2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
27 * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $
30 #include <linux/module.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/sched.h>
34 #include <linux/signal.h>
35 #include <linux/init.h>
36 #include <linux/wait.h>
37 #include <linux/device.h>
38 #include <linux/net.h>
39 #include <linux/mutex.h>
40 #include <linux/kthread.h>
43 #include <asm/uaccess.h>
44 #include <asm/unaligned.h>
46 #include <net/bluetooth/bluetooth.h>
47 #include <net/bluetooth/hci_core.h>
48 #include <net/bluetooth/l2cap.h>
49 #include <net/bluetooth/rfcomm.h>
51 #ifndef CONFIG_BT_RFCOMM_DEBUG
58 static int disable_cfc = 0;
59 static int channel_mtu = -1;
60 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
62 static struct task_struct *rfcomm_thread;
64 static DEFINE_MUTEX(rfcomm_mutex);
65 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
66 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
68 static unsigned long rfcomm_event;
70 static LIST_HEAD(session_list);
72 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
73 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
74 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
75 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
76 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
77 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
78 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
79 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
80 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
81 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
83 static void rfcomm_process_connect(struct rfcomm_session *s);
85 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
86 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
87 static void rfcomm_session_del(struct rfcomm_session *s);
89 /* ---- RFCOMM frame parsing macros ---- */
90 #define __get_dlci(b) ((b & 0xfc) >> 2)
91 #define __get_channel(b) ((b & 0xf8) >> 3)
92 #define __get_dir(b) ((b & 0x04) >> 2)
93 #define __get_type(b) ((b & 0xef))
95 #define __test_ea(b) ((b & 0x01))
96 #define __test_cr(b) ((b & 0x02))
97 #define __test_pf(b) ((b & 0x10))
99 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
100 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
101 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
102 #define __srv_channel(dlci) (dlci >> 1)
103 #define __dir(dlci) (dlci & 0x01)
105 #define __len8(len) (((len) << 1) | 1)
106 #define __len16(len) ((len) << 1)
109 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
110 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
111 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
114 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
115 #define __get_rpn_data_bits(line) ((line) & 0x3)
116 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
117 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
119 static inline void rfcomm_schedule(uint event)
123 //set_bit(event, &rfcomm_event);
124 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
125 wake_up_process(rfcomm_thread);
128 static inline void rfcomm_session_put(struct rfcomm_session *s)
130 if (atomic_dec_and_test(&s->refcnt))
131 rfcomm_session_del(s);
134 /* ---- RFCOMM FCS computation ---- */
136 /* reversed, 8-bit, poly=0x07 */
137 static unsigned char rfcomm_crc_table[256] = {
138 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
139 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
140 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
141 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
143 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
144 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
145 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
146 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
148 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
149 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
150 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
151 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
153 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
154 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
155 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
156 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
158 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
159 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
160 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
161 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
163 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
164 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
165 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
166 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
168 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
169 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
170 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
171 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
173 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
174 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
175 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
176 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
180 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
183 static inline u8 __fcs(u8 *data)
185 return (0xff - __crc(data));
189 static inline u8 __fcs2(u8 *data)
191 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
195 static inline int __check_fcs(u8 *data, int type, u8 fcs)
199 if (type != RFCOMM_UIH)
200 f = rfcomm_crc_table[f ^ data[2]];
202 return rfcomm_crc_table[f ^ fcs] != 0xcf;
205 /* ---- L2CAP callbacks ---- */
206 static void rfcomm_l2state_change(struct sock *sk)
208 BT_DBG("%p state %d", sk, sk->sk_state);
209 rfcomm_schedule(RFCOMM_SCHED_STATE);
212 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
214 BT_DBG("%p bytes %d", sk, bytes);
