2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
27 * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $
30 #include <linux/module.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/sched.h>
34 #include <linux/signal.h>
35 #include <linux/init.h>
36 #include <linux/wait.h>
37 #include <linux/device.h>
38 #include <linux/net.h>
39 #include <linux/mutex.h>
42 #include <asm/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
47 #include <net/bluetooth/l2cap.h>
48 #include <net/bluetooth/rfcomm.h>
50 #ifndef CONFIG_BT_RFCOMM_DEBUG
57 static int disable_cfc = 0;
58 static int channel_mtu = -1;
59 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
61 static struct task_struct *rfcomm_thread;
63 static DEFINE_MUTEX(rfcomm_mutex);
64 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
65 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
67 static unsigned long rfcomm_event;
69 static LIST_HEAD(session_list);
70 static atomic_t terminate, running;
72 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
73 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
74 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
75 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
76 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
77 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
78 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
79 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
80 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
81 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
83 static void rfcomm_process_connect(struct rfcomm_session *s);
85 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
86 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
87 static void rfcomm_session_del(struct rfcomm_session *s);
89 /* ---- RFCOMM frame parsing macros ---- */
90 #define __get_dlci(b) ((b & 0xfc) >> 2)
91 #define __get_channel(b) ((b & 0xf8) >> 3)
92 #define __get_dir(b) ((b & 0x04) >> 2)
93 #define __get_type(b) ((b & 0xef))
95 #define __test_ea(b) ((b & 0x01))
96 #define __test_cr(b) ((b & 0x02))
97 #define __test_pf(b) ((b & 0x10))
99 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
100 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
101 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
102 #define __srv_channel(dlci) (dlci >> 1)
103 #define __dir(dlci) (dlci & 0x01)
105 #define __len8(len) (((len) << 1) | 1)
106 #define __len16(len) ((len) << 1)
109 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
110 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
111 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
114 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
115 #define __get_rpn_data_bits(line) ((line) & 0x3)
116 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
117 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
119 static inline void rfcomm_schedule(uint event)
123 //set_bit(event, &rfcomm_event);
124 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
125 wake_up_process(rfcomm_thread);
128 static inline void rfcomm_session_put(struct rfcomm_session *s)
130 if (atomic_dec_and_test(&s->refcnt))
131 rfcomm_session_del(s);
134 /* ---- RFCOMM FCS computation ---- */
136 /* reversed, 8-bit, poly=0x07 */
137 static unsigned char rfcomm_crc_table[256] = {
138 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
139 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
140 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
141 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
143 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
144 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
145 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
146 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
148 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
149 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
150 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
151 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
153 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
154 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
155 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
156 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
158 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
159 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
160 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
161 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
163 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
164 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
165 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
166 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
168 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
169 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
170 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
171 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
173 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
174 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
175 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
176 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
180 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
183 static inline u8 __fcs(u8 *data)
185 return (0xff - __crc(data));
189 static inline u8 __fcs2(u8 *data)
191 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
195 static inline int __check_fcs(u8 *data, int type, u8 fcs)
199 if (type != RFCOMM_UIH)
200 f = rfcomm_crc_table[f ^ data[2]];
202 return rfcomm_crc_table[f ^ fcs] != 0xcf;
205 /* ---- L2CAP callbacks ---- */
206 static void rfcomm_l2state_change(struct sock *sk)
208 BT_DBG("%p state %d", sk, sk->sk_state);
