2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
27 * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $
30 #include <linux/module.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/sched.h>
34 #include <linux/signal.h>
35 #include <linux/init.h>
36 #include <linux/wait.h>
37 #include <linux/device.h>
38 #include <linux/net.h>
39 #include <linux/mutex.h>
42 #include <asm/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
47 #include <net/bluetooth/l2cap.h>
48 #include <net/bluetooth/rfcomm.h>
50 #ifndef CONFIG_BT_RFCOMM_DEBUG
57 static int disable_cfc = 0;
58 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
60 static struct task_struct *rfcomm_thread;
62 static DEFINE_MUTEX(rfcomm_mutex);
63 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
64 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
66 static unsigned long rfcomm_event;
68 static LIST_HEAD(session_list);
69 static atomic_t terminate, running;
71 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
72 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
73 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
74 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
75 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
76 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
77 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
78 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
79 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
80 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
82 static void rfcomm_process_connect(struct rfcomm_session *s);
84 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
85 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
86 static void rfcomm_session_del(struct rfcomm_session *s);
88 /* ---- RFCOMM frame parsing macros ---- */
89 #define __get_dlci(b) ((b & 0xfc) >> 2)
90 #define __get_channel(b) ((b & 0xf8) >> 3)
91 #define __get_dir(b) ((b & 0x04) >> 2)
92 #define __get_type(b) ((b & 0xef))
94 #define __test_ea(b) ((b & 0x01))
95 #define __test_cr(b) ((b & 0x02))
96 #define __test_pf(b) ((b & 0x10))
98 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
99 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
100 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
101 #define __srv_channel(dlci) (dlci >> 1)
102 #define __dir(dlci) (dlci & 0x01)
104 #define __len8(len) (((len) << 1) | 1)
105 #define __len16(len) ((len) << 1)
108 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
109 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
110 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
113 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
114 #define __get_rpn_data_bits(line) ((line) & 0x3)
115 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
116 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
118 static inline void rfcomm_schedule(uint event)
122 //set_bit(event, &rfcomm_event);
123 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
124 wake_up_process(rfcomm_thread);
127 static inline void rfcomm_session_put(struct rfcomm_session *s)
129 if (atomic_dec_and_test(&s->refcnt))
130 rfcomm_session_del(s);
133 /* ---- RFCOMM FCS computation ---- */
135 /* reversed, 8-bit, poly=0x07 */
136 static unsigned char rfcomm_crc_table[256] = {
137 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
138 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
139 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
140 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
142 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
143 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
144 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
145 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
147 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
148 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
149 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
150 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
152 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
153 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
154 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
155 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
157 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
158 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
159 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
160 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
162 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
163 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
164 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
165 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
167 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
168 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
169 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
170 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
172 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
173 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
174 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
175 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
179 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
182 static inline u8 __fcs(u8 *data)
184 return (0xff - __crc(data));
188 static inline u8 __fcs2(u8 *data)
190 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
194 static inline int __check_fcs(u8 *data, int type, u8 fcs)
198 if (type != RFCOMM_UIH)
199 f = rfcomm_crc_table[f ^ data[2]];
201 return rfcomm_crc_table[f ^ fcs] != 0xcf;
204 /* ---- L2CAP callbacks ---- */
205 static void rfcomm_l2state_change(struct sock *sk)
207 BT_DBG("%p state %d", sk, sk->sk_state);
