2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
27 * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $
30 #include <linux/config.h>
31 #include <linux/module.h>
32 #include <linux/errno.h>
33 #include <linux/kernel.h>
34 #include <linux/sched.h>
35 #include <linux/signal.h>
36 #include <linux/init.h>
37 #include <linux/wait.h>
38 #include <linux/net.h>
39 #include <linux/proc_fs.h>
40 #include <linux/seq_file.h>
42 #include <asm/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
47 #include <net/bluetooth/l2cap.h>
48 #include <net/bluetooth/rfcomm.h>
52 #ifndef CONFIG_BT_RFCOMM_DEBUG
58 struct proc_dir_entry *proc_bt_rfcomm;
61 static struct task_struct *rfcomm_thread;
63 static DECLARE_MUTEX(rfcomm_sem);
64 #define rfcomm_lock() down(&rfcomm_sem);
65 #define rfcomm_unlock() up(&rfcomm_sem);
67 static unsigned long rfcomm_event;
69 static LIST_HEAD(session_list);
70 static atomic_t terminate, running;
72 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
73 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
74 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
75 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
76 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
77 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
78 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
79 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
80 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
81 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
83 static void rfcomm_process_connect(struct rfcomm_session *s);
85 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
86 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
87 static void rfcomm_session_del(struct rfcomm_session *s);
89 /* ---- RFCOMM frame parsing macros ---- */
90 #define __get_dlci(b) ((b & 0xfc) >> 2)
91 #define __get_channel(b) ((b & 0xf8) >> 3)
92 #define __get_dir(b) ((b & 0x04) >> 2)
93 #define __get_type(b) ((b & 0xef))
95 #define __test_ea(b) ((b & 0x01))
96 #define __test_cr(b) ((b & 0x02))
97 #define __test_pf(b) ((b & 0x10))
99 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
100 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
101 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
102 #define __srv_channel(dlci) (dlci >> 1)
103 #define __dir(dlci) (dlci & 0x01)
105 #define __len8(len) (((len) << 1) | 1)
106 #define __len16(len) ((len) << 1)
109 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
110 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
111 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
114 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
115 #define __get_rpn_data_bits(line) ((line) & 0x3)
116 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
117 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
119 static inline void rfcomm_schedule(uint event)
123 //set_bit(event, &rfcomm_event);
124 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
125 wake_up_process(rfcomm_thread);
128 static inline void rfcomm_session_put(struct rfcomm_session *s)
130 if (atomic_dec_and_test(&s->refcnt))
131 rfcomm_session_del(s);
134 /* ---- RFCOMM FCS computation ---- */
136 /* reversed, 8-bit, poly=0x07 */
137 static unsigned char rfcomm_crc_table[256] = {
138 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
139 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
140 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
141 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
143 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
144 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
145 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
146 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
148 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
149 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
150 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
151 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
153 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
154 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
155 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
156 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
158 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
159 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
160 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
161 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
163 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
164 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
165 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
166 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
168 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
169 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
170 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
171 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
173 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
174 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
175 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
176 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
180 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
183 static inline u8 __fcs(u8 *data)
185 return (0xff - __crc(data));
189 static inline u8 __fcs2(u8 *data)
191 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
195 static inline int __check_fcs(u8 *data, int type, u8 fcs)
199 if (type != RFCOMM_UIH)
200 f = rfcomm_crc_table[f ^ data[2]];
202 return rfcomm_crc_table[f ^ fcs] != 0xcf;
205 /* ---- L2CAP callbacks ---- */
206 static void rfcomm_l2state_change(struct sock *sk)
208 BT_DBG("%p state %d", sk, sk->sk_state);