209 rfcomm_schedule(RFCOMM_SCHED_STATE);
212 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
214 BT_DBG("%p bytes %d", sk, bytes);
215 rfcomm_schedule(RFCOMM_SCHED_RX);
218 static int rfcomm_l2sock_create(struct socket **sock)
224 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
226 struct sock *sk = (*sock)->sk;
227 sk->sk_data_ready = rfcomm_l2data_ready;
228 sk->sk_state_change = rfcomm_l2state_change;
233 /* ---- RFCOMM DLCs ---- */
234 static void rfcomm_dlc_timeout(unsigned long arg)
236 struct rfcomm_dlc *d = (void *) arg;
238 BT_DBG("dlc %p state %ld", d, d->state);
240 set_bit(RFCOMM_TIMED_OUT, &d->flags);
242 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
245 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
247 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
249 if (!mod_timer(&d->timer, jiffies + timeout))
253 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
255 BT_DBG("dlc %p state %ld", d, d->state);
257 if (timer_pending(&d->timer) && del_timer(&d->timer))
261 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
268 d->mtu = RFCOMM_DEFAULT_MTU;
269 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
271 d->cfc = RFCOMM_CFC_DISABLED;
272 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
275 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
277 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
282 init_timer(&d->timer);
283 d->timer.function = rfcomm_dlc_timeout;
284 d->timer.data = (unsigned long) d;
286 skb_queue_head_init(&d->tx_queue);
287 spin_lock_init(&d->lock);
288 atomic_set(&d->refcnt, 1);
290 rfcomm_dlc_clear_state(d);
297 void rfcomm_dlc_free(struct rfcomm_dlc *d)
301 skb_queue_purge(&d->tx_queue);
305 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
307 BT_DBG("dlc %p session %p", d, s);
309 rfcomm_session_hold(s);
312 list_add(&d->list, &s->dlcs);
316 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
318 struct rfcomm_session *s = d->session;
320 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
326 rfcomm_session_put(s);
329 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
331 struct rfcomm_dlc *d;
334 list_for_each(p, &s->dlcs) {
335 d = list_entry(p, struct rfcomm_dlc, list);
342 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
344 struct rfcomm_session *s;
348 BT_DBG("dlc %p state %ld %s %s channel %d",
349 d, d->state, batostr(src), batostr(dst), channel);
351 if (channel < 1 || channel > 30)
354 if (d->state != BT_OPEN && d->state != BT_CLOSED)
357 s = rfcomm_session_get(src, dst);
359 s = rfcomm_session_create(src, dst, &err);
364 dlci = __dlci(!s->initiator, channel);
366 /* Check if DLCI already exists */
367 if (rfcomm_dlc_get(s, dlci))
370 rfcomm_dlc_clear_state(d);
373 d->addr = __addr(s->initiator, dlci);
376 d->state = BT_CONFIG;
377 rfcomm_dlc_link(s, d);
380 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
382 if (s->state == BT_CONNECTED)
383 rfcomm_send_pn(s, 1, d);
384 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
388 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
394 r = __rfcomm_dlc_open(d, src, dst, channel);
400 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
402 struct rfcomm_session *s = d->session;
406 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
407 d, d->state, d->dlci, err, s);
413 d->state = BT_DISCONN;
414 if (skb_queue_empty(&d->tx_queue)) {
415 rfcomm_send_disc(s, d->dlci);
416 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
418 rfcomm_queue_disc(d);
419 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
424 rfcomm_dlc_clear_timer(d);
427 d->state = BT_CLOSED;
428 d->state_change(d, err);
429 rfcomm_dlc_unlock(d);
431 skb_queue_purge(&d->tx_queue);
432 rfcomm_dlc_unlink(d);
438 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
444 r = __rfcomm_dlc_close(d, err);
450 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
454 if (d->state != BT_CONNECTED)
457 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
462 rfcomm_make_uih(skb, d->addr);
463 skb_queue_tail(&d->tx_queue, skb);
465 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
466 rfcomm_schedule(RFCOMM_SCHED_TX);
470 void fastcall __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
472 BT_DBG("dlc %p state %ld", d, d->state);
475 d->v24_sig |= RFCOMM_V24_FC;
476 set_bit(RFCOMM_MSC_PENDING, &d->flags);
478 rfcomm_schedule(RFCOMM_SCHED_TX);
481 void fastcall __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
483 BT_DBG("dlc %p state %ld", d, d->state);
486 d->v24_sig &= ~RFCOMM_V24_FC;
487 set_bit(RFCOMM_MSC_PENDING, &d->flags);
489 rfcomm_schedule(RFCOMM_SCHED_TX);
493 Set/get modem status functions use _local_ status i.e. what we report
495 Remote status is provided by dlc->modem_status() callback.
497 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
499 BT_DBG("dlc %p state %ld v24_sig 0x%x",
500 d, d->state, v24_sig);
502 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
503 v24_sig |= RFCOMM_V24_FC;
505 v24_sig &= ~RFCOMM_V24_FC;
507 d->v24_sig = v24_sig;
509 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
510 rfcomm_schedule(RFCOMM_SCHED_TX);
515 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
517 BT_DBG("dlc %p state %ld v24_sig 0x%x",
518 d, d->state, d->v24_sig);
520 *v24_sig = d->v24_sig;
524 /* ---- RFCOMM sessions ---- */
525 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
527 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
532 BT_DBG("session %p sock %p", s, sock);
534 INIT_LIST_HEAD(&s->dlcs);
538 s->mtu = RFCOMM_DEFAULT_MTU;
539 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
541 /* Do not increment module usage count for listening sessions.
