2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/kernel.h>
31 #include <linux/sched.h>
32 #include <linux/signal.h>
33 #include <linux/init.h>
34 #include <linux/wait.h>
35 #include <linux/device.h>
36 #include <linux/debugfs.h>
37 #include <linux/seq_file.h>
38 #include <linux/net.h>
39 #include <linux/mutex.h>
40 #include <linux/kthread.h>
41 #include <linux/slab.h>
44 #include <asm/uaccess.h>
45 #include <asm/unaligned.h>
47 #include <net/bluetooth/bluetooth.h>
48 #include <net/bluetooth/hci_core.h>
49 #include <net/bluetooth/l2cap.h>
50 #include <net/bluetooth/rfcomm.h>
52 #define VERSION "1.11"
54 static int disable_cfc = 0;
55 static int channel_mtu = -1;
56 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
57 static int l2cap_ertm = 0;
59 static struct task_struct *rfcomm_thread;
61 static DEFINE_MUTEX(rfcomm_mutex);
62 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
63 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
65 static unsigned long rfcomm_event;
67 static LIST_HEAD(session_list);
69 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
70 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
71 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
72 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
73 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
74 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
75 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
76 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
77 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
78 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
80 static void rfcomm_process_connect(struct rfcomm_session *s);
82 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
83 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
84 static void rfcomm_session_del(struct rfcomm_session *s);
86 /* ---- RFCOMM frame parsing macros ---- */
87 #define __get_dlci(b) ((b & 0xfc) >> 2)
88 #define __get_channel(b) ((b & 0xf8) >> 3)
89 #define __get_dir(b) ((b & 0x04) >> 2)
90 #define __get_type(b) ((b & 0xef))
92 #define __test_ea(b) ((b & 0x01))
93 #define __test_cr(b) ((b & 0x02))
94 #define __test_pf(b) ((b & 0x10))
96 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
97 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
98 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
99 #define __srv_channel(dlci) (dlci >> 1)
100 #define __dir(dlci) (dlci & 0x01)
102 #define __len8(len) (((len) << 1) | 1)
103 #define __len16(len) ((len) << 1)
106 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
107 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
108 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
111 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
112 #define __get_rpn_data_bits(line) ((line) & 0x3)
113 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
114 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
116 static inline void rfcomm_schedule(uint event)
120 //set_bit(event, &rfcomm_event);
121 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
122 wake_up_process(rfcomm_thread);
125 static inline void rfcomm_session_put(struct rfcomm_session *s)
127 if (atomic_dec_and_test(&s->refcnt))
128 rfcomm_session_del(s);
131 /* ---- RFCOMM FCS computation ---- */
133 /* reversed, 8-bit, poly=0x07 */
134 static unsigned char rfcomm_crc_table[256] = {
135 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
136 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
137 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
138 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
140 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
141 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
142 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
143 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
145 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
146 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
147 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
148 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
150 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
151 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
152 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
153 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
155 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
156 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
157 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
158 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
160 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
161 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
162 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
163 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
165 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
166 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
167 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
168 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
170 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
171 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
172 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
173 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
177 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
180 static inline u8 __fcs(u8 *data)
182 return (0xff - __crc(data));
186 static inline u8 __fcs2(u8 *data)
188 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
192 static inline int __check_fcs(u8 *data, int type, u8 fcs)
196 if (type != RFCOMM_UIH)
197 f = rfcomm_crc_table[f ^ data[2]];
199 return rfcomm_crc_table[f ^ fcs] != 0xcf;
202 /* ---- L2CAP callbacks ---- */
203 static void rfcomm_l2state_change(struct sock *sk)
205 BT_DBG("%p state %d", sk, sk->sk_state);
206 rfcomm_schedule(RFCOMM_SCHED_STATE);
209 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
211 BT_DBG("%p bytes %d", sk, bytes);
212 rfcomm_schedule(RFCOMM_SCHED_RX);
215 static int rfcomm_l2sock_create(struct socket **sock)
221 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
223 struct sock *sk = (*sock)->sk;
224 sk->sk_data_ready = rfcomm_l2data_ready;
225 sk->sk_state_change = rfcomm_l2state_change;
230 static inline int rfcomm_check_security(struct rfcomm_dlc *d)
232 struct sock *sk = d->session->sock->sk;
235 switch (d->sec_level) {
236 case BT_SECURITY_HIGH:
237 auth_type = HCI_AT_GENERAL_BONDING_MITM;
239 case BT_SECURITY_MEDIUM:
240 auth_type = HCI_AT_GENERAL_BONDING;
243 auth_type = HCI_AT_NO_BONDING;