209 rfcomm_schedule(RFCOMM_SCHED_STATE);
212 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
214 BT_DBG("%p bytes %d", sk, bytes);
215 rfcomm_schedule(RFCOMM_SCHED_RX);
218 static int rfcomm_l2sock_create(struct socket **sock)
224 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
226 struct sock *sk = (*sock)->sk;
227 sk->sk_data_ready = rfcomm_l2data_ready;
228 sk->sk_state_change = rfcomm_l2state_change;
233 /* ---- RFCOMM DLCs ---- */
234 static void rfcomm_dlc_timeout(unsigned long arg)
236 struct rfcomm_dlc *d = (void *) arg;
238 BT_DBG("dlc %p state %ld", d, d->state);
240 set_bit(RFCOMM_TIMED_OUT, &d->flags);
242 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
245 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
247 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
249 if (!mod_timer(&d->timer, jiffies + timeout))
253 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
255 BT_DBG("dlc %p state %ld", d, d->state);
257 if (timer_pending(&d->timer) && del_timer(&d->timer))
261 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
268 d->mtu = RFCOMM_DEFAULT_MTU;
269 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
271 d->cfc = RFCOMM_CFC_DISABLED;
272 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
275 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
277 struct rfcomm_dlc *d = kmalloc(sizeof(*d), prio);
280 memset(d, 0, sizeof(*d));
282 init_timer(&d->timer);
283 d->timer.function = rfcomm_dlc_timeout;
284 d->timer.data = (unsigned long) d;
286 skb_queue_head_init(&d->tx_queue);
287 spin_lock_init(&d->lock);
288 atomic_set(&d->refcnt, 1);
290 rfcomm_dlc_clear_state(d);
296 void rfcomm_dlc_free(struct rfcomm_dlc *d)
300 skb_queue_purge(&d->tx_queue);
304 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
306 BT_DBG("dlc %p session %p", d, s);
308 rfcomm_session_hold(s);
311 list_add(&d->list, &s->dlcs);
315 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
317 struct rfcomm_session *s = d->session;
319 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
325 rfcomm_session_put(s);
328 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
330 struct rfcomm_dlc *d;
333 list_for_each(p, &s->dlcs) {
334 d = list_entry(p, struct rfcomm_dlc, list);
341 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
343 struct rfcomm_session *s;
347 BT_DBG("dlc %p state %ld %s %s channel %d",
348 d, d->state, batostr(src), batostr(dst), channel);
350 if (channel < 1 || channel > 30)
353 if (d->state != BT_OPEN && d->state != BT_CLOSED)
356 s = rfcomm_session_get(src, dst);
358 s = rfcomm_session_create(src, dst, &err);
363 dlci = __dlci(!s->initiator, channel);
365 /* Check if DLCI already exists */
366 if (rfcomm_dlc_get(s, dlci))
369 rfcomm_dlc_clear_state(d);
372 d->addr = __addr(s->initiator, dlci);
375 d->state = BT_CONFIG;
376 rfcomm_dlc_link(s, d);
379 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
381 if (s->state == BT_CONNECTED)
382 rfcomm_send_pn(s, 1, d);
383 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
387 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
393 r = __rfcomm_dlc_open(d, src, dst, channel);
399 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
401 struct rfcomm_session *s = d->session;
405 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
406 d, d->state, d->dlci, err, s);
412 d->state = BT_DISCONN;
413 if (skb_queue_empty(&d->tx_queue)) {
414 rfcomm_send_disc(s, d->dlci);
415 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
417 rfcomm_queue_disc(d);
418 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
423 rfcomm_dlc_clear_timer(d);
426 d->state = BT_CLOSED;
427 d->state_change(d, err);
428 rfcomm_dlc_unlock(d);
430 skb_queue_purge(&d->tx_queue);
431 rfcomm_dlc_unlink(d);
437 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
443 r = __rfcomm_dlc_close(d, err);
449 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
453 if (d->state != BT_CONNECTED)
456 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
461 rfcomm_make_uih(skb, d->addr);
462 skb_queue_tail(&d->tx_queue, skb);
464 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
465 rfcomm_schedule(RFCOMM_SCHED_TX);
469 void fastcall __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
471 BT_DBG("dlc %p state %ld", d, d->state);
474 d->v24_sig |= RFCOMM_V24_FC;
475 set_bit(RFCOMM_MSC_PENDING, &d->flags);
477 rfcomm_schedule(RFCOMM_SCHED_TX);
480 void fastcall __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
482 BT_DBG("dlc %p state %ld", d, d->state);
485 d->v24_sig &= ~RFCOMM_V24_FC;
486 set_bit(RFCOMM_MSC_PENDING, &d->flags);
488 rfcomm_schedule(RFCOMM_SCHED_TX);
492 Set/get modem status functions use _local_ status i.e. what we report
494 Remote status is provided by dlc->modem_status() callback.
496 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
498 BT_DBG("dlc %p state %ld v24_sig 0x%x",
499 d, d->state, v24_sig);
501 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
502 v24_sig |= RFCOMM_V24_FC;
504 v24_sig &= ~RFCOMM_V24_FC;
506 d->v24_sig = v24_sig;
508 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
509 rfcomm_schedule(RFCOMM_SCHED_TX);
514 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
516 BT_DBG("dlc %p state %ld v24_sig 0x%x",
517 d, d->state, d->v24_sig);
519 *v24_sig = d->v24_sig;
523 /* ---- RFCOMM sessions ---- */
524 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
526 struct rfcomm_session *s = kmalloc(sizeof(*s), GFP_KERNEL);
529 memset(s, 0, sizeof(*s));
531 BT_DBG("session %p sock %p", s, sock);
533 INIT_LIST_HEAD(&s->dlcs);
537 s->mtu = RFCOMM_DEFAULT_MTU;
538 s->cfc = RFCOMM_CFC_UNKNOWN;
540 /* Do not increment module usage count for listening sessions.
