2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/kernel.h>
31 #include <linux/sched.h>
32 #include <linux/signal.h>
33 #include <linux/init.h>
34 #include <linux/wait.h>
35 #include <linux/device.h>
36 #include <linux/net.h>
37 #include <linux/mutex.h>
38 #include <linux/kthread.h>
41 #include <asm/uaccess.h>
42 #include <asm/unaligned.h>
44 #include <net/bluetooth/bluetooth.h>
45 #include <net/bluetooth/hci_core.h>
46 #include <net/bluetooth/l2cap.h>
47 #include <net/bluetooth/rfcomm.h>
49 #define VERSION "1.10"
51 static int disable_cfc = 0;
52 static int channel_mtu = -1;
53 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
55 static struct task_struct *rfcomm_thread;
57 static DEFINE_MUTEX(rfcomm_mutex);
58 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
59 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
61 static unsigned long rfcomm_event;
63 static LIST_HEAD(session_list);
65 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
66 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
67 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
68 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
69 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
70 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
71 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
72 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
73 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
74 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
76 static void rfcomm_process_connect(struct rfcomm_session *s);
78 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
79 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
80 static void rfcomm_session_del(struct rfcomm_session *s);
82 /* ---- RFCOMM frame parsing macros ---- */
83 #define __get_dlci(b) ((b & 0xfc) >> 2)
84 #define __get_channel(b) ((b & 0xf8) >> 3)
85 #define __get_dir(b) ((b & 0x04) >> 2)
86 #define __get_type(b) ((b & 0xef))
88 #define __test_ea(b) ((b & 0x01))
89 #define __test_cr(b) ((b & 0x02))
90 #define __test_pf(b) ((b & 0x10))
92 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
93 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
94 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
95 #define __srv_channel(dlci) (dlci >> 1)
96 #define __dir(dlci) (dlci & 0x01)
98 #define __len8(len) (((len) << 1) | 1)
99 #define __len16(len) ((len) << 1)
102 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
103 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
104 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
107 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
108 #define __get_rpn_data_bits(line) ((line) & 0x3)
109 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
110 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
112 static inline void rfcomm_schedule(uint event)
116 //set_bit(event, &rfcomm_event);
117 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
118 wake_up_process(rfcomm_thread);
121 static inline void rfcomm_session_put(struct rfcomm_session *s)
123 if (atomic_dec_and_test(&s->refcnt))
124 rfcomm_session_del(s);
127 /* ---- RFCOMM FCS computation ---- */
129 /* reversed, 8-bit, poly=0x07 */
130 static unsigned char rfcomm_crc_table[256] = {
131 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
132 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
133 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
134 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
136 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
137 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
138 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
139 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
141 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
142 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
143 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
144 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
146 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
147 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
148 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
149 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
151 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
152 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
153 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
154 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
156 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
157 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
158 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
159 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
161 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
162 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
163 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
164 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
166 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
167 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
168 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
169 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
173 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
176 static inline u8 __fcs(u8 *data)
178 return (0xff - __crc(data));
182 static inline u8 __fcs2(u8 *data)
184 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
188 static inline int __check_fcs(u8 *data, int type, u8 fcs)
192 if (type != RFCOMM_UIH)
193 f = rfcomm_crc_table[f ^ data[2]];
195 return rfcomm_crc_table[f ^ fcs] != 0xcf;
198 /* ---- L2CAP callbacks ---- */
199 static void rfcomm_l2state_change(struct sock *sk)
201 BT_DBG("%p state %d", sk, sk->sk_state);
202 rfcomm_schedule(RFCOMM_SCHED_STATE);
205 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
207 BT_DBG("%p bytes %d", sk, bytes);
208 rfcomm_schedule(RFCOMM_SCHED_RX);
