2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/kernel.h>
31 #include <linux/sched.h>
32 #include <linux/signal.h>
33 #include <linux/init.h>
34 #include <linux/wait.h>
35 #include <linux/device.h>
36 #include <linux/net.h>
37 #include <linux/mutex.h>
38 #include <linux/kthread.h>
41 #include <asm/uaccess.h>
42 #include <asm/unaligned.h>
44 #include <net/bluetooth/bluetooth.h>
45 #include <net/bluetooth/hci_core.h>
46 #include <net/bluetooth/l2cap.h>
47 #include <net/bluetooth/rfcomm.h>
49 #define VERSION "1.11"
51 static int disable_cfc = 0;
52 static int channel_mtu = -1;
53 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
54 static int l2cap_ertm = 0;
56 static struct task_struct *rfcomm_thread;
58 static DEFINE_MUTEX(rfcomm_mutex);
59 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
60 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
62 static unsigned long rfcomm_event;
64 static LIST_HEAD(session_list);
66 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
67 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
68 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
69 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
70 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
71 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
72 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
73 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
74 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
75 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
77 static void rfcomm_process_connect(struct rfcomm_session *s);
79 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
80 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
81 static void rfcomm_session_del(struct rfcomm_session *s);
83 /* ---- RFCOMM frame parsing macros ---- */
84 #define __get_dlci(b) ((b & 0xfc) >> 2)
85 #define __get_channel(b) ((b & 0xf8) >> 3)
86 #define __get_dir(b) ((b & 0x04) >> 2)
87 #define __get_type(b) ((b & 0xef))
89 #define __test_ea(b) ((b & 0x01))
90 #define __test_cr(b) ((b & 0x02))
91 #define __test_pf(b) ((b & 0x10))
93 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
94 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
95 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
96 #define __srv_channel(dlci) (dlci >> 1)
97 #define __dir(dlci) (dlci & 0x01)
99 #define __len8(len) (((len) << 1) | 1)
100 #define __len16(len) ((len) << 1)
103 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
104 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
105 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
108 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
109 #define __get_rpn_data_bits(line) ((line) & 0x3)
110 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
111 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
113 static inline void rfcomm_schedule(uint event)
117 //set_bit(event, &rfcomm_event);
118 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
119 wake_up_process(rfcomm_thread);
122 static inline void rfcomm_session_put(struct rfcomm_session *s)
124 if (atomic_dec_and_test(&s->refcnt))
125 rfcomm_session_del(s);
128 /* ---- RFCOMM FCS computation ---- */
130 /* reversed, 8-bit, poly=0x07 */
131 static unsigned char rfcomm_crc_table[256] = {
132 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
133 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
134 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
135 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
137 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
138 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
139 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
140 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
142 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
143 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
144 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
145 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
147 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
148 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
149 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
150 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
152 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
153 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
154 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
155 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
157 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
158 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
159 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
160 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
162 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
163 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
164 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
165 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
167 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
168 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
169 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
170 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
174 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
177 static inline u8 __fcs(u8 *data)
179 return (0xff - __crc(data));
183 static inline u8 __fcs2(u8 *data)
185 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
189 static inline int __check_fcs(u8 *data, int type, u8 fcs)
193 if (type != RFCOMM_UIH)
194 f = rfcomm_crc_table[f ^ data[2]];
196 return rfcomm_crc_table[f ^ fcs] != 0xcf;
199 /* ---- L2CAP callbacks ---- */
200 static void rfcomm_l2state_change(struct sock *sk)
202 BT_DBG("%p state %d", sk, sk->sk_state);
203 rfcomm_schedule(RFCOMM_SCHED_STATE);
206 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
208 BT_DBG("%p bytes %d", sk, bytes);
209 rfcomm_schedule(RFCOMM_SCHED_RX);
212 static int rfcomm_l2sock_create(struct socket **sock)
218 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
220 struct sock *sk = (*sock)->sk;
221 sk->sk_data_ready = rfcomm_l2data_ready;
222 sk->sk_state_change = rfcomm_l2state_change;
227 static inline int rfcomm_check_security(struct rfcomm_dlc *d)
229 struct sock *sk = d->session->sock->sk;
232 switch (d->sec_level) {
233 case BT_SECURITY_HIGH:
234 auth_type = HCI_AT_GENERAL_BONDING_MITM;
236 case BT_SECURITY_MEDIUM:
237 auth_type = HCI_AT_GENERAL_BONDING;
240 auth_type = HCI_AT_NO_BONDING;
244 return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level,