541 * Otherwise we won't be able to unload the module. */
542 if (state != BT_LISTEN)
543 if (!try_module_get(THIS_MODULE)) {
548 list_add(&s->list, &session_list);
553 static void rfcomm_session_del(struct rfcomm_session *s)
555 int state = s->state;
557 BT_DBG("session %p state %ld", s, s->state);
561 if (state == BT_CONNECTED)
562 rfcomm_send_disc(s, 0);
564 sock_release(s->sock);
567 if (state != BT_LISTEN)
568 module_put(THIS_MODULE);
571 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
573 struct rfcomm_session *s;
574 struct list_head *p, *n;
576 list_for_each_safe(p, n, &session_list) {
577 s = list_entry(p, struct rfcomm_session, list);
578 sk = bt_sk(s->sock->sk);
580 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
581 !bacmp(&sk->dst, dst))
587 static void rfcomm_session_close(struct rfcomm_session *s, int err)
589 struct rfcomm_dlc *d;
590 struct list_head *p, *n;
592 BT_DBG("session %p state %ld err %d", s, s->state, err);
594 rfcomm_session_hold(s);
596 s->state = BT_CLOSED;
599 list_for_each_safe(p, n, &s->dlcs) {
600 d = list_entry(p, struct rfcomm_dlc, list);
601 d->state = BT_CLOSED;
602 __rfcomm_dlc_close(d, err);
605 rfcomm_session_put(s);
608 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
610 struct rfcomm_session *s = NULL;
611 struct sockaddr_l2 addr;
615 BT_DBG("%s %s", batostr(src), batostr(dst));
617 *err = rfcomm_l2sock_create(&sock);
621 bacpy(&addr.l2_bdaddr, src);
622 addr.l2_family = AF_BLUETOOTH;
624 *err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
628 /* Set L2CAP options */
631 l2cap_pi(sk)->imtu = RFCOMM_MAX_L2CAP_MTU;
634 s = rfcomm_session_add(sock, BT_BOUND);
642 bacpy(&addr.l2_bdaddr, dst);
643 addr.l2_family = AF_BLUETOOTH;
644 addr.l2_psm = htobs(RFCOMM_PSM);
645 *err = sock->ops->connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
646 if (*err == 0 || *err == -EAGAIN)
649 rfcomm_session_del(s);
657 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
659 struct sock *sk = s->sock->sk;
661 bacpy(src, &bt_sk(sk)->src);
663 bacpy(dst, &bt_sk(sk)->dst);
666 /* ---- RFCOMM frame sending ---- */
667 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
669 struct socket *sock = s->sock;
670 struct kvec iv = { data, len };
673 BT_DBG("session %p len %d", s, len);
675 memset(&msg, 0, sizeof(msg));
677 return kernel_sendmsg(sock, &msg, &iv, 1, len);
680 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
682 struct rfcomm_cmd cmd;
684 BT_DBG("%p dlci %d", s, dlci);
686 cmd.addr = __addr(s->initiator, dlci);
687 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
689 cmd.fcs = __fcs2((u8 *) &cmd);
691 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
694 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
696 struct rfcomm_cmd cmd;
698 BT_DBG("%p dlci %d", s, dlci);
700 cmd.addr = __addr(!s->initiator, dlci);
701 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
703 cmd.fcs = __fcs2((u8 *) &cmd);
705 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
708 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
710 struct rfcomm_cmd cmd;
712 BT_DBG("%p dlci %d", s, dlci);
714 cmd.addr = __addr(s->initiator, dlci);
715 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
717 cmd.fcs = __fcs2((u8 *) &cmd);
719 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
722 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
724 struct rfcomm_cmd *cmd;
727 BT_DBG("dlc %p dlci %d", d, d->dlci);
729 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
733 cmd = (void *) __skb_put(skb, sizeof(*cmd));
735 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
736 cmd->len = __len8(0);
737 cmd->fcs = __fcs2((u8 *) cmd);
739 skb_queue_tail(&d->tx_queue, skb);
740 rfcomm_schedule(RFCOMM_SCHED_TX);
744 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
746 struct rfcomm_cmd cmd;
748 BT_DBG("%p dlci %d", s, dlci);
750 cmd.addr = __addr(!s->initiator, dlci);
751 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
753 cmd.fcs = __fcs2((u8 *) &cmd);
755 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
758 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
760 struct rfcomm_hdr *hdr;
761 struct rfcomm_mcc *mcc;
762 u8 buf[16], *ptr = buf;
764 BT_DBG("%p cr %d type %d", s, cr, type);
766 hdr = (void *) ptr; ptr += sizeof(*hdr);
767 hdr->addr = __addr(s->initiator, 0);
768 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
769 hdr->len = __len8(sizeof(*mcc) + 1);
771 mcc = (void *) ptr; ptr += sizeof(*mcc);
772 mcc->type = __mcc_type(cr, RFCOMM_NSC);
773 mcc->len = __len8(1);
775 /* Type that we didn't like */
776 *ptr = __mcc_type(cr, type); ptr++;
778 *ptr = __fcs(buf); ptr++;
780 return rfcomm_send_frame(s, buf, ptr - buf);
783 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
785 struct rfcomm_hdr *hdr;
786 struct rfcomm_mcc *mcc;
787 struct rfcomm_pn *pn;
788 u8 buf[16], *ptr = buf;
790 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
792 hdr = (void *) ptr; ptr += sizeof(*hdr);
793 hdr->addr = __addr(s->initiator, 0);
794 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
795 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
797 mcc = (void *) ptr; ptr += sizeof(*mcc);
798 mcc->type = __mcc_type(cr, RFCOMM_PN);
799 mcc->len = __len8(sizeof(*pn));
801 pn = (void *) ptr; ptr += sizeof(*pn);
803 pn->priority = d->priority;
808 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
809 pn->credits = RFCOMM_DEFAULT_CREDITS;
815 pn->mtu = htobs(d->mtu);
817 *ptr = __fcs(buf); ptr++;
819 return rfcomm_send_frame(s, buf, ptr - buf);
822 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
