2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/kernel.h>
31 #include <linux/sched.h>
32 #include <linux/signal.h>
33 #include <linux/init.h>
34 #include <linux/wait.h>
35 #include <linux/device.h>
36 #include <linux/net.h>
37 #include <linux/mutex.h>
38 #include <linux/kthread.h>
41 #include <asm/uaccess.h>
42 #include <asm/unaligned.h>
44 #include <net/bluetooth/bluetooth.h>
45 #include <net/bluetooth/hci_core.h>
46 #include <net/bluetooth/l2cap.h>
47 #include <net/bluetooth/rfcomm.h>
49 #define VERSION "1.10"
51 static int disable_cfc = 0;
52 static int channel_mtu = -1;
53 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
55 static struct task_struct *rfcomm_thread;
57 static DEFINE_MUTEX(rfcomm_mutex);
58 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
59 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
61 static unsigned long rfcomm_event;
63 static LIST_HEAD(session_list);
65 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
66 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
67 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
68 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
69 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
70 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
71 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
72 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
73 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
74 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
76 static void rfcomm_process_connect(struct rfcomm_session *s);
78 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
79 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
80 static void rfcomm_session_del(struct rfcomm_session *s);
82 /* ---- RFCOMM frame parsing macros ---- */
83 #define __get_dlci(b) ((b & 0xfc) >> 2)
84 #define __get_channel(b) ((b & 0xf8) >> 3)
85 #define __get_dir(b) ((b & 0x04) >> 2)
86 #define __get_type(b) ((b & 0xef))
88 #define __test_ea(b) ((b & 0x01))
89 #define __test_cr(b) ((b & 0x02))
90 #define __test_pf(b) ((b & 0x10))
92 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
93 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
94 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
95 #define __srv_channel(dlci) (dlci >> 1)
96 #define __dir(dlci) (dlci & 0x01)
98 #define __len8(len) (((len) << 1) | 1)
99 #define __len16(len) ((len) << 1)
102 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
103 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
104 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
107 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
108 #define __get_rpn_data_bits(line) ((line) & 0x3)
109 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
110 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
112 static inline void rfcomm_schedule(uint event)
116 //set_bit(event, &rfcomm_event);
117 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
118 wake_up_process(rfcomm_thread);
121 static inline void rfcomm_session_put(struct rfcomm_session *s)
123 if (atomic_dec_and_test(&s->refcnt))
124 rfcomm_session_del(s);
127 /* ---- RFCOMM FCS computation ---- */
129 /* reversed, 8-bit, poly=0x07 */
130 static unsigned char rfcomm_crc_table[256] = {
131 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
132 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
133 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
134 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
136 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
137 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
138 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
139 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
141 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
142 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
143 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
144 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
146 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
147 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
148 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
149 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
151 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
152 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
153 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
154 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
156 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
157 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
158 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
159 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
161 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
162 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
163 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
164 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
166 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
167 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
168 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
169 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
173 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
176 static inline u8 __fcs(u8 *data)
178 return (0xff - __crc(data));
182 static inline u8 __fcs2(u8 *data)
184 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
188 static inline int __check_fcs(u8 *data, int type, u8 fcs)
192 if (type != RFCOMM_UIH)
193 f = rfcomm_crc_table[f ^ data[2]];
195 return rfcomm_crc_table[f ^ fcs] != 0xcf;
198 /* ---- L2CAP callbacks ---- */
199 static void rfcomm_l2state_change(struct sock *sk)
201 BT_DBG("%p state %d", sk, sk->sk_state);
202 rfcomm_schedule(RFCOMM_SCHED_STATE);
205 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
207 BT_DBG("%p bytes %d", sk, bytes);
208 rfcomm_schedule(RFCOMM_SCHED_RX);
211 static int rfcomm_l2sock_create(struct socket **sock)
217 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
219 struct sock *sk = (*sock)->sk;