247 return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level,
251 static void rfcomm_session_timeout(unsigned long arg)
253 struct rfcomm_session *s = (void *) arg;
255 BT_DBG("session %p state %ld", s, s->state);
257 set_bit(RFCOMM_TIMED_OUT, &s->flags);
258 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
261 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
263 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
265 if (!mod_timer(&s->timer, jiffies + timeout))
266 rfcomm_session_hold(s);
269 static void rfcomm_session_clear_timer(struct rfcomm_session *s)
271 BT_DBG("session %p state %ld", s, s->state);
273 if (timer_pending(&s->timer) && del_timer(&s->timer))
274 rfcomm_session_put(s);
277 /* ---- RFCOMM DLCs ---- */
278 static void rfcomm_dlc_timeout(unsigned long arg)
280 struct rfcomm_dlc *d = (void *) arg;
282 BT_DBG("dlc %p state %ld", d, d->state);
284 set_bit(RFCOMM_TIMED_OUT, &d->flags);
286 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
289 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
291 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
293 if (!mod_timer(&d->timer, jiffies + timeout))
297 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
299 BT_DBG("dlc %p state %ld", d, d->state);
301 if (timer_pending(&d->timer) && del_timer(&d->timer))
305 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
312 d->mtu = RFCOMM_DEFAULT_MTU;
313 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
315 d->cfc = RFCOMM_CFC_DISABLED;
316 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
319 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
321 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
326 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
328 skb_queue_head_init(&d->tx_queue);
329 spin_lock_init(&d->lock);
330 atomic_set(&d->refcnt, 1);
332 rfcomm_dlc_clear_state(d);
339 void rfcomm_dlc_free(struct rfcomm_dlc *d)
343 skb_queue_purge(&d->tx_queue);
347 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
349 BT_DBG("dlc %p session %p", d, s);
351 rfcomm_session_hold(s);
353 rfcomm_session_clear_timer(s);
355 list_add(&d->list, &s->dlcs);
359 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
361 struct rfcomm_session *s = d->session;
363 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
369 if (list_empty(&s->dlcs))
370 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
372 rfcomm_session_put(s);
375 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
377 struct rfcomm_dlc *d;
380 list_for_each(p, &s->dlcs) {
381 d = list_entry(p, struct rfcomm_dlc, list);
388 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
390 struct rfcomm_session *s;
394 BT_DBG("dlc %p state %ld %s %s channel %d",
395 d, d->state, batostr(src), batostr(dst), channel);
397 if (channel < 1 || channel > 30)
400 if (d->state != BT_OPEN && d->state != BT_CLOSED)
403 s = rfcomm_session_get(src, dst);
405 s = rfcomm_session_create(src, dst, &err);
410 dlci = __dlci(!s->initiator, channel);
412 /* Check if DLCI already exists */
413 if (rfcomm_dlc_get(s, dlci))
416 rfcomm_dlc_clear_state(d);
419 d->addr = __addr(s->initiator, dlci);
422 d->state = BT_CONFIG;
423 rfcomm_dlc_link(s, d);
428 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
430 if (s->state == BT_CONNECTED) {
431 if (rfcomm_check_security(d))
432 rfcomm_send_pn(s, 1, d);
434 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
437 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
442 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
448 r = __rfcomm_dlc_open(d, src, dst, channel);
454 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
456 struct rfcomm_session *s = d->session;
460 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
461 d, d->state, d->dlci, err, s);
466 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
467 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
468 rfcomm_schedule(RFCOMM_SCHED_AUTH);
474 d->state = BT_DISCONN;
475 if (skb_queue_empty(&d->tx_queue)) {
476 rfcomm_send_disc(s, d->dlci);
477 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
479 rfcomm_queue_disc(d);
480 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
486 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
487 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
488 rfcomm_schedule(RFCOMM_SCHED_AUTH);
494 rfcomm_dlc_clear_timer(d);
497 d->state = BT_CLOSED;
498 d->state_change(d, err);
499 rfcomm_dlc_unlock(d);
501 skb_queue_purge(&d->tx_queue);
502 rfcomm_dlc_unlink(d);
508 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
514 r = __rfcomm_dlc_close(d, err);
520 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
524 if (d->state != BT_CONNECTED)
527 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
532 rfcomm_make_uih(skb, d->addr);
533 skb_queue_tail(&d->tx_queue, skb);
535 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
536 rfcomm_schedule(RFCOMM_SCHED_TX);
540 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
542 BT_DBG("dlc %p state %ld", d, d->state);
545 d->v24_sig |= RFCOMM_V24_FC;
546 set_bit(RFCOMM_MSC_PENDING, &d->flags);
548 rfcomm_schedule(RFCOMM_SCHED_TX);
551 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
553 BT_DBG("dlc %p state %ld", d, d->state);
556 d->v24_sig &= ~RFCOMM_V24_FC;
557 set_bit(RFCOMM_MSC_PENDING, &d->flags);
559 rfcomm_schedule(RFCOMM_SCHED_TX);
563 Set/get modem status functions use _local_ status i.e. what we report
565 Remote status is provided by dlc->modem_status() callback.
567 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
569 BT_DBG("dlc %p state %ld v24_sig 0x%x",
570 d, d->state, v24_sig);
572 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
573 v24_sig |= RFCOMM_V24_FC;
575 v24_sig &= ~RFCOMM_V24_FC;
577 d->v24_sig = v24_sig;
579 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
580 rfcomm_schedule(RFCOMM_SCHED_TX);
585 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
587 BT_DBG("dlc %p state %ld v24_sig 0x%x",
588 d, d->state, d->v24_sig);
590 *v24_sig = d->v24_sig;
594 /* ---- RFCOMM sessions ---- */
595 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
597 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
602 BT_DBG("session %p sock %p", s, sock);
604 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
606 INIT_LIST_HEAD(&s->dlcs);
610 s->mtu = RFCOMM_DEFAULT_MTU;
611 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
613 /* Do not increment module usage count for listening sessions.
