2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/kernel.h>
31 #include <linux/sched.h>
32 #include <linux/signal.h>
33 #include <linux/init.h>
34 #include <linux/wait.h>
35 #include <linux/device.h>
36 #include <linux/net.h>
37 #include <linux/mutex.h>
38 #include <linux/kthread.h>
41 #include <asm/uaccess.h>
42 #include <asm/unaligned.h>
44 #include <net/bluetooth/bluetooth.h>
45 #include <net/bluetooth/hci_core.h>
46 #include <net/bluetooth/l2cap.h>
47 #include <net/bluetooth/rfcomm.h>
49 #define VERSION "1.11"
51 static int disable_cfc = 0;
52 static int channel_mtu = -1;
53 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
55 static struct task_struct *rfcomm_thread;
57 static DEFINE_MUTEX(rfcomm_mutex);
58 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
59 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
61 static unsigned long rfcomm_event;
63 static LIST_HEAD(session_list);
65 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
66 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
67 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
68 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
69 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
70 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
71 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
72 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
73 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
74 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
76 static void rfcomm_process_connect(struct rfcomm_session *s);
78 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
79 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
80 static void rfcomm_session_del(struct rfcomm_session *s);
82 /* ---- RFCOMM frame parsing macros ---- */
83 #define __get_dlci(b) ((b & 0xfc) >> 2)
84 #define __get_channel(b) ((b & 0xf8) >> 3)
85 #define __get_dir(b) ((b & 0x04) >> 2)
86 #define __get_type(b) ((b & 0xef))
88 #define __test_ea(b) ((b & 0x01))
89 #define __test_cr(b) ((b & 0x02))
90 #define __test_pf(b) ((b & 0x10))
92 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
93 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
94 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
95 #define __srv_channel(dlci) (dlci >> 1)
96 #define __dir(dlci) (dlci & 0x01)
98 #define __len8(len) (((len) << 1) | 1)
99 #define __len16(len) ((len) << 1)
102 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
103 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
104 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
107 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
108 #define __get_rpn_data_bits(line) ((line) & 0x3)
109 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
110 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
112 static inline void rfcomm_schedule(uint event)
116 //set_bit(event, &rfcomm_event);
117 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
118 wake_up_process(rfcomm_thread);
121 static inline void rfcomm_session_put(struct rfcomm_session *s)
123 if (atomic_dec_and_test(&s->refcnt))
124 rfcomm_session_del(s);
127 /* ---- RFCOMM FCS computation ---- */
129 /* reversed, 8-bit, poly=0x07 */
130 static unsigned char rfcomm_crc_table[256] = {
131 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
132 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
133 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
134 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
136 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
137 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
138 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
139 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
141 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
142 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
143 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
144 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
146 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
147 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
148 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
149 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
151 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
152 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
153 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
154 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
156 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
157 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
158 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
159 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
161 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
162 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
163 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
164 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
166 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
167 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
168 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
169 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
173 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
176 static inline u8 __fcs(u8 *data)
178 return (0xff - __crc(data));
182 static inline u8 __fcs2(u8 *data)
184 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
188 static inline int __check_fcs(u8 *data, int type, u8 fcs)
192 if (type != RFCOMM_UIH)
193 f = rfcomm_crc_table[f ^ data[2]];
195 return rfcomm_crc_table[f ^ fcs] != 0xcf;
198 /* ---- L2CAP callbacks ---- */
199 static void rfcomm_l2state_change(struct sock *sk)
201 BT_DBG("%p state %d", sk, sk->sk_state);
202 rfcomm_schedule(RFCOMM_SCHED_STATE);
205 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
207 BT_DBG("%p bytes %d", sk, bytes);
208 rfcomm_schedule(RFCOMM_SCHED_RX);
211 static int rfcomm_l2sock_create(struct socket **sock)
217 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