211 static int rfcomm_l2sock_create(struct socket **sock)
217 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
219 struct sock *sk = (*sock)->sk;
220 sk->sk_data_ready = rfcomm_l2data_ready;
221 sk->sk_state_change = rfcomm_l2state_change;
226 static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
228 struct sock *sk = d->session->sock->sk;
230 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
231 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
233 } else if (d->link_mode & RFCOMM_LM_AUTH) {
234 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
241 /* ---- RFCOMM DLCs ---- */
242 static void rfcomm_dlc_timeout(unsigned long arg)
244 struct rfcomm_dlc *d = (void *) arg;
246 BT_DBG("dlc %p state %ld", d, d->state);
248 set_bit(RFCOMM_TIMED_OUT, &d->flags);
250 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
253 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
255 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
257 if (!mod_timer(&d->timer, jiffies + timeout))
261 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
263 BT_DBG("dlc %p state %ld", d, d->state);
265 if (timer_pending(&d->timer) && del_timer(&d->timer))
269 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
276 d->mtu = RFCOMM_DEFAULT_MTU;
277 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
279 d->cfc = RFCOMM_CFC_DISABLED;
280 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
283 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
285 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
290 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
292 skb_queue_head_init(&d->tx_queue);
293 spin_lock_init(&d->lock);
294 atomic_set(&d->refcnt, 1);
296 rfcomm_dlc_clear_state(d);
303 void rfcomm_dlc_free(struct rfcomm_dlc *d)
307 skb_queue_purge(&d->tx_queue);
311 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
313 BT_DBG("dlc %p session %p", d, s);
315 rfcomm_session_hold(s);
318 list_add(&d->list, &s->dlcs);
322 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
324 struct rfcomm_session *s = d->session;
326 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
332 rfcomm_session_put(s);
335 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
337 struct rfcomm_dlc *d;
340 list_for_each(p, &s->dlcs) {
341 d = list_entry(p, struct rfcomm_dlc, list);
348 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
350 struct rfcomm_session *s;
354 BT_DBG("dlc %p state %ld %s %s channel %d",
355 d, d->state, batostr(src), batostr(dst), channel);
357 if (channel < 1 || channel > 30)
360 if (d->state != BT_OPEN && d->state != BT_CLOSED)
363 s = rfcomm_session_get(src, dst);
365 s = rfcomm_session_create(src, dst, &err);
370 dlci = __dlci(!s->initiator, channel);
372 /* Check if DLCI already exists */
373 if (rfcomm_dlc_get(s, dlci))
376 rfcomm_dlc_clear_state(d);
379 d->addr = __addr(s->initiator, dlci);
382 d->state = BT_CONFIG;
383 rfcomm_dlc_link(s, d);
388 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
390 if (s->state == BT_CONNECTED) {
391 if (rfcomm_check_link_mode(d))
392 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
394 rfcomm_send_pn(s, 1, d);
397 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
402 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
408 r = __rfcomm_dlc_open(d, src, dst, channel);
414 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
416 struct rfcomm_session *s = d->session;
420 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
421 d, d->state, d->dlci, err, s);
427 d->state = BT_DISCONN;
428 if (skb_queue_empty(&d->tx_queue)) {
429 rfcomm_send_disc(s, d->dlci);
430 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
432 rfcomm_queue_disc(d);
433 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
438 rfcomm_dlc_clear_timer(d);
441 d->state = BT_CLOSED;
442 d->state_change(d, err);
443 rfcomm_dlc_unlock(d);
445 skb_queue_purge(&d->tx_queue);
446 rfcomm_dlc_unlink(d);
452 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
458 r = __rfcomm_dlc_close(d, err);
464 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
468 if (d->state != BT_CONNECTED)
471 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
476 rfcomm_make_uih(skb, d->addr);
477 skb_queue_tail(&d->tx_queue, skb);
479 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
480 rfcomm_schedule(RFCOMM_SCHED_TX);
484 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
486 BT_DBG("dlc %p state %ld", d, d->state);
489 d->v24_sig |= RFCOMM_V24_FC;
490 set_bit(RFCOMM_MSC_PENDING, &d->flags);
492 rfcomm_schedule(RFCOMM_SCHED_TX);
495 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
497 BT_DBG("dlc %p state %ld", d, d->state);
500 d->v24_sig &= ~RFCOMM_V24_FC;
501 set_bit(RFCOMM_MSC_PENDING, &d->flags);
503 rfcomm_schedule(RFCOMM_SCHED_TX);
507 Set/get modem status functions use _local_ status i.e. what we report
509 Remote status is provided by dlc->modem_status() callback.
511 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
513 BT_DBG("dlc %p state %ld v24_sig 0x%x",
514 d, d->state, v24_sig);
516 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
517 v24_sig |= RFCOMM_V24_FC;
519 v24_sig &= ~RFCOMM_V24_FC;
521 d->v24_sig = v24_sig;
523 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
524 rfcomm_schedule(RFCOMM_SCHED_TX);
529 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
531 BT_DBG("dlc %p state %ld v24_sig 0x%x",
532 d, d->state, d->v24_sig);
534 *v24_sig = d->v24_sig;
538 /* ---- RFCOMM sessions ---- */
539 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
541 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
546 BT_DBG("session %p sock %p", s, sock);
548 INIT_LIST_HEAD(&s->dlcs);
552 s->mtu = RFCOMM_DEFAULT_MTU;
553 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
555 /* Do not increment module usage count for listening sessions.