614 * Otherwise we won't be able to unload the module. */
615 if (state != BT_LISTEN)
616 if (!try_module_get(THIS_MODULE)) {
621 list_add(&s->list, &session_list);
626 static void rfcomm_session_del(struct rfcomm_session *s)
628 int state = s->state;
630 BT_DBG("session %p state %ld", s, s->state);
634 if (state == BT_CONNECTED)
635 rfcomm_send_disc(s, 0);
637 rfcomm_session_clear_timer(s);
638 sock_release(s->sock);
641 if (state != BT_LISTEN)
642 module_put(THIS_MODULE);
645 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
647 struct rfcomm_session *s;
648 struct list_head *p, *n;
650 list_for_each_safe(p, n, &session_list) {
651 s = list_entry(p, struct rfcomm_session, list);
652 sk = bt_sk(s->sock->sk);
654 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
655 !bacmp(&sk->dst, dst))
661 static void rfcomm_session_close(struct rfcomm_session *s, int err)
663 struct rfcomm_dlc *d;
664 struct list_head *p, *n;
666 BT_DBG("session %p state %ld err %d", s, s->state, err);
668 rfcomm_session_hold(s);
670 s->state = BT_CLOSED;
673 list_for_each_safe(p, n, &s->dlcs) {
674 d = list_entry(p, struct rfcomm_dlc, list);
675 d->state = BT_CLOSED;
676 __rfcomm_dlc_close(d, err);
679 rfcomm_session_clear_timer(s);
680 rfcomm_session_put(s);
683 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
685 struct rfcomm_session *s = NULL;
686 struct sockaddr_l2 addr;
690 BT_DBG("%s %s", batostr(src), batostr(dst));
692 *err = rfcomm_l2sock_create(&sock);
696 bacpy(&addr.l2_bdaddr, src);
697 addr.l2_family = AF_BLUETOOTH;
700 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
704 /* Set L2CAP options */
707 l2cap_pi(sk)->imtu = l2cap_mtu;
709 l2cap_pi(sk)->mode = L2CAP_MODE_ERTM;
712 s = rfcomm_session_add(sock, BT_BOUND);
720 bacpy(&addr.l2_bdaddr, dst);
721 addr.l2_family = AF_BLUETOOTH;
722 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
724 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
725 if (*err == 0 || *err == -EINPROGRESS)
728 rfcomm_session_del(s);
736 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
738 struct sock *sk = s->sock->sk;
740 bacpy(src, &bt_sk(sk)->src);
742 bacpy(dst, &bt_sk(sk)->dst);
745 /* ---- RFCOMM frame sending ---- */
746 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
748 struct socket *sock = s->sock;
749 struct kvec iv = { data, len };
752 BT_DBG("session %p len %d", s, len);
754 memset(&msg, 0, sizeof(msg));
756 return kernel_sendmsg(sock, &msg, &iv, 1, len);
759 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
761 struct rfcomm_cmd cmd;
763 BT_DBG("%p dlci %d", s, dlci);
765 cmd.addr = __addr(s->initiator, dlci);
766 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
768 cmd.fcs = __fcs2((u8 *) &cmd);
770 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
773 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
775 struct rfcomm_cmd cmd;
777 BT_DBG("%p dlci %d", s, dlci);
779 cmd.addr = __addr(!s->initiator, dlci);
780 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
782 cmd.fcs = __fcs2((u8 *) &cmd);
784 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
787 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
789 struct rfcomm_cmd cmd;
791 BT_DBG("%p dlci %d", s, dlci);
793 cmd.addr = __addr(s->initiator, dlci);
794 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
796 cmd.fcs = __fcs2((u8 *) &cmd);
798 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
801 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
803 struct rfcomm_cmd *cmd;
806 BT_DBG("dlc %p dlci %d", d, d->dlci);
808 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
812 cmd = (void *) __skb_put(skb, sizeof(*cmd));
814 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
815 cmd->len = __len8(0);
816 cmd->fcs = __fcs2((u8 *) cmd);
818 skb_queue_tail(&d->tx_queue, skb);
819 rfcomm_schedule(RFCOMM_SCHED_TX);
823 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
825 struct rfcomm_cmd cmd;
827 BT_DBG("%p dlci %d", s, dlci);
829 cmd.addr = __addr(!s->initiator, dlci);
830 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
832 cmd.fcs = __fcs2((u8 *) &cmd);
834 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
837 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
839 struct rfcomm_hdr *hdr;
840 struct rfcomm_mcc *mcc;
841 u8 buf[16], *ptr = buf;
843 BT_DBG("%p cr %d type %d", s, cr, type);
845 hdr = (void *) ptr; ptr += sizeof(*hdr);
846 hdr->addr = __addr(s->initiator, 0);
847 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
848 hdr->len = __len8(sizeof(*mcc) + 1);
850 mcc = (void *) ptr; ptr += sizeof(*mcc);
851 mcc->type = __mcc_type(cr, RFCOMM_NSC);
852 mcc->len = __len8(1);
854 /* Type that we didn't like */
855 *ptr = __mcc_type(cr, type); ptr++;
857 *ptr = __fcs(buf); ptr++;
859 return rfcomm_send_frame(s, buf, ptr - buf);
862 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
864 struct rfcomm_hdr *hdr;
865 struct rfcomm_mcc *mcc;
866 struct rfcomm_pn *pn;
867 u8 buf[16], *ptr = buf;
869 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
871 hdr = (void *) ptr; ptr += sizeof(*hdr);
872 hdr->addr = __addr(s->initiator, 0);