220 sk->sk_data_ready = rfcomm_l2data_ready;
221 sk->sk_state_change = rfcomm_l2state_change;
226 static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
228 struct sock *sk = d->session->sock->sk;
230 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
231 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
233 } else if (d->link_mode & RFCOMM_LM_AUTH) {
234 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
241 /* ---- RFCOMM DLCs ---- */
242 static void rfcomm_dlc_timeout(unsigned long arg)
244 struct rfcomm_dlc *d = (void *) arg;
246 BT_DBG("dlc %p state %ld", d, d->state);
248 set_bit(RFCOMM_TIMED_OUT, &d->flags);
250 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
253 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
255 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
257 if (!mod_timer(&d->timer, jiffies + timeout))
261 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
263 BT_DBG("dlc %p state %ld", d, d->state);
265 if (timer_pending(&d->timer) && del_timer(&d->timer))
269 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
276 d->mtu = RFCOMM_DEFAULT_MTU;
277 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
279 d->cfc = RFCOMM_CFC_DISABLED;
280 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
283 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
285 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
290 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
292 skb_queue_head_init(&d->tx_queue);
293 spin_lock_init(&d->lock);
294 atomic_set(&d->refcnt, 1);
296 rfcomm_dlc_clear_state(d);
303 void rfcomm_dlc_free(struct rfcomm_dlc *d)
307 skb_queue_purge(&d->tx_queue);
311 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
313 BT_DBG("dlc %p session %p", d, s);
315 rfcomm_session_hold(s);
318 list_add(&d->list, &s->dlcs);
322 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
324 struct rfcomm_session *s = d->session;
326 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
332 rfcomm_session_put(s);
335 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
337 struct rfcomm_dlc *d;
340 list_for_each(p, &s->dlcs) {
341 d = list_entry(p, struct rfcomm_dlc, list);
348 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
350 struct rfcomm_session *s;
354 BT_DBG("dlc %p state %ld %s %s channel %d",
355 d, d->state, batostr(src), batostr(dst), channel);
357 if (channel < 1 || channel > 30)
360 if (d->state != BT_OPEN && d->state != BT_CLOSED)
363 s = rfcomm_session_get(src, dst);
365 s = rfcomm_session_create(src, dst, &err);
370 dlci = __dlci(!s->initiator, channel);
372 /* Check if DLCI already exists */
373 if (rfcomm_dlc_get(s, dlci))
376 rfcomm_dlc_clear_state(d);
379 d->addr = __addr(s->initiator, dlci);
382 d->state = BT_CONFIG;
383 rfcomm_dlc_link(s, d);
388 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
390 if (s->state == BT_CONNECTED) {
391 if (rfcomm_check_link_mode(d))
392 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
394 rfcomm_send_pn(s, 1, d);
397 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
402 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
408 r = __rfcomm_dlc_open(d, src, dst, channel);
414 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
416 struct rfcomm_session *s = d->session;
420 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
421 d, d->state, d->dlci, err, s);
426 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
427 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
428 rfcomm_schedule(RFCOMM_SCHED_AUTH);
434 d->state = BT_DISCONN;
435 if (skb_queue_empty(&d->tx_queue)) {
436 rfcomm_send_disc(s, d->dlci);
437 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
439 rfcomm_queue_disc(d);
440 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
445 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
446 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
447 rfcomm_schedule(RFCOMM_SCHED_AUTH);
453 rfcomm_dlc_clear_timer(d);
456 d->state = BT_CLOSED;
457 d->state_change(d, err);
458 rfcomm_dlc_unlock(d);
460 skb_queue_purge(&d->tx_queue);
461 rfcomm_dlc_unlink(d);
467 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
473 r = __rfcomm_dlc_close(d, err);
479 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
483 if (d->state != BT_CONNECTED)
486 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
491 rfcomm_make_uih(skb, d->addr);
492 skb_queue_tail(&d->tx_queue, skb);
494 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
495 rfcomm_schedule(RFCOMM_SCHED_TX);
499 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
501 BT_DBG("dlc %p state %ld", d, d->state);
504 d->v24_sig |= RFCOMM_V24_FC;
505 set_bit(RFCOMM_MSC_PENDING, &d->flags);
507 rfcomm_schedule(RFCOMM_SCHED_TX);
510 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
512 BT_DBG("dlc %p state %ld", d, d->state);
515 d->v24_sig &= ~RFCOMM_V24_FC;
516 set_bit(RFCOMM_MSC_PENDING, &d->flags);
518 rfcomm_schedule(RFCOMM_SCHED_TX);
522 Set/get modem status functions use _local_ status i.e. what we report
524 Remote status is provided by dlc->modem_status() callback.
526 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
528 BT_DBG("dlc %p state %ld v24_sig 0x%x",
529 d, d->state, v24_sig);
531 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
532 v24_sig |= RFCOMM_V24_FC;
534 v24_sig &= ~RFCOMM_V24_FC;
536 d->v24_sig = v24_sig;
538 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
539 rfcomm_schedule(RFCOMM_SCHED_TX);
544 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
546 BT_DBG("dlc %p state %ld v24_sig 0x%x",
547 d, d->state, d->v24_sig);
549 *v24_sig = d->v24_sig;
553 /* ---- RFCOMM sessions ---- */
554 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
556 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
561 BT_DBG("session %p sock %p", s, sock);
563 INIT_LIST_HEAD(&s->dlcs);
567 s->mtu = RFCOMM_DEFAULT_MTU;
568 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
570 /* Do not increment module usage count for listening sessions.