208 rfcomm_schedule(RFCOMM_SCHED_STATE);
211 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
213 BT_DBG("%p bytes %d", sk, bytes);
214 rfcomm_schedule(RFCOMM_SCHED_RX);
217 static int rfcomm_l2sock_create(struct socket **sock)
223 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
225 struct sock *sk = (*sock)->sk;
226 sk->sk_data_ready = rfcomm_l2data_ready;
227 sk->sk_state_change = rfcomm_l2state_change;
232 /* ---- RFCOMM DLCs ---- */
233 static void rfcomm_dlc_timeout(unsigned long arg)
235 struct rfcomm_dlc *d = (void *) arg;
237 BT_DBG("dlc %p state %ld", d, d->state);
239 set_bit(RFCOMM_TIMED_OUT, &d->flags);
241 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
244 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
246 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
248 if (!mod_timer(&d->timer, jiffies + timeout))
252 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
254 BT_DBG("dlc %p state %ld", d, d->state);
256 if (timer_pending(&d->timer) && del_timer(&d->timer))
260 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
267 d->mtu = RFCOMM_DEFAULT_MTU;
268 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
270 d->cfc = RFCOMM_CFC_DISABLED;
271 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
274 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
276 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
281 init_timer(&d->timer);
282 d->timer.function = rfcomm_dlc_timeout;
283 d->timer.data = (unsigned long) d;
285 skb_queue_head_init(&d->tx_queue);
286 spin_lock_init(&d->lock);
287 atomic_set(&d->refcnt, 1);
289 rfcomm_dlc_clear_state(d);
296 void rfcomm_dlc_free(struct rfcomm_dlc *d)
300 skb_queue_purge(&d->tx_queue);
304 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
306 BT_DBG("dlc %p session %p", d, s);
308 rfcomm_session_hold(s);
311 list_add(&d->list, &s->dlcs);
315 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
317 struct rfcomm_session *s = d->session;
319 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
325 rfcomm_session_put(s);
328 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
330 struct rfcomm_dlc *d;
333 list_for_each(p, &s->dlcs) {
334 d = list_entry(p, struct rfcomm_dlc, list);
341 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
343 struct rfcomm_session *s;
347 BT_DBG("dlc %p state %ld %s %s channel %d",
348 d, d->state, batostr(src), batostr(dst), channel);
350 if (channel < 1 || channel > 30)
353 if (d->state != BT_OPEN && d->state != BT_CLOSED)
356 s = rfcomm_session_get(src, dst);
358 s = rfcomm_session_create(src, dst, &err);
363 dlci = __dlci(!s->initiator, channel);
365 /* Check if DLCI already exists */
366 if (rfcomm_dlc_get(s, dlci))
369 rfcomm_dlc_clear_state(d);
372 d->addr = __addr(s->initiator, dlci);
375 d->state = BT_CONFIG;
376 rfcomm_dlc_link(s, d);
379 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
381 if (s->state == BT_CONNECTED)
382 rfcomm_send_pn(s, 1, d);
383 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
387 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
393 r = __rfcomm_dlc_open(d, src, dst, channel);
399 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
401 struct rfcomm_session *s = d->session;
405 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
406 d, d->state, d->dlci, err, s);
412 d->state = BT_DISCONN;
413 if (skb_queue_empty(&d->tx_queue)) {
414 rfcomm_send_disc(s, d->dlci);
415 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
417 rfcomm_queue_disc(d);
418 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
423 rfcomm_dlc_clear_timer(d);
426 d->state = BT_CLOSED;
427 d->state_change(d, err);
428 rfcomm_dlc_unlock(d);
430 skb_queue_purge(&d->tx_queue);
431 rfcomm_dlc_unlink(d);
437 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
443 r = __rfcomm_dlc_close(d, err);
449 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
453 if (d->state != BT_CONNECTED)
456 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
461 rfcomm_make_uih(skb, d->addr);
462 skb_queue_tail(&d->tx_queue, skb);
464 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
465 rfcomm_schedule(RFCOMM_SCHED_TX);
469 void fastcall __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
471 BT_DBG("dlc %p state %ld", d, d->state);
474 d->v24_sig |= RFCOMM_V24_FC;
475 set_bit(RFCOMM_MSC_PENDING, &d->flags);
477 rfcomm_schedule(RFCOMM_SCHED_TX);
480 void fastcall __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
482 BT_DBG("dlc %p state %ld", d, d->state);
485 d->v24_sig &= ~RFCOMM_V24_FC;
486 set_bit(RFCOMM_MSC_PENDING, &d->flags);
488 rfcomm_schedule(RFCOMM_SCHED_TX);
492 Set/get modem status functions use _local_ status i.e. what we report
494 Remote status is provided by dlc->modem_status() callback.
496 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
498 BT_DBG("dlc %p state %ld v24_sig 0x%x",
499 d, d->state, v24_sig);
501 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
502 v24_sig |= RFCOMM_V24_FC;
504 v24_sig &= ~RFCOMM_V24_FC;
506 d->v24_sig = v24_sig;
508 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
509 rfcomm_schedule(RFCOMM_SCHED_TX);
514 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
516 BT_DBG("dlc %p state %ld v24_sig 0x%x",
517 d, d->state, d->v24_sig);
519 *v24_sig = d->v24_sig;
523 /* ---- RFCOMM sessions ---- */
524 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
526 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
531 BT_DBG("session %p sock %p", s, sock);
533 INIT_LIST_HEAD(&s->dlcs);
537 s->mtu = RFCOMM_DEFAULT_MTU;
538 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
540 /* Do not increment module usage count for listening sessions.