556 * Otherwise we won't be able to unload the module. */
557 if (state != BT_LISTEN)
558 if (!try_module_get(THIS_MODULE)) {
563 list_add(&s->list, &session_list);
568 static void rfcomm_session_del(struct rfcomm_session *s)
570 int state = s->state;
572 BT_DBG("session %p state %ld", s, s->state);
576 if (state == BT_CONNECTED)
577 rfcomm_send_disc(s, 0);
579 sock_release(s->sock);
582 if (state != BT_LISTEN)
583 module_put(THIS_MODULE);
586 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
588 struct rfcomm_session *s;
589 struct list_head *p, *n;
591 list_for_each_safe(p, n, &session_list) {
592 s = list_entry(p, struct rfcomm_session, list);
593 sk = bt_sk(s->sock->sk);
595 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
596 !bacmp(&sk->dst, dst))
602 static void rfcomm_session_close(struct rfcomm_session *s, int err)
604 struct rfcomm_dlc *d;
605 struct list_head *p, *n;
607 BT_DBG("session %p state %ld err %d", s, s->state, err);
609 rfcomm_session_hold(s);
611 s->state = BT_CLOSED;
614 list_for_each_safe(p, n, &s->dlcs) {
615 d = list_entry(p, struct rfcomm_dlc, list);
616 d->state = BT_CLOSED;
617 __rfcomm_dlc_close(d, err);
620 rfcomm_session_put(s);
623 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
625 struct rfcomm_session *s = NULL;
626 struct sockaddr_l2 addr;
630 BT_DBG("%s %s", batostr(src), batostr(dst));
632 *err = rfcomm_l2sock_create(&sock);
636 bacpy(&addr.l2_bdaddr, src);
637 addr.l2_family = AF_BLUETOOTH;
639 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
643 /* Set L2CAP options */
646 l2cap_pi(sk)->imtu = l2cap_mtu;
649 s = rfcomm_session_add(sock, BT_BOUND);
657 bacpy(&addr.l2_bdaddr, dst);
658 addr.l2_family = AF_BLUETOOTH;
659 addr.l2_psm = htobs(RFCOMM_PSM);
660 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
661 if (*err == 0 || *err == -EINPROGRESS)
664 rfcomm_session_del(s);
672 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
674 struct sock *sk = s->sock->sk;
676 bacpy(src, &bt_sk(sk)->src);
678 bacpy(dst, &bt_sk(sk)->dst);
681 /* ---- RFCOMM frame sending ---- */
682 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
684 struct socket *sock = s->sock;
685 struct kvec iv = { data, len };
688 BT_DBG("session %p len %d", s, len);
690 memset(&msg, 0, sizeof(msg));
692 return kernel_sendmsg(sock, &msg, &iv, 1, len);
695 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
697 struct rfcomm_cmd cmd;
699 BT_DBG("%p dlci %d", s, dlci);
701 cmd.addr = __addr(s->initiator, dlci);
702 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
704 cmd.fcs = __fcs2((u8 *) &cmd);
706 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
709 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
711 struct rfcomm_cmd cmd;
713 BT_DBG("%p dlci %d", s, dlci);
715 cmd.addr = __addr(!s->initiator, dlci);
716 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
718 cmd.fcs = __fcs2((u8 *) &cmd);
720 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
723 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
725 struct rfcomm_cmd cmd;
727 BT_DBG("%p dlci %d", s, dlci);
729 cmd.addr = __addr(s->initiator, dlci);
730 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
732 cmd.fcs = __fcs2((u8 *) &cmd);
734 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
737 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
739 struct rfcomm_cmd *cmd;
742 BT_DBG("dlc %p dlci %d", d, d->dlci);
744 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
748 cmd = (void *) __skb_put(skb, sizeof(*cmd));
750 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
751 cmd->len = __len8(0);
752 cmd->fcs = __fcs2((u8 *) cmd);
754 skb_queue_tail(&d->tx_queue, skb);
755 rfcomm_schedule(RFCOMM_SCHED_TX);
759 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
761 struct rfcomm_cmd cmd;
763 BT_DBG("%p dlci %d", s, dlci);
765 cmd.addr = __addr(!s->initiator, dlci);
766 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
768 cmd.fcs = __fcs2((u8 *) &cmd);
770 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
773 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
775 struct rfcomm_hdr *hdr;
776 struct rfcomm_mcc *mcc;
777 u8 buf[16], *ptr = buf;
779 BT_DBG("%p cr %d type %d", s, cr, type);
781 hdr = (void *) ptr; ptr += sizeof(*hdr);
782 hdr->addr = __addr(s->initiator, 0);
783 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
784 hdr->len = __len8(sizeof(*mcc) + 1);
786 mcc = (void *) ptr; ptr += sizeof(*mcc);
787 mcc->type = __mcc_type(cr, RFCOMM_NSC);
788 mcc->len = __len8(1);
790 /* Type that we didn't like */
791 *ptr = __mcc_type(cr, type); ptr++;
793 *ptr = __fcs(buf); ptr++;
795 return rfcomm_send_frame(s, buf, ptr - buf);
798 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
800 struct rfcomm_hdr *hdr;
801 struct rfcomm_mcc *mcc;
802 struct rfcomm_pn *pn;
803 u8 buf[16], *ptr = buf;
805 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
807 hdr = (void *) ptr; ptr += sizeof(*hdr);