571 * Otherwise we won't be able to unload the module. */
572 if (state != BT_LISTEN)
573 if (!try_module_get(THIS_MODULE)) {
578 list_add(&s->list, &session_list);
583 static void rfcomm_session_del(struct rfcomm_session *s)
585 int state = s->state;
587 BT_DBG("session %p state %ld", s, s->state);
591 if (state == BT_CONNECTED)
592 rfcomm_send_disc(s, 0);
594 sock_release(s->sock);
597 if (state != BT_LISTEN)
598 module_put(THIS_MODULE);
601 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
603 struct rfcomm_session *s;
604 struct list_head *p, *n;
606 list_for_each_safe(p, n, &session_list) {
607 s = list_entry(p, struct rfcomm_session, list);
608 sk = bt_sk(s->sock->sk);
610 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
611 !bacmp(&sk->dst, dst))
617 static void rfcomm_session_close(struct rfcomm_session *s, int err)
619 struct rfcomm_dlc *d;
620 struct list_head *p, *n;
622 BT_DBG("session %p state %ld err %d", s, s->state, err);
624 rfcomm_session_hold(s);
626 s->state = BT_CLOSED;
629 list_for_each_safe(p, n, &s->dlcs) {
630 d = list_entry(p, struct rfcomm_dlc, list);
631 d->state = BT_CLOSED;
632 __rfcomm_dlc_close(d, err);
635 rfcomm_session_put(s);
638 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
640 struct rfcomm_session *s = NULL;
641 struct sockaddr_l2 addr;
645 BT_DBG("%s %s", batostr(src), batostr(dst));
647 *err = rfcomm_l2sock_create(&sock);
651 bacpy(&addr.l2_bdaddr, src);
652 addr.l2_family = AF_BLUETOOTH;
654 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
658 /* Set L2CAP options */
661 l2cap_pi(sk)->imtu = l2cap_mtu;
664 s = rfcomm_session_add(sock, BT_BOUND);
672 bacpy(&addr.l2_bdaddr, dst);
673 addr.l2_family = AF_BLUETOOTH;
674 addr.l2_psm = htobs(RFCOMM_PSM);
675 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
676 if (*err == 0 || *err == -EINPROGRESS)
679 rfcomm_session_del(s);
687 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
689 struct sock *sk = s->sock->sk;
691 bacpy(src, &bt_sk(sk)->src);
693 bacpy(dst, &bt_sk(sk)->dst);
696 /* ---- RFCOMM frame sending ---- */
697 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
699 struct socket *sock = s->sock;
700 struct kvec iv = { data, len };
703 BT_DBG("session %p len %d", s, len);
705 memset(&msg, 0, sizeof(msg));
707 return kernel_sendmsg(sock, &msg, &iv, 1, len);
710 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
712 struct rfcomm_cmd cmd;
714 BT_DBG("%p dlci %d", s, dlci);
716 cmd.addr = __addr(s->initiator, dlci);
717 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
719 cmd.fcs = __fcs2((u8 *) &cmd);
721 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
724 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
726 struct rfcomm_cmd cmd;
728 BT_DBG("%p dlci %d", s, dlci);
730 cmd.addr = __addr(!s->initiator, dlci);
731 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
733 cmd.fcs = __fcs2((u8 *) &cmd);
735 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
738 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
740 struct rfcomm_cmd cmd;
742 BT_DBG("%p dlci %d", s, dlci);
744 cmd.addr = __addr(s->initiator, dlci);
745 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
747 cmd.fcs = __fcs2((u8 *) &cmd);
749 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
752 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
754 struct rfcomm_cmd *cmd;
757 BT_DBG("dlc %p dlci %d", d, d->dlci);
759 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
763 cmd = (void *) __skb_put(skb, sizeof(*cmd));
765 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
766 cmd->len = __len8(0);
767 cmd->fcs = __fcs2((u8 *) cmd);
769 skb_queue_tail(&d->tx_queue, skb);
770 rfcomm_schedule(RFCOMM_SCHED_TX);
774 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
776 struct rfcomm_cmd cmd;
778 BT_DBG("%p dlci %d", s, dlci);
780 cmd.addr = __addr(!s->initiator, dlci);
781 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
783 cmd.fcs = __fcs2((u8 *) &cmd);
785 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
788 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
790 struct rfcomm_hdr *hdr;
791 struct rfcomm_mcc *mcc;
792 u8 buf[16], *ptr = buf;
794 BT_DBG("%p cr %d type %d", s, cr, type);
796 hdr = (void *) ptr; ptr += sizeof(*hdr);
797 hdr->addr = __addr(s->initiator, 0);
798 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
799 hdr->len = __len8(sizeof(*mcc) + 1);
801 mcc = (void *) ptr; ptr += sizeof(*mcc);
802 mcc->type = __mcc_type(cr, RFCOMM_NSC);
803 mcc->len = __len8(1);
805 /* Type that we didn't like */
806 *ptr = __mcc_type(cr, type); ptr++;
808 *ptr = __fcs(buf); ptr++;
810 return rfcomm_send_frame(s, buf, ptr - buf);
813 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
815 struct rfcomm_hdr *hdr;
816 struct rfcomm_mcc *mcc;
817 struct rfcomm_pn *pn;
818 u8 buf[16], *ptr = buf;
820 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
822 hdr = (void *) ptr; ptr += sizeof(*hdr);
823 hdr->addr = __addr(s->initiator, 0);