541 * Otherwise we won't be able to unload the module. */
542 if (state != BT_LISTEN)
543 if (!try_module_get(THIS_MODULE)) {
548 list_add(&s->list, &session_list);
553 static void rfcomm_session_del(struct rfcomm_session *s)
555 int state = s->state;
557 BT_DBG("session %p state %ld", s, s->state);
561 if (state == BT_CONNECTED)
562 rfcomm_send_disc(s, 0);
564 sock_release(s->sock);
567 if (state != BT_LISTEN)
568 module_put(THIS_MODULE);
571 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
573 struct rfcomm_session *s;
574 struct list_head *p, *n;
576 list_for_each_safe(p, n, &session_list) {
577 s = list_entry(p, struct rfcomm_session, list);
578 sk = bt_sk(s->sock->sk);
580 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
581 !bacmp(&sk->dst, dst))
587 static void rfcomm_session_close(struct rfcomm_session *s, int err)
589 struct rfcomm_dlc *d;
590 struct list_head *p, *n;
592 BT_DBG("session %p state %ld err %d", s, s->state, err);
594 rfcomm_session_hold(s);
596 s->state = BT_CLOSED;
599 list_for_each_safe(p, n, &s->dlcs) {
600 d = list_entry(p, struct rfcomm_dlc, list);
601 d->state = BT_CLOSED;
602 __rfcomm_dlc_close(d, err);
605 rfcomm_session_put(s);
608 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
610 struct rfcomm_session *s = NULL;
611 struct sockaddr_l2 addr;
615 BT_DBG("%s %s", batostr(src), batostr(dst));
617 *err = rfcomm_l2sock_create(&sock);
621 bacpy(&addr.l2_bdaddr, src);
622 addr.l2_family = AF_BLUETOOTH;
624 *err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
628 /* Set L2CAP options */
631 l2cap_pi(sk)->imtu = l2cap_mtu;
634 s = rfcomm_session_add(sock, BT_BOUND);
642 bacpy(&addr.l2_bdaddr, dst);
643 addr.l2_family = AF_BLUETOOTH;
644 addr.l2_psm = htobs(RFCOMM_PSM);
645 *err = sock->ops->connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
646 if (*err == 0 || *err == -EAGAIN)
649 rfcomm_session_del(s);
657 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
659 struct sock *sk = s->sock->sk;
661 bacpy(src, &bt_sk(sk)->src);
663 bacpy(dst, &bt_sk(sk)->dst);
666 /* ---- RFCOMM frame sending ---- */
667 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
669 struct socket *sock = s->sock;
670 struct kvec iv = { data, len };
673 BT_DBG("session %p len %d", s, len);
675 memset(&msg, 0, sizeof(msg));
677 return kernel_sendmsg(sock, &msg, &iv, 1, len);
680 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
682 struct rfcomm_cmd cmd;
684 BT_DBG("%p dlci %d", s, dlci);
686 cmd.addr = __addr(s->initiator, dlci);
687 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
689 cmd.fcs = __fcs2((u8 *) &cmd);
691 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
694 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
696 struct rfcomm_cmd cmd;
698 BT_DBG("%p dlci %d", s, dlci);
700 cmd.addr = __addr(!s->initiator, dlci);
701 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
703 cmd.fcs = __fcs2((u8 *) &cmd);
705 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
708 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
710 struct rfcomm_cmd cmd;
712 BT_DBG("%p dlci %d", s, dlci);
714 cmd.addr = __addr(s->initiator, dlci);
715 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
717 cmd.fcs = __fcs2((u8 *) &cmd);
719 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
722 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
724 struct rfcomm_cmd *cmd;
727 BT_DBG("dlc %p dlci %d", d, d->dlci);
729 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
733 cmd = (void *) __skb_put(skb, sizeof(*cmd));
735 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
736 cmd->len = __len8(0);
737 cmd->fcs = __fcs2((u8 *) cmd);
739 skb_queue_tail(&d->tx_queue, skb);
740 rfcomm_schedule(RFCOMM_SCHED_TX);
744 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
746 struct rfcomm_cmd cmd;
748 BT_DBG("%p dlci %d", s, dlci);
750 cmd.addr = __addr(!s->initiator, dlci);
751 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
753 cmd.fcs = __fcs2((u8 *) &cmd);
755 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
758 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
760 struct rfcomm_hdr *hdr;
761 struct rfcomm_mcc *mcc;
762 u8 buf[16], *ptr = buf;
764 BT_DBG("%p cr %d type %d", s, cr, type);
766 hdr = (void *) ptr; ptr += sizeof(*hdr);
767 hdr->addr = __addr(s->initiator, 0);
768 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
769 hdr->len = __len8(sizeof(*mcc) + 1);
771 mcc = (void *) ptr; ptr += sizeof(*mcc);
772 mcc->type = __mcc_type(cr, RFCOMM_NSC);
773 mcc->len = __len8(1);
775 /* Type that we didn't like */
776 *ptr = __mcc_type(cr, type); ptr++;
778 *ptr = __fcs(buf); ptr++;
780 return rfcomm_send_frame(s, buf, ptr - buf);
783 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
785 struct rfcomm_hdr *hdr;
786 struct rfcomm_mcc *mcc;
787 struct rfcomm_pn *pn;
788 u8 buf[16], *ptr = buf;
790 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
792 hdr = (void *) ptr; ptr += sizeof(*hdr);
793 hdr->addr = __addr(s->initiator, 0);