248 static void rfcomm_session_timeout(unsigned long arg)
250 struct rfcomm_session *s = (void *) arg;
252 BT_DBG("session %p state %ld", s, s->state);
254 set_bit(RFCOMM_TIMED_OUT, &s->flags);
255 rfcomm_session_put(s);
256 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
259 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
261 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
263 if (!mod_timer(&s->timer, jiffies + timeout))
264 rfcomm_session_hold(s);
267 static void rfcomm_session_clear_timer(struct rfcomm_session *s)
269 BT_DBG("session %p state %ld", s, s->state);
271 if (timer_pending(&s->timer) && del_timer(&s->timer))
272 rfcomm_session_put(s);
275 /* ---- RFCOMM DLCs ---- */
276 static void rfcomm_dlc_timeout(unsigned long arg)
278 struct rfcomm_dlc *d = (void *) arg;
280 BT_DBG("dlc %p state %ld", d, d->state);
282 set_bit(RFCOMM_TIMED_OUT, &d->flags);
284 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
287 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
289 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
291 if (!mod_timer(&d->timer, jiffies + timeout))
295 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
297 BT_DBG("dlc %p state %ld", d, d->state);
299 if (timer_pending(&d->timer) && del_timer(&d->timer))
303 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
310 d->mtu = RFCOMM_DEFAULT_MTU;
311 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
313 d->cfc = RFCOMM_CFC_DISABLED;
314 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
317 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
319 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
324 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
326 skb_queue_head_init(&d->tx_queue);
327 spin_lock_init(&d->lock);
328 atomic_set(&d->refcnt, 1);
330 rfcomm_dlc_clear_state(d);
337 void rfcomm_dlc_free(struct rfcomm_dlc *d)
341 skb_queue_purge(&d->tx_queue);
345 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
347 BT_DBG("dlc %p session %p", d, s);
349 rfcomm_session_hold(s);
351 rfcomm_session_clear_timer(s);
353 list_add(&d->list, &s->dlcs);
357 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
359 struct rfcomm_session *s = d->session;
361 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
367 if (list_empty(&s->dlcs))
368 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
370 rfcomm_session_put(s);
373 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
375 struct rfcomm_dlc *d;
378 list_for_each(p, &s->dlcs) {
379 d = list_entry(p, struct rfcomm_dlc, list);
386 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
388 struct rfcomm_session *s;
392 BT_DBG("dlc %p state %ld %s %s channel %d",
393 d, d->state, batostr(src), batostr(dst), channel);
395 if (channel < 1 || channel > 30)
398 if (d->state != BT_OPEN && d->state != BT_CLOSED)
401 s = rfcomm_session_get(src, dst);
403 s = rfcomm_session_create(src, dst, &err);
408 dlci = __dlci(!s->initiator, channel);
410 /* Check if DLCI already exists */
411 if (rfcomm_dlc_get(s, dlci))
414 rfcomm_dlc_clear_state(d);
417 d->addr = __addr(s->initiator, dlci);
420 d->state = BT_CONFIG;
421 rfcomm_dlc_link(s, d);
426 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
428 if (s->state == BT_CONNECTED) {
429 if (rfcomm_check_security(d))
430 rfcomm_send_pn(s, 1, d);
432 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
435 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
440 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
446 r = __rfcomm_dlc_open(d, src, dst, channel);
452 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
454 struct rfcomm_session *s = d->session;
458 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
459 d, d->state, d->dlci, err, s);
464 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
465 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
466 rfcomm_schedule(RFCOMM_SCHED_AUTH);
472 d->state = BT_DISCONN;
473 if (skb_queue_empty(&d->tx_queue)) {
474 rfcomm_send_disc(s, d->dlci);
475 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
477 rfcomm_queue_disc(d);
478 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
484 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
485 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
486 rfcomm_schedule(RFCOMM_SCHED_AUTH);
492 rfcomm_dlc_clear_timer(d);
495 d->state = BT_CLOSED;
496 d->state_change(d, err);
497 rfcomm_dlc_unlock(d);
499 skb_queue_purge(&d->tx_queue);
500 rfcomm_dlc_unlink(d);
506 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
512 r = __rfcomm_dlc_close(d, err);
518 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
522 if (d->state != BT_CONNECTED)
525 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
530 rfcomm_make_uih(skb, d->addr);
531 skb_queue_tail(&d->tx_queue, skb);
533 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
534 rfcomm_schedule(RFCOMM_SCHED_TX);
538 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
540 BT_DBG("dlc %p state %ld", d, d->state);
543 d->v24_sig |= RFCOMM_V24_FC;
544 set_bit(RFCOMM_MSC_PENDING, &d->flags);
546 rfcomm_schedule(RFCOMM_SCHED_TX);
549 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
551 BT_DBG("dlc %p state %ld", d, d->state);
554 d->v24_sig &= ~RFCOMM_V24_FC;
555 set_bit(RFCOMM_MSC_PENDING, &d->flags);
557 rfcomm_schedule(RFCOMM_SCHED_TX);
561 Set/get modem status functions use _local_ status i.e. what we report
563 Remote status is provided by dlc->modem_status() callback.
565 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
567 BT_DBG("dlc %p state %ld v24_sig 0x%x",
568 d, d->state, v24_sig);
570 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
571 v24_sig |= RFCOMM_V24_FC;
573 v24_sig &= ~RFCOMM_V24_FC;
575 d->v24_sig = v24_sig;
577 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
578 rfcomm_schedule(RFCOMM_SCHED_TX);
583 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
585 BT_DBG("dlc %p state %ld v24_sig 0x%x",
586 d, d->state, d->v24_sig);
588 *v24_sig = d->v24_sig;
592 /* ---- RFCOMM sessions ---- */
593 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
595 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
600 BT_DBG("session %p sock %p", s, sock);
602 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
604 INIT_LIST_HEAD(&s->dlcs);
608 s->mtu = RFCOMM_DEFAULT_MTU;
609 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
611 /* Do not increment module usage count for listening sessions.
