dlc_close(d, ETIMEDOUT);
1749 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1750 rfcomm_dlc_clear_timer(d);
1752 rfcomm_send_pn(s, 1, d);
1753 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1755 if (d->defer_setup) {
1756 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1757 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1760 d->state = BT_CONNECT2;
1761 d->state_change(d, 0);
1762 rfcomm_dlc_unlock(d);
1764 rfcomm_dlc_accept(d);
1767 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1768 rfcomm_dlc_clear_timer(d);
1770 rfcomm_send_dm(s, d->dlci);
1772 d->state = BT_CLOSED;
1773 __rfcomm_dlc_close(d, ECONNREFUSED);
1777 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1780 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1783 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1784 d->mscex == RFCOMM_MSCEX_OK)
1785 rfcomm_process_tx(d);
1789 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1791 struct socket *sock = s->sock;
1792 struct sock *sk = sock->sk;
1793 struct sk_buff *skb;
1795 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1797 /* Get data directly from socket receive queue without copying it. */
1798 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1800 rfcomm_recv_frame(s, skb);
1803 if (sk->sk_state == BT_CLOSED) {
1805 rfcomm_session_put(s);
1807 rfcomm_session_close(s, sk->sk_err);
1811 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1813 struct socket *sock = s->sock, *nsock;
1816 /* Fast check for a new connection.
1817 * Avoids unnesesary socket allocations. */
1818 if (list_empty(&bt_sk(sock->sk)->accept_q))
1821 BT_DBG("session %p", s);
1823 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1827 /* Set our callbacks */
1828 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1829 nsock->sk->sk_state_change = rfcomm_l2state_change;
1831 s = rfcomm_session_add(nsock, BT_OPEN);
1833 rfcomm_session_hold(s);
1835 /* We should adjust MTU on incoming sessions.
1836 * L2CAP MTU minus UIH header and FCS. */
1837 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5;
1839 rfcomm_schedule(RFCOMM_SCHED_RX);
1841 sock_release(nsock);
1844 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1846 struct sock *sk = s->sock->sk;
1848 BT_DBG("%p state %ld", s, s->state);
1850 switch(sk->sk_state) {
1852 s->state = BT_CONNECT;
1854 /* We can adjust MTU on outgoing sessions.
1855 * L2CAP MTU minus UIH header and FCS. */
1856 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1858 rfcomm_send_sabm(s, 0);
1862 s->state = BT_CLOSED;
1863 rfcomm_session_close(s, sk->sk_err);
1868 static inline void rfcomm_process_sessions(void)
1870 struct list_head *p, *n;
1874 list_for_each_safe(p, n, &session_list) {
1875 struct rfcomm_session *s;
1876 s = list_entry(p, struct rfcomm_session, list);
1878 if (s->state == BT_LISTEN) {
1879 rfcomm_accept_connection(s);
1883 rfcomm_session_hold(s);
1887 rfcomm_check_connection(s);
1891 rfcomm_process_rx(s);
1895 rfcomm_process_dlcs(s);
1897 rfcomm_session_put(s);
1903 static int rfcomm_add_listener(bdaddr_t *ba)
1905 struct sockaddr_l2 addr;
1906 struct socket *sock;
1908 struct rfcomm_session *s;
1912 err = rfcomm_l2sock_create(&sock);
1914 BT_ERR("Create socket failed %d", err);
1919 bacpy(&addr.l2_bdaddr, ba);
1920 addr.l2_family = AF_BLUETOOTH;
1921 addr.l2_psm = htobs(RFCOMM_PSM);
1922 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1924 BT_ERR("Bind failed %d", err);
1928 /* Set L2CAP options */
1931 l2cap_pi(sk)->imtu = l2cap_mtu;
1934 /* Start listening on the socket */
1935 err = kernel_listen(sock, 10);
1937 BT_ERR("Listen failed %d", err);
1941 /* Add listening session */
1942 s = rfcomm_session_add(sock, BT_LISTEN);
1946 rfcomm_session_hold(s);
1953 static void rfcomm_kill_listener(void)
1955 struct rfcomm_session *s;
1956 struct list_head *p, *n;
1960 list_for_each_safe(p, n, &session_list) {
1961 s = list_entry(p, struct rfcomm_session, list);
1962 rfcomm_session_del(s);
1966 static int rfcomm_run(void *unused)
1970 set_user_nice(current, -10);
1972 rfcomm_add_listener(BDADDR_ANY);
1974 while (!kthread_should_stop()) {
1975 set_current_state(TASK_INTERRUPTIBLE);
1976 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1977 /* No pending events. Let's sleep.
1978 * Incoming connections and data will wake us up. */
1981 set_current_state(TASK_RUNNING);
1984 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1985 rfcomm_process_sessions();
1988 rfcomm_kill_listener();
1993 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1995 struct rfcomm_session *s;
1996 struct rfcomm_dlc *d;
1997 struct list_head *p, *n;
1999 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2001 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2005 rfcomm_session_hold(s);
2007 list_for_each_safe(p, n, &s->dlcs) {
2008 d = list_entry(p, struct rfcomm_dlc, list);
2010 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2011 rfcomm_dlc_clear_timer(d);
2012 if (status || encrypt == 0x00) {
2013 __rfcomm_dlc_close(d, ECONNREFUSED);
2018 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2019 if (d->sec_level == BT_SECURITY_MEDIUM) {
2020 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2021 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2023 } else if (d->sec_level == BT_SECURITY_HIGH) {
2024 __rfcomm_dlc_close(d, ECONNREFUSED);
2029 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2033 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2035 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2038 rfcomm_session_put(s);
2040 rfcomm_schedule(RFCOMM_SCHED_AUTH);
2043 static struct hci_cb rfcomm_cb = {
2045 .security_cfm = rfcomm_security_cfm
2048 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
2050 struct rfcomm_session *s;
2051 struct list_head *pp, *p;
2056 list_for_each(p, &session_list) {
2057 s = list_entry(p, struct rfcomm_session, list);
2058 list_for_each(pp, &s->dlcs) {
2059 struct sock *sk = s->sock->sk;
2060 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
2062 str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2063 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2064 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
2073 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
2075 /* ---- Initialization ---- */
2076 static int __init rfcomm_init(void)
2080 hci_register_cb(&rfcomm_cb);
2082 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2083 if (IS_ERR(rfcomm_thread)) {
2084 hci_unregister_cb(&rfcomm_cb);
2085 return PTR_ERR(rfcomm_thread);
2088 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0)
2089 BT_ERR("Failed to create RFCOMM info file");
2091 rfcomm_init_sockets();
2093 #ifdef CONFIG_BT_RFCOMM_TTY
2097 BT_INFO("RFCOMM ver %s", VERSION);
2102 static void __exit rfcomm_exit(void)
2104 class_remove_file(bt_class, &class_attr_rfcomm_dlc);
2106 hci_unregister_cb(&rfcomm_cb);
2108 kthread_stop(rfcomm_thread);
2110 #ifdef CONFIG_BT_RFCOMM_TTY
2111 rfcomm_cleanup_ttys();
2114 rfcomm_cleanup_sockets();
2117 module_init(rfcomm_init);
2118 module_exit(rfcomm_exit);
2120 module_param(disable_cfc, bool, 0644);
2121 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2123 module_param(channel_mtu, int, 0644);
2124 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2126 module_param(l2cap_mtu, uint, 0644);
2127 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2129 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2130 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2131 MODULE_VERSION(VERSION);
2132 MODULE_LICENSE("GPL");
2133 MODULE_ALIAS("bt-proto-3");
git.openpandora.org / pandora-kernel.git / blob