794 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
795 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
797 mcc = (void *) ptr; ptr += sizeof(*mcc);
798 mcc->type = __mcc_type(cr, RFCOMM_PN);
799 mcc->len = __len8(sizeof(*pn));
801 pn = (void *) ptr; ptr += sizeof(*pn);
803 pn->priority = d->priority;
808 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
809 pn->credits = RFCOMM_DEFAULT_CREDITS;
815 pn->mtu = htobs(d->mtu);
817 *ptr = __fcs(buf); ptr++;
819 return rfcomm_send_frame(s, buf, ptr - buf);
822 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
823 u8 bit_rate, u8 data_bits, u8 stop_bits,
824 u8 parity, u8 flow_ctrl_settings,
825 u8 xon_char, u8 xoff_char, u16 param_mask)
827 struct rfcomm_hdr *hdr;
828 struct rfcomm_mcc *mcc;
829 struct rfcomm_rpn *rpn;
830 u8 buf[16], *ptr = buf;
832 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
833 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
834 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
835 flow_ctrl_settings, xon_char, xoff_char, param_mask);
837 hdr = (void *) ptr; ptr += sizeof(*hdr);
838 hdr->addr = __addr(s->initiator, 0);
839 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
840 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
842 mcc = (void *) ptr; ptr += sizeof(*mcc);
843 mcc->type = __mcc_type(cr, RFCOMM_RPN);
844 mcc->len = __len8(sizeof(*rpn));
846 rpn = (void *) ptr; ptr += sizeof(*rpn);
847 rpn->dlci = __addr(1, dlci);
848 rpn->bit_rate = bit_rate;
849 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
850 rpn->flow_ctrl = flow_ctrl_settings;
851 rpn->xon_char = xon_char;
852 rpn->xoff_char = xoff_char;
853 rpn->param_mask = param_mask;
855 *ptr = __fcs(buf); ptr++;
857 return rfcomm_send_frame(s, buf, ptr - buf);
860 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
862 struct rfcomm_hdr *hdr;
863 struct rfcomm_mcc *mcc;
864 struct rfcomm_rls *rls;
865 u8 buf[16], *ptr = buf;
867 BT_DBG("%p cr %d status 0x%x", s, cr, status);
869 hdr = (void *) ptr; ptr += sizeof(*hdr);
870 hdr->addr = __addr(s->initiator, 0);
871 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
872 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
874 mcc = (void *) ptr; ptr += sizeof(*mcc);
875 mcc->type = __mcc_type(cr, RFCOMM_RLS);
876 mcc->len = __len8(sizeof(*rls));
878 rls = (void *) ptr; ptr += sizeof(*rls);
879 rls->dlci = __addr(1, dlci);
880 rls->status = status;
882 *ptr = __fcs(buf); ptr++;
884 return rfcomm_send_frame(s, buf, ptr - buf);
887 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
889 struct rfcomm_hdr *hdr;
890 struct rfcomm_mcc *mcc;
891 struct rfcomm_msc *msc;
892 u8 buf[16], *ptr = buf;
894 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
896 hdr = (void *) ptr; ptr += sizeof(*hdr);
897 hdr->addr = __addr(s->initiator, 0);
898 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
899 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
901 mcc = (void *) ptr; ptr += sizeof(*mcc);
902 mcc->type = __mcc_type(cr, RFCOMM_MSC);
903 mcc->len = __len8(sizeof(*msc));
905 msc = (void *) ptr; ptr += sizeof(*msc);
906 msc->dlci = __addr(1, dlci);
907 msc->v24_sig = v24_sig | 0x01;
909 *ptr = __fcs(buf); ptr++;
911 return rfcomm_send_frame(s, buf, ptr - buf);
914 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
916 struct rfcomm_hdr *hdr;
917 struct rfcomm_mcc *mcc;
918 u8 buf[16], *ptr = buf;
920 BT_DBG("%p cr %d", s, cr);
922 hdr = (void *) ptr; ptr += sizeof(*hdr);
923 hdr->addr = __addr(s->initiator, 0);
924 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
925 hdr->len = __len8(sizeof(*mcc));
927 mcc = (void *) ptr; ptr += sizeof(*mcc);
928 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
929 mcc->len = __len8(0);
931 *ptr = __fcs(buf); ptr++;
933 return rfcomm_send_frame(s, buf, ptr - buf);
936 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
938 struct rfcomm_hdr *hdr;
939 struct rfcomm_mcc *mcc;
940 u8 buf[16], *ptr = buf;
942 BT_DBG("%p cr %d", s, cr);
944 hdr = (void *) ptr; ptr += sizeof(*hdr);
945 hdr->addr = __addr(s->initiator, 0);
946 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
947 hdr->len = __len8(sizeof(*mcc));
949 mcc = (void *) ptr; ptr += sizeof(*mcc);
950 mcc->type = __mcc_type(cr, RFCOMM_FCON);
951 mcc->len = __len8(0);
953 *ptr = __fcs(buf); ptr++;
955 return rfcomm_send_frame(s, buf, ptr - buf);
958 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
960 struct socket *sock = s->sock;
963 unsigned char hdr[5], crc[1];
968 BT_DBG("%p cr %d", s, cr);
970 hdr[0] = __addr(s->initiator, 0);
971 hdr[1] = __ctrl(RFCOMM_UIH, 0);
972 hdr[2] = 0x01 | ((len + 2) << 1);
973 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
974 hdr[4] = 0x01 | (len << 1);
978 iv[0].iov_base = hdr;
980 iv[1].iov_base = pattern;
982 iv[2].iov_base = crc;
985 memset(&msg, 0, sizeof(msg));
987 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
990 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