612 * Otherwise we won't be able to unload the module. */
613 if (state != BT_LISTEN)
614 if (!try_module_get(THIS_MODULE)) {
619 list_add(&s->list, &session_list);
624 static void rfcomm_session_del(struct rfcomm_session *s)
626 int state = s->state;
628 BT_DBG("session %p state %ld", s, s->state);
632 if (state == BT_CONNECTED)
633 rfcomm_send_disc(s, 0);
635 rfcomm_session_clear_timer(s);
636 sock_release(s->sock);
639 if (state != BT_LISTEN)
640 module_put(THIS_MODULE);
643 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
645 struct rfcomm_session *s;
646 struct list_head *p, *n;
648 list_for_each_safe(p, n, &session_list) {
649 s = list_entry(p, struct rfcomm_session, list);
650 sk = bt_sk(s->sock->sk);
652 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
653 !bacmp(&sk->dst, dst))
659 static void rfcomm_session_close(struct rfcomm_session *s, int err)
661 struct rfcomm_dlc *d;
662 struct list_head *p, *n;
664 BT_DBG("session %p state %ld err %d", s, s->state, err);
666 rfcomm_session_hold(s);
668 s->state = BT_CLOSED;
671 list_for_each_safe(p, n, &s->dlcs) {
672 d = list_entry(p, struct rfcomm_dlc, list);
673 d->state = BT_CLOSED;
674 __rfcomm_dlc_close(d, err);
677 rfcomm_session_clear_timer(s);
678 rfcomm_session_put(s);
681 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
683 struct rfcomm_session *s = NULL;
684 struct sockaddr_l2 addr;
688 BT_DBG("%s %s", batostr(src), batostr(dst));
690 *err = rfcomm_l2sock_create(&sock);
694 bacpy(&addr.l2_bdaddr, src);
695 addr.l2_family = AF_BLUETOOTH;
698 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
702 /* Set L2CAP options */
705 l2cap_pi(sk)->imtu = l2cap_mtu;
707 l2cap_pi(sk)->mode = L2CAP_MODE_ERTM;
710 s = rfcomm_session_add(sock, BT_BOUND);
718 bacpy(&addr.l2_bdaddr, dst);
719 addr.l2_family = AF_BLUETOOTH;
720 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
722 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
723 if (*err == 0 || *err == -EINPROGRESS)
726 rfcomm_session_del(s);
734 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
736 struct sock *sk = s->sock->sk;
738 bacpy(src, &bt_sk(sk)->src);
740 bacpy(dst, &bt_sk(sk)->dst);
743 /* ---- RFCOMM frame sending ---- */
744 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
746 struct socket *sock = s->sock;
747 struct kvec iv = { data, len };
750 BT_DBG("session %p len %d", s, len);
752 memset(&msg, 0, sizeof(msg));
754 return kernel_sendmsg(sock, &msg, &iv, 1, len);
757 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
759 struct rfcomm_cmd cmd;
761 BT_DBG("%p dlci %d", s, dlci);
763 cmd.addr = __addr(s->initiator, dlci);
764 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
766 cmd.fcs = __fcs2((u8 *) &cmd);
768 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
771 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
773 struct rfcomm_cmd cmd;
775 BT_DBG("%p dlci %d", s, dlci);
777 cmd.addr = __addr(!s->initiator, dlci);
778 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
780 cmd.fcs = __fcs2((u8 *) &cmd);
782 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
785 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
787 struct rfcomm_cmd cmd;
789 BT_DBG("%p dlci %d", s, dlci);
791 cmd.addr = __addr(s->initiator, dlci);
792 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
794 cmd.fcs = __fcs2((u8 *) &cmd);
796 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
799 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
801 struct rfcomm_cmd *cmd;
804 BT_DBG("dlc %p dlci %d", d, d->dlci);
806 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
810 cmd = (void *) __skb_put(skb, sizeof(*cmd));
812 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
813 cmd->len = __len8(0);
814 cmd->fcs = __fcs2((u8 *) cmd);
816 skb_queue_tail(&d->tx_queue, skb);
817 rfcomm_schedule(RFCOMM_SCHED_TX);
821 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
823 struct rfcomm_cmd cmd;
825 BT_DBG("%p dlci %d", s, dlci);
827 cmd.addr = __addr(!s->initiator, dlci);
828 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
830 cmd.fcs = __fcs2((u8 *) &cmd);
832 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
835 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
837 struct rfcomm_hdr *hdr;
838 struct rfcomm_mcc *mcc;
839 u8 buf[16], *ptr = buf;
841 BT_DBG("%p cr %d type %d", s, cr, type);
843 hdr = (void *) ptr; ptr += sizeof(*hdr);
844 hdr->addr = __addr(s->initiator, 0);
845 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
846 hdr->len = __len8(sizeof(*mcc) + 1);
848 mcc = (void *) ptr; ptr += sizeof(*mcc);
849 mcc->type = __mcc_type(cr, RFCOMM_NSC);
850 mcc->len = __len8(1);
852 /* Type that we didn't like */
853 *ptr = __mcc_type(cr, type); ptr++;
855 *ptr = __fcs(buf); ptr++;
857 return rfcomm_send_frame(s, buf, ptr - buf);
860 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
862 struct rfcomm_hdr *hdr;
863 struct rfcomm_mcc *mcc;
864 struct rfcomm_pn *pn;
865 u8 buf[16], *ptr = buf;
867 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
869 hdr = (void *) ptr; ptr += sizeof(*hdr);