219 struct sock *sk = (*sock)->sk;
220 sk->sk_data_ready = rfcomm_l2data_ready;
221 sk->sk_state_change = rfcomm_l2state_change;
226 static inline int rfcomm_check_security(struct rfcomm_dlc *d)
228 struct sock *sk = d->session->sock->sk;
230 return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level);
233 /* ---- RFCOMM DLCs ---- */
234 static void rfcomm_dlc_timeout(unsigned long arg)
236 struct rfcomm_dlc *d = (void *) arg;
238 BT_DBG("dlc %p state %ld", d, d->state);
240 set_bit(RFCOMM_TIMED_OUT, &d->flags);
242 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
245 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
247 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
249 if (!mod_timer(&d->timer, jiffies + timeout))
253 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
255 BT_DBG("dlc %p state %ld", d, d->state);
257 if (timer_pending(&d->timer) && del_timer(&d->timer))
261 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
268 d->mtu = RFCOMM_DEFAULT_MTU;
269 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
271 d->cfc = RFCOMM_CFC_DISABLED;
272 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
275 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
277 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
282 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
284 skb_queue_head_init(&d->tx_queue);
285 spin_lock_init(&d->lock);
286 atomic_set(&d->refcnt, 1);
288 rfcomm_dlc_clear_state(d);
295 void rfcomm_dlc_free(struct rfcomm_dlc *d)
299 skb_queue_purge(&d->tx_queue);
303 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
305 BT_DBG("dlc %p session %p", d, s);
307 rfcomm_session_hold(s);
310 list_add(&d->list, &s->dlcs);
314 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
316 struct rfcomm_session *s = d->session;
318 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
324 rfcomm_session_put(s);
327 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
329 struct rfcomm_dlc *d;
332 list_for_each(p, &s->dlcs) {
333 d = list_entry(p, struct rfcomm_dlc, list);
340 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
342 struct rfcomm_session *s;
346 BT_DBG("dlc %p state %ld %s %s channel %d",
347 d, d->state, batostr(src), batostr(dst), channel);
349 if (channel < 1 || channel > 30)
352 if (d->state != BT_OPEN && d->state != BT_CLOSED)
355 s = rfcomm_session_get(src, dst);
357 s = rfcomm_session_create(src, dst, &err);
362 dlci = __dlci(!s->initiator, channel);
364 /* Check if DLCI already exists */
365 if (rfcomm_dlc_get(s, dlci))
368 rfcomm_dlc_clear_state(d);
371 d->addr = __addr(s->initiator, dlci);
374 d->state = BT_CONFIG;
375 rfcomm_dlc_link(s, d);
380 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
382 if (s->state == BT_CONNECTED) {
383 if (rfcomm_check_security(d))
384 rfcomm_send_pn(s, 1, d);
386 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
389 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
394 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
400 r = __rfcomm_dlc_open(d, src, dst, channel);
406 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
408 struct rfcomm_session *s = d->session;
412 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
413 d, d->state, d->dlci, err, s);
418 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
419 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
420 rfcomm_schedule(RFCOMM_SCHED_AUTH);
426 d->state = BT_DISCONN;
427 if (skb_queue_empty(&d->tx_queue)) {
428 rfcomm_send_disc(s, d->dlci);
429 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
431 rfcomm_queue_disc(d);
432 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
437 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
438 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
439 rfcomm_schedule(RFCOMM_SCHED_AUTH);
445 rfcomm_dlc_clear_timer(d);
448 d->state = BT_CLOSED;
449 d->state_change(d, err);
450 rfcomm_dlc_unlock(d);
452 skb_queue_purge(&d->tx_queue);
453 rfcomm_dlc_unlink(d);
459 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
465 r = __rfcomm_dlc_close(d, err);
471 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
475 if (d->state != BT_CONNECTED)
478 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
483 rfcomm_make_uih(skb, d->addr);
484 skb_queue_tail(&d->tx_queue, skb);
486 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
487 rfcomm_schedule(RFCOMM_SCHED_TX);
491 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
493 BT_DBG("dlc %p state %ld", d, d->state);
496 d->v24_sig |= RFCOMM_V24_FC;
497 set_bit(RFCOMM_MSC_PENDING, &d->flags);
499 rfcomm_schedule(RFCOMM_SCHED_TX);
502 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
504 BT_DBG("dlc %p state %ld", d, d->state);
507 d->v24_sig &= ~RFCOMM_V24_FC;
508 set_bit(RFCOMM_MSC_PENDING, &d->flags);
510 rfcomm_schedule(RFCOMM_SCHED_TX);
514 Set/get modem status functions use _local_ status i.e. what we report
516 Remote status is provided by dlc->modem_status() callback.
518 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
520 BT_DBG("dlc %p state %ld v24_sig 0x%x",
521 d, d->state, v24_sig);
523 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
524 v24_sig |= RFCOMM_V24_FC;
526 v24_sig &= ~RFCOMM_V24_FC;
528 d->v24_sig = v24_sig;
530 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
531 rfcomm_schedule(RFCOMM_SCHED_TX);
536 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
538 BT_DBG("dlc %p state %ld v24_sig 0x%x",
539 d, d->state, d->v24_sig);
541 *v24_sig = d->v24_sig;
545 /* ---- RFCOMM sessions ---- */
546 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
548 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
553 BT_DBG("session %p sock %p", s, sock);
555 INIT_LIST_HEAD(&s->dlcs);
559 s->mtu = RFCOMM_DEFAULT_MTU;
560 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
562 /* Do not increment module usage count for listening sessions.