542 * Otherwise we won't be able to unload the module. */
543 if (state != BT_LISTEN)
544 if (!try_module_get(THIS_MODULE)) {
549 list_add(&s->list, &session_list);
554 static void rfcomm_session_del(struct rfcomm_session *s)
556 int state = s->state;
558 BT_DBG("session %p state %ld", s, s->state);
562 if (state == BT_CONNECTED)
563 rfcomm_send_disc(s, 0);
565 sock_release(s->sock);
568 if (state != BT_LISTEN)
569 module_put(THIS_MODULE);
572 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
574 struct rfcomm_session *s;
575 struct list_head *p, *n;
577 list_for_each_safe(p, n, &session_list) {
578 s = list_entry(p, struct rfcomm_session, list);
579 sk = bt_sk(s->sock->sk);
581 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
582 !bacmp(&sk->dst, dst))
588 static void rfcomm_session_close(struct rfcomm_session *s, int err)
590 struct rfcomm_dlc *d;
591 struct list_head *p, *n;
593 BT_DBG("session %p state %ld err %d", s, s->state, err);
595 rfcomm_session_hold(s);
597 s->state = BT_CLOSED;
600 list_for_each_safe(p, n, &s->dlcs) {
601 d = list_entry(p, struct rfcomm_dlc, list);
602 d->state = BT_CLOSED;
603 __rfcomm_dlc_close(d, err);
606 rfcomm_session_put(s);
609 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
611 struct rfcomm_session *s = NULL;
612 struct sockaddr_l2 addr;
616 BT_DBG("%s %s", batostr(src), batostr(dst));
618 *err = rfcomm_l2sock_create(&sock);
622 bacpy(&addr.l2_bdaddr, src);
623 addr.l2_family = AF_BLUETOOTH;
625 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
629 /* Set L2CAP options */
632 l2cap_pi(sk)->imtu = l2cap_mtu;
635 s = rfcomm_session_add(sock, BT_BOUND);
643 bacpy(&addr.l2_bdaddr, dst);
644 addr.l2_family = AF_BLUETOOTH;
645 addr.l2_psm = htobs(RFCOMM_PSM);
646 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
647 if (*err == 0 || *err == -EINPROGRESS)
650 rfcomm_session_del(s);
658 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
660 struct sock *sk = s->sock->sk;
662 bacpy(src, &bt_sk(sk)->src);
664 bacpy(dst, &bt_sk(sk)->dst);
667 /* ---- RFCOMM frame sending ---- */
668 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
670 struct socket *sock = s->sock;
671 struct kvec iv = { data, len };
674 BT_DBG("session %p len %d", s, len);
676 memset(&msg, 0, sizeof(msg));
678 return kernel_sendmsg(sock, &msg, &iv, 1, len);
681 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
683 struct rfcomm_cmd cmd;
685 BT_DBG("%p dlci %d", s, dlci);
687 cmd.addr = __addr(s->initiator, dlci);
688 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
690 cmd.fcs = __fcs2((u8 *) &cmd);
692 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
695 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
697 struct rfcomm_cmd cmd;
699 BT_DBG("%p dlci %d", s, dlci);
701 cmd.addr = __addr(!s->initiator, dlci);
702 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
704 cmd.fcs = __fcs2((u8 *) &cmd);
706 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
709 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
711 struct rfcomm_cmd cmd;
713 BT_DBG("%p dlci %d", s, dlci);
715 cmd.addr = __addr(s->initiator, dlci);
716 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
718 cmd.fcs = __fcs2((u8 *) &cmd);
720 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
723 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
725 struct rfcomm_cmd *cmd;
728 BT_DBG("dlc %p dlci %d", d, d->dlci);
730 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
734 cmd = (void *) __skb_put(skb, sizeof(*cmd));
736 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
737 cmd->len = __len8(0);
738 cmd->fcs = __fcs2((u8 *) cmd);
740 skb_queue_tail(&d->tx_queue, skb);
741 rfcomm_schedule(RFCOMM_SCHED_TX);
745 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
747 struct rfcomm_cmd cmd;
749 BT_DBG("%p dlci %d", s, dlci);
751 cmd.addr = __addr(!s->initiator, dlci);
752 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
754 cmd.fcs = __fcs2((u8 *) &cmd);
756 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
759 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
761 struct rfcomm_hdr *hdr;
762 struct rfcomm_mcc *mcc;
763 u8 buf[16], *ptr = buf;
765 BT_DBG("%p cr %d type %d", s, cr, type);
767 hdr = (void *) ptr; ptr += sizeof(*hdr);
768 hdr->addr = __addr(s->initiator, 0);
769 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
770 hdr->len = __len8(sizeof(*mcc) + 1);
772 mcc = (void *) ptr; ptr += sizeof(*mcc);
773 mcc->type = __mcc_type(cr, RFCOMM_NSC);
774 mcc->len = __len8(1);
776 /* Type that we didn't like */
777 *ptr = __mcc_type(cr, type); ptr++;
779 *ptr = __fcs(buf); ptr++;
781 return rfcomm_send_frame(s, buf, ptr - buf);
784 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
786 struct rfcomm_hdr *hdr;
787 struct rfcomm_mcc *mcc;
788 struct rfcomm_pn *pn;
789 u8 buf[16], *ptr = buf;
791 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
793 hdr = (void *) ptr; ptr += sizeof(*hdr);
794 hdr->addr = __addr(s->initiator, 0);
795 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