873 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
874 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
876 mcc = (void *) ptr; ptr += sizeof(*mcc);
877 mcc->type = __mcc_type(cr, RFCOMM_PN);
878 mcc->len = __len8(sizeof(*pn));
880 pn = (void *) ptr; ptr += sizeof(*pn);
882 pn->priority = d->priority;
887 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
888 pn->credits = RFCOMM_DEFAULT_CREDITS;
894 if (cr && channel_mtu >= 0)
895 pn->mtu = cpu_to_le16(channel_mtu);
897 pn->mtu = cpu_to_le16(d->mtu);
899 *ptr = __fcs(buf); ptr++;
901 return rfcomm_send_frame(s, buf, ptr - buf);
904 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
905 u8 bit_rate, u8 data_bits, u8 stop_bits,
906 u8 parity, u8 flow_ctrl_settings,
907 u8 xon_char, u8 xoff_char, u16 param_mask)
909 struct rfcomm_hdr *hdr;
910 struct rfcomm_mcc *mcc;
911 struct rfcomm_rpn *rpn;
912 u8 buf[16], *ptr = buf;
914 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
915 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
916 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
917 flow_ctrl_settings, xon_char, xoff_char, param_mask);
919 hdr = (void *) ptr; ptr += sizeof(*hdr);
920 hdr->addr = __addr(s->initiator, 0);
921 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
922 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
924 mcc = (void *) ptr; ptr += sizeof(*mcc);
925 mcc->type = __mcc_type(cr, RFCOMM_RPN);
926 mcc->len = __len8(sizeof(*rpn));
928 rpn = (void *) ptr; ptr += sizeof(*rpn);
929 rpn->dlci = __addr(1, dlci);
930 rpn->bit_rate = bit_rate;
931 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
932 rpn->flow_ctrl = flow_ctrl_settings;
933 rpn->xon_char = xon_char;
934 rpn->xoff_char = xoff_char;
935 rpn->param_mask = cpu_to_le16(param_mask);
937 *ptr = __fcs(buf); ptr++;
939 return rfcomm_send_frame(s, buf, ptr - buf);
942 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
944 struct rfcomm_hdr *hdr;
945 struct rfcomm_mcc *mcc;
946 struct rfcomm_rls *rls;
947 u8 buf[16], *ptr = buf;
949 BT_DBG("%p cr %d status 0x%x", s, cr, status);
951 hdr = (void *) ptr; ptr += sizeof(*hdr);
952 hdr->addr = __addr(s->initiator, 0);
953 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
954 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
956 mcc = (void *) ptr; ptr += sizeof(*mcc);
957 mcc->type = __mcc_type(cr, RFCOMM_RLS);
958 mcc->len = __len8(sizeof(*rls));
960 rls = (void *) ptr; ptr += sizeof(*rls);
961 rls->dlci = __addr(1, dlci);
962 rls->status = status;
964 *ptr = __fcs(buf); ptr++;
966 return rfcomm_send_frame(s, buf, ptr - buf);
969 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
971 struct rfcomm_hdr *hdr;
972 struct rfcomm_mcc *mcc;
973 struct rfcomm_msc *msc;
974 u8 buf[16], *ptr = buf;
976 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
978 hdr = (void *) ptr; ptr += sizeof(*hdr);
979 hdr->addr = __addr(s->initiator, 0);
980 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
981 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
983 mcc = (void *) ptr; ptr += sizeof(*mcc);
984 mcc->type = __mcc_type(cr, RFCOMM_MSC);
985 mcc->len = __len8(sizeof(*msc));
987 msc = (void *) ptr; ptr += sizeof(*msc);
988 msc->dlci = __addr(1, dlci);
989 msc->v24_sig = v24_sig | 0x01;
991 *ptr = __fcs(buf); ptr++;
993 return rfcomm_send_frame(s, buf, ptr - buf);
996 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
998 struct rfcomm_hdr *hdr;
999 struct rfcomm_mcc *mcc;
1000 u8 buf[16], *ptr = buf;
1002 BT_DBG("%p cr %d", s, cr);
1004 hdr = (void *) ptr; ptr += sizeof(*hdr);
1005 hdr->addr = __addr(s->initiator, 0);
1006 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1007 hdr->len = __len8(sizeof(*mcc));
1009 mcc = (void *) ptr; ptr += sizeof(*mcc);
1010 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1011 mcc->len = __len8(0);
1013 *ptr = __fcs(buf); ptr++;
1015 return rfcomm_send_frame(s, buf, ptr - buf);
1018 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1020 struct rfcomm_hdr *hdr;
1021 struct rfcomm_mcc *mcc;
1022 u8 buf[16], *ptr = buf;
1024 BT_DBG("%p cr %d", s, cr);
1026 hdr = (void *) ptr; ptr += sizeof(*hdr);
1027 hdr->addr = __addr(s->initiator, 0);
1028 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1029 hdr->len = __len8(sizeof(*mcc));
1031 mcc = (void *) ptr; ptr += sizeof(*mcc);
1032 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1033 mcc->len = __len8(0);
1035 *ptr = __fcs(buf); ptr++;
1037 return rfcomm_send_frame(s, buf, ptr - buf);
1040 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1042 struct socket *sock = s->sock;
1045 unsigned char hdr[5], crc[1];
1050 BT_DBG("%p cr %d", s, cr);
1052 hdr[0] = __addr(s->initiator, 0);
1053 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1054 hdr[2] = 0x01 | ((len + 2) << 1);
1055 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1056 hdr[4] = 0x01 | (len << 1);
1058 crc[0] = __fcs(hdr);
1060 iv[0].iov_base = hdr;
1062 iv[1].iov_base = pattern;
1063 iv[1].iov_len = len;
1064 iv[2].iov_base = crc;
1067 memset(&msg, 0, sizeof(msg));
1069 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1072 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1074 struct rfcomm_hdr *hdr;