563 * Otherwise we won't be able to unload the module. */
564 if (state != BT_LISTEN)
565 if (!try_module_get(THIS_MODULE)) {
570 list_add(&s->list, &session_list);
575 static void rfcomm_session_del(struct rfcomm_session *s)
577 int state = s->state;
579 BT_DBG("session %p state %ld", s, s->state);
583 if (state == BT_CONNECTED)
584 rfcomm_send_disc(s, 0);
586 sock_release(s->sock);
589 if (state != BT_LISTEN)
590 module_put(THIS_MODULE);
593 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
595 struct rfcomm_session *s;
596 struct list_head *p, *n;
598 list_for_each_safe(p, n, &session_list) {
599 s = list_entry(p, struct rfcomm_session, list);
600 sk = bt_sk(s->sock->sk);
602 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
603 !bacmp(&sk->dst, dst))
609 static void rfcomm_session_close(struct rfcomm_session *s, int err)
611 struct rfcomm_dlc *d;
612 struct list_head *p, *n;
614 BT_DBG("session %p state %ld err %d", s, s->state, err);
616 rfcomm_session_hold(s);
618 s->state = BT_CLOSED;
621 list_for_each_safe(p, n, &s->dlcs) {
622 d = list_entry(p, struct rfcomm_dlc, list);
623 d->state = BT_CLOSED;
624 __rfcomm_dlc_close(d, err);
627 rfcomm_session_put(s);
630 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
632 struct rfcomm_session *s = NULL;
633 struct sockaddr_l2 addr;
637 BT_DBG("%s %s", batostr(src), batostr(dst));
639 *err = rfcomm_l2sock_create(&sock);
643 bacpy(&addr.l2_bdaddr, src);
644 addr.l2_family = AF_BLUETOOTH;
646 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
650 /* Set L2CAP options */
653 l2cap_pi(sk)->imtu = l2cap_mtu;
656 s = rfcomm_session_add(sock, BT_BOUND);
664 bacpy(&addr.l2_bdaddr, dst);
665 addr.l2_family = AF_BLUETOOTH;
666 addr.l2_psm = htobs(RFCOMM_PSM);
667 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
668 if (*err == 0 || *err == -EINPROGRESS)
671 rfcomm_session_del(s);
679 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
681 struct sock *sk = s->sock->sk;
683 bacpy(src, &bt_sk(sk)->src);
685 bacpy(dst, &bt_sk(sk)->dst);
688 /* ---- RFCOMM frame sending ---- */
689 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
691 struct socket *sock = s->sock;
692 struct kvec iv = { data, len };
695 BT_DBG("session %p len %d", s, len);
697 memset(&msg, 0, sizeof(msg));
699 return kernel_sendmsg(sock, &msg, &iv, 1, len);
702 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
704 struct rfcomm_cmd cmd;
706 BT_DBG("%p dlci %d", s, dlci);
708 cmd.addr = __addr(s->initiator, dlci);
709 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
711 cmd.fcs = __fcs2((u8 *) &cmd);
713 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
716 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
718 struct rfcomm_cmd cmd;
720 BT_DBG("%p dlci %d", s, dlci);
722 cmd.addr = __addr(!s->initiator, dlci);
723 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
725 cmd.fcs = __fcs2((u8 *) &cmd);
727 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
730 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
732 struct rfcomm_cmd cmd;
734 BT_DBG("%p dlci %d", s, dlci);
736 cmd.addr = __addr(s->initiator, dlci);
737 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
739 cmd.fcs = __fcs2((u8 *) &cmd);
741 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
744 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
746 struct rfcomm_cmd *cmd;
749 BT_DBG("dlc %p dlci %d", d, d->dlci);
751 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
755 cmd = (void *) __skb_put(skb, sizeof(*cmd));
757 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
758 cmd->len = __len8(0);
759 cmd->fcs = __fcs2((u8 *) cmd);
761 skb_queue_tail(&d->tx_queue, skb);
762 rfcomm_schedule(RFCOMM_SCHED_TX);
766 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
768 struct rfcomm_cmd cmd;
770 BT_DBG("%p dlci %d", s, dlci);
772 cmd.addr = __addr(!s->initiator, dlci);
773 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
775 cmd.fcs = __fcs2((u8 *) &cmd);
777 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
780 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
782 struct rfcomm_hdr *hdr;
783 struct rfcomm_mcc *mcc;
784 u8 buf[16], *ptr = buf;
786 BT_DBG("%p cr %d type %d", s, cr, type);
788 hdr = (void *) ptr; ptr += sizeof(*hdr);
789 hdr->addr = __addr(s->initiator, 0);
790 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
791 hdr->len = __len8(sizeof(*mcc) + 1);
793 mcc = (void *) ptr; ptr += sizeof(*mcc);
794 mcc->type = __mcc_type(cr, RFCOMM_NSC);
795 mcc->len = __len8(1);
797 /* Type that we didn't like */
798 *ptr = __mcc_type(cr, type); ptr++;
800 *ptr = __fcs(buf); ptr++;
802 return rfcomm_send_frame(s, buf, ptr - buf);
805 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
807 struct rfcomm_hdr *hdr;
808 struct rfcomm_mcc *mcc;
809 struct rfcomm_pn *pn;
810 u8 buf[16], *ptr = buf;
812 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
814 hdr = (void *) ptr; ptr += sizeof(*hdr);
815 hdr->addr = __addr(s->initiator, 0);