796 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
798 mcc = (void *) ptr; ptr += sizeof(*mcc);
799 mcc->type = __mcc_type(cr, RFCOMM_PN);
800 mcc->len = __len8(sizeof(*pn));
802 pn = (void *) ptr; ptr += sizeof(*pn);
804 pn->priority = d->priority;
809 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
810 pn->credits = RFCOMM_DEFAULT_CREDITS;
816 if (cr && channel_mtu >= 0)
817 pn->mtu = htobs(channel_mtu);
819 pn->mtu = htobs(d->mtu);
821 *ptr = __fcs(buf); ptr++;
823 return rfcomm_send_frame(s, buf, ptr - buf);
826 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
827 u8 bit_rate, u8 data_bits, u8 stop_bits,
828 u8 parity, u8 flow_ctrl_settings,
829 u8 xon_char, u8 xoff_char, u16 param_mask)
831 struct rfcomm_hdr *hdr;
832 struct rfcomm_mcc *mcc;
833 struct rfcomm_rpn *rpn;
834 u8 buf[16], *ptr = buf;
836 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
837 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
838 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
839 flow_ctrl_settings, xon_char, xoff_char, param_mask);
841 hdr = (void *) ptr; ptr += sizeof(*hdr);
842 hdr->addr = __addr(s->initiator, 0);
843 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
844 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
846 mcc = (void *) ptr; ptr += sizeof(*mcc);
847 mcc->type = __mcc_type(cr, RFCOMM_RPN);
848 mcc->len = __len8(sizeof(*rpn));
850 rpn = (void *) ptr; ptr += sizeof(*rpn);
851 rpn->dlci = __addr(1, dlci);
852 rpn->bit_rate = bit_rate;
853 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
854 rpn->flow_ctrl = flow_ctrl_settings;
855 rpn->xon_char = xon_char;
856 rpn->xoff_char = xoff_char;
857 rpn->param_mask = cpu_to_le16(param_mask);
859 *ptr = __fcs(buf); ptr++;
861 return rfcomm_send_frame(s, buf, ptr - buf);
864 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
866 struct rfcomm_hdr *hdr;
867 struct rfcomm_mcc *mcc;
868 struct rfcomm_rls *rls;
869 u8 buf[16], *ptr = buf;
871 BT_DBG("%p cr %d status 0x%x", s, cr, status);
873 hdr = (void *) ptr; ptr += sizeof(*hdr);
874 hdr->addr = __addr(s->initiator, 0);
875 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
876 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
878 mcc = (void *) ptr; ptr += sizeof(*mcc);
879 mcc->type = __mcc_type(cr, RFCOMM_RLS);
880 mcc->len = __len8(sizeof(*rls));
882 rls = (void *) ptr; ptr += sizeof(*rls);
883 rls->dlci = __addr(1, dlci);
884 rls->status = status;
886 *ptr = __fcs(buf); ptr++;
888 return rfcomm_send_frame(s, buf, ptr - buf);
891 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
893 struct rfcomm_hdr *hdr;
894 struct rfcomm_mcc *mcc;
895 struct rfcomm_msc *msc;
896 u8 buf[16], *ptr = buf;
898 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
900 hdr = (void *) ptr; ptr += sizeof(*hdr);
901 hdr->addr = __addr(s->initiator, 0);
902 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
903 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
905 mcc = (void *) ptr; ptr += sizeof(*mcc);
906 mcc->type = __mcc_type(cr, RFCOMM_MSC);
907 mcc->len = __len8(sizeof(*msc));
909 msc = (void *) ptr; ptr += sizeof(*msc);
910 msc->dlci = __addr(1, dlci);
911 msc->v24_sig = v24_sig | 0x01;
913 *ptr = __fcs(buf); ptr++;
915 return rfcomm_send_frame(s, buf, ptr - buf);
918 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
920 struct rfcomm_hdr *hdr;
921 struct rfcomm_mcc *mcc;
922 u8 buf[16], *ptr = buf;
924 BT_DBG("%p cr %d", s, cr);
926 hdr = (void *) ptr; ptr += sizeof(*hdr);
927 hdr->addr = __addr(s->initiator, 0);
928 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
929 hdr->len = __len8(sizeof(*mcc));
931 mcc = (void *) ptr; ptr += sizeof(*mcc);
932 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
933 mcc->len = __len8(0);
935 *ptr = __fcs(buf); ptr++;
937 return rfcomm_send_frame(s, buf, ptr - buf);
940 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
942 struct rfcomm_hdr *hdr;
943 struct rfcomm_mcc *mcc;
944 u8 buf[16], *ptr = buf;
946 BT_DBG("%p cr %d", s, cr);
948 hdr = (void *) ptr; ptr += sizeof(*hdr);
949 hdr->addr = __addr(s->initiator, 0);
950 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
951 hdr->len = __len8(sizeof(*mcc));
953 mcc = (void *) ptr; ptr += sizeof(*mcc);
954 mcc->type = __mcc_type(cr, RFCOMM_FCON);
955 mcc->len = __len8(0);
957 *ptr = __fcs(buf); ptr++;
959 return rfcomm_send_frame(s, buf, ptr - buf);
962 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
964 struct socket *sock = s->sock;
967 unsigned char hdr[5], crc[1];
972 BT_DBG("%p cr %d", s, cr);
974 hdr[0] = __addr(s->initiator, 0);
975 hdr[1] = __ctrl(RFCOMM_UIH, 0);
976 hdr[2] = 0x01 | ((len + 2) << 1);
977 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
978 hdr[4] = 0x01 | (len << 1);
982 iv[0].iov_base = hdr;
984 iv[1].iov_base = pattern;
986 iv[2].iov_base = crc;
989 memset(&msg, 0, sizeof(msg));
991 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
994 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
996 struct rfcomm_hdr *hdr;
997 u8 buf[16], *ptr = buf;
999 BT_DBG("%p addr %d credits %d", s, addr, credits);