1075 u8 buf[16], *ptr = buf;
1077 BT_DBG("%p addr %d credits %d", s, addr, credits);
1079 hdr = (void *) ptr; ptr += sizeof(*hdr);
1081 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1082 hdr->len = __len8(0);
1084 *ptr = credits; ptr++;
1086 *ptr = __fcs(buf); ptr++;
1088 return rfcomm_send_frame(s, buf, ptr - buf);
1091 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1093 struct rfcomm_hdr *hdr;
1098 hdr = (void *) skb_push(skb, 4);
1099 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1101 hdr = (void *) skb_push(skb, 3);
1102 hdr->len = __len8(len);
1105 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1107 crc = skb_put(skb, 1);
1108 *crc = __fcs((void *) hdr);
1111 /* ---- RFCOMM frame reception ---- */
1112 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1114 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1118 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1120 rfcomm_send_dm(s, dlci);
1126 rfcomm_dlc_clear_timer(d);
1129 d->state = BT_CONNECTED;
1130 d->state_change(d, 0);
1131 rfcomm_dlc_unlock(d);
1133 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1137 d->state = BT_CLOSED;
1138 __rfcomm_dlc_close(d, 0);
1140 if (list_empty(&s->dlcs)) {
1141 s->state = BT_DISCONN;
1142 rfcomm_send_disc(s, 0);
1148 /* Control channel */
1151 s->state = BT_CONNECTED;
1152 rfcomm_process_connect(s);
1156 /* When socket is closed and we are not RFCOMM
1157 * initiator rfcomm_process_rx already calls
1158 * rfcomm_session_put() */
1159 if (s->sock->sk->sk_state != BT_CLOSED)
1160 rfcomm_session_put(s);
1167 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1171 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1175 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1177 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1182 d->state = BT_CLOSED;
1183 __rfcomm_dlc_close(d, err);
1186 if (s->state == BT_CONNECT)
1191 s->state = BT_CLOSED;
1192 rfcomm_session_close(s, err);
1197 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1201 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1204 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1206 rfcomm_send_ua(s, dlci);
1208 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1213 d->state = BT_CLOSED;
1214 __rfcomm_dlc_close(d, err);
1216 rfcomm_send_dm(s, dlci);
1219 rfcomm_send_ua(s, 0);
1221 if (s->state == BT_CONNECT)
1226 s->state = BT_CLOSED;
1227 rfcomm_session_close(s, err);
1233 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1235 struct sock *sk = d->session->sock->sk;
1237 BT_DBG("dlc %p", d);
1239 rfcomm_send_ua(d->session, d->dlci);
1241 rfcomm_dlc_clear_timer(d);
1244 d->state = BT_CONNECTED;
1245 d->state_change(d, 0);
1246 rfcomm_dlc_unlock(d);
1249 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);
1251 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1254 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1256 if (rfcomm_check_security(d)) {
1257 if (d->defer_setup) {
1258 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1259 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1262 d->state = BT_CONNECT2;
1263 d->state_change(d, 0);
1264 rfcomm_dlc_unlock(d);
1266 rfcomm_dlc_accept(d);
1268 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1269 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1273 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1275 struct rfcomm_dlc *d;
1278 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1281 rfcomm_send_ua(s, 0);
1283 if (s->state == BT_OPEN) {
1284 s->state = BT_CONNECTED;
1285 rfcomm_process_connect(s);
1290 /* Check if DLC exists */
1291 d = rfcomm_dlc_get(s, dlci);
1293 if (d->state == BT_OPEN) {
1294 /* DLC was previously opened by PN request */
1295 rfcomm_check_accept(d);
1300 /* Notify socket layer about incoming connection */
1301 channel = __srv_channel(dlci);
1302 if (rfcomm_connect_ind(s, channel, &d)) {
1304 d->addr = __addr(s->initiator, dlci);
1305 rfcomm_dlc_link(s, d);
1307 rfcomm_check_accept(d);
1309 rfcomm_send_dm(s, dlci);
1315 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1317 struct rfcomm_session *s = d->session;
1319 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1320 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1322 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1323 pn->flow_ctrl == 0xe0) {
1324 d->cfc = RFCOMM_CFC_ENABLED;
1325 d->tx_credits = pn->credits;
1327 d->cfc = RFCOMM_CFC_DISABLED;
1328 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1331 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1334 d->priority = pn->priority;
1336 d->mtu = __le16_to_cpu(pn->mtu);
1338 if (cr && d->mtu > s->mtu)
1344 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1346 struct rfcomm_pn *pn = (void *) skb->data;
1347 struct rfcomm_dlc *d;
1350 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1355 d = rfcomm_dlc_get(s, dlci);
1359 rfcomm_apply_pn(d, cr, pn);
1360 rfcomm_send_pn(s, 0, d);
1365 rfcomm_apply_pn(d, cr, pn);
1367 d->state = BT_CONNECT;
1368 rfcomm_send_sabm(s, d->dlci);
1373 u8 channel = __srv_channel(dlci);
1378 /* PN request for non existing DLC.