823 u8 bit_rate, u8 data_bits, u8 stop_bits,
824 u8 parity, u8 flow_ctrl_settings,
825 u8 xon_char, u8 xoff_char, u16 param_mask)
827 struct rfcomm_hdr *hdr;
828 struct rfcomm_mcc *mcc;
829 struct rfcomm_rpn *rpn;
830 u8 buf[16], *ptr = buf;
832 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
833 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
834 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
835 flow_ctrl_settings, xon_char, xoff_char, param_mask);
837 hdr = (void *) ptr; ptr += sizeof(*hdr);
838 hdr->addr = __addr(s->initiator, 0);
839 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
840 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
842 mcc = (void *) ptr; ptr += sizeof(*mcc);
843 mcc->type = __mcc_type(cr, RFCOMM_RPN);
844 mcc->len = __len8(sizeof(*rpn));
846 rpn = (void *) ptr; ptr += sizeof(*rpn);
847 rpn->dlci = __addr(1, dlci);
848 rpn->bit_rate = bit_rate;
849 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
850 rpn->flow_ctrl = flow_ctrl_settings;
851 rpn->xon_char = xon_char;
852 rpn->xoff_char = xoff_char;
853 rpn->param_mask = param_mask;
855 *ptr = __fcs(buf); ptr++;
857 return rfcomm_send_frame(s, buf, ptr - buf);
860 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
862 struct rfcomm_hdr *hdr;
863 struct rfcomm_mcc *mcc;
864 struct rfcomm_rls *rls;
865 u8 buf[16], *ptr = buf;
867 BT_DBG("%p cr %d status 0x%x", s, cr, status);
869 hdr = (void *) ptr; ptr += sizeof(*hdr);
870 hdr->addr = __addr(s->initiator, 0);
871 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
872 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
874 mcc = (void *) ptr; ptr += sizeof(*mcc);
875 mcc->type = __mcc_type(cr, RFCOMM_RLS);
876 mcc->len = __len8(sizeof(*rls));
878 rls = (void *) ptr; ptr += sizeof(*rls);
879 rls->dlci = __addr(1, dlci);
880 rls->status = status;
882 *ptr = __fcs(buf); ptr++;
884 return rfcomm_send_frame(s, buf, ptr - buf);
887 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
889 struct rfcomm_hdr *hdr;
890 struct rfcomm_mcc *mcc;
891 struct rfcomm_msc *msc;
892 u8 buf[16], *ptr = buf;
894 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
896 hdr = (void *) ptr; ptr += sizeof(*hdr);
897 hdr->addr = __addr(s->initiator, 0);
898 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
899 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
901 mcc = (void *) ptr; ptr += sizeof(*mcc);
902 mcc->type = __mcc_type(cr, RFCOMM_MSC);
903 mcc->len = __len8(sizeof(*msc));
905 msc = (void *) ptr; ptr += sizeof(*msc);
906 msc->dlci = __addr(1, dlci);
907 msc->v24_sig = v24_sig | 0x01;
909 *ptr = __fcs(buf); ptr++;
911 return rfcomm_send_frame(s, buf, ptr - buf);
914 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
916 struct rfcomm_hdr *hdr;
917 struct rfcomm_mcc *mcc;
918 u8 buf[16], *ptr = buf;
920 BT_DBG("%p cr %d", s, cr);
922 hdr = (void *) ptr; ptr += sizeof(*hdr);
923 hdr->addr = __addr(s->initiator, 0);
924 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
925 hdr->len = __len8(sizeof(*mcc));
927 mcc = (void *) ptr; ptr += sizeof(*mcc);
928 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
929 mcc->len = __len8(0);
931 *ptr = __fcs(buf); ptr++;
933 return rfcomm_send_frame(s, buf, ptr - buf);
936 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
938 struct rfcomm_hdr *hdr;
939 struct rfcomm_mcc *mcc;
940 u8 buf[16], *ptr = buf;
942 BT_DBG("%p cr %d", s, cr);
944 hdr = (void *) ptr; ptr += sizeof(*hdr);
945 hdr->addr = __addr(s->initiator, 0);
946 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
947 hdr->len = __len8(sizeof(*mcc));
949 mcc = (void *) ptr; ptr += sizeof(*mcc);
950 mcc->type = __mcc_type(cr, RFCOMM_FCON);
951 mcc->len = __len8(0);
953 *ptr = __fcs(buf); ptr++;
955 return rfcomm_send_frame(s, buf, ptr - buf);
958 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
960 struct socket *sock = s->sock;
963 unsigned char hdr[5], crc[1];
968 BT_DBG("%p cr %d", s, cr);
970 hdr[0] = __addr(s->initiator, 0);
971 hdr[1] = __ctrl(RFCOMM_UIH, 0);
972 hdr[2] = 0x01 | ((len + 2) << 1);
973 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
974 hdr[4] = 0x01 | (len << 1);
978 iv[0].iov_base = hdr;
980 iv[1].iov_base = pattern;
982 iv[2].iov_base = crc;
985 memset(&msg, 0, sizeof(msg));
987 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
990 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
992 struct rfcomm_hdr *hdr;
993 u8 buf[16], *ptr = buf;
995 BT_DBG("%p addr %d credits %d", s, addr, credits);
997 hdr = (void *) ptr; ptr += sizeof(*hdr);
999 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1000 hdr->len = __len8(0);
1002 *ptr = credits; ptr++;
1004 *ptr = __fcs(buf); ptr++;
1006 return rfcomm_send_frame(s, buf, ptr - buf);
1009 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1011 struct rfcomm_hdr *hdr;
1016 hdr = (void *) skb_push(skb, 4);
1017 put_unaligned(htobs(__len16(len)), (u16 *) &hdr->len);
1019 hdr = (void *) skb_push(skb, 3);
1020 hdr->len = __len8(len);
1023 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1025 crc = skb_put(skb, 1);
1026 *crc = __fcs((void *) hdr);
1029 /* ---- RFCOMM frame reception ---- */
1030 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1032 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1036 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1038 rfcomm_send_dm(s, dlci);
1044 rfcomm_dlc_clear_timer(d);
1047 d->state = BT_CONNECTED;
1048 d->state_change(d, 0);
1049 rfcomm_dlc_unlock(d);
1051 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1055 d->state = BT_CLOSED;
1056 __rfcomm_dlc_close(d, 0);
1060 /* Control channel */
1063 s->state = BT_CONNECTED;