1001 hdr = (void *) ptr; ptr += sizeof(*hdr);
1003 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1004 hdr->len = __len8(0);
1006 *ptr = credits; ptr++;
1008 *ptr = __fcs(buf); ptr++;
1010 return rfcomm_send_frame(s, buf, ptr - buf);
1013 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1015 struct rfcomm_hdr *hdr;
1020 hdr = (void *) skb_push(skb, 4);
1021 put_unaligned(htobs(__len16(len)), (__le16 *) &hdr->len);
1023 hdr = (void *) skb_push(skb, 3);
1024 hdr->len = __len8(len);
1027 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1029 crc = skb_put(skb, 1);
1030 *crc = __fcs((void *) hdr);
1033 /* ---- RFCOMM frame reception ---- */
1034 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1036 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1040 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1042 rfcomm_send_dm(s, dlci);
1048 rfcomm_dlc_clear_timer(d);
1051 d->state = BT_CONNECTED;
1052 d->state_change(d, 0);
1053 rfcomm_dlc_unlock(d);
1055 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1059 d->state = BT_CLOSED;
1060 __rfcomm_dlc_close(d, 0);
1062 if (list_empty(&s->dlcs)) {
1063 s->state = BT_DISCONN;
1064 rfcomm_send_disc(s, 0);
1070 /* Control channel */
1073 s->state = BT_CONNECTED;
1074 rfcomm_process_connect(s);
1078 rfcomm_session_put(s);
1085 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1089 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1093 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1095 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1100 d->state = BT_CLOSED;
1101 __rfcomm_dlc_close(d, err);
1104 if (s->state == BT_CONNECT)
1109 s->state = BT_CLOSED;
1110 rfcomm_session_close(s, err);
1115 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1119 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1122 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1124 rfcomm_send_ua(s, dlci);
1126 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1131 d->state = BT_CLOSED;
1132 __rfcomm_dlc_close(d, err);
1134 rfcomm_send_dm(s, dlci);
1137 rfcomm_send_ua(s, 0);
1139 if (s->state == BT_CONNECT)
1144 s->state = BT_CLOSED;
1145 rfcomm_session_close(s, err);
1151 static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
1153 struct sock *sk = d->session->sock->sk;
1155 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
1156 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
1158 } else if (d->link_mode & RFCOMM_LM_AUTH) {
1159 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
1166 static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1168 struct sock *sk = d->session->sock->sk;
1170 BT_DBG("dlc %p", d);
1172 rfcomm_send_ua(d->session, d->dlci);
1175 d->state = BT_CONNECTED;
1176 d->state_change(d, 0);
1177 rfcomm_dlc_unlock(d);
1179 if (d->link_mode & RFCOMM_LM_MASTER)
1180 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);
1182 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1185 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1187 struct rfcomm_dlc *d;
1190 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1193 rfcomm_send_ua(s, 0);
1195 if (s->state == BT_OPEN) {
1196 s->state = BT_CONNECTED;
1197 rfcomm_process_connect(s);
1202 /* Check if DLC exists */
1203 d = rfcomm_dlc_get(s, dlci);
1205 if (d->state == BT_OPEN) {
1206 /* DLC was previously opened by PN request */
1207 if (rfcomm_check_link_mode(d)) {
1208 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1209 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1213 rfcomm_dlc_accept(d);
1218 /* Notify socket layer about incoming connection */
1219 channel = __srv_channel(dlci);
1220 if (rfcomm_connect_ind(s, channel, &d)) {
1222 d->addr = __addr(s->initiator, dlci);
1223 rfcomm_dlc_link(s, d);
1225 if (rfcomm_check_link_mode(d)) {
1226 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1227 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1231 rfcomm_dlc_accept(d);
1233 rfcomm_send_dm(s, dlci);
1239 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1241 struct rfcomm_session *s = d->session;
1243 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1244 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1246 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1247 pn->flow_ctrl == 0xe0) {
1248 d->cfc = RFCOMM_CFC_ENABLED;
1249 d->tx_credits = pn->credits;
1251 d->cfc = RFCOMM_CFC_DISABLED;
1252 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1255 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1258 d->priority = pn->priority;
1260 d->mtu = btohs(pn->mtu);
1262 if (cr && d->mtu > s->mtu)
1268 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1270 struct rfcomm_pn *pn = (void *) skb->data;
1271 struct rfcomm_dlc *d;
1274 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1279 d = rfcomm_dlc_get(s, dlci);
1283 rfcomm_apply_pn(d, cr, pn);
1284 rfcomm_send_pn(s, 0, d);
1289 rfcomm_apply_pn(d, cr, pn);
1291 d->state = BT_CONNECT;
1292 rfcomm_send_sabm(s, d->dlci);
1297 u8 channel = __srv_channel(dlci);
1302 /* PN request for non existing DLC.