870 hdr->addr = __addr(s->initiator, 0);
871 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
872 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
874 mcc = (void *) ptr; ptr += sizeof(*mcc);
875 mcc->type = __mcc_type(cr, RFCOMM_PN);
876 mcc->len = __len8(sizeof(*pn));
878 pn = (void *) ptr; ptr += sizeof(*pn);
880 pn->priority = d->priority;
885 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
886 pn->credits = RFCOMM_DEFAULT_CREDITS;
892 if (cr && channel_mtu >= 0)
893 pn->mtu = cpu_to_le16(channel_mtu);
895 pn->mtu = cpu_to_le16(d->mtu);
897 *ptr = __fcs(buf); ptr++;
899 return rfcomm_send_frame(s, buf, ptr - buf);
902 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
903 u8 bit_rate, u8 data_bits, u8 stop_bits,
904 u8 parity, u8 flow_ctrl_settings,
905 u8 xon_char, u8 xoff_char, u16 param_mask)
907 struct rfcomm_hdr *hdr;
908 struct rfcomm_mcc *mcc;
909 struct rfcomm_rpn *rpn;
910 u8 buf[16], *ptr = buf;
912 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
913 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
914 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
915 flow_ctrl_settings, xon_char, xoff_char, param_mask);
917 hdr = (void *) ptr; ptr += sizeof(*hdr);
918 hdr->addr = __addr(s->initiator, 0);
919 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
920 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
922 mcc = (void *) ptr; ptr += sizeof(*mcc);
923 mcc->type = __mcc_type(cr, RFCOMM_RPN);
924 mcc->len = __len8(sizeof(*rpn));
926 rpn = (void *) ptr; ptr += sizeof(*rpn);
927 rpn->dlci = __addr(1, dlci);
928 rpn->bit_rate = bit_rate;
929 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
930 rpn->flow_ctrl = flow_ctrl_settings;
931 rpn->xon_char = xon_char;
932 rpn->xoff_char = xoff_char;
933 rpn->param_mask = cpu_to_le16(param_mask);
935 *ptr = __fcs(buf); ptr++;
937 return rfcomm_send_frame(s, buf, ptr - buf);
940 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
942 struct rfcomm_hdr *hdr;
943 struct rfcomm_mcc *mcc;
944 struct rfcomm_rls *rls;
945 u8 buf[16], *ptr = buf;
947 BT_DBG("%p cr %d status 0x%x", s, cr, status);
949 hdr = (void *) ptr; ptr += sizeof(*hdr);
950 hdr->addr = __addr(s->initiator, 0);
951 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
952 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
954 mcc = (void *) ptr; ptr += sizeof(*mcc);
955 mcc->type = __mcc_type(cr, RFCOMM_RLS);
956 mcc->len = __len8(sizeof(*rls));
958 rls = (void *) ptr; ptr += sizeof(*rls);
959 rls->dlci = __addr(1, dlci);
960 rls->status = status;
962 *ptr = __fcs(buf); ptr++;
964 return rfcomm_send_frame(s, buf, ptr - buf);
967 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
969 struct rfcomm_hdr *hdr;
970 struct rfcomm_mcc *mcc;
971 struct rfcomm_msc *msc;
972 u8 buf[16], *ptr = buf;
974 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
976 hdr = (void *) ptr; ptr += sizeof(*hdr);
977 hdr->addr = __addr(s->initiator, 0);
978 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
979 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
981 mcc = (void *) ptr; ptr += sizeof(*mcc);
982 mcc->type = __mcc_type(cr, RFCOMM_MSC);
983 mcc->len = __len8(sizeof(*msc));
985 msc = (void *) ptr; ptr += sizeof(*msc);
986 msc->dlci = __addr(1, dlci);
987 msc->v24_sig = v24_sig | 0x01;
989 *ptr = __fcs(buf); ptr++;
991 return rfcomm_send_frame(s, buf, ptr - buf);
994 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
996 struct rfcomm_hdr *hdr;
997 struct rfcomm_mcc *mcc;
998 u8 buf[16], *ptr = buf;
1000 BT_DBG("%p cr %d", s, cr);
1002 hdr = (void *) ptr; ptr += sizeof(*hdr);
1003 hdr->addr = __addr(s->initiator, 0);
1004 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1005 hdr->len = __len8(sizeof(*mcc));
1007 mcc = (void *) ptr; ptr += sizeof(*mcc);
1008 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1009 mcc->len = __len8(0);
1011 *ptr = __fcs(buf); ptr++;
1013 return rfcomm_send_frame(s, buf, ptr - buf);
1016 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1018 struct rfcomm_hdr *hdr;
1019 struct rfcomm_mcc *mcc;
1020 u8 buf[16], *ptr = buf;
1022 BT_DBG("%p cr %d", s, cr);
1024 hdr = (void *) ptr; ptr += sizeof(*hdr);
1025 hdr->addr = __addr(s->initiator, 0);
1026 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1027 hdr->len = __len8(sizeof(*mcc));
1029 mcc = (void *) ptr; ptr += sizeof(*mcc);
1030 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1031 mcc->len = __len8(0);
1033 *ptr = __fcs(buf); ptr++;
1035 return rfcomm_send_frame(s, buf, ptr - buf);
1038 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1040 struct socket *sock = s->sock;
1043 unsigned char hdr[5], crc[1];
1048 BT_DBG("%p cr %d", s, cr);
1050 hdr[0] = __addr(s->initiator, 0);
1051 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1052 hdr[2] = 0x01 | ((len + 2) << 1);
1053 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1054 hdr[4] = 0x01 | (len << 1);
1056 crc[0] = __fcs(hdr);
1058 iv[0].iov_base = hdr;
1060 iv[1].iov_base = pattern;
1061 iv[1].iov_len = len;
1062 iv[2].iov_base = crc;
1065 memset(&msg, 0, sizeof(msg));