1064 rfcomm_process_connect(s);
1071 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1075 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1079 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1081 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1086 d->state = BT_CLOSED;
1087 __rfcomm_dlc_close(d, err);
1090 if (s->state == BT_CONNECT)
1095 s->state = BT_CLOSED;
1096 rfcomm_session_close(s, err);
1101 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1105 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1108 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1110 rfcomm_send_ua(s, dlci);
1112 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1117 d->state = BT_CLOSED;
1118 __rfcomm_dlc_close(d, err);
1120 rfcomm_send_dm(s, dlci);
1123 rfcomm_send_ua(s, 0);
1125 if (s->state == BT_CONNECT)
1130 s->state = BT_CLOSED;
1131 rfcomm_session_close(s, err);
1137 static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
1139 struct sock *sk = d->session->sock->sk;
1141 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
1142 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
1144 } else if (d->link_mode & RFCOMM_LM_AUTH) {
1145 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
1152 static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1154 BT_DBG("dlc %p", d);
1156 rfcomm_send_ua(d->session, d->dlci);
1159 d->state = BT_CONNECTED;
1160 d->state_change(d, 0);
1161 rfcomm_dlc_unlock(d);
1163 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1166 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1168 struct rfcomm_dlc *d;
1171 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1174 rfcomm_send_ua(s, 0);
1176 if (s->state == BT_OPEN) {
1177 s->state = BT_CONNECTED;
1178 rfcomm_process_connect(s);
1183 /* Check if DLC exists */
1184 d = rfcomm_dlc_get(s, dlci);
1186 if (d->state == BT_OPEN) {
1187 /* DLC was previously opened by PN request */
1188 if (rfcomm_check_link_mode(d)) {
1189 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1190 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1194 rfcomm_dlc_accept(d);
1199 /* Notify socket layer about incoming connection */
1200 channel = __srv_channel(dlci);
1201 if (rfcomm_connect_ind(s, channel, &d)) {
1203 d->addr = __addr(s->initiator, dlci);
1204 rfcomm_dlc_link(s, d);
1206 if (rfcomm_check_link_mode(d)) {
1207 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1208 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1212 rfcomm_dlc_accept(d);
1214 rfcomm_send_dm(s, dlci);
1220 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1222 struct rfcomm_session *s = d->session;
1224 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1225 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1227 if (pn->flow_ctrl == 0xf0 || pn->flow_ctrl == 0xe0) {
1228 d->cfc = s->cfc = RFCOMM_CFC_ENABLED;
1229 d->tx_credits = pn->credits;
1231 d->cfc = s->cfc = RFCOMM_CFC_DISABLED;
1232 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1235 d->priority = pn->priority;
1237 d->mtu = s->mtu = btohs(pn->mtu);
1242 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1244 struct rfcomm_pn *pn = (void *) skb->data;
1245 struct rfcomm_dlc *d;
1248 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1253 d = rfcomm_dlc_get(s, dlci);
1257 rfcomm_apply_pn(d, cr, pn);
1258 rfcomm_send_pn(s, 0, d);
1263 rfcomm_apply_pn(d, cr, pn);
1265 d->state = BT_CONNECT;
1266 rfcomm_send_sabm(s, d->dlci);
1271 u8 channel = __srv_channel(dlci);
1276 /* PN request for non existing DLC.
1277 * Assume incoming connection. */
1278 if (rfcomm_connect_ind(s, channel, &d)) {
1280 d->addr = __addr(s->initiator, dlci);
1281 rfcomm_dlc_link(s, d);
1283 rfcomm_apply_pn(d, cr, pn);
1286 rfcomm_send_pn(s, 0, d);
1288 rfcomm_send_dm(s, dlci);
1294 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1296 struct rfcomm_rpn *rpn = (void *) skb->data;
1297 u8 dlci = __get_dlci(rpn->dlci);
1306 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1308 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1309 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1310 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1316 /* This is a request, return default settings */
1317 bit_rate = RFCOMM_RPN_BR_115200;
1318 data_bits = RFCOMM_RPN_DATA_8;
1319 stop_bits = RFCOMM_RPN_STOP_1;
1320 parity = RFCOMM_RPN_PARITY_NONE;
1321 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1322 xon_char = RFCOMM_RPN_XON_CHAR;
1323 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1327 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1328 * no parity, no flow control lines, normal XON/XOFF chars */
1330 if (rpn->param_mask & RFCOMM_RPN_PM_BITRATE) {
1331 bit_rate = rpn->bit_rate;
1332 if (bit_rate != RFCOMM_RPN_BR_115200) {
1333 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1334 bit_rate = RFCOMM_RPN_BR_115200;
1335 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1339 if (rpn->param_mask & RFCOMM_RPN_PM_DATA) {
1340 data_bits = __get_rpn_data_bits(rpn->line_settings);
1341 if (data_bits != RFCOMM_RPN_DATA_8) {
1342 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1343 data_bits = RFCOMM_RPN_DATA_8;
1344 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1348 if (rpn->param_mask & RFCOMM_RPN_PM_STOP) {
1349 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1350 if (stop_bits != RFCOMM_RPN_STOP_1) {
1351 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1352 stop_bits = RFCOMM_RPN_STOP_1;
1353 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1357 if (rpn->param_mask & RFCOMM_RPN_PM_PARITY) {
1358 parity = __get_rpn_parity(rpn->line_settings);