816 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
817 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
819 mcc = (void *) ptr; ptr += sizeof(*mcc);
820 mcc->type = __mcc_type(cr, RFCOMM_PN);
821 mcc->len = __len8(sizeof(*pn));
823 pn = (void *) ptr; ptr += sizeof(*pn);
825 pn->priority = d->priority;
830 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
831 pn->credits = RFCOMM_DEFAULT_CREDITS;
837 if (cr && channel_mtu >= 0)
838 pn->mtu = htobs(channel_mtu);
840 pn->mtu = htobs(d->mtu);
842 *ptr = __fcs(buf); ptr++;
844 return rfcomm_send_frame(s, buf, ptr - buf);
847 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
848 u8 bit_rate, u8 data_bits, u8 stop_bits,
849 u8 parity, u8 flow_ctrl_settings,
850 u8 xon_char, u8 xoff_char, u16 param_mask)
852 struct rfcomm_hdr *hdr;
853 struct rfcomm_mcc *mcc;
854 struct rfcomm_rpn *rpn;
855 u8 buf[16], *ptr = buf;
857 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
858 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
859 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
860 flow_ctrl_settings, xon_char, xoff_char, param_mask);
862 hdr = (void *) ptr; ptr += sizeof(*hdr);
863 hdr->addr = __addr(s->initiator, 0);
864 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
865 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
867 mcc = (void *) ptr; ptr += sizeof(*mcc);
868 mcc->type = __mcc_type(cr, RFCOMM_RPN);
869 mcc->len = __len8(sizeof(*rpn));
871 rpn = (void *) ptr; ptr += sizeof(*rpn);
872 rpn->dlci = __addr(1, dlci);
873 rpn->bit_rate = bit_rate;
874 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
875 rpn->flow_ctrl = flow_ctrl_settings;
876 rpn->xon_char = xon_char;
877 rpn->xoff_char = xoff_char;
878 rpn->param_mask = cpu_to_le16(param_mask);
880 *ptr = __fcs(buf); ptr++;
882 return rfcomm_send_frame(s, buf, ptr - buf);
885 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
887 struct rfcomm_hdr *hdr;
888 struct rfcomm_mcc *mcc;
889 struct rfcomm_rls *rls;
890 u8 buf[16], *ptr = buf;
892 BT_DBG("%p cr %d status 0x%x", s, cr, status);
894 hdr = (void *) ptr; ptr += sizeof(*hdr);
895 hdr->addr = __addr(s->initiator, 0);
896 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
897 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
899 mcc = (void *) ptr; ptr += sizeof(*mcc);
900 mcc->type = __mcc_type(cr, RFCOMM_RLS);
901 mcc->len = __len8(sizeof(*rls));
903 rls = (void *) ptr; ptr += sizeof(*rls);
904 rls->dlci = __addr(1, dlci);
905 rls->status = status;
907 *ptr = __fcs(buf); ptr++;
909 return rfcomm_send_frame(s, buf, ptr - buf);
912 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
914 struct rfcomm_hdr *hdr;
915 struct rfcomm_mcc *mcc;
916 struct rfcomm_msc *msc;
917 u8 buf[16], *ptr = buf;
919 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
921 hdr = (void *) ptr; ptr += sizeof(*hdr);
922 hdr->addr = __addr(s->initiator, 0);
923 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
924 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
926 mcc = (void *) ptr; ptr += sizeof(*mcc);
927 mcc->type = __mcc_type(cr, RFCOMM_MSC);
928 mcc->len = __len8(sizeof(*msc));
930 msc = (void *) ptr; ptr += sizeof(*msc);
931 msc->dlci = __addr(1, dlci);
932 msc->v24_sig = v24_sig | 0x01;
934 *ptr = __fcs(buf); ptr++;
936 return rfcomm_send_frame(s, buf, ptr - buf);
939 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
941 struct rfcomm_hdr *hdr;
942 struct rfcomm_mcc *mcc;
943 u8 buf[16], *ptr = buf;
945 BT_DBG("%p cr %d", s, cr);
947 hdr = (void *) ptr; ptr += sizeof(*hdr);
948 hdr->addr = __addr(s->initiator, 0);
949 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
950 hdr->len = __len8(sizeof(*mcc));
952 mcc = (void *) ptr; ptr += sizeof(*mcc);
953 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
954 mcc->len = __len8(0);
956 *ptr = __fcs(buf); ptr++;
958 return rfcomm_send_frame(s, buf, ptr - buf);
961 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
963 struct rfcomm_hdr *hdr;
964 struct rfcomm_mcc *mcc;
965 u8 buf[16], *ptr = buf;
967 BT_DBG("%p cr %d", s, cr);
969 hdr = (void *) ptr; ptr += sizeof(*hdr);
970 hdr->addr = __addr(s->initiator, 0);
971 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
972 hdr->len = __len8(sizeof(*mcc));
974 mcc = (void *) ptr; ptr += sizeof(*mcc);
975 mcc->type = __mcc_type(cr, RFCOMM_FCON);
976 mcc->len = __len8(0);
978 *ptr = __fcs(buf); ptr++;
980 return rfcomm_send_frame(s, buf, ptr - buf);
983 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
985 struct socket *sock = s->sock;
988 unsigned char hdr[5], crc[1];
993 BT_DBG("%p cr %d", s, cr);
995 hdr[0] = __addr(s->initiator, 0);
996 hdr[1] = __ctrl(RFCOMM_UIH, 0);
997 hdr[2] = 0x01 | ((len + 2) << 1);
998 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
999 hdr[4] = 0x01 | (len << 1);
1001 crc[0] = __fcs(hdr);
1003 iv[0].iov_base = hdr;
1005 iv[1].iov_base = pattern;
1006 iv[1].iov_len = len;
1007 iv[2].iov_base = crc;
1010 memset(&msg, 0, sizeof(msg));