215 rfcomm_schedule(RFCOMM_SCHED_RX);
218 static int rfcomm_l2sock_create(struct socket **sock)
224 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
226 struct sock *sk = (*sock)->sk;
227 sk->sk_data_ready = rfcomm_l2data_ready;
228 sk->sk_state_change = rfcomm_l2state_change;
233 static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
235 struct sock *sk = d->session->sock->sk;
237 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
238 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
240 } else if (d->link_mode & RFCOMM_LM_AUTH) {
241 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
248 /* ---- RFCOMM DLCs ---- */
249 static void rfcomm_dlc_timeout(unsigned long arg)
251 struct rfcomm_dlc *d = (void *) arg;
253 BT_DBG("dlc %p state %ld", d, d->state);
255 set_bit(RFCOMM_TIMED_OUT, &d->flags);
257 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
260 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
262 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
264 if (!mod_timer(&d->timer, jiffies + timeout))
268 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
270 BT_DBG("dlc %p state %ld", d, d->state);
272 if (timer_pending(&d->timer) && del_timer(&d->timer))
276 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
283 d->mtu = RFCOMM_DEFAULT_MTU;
284 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
286 d->cfc = RFCOMM_CFC_DISABLED;
287 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
290 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
292 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
297 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
299 skb_queue_head_init(&d->tx_queue);
300 spin_lock_init(&d->lock);
301 atomic_set(&d->refcnt, 1);
303 rfcomm_dlc_clear_state(d);
310 void rfcomm_dlc_free(struct rfcomm_dlc *d)
314 skb_queue_purge(&d->tx_queue);
318 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
320 BT_DBG("dlc %p session %p", d, s);
322 rfcomm_session_hold(s);
325 list_add(&d->list, &s->dlcs);
329 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
331 struct rfcomm_session *s = d->session;
333 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
339 rfcomm_session_put(s);
342 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
344 struct rfcomm_dlc *d;
347 list_for_each(p, &s->dlcs) {
348 d = list_entry(p, struct rfcomm_dlc, list);
355 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
357 struct rfcomm_session *s;
361 BT_DBG("dlc %p state %ld %s %s channel %d",
362 d, d->state, batostr(src), batostr(dst), channel);
364 if (channel < 1 || channel > 30)
367 if (d->state != BT_OPEN && d->state != BT_CLOSED)
370 s = rfcomm_session_get(src, dst);
372 s = rfcomm_session_create(src, dst, &err);
377 dlci = __dlci(!s->initiator, channel);
379 /* Check if DLCI already exists */
380 if (rfcomm_dlc_get(s, dlci))
383 rfcomm_dlc_clear_state(d);
386 d->addr = __addr(s->initiator, dlci);
389 d->state = BT_CONFIG;
390 rfcomm_dlc_link(s, d);
395 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
397 if (s->state == BT_CONNECTED) {
398 if (rfcomm_check_link_mode(d))
399 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
401 rfcomm_send_pn(s, 1, d);
404 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
409 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
415 r = __rfcomm_dlc_open(d, src, dst, channel);
421 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
423 struct rfcomm_session *s = d->session;
427 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
428 d, d->state, d->dlci, err, s);
434 d->state = BT_DISCONN;
435 if (skb_queue_empty(&d->tx_queue)) {
436 rfcomm_send_disc(s, d->dlci);
437 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
439 rfcomm_queue_disc(d);
440 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
445 rfcomm_dlc_clear_timer(d);
448 d->state = BT_CLOSED;
449 d->state_change(d, err);
450 rfcomm_dlc_unlock(d);
452 skb_queue_purge(&d->tx_queue);
453 rfcomm_dlc_unlink(d);
459 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
465 r = __rfcomm_dlc_close(d, err);
471 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
475 if (d->state != BT_CONNECTED)
478 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
483 rfcomm_make_uih(skb, d->addr);
484 skb_queue_tail(&d->tx_queue, skb);
486 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
487 rfcomm_schedule(RFCOMM_SCHED_TX);
491 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
493 BT_DBG("dlc %p state %ld", d, d->state);
496 d->v24_sig |= RFCOMM_V24_FC;
497 set_bit(RFCOMM_MSC_PENDING, &d->flags);
499 rfcomm_schedule(RFCOMM_SCHED_TX);
502 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
504 BT_DBG("dlc %p state %ld", d, d->state);
507 d->v24_sig &= ~RFCOMM_V24_FC;
508 set_bit(RFCOMM_MSC_PENDING, &d->flags);
510 rfcomm_schedule(RFCOMM_SCHED_TX);
514 Set/get modem status functions use _local_ status i.e. what we report
516 Remote status is provided by dlc->modem_status() callback.
518 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
520 BT_DBG("dlc %p state %ld v24_sig 0x%x",
521 d, d->state, v24_sig);
523 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
524 v24_sig |= RFCOMM_V24_FC;
526 v24_sig &= ~RFCOMM_V24_FC;
528 d->v24_sig = v24_sig;
530 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
531 rfcomm_schedule(RFCOMM_SCHED_TX);
536 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
538 BT_DBG("dlc %p state %ld v24_sig 0x%x",
539 d, d->state, d->v24_sig);
541 *v24_sig = d->v24_sig;
545 /* ---- RFCOMM sessions ---- */
546 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
548 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
553 BT_DBG("session %p sock %p", s, sock);
555 INIT_LIST_HEAD(&s->dlcs);
559 s->mtu = RFCOMM_DEFAULT_MTU;
560 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
562 /* Do not increment module usage count for listening sessions.