1359 if (parity != RFCOMM_RPN_PARITY_NONE) {
1360 BT_DBG("RPN parity mismatch 0x%x", parity);
1361 parity = RFCOMM_RPN_PARITY_NONE;
1362 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1366 if (rpn->param_mask & RFCOMM_RPN_PM_FLOW) {
1367 flow_ctrl = rpn->flow_ctrl;
1368 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1369 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1370 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1371 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1375 if (rpn->param_mask & RFCOMM_RPN_PM_XON) {
1376 xon_char = rpn->xon_char;
1377 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1378 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1379 xon_char = RFCOMM_RPN_XON_CHAR;
1380 rpn_mask ^= RFCOMM_RPN_PM_XON;
1384 if (rpn->param_mask & RFCOMM_RPN_PM_XOFF) {
1385 xoff_char = rpn->xoff_char;
1386 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1387 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1388 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1389 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1394 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1395 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1400 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1402 struct rfcomm_rls *rls = (void *) skb->data;
1403 u8 dlci = __get_dlci(rls->dlci);
1405 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1410 /* We should probably do something with this information here. But
1411 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1412 * mandatory to recognise and respond to RLS */
1414 rfcomm_send_rls(s, 0, dlci, rls->status);
1419 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1421 struct rfcomm_msc *msc = (void *) skb->data;
1422 struct rfcomm_dlc *d;
1423 u8 dlci = __get_dlci(msc->dlci);
1425 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1427 d = rfcomm_dlc_get(s, dlci);
1432 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1433 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1435 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1438 if (d->modem_status)
1439 d->modem_status(d, msc->v24_sig);
1440 rfcomm_dlc_unlock(d);
1442 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1444 d->mscex |= RFCOMM_MSCEX_RX;
1446 d->mscex |= RFCOMM_MSCEX_TX;
1451 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1453 struct rfcomm_mcc *mcc = (void *) skb->data;
1456 cr = __test_cr(mcc->type);
1457 type = __get_mcc_type(mcc->type);
1458 len = __get_mcc_len(mcc->len);
1460 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1466 rfcomm_recv_pn(s, cr, skb);
1470 rfcomm_recv_rpn(s, cr, len, skb);
1474 rfcomm_recv_rls(s, cr, skb);
1478 rfcomm_recv_msc(s, cr, skb);
1483 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1484 rfcomm_send_fcoff(s, 0);
1490 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1491 rfcomm_send_fcon(s, 0);
1497 rfcomm_send_test(s, 0, skb->data, skb->len);
1504 BT_ERR("Unknown control type 0x%02x", type);
1505 rfcomm_send_nsc(s, cr, type);
1511 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1513 struct rfcomm_dlc *d;
1515 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1517 d = rfcomm_dlc_get(s, dlci);
1519 rfcomm_send_dm(s, dlci);
1524 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1526 d->tx_credits += credits;
1528 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1531 if (skb->len && d->state == BT_CONNECTED) {
1534 d->data_ready(d, skb);
1535 rfcomm_dlc_unlock(d);
1544 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1546 struct rfcomm_hdr *hdr = (void *) skb->data;
1549 dlci = __get_dlci(hdr->addr);
1550 type = __get_type(hdr->ctrl);
1553 skb->len--; skb->tail--;
1554 fcs = *(u8 *) skb->tail;
1556 if (__check_fcs(skb->data, type, fcs)) {
1557 BT_ERR("bad checksum in packet");
1562 if (__test_ea(hdr->len))
1569 if (__test_pf(hdr->ctrl))
1570 rfcomm_recv_sabm(s, dlci);
1574 if (__test_pf(hdr->ctrl))
1575 rfcomm_recv_disc(s, dlci);
1579 if (__test_pf(hdr->ctrl))
1580 rfcomm_recv_ua(s, dlci);
1584 rfcomm_recv_dm(s, dlci);
1589 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1591 rfcomm_recv_mcc(s, skb);
1595 BT_ERR("Unknown packet type 0x%02x\n", type);
1602 /* ---- Connection and data processing ---- */
1604 static void rfcomm_process_connect(struct rfcomm_session *s)
1606 struct rfcomm_dlc *d;
1607 struct list_head *p, *n;
1609 BT_DBG("session %p state %ld", s, s->state);
1611 list_for_each_safe(p, n, &s->dlcs) {
1612 d = list_entry(p, struct rfcomm_dlc, list);
1613 if (d->state == BT_CONFIG) {
1615 rfcomm_send_pn(s, 1, d);
1620 /* Send data queued for the DLC.
1621 * Return number of frames left in the queue.
1623 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1625 struct sk_buff *skb;
1628 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1629 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1631 /* Send pending MSC */
1632 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1633 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1637 * Give them some credits */
1638 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1639 d->rx_credits <= (d->cfc >> 2)) {
1640 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1641 d->rx_credits = d->cfc;
1645 * Give ourselves some credits */
1649 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1650 return skb_queue_len(&d->tx_queue);
1652 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1653 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1655 skb_queue_head(&d->tx_queue, skb);
1662 if (d->cfc && !d->tx_credits) {
1663 /* We're out of TX credits.