1067 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1070 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1072 struct rfcomm_hdr *hdr;
1073 u8 buf[16], *ptr = buf;
1075 BT_DBG("%p addr %d credits %d", s, addr, credits);
1077 hdr = (void *) ptr; ptr += sizeof(*hdr);
1079 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1080 hdr->len = __len8(0);
1082 *ptr = credits; ptr++;
1084 *ptr = __fcs(buf); ptr++;
1086 return rfcomm_send_frame(s, buf, ptr - buf);
1089 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1091 struct rfcomm_hdr *hdr;
1096 hdr = (void *) skb_push(skb, 4);
1097 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1099 hdr = (void *) skb_push(skb, 3);
1100 hdr->len = __len8(len);
1103 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1105 crc = skb_put(skb, 1);
1106 *crc = __fcs((void *) hdr);
1109 /* ---- RFCOMM frame reception ---- */
1110 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1112 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1116 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1118 rfcomm_send_dm(s, dlci);
1124 rfcomm_dlc_clear_timer(d);
1127 d->state = BT_CONNECTED;
1128 d->state_change(d, 0);
1129 rfcomm_dlc_unlock(d);
1131 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1135 d->state = BT_CLOSED;
1136 __rfcomm_dlc_close(d, 0);
1138 if (list_empty(&s->dlcs)) {
1139 s->state = BT_DISCONN;
1140 rfcomm_send_disc(s, 0);
1146 /* Control channel */
1149 s->state = BT_CONNECTED;
1150 rfcomm_process_connect(s);
1154 rfcomm_session_put(s);
1161 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1165 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1169 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1171 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1176 d->state = BT_CLOSED;
1177 __rfcomm_dlc_close(d, err);
1180 if (s->state == BT_CONNECT)
1185 s->state = BT_CLOSED;
1186 rfcomm_session_close(s, err);
1191 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1195 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1198 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1200 rfcomm_send_ua(s, dlci);
1202 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1207 d->state = BT_CLOSED;
1208 __rfcomm_dlc_close(d, err);
1210 rfcomm_send_dm(s, dlci);
1213 rfcomm_send_ua(s, 0);
1215 if (s->state == BT_CONNECT)
1220 s->state = BT_CLOSED;
1221 rfcomm_session_close(s, err);
1227 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1229 struct sock *sk = d->session->sock->sk;
1231 BT_DBG("dlc %p", d);
1233 rfcomm_send_ua(d->session, d->dlci);
1235 rfcomm_dlc_clear_timer(d);
1238 d->state = BT_CONNECTED;
1239 d->state_change(d, 0);
1240 rfcomm_dlc_unlock(d);
1243 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);
1245 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1248 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1250 if (rfcomm_check_security(d)) {
1251 if (d->defer_setup) {
1252 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1253 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1256 d->state = BT_CONNECT2;
1257 d->state_change(d, 0);
1258 rfcomm_dlc_unlock(d);
1260 rfcomm_dlc_accept(d);
1262 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1263 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1267 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1269 struct rfcomm_dlc *d;
1272 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1275 rfcomm_send_ua(s, 0);
1277 if (s->state == BT_OPEN) {
1278 s->state = BT_CONNECTED;
1279 rfcomm_process_connect(s);
1284 /* Check if DLC exists */
1285 d = rfcomm_dlc_get(s, dlci);
1287 if (d->state == BT_OPEN) {
1288 /* DLC was previously opened by PN request */
1289 rfcomm_check_accept(d);
1294 /* Notify socket layer about incoming connection */
1295 channel = __srv_channel(dlci);
1296 if (rfcomm_connect_ind(s, channel, &d)) {
1298 d->addr = __addr(s->initiator, dlci);
1299 rfcomm_dlc_link(s, d);
1301 rfcomm_check_accept(d);
1303 rfcomm_send_dm(s, dlci);
1309 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1311 struct rfcomm_session *s = d->session;
1313 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1314 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1316 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1317 pn->flow_ctrl == 0xe0) {
1318 d->cfc = RFCOMM_CFC_ENABLED;
1319 d->tx_credits = pn->credits;
1321 d->cfc = RFCOMM_CFC_DISABLED;
1322 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1325 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1328 d->priority = pn->priority;
1330 d->mtu = __le16_to_cpu(pn->mtu);
1332 if (cr && d->mtu > s->mtu)
1338 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1340 struct rfcomm_pn *pn = (void *) skb->data;
1341 struct rfcomm_dlc *d;
1344 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1349 d = rfcomm_dlc_get(s, dlci);
1353 rfcomm_apply_pn(d, cr, pn);
1354 rfcomm_send_pn(s, 0, d);
1359 rfcomm_apply_pn(d, cr, pn);
1361 d->state = BT_CONNECT;
1362 rfcomm_send_sabm(s, d->dlci);
1367 u8 channel = __srv_channel(dlci);
1372 /* PN request for non existing DLC.