563 * Otherwise we won't be able to unload the module. */
564 if (state != BT_LISTEN)
565 if (!try_module_get(THIS_MODULE)) {
570 list_add(&s->list, &session_list);
575 static void rfcomm_session_del(struct rfcomm_session *s)
577 int state = s->state;
579 BT_DBG("session %p state %ld", s, s->state);
583 if (state == BT_CONNECTED)
584 rfcomm_send_disc(s, 0);
586 sock_release(s->sock);
589 if (state != BT_LISTEN)
590 module_put(THIS_MODULE);
593 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
595 struct rfcomm_session *s;
596 struct list_head *p, *n;
598 list_for_each_safe(p, n, &session_list) {
599 s = list_entry(p, struct rfcomm_session, list);
600 sk = bt_sk(s->sock->sk);
602 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
603 !bacmp(&sk->dst, dst))
609 static void rfcomm_session_close(struct rfcomm_session *s, int err)
611 struct rfcomm_dlc *d;
612 struct list_head *p, *n;
614 BT_DBG("session %p state %ld err %d", s, s->state, err);
616 rfcomm_session_hold(s);
618 s->state = BT_CLOSED;
621 list_for_each_safe(p, n, &s->dlcs) {
622 d = list_entry(p, struct rfcomm_dlc, list);
623 d->state = BT_CLOSED;
624 __rfcomm_dlc_close(d, err);
627 rfcomm_session_put(s);
630 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
632 struct rfcomm_session *s = NULL;
633 struct sockaddr_l2 addr;
637 BT_DBG("%s %s", batostr(src), batostr(dst));
639 *err = rfcomm_l2sock_create(&sock);
643 bacpy(&addr.l2_bdaddr, src);
644 addr.l2_family = AF_BLUETOOTH;
646 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
650 /* Set L2CAP options */
653 l2cap_pi(sk)->imtu = l2cap_mtu;
656 s = rfcomm_session_add(sock, BT_BOUND);
664 bacpy(&addr.l2_bdaddr, dst);
665 addr.l2_family = AF_BLUETOOTH;
666 addr.l2_psm = htobs(RFCOMM_PSM);
667 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
668 if (*err == 0 || *err == -EINPROGRESS)
671 rfcomm_session_del(s);
679 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
681 struct sock *sk = s->sock->sk;
683 bacpy(src, &bt_sk(sk)->src);
685 bacpy(dst, &bt_sk(sk)->dst);
688 /* ---- RFCOMM frame sending ---- */
689 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
691 struct socket *sock = s->sock;
692 struct kvec iv = { data, len };
695 BT_DBG("session %p len %d", s, len);
697 memset(&msg, 0, sizeof(msg));
699 return kernel_sendmsg(sock, &msg, &iv, 1, len);
702 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
704 struct rfcomm_cmd cmd;
706 BT_DBG("%p dlci %d", s, dlci);
708 cmd.addr = __addr(s->initiator, dlci);
709 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
711 cmd.fcs = __fcs2((u8 *) &cmd);
713 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
716 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
718 struct rfcomm_cmd cmd;
720 BT_DBG("%p dlci %d", s, dlci);
722 cmd.addr = __addr(!s->initiator, dlci);
723 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
725 cmd.fcs = __fcs2((u8 *) &cmd);
727 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
730 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
732 struct rfcomm_cmd cmd;
734 BT_DBG("%p dlci %d", s, dlci);
736 cmd.addr = __addr(s->initiator, dlci);
737 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
739 cmd.fcs = __fcs2((u8 *) &cmd);
741 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
744 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
746 struct rfcomm_cmd *cmd;
749 BT_DBG("dlc %p dlci %d", d, d->dlci);
751 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
755 cmd = (void *) __skb_put(skb, sizeof(*cmd));
757 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
758 cmd->len = __len8(0);
759 cmd->fcs = __fcs2((u8 *) cmd);
761 skb_queue_tail(&d->tx_queue, skb);
762 rfcomm_schedule(RFCOMM_SCHED_TX);
766 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
768 struct rfcomm_cmd cmd;
770 BT_DBG("%p dlci %d", s, dlci);
772 cmd.addr = __addr(!s->initiator, dlci);
773 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
775 cmd.fcs = __fcs2((u8 *) &cmd);
777 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
780 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
782 struct rfcomm_hdr *hdr;
783 struct rfcomm_mcc *mcc;
784 u8 buf[16], *ptr = buf;
786 BT_DBG("%p cr %d type %d", s, cr, type);
788 hdr = (void *) ptr; ptr += sizeof(*hdr);
789 hdr->addr = __addr(s->initiator, 0);
790 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
791 hdr->len = __len8(sizeof(*mcc) + 1);
793 mcc = (void *) ptr; ptr += sizeof(*mcc);
794 mcc->type = __mcc_type(cr, RFCOMM_NSC);
795 mcc->len = __len8(1);
797 /* Type that we didn't like */
798 *ptr = __mcc_type(cr, type); ptr++;
800 *ptr = __fcs(buf); ptr++;
802 return rfcomm_send_frame(s, buf, ptr - buf);
805 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
807 struct rfcomm_hdr *hdr;
808 struct rfcomm_mcc *mcc;
809 struct rfcomm_pn *pn;
810 u8 buf[16], *ptr = buf;
812 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
814 hdr = (void *) ptr; ptr += sizeof(*hdr);
815 hdr->addr = __addr(s->initiator, 0);