1664 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1665 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1668 return skb_queue_len(&d->tx_queue);
1671 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1673 struct rfcomm_dlc *d;
1674 struct list_head *p, *n;
1676 BT_DBG("session %p state %ld", s, s->state);
1678 list_for_each_safe(p, n, &s->dlcs) {
1679 d = list_entry(p, struct rfcomm_dlc, list);
1681 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1682 __rfcomm_dlc_close(d, ETIMEDOUT);
1686 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1687 rfcomm_dlc_clear_timer(d);
1688 rfcomm_dlc_accept(d);
1689 if (d->link_mode & RFCOMM_LM_SECURE) {
1690 struct sock *sk = s->sock->sk;
1691 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
1694 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1695 rfcomm_dlc_clear_timer(d);
1696 rfcomm_send_dm(s, d->dlci);
1697 __rfcomm_dlc_close(d, ECONNREFUSED);
1701 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1704 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1705 d->mscex == RFCOMM_MSCEX_OK)
1706 rfcomm_process_tx(d);
1710 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1712 struct socket *sock = s->sock;
1713 struct sock *sk = sock->sk;
1714 struct sk_buff *skb;
1716 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1718 /* Get data directly from socket receive queue without copying it. */
1719 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1721 rfcomm_recv_frame(s, skb);
1724 if (sk->sk_state == BT_CLOSED) {
1726 rfcomm_session_put(s);
1728 rfcomm_session_close(s, sk->sk_err);
1732 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1734 struct socket *sock = s->sock, *nsock;
1737 /* Fast check for a new connection.
1738 * Avoids unnesesary socket allocations. */
1739 if (list_empty(&bt_sk(sock->sk)->accept_q))
1742 BT_DBG("session %p", s);
1744 if (sock_create_lite(PF_BLUETOOTH, sock->type, BTPROTO_L2CAP, &nsock))
1747 nsock->ops = sock->ops;
1749 __module_get(nsock->ops->owner);
1751 err = sock->ops->accept(sock, nsock, O_NONBLOCK);
1753 sock_release(nsock);
1757 /* Set our callbacks */
1758 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1759 nsock->sk->sk_state_change = rfcomm_l2state_change;
1761 s = rfcomm_session_add(nsock, BT_OPEN);
1763 rfcomm_session_hold(s);
1764 rfcomm_schedule(RFCOMM_SCHED_RX);
1766 sock_release(nsock);
1769 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1771 struct sock *sk = s->sock->sk;
1773 BT_DBG("%p state %ld", s, s->state);
1775 switch(sk->sk_state) {
1777 s->state = BT_CONNECT;
1779 /* We can adjust MTU on outgoing sessions.
1780 * L2CAP MTU minus UIH header and FCS. */
1781 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1783 rfcomm_send_sabm(s, 0);
1787 s->state = BT_CLOSED;
1788 rfcomm_session_close(s, sk->sk_err);
1793 static inline void rfcomm_process_sessions(void)
1795 struct list_head *p, *n;
1799 list_for_each_safe(p, n, &session_list) {
1800 struct rfcomm_session *s;
1801 s = list_entry(p, struct rfcomm_session, list);
1803 if (s->state == BT_LISTEN) {
1804 rfcomm_accept_connection(s);
1808 rfcomm_session_hold(s);
1812 rfcomm_check_connection(s);
1816 rfcomm_process_rx(s);
1820 rfcomm_process_dlcs(s);
1822 rfcomm_session_put(s);
1828 static void rfcomm_worker(void)
1832 while (!atomic_read(&terminate)) {
1833 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1834 /* No pending events. Let's sleep.
1835 * Incoming connections and data will wake us up. */
1836 set_current_state(TASK_INTERRUPTIBLE);
1841 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1842 rfcomm_process_sessions();
1844 set_current_state(TASK_RUNNING);
1848 static int rfcomm_add_listener(bdaddr_t *ba)
1850 struct sockaddr_l2 addr;
1851 struct socket *sock;
1853 struct rfcomm_session *s;
1857 err = rfcomm_l2sock_create(&sock);
1859 BT_ERR("Create socket failed %d", err);
1864 bacpy(&addr.l2_bdaddr, ba);
1865 addr.l2_family = AF_BLUETOOTH;
1866 addr.l2_psm = htobs(RFCOMM_PSM);
1867 err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1869 BT_ERR("Bind failed %d", err);
1873 /* Set L2CAP options */
1876 l2cap_pi(sk)->imtu = RFCOMM_MAX_L2CAP_MTU;
1879 /* Start listening on the socket */
1880 err = sock->ops->listen(sock, 10);
1882 BT_ERR("Listen failed %d", err);
1886 /* Add listening session */
1887 s = rfcomm_session_add(sock, BT_LISTEN);
1891 rfcomm_session_hold(s);
1898 static void rfcomm_kill_listener(void)
1900 struct rfcomm_session *s;
1901 struct list_head *p, *n;
1905 list_for_each_safe(p, n, &session_list) {
1906 s = list_entry(p, struct rfcomm_session, list);
1907 rfcomm_session_del(s);
1911 static int rfcomm_run(void *unused)
1913 rfcomm_thread = current;
1915 atomic_inc(&running);
1917 daemonize("krfcommd");
1918 set_user_nice(current, -10);