1012 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1015 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1017 struct rfcomm_hdr *hdr;
1018 u8 buf[16], *ptr = buf;
1020 BT_DBG("%p addr %d credits %d", s, addr, credits);
1022 hdr = (void *) ptr; ptr += sizeof(*hdr);
1024 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1025 hdr->len = __len8(0);
1027 *ptr = credits; ptr++;
1029 *ptr = __fcs(buf); ptr++;
1031 return rfcomm_send_frame(s, buf, ptr - buf);
1034 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1036 struct rfcomm_hdr *hdr;
1041 hdr = (void *) skb_push(skb, 4);
1042 put_unaligned(htobs(__len16(len)), (__le16 *) &hdr->len);
1044 hdr = (void *) skb_push(skb, 3);
1045 hdr->len = __len8(len);
1048 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1050 crc = skb_put(skb, 1);
1051 *crc = __fcs((void *) hdr);
1054 /* ---- RFCOMM frame reception ---- */
1055 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1057 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1061 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1063 rfcomm_send_dm(s, dlci);
1069 rfcomm_dlc_clear_timer(d);
1072 d->state = BT_CONNECTED;
1073 d->state_change(d, 0);
1074 rfcomm_dlc_unlock(d);
1076 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1080 d->state = BT_CLOSED;
1081 __rfcomm_dlc_close(d, 0);
1083 if (list_empty(&s->dlcs)) {
1084 s->state = BT_DISCONN;
1085 rfcomm_send_disc(s, 0);
1091 /* Control channel */
1094 s->state = BT_CONNECTED;
1095 rfcomm_process_connect(s);
1099 rfcomm_session_put(s);
1106 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1110 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1114 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1116 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1121 d->state = BT_CLOSED;
1122 __rfcomm_dlc_close(d, err);
1125 if (s->state == BT_CONNECT)
1130 s->state = BT_CLOSED;
1131 rfcomm_session_close(s, err);
1136 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1140 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1143 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1145 rfcomm_send_ua(s, dlci);
1147 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1152 d->state = BT_CLOSED;
1153 __rfcomm_dlc_close(d, err);
1155 rfcomm_send_dm(s, dlci);
1158 rfcomm_send_ua(s, 0);
1160 if (s->state == BT_CONNECT)
1165 s->state = BT_CLOSED;
1166 rfcomm_session_close(s, err);
1172 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1174 struct sock *sk = d->session->sock->sk;
1176 BT_DBG("dlc %p", d);
1178 rfcomm_send_ua(d->session, d->dlci);
1181 d->state = BT_CONNECTED;
1182 d->state_change(d, 0);
1183 rfcomm_dlc_unlock(d);
1186 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);
1188 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1191 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1193 if (rfcomm_check_security(d)) {
1194 if (d->defer_setup) {
1195 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1196 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1198 rfcomm_dlc_accept(d);
1200 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1201 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1205 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1207 struct rfcomm_dlc *d;
1210 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1213 rfcomm_send_ua(s, 0);
1215 if (s->state == BT_OPEN) {
1216 s->state = BT_CONNECTED;
1217 rfcomm_process_connect(s);
1222 /* Check if DLC exists */
1223 d = rfcomm_dlc_get(s, dlci);
1225 if (d->state == BT_OPEN) {
1226 /* DLC was previously opened by PN request */
1227 rfcomm_check_accept(d);
1232 /* Notify socket layer about incoming connection */
1233 channel = __srv_channel(dlci);
1234 if (rfcomm_connect_ind(s, channel, &d)) {
1236 d->addr = __addr(s->initiator, dlci);
1237 rfcomm_dlc_link(s, d);
1239 rfcomm_check_accept(d);
1241 rfcomm_send_dm(s, dlci);
1247 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1249 struct rfcomm_session *s = d->session;
1251 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1252 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1254 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1255 pn->flow_ctrl == 0xe0) {
1256 d->cfc = RFCOMM_CFC_ENABLED;
1257 d->tx_credits = pn->credits;
1259 d->cfc = RFCOMM_CFC_DISABLED;
1260 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1263 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1266 d->priority = pn->priority;
1268 d->mtu = btohs(pn->mtu);
1270 if (cr && d->mtu > s->mtu)
1276 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1278 struct rfcomm_pn *pn = (void *) skb->data;
1279 struct rfcomm_dlc *d;
1282 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1287 d = rfcomm_dlc_get(s, dlci);
1291 rfcomm_apply_pn(d, cr, pn);
1292 rfcomm_send_pn(s, 0, d);
1297 rfcomm_apply_pn(d, cr, pn);
1299 d->state = BT_CONNECT;
1300 rfcomm_send_sabm(s, d->dlci);
1305 u8 channel = __srv_channel(dlci);
1310 /* PN request for non existing DLC.