1379 * Assume incoming connection. */
1380 if (rfcomm_connect_ind(s, channel, &d)) {
1382 d->addr = __addr(s->initiator, dlci);
1383 rfcomm_dlc_link(s, d);
1385 rfcomm_apply_pn(d, cr, pn);
1388 rfcomm_send_pn(s, 0, d);
1390 rfcomm_send_dm(s, dlci);
1396 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1398 struct rfcomm_rpn *rpn = (void *) skb->data;
1399 u8 dlci = __get_dlci(rpn->dlci);
1408 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1410 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1411 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1412 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1418 /* This is a request, return default settings */
1419 bit_rate = RFCOMM_RPN_BR_115200;
1420 data_bits = RFCOMM_RPN_DATA_8;
1421 stop_bits = RFCOMM_RPN_STOP_1;
1422 parity = RFCOMM_RPN_PARITY_NONE;
1423 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1424 xon_char = RFCOMM_RPN_XON_CHAR;
1425 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1429 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1430 * no parity, no flow control lines, normal XON/XOFF chars */
1432 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1433 bit_rate = rpn->bit_rate;
1434 if (bit_rate != RFCOMM_RPN_BR_115200) {
1435 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1436 bit_rate = RFCOMM_RPN_BR_115200;
1437 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1441 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1442 data_bits = __get_rpn_data_bits(rpn->line_settings);
1443 if (data_bits != RFCOMM_RPN_DATA_8) {
1444 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1445 data_bits = RFCOMM_RPN_DATA_8;
1446 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1450 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1451 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1452 if (stop_bits != RFCOMM_RPN_STOP_1) {
1453 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1454 stop_bits = RFCOMM_RPN_STOP_1;
1455 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1459 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1460 parity = __get_rpn_parity(rpn->line_settings);
1461 if (parity != RFCOMM_RPN_PARITY_NONE) {
1462 BT_DBG("RPN parity mismatch 0x%x", parity);
1463 parity = RFCOMM_RPN_PARITY_NONE;
1464 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1468 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1469 flow_ctrl = rpn->flow_ctrl;
1470 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1471 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1472 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1473 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1477 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1478 xon_char = rpn->xon_char;
1479 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1480 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1481 xon_char = RFCOMM_RPN_XON_CHAR;
1482 rpn_mask ^= RFCOMM_RPN_PM_XON;
1486 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1487 xoff_char = rpn->xoff_char;
1488 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1489 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1490 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1491 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1496 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1497 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1502 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1504 struct rfcomm_rls *rls = (void *) skb->data;
1505 u8 dlci = __get_dlci(rls->dlci);
1507 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1512 /* We should probably do something with this information here. But
1513 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1514 * mandatory to recognise and respond to RLS */
1516 rfcomm_send_rls(s, 0, dlci, rls->status);
1521 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1523 struct rfcomm_msc *msc = (void *) skb->data;
1524 struct rfcomm_dlc *d;
1525 u8 dlci = __get_dlci(msc->dlci);
1527 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1529 d = rfcomm_dlc_get(s, dlci);
1534 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1535 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1537 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1541 d->remote_v24_sig = msc->v24_sig;
1543 if (d->modem_status)
1544 d->modem_status(d, msc->v24_sig);
1546 rfcomm_dlc_unlock(d);
1548 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1550 d->mscex |= RFCOMM_MSCEX_RX;
1552 d->mscex |= RFCOMM_MSCEX_TX;
1557 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1559 struct rfcomm_mcc *mcc = (void *) skb->data;
1562 cr = __test_cr(mcc->type);
1563 type = __get_mcc_type(mcc->type);
1564 len = __get_mcc_len(mcc->len);
1566 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1572 rfcomm_recv_pn(s, cr, skb);
1576 rfcomm_recv_rpn(s, cr, len, skb);
1580 rfcomm_recv_rls(s, cr, skb);
1584 rfcomm_recv_msc(s, cr, skb);
1589 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1590 rfcomm_send_fcoff(s, 0);
1596 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1597 rfcomm_send_fcon(s, 0);
1603 rfcomm_send_test(s, 0, skb->data, skb->len);
1610 BT_ERR("Unknown control type 0x%02x", type);
1611 rfcomm_send_nsc(s, cr, type);
1617 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1619 struct rfcomm_dlc *d;
1621 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1623 d = rfcomm_dlc_get(s, dlci);
1625 rfcomm_send_dm(s, dlci);
1630 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1632 d->tx_credits += credits;
1634 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1637 if (skb->len && d->state == BT_CONNECTED) {
1640 d->data_ready(d, skb);
1641 rfcomm_dlc_unlock(d);
1650 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1652 struct rfcomm_hdr *hdr = (void *) skb->data;
1655 dlci = __get_dlci(hdr->addr);
1656 type = __get_type(hdr->ctrl);
1659 skb->len--; skb->tail--;
1660 fcs = *(u8 *)skb_tail_pointer(skb);
1662 if (__check_fcs(skb->data, type, fcs)) {
1663 BT_ERR("bad checksum in packet");
1668 if (__test_ea(hdr->len))
1675 if (__test_pf(hdr->ctrl))
1676 rfcomm_recv_sabm(s, dlci);
1680 if (__test_pf(hdr->ctrl))
1681 rfcomm_recv_disc(s, dlci);
1685 if (__test_pf(hdr->ctrl))
1686 rfcomm_recv_ua(s, dlci);
1690 rfcomm_recv_dm(s, dlci);
1695 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1697 rfcomm_recv_mcc(s, skb);
1701 BT_ERR("Unknown packet type 0x%02x\n", type);
1708 /* ---- Connection and data processing ---- */
1710 static void rfcomm_process_connect(struct rfcomm_session *s)
1712 struct rfcomm_dlc *d;
1713 struct list_head *p, *n;
1715 BT_DBG("session %p state %ld", s, s->state);
1717 list_for_each_safe(p, n, &s->dlcs) {
1718 d = list_entry(p, struct rfcomm_dlc, list);
1719 if (d->state == BT_CONFIG) {
1721 if (rfcomm_check_security(d)) {
1722 rfcomm_send_pn(s, 1, d);
1724 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1725 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1731 /* Send data queued for the DLC.