808 hdr->addr = __addr(s->initiator, 0);
809 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
810 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
812 mcc = (void *) ptr; ptr += sizeof(*mcc);
813 mcc->type = __mcc_type(cr, RFCOMM_PN);
814 mcc->len = __len8(sizeof(*pn));
816 pn = (void *) ptr; ptr += sizeof(*pn);
818 pn->priority = d->priority;
823 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
824 pn->credits = RFCOMM_DEFAULT_CREDITS;
830 if (cr && channel_mtu >= 0)
831 pn->mtu = htobs(channel_mtu);
833 pn->mtu = htobs(d->mtu);
835 *ptr = __fcs(buf); ptr++;
837 return rfcomm_send_frame(s, buf, ptr - buf);
840 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
841 u8 bit_rate, u8 data_bits, u8 stop_bits,
842 u8 parity, u8 flow_ctrl_settings,
843 u8 xon_char, u8 xoff_char, u16 param_mask)
845 struct rfcomm_hdr *hdr;
846 struct rfcomm_mcc *mcc;
847 struct rfcomm_rpn *rpn;
848 u8 buf[16], *ptr = buf;
850 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
851 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
852 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
853 flow_ctrl_settings, xon_char, xoff_char, param_mask);
855 hdr = (void *) ptr; ptr += sizeof(*hdr);
856 hdr->addr = __addr(s->initiator, 0);
857 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
858 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
860 mcc = (void *) ptr; ptr += sizeof(*mcc);
861 mcc->type = __mcc_type(cr, RFCOMM_RPN);
862 mcc->len = __len8(sizeof(*rpn));
864 rpn = (void *) ptr; ptr += sizeof(*rpn);
865 rpn->dlci = __addr(1, dlci);
866 rpn->bit_rate = bit_rate;
867 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
868 rpn->flow_ctrl = flow_ctrl_settings;
869 rpn->xon_char = xon_char;
870 rpn->xoff_char = xoff_char;
871 rpn->param_mask = cpu_to_le16(param_mask);
873 *ptr = __fcs(buf); ptr++;
875 return rfcomm_send_frame(s, buf, ptr - buf);
878 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
880 struct rfcomm_hdr *hdr;
881 struct rfcomm_mcc *mcc;
882 struct rfcomm_rls *rls;
883 u8 buf[16], *ptr = buf;
885 BT_DBG("%p cr %d status 0x%x", s, cr, status);
887 hdr = (void *) ptr; ptr += sizeof(*hdr);
888 hdr->addr = __addr(s->initiator, 0);
889 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
890 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
892 mcc = (void *) ptr; ptr += sizeof(*mcc);
893 mcc->type = __mcc_type(cr, RFCOMM_RLS);
894 mcc->len = __len8(sizeof(*rls));
896 rls = (void *) ptr; ptr += sizeof(*rls);
897 rls->dlci = __addr(1, dlci);
898 rls->status = status;
900 *ptr = __fcs(buf); ptr++;
902 return rfcomm_send_frame(s, buf, ptr - buf);
905 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
907 struct rfcomm_hdr *hdr;
908 struct rfcomm_mcc *mcc;
909 struct rfcomm_msc *msc;
910 u8 buf[16], *ptr = buf;
912 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
914 hdr = (void *) ptr; ptr += sizeof(*hdr);
915 hdr->addr = __addr(s->initiator, 0);
916 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
917 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
919 mcc = (void *) ptr; ptr += sizeof(*mcc);
920 mcc->type = __mcc_type(cr, RFCOMM_MSC);
921 mcc->len = __len8(sizeof(*msc));
923 msc = (void *) ptr; ptr += sizeof(*msc);
924 msc->dlci = __addr(1, dlci);
925 msc->v24_sig = v24_sig | 0x01;
927 *ptr = __fcs(buf); ptr++;
929 return rfcomm_send_frame(s, buf, ptr - buf);
932 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
934 struct rfcomm_hdr *hdr;
935 struct rfcomm_mcc *mcc;
936 u8 buf[16], *ptr = buf;
938 BT_DBG("%p cr %d", s, cr);
940 hdr = (void *) ptr; ptr += sizeof(*hdr);
941 hdr->addr = __addr(s->initiator, 0);
942 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
943 hdr->len = __len8(sizeof(*mcc));
945 mcc = (void *) ptr; ptr += sizeof(*mcc);
946 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
947 mcc->len = __len8(0);
949 *ptr = __fcs(buf); ptr++;
951 return rfcomm_send_frame(s, buf, ptr - buf);
954 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
956 struct rfcomm_hdr *hdr;
957 struct rfcomm_mcc *mcc;
958 u8 buf[16], *ptr = buf;
960 BT_DBG("%p cr %d", s, cr);
962 hdr = (void *) ptr; ptr += sizeof(*hdr);
963 hdr->addr = __addr(s->initiator, 0);
964 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
965 hdr->len = __len8(sizeof(*mcc));
967 mcc = (void *) ptr; ptr += sizeof(*mcc);
968 mcc->type = __mcc_type(cr, RFCOMM_FCON);
969 mcc->len = __len8(0);
971 *ptr = __fcs(buf); ptr++;
973 return rfcomm_send_frame(s, buf, ptr - buf);
976 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
978 struct socket *sock = s->sock;
981 unsigned char hdr[5], crc[1];
986 BT_DBG("%p cr %d", s, cr);
988 hdr[0] = __addr(s->initiator, 0);
989 hdr[1] = __ctrl(RFCOMM_UIH, 0);
990 hdr[2] = 0x01 | ((len + 2) << 1);
991 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
992 hdr[4] = 0x01 | (len << 1);
996 iv[0].iov_base = hdr;
998 iv[1].iov_base = pattern;
1000 iv[2].iov_base = crc;
1003 memset(&msg, 0, sizeof(msg));