1311 * Assume incoming connection. */
1312 if (rfcomm_connect_ind(s, channel, &d)) {
1314 d->addr = __addr(s->initiator, dlci);
1315 rfcomm_dlc_link(s, d);
1317 rfcomm_apply_pn(d, cr, pn);
1320 rfcomm_send_pn(s, 0, d);
1322 rfcomm_send_dm(s, dlci);
1328 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1330 struct rfcomm_rpn *rpn = (void *) skb->data;
1331 u8 dlci = __get_dlci(rpn->dlci);
1340 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1342 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1343 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1344 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1350 /* This is a request, return default settings */
1351 bit_rate = RFCOMM_RPN_BR_115200;
1352 data_bits = RFCOMM_RPN_DATA_8;
1353 stop_bits = RFCOMM_RPN_STOP_1;
1354 parity = RFCOMM_RPN_PARITY_NONE;
1355 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1356 xon_char = RFCOMM_RPN_XON_CHAR;
1357 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1361 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1362 * no parity, no flow control lines, normal XON/XOFF chars */
1364 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1365 bit_rate = rpn->bit_rate;
1366 if (bit_rate != RFCOMM_RPN_BR_115200) {
1367 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1368 bit_rate = RFCOMM_RPN_BR_115200;
1369 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1373 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1374 data_bits = __get_rpn_data_bits(rpn->line_settings);
1375 if (data_bits != RFCOMM_RPN_DATA_8) {
1376 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1377 data_bits = RFCOMM_RPN_DATA_8;
1378 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1382 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1383 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1384 if (stop_bits != RFCOMM_RPN_STOP_1) {
1385 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1386 stop_bits = RFCOMM_RPN_STOP_1;
1387 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1391 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1392 parity = __get_rpn_parity(rpn->line_settings);
1393 if (parity != RFCOMM_RPN_PARITY_NONE) {
1394 BT_DBG("RPN parity mismatch 0x%x", parity);
1395 parity = RFCOMM_RPN_PARITY_NONE;
1396 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1400 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1401 flow_ctrl = rpn->flow_ctrl;
1402 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1403 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1404 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1405 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1409 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1410 xon_char = rpn->xon_char;
1411 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1412 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1413 xon_char = RFCOMM_RPN_XON_CHAR;
1414 rpn_mask ^= RFCOMM_RPN_PM_XON;
1418 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1419 xoff_char = rpn->xoff_char;
1420 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1421 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1422 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1423 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1428 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1429 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1434 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1436 struct rfcomm_rls *rls = (void *) skb->data;
1437 u8 dlci = __get_dlci(rls->dlci);
1439 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1444 /* We should probably do something with this information here. But
1445 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1446 * mandatory to recognise and respond to RLS */
1448 rfcomm_send_rls(s, 0, dlci, rls->status);
1453 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1455 struct rfcomm_msc *msc = (void *) skb->data;
1456 struct rfcomm_dlc *d;
1457 u8 dlci = __get_dlci(msc->dlci);
1459 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1461 d = rfcomm_dlc_get(s, dlci);
1466 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1467 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1469 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1473 d->remote_v24_sig = msc->v24_sig;
1475 if (d->modem_status)
1476 d->modem_status(d, msc->v24_sig);
1478 rfcomm_dlc_unlock(d);
1480 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1482 d->mscex |= RFCOMM_MSCEX_RX;
1484 d->mscex |= RFCOMM_MSCEX_TX;
1489 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1491 struct rfcomm_mcc *mcc = (void *) skb->data;
1494 cr = __test_cr(mcc->type);
1495 type = __get_mcc_type(mcc->type);
1496 len = __get_mcc_len(mcc->len);
1498 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1504 rfcomm_recv_pn(s, cr, skb);
1508 rfcomm_recv_rpn(s, cr, len, skb);
1512 rfcomm_recv_rls(s, cr, skb);
1516 rfcomm_recv_msc(s, cr, skb);
1521 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1522 rfcomm_send_fcoff(s, 0);
1528 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1529 rfcomm_send_fcon(s, 0);
1535 rfcomm_send_test(s, 0, skb->data, skb->len);
1542 BT_ERR("Unknown control type 0x%02x", type);
1543 rfcomm_send_nsc(s, cr, type);
1549 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1551 struct rfcomm_dlc *d;
1553 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1555 d = rfcomm_dlc_get(s, dlci);
1557 rfcomm_send_dm(s, dlci);
1562 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1564 d->tx_credits += credits;
1566 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1569 if (skb->len && d->state == BT_CONNECTED) {
1572 d->data_ready(d, skb);
1573 rfcomm_dlc_unlock(d);
1582 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1584 struct rfcomm_hdr *hdr = (void *) skb->data;
1587 dlci = __get_dlci(hdr->addr);
1588 type = __get_type(hdr->ctrl);
1591 skb->len--; skb->tail--;
1592 fcs = *(u8 *)skb_tail_pointer(skb);
1594 if (__check_fcs(skb->data, type, fcs)) {
1595 BT_ERR("bad checksum in packet");
1600 if (__test_ea(hdr->len))
1607 if (__test_pf(hdr->ctrl))
1608 rfcomm_recv_sabm(s, dlci);
1612 if (__test_pf(hdr->ctrl))
1613 rfcomm_recv_disc(s, dlci);
1617 if (__test_pf(hdr->ctrl))
1618 rfcomm_recv_ua(s, dlci);
1622 rfcomm_recv_dm(s, dlci);
1627 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1629 rfcomm_recv_mcc(s, skb);
1633 BT_ERR("Unknown packet type 0x%02x\n", type);
1640 /* ---- Connection and data processing ---- */
1642 static void rfcomm_process_connect(struct rfcomm_session *s)
1644 struct rfcomm_dlc *d;
1645 struct list_head *p, *n;
1647 BT_DBG("session %p state %ld", s, s->state);
1649 list_for_each_safe(p, n, &s->dlcs) {
1650 d = list_entry(p, struct rfcomm_dlc, list);
1651 if (d->state == BT_CONFIG) {
1653 if (rfcomm_check_security(d)) {
1654 rfcomm_send_pn(s, 1, d);
1656 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1657 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1663 /* Send data queued for the DLC.