1303 * Assume incoming connection. */
1304 if (rfcomm_connect_ind(s, channel, &d)) {
1306 d->addr = __addr(s->initiator, dlci);
1307 rfcomm_dlc_link(s, d);
1309 rfcomm_apply_pn(d, cr, pn);
1312 rfcomm_send_pn(s, 0, d);
1314 rfcomm_send_dm(s, dlci);
1320 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1322 struct rfcomm_rpn *rpn = (void *) skb->data;
1323 u8 dlci = __get_dlci(rpn->dlci);
1332 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1334 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1335 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1336 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1342 /* This is a request, return default settings */
1343 bit_rate = RFCOMM_RPN_BR_115200;
1344 data_bits = RFCOMM_RPN_DATA_8;
1345 stop_bits = RFCOMM_RPN_STOP_1;
1346 parity = RFCOMM_RPN_PARITY_NONE;
1347 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1348 xon_char = RFCOMM_RPN_XON_CHAR;
1349 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1353 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1354 * no parity, no flow control lines, normal XON/XOFF chars */
1356 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1357 bit_rate = rpn->bit_rate;
1358 if (bit_rate != RFCOMM_RPN_BR_115200) {
1359 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1360 bit_rate = RFCOMM_RPN_BR_115200;
1361 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1365 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1366 data_bits = __get_rpn_data_bits(rpn->line_settings);
1367 if (data_bits != RFCOMM_RPN_DATA_8) {
1368 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1369 data_bits = RFCOMM_RPN_DATA_8;
1370 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1374 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1375 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1376 if (stop_bits != RFCOMM_RPN_STOP_1) {
1377 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1378 stop_bits = RFCOMM_RPN_STOP_1;
1379 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1383 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1384 parity = __get_rpn_parity(rpn->line_settings);
1385 if (parity != RFCOMM_RPN_PARITY_NONE) {
1386 BT_DBG("RPN parity mismatch 0x%x", parity);
1387 parity = RFCOMM_RPN_PARITY_NONE;
1388 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1392 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1393 flow_ctrl = rpn->flow_ctrl;
1394 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1395 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1396 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1397 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1401 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1402 xon_char = rpn->xon_char;
1403 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1404 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1405 xon_char = RFCOMM_RPN_XON_CHAR;
1406 rpn_mask ^= RFCOMM_RPN_PM_XON;
1410 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1411 xoff_char = rpn->xoff_char;
1412 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1413 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1414 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1415 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1420 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1421 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1426 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1428 struct rfcomm_rls *rls = (void *) skb->data;
1429 u8 dlci = __get_dlci(rls->dlci);
1431 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1436 /* We should probably do something with this information here. But
1437 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1438 * mandatory to recognise and respond to RLS */
1440 rfcomm_send_rls(s, 0, dlci, rls->status);
1445 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1447 struct rfcomm_msc *msc = (void *) skb->data;
1448 struct rfcomm_dlc *d;
1449 u8 dlci = __get_dlci(msc->dlci);
1451 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1453 d = rfcomm_dlc_get(s, dlci);
1458 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1459 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1461 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1464 if (d->modem_status)
1465 d->modem_status(d, msc->v24_sig);
1466 rfcomm_dlc_unlock(d);
1468 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1470 d->mscex |= RFCOMM_MSCEX_RX;
1472 d->mscex |= RFCOMM_MSCEX_TX;
1477 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1479 struct rfcomm_mcc *mcc = (void *) skb->data;
1482 cr = __test_cr(mcc->type);
1483 type = __get_mcc_type(mcc->type);
1484 len = __get_mcc_len(mcc->len);
1486 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1492 rfcomm_recv_pn(s, cr, skb);
1496 rfcomm_recv_rpn(s, cr, len, skb);
1500 rfcomm_recv_rls(s, cr, skb);
1504 rfcomm_recv_msc(s, cr, skb);
1509 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1510 rfcomm_send_fcoff(s, 0);
1516 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1517 rfcomm_send_fcon(s, 0);
1523 rfcomm_send_test(s, 0, skb->data, skb->len);
1530 BT_ERR("Unknown control type 0x%02x", type);
1531 rfcomm_send_nsc(s, cr, type);