992 struct rfcomm_hdr *hdr;
993 u8 buf[16], *ptr = buf;
995 BT_DBG("%p addr %d credits %d", s, addr, credits);
997 hdr = (void *) ptr; ptr += sizeof(*hdr);
999 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1000 hdr->len = __len8(0);
1002 *ptr = credits; ptr++;
1004 *ptr = __fcs(buf); ptr++;
1006 return rfcomm_send_frame(s, buf, ptr - buf);
1009 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1011 struct rfcomm_hdr *hdr;
1016 hdr = (void *) skb_push(skb, 4);
1017 put_unaligned(htobs(__len16(len)), (u16 *) &hdr->len);
1019 hdr = (void *) skb_push(skb, 3);
1020 hdr->len = __len8(len);
1023 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1025 crc = skb_put(skb, 1);
1026 *crc = __fcs((void *) hdr);
1029 /* ---- RFCOMM frame reception ---- */
1030 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1032 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1036 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1038 rfcomm_send_dm(s, dlci);
1044 rfcomm_dlc_clear_timer(d);
1047 d->state = BT_CONNECTED;
1048 d->state_change(d, 0);
1049 rfcomm_dlc_unlock(d);
1051 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1055 d->state = BT_CLOSED;
1056 __rfcomm_dlc_close(d, 0);
1060 /* Control channel */
1063 s->state = BT_CONNECTED;
1064 rfcomm_process_connect(s);
1071 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1075 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1079 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1081 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1086 d->state = BT_CLOSED;
1087 __rfcomm_dlc_close(d, err);
1090 if (s->state == BT_CONNECT)
1095 s->state = BT_CLOSED;
1096 rfcomm_session_close(s, err);
1101 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1105 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1108 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1110 rfcomm_send_ua(s, dlci);
1112 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1117 d->state = BT_CLOSED;
1118 __rfcomm_dlc_close(d, err);
1120 rfcomm_send_dm(s, dlci);
1123 rfcomm_send_ua(s, 0);
1125 if (s->state == BT_CONNECT)
1130 s->state = BT_CLOSED;
1131 rfcomm_session_close(s, err);
1137 static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
1139 struct sock *sk = d->session->sock->sk;
1141 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
1142 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
1144 } else if (d->link_mode & RFCOMM_LM_AUTH) {
1145 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
1152 static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1154 struct sock *sk = d->session->sock->sk;
1156 BT_DBG("dlc %p", d);
1158 rfcomm_send_ua(d->session, d->dlci);
1161 d->state = BT_CONNECTED;
1162 d->state_change(d, 0);
1163 rfcomm_dlc_unlock(d);
1165 if (d->link_mode & RFCOMM_LM_MASTER)
1166 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);
1168 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1171 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1173 struct rfcomm_dlc *d;
1176 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1179 rfcomm_send_ua(s, 0);
1181 if (s->state == BT_OPEN) {
1182 s->state = BT_CONNECTED;
1183 rfcomm_process_connect(s);
1188 /* Check if DLC exists */
1189 d = rfcomm_dlc_get(s, dlci);
1191 if (d->state == BT_OPEN) {
1192 /* DLC was previously opened by PN request */
1193 if (rfcomm_check_link_mode(d)) {
1194 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1195 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1199 rfcomm_dlc_accept(d);
1204 /* Notify socket layer about incoming connection */
1205 channel = __srv_channel(dlci);
1206 if (rfcomm_connect_ind(s, channel, &d)) {
1208 d->addr = __addr(s->initiator, dlci);
1209 rfcomm_dlc_link(s, d);
1211 if (rfcomm_check_link_mode(d)) {
1212 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1213 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1217 rfcomm_dlc_accept(d);
1219 rfcomm_send_dm(s, dlci);
1225 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1227 struct rfcomm_session *s = d->session;
1229 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1230 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1232 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1233 pn->flow_ctrl == 0xe0) {
1234 d->cfc = RFCOMM_CFC_ENABLED;
1235 d->tx_credits = pn->credits;
1237 d->cfc = RFCOMM_CFC_DISABLED;
1238 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1241 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1244 d->priority = pn->priority;
1246 d->mtu = s->mtu = btohs(pn->mtu);
1251 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1253 struct rfcomm_pn *pn = (void *) skb->data;
1254 struct rfcomm_dlc *d;
1257 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1262 d = rfcomm_dlc_get(s, dlci);
1266 rfcomm_apply_pn(d, cr, pn);
1267 rfcomm_send_pn(s, 0, d);
1272 rfcomm_apply_pn(d, cr, pn);
1274 d->state = BT_CONNECT;
1275 rfcomm_send_sabm(s, d->dlci);
1280 u8 channel = __srv_channel(dlci);
1285 /* PN request for non existing DLC.