1005 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1008 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1010 struct rfcomm_hdr *hdr;
1011 u8 buf[16], *ptr = buf;
1013 BT_DBG("%p addr %d credits %d", s, addr, credits);
1015 hdr = (void *) ptr; ptr += sizeof(*hdr);
1017 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1018 hdr->len = __len8(0);
1020 *ptr = credits; ptr++;
1022 *ptr = __fcs(buf); ptr++;
1024 return rfcomm_send_frame(s, buf, ptr - buf);
1027 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1029 struct rfcomm_hdr *hdr;
1034 hdr = (void *) skb_push(skb, 4);
1035 put_unaligned(htobs(__len16(len)), (__le16 *) &hdr->len);
1037 hdr = (void *) skb_push(skb, 3);
1038 hdr->len = __len8(len);
1041 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1043 crc = skb_put(skb, 1);
1044 *crc = __fcs((void *) hdr);
1047 /* ---- RFCOMM frame reception ---- */
1048 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1050 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1054 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1056 rfcomm_send_dm(s, dlci);
1062 rfcomm_dlc_clear_timer(d);
1065 d->state = BT_CONNECTED;
1066 d->state_change(d, 0);
1067 rfcomm_dlc_unlock(d);
1069 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1073 d->state = BT_CLOSED;
1074 __rfcomm_dlc_close(d, 0);
1076 if (list_empty(&s->dlcs)) {
1077 s->state = BT_DISCONN;
1078 rfcomm_send_disc(s, 0);
1084 /* Control channel */
1087 s->state = BT_CONNECTED;
1088 rfcomm_process_connect(s);
1092 rfcomm_session_put(s);
1099 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1103 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1107 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1109 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1114 d->state = BT_CLOSED;
1115 __rfcomm_dlc_close(d, err);
1118 if (s->state == BT_CONNECT)
1123 s->state = BT_CLOSED;
1124 rfcomm_session_close(s, err);
1129 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1133 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1136 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1138 rfcomm_send_ua(s, dlci);
1140 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1145 d->state = BT_CLOSED;
1146 __rfcomm_dlc_close(d, err);
1148 rfcomm_send_dm(s, dlci);
1151 rfcomm_send_ua(s, 0);
1153 if (s->state == BT_CONNECT)
1158 s->state = BT_CLOSED;
1159 rfcomm_session_close(s, err);
1165 static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1167 struct sock *sk = d->session->sock->sk;
1169 BT_DBG("dlc %p", d);
1171 rfcomm_send_ua(d->session, d->dlci);
1174 d->state = BT_CONNECTED;
1175 d->state_change(d, 0);
1176 rfcomm_dlc_unlock(d);
1178 if (d->link_mode & RFCOMM_LM_MASTER)
1179 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);
1181 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1184 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1186 struct rfcomm_dlc *d;
1189 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1192 rfcomm_send_ua(s, 0);
1194 if (s->state == BT_OPEN) {
1195 s->state = BT_CONNECTED;
1196 rfcomm_process_connect(s);
1201 /* Check if DLC exists */
1202 d = rfcomm_dlc_get(s, dlci);
1204 if (d->state == BT_OPEN) {
1205 /* DLC was previously opened by PN request */
1206 if (rfcomm_check_link_mode(d)) {
1207 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1208 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1210 rfcomm_dlc_accept(d);
1215 /* Notify socket layer about incoming connection */
1216 channel = __srv_channel(dlci);
1217 if (rfcomm_connect_ind(s, channel, &d)) {
1219 d->addr = __addr(s->initiator, dlci);
1220 rfcomm_dlc_link(s, d);
1222 if (rfcomm_check_link_mode(d)) {
1223 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1224 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1226 rfcomm_dlc_accept(d);
1228 rfcomm_send_dm(s, dlci);
1234 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1236 struct rfcomm_session *s = d->session;
1238 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1239 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1241 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1242 pn->flow_ctrl == 0xe0) {
1243 d->cfc = RFCOMM_CFC_ENABLED;
1244 d->tx_credits = pn->credits;
1246 d->cfc = RFCOMM_CFC_DISABLED;
1247 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1250 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1253 d->priority = pn->priority;
1255 d->mtu = btohs(pn->mtu);
1257 if (cr && d->mtu > s->mtu)
1263 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1265 struct rfcomm_pn *pn = (void *) skb->data;
1266 struct rfcomm_dlc *d;
1269 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1274 d = rfcomm_dlc_get(s, dlci);
1278 rfcomm_apply_pn(d, cr, pn);
1279 rfcomm_send_pn(s, 0, d);
1284 rfcomm_apply_pn(d, cr, pn);
1286 d->state = BT_CONNECT;
1287 rfcomm_send_sabm(s, d->dlci);
1292 u8 channel = __srv_channel(dlci);
1297 /* PN request for non existing DLC.