1537 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1539 struct rfcomm_dlc *d;
1541 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1543 d = rfcomm_dlc_get(s, dlci);
1545 rfcomm_send_dm(s, dlci);
1550 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1552 d->tx_credits += credits;
1554 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1557 if (skb->len && d->state == BT_CONNECTED) {
1560 d->data_ready(d, skb);
1561 rfcomm_dlc_unlock(d);
1570 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1572 struct rfcomm_hdr *hdr = (void *) skb->data;
1575 dlci = __get_dlci(hdr->addr);
1576 type = __get_type(hdr->ctrl);
1579 skb->len--; skb->tail--;
1580 fcs = *(u8 *)skb_tail_pointer(skb);
1582 if (__check_fcs(skb->data, type, fcs)) {
1583 BT_ERR("bad checksum in packet");
1588 if (__test_ea(hdr->len))
1595 if (__test_pf(hdr->ctrl))
1596 rfcomm_recv_sabm(s, dlci);
1600 if (__test_pf(hdr->ctrl))
1601 rfcomm_recv_disc(s, dlci);
1605 if (__test_pf(hdr->ctrl))
1606 rfcomm_recv_ua(s, dlci);
1610 rfcomm_recv_dm(s, dlci);
1615 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1617 rfcomm_recv_mcc(s, skb);
1621 BT_ERR("Unknown packet type 0x%02x\n", type);
1628 /* ---- Connection and data processing ---- */
1630 static void rfcomm_process_connect(struct rfcomm_session *s)
1632 struct rfcomm_dlc *d;
1633 struct list_head *p, *n;
1635 BT_DBG("session %p state %ld", s, s->state);
1637 list_for_each_safe(p, n, &s->dlcs) {
1638 d = list_entry(p, struct rfcomm_dlc, list);
1639 if (d->state == BT_CONFIG) {
1641 rfcomm_send_pn(s, 1, d);
1646 /* Send data queued for the DLC.
1647 * Return number of frames left in the queue.
1649 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1651 struct sk_buff *skb;
1654 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1655 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1657 /* Send pending MSC */
1658 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1659 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1663 * Give them some credits */
1664 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1665 d->rx_credits <= (d->cfc >> 2)) {
1666 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1667 d->rx_credits = d->cfc;
1671 * Give ourselves some credits */
1675 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1676 return skb_queue_len(&d->tx_queue);
1678 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1679 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1681 skb_queue_head(&d->tx_queue, skb);
1688 if (d->cfc && !d->tx_credits) {
1689 /* We're out of TX credits.
1690 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1691 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1694 return skb_queue_len(&d->tx_queue);
1697 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1699 struct rfcomm_dlc *d;
1700 struct list_head *p, *n;
1702 BT_DBG("session %p state %ld", s, s->state);
1704 list_for_each_safe(p, n, &s->dlcs) {
1705 d = list_entry(p, struct rfcomm_dlc, list);
1707 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1708 __rfcomm_dlc_close(d, ETIMEDOUT);
1712 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1713 rfcomm_dlc_clear_timer(d);
1714 rfcomm_dlc_accept(d);
1715 if (d->link_mode & RFCOMM_LM_SECURE) {
1716 struct sock *sk = s->sock->sk;
1717 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
1720 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1721 rfcomm_dlc_clear_timer(d);
1722 rfcomm_send_dm(s, d->dlci);
1723 __rfcomm_dlc_close(d, ECONNREFUSED);
1727 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1730 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1731 d->mscex == RFCOMM_MSCEX_OK)
1732 rfcomm_process_tx(d);
1736 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1738 struct socket *sock = s->sock;
1739 struct sock *sk = sock->sk;
1740 struct sk_buff *skb;
1742 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1744 /* Get data directly from socket receive queue without copying it. */
1745 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1747 rfcomm_recv_frame(s, skb);
1750 if (sk->sk_state == BT_CLOSED) {
1752 rfcomm_session_put(s);
1754 rfcomm_session_close(s, sk->sk_err);
1758 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1760 struct socket *sock = s->sock, *nsock;
1763 /* Fast check for a new connection.
1764 * Avoids unnesesary socket allocations. */
1765 if (list_empty(&bt_sk(sock->sk)->accept_q))
1768 BT_DBG("session %p", s);
1770 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1774 __module_get(nsock->ops->owner);
1776 /* Set our callbacks */
1777 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1778 nsock->sk->sk_state_change = rfcomm_l2state_change;
1780 s = rfcomm_session_add(nsock, BT_OPEN);
1782 rfcomm_session_hold(s);
1784 /* We should adjust MTU on incoming sessions.
1785 * L2CAP MTU minus UIH header and FCS. */
1786 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5;
1788 rfcomm_schedule(RFCOMM_SCHED_RX);
1790 sock_release(nsock);
1793 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1795 struct sock *sk = s->sock->sk;
1797 BT_DBG("%p state %ld", s, s->state);
1799 switch(sk->sk_state) {
1801 s->state = BT_CONNECT;
1803 /* We can adjust MTU on outgoing sessions.