1373 * Assume incoming connection. */
1374 if (rfcomm_connect_ind(s, channel, &d)) {
1376 d->addr = __addr(s->initiator, dlci);
1377 rfcomm_dlc_link(s, d);
1379 rfcomm_apply_pn(d, cr, pn);
1382 rfcomm_send_pn(s, 0, d);
1384 rfcomm_send_dm(s, dlci);
1390 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1392 struct rfcomm_rpn *rpn = (void *) skb->data;
1393 u8 dlci = __get_dlci(rpn->dlci);
1402 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1404 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1405 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1406 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1412 /* This is a request, return default settings */
1413 bit_rate = RFCOMM_RPN_BR_115200;
1414 data_bits = RFCOMM_RPN_DATA_8;
1415 stop_bits = RFCOMM_RPN_STOP_1;
1416 parity = RFCOMM_RPN_PARITY_NONE;
1417 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1418 xon_char = RFCOMM_RPN_XON_CHAR;
1419 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1423 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1424 * no parity, no flow control lines, normal XON/XOFF chars */
1426 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1427 bit_rate = rpn->bit_rate;
1428 if (bit_rate != RFCOMM_RPN_BR_115200) {
1429 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1430 bit_rate = RFCOMM_RPN_BR_115200;
1431 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1435 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1436 data_bits = __get_rpn_data_bits(rpn->line_settings);
1437 if (data_bits != RFCOMM_RPN_DATA_8) {
1438 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1439 data_bits = RFCOMM_RPN_DATA_8;
1440 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1444 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1445 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1446 if (stop_bits != RFCOMM_RPN_STOP_1) {
1447 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1448 stop_bits = RFCOMM_RPN_STOP_1;
1449 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1453 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1454 parity = __get_rpn_parity(rpn->line_settings);
1455 if (parity != RFCOMM_RPN_PARITY_NONE) {
1456 BT_DBG("RPN parity mismatch 0x%x", parity);
1457 parity = RFCOMM_RPN_PARITY_NONE;
1458 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1462 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1463 flow_ctrl = rpn->flow_ctrl;
1464 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1465 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1466 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1467 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1471 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1472 xon_char = rpn->xon_char;
1473 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1474 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1475 xon_char = RFCOMM_RPN_XON_CHAR;
1476 rpn_mask ^= RFCOMM_RPN_PM_XON;
1480 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1481 xoff_char = rpn->xoff_char;
1482 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1483 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1484 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1485 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1490 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1491 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1496 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1498 struct rfcomm_rls *rls = (void *) skb->data;
1499 u8 dlci = __get_dlci(rls->dlci);
1501 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1506 /* We should probably do something with this information here. But
1507 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1508 * mandatory to recognise and respond to RLS */
1510 rfcomm_send_rls(s, 0, dlci, rls->status);
1515 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1517 struct rfcomm_msc *msc = (void *) skb->data;
1518 struct rfcomm_dlc *d;
1519 u8 dlci = __get_dlci(msc->dlci);
1521 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1523 d = rfcomm_dlc_get(s, dlci);
1528 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1529 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1531 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1535 d->remote_v24_sig = msc->v24_sig;
1537 if (d->modem_status)
1538 d->modem_status(d, msc->v24_sig);
1540 rfcomm_dlc_unlock(d);
1542 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1544 d->mscex |= RFCOMM_MSCEX_RX;
1546 d->mscex |= RFCOMM_MSCEX_TX;
1551 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1553 struct rfcomm_mcc *mcc = (void *) skb->data;
1556 cr = __test_cr(mcc->type);
1557 type = __get_mcc_type(mcc->type);
1558 len = __get_mcc_len(mcc->len);
1560 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1566 rfcomm_recv_pn(s, cr, skb);
1570 rfcomm_recv_rpn(s, cr, len, skb);
1574 rfcomm_recv_rls(s, cr, skb);
1578 rfcomm_recv_msc(s, cr, skb);
1583 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1584 rfcomm_send_fcoff(s, 0);
1590 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1591 rfcomm_send_fcon(s, 0);
1597 rfcomm_send_test(s, 0, skb->data, skb->len);
1604 BT_ERR("Unknown control type 0x%02x", type);
1605 rfcomm_send_nsc(s, cr, type);
1611 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1613 struct rfcomm_dlc *d;
1615 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1617 d = rfcomm_dlc_get(s, dlci);