1298 * Assume incoming connection. */
1299 if (rfcomm_connect_ind(s, channel, &d)) {
1301 d->addr = __addr(s->initiator, dlci);
1302 rfcomm_dlc_link(s, d);
1304 rfcomm_apply_pn(d, cr, pn);
1307 rfcomm_send_pn(s, 0, d);
1309 rfcomm_send_dm(s, dlci);
1315 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1317 struct rfcomm_rpn *rpn = (void *) skb->data;
1318 u8 dlci = __get_dlci(rpn->dlci);
1327 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1329 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1330 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1331 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1337 /* This is a request, return default settings */
1338 bit_rate = RFCOMM_RPN_BR_115200;
1339 data_bits = RFCOMM_RPN_DATA_8;
1340 stop_bits = RFCOMM_RPN_STOP_1;
1341 parity = RFCOMM_RPN_PARITY_NONE;
1342 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1343 xon_char = RFCOMM_RPN_XON_CHAR;
1344 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1348 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1349 * no parity, no flow control lines, normal XON/XOFF chars */
1351 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1352 bit_rate = rpn->bit_rate;
1353 if (bit_rate != RFCOMM_RPN_BR_115200) {
1354 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1355 bit_rate = RFCOMM_RPN_BR_115200;
1356 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1360 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1361 data_bits = __get_rpn_data_bits(rpn->line_settings);
1362 if (data_bits != RFCOMM_RPN_DATA_8) {
1363 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1364 data_bits = RFCOMM_RPN_DATA_8;
1365 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1369 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1370 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1371 if (stop_bits != RFCOMM_RPN_STOP_1) {
1372 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1373 stop_bits = RFCOMM_RPN_STOP_1;
1374 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1378 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1379 parity = __get_rpn_parity(rpn->line_settings);
1380 if (parity != RFCOMM_RPN_PARITY_NONE) {
1381 BT_DBG("RPN parity mismatch 0x%x", parity);
1382 parity = RFCOMM_RPN_PARITY_NONE;
1383 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1387 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1388 flow_ctrl = rpn->flow_ctrl;
1389 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1390 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1391 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1392 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1396 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1397 xon_char = rpn->xon_char;
1398 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1399 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1400 xon_char = RFCOMM_RPN_XON_CHAR;
1401 rpn_mask ^= RFCOMM_RPN_PM_XON;
1405 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1406 xoff_char = rpn->xoff_char;
1407 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1408 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1409 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1410 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1415 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1416 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1421 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1423 struct rfcomm_rls *rls = (void *) skb->data;
1424 u8 dlci = __get_dlci(rls->dlci);
1426 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1431 /* We should probably do something with this information here. But
1432 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1433 * mandatory to recognise and respond to RLS */
1435 rfcomm_send_rls(s, 0, dlci, rls->status);
1440 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1442 struct rfcomm_msc *msc = (void *) skb->data;
1443 struct rfcomm_dlc *d;
1444 u8 dlci = __get_dlci(msc->dlci);
1446 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1448 d = rfcomm_dlc_get(s, dlci);
1453 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1454 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1456 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1460 d->remote_v24_sig = msc->v24_sig;
1462 if (d->modem_status)
1463 d->modem_status(d, msc->v24_sig);
1465 rfcomm_dlc_unlock(d);
1467 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1469 d->mscex |= RFCOMM_MSCEX_RX;
1471 d->mscex |= RFCOMM_MSCEX_TX;
1476 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1478 struct rfcomm_mcc *mcc = (void *) skb->data;
1481 cr = __test_cr(mcc->type);
1482 type = __get_mcc_type(mcc->type);
1483 len = __get_mcc_len(mcc->len);
1485 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1491 rfcomm_recv_pn(s, cr, skb);
1495 rfcomm_recv_rpn(s, cr, len, skb);
1499 rfcomm_recv_rls(s, cr, skb);
1503 rfcomm_recv_msc(s, cr, skb);
1508 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1509 rfcomm_send_fcoff(s, 0);
1515 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1516 rfcomm_send_fcon(s, 0);
1522 rfcomm_send_test(s, 0, skb->data, skb->len);
1529 BT_ERR("Unknown control type 0x%02x", type);
1530 rfcomm_send_nsc(s, cr, type);
1536 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1538 struct rfcomm_dlc *d;
1540 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1542 d = rfcomm_dlc_get(s, dlci);
1544 rfcomm_send_dm(s, dlci);
1549 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1551 d->tx_credits += credits;
1553 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1556 if (skb->len && d->state == BT_CONNECTED) {
1559 d->data_ready(d, skb);
1560 rfcomm_dlc_unlock(d);
1569 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1571 struct rfcomm_hdr *hdr = (void *) skb->data;
1574 dlci = __get_dlci(hdr->addr);
1575 type = __get_type(hdr->ctrl);
1578 skb->len--; skb->tail--;
1579 fcs = *(u8 *)skb_tail_pointer(skb);
1581 if (__check_fcs(skb->data, type, fcs)) {
1582 BT_ERR("bad checksum in packet");
1587 if (__test_ea(hdr->len))
1594 if (__test_pf(hdr->ctrl))
1595 rfcomm_recv_sabm(s, dlci);
1599 if (__test_pf(hdr->ctrl))
1600 rfcomm_recv_disc(s, dlci);
1604 if (__test_pf(hdr->ctrl))
1605 rfcomm_recv_ua(s, dlci);
1609 rfcomm_recv_dm(s, dlci);
1614 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1616 rfcomm_recv_mcc(s, skb);
1620 BT_ERR("Unknown packet type 0x%02x\n", type);
1627 /* ---- Connection and data processing ---- */
1629 static void rfcomm_process_connect(struct rfcomm_session *s)
1631 struct rfcomm_dlc *d;
1632 struct list_head *p, *n;
1634 BT_DBG("session %p state %ld", s, s->state);
1636 list_for_each_safe(p, n, &s->dlcs) {
1637 d = list_entry(p, struct rfcomm_dlc, list);
1638 if (d->state == BT_CONFIG) {
1640 if (rfcomm_check_link_mode(d)) {
1641 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1642 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1644 rfcomm_send_pn(s, 1, d);
1649 /* Send data queued for the DLC.