816 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
817 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
819 mcc = (void *) ptr; ptr += sizeof(*mcc);
820 mcc->type = __mcc_type(cr, RFCOMM_PN);
821 mcc->len = __len8(sizeof(*pn));
823 pn = (void *) ptr; ptr += sizeof(*pn);
825 pn->priority = d->priority;
830 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
831 pn->credits = RFCOMM_DEFAULT_CREDITS;
837 if (cr && channel_mtu >= 0)
838 pn->mtu = htobs(channel_mtu);
840 pn->mtu = htobs(d->mtu);
842 *ptr = __fcs(buf); ptr++;
844 return rfcomm_send_frame(s, buf, ptr - buf);
847 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
848 u8 bit_rate, u8 data_bits, u8 stop_bits,
849 u8 parity, u8 flow_ctrl_settings,
850 u8 xon_char, u8 xoff_char, u16 param_mask)
852 struct rfcomm_hdr *hdr;
853 struct rfcomm_mcc *mcc;
854 struct rfcomm_rpn *rpn;
855 u8 buf[16], *ptr = buf;
857 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
858 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
859 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
860 flow_ctrl_settings, xon_char, xoff_char, param_mask);
862 hdr = (void *) ptr; ptr += sizeof(*hdr);
863 hdr->addr = __addr(s->initiator, 0);
864 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
865 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
867 mcc = (void *) ptr; ptr += sizeof(*mcc);
868 mcc->type = __mcc_type(cr, RFCOMM_RPN);
869 mcc->len = __len8(sizeof(*rpn));
871 rpn = (void *) ptr; ptr += sizeof(*rpn);
872 rpn->dlci = __addr(1, dlci);
873 rpn->bit_rate = bit_rate;
874 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
875 rpn->flow_ctrl = flow_ctrl_settings;
876 rpn->xon_char = xon_char;
877 rpn->xoff_char = xoff_char;
878 rpn->param_mask = cpu_to_le16(param_mask);
880 *ptr = __fcs(buf); ptr++;
882 return rfcomm_send_frame(s, buf, ptr - buf);
885 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
887 struct rfcomm_hdr *hdr;
888 struct rfcomm_mcc *mcc;
889 struct rfcomm_rls *rls;
890 u8 buf[16], *ptr = buf;
892 BT_DBG("%p cr %d status 0x%x", s, cr, status);
894 hdr = (void *) ptr; ptr += sizeof(*hdr);
895 hdr->addr = __addr(s->initiator, 0);
896 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
897 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
899 mcc = (void *) ptr; ptr += sizeof(*mcc);
900 mcc->type = __mcc_type(cr, RFCOMM_RLS);
901 mcc->len = __len8(sizeof(*rls));
903 rls = (void *) ptr; ptr += sizeof(*rls);
904 rls->dlci = __addr(1, dlci);
905 rls->status = status;
907 *ptr = __fcs(buf); ptr++;
909 return rfcomm_send_frame(s, buf, ptr - buf);
912 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
914 struct rfcomm_hdr *hdr;
915 struct rfcomm_mcc *mcc;
916 struct rfcomm_msc *msc;
917 u8 buf[16], *ptr = buf;
919 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
921 hdr = (void *) ptr; ptr += sizeof(*hdr);
922 hdr->addr = __addr(s->initiator, 0);
923 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
924 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
926 mcc = (void *) ptr; ptr += sizeof(*mcc);
927 mcc->type = __mcc_type(cr, RFCOMM_MSC);
928 mcc->len = __len8(sizeof(*msc));
930 msc = (void *) ptr; ptr += sizeof(*msc);
931 msc->dlci = __addr(1, dlci);
932 msc->v24_sig = v24_sig | 0x01;
934 *ptr = __fcs(buf); ptr++;
936 return rfcomm_send_frame(s, buf, ptr - buf);
939 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
941 struct rfcomm_hdr *hdr;
942 struct rfcomm_mcc *mcc;
943 u8 buf[16], *ptr = buf;
945 BT_DBG("%p cr %d", s, cr);
947 hdr = (void *) ptr; ptr += sizeof(*hdr);
948 hdr->addr = __addr(s->initiator, 0);
949 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
950 hdr->len = __len8(sizeof(*mcc));
952 mcc = (void *) ptr; ptr += sizeof(*mcc);
953 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
954 mcc->len = __len8(0);
956 *ptr = __fcs(buf); ptr++;
958 return rfcomm_send_frame(s, buf, ptr - buf);
961 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
963 struct rfcomm_hdr *hdr;
964 struct rfcomm_mcc *mcc;
965 u8 buf[16], *ptr = buf;
967 BT_DBG("%p cr %d", s, cr);
969 hdr = (void *) ptr; ptr += sizeof(*hdr);
970 hdr->addr = __addr(s->initiator, 0);
971 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
972 hdr->len = __len8(sizeof(*mcc));
974 mcc = (void *) ptr; ptr += sizeof(*mcc);
975 mcc->type = __mcc_type(cr, RFCOMM_FCON);
976 mcc->len = __len8(0);
978 *ptr = __fcs(buf); ptr++;
980 return rfcomm_send_frame(s, buf, ptr - buf);
983 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
985 struct socket *sock = s->sock;
988 unsigned char hdr[5], crc[1];
993 BT_DBG("%p cr %d", s, cr);
995 hdr[0] = __addr(s->initiator, 0);
996 hdr[1] = __ctrl(RFCOMM_UIH, 0);
997 hdr[2] = 0x01 | ((len + 2) << 1);
998 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
999 hdr[4] = 0x01 | (len << 1);
1001 crc[0] = __fcs(hdr);
1003 iv[0].iov_base = hdr;
1005 iv[1].iov_base = pattern;
1006 iv[1].iov_len = len;
1007 iv[2].iov_base = crc;