1619 rfcomm_send_dm(s, dlci);
1624 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1626 d->tx_credits += credits;
1628 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1631 if (skb->len && d->state == BT_CONNECTED) {
1634 d->data_ready(d, skb);
1635 rfcomm_dlc_unlock(d);
1644 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1646 struct rfcomm_hdr *hdr = (void *) skb->data;
1649 dlci = __get_dlci(hdr->addr);
1650 type = __get_type(hdr->ctrl);
1653 skb->len--; skb->tail--;
1654 fcs = *(u8 *)skb_tail_pointer(skb);
1656 if (__check_fcs(skb->data, type, fcs)) {
1657 BT_ERR("bad checksum in packet");
1662 if (__test_ea(hdr->len))
1669 if (__test_pf(hdr->ctrl))
1670 rfcomm_recv_sabm(s, dlci);
1674 if (__test_pf(hdr->ctrl))
1675 rfcomm_recv_disc(s, dlci);
1679 if (__test_pf(hdr->ctrl))
1680 rfcomm_recv_ua(s, dlci);
1684 rfcomm_recv_dm(s, dlci);
1689 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1691 rfcomm_recv_mcc(s, skb);
1695 BT_ERR("Unknown packet type 0x%02x\n", type);
1702 /* ---- Connection and data processing ---- */
1704 static void rfcomm_process_connect(struct rfcomm_session *s)
1706 struct rfcomm_dlc *d;
1707 struct list_head *p, *n;
1709 BT_DBG("session %p state %ld", s, s->state);
1711 list_for_each_safe(p, n, &s->dlcs) {
1712 d = list_entry(p, struct rfcomm_dlc, list);
1713 if (d->state == BT_CONFIG) {
1715 if (rfcomm_check_security(d)) {
1716 rfcomm_send_pn(s, 1, d);
1718 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1719 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1725 /* Send data queued for the DLC.
1726 * Return number of frames left in the queue.
1728 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1730 struct sk_buff *skb;
1733 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1734 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1736 /* Send pending MSC */
1737 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1738 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1742 * Give them some credits */
1743 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1744 d->rx_credits <= (d->cfc >> 2)) {
1745 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1746 d->rx_credits = d->cfc;
1750 * Give ourselves some credits */
1754 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1755 return skb_queue_len(&d->tx_queue);
1757 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1758 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1760 skb_queue_head(&d->tx_queue, skb);
1767 if (d->cfc && !d->tx_credits) {
1768 /* We're out of TX credits.
1769 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1770 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1773 return skb_queue_len(&d->tx_queue);
1776 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1778 struct rfcomm_dlc *d;
1779 struct list_head *p, *n;
1781 BT_DBG("session %p state %ld", s, s->state);
1783 list_for_each_safe(p, n, &s->dlcs) {
1784 d = list_entry(p, struct rfcomm_dlc, list);
1786 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1787 __rfcomm_dlc_close(d, ETIMEDOUT);
1791 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1792 rfcomm_dlc_clear_timer(d);
1794 rfcomm_send_pn(s, 1, d);
1795 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1797 if (d->defer_setup) {
1798 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1799 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1802 d->state = BT_CONNECT2;
1803 d->state_change(d, 0);
1804 rfcomm_dlc_unlock(d);
1806 rfcomm_dlc_accept(d);
1809 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1810 rfcomm_dlc_clear_timer(d);
1812 rfcomm_send_dm(s, d->dlci);
1814 d->state = BT_CLOSED;
1815 __rfcomm_dlc_close(d, ECONNREFUSED);
1819 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1822 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1825 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1826 d->mscex == RFCOMM_MSCEX_OK)
1827 rfcomm_process_tx(d);
1831 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1833 struct socket *sock = s->sock;
1834 struct sock *sk = sock->sk;
1835 struct sk_buff *skb;
1837 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1839 /* Get data directly from socket receive queue without copying it. */
1840 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1842 rfcomm_recv_frame(s, skb);
1845 if (sk->sk_state == BT_CLOSED) {
1847 rfcomm_session_put(s);
1849 rfcomm_session_close(s, sk->sk_err);
1853 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1855 struct socket *sock = s->sock, *nsock;
1858 /* Fast check for a new connection.
1859 * Avoids unnesesary socket allocations. */
1860 if (list_empty(&bt_sk(sock->sk)->accept_q))
1863 BT_DBG("session %p", s);
1865 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1869 /* Set our callbacks */
1870 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1871 nsock->sk->sk_state_change = rfcomm_l2state_change;
1873 s = rfcomm_session_add(nsock, BT_OPEN);
1875 rfcomm_session_hold(s);
1877 /* We should adjust MTU on incoming sessions.
1878 * L2CAP MTU minus UIH header and FCS. */
1879 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5;
1881 rfcomm_schedule(RFCOMM_SCHED_RX);
1883 sock_release(nsock);
1886 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1888 struct sock *sk = s->sock->sk;
1890 BT_DBG("%p state %ld", s, s->state);
1892 switch(sk->sk_state) {
1894 s->state = BT_CONNECT;
1896 /* We can adjust MTU on outgoing sessions.