1650 * Return number of frames left in the queue.
1652 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1654 struct sk_buff *skb;
1657 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1658 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1660 /* Send pending MSC */
1661 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1662 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1666 * Give them some credits */
1667 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1668 d->rx_credits <= (d->cfc >> 2)) {
1669 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1670 d->rx_credits = d->cfc;
1674 * Give ourselves some credits */
1678 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1679 return skb_queue_len(&d->tx_queue);
1681 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1682 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1684 skb_queue_head(&d->tx_queue, skb);
1691 if (d->cfc && !d->tx_credits) {
1692 /* We're out of TX credits.
1693 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1694 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1697 return skb_queue_len(&d->tx_queue);
1700 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1702 struct rfcomm_dlc *d;
1703 struct list_head *p, *n;
1705 BT_DBG("session %p state %ld", s, s->state);
1707 list_for_each_safe(p, n, &s->dlcs) {
1708 d = list_entry(p, struct rfcomm_dlc, list);
1710 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1711 __rfcomm_dlc_close(d, ETIMEDOUT);
1715 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1716 rfcomm_dlc_clear_timer(d);
1718 rfcomm_send_pn(s, 1, d);
1719 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1721 rfcomm_dlc_accept(d);
1722 if (d->link_mode & RFCOMM_LM_SECURE) {
1723 struct sock *sk = s->sock->sk;
1724 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
1727 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1728 rfcomm_dlc_clear_timer(d);
1730 rfcomm_send_dm(s, d->dlci);
1732 d->state = BT_CLOSED;
1733 __rfcomm_dlc_close(d, ECONNREFUSED);
1737 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1740 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1741 d->mscex == RFCOMM_MSCEX_OK)
1742 rfcomm_process_tx(d);
1746 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1748 struct socket *sock = s->sock;
1749 struct sock *sk = sock->sk;
1750 struct sk_buff *skb;
1752 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1754 /* Get data directly from socket receive queue without copying it. */
1755 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1757 rfcomm_recv_frame(s, skb);
1760 if (sk->sk_state == BT_CLOSED) {
1762 rfcomm_session_put(s);
1764 rfcomm_session_close(s, sk->sk_err);
1768 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1770 struct socket *sock = s->sock, *nsock;
1773 /* Fast check for a new connection.
1774 * Avoids unnesesary socket allocations. */
1775 if (list_empty(&bt_sk(sock->sk)->accept_q))
1778 BT_DBG("session %p", s);
1780 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1784 /* Set our callbacks */
1785 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1786 nsock->sk->sk_state_change = rfcomm_l2state_change;
1788 s = rfcomm_session_add(nsock, BT_OPEN);
1790 rfcomm_session_hold(s);
1792 /* We should adjust MTU on incoming sessions.
1793 * L2CAP MTU minus UIH header and FCS. */
1794 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5;
1796 rfcomm_schedule(RFCOMM_SCHED_RX);
1798 sock_release(nsock);
1801 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1803 struct sock *sk = s->sock->sk;
1805 BT_DBG("%p state %ld", s, s->state);
1807 switch(sk->sk_state) {
1809 s->state = BT_CONNECT;
1811 /* We can adjust MTU on outgoing sessions.