1919 current->flags |= PF_NOFREEZE;
1923 rfcomm_add_listener(BDADDR_ANY);
1927 rfcomm_kill_listener();
1929 atomic_dec(&running);
1933 static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
1935 struct rfcomm_session *s;
1936 struct rfcomm_dlc *d;
1937 struct list_head *p, *n;
1939 BT_DBG("conn %p status 0x%02x", conn, status);
1941 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1945 rfcomm_session_hold(s);
1947 list_for_each_safe(p, n, &s->dlcs) {
1948 d = list_entry(p, struct rfcomm_dlc, list);
1950 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE))
1953 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1957 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1959 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1962 rfcomm_session_put(s);
1964 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1967 static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1969 struct rfcomm_session *s;
1970 struct rfcomm_dlc *d;
1971 struct list_head *p, *n;
1973 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
1975 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1979 rfcomm_session_hold(s);
1981 list_for_each_safe(p, n, &s->dlcs) {
1982 d = list_entry(p, struct rfcomm_dlc, list);
1984 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1987 if (!status && encrypt)
1988 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1990 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1993 rfcomm_session_put(s);
1995 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1998 static struct hci_cb rfcomm_cb = {
2000 .auth_cfm = rfcomm_auth_cfm,
2001 .encrypt_cfm = rfcomm_encrypt_cfm
2004 /* ---- Proc fs support ---- */
2005 #ifdef CONFIG_PROC_FS
2006 static void *rfcomm_seq_start(struct seq_file *seq, loff_t *pos)
2008 struct rfcomm_session *s;
2009 struct list_head *pp, *p;
2014 list_for_each(p, &session_list) {
2015 s = list_entry(p, struct rfcomm_session, list);
2016 list_for_each(pp, &s->dlcs)
2025 static void *rfcomm_seq_next(struct seq_file *seq, void *e, loff_t *pos)
2027 struct rfcomm_session *s = seq->private;
2028 struct list_head *pp, *p = e;
2031 if (p->next != &s->dlcs)
2034 list_for_each(p, &session_list) {
2035 s = list_entry(p, struct rfcomm_session, list);
2036 __list_for_each(pp, &s->dlcs) {
2044 static void rfcomm_seq_stop(struct seq_file *seq, void *e)
2049 static int rfcomm_seq_show(struct seq_file *seq, void *e)
2051 struct rfcomm_session *s = seq->private;
2052 struct sock *sk = s->sock->sk;
2053 struct rfcomm_dlc *d = list_entry(e, struct rfcomm_dlc, list);
2055 seq_printf(seq, "%s %s %ld %d %d %d %d\n",
2056 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2057 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
2061 static struct seq_operations rfcomm_seq_ops = {
2062 .start = rfcomm_seq_start,
2063 .next = rfcomm_seq_next,
2064 .stop = rfcomm_seq_stop,
2065 .show = rfcomm_seq_show
2068 static int rfcomm_seq_open(struct inode *inode, struct file *file)
2070 return seq_open(file, &rfcomm_seq_ops);
2073 static struct file_operations rfcomm_seq_fops = {
2074 .owner = THIS_MODULE,
2075 .open = rfcomm_seq_open,
2077 .llseek = seq_lseek,
2078 .release = seq_release,
2081 static int __init rfcomm_proc_init(void)
2083 struct proc_dir_entry *p;
2085 proc_bt_rfcomm = proc_mkdir("rfcomm", proc_bt);
2086 if (proc_bt_rfcomm) {
2087 proc_bt_rfcomm->owner = THIS_MODULE;
2089 p = create_proc_entry("dlc", S_IRUGO, proc_bt_rfcomm);
2091 p->proc_fops = &rfcomm_seq_fops;
2096 static void __exit rfcomm_proc_cleanup(void)
2098 remove_proc_entry("dlc", proc_bt_rfcomm);
2100 remove_proc_entry("rfcomm", proc_bt);
2103 #else /* CONFIG_PROC_FS */
2105 static int __init rfcomm_proc_init(void)
2110 static void __exit rfcomm_proc_cleanup(void)
2114 #endif /* CONFIG_PROC_FS */
2116 /* ---- Initialization ---- */
2117 static int __init rfcomm_init(void)
2121 hci_register_cb(&rfcomm_cb);
2123 kernel_thread(rfcomm_run, NULL, CLONE_KERNEL);
2125 BT_INFO("RFCOMM ver %s", VERSION);
2129 rfcomm_init_sockets();
2131 #ifdef CONFIG_BT_RFCOMM_TTY
2138 static void __exit rfcomm_exit(void)
2140 hci_unregister_cb(&rfcomm_cb);
2142 /* Terminate working thread.
2143 * ie. Set terminate flag and wake it up */
2144 atomic_inc(&terminate);
2145 rfcomm_schedule(RFCOMM_SCHED_STATE);
2147 /* Wait until thread is running */
2148 while (atomic_read(&running))
2151 #ifdef CONFIG_BT_RFCOMM_TTY
2152 rfcomm_cleanup_ttys();
2155 rfcomm_cleanup_sockets();
2157 rfcomm_proc_cleanup();
2160 module_init(rfcomm_init);
2161 module_exit(rfcomm_exit);
2163 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
2164 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2165 MODULE_VERSION(VERSION);
2166 MODULE_LICENSE("GPL");
2167 MODULE_ALIAS("bt-proto-3");
git.openpandora.org / pandora-kernel.git / blob