1286 * Assume incoming connection. */
1287 if (rfcomm_connect_ind(s, channel, &d)) {
1289 d->addr = __addr(s->initiator, dlci);
1290 rfcomm_dlc_link(s, d);
1292 rfcomm_apply_pn(d, cr, pn);
1295 rfcomm_send_pn(s, 0, d);
1297 rfcomm_send_dm(s, dlci);
1303 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1305 struct rfcomm_rpn *rpn = (void *) skb->data;
1306 u8 dlci = __get_dlci(rpn->dlci);
1315 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1317 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1318 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1319 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1325 /* This is a request, return default settings */
1326 bit_rate = RFCOMM_RPN_BR_115200;
1327 data_bits = RFCOMM_RPN_DATA_8;
1328 stop_bits = RFCOMM_RPN_STOP_1;
1329 parity = RFCOMM_RPN_PARITY_NONE;
1330 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1331 xon_char = RFCOMM_RPN_XON_CHAR;
1332 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1336 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1337 * no parity, no flow control lines, normal XON/XOFF chars */
1339 if (rpn->param_mask & RFCOMM_RPN_PM_BITRATE) {
1340 bit_rate = rpn->bit_rate;
1341 if (bit_rate != RFCOMM_RPN_BR_115200) {
1342 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1343 bit_rate = RFCOMM_RPN_BR_115200;
1344 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1348 if (rpn->param_mask & RFCOMM_RPN_PM_DATA) {
1349 data_bits = __get_rpn_data_bits(rpn->line_settings);
1350 if (data_bits != RFCOMM_RPN_DATA_8) {
1351 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1352 data_bits = RFCOMM_RPN_DATA_8;
1353 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1357 if (rpn->param_mask & RFCOMM_RPN_PM_STOP) {
1358 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1359 if (stop_bits != RFCOMM_RPN_STOP_1) {
1360 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1361 stop_bits = RFCOMM_RPN_STOP_1;
1362 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1366 if (rpn->param_mask & RFCOMM_RPN_PM_PARITY) {
1367 parity = __get_rpn_parity(rpn->line_settings);
1368 if (parity != RFCOMM_RPN_PARITY_NONE) {
1369 BT_DBG("RPN parity mismatch 0x%x", parity);
1370 parity = RFCOMM_RPN_PARITY_NONE;
1371 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1375 if (rpn->param_mask & RFCOMM_RPN_PM_FLOW) {
1376 flow_ctrl = rpn->flow_ctrl;
1377 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1378 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1379 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1380 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1384 if (rpn->param_mask & RFCOMM_RPN_PM_XON) {
1385 xon_char = rpn->xon_char;
1386 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1387 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1388 xon_char = RFCOMM_RPN_XON_CHAR;
1389 rpn_mask ^= RFCOMM_RPN_PM_XON;
1393 if (rpn->param_mask & RFCOMM_RPN_PM_XOFF) {
1394 xoff_char = rpn->xoff_char;
1395 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1396 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1397 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1398 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1403 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1404 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1409 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1411 struct rfcomm_rls *rls = (void *) skb->data;
1412 u8 dlci = __get_dlci(rls->dlci);
1414 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1419 /* We should probably do something with this information here. But
1420 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1421 * mandatory to recognise and respond to RLS */
1423 rfcomm_send_rls(s, 0, dlci, rls->status);
1428 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1430 struct rfcomm_msc *msc = (void *) skb->data;
1431 struct rfcomm_dlc *d;
1432 u8 dlci = __get_dlci(msc->dlci);
1434 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1436 d = rfcomm_dlc_get(s, dlci);
1441 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1442 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1444 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1447 if (d->modem_status)
1448 d->modem_status(d, msc->v24_sig);
1449 rfcomm_dlc_unlock(d);
1451 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1453 d->mscex |= RFCOMM_MSCEX_RX;
1455 d->mscex |= RFCOMM_MSCEX_TX;
1460 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1462 struct rfcomm_mcc *mcc = (void *) skb->data;
1465 cr = __test_cr(mcc->type);
1466 type = __get_mcc_type(mcc->type);
1467 len = __get_mcc_len(mcc->len);
1469 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1475 rfcomm_recv_pn(s, cr, skb);
1479 rfcomm_recv_rpn(s, cr, len, skb);
1483 rfcomm_recv_rls(s, cr, skb);
1487 rfcomm_recv_msc(s, cr, skb);
1492 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1493 rfcomm_send_fcoff(s, 0);
1499 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1500 rfcomm_send_fcon(s, 0);
1506 rfcomm_send_test(s, 0, skb->data, skb->len);
1513 BT_ERR("Unknown control type 0x%02x", type);
1514 rfcomm_send_nsc(s, cr, type);
1520 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1522 struct rfcomm_dlc *d;
1524 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1526 d = rfcomm_dlc_get(s, dlci);
1528 rfcomm_send_dm(s, dlci);
1533 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1535 d->tx_credits += credits;
1537 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1540 if (skb->len && d->state == BT_CONNECTED) {
1543 d->data_ready(d, skb);
1544 rfcomm_dlc_unlock(d);
1553 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1555 struct rfcomm_hdr *hdr = (void *) skb->data;
1558 dlci = __get_dlci(hdr->addr);
1559 type = __get_type(hdr->ctrl);
1562 skb->len--; skb->tail--;
1563 fcs = *(u8 *) skb->tail;
1565 if (__check_fcs(skb->data, type, fcs)) {
1566 BT_ERR("bad checksum in packet");
1571 if (__test_ea(hdr->len))
1578 if (__test_pf(hdr->ctrl))
1579 rfcomm_recv_sabm(s, dlci);
1583 if (__test_pf(hdr->ctrl))
1584 rfcomm_recv_disc(s, dlci);
1588 if (__test_pf(hdr->ctrl))
1589 rfcomm_recv_ua(s, dlci);
1593 rfcomm_recv_dm(s, dlci);
1598 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1600 rfcomm_recv_mcc(s, skb);
1604 BT_ERR("Unknown packet type 0x%02x\n", type);
1611 /* ---- Connection and data processing ---- */
1613 static void rfcomm_process_connect(struct rfcomm_session *s)
1615 struct rfcomm_dlc *d;
1616 struct list_head *p, *n;
1618 BT_DBG("session %p state %ld", s, s->state);
1620 list_for_each_safe(p, n, &s->dlcs) {
1621 d = list_entry(p, struct rfcomm_dlc, list);
1622 if (d->state == BT_CONFIG) {
1624 rfcomm_send_pn(s, 1, d);
1629 /* Send data queued for the DLC.