1897 * L2CAP MTU minus UIH header and FCS. */
1898 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1900 rfcomm_send_sabm(s, 0);
1904 s->state = BT_CLOSED;
1905 rfcomm_session_close(s, sk->sk_err);
1910 static inline void rfcomm_process_sessions(void)
1912 struct list_head *p, *n;
1916 list_for_each_safe(p, n, &session_list) {
1917 struct rfcomm_session *s;
1918 s = list_entry(p, struct rfcomm_session, list);
1920 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1921 s->state = BT_DISCONN;
1922 rfcomm_send_disc(s, 0);
1926 if (s->state == BT_LISTEN) {
1927 rfcomm_accept_connection(s);
1931 rfcomm_session_hold(s);
1935 rfcomm_check_connection(s);
1939 rfcomm_process_rx(s);
1943 rfcomm_process_dlcs(s);
1945 rfcomm_session_put(s);
1951 static int rfcomm_add_listener(bdaddr_t *ba)
1953 struct sockaddr_l2 addr;
1954 struct socket *sock;
1956 struct rfcomm_session *s;
1960 err = rfcomm_l2sock_create(&sock);
1962 BT_ERR("Create socket failed %d", err);
1967 bacpy(&addr.l2_bdaddr, ba);
1968 addr.l2_family = AF_BLUETOOTH;
1969 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
1971 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1973 BT_ERR("Bind failed %d", err);
1977 /* Set L2CAP options */
1980 l2cap_pi(sk)->imtu = l2cap_mtu;
1983 /* Start listening on the socket */
1984 err = kernel_listen(sock, 10);
1986 BT_ERR("Listen failed %d", err);
1990 /* Add listening session */
1991 s = rfcomm_session_add(sock, BT_LISTEN);
1995 rfcomm_session_hold(s);
2002 static void rfcomm_kill_listener(void)
2004 struct rfcomm_session *s;
2005 struct list_head *p, *n;
2009 list_for_each_safe(p, n, &session_list) {
2010 s = list_entry(p, struct rfcomm_session, list);
2011 rfcomm_session_del(s);
2015 static int rfcomm_run(void *unused)
2019 set_user_nice(current, -10);
2021 rfcomm_add_listener(BDADDR_ANY);
2023 while (!kthread_should_stop()) {
2024 set_current_state(TASK_INTERRUPTIBLE);
2025 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
2026 /* No pending events. Let's sleep.
2027 * Incoming connections and data will wake us up. */
2030 set_current_state(TASK_RUNNING);
2033 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
2034 rfcomm_process_sessions();
2037 rfcomm_kill_listener();
2042 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2044 struct rfcomm_session *s;
2045 struct rfcomm_dlc *d;
2046 struct list_head *p, *n;
2048 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2050 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2054 rfcomm_session_hold(s);
2056 list_for_each_safe(p, n, &s->dlcs) {
2057 d = list_entry(p, struct rfcomm_dlc, list);
2059 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2060 rfcomm_dlc_clear_timer(d);
2061 if (status || encrypt == 0x00) {
2062 __rfcomm_dlc_close(d, ECONNREFUSED);
2067 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2068 if (d->sec_level == BT_SECURITY_MEDIUM) {
2069 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2070 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2072 } else if (d->sec_level == BT_SECURITY_HIGH) {
2073 __rfcomm_dlc_close(d, ECONNREFUSED);
2078 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2082 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2084 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2087 rfcomm_session_put(s);
2089 rfcomm_schedule(RFCOMM_SCHED_AUTH);
2092 static struct hci_cb rfcomm_cb = {
2094 .security_cfm = rfcomm_security_cfm
2097 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
2099 struct rfcomm_session *s;
2100 struct list_head *pp, *p;
2105 list_for_each(p, &session_list) {
2106 s = list_entry(p, struct rfcomm_session, list);
2107 list_for_each(pp, &s->dlcs) {
2108 struct sock *sk = s->sock->sk;
2109 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
2111 str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2112 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2113 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
2122 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
2124 /* ---- Initialization ---- */
2125 static int __init rfcomm_init(void)
2131 hci_register_cb(&rfcomm_cb);
2133 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2134 if (IS_ERR(rfcomm_thread)) {
2135 err = PTR_ERR(rfcomm_thread);
2139 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0)
2140 BT_ERR("Failed to create RFCOMM info file");
2142 err = rfcomm_init_ttys();
2146 err = rfcomm_init_sockets();
2150 BT_INFO("RFCOMM ver %s", VERSION);
2155 rfcomm_cleanup_ttys();
2158 kthread_stop(rfcomm_thread);
2161 hci_unregister_cb(&rfcomm_cb);
2166 static void __exit rfcomm_exit(void)
2168 class_remove_file(bt_class, &class_attr_rfcomm_dlc);
2170 hci_unregister_cb(&rfcomm_cb);
2172 kthread_stop(rfcomm_thread);
2174 rfcomm_cleanup_ttys();
2176 rfcomm_cleanup_sockets();
2179 module_init(rfcomm_init);
2180 module_exit(rfcomm_exit);
2182 module_param(disable_cfc, bool, 0644);
2183 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2185 module_param(channel_mtu, int, 0644);
2186 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2188 module_param(l2cap_mtu, uint, 0644);
2189 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2191 module_param(l2cap_ertm, bool, 0644);
2192 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2194 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2195 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2196 MODULE_VERSION(VERSION);
2197 MODULE_LICENSE("GPL");
2198 MODULE_ALIAS("bt-proto-3");
git.openpandora.org / pandora-kernel.git / blob