1732 * Return number of frames left in the queue.
1734 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1736 struct sk_buff *skb;
1739 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1740 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1742 /* Send pending MSC */
1743 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1744 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1748 * Give them some credits */
1749 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1750 d->rx_credits <= (d->cfc >> 2)) {
1751 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1752 d->rx_credits = d->cfc;
1756 * Give ourselves some credits */
1760 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1761 return skb_queue_len(&d->tx_queue);
1763 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1764 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1766 skb_queue_head(&d->tx_queue, skb);
1773 if (d->cfc && !d->tx_credits) {
1774 /* We're out of TX credits.
1775 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1776 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1779 return skb_queue_len(&d->tx_queue);
1782 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1784 struct rfcomm_dlc *d;
1785 struct list_head *p, *n;
1787 BT_DBG("session %p state %ld", s, s->state);
1789 list_for_each_safe(p, n, &s->dlcs) {
1790 d = list_entry(p, struct rfcomm_dlc, list);
1792 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1793 __rfcomm_dlc_close(d, ETIMEDOUT);
1797 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1798 rfcomm_dlc_clear_timer(d);
1800 rfcomm_send_pn(s, 1, d);
1801 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1803 if (d->defer_setup) {
1804 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1805 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1808 d->state = BT_CONNECT2;
1809 d->state_change(d, 0);
1810 rfcomm_dlc_unlock(d);
1812 rfcomm_dlc_accept(d);
1815 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1816 rfcomm_dlc_clear_timer(d);
1818 rfcomm_send_dm(s, d->dlci);
1820 d->state = BT_CLOSED;
1821 __rfcomm_dlc_close(d, ECONNREFUSED);
1825 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1828 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1831 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1832 d->mscex == RFCOMM_MSCEX_OK)
1833 rfcomm_process_tx(d);
1837 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1839 struct socket *sock = s->sock;
1840 struct sock *sk = sock->sk;
1841 struct sk_buff *skb;
1843 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1845 /* Get data directly from socket receive queue without copying it. */
1846 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1848 rfcomm_recv_frame(s, skb);
1851 if (sk->sk_state == BT_CLOSED) {
1853 rfcomm_session_put(s);
1855 rfcomm_session_close(s, sk->sk_err);
1859 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1861 struct socket *sock = s->sock, *nsock;
1864 /* Fast check for a new connection.
1865 * Avoids unnesesary socket allocations. */
1866 if (list_empty(&bt_sk(sock->sk)->accept_q))
1869 BT_DBG("session %p", s);
1871 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1875 /* Set our callbacks */
1876 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1877 nsock->sk->sk_state_change = rfcomm_l2state_change;
1879 s = rfcomm_session_add(nsock, BT_OPEN);
1881 rfcomm_session_hold(s);
1883 /* We should adjust MTU on incoming sessions.
1884 * L2CAP MTU minus UIH header and FCS. */
1885 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5;
1887 rfcomm_schedule(RFCOMM_SCHED_RX);
1889 sock_release(nsock);
1892 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1894 struct sock *sk = s->sock->sk;
1896 BT_DBG("%p state %ld", s, s->state);
1898 switch(sk->sk_state) {
1900 s->state = BT_CONNECT;
1902 /* We can adjust MTU on outgoing sessions.