1630 * Return number of frames left in the queue.
1632 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1634 struct sk_buff *skb;
1637 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1638 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1640 /* Send pending MSC */
1641 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1642 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1646 * Give them some credits */
1647 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1648 d->rx_credits <= (d->cfc >> 2)) {
1649 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1650 d->rx_credits = d->cfc;
1654 * Give ourselves some credits */
1658 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1659 return skb_queue_len(&d->tx_queue);
1661 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1662 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1664 skb_queue_head(&d->tx_queue, skb);
1671 if (d->cfc && !d->tx_credits) {
1672 /* We're out of TX credits.
1673 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1674 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1677 return skb_queue_len(&d->tx_queue);
1680 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1682 struct rfcomm_dlc *d;
1683 struct list_head *p, *n;
1685 BT_DBG("session %p state %ld", s, s->state);
1687 list_for_each_safe(p, n, &s->dlcs) {
1688 d = list_entry(p, struct rfcomm_dlc, list);
1690 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1691 __rfcomm_dlc_close(d, ETIMEDOUT);
1695 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1696 rfcomm_dlc_clear_timer(d);
1697 rfcomm_dlc_accept(d);
1698 if (d->link_mode & RFCOMM_LM_SECURE) {
1699 struct sock *sk = s->sock->sk;
1700 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
1703 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1704 rfcomm_dlc_clear_timer(d);
1705 rfcomm_send_dm(s, d->dlci);
1706 __rfcomm_dlc_close(d, ECONNREFUSED);
1710 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1713 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1714 d->mscex == RFCOMM_MSCEX_OK)
1715 rfcomm_process_tx(d);
1719 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1721 struct socket *sock = s->sock;
1722 struct sock *sk = sock->sk;
1723 struct sk_buff *skb;
1725 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1727 /* Get data directly from socket receive queue without copying it. */
1728 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1730 rfcomm_recv_frame(s, skb);
1733 if (sk->sk_state == BT_CLOSED) {
1735 rfcomm_session_put(s);
1737 rfcomm_session_close(s, sk->sk_err);
1741 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1743 struct socket *sock = s->sock, *nsock;
1746 /* Fast check for a new connection.
1747 * Avoids unnesesary socket allocations. */
1748 if (list_empty(&bt_sk(sock->sk)->accept_q))
1751 BT_DBG("session %p", s);
1753 if (sock_create_lite(PF_BLUETOOTH, sock->type, BTPROTO_L2CAP, &nsock))
1756 nsock->ops = sock->ops;
1758 __module_get(nsock->ops->owner);
1760 err = sock->ops->accept(sock, nsock, O_NONBLOCK);
1762 sock_release(nsock);
1766 /* Set our callbacks */
1767 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1768 nsock->sk->sk_state_change = rfcomm_l2state_change;
1770 s = rfcomm_session_add(nsock, BT_OPEN);
1772 rfcomm_session_hold(s);
1773 rfcomm_schedule(RFCOMM_SCHED_RX);
1775 sock_release(nsock);
1778 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1780 struct sock *sk = s->sock->sk;
1782 BT_DBG("%p state %ld", s, s->state);
1784 switch(sk->sk_state) {
1786 s->state = BT_CONNECT;
1788 /* We can adjust MTU on outgoing sessions.
1789 * L2CAP MTU minus UIH header and FCS. */
1790 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1792 rfcomm_send_sabm(s, 0);
1796 s->state = BT_CLOSED;
1797 rfcomm_session_close(s, sk->sk_err);
1802 static inline void rfcomm_process_sessions(void)
1804 struct list_head *p, *n;
1808 list_for_each_safe(p, n, &session_list) {
1809 struct rfcomm_session *s;
1810 s = list_entry(p, struct rfcomm_session, list);
1812 if (s->state == BT_LISTEN) {
1813 rfcomm_accept_connection(s);
1817 rfcomm_session_hold(s);
1821 rfcomm_check_connection(s);
1825 rfcomm_process_rx(s);
1829 rfcomm_process_dlcs(s);
1831 rfcomm_session_put(s);
1837 static void rfcomm_worker(void)
1841 while (!atomic_read(&terminate)) {
1842 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1843 /* No pending events. Let's sleep.