1010 memset(&msg, 0, sizeof(msg));
1012 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1015 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1017 struct rfcomm_hdr *hdr;
1018 u8 buf[16], *ptr = buf;
1020 BT_DBG("%p addr %d credits %d", s, addr, credits);
1022 hdr = (void *) ptr; ptr += sizeof(*hdr);
1024 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1025 hdr->len = __len8(0);
1027 *ptr = credits; ptr++;
1029 *ptr = __fcs(buf); ptr++;
1031 return rfcomm_send_frame(s, buf, ptr - buf);
1034 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1036 struct rfcomm_hdr *hdr;
1041 hdr = (void *) skb_push(skb, 4);
1042 put_unaligned(htobs(__len16(len)), (__le16 *) &hdr->len);
1044 hdr = (void *) skb_push(skb, 3);
1045 hdr->len = __len8(len);
1048 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1050 crc = skb_put(skb, 1);
1051 *crc = __fcs((void *) hdr);
1054 /* ---- RFCOMM frame reception ---- */
1055 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1057 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1061 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1063 rfcomm_send_dm(s, dlci);
1069 rfcomm_dlc_clear_timer(d);
1072 d->state = BT_CONNECTED;
1073 d->state_change(d, 0);
1074 rfcomm_dlc_unlock(d);
1076 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1080 d->state = BT_CLOSED;
1081 __rfcomm_dlc_close(d, 0);
1083 if (list_empty(&s->dlcs)) {
1084 s->state = BT_DISCONN;
1085 rfcomm_send_disc(s, 0);
1091 /* Control channel */
1094 s->state = BT_CONNECTED;
1095 rfcomm_process_connect(s);
1099 rfcomm_session_put(s);
1106 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1110 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1114 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1116 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1121 d->state = BT_CLOSED;
1122 __rfcomm_dlc_close(d, err);
1125 if (s->state == BT_CONNECT)
1130 s->state = BT_CLOSED;
1131 rfcomm_session_close(s, err);
1136 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1140 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1143 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1145 rfcomm_send_ua(s, dlci);
1147 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1152 d->state = BT_CLOSED;
1153 __rfcomm_dlc_close(d, err);
1155 rfcomm_send_dm(s, dlci);
1158 rfcomm_send_ua(s, 0);
1160 if (s->state == BT_CONNECT)
1165 s->state = BT_CLOSED;
1166 rfcomm_session_close(s, err);
1172 static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1174 struct sock *sk = d->session->sock->sk;
1176 BT_DBG("dlc %p", d);
1178 rfcomm_send_ua(d->session, d->dlci);
1181 d->state = BT_CONNECTED;
1182 d->state_change(d, 0);
1183 rfcomm_dlc_unlock(d);
1185 if (d->link_mode & RFCOMM_LM_MASTER)
1186 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);
1188 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1191 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1193 struct rfcomm_dlc *d;
1196 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1199 rfcomm_send_ua(s, 0);
1201 if (s->state == BT_OPEN) {
1202 s->state = BT_CONNECTED;
1203 rfcomm_process_connect(s);
1208 /* Check if DLC exists */
1209 d = rfcomm_dlc_get(s, dlci);
1211 if (d->state == BT_OPEN) {
1212 /* DLC was previously opened by PN request */
1213 if (rfcomm_check_link_mode(d)) {
1214 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1215 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1217 rfcomm_dlc_accept(d);
1222 /* Notify socket layer about incoming connection */
1223 channel = __srv_channel(dlci);
1224 if (rfcomm_connect_ind(s, channel, &d)) {
1226 d->addr = __addr(s->initiator, dlci);
1227 rfcomm_dlc_link(s, d);
1229 if (rfcomm_check_link_mode(d)) {
1230 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1231 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1233 rfcomm_dlc_accept(d);
1235 rfcomm_send_dm(s, dlci);
1241 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1243 struct rfcomm_session *s = d->session;
1245 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1246 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1248 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1249 pn->flow_ctrl == 0xe0) {
1250 d->cfc = RFCOMM_CFC_ENABLED;
1251 d->tx_credits = pn->credits;
1253 d->cfc = RFCOMM_CFC_DISABLED;
1254 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1257 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1260 d->priority = pn->priority;
1262 d->mtu = btohs(pn->mtu);
1264 if (cr && d->mtu > s->mtu)
1270 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1272 struct rfcomm_pn *pn = (void *) skb->data;
1273 struct rfcomm_dlc *d;
1276 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1281 d = rfcomm_dlc_get(s, dlci);
1285 rfcomm_apply_pn(d, cr, pn);
1286 rfcomm_send_pn(s, 0, d);
1291 rfcomm_apply_pn(d, cr, pn);
1293 d->state = BT_CONNECT;
1294 rfcomm_send_sabm(s, d->dlci);
1299 u8 channel = __srv_channel(dlci);
1304 /* PN request for non existing DLC.