1812 * L2CAP MTU minus UIH header and FCS. */
1813 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1815 rfcomm_send_sabm(s, 0);
1819 s->state = BT_CLOSED;
1820 rfcomm_session_close(s, sk->sk_err);
1825 static inline void rfcomm_process_sessions(void)
1827 struct list_head *p, *n;
1831 list_for_each_safe(p, n, &session_list) {
1832 struct rfcomm_session *s;
1833 s = list_entry(p, struct rfcomm_session, list);
1835 if (s->state == BT_LISTEN) {
1836 rfcomm_accept_connection(s);
1840 rfcomm_session_hold(s);
1844 rfcomm_check_connection(s);
1848 rfcomm_process_rx(s);
1852 rfcomm_process_dlcs(s);
1854 rfcomm_session_put(s);
1860 static int rfcomm_add_listener(bdaddr_t *ba)
1862 struct sockaddr_l2 addr;
1863 struct socket *sock;
1865 struct rfcomm_session *s;
1869 err = rfcomm_l2sock_create(&sock);
1871 BT_ERR("Create socket failed %d", err);
1876 bacpy(&addr.l2_bdaddr, ba);
1877 addr.l2_family = AF_BLUETOOTH;
1878 addr.l2_psm = htobs(RFCOMM_PSM);
1879 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1881 BT_ERR("Bind failed %d", err);
1885 /* Set L2CAP options */
1888 l2cap_pi(sk)->imtu = l2cap_mtu;
1891 /* Start listening on the socket */
1892 err = kernel_listen(sock, 10);
1894 BT_ERR("Listen failed %d", err);
1898 /* Add listening session */
1899 s = rfcomm_session_add(sock, BT_LISTEN);
1903 rfcomm_session_hold(s);
1910 static void rfcomm_kill_listener(void)
1912 struct rfcomm_session *s;
1913 struct list_head *p, *n;
1917 list_for_each_safe(p, n, &session_list) {
1918 s = list_entry(p, struct rfcomm_session, list);
1919 rfcomm_session_del(s);
1923 static int rfcomm_run(void *unused)
1927 set_user_nice(current, -10);
1929 rfcomm_add_listener(BDADDR_ANY);
1931 while (!kthread_should_stop()) {
1932 set_current_state(TASK_INTERRUPTIBLE);
1933 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1934 /* No pending events. Let's sleep.
1935 * Incoming connections and data will wake us up. */
1938 set_current_state(TASK_RUNNING);
1941 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1942 rfcomm_process_sessions();
1945 rfcomm_kill_listener();
1950 static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
1952 struct rfcomm_session *s;
1953 struct rfcomm_dlc *d;
1954 struct list_head *p, *n;
1956 BT_DBG("conn %p status 0x%02x", conn, status);
1958 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1962 rfcomm_session_hold(s);
1964 list_for_each_safe(p, n, &s->dlcs) {
1965 d = list_entry(p, struct rfcomm_dlc, list);
1967 if ((d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) &&
1968 !(conn->link_mode & HCI_LM_ENCRYPT) && !status)
1971 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1975 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1977 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1980 rfcomm_session_put(s);
1982 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1985 static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1987 struct rfcomm_session *s;
1988 struct rfcomm_dlc *d;
1989 struct list_head *p, *n;
1991 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
1993 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1997 rfcomm_session_hold(s);
1999 list_for_each_safe(p, n, &s->dlcs) {
2000 d = list_entry(p, struct rfcomm_dlc, list);
2002 if ((d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) &&
2003 (d->state == BT_CONNECTED ||
2004 d->state == BT_CONFIG) &&
2005 !status && encrypt == 0x00) {
2006 __rfcomm_dlc_close(d, ECONNREFUSED);
2010 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2013 if (!status && encrypt)
2014 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2016 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2019 rfcomm_session_put(s);
2021 rfcomm_schedule(RFCOMM_SCHED_AUTH);
2024 static struct hci_cb rfcomm_cb = {
2026 .auth_cfm = rfcomm_auth_cfm,
2027 .encrypt_cfm = rfcomm_encrypt_cfm
2030 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
2032 struct rfcomm_session *s;
2033 struct list_head *pp, *p;
2038 list_for_each(p, &session_list) {
2039 s = list_entry(p, struct rfcomm_session, list);
2040 list_for_each(pp, &s->dlcs) {
2041 struct sock *sk = s->sock->sk;
2042 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
2044 str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2045 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2046 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
2055 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
2057 /* ---- Initialization ---- */
2058 static int __init rfcomm_init(void)
2062 hci_register_cb(&rfcomm_cb);
2064 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2065 if (IS_ERR(rfcomm_thread)) {
2066 hci_unregister_cb(&rfcomm_cb);
2067 return PTR_ERR(rfcomm_thread);
2070 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0)
2071 BT_ERR("Failed to create RFCOMM info file");
2073 rfcomm_init_sockets();
2075 #ifdef CONFIG_BT_RFCOMM_TTY
2079 BT_INFO("RFCOMM ver %s", VERSION);
2084 static void __exit rfcomm_exit(void)
2086 class_remove_file(bt_class, &class_attr_rfcomm_dlc);
2088 hci_unregister_cb(&rfcomm_cb);
2090 kthread_stop(rfcomm_thread);
2092 #ifdef CONFIG_BT_RFCOMM_TTY
2093 rfcomm_cleanup_ttys();
2096 rfcomm_cleanup_sockets();
2099 module_init(rfcomm_init);
2100 module_exit(rfcomm_exit);
2102 module_param(disable_cfc, bool, 0644);
2103 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2105 module_param(channel_mtu, int, 0644);
2106 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2108 module_param(l2cap_mtu, uint, 0644);
2109 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2111 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2112 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2113 MODULE_VERSION(VERSION);
2114 MODULE_LICENSE("GPL");
2115 MODULE_ALIAS("bt-proto-3");
git.openpandora.org / pandora-kernel.git / blob