1844 * Incoming connections and data will wake us up. */
1845 set_current_state(TASK_INTERRUPTIBLE);
1850 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1851 rfcomm_process_sessions();
1853 set_current_state(TASK_RUNNING);
1857 static int rfcomm_add_listener(bdaddr_t *ba)
1859 struct sockaddr_l2 addr;
1860 struct socket *sock;
1862 struct rfcomm_session *s;
1866 err = rfcomm_l2sock_create(&sock);
1868 BT_ERR("Create socket failed %d", err);
1873 bacpy(&addr.l2_bdaddr, ba);
1874 addr.l2_family = AF_BLUETOOTH;
1875 addr.l2_psm = htobs(RFCOMM_PSM);
1876 err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1878 BT_ERR("Bind failed %d", err);
1882 /* Set L2CAP options */
1885 l2cap_pi(sk)->imtu = l2cap_mtu;
1888 /* Start listening on the socket */
1889 err = sock->ops->listen(sock, 10);
1891 BT_ERR("Listen failed %d", err);
1895 /* Add listening session */
1896 s = rfcomm_session_add(sock, BT_LISTEN);
1900 rfcomm_session_hold(s);
1907 static void rfcomm_kill_listener(void)
1909 struct rfcomm_session *s;
1910 struct list_head *p, *n;
1914 list_for_each_safe(p, n, &session_list) {
1915 s = list_entry(p, struct rfcomm_session, list);
1916 rfcomm_session_del(s);
1920 static int rfcomm_run(void *unused)
1922 rfcomm_thread = current;
1924 atomic_inc(&running);
1926 daemonize("krfcommd");
1927 set_user_nice(current, -10);
1928 current->flags |= PF_NOFREEZE;
1932 rfcomm_add_listener(BDADDR_ANY);
1936 rfcomm_kill_listener();
1938 atomic_dec(&running);
1942 static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
1944 struct rfcomm_session *s;
1945 struct rfcomm_dlc *d;
1946 struct list_head *p, *n;
1948 BT_DBG("conn %p status 0x%02x", conn, status);
1950 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1954 rfcomm_session_hold(s);
1956 list_for_each_safe(p, n, &s->dlcs) {
1957 d = list_entry(p, struct rfcomm_dlc, list);
1959 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE))
1962 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1966 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1968 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1971 rfcomm_session_put(s);
1973 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1976 static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1978 struct rfcomm_session *s;
1979 struct rfcomm_dlc *d;
1980 struct list_head *p, *n;
1982 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
1984 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1988 rfcomm_session_hold(s);
1990 list_for_each_safe(p, n, &s->dlcs) {
1991 d = list_entry(p, struct rfcomm_dlc, list);
1993 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1996 if (!status && encrypt)
1997 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1999 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2002 rfcomm_session_put(s);
2004 rfcomm_schedule(RFCOMM_SCHED_AUTH);
2007 static struct hci_cb rfcomm_cb = {
2009 .auth_cfm = rfcomm_auth_cfm,
2010 .encrypt_cfm = rfcomm_encrypt_cfm
2013 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
2015 struct rfcomm_session *s;
2016 struct list_head *pp, *p;
2021 list_for_each(p, &session_list) {
2022 s = list_entry(p, struct rfcomm_session, list);
2023 list_for_each(pp, &s->dlcs) {
2024 struct sock *sk = s->sock->sk;
2025 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
2027 str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2028 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2029 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
2038 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
2040 /* ---- Initialization ---- */
2041 static int __init rfcomm_init(void)
2045 hci_register_cb(&rfcomm_cb);
2047 kernel_thread(rfcomm_run, NULL, CLONE_KERNEL);
2049 class_create_file(bt_class, &class_attr_rfcomm_dlc);
2051 rfcomm_init_sockets();
2053 #ifdef CONFIG_BT_RFCOMM_TTY
2057 BT_INFO("RFCOMM ver %s", VERSION);
2062 static void __exit rfcomm_exit(void)
2064 class_remove_file(bt_class, &class_attr_rfcomm_dlc);
2066 hci_unregister_cb(&rfcomm_cb);
2068 /* Terminate working thread.
2069 * ie. Set terminate flag and wake it up */
2070 atomic_inc(&terminate);
2071 rfcomm_schedule(RFCOMM_SCHED_STATE);
2073 /* Wait until thread is running */
2074 while (atomic_read(&running))
2077 #ifdef CONFIG_BT_RFCOMM_TTY
2078 rfcomm_cleanup_ttys();
2081 rfcomm_cleanup_sockets();
2084 module_init(rfcomm_init);
2085 module_exit(rfcomm_exit);
2087 module_param(disable_cfc, bool, 0644);
2088 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2090 module_param(l2cap_mtu, uint, 0644);
2091 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2093 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
2094 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2095 MODULE_VERSION(VERSION);
2096 MODULE_LICENSE("GPL");
2097 MODULE_ALIAS("bt-proto-3");
git.openpandora.org / pandora-kernel.git / blob