824 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
825 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
827 mcc = (void *) ptr; ptr += sizeof(*mcc);
828 mcc->type = __mcc_type(cr, RFCOMM_PN);
829 mcc->len = __len8(sizeof(*pn));
831 pn = (void *) ptr; ptr += sizeof(*pn);
833 pn->priority = d->priority;
838 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
839 pn->credits = RFCOMM_DEFAULT_CREDITS;
845 if (cr && channel_mtu >= 0)
846 pn->mtu = htobs(channel_mtu);
848 pn->mtu = htobs(d->mtu);
850 *ptr = __fcs(buf); ptr++;
852 return rfcomm_send_frame(s, buf, ptr - buf);
855 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
856 u8 bit_rate, u8 data_bits, u8 stop_bits,
857 u8 parity, u8 flow_ctrl_settings,
858 u8 xon_char, u8 xoff_char, u16 param_mask)
860 struct rfcomm_hdr *hdr;
861 struct rfcomm_mcc *mcc;
862 struct rfcomm_rpn *rpn;
863 u8 buf[16], *ptr = buf;
865 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
866 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
867 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
868 flow_ctrl_settings, xon_char, xoff_char, param_mask);
870 hdr = (void *) ptr; ptr += sizeof(*hdr);
871 hdr->addr = __addr(s->initiator, 0);
872 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
873 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
875 mcc = (void *) ptr; ptr += sizeof(*mcc);
876 mcc->type = __mcc_type(cr, RFCOMM_RPN);
877 mcc->len = __len8(sizeof(*rpn));
879 rpn = (void *) ptr; ptr += sizeof(*rpn);
880 rpn->dlci = __addr(1, dlci);
881 rpn->bit_rate = bit_rate;
882 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
883 rpn->flow_ctrl = flow_ctrl_settings;
884 rpn->xon_char = xon_char;
885 rpn->xoff_char = xoff_char;
886 rpn->param_mask = cpu_to_le16(param_mask);
888 *ptr = __fcs(buf); ptr++;
890 return rfcomm_send_frame(s, buf, ptr - buf);
893 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
895 struct rfcomm_hdr *hdr;
896 struct rfcomm_mcc *mcc;
897 struct rfcomm_rls *rls;
898 u8 buf[16], *ptr = buf;
900 BT_DBG("%p cr %d status 0x%x", s, cr, status);
902 hdr = (void *) ptr; ptr += sizeof(*hdr);
903 hdr->addr = __addr(s->initiator, 0);
904 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
905 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
907 mcc = (void *) ptr; ptr += sizeof(*mcc);
908 mcc->type = __mcc_type(cr, RFCOMM_RLS);
909 mcc->len = __len8(sizeof(*rls));
911 rls = (void *) ptr; ptr += sizeof(*rls);
912 rls->dlci = __addr(1, dlci);
913 rls->status = status;
915 *ptr = __fcs(buf); ptr++;
917 return rfcomm_send_frame(s, buf, ptr - buf);
920 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
922 struct rfcomm_hdr *hdr;
923 struct rfcomm_mcc *mcc;
924 struct rfcomm_msc *msc;
925 u8 buf[16], *ptr = buf;
927 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
929 hdr = (void *) ptr; ptr += sizeof(*hdr);
930 hdr->addr = __addr(s->initiator, 0);
931 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
932 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
934 mcc = (void *) ptr; ptr += sizeof(*mcc);
935 mcc->type = __mcc_type(cr, RFCOMM_MSC);
936 mcc->len = __len8(sizeof(*msc));
938 msc = (void *) ptr; ptr += sizeof(*msc);
939 msc->dlci = __addr(1, dlci);
940 msc->v24_sig = v24_sig | 0x01;
942 *ptr = __fcs(buf); ptr++;
944 return rfcomm_send_frame(s, buf, ptr - buf);
947 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
949 struct rfcomm_hdr *hdr;
950 struct rfcomm_mcc *mcc;
951 u8 buf[16], *ptr = buf;
953 BT_DBG("%p cr %d", s, cr);
955 hdr = (void *) ptr; ptr += sizeof(*hdr);
956 hdr->addr = __addr(s->initiator, 0);
957 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
958 hdr->len = __len8(sizeof(*mcc));
960 mcc = (void *) ptr; ptr += sizeof(*mcc);
961 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
962 mcc->len = __len8(0);
964 *ptr = __fcs(buf); ptr++;
966 return rfcomm_send_frame(s, buf, ptr - buf);
969 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
971 struct rfcomm_hdr *hdr;
972 struct rfcomm_mcc *mcc;
973 u8 buf[16], *ptr = buf;
975 BT_DBG("%p cr %d", s, cr);
977 hdr = (void *) ptr; ptr += sizeof(*hdr);
978 hdr->addr = __addr(s->initiator, 0);
979 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
980 hdr->len = __len8(sizeof(*mcc));
982 mcc = (void *) ptr; ptr += sizeof(*mcc);
983 mcc->type = __mcc_type(cr, RFCOMM_FCON);
984 mcc->len = __len8(0);
986 *ptr = __fcs(buf); ptr++;
988 return rfcomm_send_frame(s, buf, ptr - buf);
991 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
993 struct socket *sock = s->sock;
996 unsigned char hdr[5], crc[1];
1001 BT_DBG("%p cr %d", s, cr);
1003 hdr[0] = __addr(s->initiator, 0);
1004 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1005 hdr[2] = 0x01 | ((len + 2) << 1);
1006 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1007 hdr[4] = 0x01 | (len << 1);
1009 crc[0] = __fcs(hdr);
1011 iv[0].iov_base = hdr;
1013 iv[1].iov_base = pattern;
1014 iv[1].iov_len = len;
1015 iv[2].iov_base = crc;
1018 memset(&msg, 0, sizeof(msg));