1664 * Return number of frames left in the queue.
1666 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1668 struct sk_buff *skb;
1671 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1672 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1674 /* Send pending MSC */
1675 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1676 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1680 * Give them some credits */
1681 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1682 d->rx_credits <= (d->cfc >> 2)) {
1683 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1684 d->rx_credits = d->cfc;
1688 * Give ourselves some credits */
1692 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1693 return skb_queue_len(&d->tx_queue);
1695 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1696 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1698 skb_queue_head(&d->tx_queue, skb);
1705 if (d->cfc && !d->tx_credits) {
1706 /* We're out of TX credits.
1707 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1708 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1711 return skb_queue_len(&d->tx_queue);
1714 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1716 struct rfcomm_dlc *d;
1717 struct list_head *p, *n;
1719 BT_DBG("session %p state %ld", s, s->state);
1721 list_for_each_safe(p, n, &s->dlcs) {
1722 d = list_entry(p, struct rfcomm_dlc, list);
1724 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1725 __rfcomm_dlc_close(d, ETIMEDOUT);
1729 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1730 rfcomm_dlc_clear_timer(d);
1732 rfcomm_send_pn(s, 1, d);
1733 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1735 if (d->defer_setup) {
1736 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1737 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1739 rfcomm_dlc_accept(d);
1742 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1743 rfcomm_dlc_clear_timer(d);
1745 rfcomm_send_dm(s, d->dlci);
1747 d->state = BT_CLOSED;
1748 __rfcomm_dlc_close(d, ECONNREFUSED);
1752 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1755 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1756 d->mscex == RFCOMM_MSCEX_OK)
1757 rfcomm_process_tx(d);
1761 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1763 struct socket *sock = s->sock;
1764 struct sock *sk = sock->sk;
1765 struct sk_buff *skb;
1767 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1769 /* Get data directly from socket receive queue without copying it. */
1770 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1772 rfcomm_recv_frame(s, skb);
1775 if (sk->sk_state == BT_CLOSED) {
1777 rfcomm_session_put(s);
1779 rfcomm_session_close(s, sk->sk_err);
1783 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1785 struct socket *sock = s->sock, *nsock;
1788 /* Fast check for a new connection.
1789 * Avoids unnesesary socket allocations. */
1790 if (list_empty(&bt_sk(sock->sk)->accept_q))
1793 BT_DBG("session %p", s);
1795 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1799 /* Set our callbacks */
1800 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1801 nsock->sk->sk_state_change = rfcomm_l2state_change;
1803 s = rfcomm_session_add(nsock, BT_OPEN);
1805 rfcomm_session_hold(s);
1807 /* We should adjust MTU on incoming sessions.
1808 * L2CAP MTU minus UIH header and FCS. */
1809 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5;
1811 rfcomm_schedule(RFCOMM_SCHED_RX);
1813 sock_release(nsock);
1816 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1818 struct sock *sk = s->sock->sk;
1820 BT_DBG("%p state %ld", s, s->state);
1822 switch(sk->sk_state) {
1824 s->state = BT_CONNECT;
1826 /* We can adjust MTU on outgoing sessions.