1305 * Assume incoming connection. */
1306 if (rfcomm_connect_ind(s, channel, &d)) {
1308 d->addr = __addr(s->initiator, dlci);
1309 rfcomm_dlc_link(s, d);
1311 rfcomm_apply_pn(d, cr, pn);
1314 rfcomm_send_pn(s, 0, d);
1316 rfcomm_send_dm(s, dlci);
1322 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1324 struct rfcomm_rpn *rpn = (void *) skb->data;
1325 u8 dlci = __get_dlci(rpn->dlci);
1334 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1336 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1337 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1338 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1344 /* This is a request, return default settings */
1345 bit_rate = RFCOMM_RPN_BR_115200;
1346 data_bits = RFCOMM_RPN_DATA_8;
1347 stop_bits = RFCOMM_RPN_STOP_1;
1348 parity = RFCOMM_RPN_PARITY_NONE;
1349 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1350 xon_char = RFCOMM_RPN_XON_CHAR;
1351 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1355 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1356 * no parity, no flow control lines, normal XON/XOFF chars */
1358 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1359 bit_rate = rpn->bit_rate;
1360 if (bit_rate != RFCOMM_RPN_BR_115200) {
1361 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1362 bit_rate = RFCOMM_RPN_BR_115200;
1363 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1367 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1368 data_bits = __get_rpn_data_bits(rpn->line_settings);
1369 if (data_bits != RFCOMM_RPN_DATA_8) {
1370 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1371 data_bits = RFCOMM_RPN_DATA_8;
1372 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1376 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1377 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1378 if (stop_bits != RFCOMM_RPN_STOP_1) {
1379 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1380 stop_bits = RFCOMM_RPN_STOP_1;
1381 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1385 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1386 parity = __get_rpn_parity(rpn->line_settings);
1387 if (parity != RFCOMM_RPN_PARITY_NONE) {
1388 BT_DBG("RPN parity mismatch 0x%x", parity);
1389 parity = RFCOMM_RPN_PARITY_NONE;
1390 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1394 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1395 flow_ctrl = rpn->flow_ctrl;
1396 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1397 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1398 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1399 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1403 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1404 xon_char = rpn->xon_char;
1405 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1406 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1407 xon_char = RFCOMM_RPN_XON_CHAR;
1408 rpn_mask ^= RFCOMM_RPN_PM_XON;
1412 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1413 xoff_char = rpn->xoff_char;
1414 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1415 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1416 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1417 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1422 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1423 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1428 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1430 struct rfcomm_rls *rls = (void *) skb->data;
1431 u8 dlci = __get_dlci(rls->dlci);
1433 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1438 /* We should probably do something with this information here. But
1439 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1440 * mandatory to recognise and respond to RLS */
1442 rfcomm_send_rls(s, 0, dlci, rls->status);
1447 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1449 struct rfcomm_msc *msc = (void *) skb->data;
1450 struct rfcomm_dlc *d;
1451 u8 dlci = __get_dlci(msc->dlci);
1453 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1455 d = rfcomm_dlc_get(s, dlci);
1460 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1461 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1463 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1467 d->remote_v24_sig = msc->v24_sig;
1469 if (d->modem_status)
1470 d->modem_status(d, msc->v24_sig);
1472 rfcomm_dlc_unlock(d);
1474 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1476 d->mscex |= RFCOMM_MSCEX_RX;
1478 d->mscex |= RFCOMM_MSCEX_TX;
1483 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1485 struct rfcomm_mcc *mcc = (void *) skb->data;
1488 cr = __test_cr(mcc->type);
1489 type = __get_mcc_type(mcc->type);
1490 len = __get_mcc_len(mcc->len);
1492 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1498 rfcomm_recv_pn(s, cr, skb);
1502 rfcomm_recv_rpn(s, cr, len, skb);
1506 rfcomm_recv_rls(s, cr, skb);
1510 rfcomm_recv_msc(s, cr, skb);
1515 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1516 rfcomm_send_fcoff(s, 0);
1522 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1523 rfcomm_send_fcon(s, 0);
1529 rfcomm_send_test(s, 0, skb->data, skb->len);
1536 BT_ERR("Unknown control type 0x%02x", type);
1537 rfcomm_send_nsc(s, cr, type);
1543 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1545 struct rfcomm_dlc *d;
1547 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1549 d = rfcomm_dlc_get(s, dlci);
1551 rfcomm_send_dm(s, dlci);
1556 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1558 d->tx_credits += credits;
1560 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1563 if (skb->len && d->state == BT_CONNECTED) {
1566 d->data_ready(d, skb);
1567 rfcomm_dlc_unlock(d);
1576 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1578 struct rfcomm_hdr *hdr = (void *) skb->data;
1581 dlci = __get_dlci(hdr->addr);
1582 type = __get_type(hdr->ctrl);
1585 skb->len--; skb->tail--;
1586 fcs = *(u8 *)skb_tail_pointer(skb);
1588 if (__check_fcs(skb->data, type, fcs)) {
1589 BT_ERR("bad checksum in packet");
1594 if (__test_ea(hdr->len))
1601 if (__test_pf(hdr->ctrl))
1602 rfcomm_recv_sabm(s, dlci);
1606 if (__test_pf(hdr->ctrl))
1607 rfcomm_recv_disc(s, dlci);
1611 if (__test_pf(hdr->ctrl))
1612 rfcomm_recv_ua(s, dlci);
1616 rfcomm_recv_dm(s, dlci);
1621 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1623 rfcomm_recv_mcc(s, skb);
1627 BT_ERR("Unknown packet type 0x%02x\n", type);
1634 /* ---- Connection and data processing ---- */
1636 static void rfcomm_process_connect(struct rfcomm_session *s)
1638 struct rfcomm_dlc *d;
1639 struct list_head *p, *n;
1641 BT_DBG("session %p state %ld", s, s->state);
1643 list_for_each_safe(p, n, &s->dlcs) {
1644 d = list_entry(p, struct rfcomm_dlc, list);
1645 if (d->state == BT_CONFIG) {
1647 if (rfcomm_check_link_mode(d)) {
1648 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1649 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1651 rfcomm_send_pn(s, 1, d);
1656 /* Send data queued for the DLC.