1020 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1023 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1025 struct rfcomm_hdr *hdr;
1026 u8 buf[16], *ptr = buf;
1028 BT_DBG("%p addr %d credits %d", s, addr, credits);
1030 hdr = (void *) ptr; ptr += sizeof(*hdr);
1032 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1033 hdr->len = __len8(0);
1035 *ptr = credits; ptr++;
1037 *ptr = __fcs(buf); ptr++;
1039 return rfcomm_send_frame(s, buf, ptr - buf);
1042 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1044 struct rfcomm_hdr *hdr;
1049 hdr = (void *) skb_push(skb, 4);
1050 put_unaligned(htobs(__len16(len)), (__le16 *) &hdr->len);
1052 hdr = (void *) skb_push(skb, 3);
1053 hdr->len = __len8(len);
1056 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1058 crc = skb_put(skb, 1);
1059 *crc = __fcs((void *) hdr);
1062 /* ---- RFCOMM frame reception ---- */
1063 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1065 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1069 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1071 rfcomm_send_dm(s, dlci);
1077 rfcomm_dlc_clear_timer(d);
1080 d->state = BT_CONNECTED;
1081 d->state_change(d, 0);
1082 rfcomm_dlc_unlock(d);
1084 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1088 d->state = BT_CLOSED;
1089 __rfcomm_dlc_close(d, 0);
1091 if (list_empty(&s->dlcs)) {
1092 s->state = BT_DISCONN;
1093 rfcomm_send_disc(s, 0);
1099 /* Control channel */
1102 s->state = BT_CONNECTED;
1103 rfcomm_process_connect(s);
1107 rfcomm_session_put(s);
1114 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1118 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1122 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1124 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1129 d->state = BT_CLOSED;
1130 __rfcomm_dlc_close(d, err);
1133 if (s->state == BT_CONNECT)
1138 s->state = BT_CLOSED;
1139 rfcomm_session_close(s, err);
1144 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1148 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1151 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1153 rfcomm_send_ua(s, dlci);
1155 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1160 d->state = BT_CLOSED;
1161 __rfcomm_dlc_close(d, err);
1163 rfcomm_send_dm(s, dlci);
1166 rfcomm_send_ua(s, 0);
1168 if (s->state == BT_CONNECT)
1173 s->state = BT_CLOSED;
1174 rfcomm_session_close(s, err);
1180 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1182 struct sock *sk = d->session->sock->sk;
1184 BT_DBG("dlc %p", d);
1186 rfcomm_send_ua(d->session, d->dlci);
1189 d->state = BT_CONNECTED;
1190 d->state_change(d, 0);
1191 rfcomm_dlc_unlock(d);
1193 if (d->link_mode & RFCOMM_LM_MASTER)
1194 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);
1196 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1199 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1201 if (rfcomm_check_link_mode(d)) {
1202 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1203 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1205 if (d->defer_setup) {
1206 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1207 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1209 rfcomm_dlc_accept(d);
1213 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1215 struct rfcomm_dlc *d;
1218 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1221 rfcomm_send_ua(s, 0);
1223 if (s->state == BT_OPEN) {
1224 s->state = BT_CONNECTED;
1225 rfcomm_process_connect(s);
1230 /* Check if DLC exists */
1231 d = rfcomm_dlc_get(s, dlci);
1233 if (d->state == BT_OPEN) {
1234 /* DLC was previously opened by PN request */
1235 rfcomm_check_accept(d);
1240 /* Notify socket layer about incoming connection */
1241 channel = __srv_channel(dlci);
1242 if (rfcomm_connect_ind(s, channel, &d)) {
1244 d->addr = __addr(s->initiator, dlci);
1245 rfcomm_dlc_link(s, d);
1247 rfcomm_check_accept(d);
1249 rfcomm_send_dm(s, dlci);
1255 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1257 struct rfcomm_session *s = d->session;
1259 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1260 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1262 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1263 pn->flow_ctrl == 0xe0) {
1264 d->cfc = RFCOMM_CFC_ENABLED;
1265 d->tx_credits = pn->credits;
1267 d->cfc = RFCOMM_CFC_DISABLED;
1268 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1271 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1274 d->priority = pn->priority;
1276 d->mtu = btohs(pn->mtu);
1278 if (cr && d->mtu > s->mtu)
1284 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1286 struct rfcomm_pn *pn = (void *) skb->data;
1287 struct rfcomm_dlc *d;
1290 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1295 d = rfcomm_dlc_get(s, dlci);
1299 rfcomm_apply_pn(d, cr, pn);
1300 rfcomm_send_pn(s, 0, d);
1305 rfcomm_apply_pn(d, cr, pn);
1307 d->state = BT_CONNECT;
1308 rfcomm_send_sabm(s, d->dlci);
1313 u8 channel = __srv_channel(dlci);
1318 /* PN request for non existing DLC.