1827 * L2CAP MTU minus UIH header and FCS. */
1828 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1830 rfcomm_send_sabm(s, 0);
1834 s->state = BT_CLOSED;
1835 rfcomm_session_close(s, sk->sk_err);
1840 static inline void rfcomm_process_sessions(void)
1842 struct list_head *p, *n;
1846 list_for_each_safe(p, n, &session_list) {
1847 struct rfcomm_session *s;
1848 s = list_entry(p, struct rfcomm_session, list);
1850 if (s->state == BT_LISTEN) {
1851 rfcomm_accept_connection(s);
1855 rfcomm_session_hold(s);
1859 rfcomm_check_connection(s);
1863 rfcomm_process_rx(s);
1867 rfcomm_process_dlcs(s);
1869 rfcomm_session_put(s);
1875 static int rfcomm_add_listener(bdaddr_t *ba)
1877 struct sockaddr_l2 addr;
1878 struct socket *sock;
1880 struct rfcomm_session *s;
1884 err = rfcomm_l2sock_create(&sock);
1886 BT_ERR("Create socket failed %d", err);
1891 bacpy(&addr.l2_bdaddr, ba);
1892 addr.l2_family = AF_BLUETOOTH;
1893 addr.l2_psm = htobs(RFCOMM_PSM);
1894 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1896 BT_ERR("Bind failed %d", err);
1900 /* Set L2CAP options */
1903 l2cap_pi(sk)->imtu = l2cap_mtu;
1906 /* Start listening on the socket */
1907 err = kernel_listen(sock, 10);
1909 BT_ERR("Listen failed %d", err);
1913 /* Add listening session */
1914 s = rfcomm_session_add(sock, BT_LISTEN);
1918 rfcomm_session_hold(s);
1925 static void rfcomm_kill_listener(void)
1927 struct rfcomm_session *s;
1928 struct list_head *p, *n;
1932 list_for_each_safe(p, n, &session_list) {
1933 s = list_entry(p, struct rfcomm_session, list);
1934 rfcomm_session_del(s);
1938 static int rfcomm_run(void *unused)
1942 set_user_nice(current, -10);
1944 rfcomm_add_listener(BDADDR_ANY);
1946 while (!kthread_should_stop()) {
1947 set_current_state(TASK_INTERRUPTIBLE);
1948 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1949 /* No pending events. Let's sleep.
1950 * Incoming connections and data will wake us up. */
1953 set_current_state(TASK_RUNNING);
1956 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1957 rfcomm_process_sessions();
1960 rfcomm_kill_listener();
1965 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1967 struct rfcomm_session *s;
1968 struct rfcomm_dlc *d;
1969 struct list_head *p, *n;
1971 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
1973 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1977 rfcomm_session_hold(s);
1979 list_for_each_safe(p, n, &s->dlcs) {
1980 d = list_entry(p, struct rfcomm_dlc, list);
1982 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
1983 rfcomm_dlc_clear_timer(d);
1984 if (status || encrypt == 0x00) {
1985 __rfcomm_dlc_close(d, ECONNREFUSED);
1990 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
1991 if (d->sec_level == BT_SECURITY_MEDIUM) {
1992 set_bit(RFCOMM_SEC_PENDING, &d->flags);
1993 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1995 } else if (d->sec_level == BT_SECURITY_HIGH) {
1996 __rfcomm_dlc_close(d, ECONNREFUSED);
2001 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2005 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2007 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2010 rfcomm_session_put(s);
2012 rfcomm_schedule(RFCOMM_SCHED_AUTH);
2015 static struct hci_cb rfcomm_cb = {
2017 .security_cfm = rfcomm_security_cfm
2020 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
2022 struct rfcomm_session *s;
2023 struct list_head *pp, *p;
2028 list_for_each(p, &session_list) {
2029 s = list_entry(p, struct rfcomm_session, list);
2030 list_for_each(pp, &s->dlcs) {
2031 struct sock *sk = s->sock->sk;
2032 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
2034 str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2035 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2036 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
2045 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
2047 /* ---- Initialization ---- */
2048 static int __init rfcomm_init(void)
2052 hci_register_cb(&rfcomm_cb);
2054 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2055 if (IS_ERR(rfcomm_thread)) {
2056 hci_unregister_cb(&rfcomm_cb);
2057 return PTR_ERR(rfcomm_thread);
2060 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0)
2061 BT_ERR("Failed to create RFCOMM info file");
2063 rfcomm_init_sockets();
2065 #ifdef CONFIG_BT_RFCOMM_TTY
2069 BT_INFO("RFCOMM ver %s", VERSION);
2074 static void __exit rfcomm_exit(void)
2076 class_remove_file(bt_class, &class_attr_rfcomm_dlc);
2078 hci_unregister_cb(&rfcomm_cb);
2080 kthread_stop(rfcomm_thread);
2082 #ifdef CONFIG_BT_RFCOMM_TTY
2083 rfcomm_cleanup_ttys();
2086 rfcomm_cleanup_sockets();
2089 module_init(rfcomm_init);
2090 module_exit(rfcomm_exit);
2092 module_param(disable_cfc, bool, 0644);
2093 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2095 module_param(channel_mtu, int, 0644);
2096 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2098 module_param(l2cap_mtu, uint, 0644);
2099 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2101 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2102 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2103 MODULE_VERSION(VERSION);
2104 MODULE_LICENSE("GPL");
2105 MODULE_ALIAS("bt-proto-3");