1657 * Return number of frames left in the queue.
1659 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1661 struct sk_buff *skb;
1664 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1665 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1667 /* Send pending MSC */
1668 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1669 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1673 * Give them some credits */
1674 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1675 d->rx_credits <= (d->cfc >> 2)) {
1676 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1677 d->rx_credits = d->cfc;
1681 * Give ourselves some credits */
1685 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1686 return skb_queue_len(&d->tx_queue);
1688 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1689 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1691 skb_queue_head(&d->tx_queue, skb);
1698 if (d->cfc && !d->tx_credits) {
1699 /* We're out of TX credits.
1700 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1701 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1704 return skb_queue_len(&d->tx_queue);
1707 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1709 struct rfcomm_dlc *d;
1710 struct list_head *p, *n;
1712 BT_DBG("session %p state %ld", s, s->state);
1714 list_for_each_safe(p, n, &s->dlcs) {
1715 d = list_entry(p, struct rfcomm_dlc, list);
1717 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1718 __rfcomm_dlc_close(d, ETIMEDOUT);
1722 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1723 rfcomm_dlc_clear_timer(d);
1725 rfcomm_send_pn(s, 1, d);
1726 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1728 rfcomm_dlc_accept(d);
1729 if (d->link_mode & RFCOMM_LM_SECURE) {
1730 struct sock *sk = s->sock->sk;
1731 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
1734 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1735 rfcomm_dlc_clear_timer(d);
1737 rfcomm_send_dm(s, d->dlci);
1739 d->state = BT_CLOSED;
1740 __rfcomm_dlc_close(d, ECONNREFUSED);
1744 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1747 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1748 d->mscex == RFCOMM_MSCEX_OK)
1749 rfcomm_process_tx(d);
1753 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1755 struct socket *sock = s->sock;
1756 struct sock *sk = sock->sk;
1757 struct sk_buff *skb;
1759 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1761 /* Get data directly from socket receive queue without copying it. */
1762 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1764 rfcomm_recv_frame(s, skb);
1767 if (sk->sk_state == BT_CLOSED) {
1769 rfcomm_session_put(s);
1771 rfcomm_session_close(s, sk->sk_err);
1775 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1777 struct socket *sock = s->sock, *nsock;
1780 /* Fast check for a new connection.
1781 * Avoids unnesesary socket allocations. */
1782 if (list_empty(&bt_sk(sock->sk)->accept_q))
1785 BT_DBG("session %p", s);
1787 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1791 __module_get(nsock->ops->owner);
1793 /* Set our callbacks */
1794 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1795 nsock->sk->sk_state_change = rfcomm_l2state_change;
1797 s = rfcomm_session_add(nsock, BT_OPEN);
1799 rfcomm_session_hold(s);
1801 /* We should adjust MTU on incoming sessions.
1802 * L2CAP MTU minus UIH header and FCS. */
1803 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5;
1805 rfcomm_schedule(RFCOMM_SCHED_RX);
1807 sock_release(nsock);
1810 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1812 struct sock *sk = s->sock->sk;
1814 BT_DBG("%p state %ld", s, s->state);
1816 switch(sk->sk_state) {
1818 s->state = BT_CONNECT;
1820 /* We can adjust MTU on outgoing sessions.