1319 * Assume incoming connection. */
1320 if (rfcomm_connect_ind(s, channel, &d)) {
1322 d->addr = __addr(s->initiator, dlci);
1323 rfcomm_dlc_link(s, d);
1325 rfcomm_apply_pn(d, cr, pn);
1328 rfcomm_send_pn(s, 0, d);
1330 rfcomm_send_dm(s, dlci);
1336 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1338 struct rfcomm_rpn *rpn = (void *) skb->data;
1339 u8 dlci = __get_dlci(rpn->dlci);
1348 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1350 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1351 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1352 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1358 /* This is a request, return default settings */
1359 bit_rate = RFCOMM_RPN_BR_115200;
1360 data_bits = RFCOMM_RPN_DATA_8;
1361 stop_bits = RFCOMM_RPN_STOP_1;
1362 parity = RFCOMM_RPN_PARITY_NONE;
1363 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1364 xon_char = RFCOMM_RPN_XON_CHAR;
1365 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1369 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1370 * no parity, no flow control lines, normal XON/XOFF chars */
1372 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1373 bit_rate = rpn->bit_rate;
1374 if (bit_rate != RFCOMM_RPN_BR_115200) {
1375 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1376 bit_rate = RFCOMM_RPN_BR_115200;
1377 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1381 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1382 data_bits = __get_rpn_data_bits(rpn->line_settings);
1383 if (data_bits != RFCOMM_RPN_DATA_8) {
1384 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1385 data_bits = RFCOMM_RPN_DATA_8;
1386 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1390 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1391 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1392 if (stop_bits != RFCOMM_RPN_STOP_1) {
1393 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1394 stop_bits = RFCOMM_RPN_STOP_1;
1395 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1399 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1400 parity = __get_rpn_parity(rpn->line_settings);
1401 if (parity != RFCOMM_RPN_PARITY_NONE) {
1402 BT_DBG("RPN parity mismatch 0x%x", parity);
1403 parity = RFCOMM_RPN_PARITY_NONE;
1404 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1408 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1409 flow_ctrl = rpn->flow_ctrl;
1410 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1411 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1412 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1413 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1417 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1418 xon_char = rpn->xon_char;
1419 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1420 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1421 xon_char = RFCOMM_RPN_XON_CHAR;
1422 rpn_mask ^= RFCOMM_RPN_PM_XON;
1426 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1427 xoff_char = rpn->xoff_char;
1428 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1429 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1430 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1431 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1436 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1437 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1442 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1444 struct rfcomm_rls *rls = (void *) skb->data;
1445 u8 dlci = __get_dlci(rls->dlci);
1447 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1452 /* We should probably do something with this information here. But
1453 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1454 * mandatory to recognise and respond to RLS */
1456 rfcomm_send_rls(s, 0, dlci, rls->status);
1461 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1463 struct rfcomm_msc *msc = (void *) skb->data;
1464 struct rfcomm_dlc *d;
1465 u8 dlci = __get_dlci(msc->dlci);
1467 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1469 d = rfcomm_dlc_get(s, dlci);
1474 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1475 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1477 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1481 d->remote_v24_sig = msc->v24_sig;
1483 if (d->modem_status)
1484 d->modem_status(d, msc->v24_sig);
1486 rfcomm_dlc_unlock(d);
1488 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1490 d->mscex |= RFCOMM_MSCEX_RX;
1492 d->mscex |= RFCOMM_MSCEX_TX;
1497 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1499 struct rfcomm_mcc *mcc = (void *) skb->data;
1502 cr = __test_cr(mcc->type);
1503 type = __get_mcc_type(mcc->type);
1504 len = __get_mcc_len(mcc->len);
1506 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1512 rfcomm_recv_pn(s, cr, skb);
1516 rfcomm_recv_rpn(s, cr, len, skb);
1520 rfcomm_recv_rls(s, cr, skb);
1524 rfcomm_recv_msc(s, cr, skb);
1529 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1530 rfcomm_send_fcoff(s, 0);
1536 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1537 rfcomm_send_fcon(s, 0);
1543 rfcomm_send_test(s, 0, skb->data, skb->len);
1550 BT_ERR("Unknown control type 0x%02x", type);
1551 rfcomm_send_nsc(s, cr, type);
1557 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1559 struct rfcomm_dlc *d;
1561 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1563 d = rfcomm_dlc_get(s, dlci);
1565 rfcomm_send_dm(s, dlci);
1570 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1572 d->tx_credits += credits;
1574 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1577 if (skb->len && d->state == BT_CONNECTED) {
1580 d->data_ready(d, skb);
1581 rfcomm_dlc_unlock(d);
1590 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1592 struct rfcomm_hdr *hdr = (void *) skb->data;
1595 dlci = __get_dlci(hdr->addr);
1596 type = __get_type(hdr->ctrl);
1599 skb->len--; skb->tail--;
1600 fcs = *(u8 *)skb_tail_pointer(skb);
1602 if (__check_fcs(skb->data, type, fcs)) {
1603 BT_ERR("bad checksum in packet");
1608 if (__test_ea(hdr->len))
1615 if (__test_pf(hdr->ctrl))
1616 rfcomm_recv_sabm(s, dlci);
1620 if (__test_pf(hdr->ctrl))
1621 rfcomm_recv_disc(s, dlci);
1625 if (__test_pf(hdr->ctrl))
1626 rfcomm_recv_ua(s, dlci);
1630 rfcomm_recv_dm(s, dlci);
1635 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1637 rfcomm_recv_mcc(s, skb);
1641 BT_ERR("Unknown packet type 0x%02x\n", type);
1648 /* ---- Connection and data processing ---- */
1650 static void rfcomm_process_connect(struct rfcomm_session *s)
1652 struct rfcomm_dlc *d;
1653 struct list_head *p, *n;
1655 BT_DBG("session %p state %ld", s, s->state);
1657 list_for_each_safe(p, n, &s->dlcs) {
1658 d = list_entry(p, struct rfcomm_dlc, list);
1659 if (d->state == BT_CONFIG) {
1661 if (rfcomm_check_link_mode(d)) {
1662 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1663 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1665 rfcomm_send_pn(s, 1, d);
1670 /* Send data queued for the DLC.