1903 * L2CAP MTU minus UIH header and FCS. */
1904 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1906 rfcomm_send_sabm(s, 0);
1910 s->state = BT_CLOSED;
1911 rfcomm_session_close(s, sk->sk_err);
1916 static inline void rfcomm_process_sessions(void)
1918 struct list_head *p, *n;
1922 list_for_each_safe(p, n, &session_list) {
1923 struct rfcomm_session *s;
1924 s = list_entry(p, struct rfcomm_session, list);
1926 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1927 s->state = BT_DISCONN;
1928 rfcomm_send_disc(s, 0);
1929 rfcomm_session_put(s);
1933 if (s->state == BT_LISTEN) {
1934 rfcomm_accept_connection(s);
1938 rfcomm_session_hold(s);
1942 rfcomm_check_connection(s);
1946 rfcomm_process_rx(s);
1950 rfcomm_process_dlcs(s);
1952 rfcomm_session_put(s);
1958 static int rfcomm_add_listener(bdaddr_t *ba)
1960 struct sockaddr_l2 addr;
1961 struct socket *sock;
1963 struct rfcomm_session *s;
1967 err = rfcomm_l2sock_create(&sock);
1969 BT_ERR("Create socket failed %d", err);
1974 bacpy(&addr.l2_bdaddr, ba);
1975 addr.l2_family = AF_BLUETOOTH;
1976 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
1978 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1980 BT_ERR("Bind failed %d", err);
1984 /* Set L2CAP options */
1987 l2cap_pi(sk)->imtu = l2cap_mtu;
1990 /* Start listening on the socket */
1991 err = kernel_listen(sock, 10);
1993 BT_ERR("Listen failed %d", err);
1997 /* Add listening session */
1998 s = rfcomm_session_add(sock, BT_LISTEN);
2002 rfcomm_session_hold(s);
2009 static void rfcomm_kill_listener(void)
2011 struct rfcomm_session *s;
2012 struct list_head *p, *n;
2016 list_for_each_safe(p, n, &session_list) {
2017 s = list_entry(p, struct rfcomm_session, list);
2018 rfcomm_session_del(s);
2022 static int rfcomm_run(void *unused)
2026 set_user_nice(current, -10);
2028 rfcomm_add_listener(BDADDR_ANY);
2030 while (!kthread_should_stop()) {
2031 set_current_state(TASK_INTERRUPTIBLE);
2032 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
2033 /* No pending events. Let's sleep.
2034 * Incoming connections and data will wake us up. */
2037 set_current_state(TASK_RUNNING);
2040 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
2041 rfcomm_process_sessions();
2044 rfcomm_kill_listener();
2049 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2051 struct rfcomm_session *s;
2052 struct rfcomm_dlc *d;
2053 struct list_head *p, *n;
2055 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2057 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2061 rfcomm_session_hold(s);
2063 list_for_each_safe(p, n, &s->dlcs) {
2064 d = list_entry(p, struct rfcomm_dlc, list);
2066 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2067 rfcomm_dlc_clear_timer(d);
2068 if (status || encrypt == 0x00) {
2069 __rfcomm_dlc_close(d, ECONNREFUSED);
2074 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2075 if (d->sec_level == BT_SECURITY_MEDIUM) {
2076 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2077 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2079 } else if (d->sec_level == BT_SECURITY_HIGH) {
2080 __rfcomm_dlc_close(d, ECONNREFUSED);
2085 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2089 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2091 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2094 rfcomm_session_put(s);
2096 rfcomm_schedule(RFCOMM_SCHED_AUTH);
2099 static struct hci_cb rfcomm_cb = {
2101 .security_cfm = rfcomm_security_cfm
2104 static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2106 struct rfcomm_session *s;
2107 struct list_head *pp, *p;
2111 list_for_each(p, &session_list) {
2112 s = list_entry(p, struct rfcomm_session, list);
2113 list_for_each(pp, &s->dlcs) {
2114 struct sock *sk = s->sock->sk;
2115 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
2117 seq_printf(f, "%s %s %ld %d %d %d %d\n",
2118 batostr(&bt_sk(sk)->src),
2119 batostr(&bt_sk(sk)->dst),
2120 d->state, d->dlci, d->mtu,
2121 d->rx_credits, d->tx_credits);
2130 static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file)
2132 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private);
2135 static const struct file_operations rfcomm_dlc_debugfs_fops = {
2136 .open = rfcomm_dlc_debugfs_open,
2138 .llseek = seq_lseek,
2139 .release = single_release,
2142 static struct dentry *rfcomm_dlc_debugfs;
2144 /* ---- Initialization ---- */
2145 static int __init rfcomm_init(void)
2151 hci_register_cb(&rfcomm_cb);
2153 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2154 if (IS_ERR(rfcomm_thread)) {
2155 err = PTR_ERR(rfcomm_thread);
2160 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2161 bt_debugfs, NULL, &rfcomm_dlc_debugfs_fops);
2162 if (!rfcomm_dlc_debugfs)
2163 BT_ERR("Failed to create RFCOMM debug file");
2166 err = rfcomm_init_ttys();
2170 err = rfcomm_init_sockets();
2174 BT_INFO("RFCOMM ver %s", VERSION);
2179 rfcomm_cleanup_ttys();
2182 kthread_stop(rfcomm_thread);
2185 hci_unregister_cb(&rfcomm_cb);
2190 static void __exit rfcomm_exit(void)
2192 debugfs_remove(rfcomm_dlc_debugfs);
2194 hci_unregister_cb(&rfcomm_cb);
2196 kthread_stop(rfcomm_thread);
2198 rfcomm_cleanup_ttys();
2200 rfcomm_cleanup_sockets();
2203 module_init(rfcomm_init);
2204 module_exit(rfcomm_exit);
2206 module_param(disable_cfc, bool, 0644);
2207 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2209 module_param(channel_mtu, int, 0644);
2210 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2212 module_param(l2cap_mtu, uint, 0644);
2213 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2215 module_param(l2cap_ertm, bool, 0644);
2216 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2218 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2219 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2220 MODULE_VERSION(VERSION);
2221 MODULE_LICENSE("GPL");
2222 MODULE_ALIAS("bt-proto-3");
git.openpandora.org / pandora-kernel.git / blob