1821 * L2CAP MTU minus UIH header and FCS. */
1822 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1824 rfcomm_send_sabm(s, 0);
1828 s->state = BT_CLOSED;
1829 rfcomm_session_close(s, sk->sk_err);
1834 static inline void rfcomm_process_sessions(void)
1836 struct list_head *p, *n;
1840 list_for_each_safe(p, n, &session_list) {
1841 struct rfcomm_session *s;
1842 s = list_entry(p, struct rfcomm_session, list);
1844 if (s->state == BT_LISTEN) {
1845 rfcomm_accept_connection(s);
1849 rfcomm_session_hold(s);
1853 rfcomm_check_connection(s);
1857 rfcomm_process_rx(s);
1861 rfcomm_process_dlcs(s);
1863 rfcomm_session_put(s);
1869 static int rfcomm_add_listener(bdaddr_t *ba)
1871 struct sockaddr_l2 addr;
1872 struct socket *sock;
1874 struct rfcomm_session *s;
1878 err = rfcomm_l2sock_create(&sock);
1880 BT_ERR("Create socket failed %d", err);
1885 bacpy(&addr.l2_bdaddr, ba);
1886 addr.l2_family = AF_BLUETOOTH;
1887 addr.l2_psm = htobs(RFCOMM_PSM);
1888 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1890 BT_ERR("Bind failed %d", err);
1894 /* Set L2CAP options */
1897 l2cap_pi(sk)->imtu = l2cap_mtu;
1900 /* Start listening on the socket */
1901 err = kernel_listen(sock, 10);
1903 BT_ERR("Listen failed %d", err);
1907 /* Add listening session */
1908 s = rfcomm_session_add(sock, BT_LISTEN);
1912 rfcomm_session_hold(s);
1919 static void rfcomm_kill_listener(void)
1921 struct rfcomm_session *s;
1922 struct list_head *p, *n;
1926 list_for_each_safe(p, n, &session_list) {
1927 s = list_entry(p, struct rfcomm_session, list);
1928 rfcomm_session_del(s);
1932 static int rfcomm_run(void *unused)
1936 set_user_nice(current, -10);
1938 rfcomm_add_listener(BDADDR_ANY);
1940 while (!kthread_should_stop()) {
1941 set_current_state(TASK_INTERRUPTIBLE);
1942 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1943 /* No pending events. Let's sleep.
1944 * Incoming connections and data will wake us up. */
1947 set_current_state(TASK_RUNNING);
1950 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1951 rfcomm_process_sessions();
1954 rfcomm_kill_listener();
1959 static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
1961 struct rfcomm_session *s;
1962 struct rfcomm_dlc *d;
1963 struct list_head *p, *n;
1965 BT_DBG("conn %p status 0x%02x", conn, status);
1967 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1971 rfcomm_session_hold(s);
1973 list_for_each_safe(p, n, &s->dlcs) {
1974 d = list_entry(p, struct rfcomm_dlc, list);
1976 if ((d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) &&
1977 !(conn->link_mode & HCI_LM_ENCRYPT) && !status)
1980 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1984 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1986 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1989 rfcomm_session_put(s);
1991 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1994 static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1996 struct rfcomm_session *s;
1997 struct rfcomm_dlc *d;
1998 struct list_head *p, *n;
2000 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2002 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2006 rfcomm_session_hold(s);
2008 list_for_each_safe(p, n, &s->dlcs) {
2009 d = list_entry(p, struct rfcomm_dlc, list);
2011 if ((d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) &&
2012 (d->state == BT_CONNECTED ||
2013 d->state == BT_CONFIG) &&
2014 !status && encrypt == 0x00) {
2015 __rfcomm_dlc_close(d, ECONNREFUSED);
2019 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2022 if (!status && encrypt)
2023 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2025 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2028 rfcomm_session_put(s);
2030 rfcomm_schedule(RFCOMM_SCHED_AUTH);
2033 static struct hci_cb rfcomm_cb = {
2035 .auth_cfm = rfcomm_auth_cfm,
2036 .encrypt_cfm = rfcomm_encrypt_cfm
2039 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
2041 struct rfcomm_session *s;
2042 struct list_head *pp, *p;
2047 list_for_each(p, &session_list) {
2048 s = list_entry(p, struct rfcomm_session, list);
2049 list_for_each(pp, &s->dlcs) {
2050 struct sock *sk = s->sock->sk;
2051 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
2053 str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2054 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2055 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
2064 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
2066 /* ---- Initialization ---- */
2067 static int __init rfcomm_init(void)
2071 hci_register_cb(&rfcomm_cb);
2073 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2074 if (IS_ERR(rfcomm_thread)) {
2075 hci_unregister_cb(&rfcomm_cb);
2076 return PTR_ERR(rfcomm_thread);
2079 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0)
2080 BT_ERR("Failed to create RFCOMM info file");
2082 rfcomm_init_sockets();
2084 #ifdef CONFIG_BT_RFCOMM_TTY
2088 BT_INFO("RFCOMM ver %s", VERSION);
2093 static void __exit rfcomm_exit(void)
2095 class_remove_file(bt_class, &class_attr_rfcomm_dlc);
2097 hci_unregister_cb(&rfcomm_cb);
2099 kthread_stop(rfcomm_thread);
2101 #ifdef CONFIG_BT_RFCOMM_TTY
2102 rfcomm_cleanup_ttys();
2105 rfcomm_cleanup_sockets();
2108 module_init(rfcomm_init);
2109 module_exit(rfcomm_exit);
2111 module_param(disable_cfc, bool, 0644);
2112 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2114 module_param(channel_mtu, int, 0644);
2115 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2117 module_param(l2cap_mtu, uint, 0644);
2118 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2120 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
2121 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2122 MODULE_VERSION(VERSION);
2123 MODULE_LICENSE("GPL");
2124 MODULE_ALIAS("bt-proto-3");
git.openpandora.org / pandora-kernel.git / blob