1671 * Return number of frames left in the queue.
1673 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1675 struct sk_buff *skb;
1678 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1679 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1681 /* Send pending MSC */
1682 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1683 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1687 * Give them some credits */
1688 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1689 d->rx_credits <= (d->cfc >> 2)) {
1690 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1691 d->rx_credits = d->cfc;
1695 * Give ourselves some credits */
1699 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1700 return skb_queue_len(&d->tx_queue);
1702 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1703 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1705 skb_queue_head(&d->tx_queue, skb);
1712 if (d->cfc && !d->tx_credits) {
1713 /* We're out of TX credits.
1714 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1715 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1718 return skb_queue_len(&d->tx_queue);
1721 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1723 struct rfcomm_dlc *d;
1724 struct list_head *p, *n;
1726 BT_DBG("session %p state %ld", s, s->state);
1728 list_for_each_safe(p, n, &s->dlcs) {
1729 d = list_entry(p, struct rfcomm_dlc, list);
1731 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1732 __rfcomm_dlc_close(d, ETIMEDOUT);
1736 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1737 rfcomm_dlc_clear_timer(d);
1739 rfcomm_send_pn(s, 1, d);
1740 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1742 if (d->defer_setup) {
1743 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1744 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1746 rfcomm_dlc_accept(d);
1748 if (d->link_mode & RFCOMM_LM_SECURE) {
1749 struct sock *sk = s->sock->sk;
1750 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
1753 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1754 rfcomm_dlc_clear_timer(d);
1756 rfcomm_send_dm(s, d->dlci);
1758 d->state = BT_CLOSED;
1759 __rfcomm_dlc_close(d, ECONNREFUSED);
1763 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1766 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1767 d->mscex == RFCOMM_MSCEX_OK)
1768 rfcomm_process_tx(d);
1772 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1774 struct socket *sock = s->sock;
1775 struct sock *sk = sock->sk;
1776 struct sk_buff *skb;
1778 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1780 /* Get data directly from socket receive queue without copying it. */
1781 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1783 rfcomm_recv_frame(s, skb);
1786 if (sk->sk_state == BT_CLOSED) {
1788 rfcomm_session_put(s);
1790 rfcomm_session_close(s, sk->sk_err);
1794 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1796 struct socket *sock = s->sock, *nsock;
1799 /* Fast check for a new connection.
1800 * Avoids unnesesary socket allocations. */
1801 if (list_empty(&bt_sk(sock->sk)->accept_q))
1804 BT_DBG("session %p", s);
1806 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1810 /* Set our callbacks */
1811 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1812 nsock->sk->sk_state_change = rfcomm_l2state_change;
1814 s = rfcomm_session_add(nsock, BT_OPEN);
1816 rfcomm_session_hold(s);
1818 /* We should adjust MTU on incoming sessions.
1819 * L2CAP MTU minus UIH header and FCS. */
1820 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5;
1822 rfcomm_schedule(RFCOMM_SCHED_RX);
1824 sock_release(nsock);
1827 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1829 struct sock *sk = s->sock->sk;
1831 BT_DBG("%p state %ld", s, s->state);
1833 switch(sk->sk_state) {
1835 s->state = BT_CONNECT;
1837 /* We can adjust MTU on outgoing sessions.
1838 * L2CAP MTU minus UIH header and FCS. */
1839 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1841 rfcomm_send_sabm(s, 0);
1845 s->state = BT_CLOSED;
1846 rfcomm_session_close(s, sk->sk_err);
1851 static inline void rfcomm_process_sessions(void)
1853 struct list_head *p, *n;
1857 list_for_each_safe(p, n, &session_list) {
1858 struct rfcomm_session *s;
1859 s = list_entry(p, struct rfcomm_session, list);
1861 if (s->state == BT_LISTEN) {
1862 rfcomm_accept_connection(s);
1866 rfcomm_session_hold(s);
1870 rfcomm_check_connection(s);
1874 rfcomm_process_rx(s);
1878 rfcomm_process_dlcs(s);
1880 rfcomm_session_put(s);
1886 static int rfcomm_add_listener(bdaddr_t *ba)
1888 struct sockaddr_l2 addr;
1889 struct socket *sock;
1891 struct rfcomm_session *s;
1895 err = rfcomm_l2sock_create(&sock);
1897 BT_ERR("Create socket failed %d", err);
1902 bacpy(&addr.l2_bdaddr, ba);
1903 addr.l2_family = AF_BLUETOOTH;
1904 addr.l2_psm = htobs(RFCOMM_PSM);
1905 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1907 BT_ERR("Bind failed %d", err);
1911 /* Set L2CAP options */
1914 l2cap_pi(sk)->imtu = l2cap_mtu;
1917 /* Start listening on the socket */
1918 err = kernel_listen(sock, 10);
1920 BT_ERR("Listen failed %d", err);
1924 /* Add listening session */
1925 s = rfcomm_session_add(sock, BT_LISTEN);
1929 rfcomm_session_hold(s);
1936 static void rfcomm_kill_listener(void)
1938 struct rfcomm_session *s;
1939 struct list_head *p, *n;
1943 list_for_each_safe(p, n, &session_list) {
1944 s = list_entry(p, struct rfcomm_session, list);
1945 rfcomm_session_del(s);
1949 static int rfcomm_run(void *unused)
1953 set_user_nice(current, -10);
1955 rfcomm_add_listener(BDADDR_ANY);
1957 while (!kthread_should_stop()) {
1958 set_current_state(TASK_INTERRUPTIBLE);
1959 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1960 /* No pending events. Let's sleep.
1961 * Incoming connections and data will wake us up. */
1964 set_current_state(TASK_RUNNING);
1967 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1968 rfcomm_process_sessions();
1971 rfcomm_kill_listener();
1976 static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
1978 struct rfcomm_session *s;
1979 struct rfcomm_dlc *d;
1980 struct list_head *p, *n;
1982 BT_DBG("conn %p status 0x%02x", conn, status);
1984 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1988 rfcomm_session_hold(s);
1990 list_for_each_safe(p, n, &s->dlcs) {
1991 d = list_entry(p, struct rfcomm_dlc, list);
1993 if ((d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) &&
1994 !(conn->link_mode & HCI_LM_ENCRYPT) && !status)
1997 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2001 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2003 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2006 rfcomm_session_put(s);
2008 rfcomm_schedule(RFCOMM_SCHED_AUTH);
2011 static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2013 struct rfcomm_session *s;
2014 struct rfcomm_dlc *d;
2015 struct list_head *p, *n;
2017 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2019 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2023 rfcomm_session_hold(s);
2025 list_for_each_safe(p, n, &s->dlcs) {
2026 d = list_entry(p, struct rfcomm_dlc, list);
2028 if ((d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) &&
2029 (d->state == BT_CONNECTED ||
2030 d->state == BT_CONFIG) &&
2031 !status && encrypt == 0x00) {
2032 __rfcomm_dlc_close(d, ECONNREFUSED);
2036 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2039 if (!status && encrypt)
2040 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2042 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2045 rfcomm_session_put(s);
2047 rfcomm_schedule(RFCOMM_SCHED_AUTH);
2050 static struct hci_cb rfcomm_cb = {
2052 .auth_cfm = rfcomm_auth_cfm,
2053 .encrypt_cfm = rfcomm_encrypt_cfm
2056 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
2058 struct rfcomm_session *s;
2059 struct list_head *pp, *p;
2064 list_for_each(p, &session_list) {
2065 s = list_entry(p, struct rfcomm_session, list);
2066 list_for_each(pp, &s->dlcs) {
2067 struct sock *sk = s->sock->sk;
2068 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
2070 str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2071 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2072 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
2081 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
2083 /* ---- Initialization ---- */
2084 static int __init rfcomm_init(void)
2088 hci_register_cb(&rfcomm_cb);
2090 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2091 if (IS_ERR(rfcomm_thread)) {
2092 hci_unregister_cb(&rfcomm_cb);
2093 return PTR_ERR(rfcomm_thread);
2096 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0)
2097 BT_ERR("Failed to create RFCOMM info file");
2099 rfcomm_init_sockets();
2101 #ifdef CONFIG_BT_RFCOMM_TTY
2105 BT_INFO("RFCOMM ver %s", VERSION);
2110 static void __exit rfcomm_exit(void)
2112 class_remove_file(bt_class, &class_attr_rfcomm_dlc);
2114 hci_unregister_cb(&rfcomm_cb);
2116 kthread_stop(rfcomm_thread);
2118 #ifdef CONFIG_BT_RFCOMM_TTY
2119 rfcomm_cleanup_ttys();
2122 rfcomm_cleanup_sockets();
2125 module_init(rfcomm_init);
2126 module_exit(rfcomm_exit);
2128 module_param(disable_cfc, bool, 0644);
2129 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2131 module_param(channel_mtu, int, 0644);
2132 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2134 module_param(l2cap_mtu, uint, 0644);
2135 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2137 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2138 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2139 MODULE_VERSION(VERSION);
2140 MODULE_LICENSE("GPL");
2141 MODULE_ALIAS("bt-proto-3");
git.openpandora.org / pandora-kernel.git / blob