1804 * L2CAP MTU minus UIH header and FCS. */
1805 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1807 rfcomm_send_sabm(s, 0);
1811 s->state = BT_CLOSED;
1812 rfcomm_session_close(s, sk->sk_err);
1817 static inline void rfcomm_process_sessions(void)
1819 struct list_head *p, *n;
1823 list_for_each_safe(p, n, &session_list) {
1824 struct rfcomm_session *s;
1825 s = list_entry(p, struct rfcomm_session, list);
1827 if (s->state == BT_LISTEN) {
1828 rfcomm_accept_connection(s);
1832 rfcomm_session_hold(s);
1836 rfcomm_check_connection(s);
1840 rfcomm_process_rx(s);
1844 rfcomm_process_dlcs(s);
1846 rfcomm_session_put(s);
1852 static void rfcomm_worker(void)
1856 while (!atomic_read(&terminate)) {
1857 set_current_state(TASK_INTERRUPTIBLE);
1858 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1859 /* No pending events. Let's sleep.
1860 * Incoming connections and data will wake us up. */
1863 set_current_state(TASK_RUNNING);
1866 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1867 rfcomm_process_sessions();
1872 static int rfcomm_add_listener(bdaddr_t *ba)
1874 struct sockaddr_l2 addr;
1875 struct socket *sock;
1877 struct rfcomm_session *s;
1881 err = rfcomm_l2sock_create(&sock);
1883 BT_ERR("Create socket failed %d", err);
1888 bacpy(&addr.l2_bdaddr, ba);
1889 addr.l2_family = AF_BLUETOOTH;
1890 addr.l2_psm = htobs(RFCOMM_PSM);
1891 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1893 BT_ERR("Bind failed %d", err);
1897 /* Set L2CAP options */
1900 l2cap_pi(sk)->imtu = l2cap_mtu;
1903 /* Start listening on the socket */
1904 err = kernel_listen(sock, 10);
1906 BT_ERR("Listen failed %d", err);
1910 /* Add listening session */
1911 s = rfcomm_session_add(sock, BT_LISTEN);
1915 rfcomm_session_hold(s);
1922 static void rfcomm_kill_listener(void)
1924 struct rfcomm_session *s;
1925 struct list_head *p, *n;
1929 list_for_each_safe(p, n, &session_list) {
1930 s = list_entry(p, struct rfcomm_session, list);
1931 rfcomm_session_del(s);
1935 static int rfcomm_run(void *unused)
1937 rfcomm_thread = current;
1939 atomic_inc(&running);
1941 daemonize("krfcommd");
1942 set_user_nice(current, -10);
1943 current->flags |= PF_NOFREEZE;
1947 rfcomm_add_listener(BDADDR_ANY);
1951 rfcomm_kill_listener();
1953 atomic_dec(&running);
1957 static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
1959 struct rfcomm_session *s;
1960 struct rfcomm_dlc *d;
1961 struct list_head *p, *n;
1963 BT_DBG("conn %p status 0x%02x", conn, status);
1965 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1969 rfcomm_session_hold(s);
1971 list_for_each_safe(p, n, &s->dlcs) {
1972 d = list_entry(p, struct rfcomm_dlc, list);
1974 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE))
1977 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1981 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1983 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1986 rfcomm_session_put(s);
1988 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1991 static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1993 struct rfcomm_session *s;
1994 struct rfcomm_dlc *d;
1995 struct list_head *p, *n;
1997 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
1999 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2003 rfcomm_session_hold(s);
2005 list_for_each_safe(p, n, &s->dlcs) {
2006 d = list_entry(p, struct rfcomm_dlc, list);
2008 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2011 if (!status && encrypt)
2012 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2014 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2017 rfcomm_session_put(s);
2019 rfcomm_schedule(RFCOMM_SCHED_AUTH);
2022 static struct hci_cb rfcomm_cb = {
2024 .auth_cfm = rfcomm_auth_cfm,
2025 .encrypt_cfm = rfcomm_encrypt_cfm
2028 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
2030 struct rfcomm_session *s;
2031 struct list_head *pp, *p;
2036 list_for_each(p, &session_list) {
2037 s = list_entry(p, struct rfcomm_session, list);
2038 list_for_each(pp, &s->dlcs) {
2039 struct sock *sk = s->sock->sk;
2040 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
2042 str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2043 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2044 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
2053 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
2055 /* ---- Initialization ---- */
2056 static int __init rfcomm_init(void)
2060 hci_register_cb(&rfcomm_cb);
2062 kernel_thread(rfcomm_run, NULL, CLONE_KERNEL);
2064 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0)
2065 BT_ERR("Failed to create RFCOMM info file");
2067 rfcomm_init_sockets();
2069 #ifdef CONFIG_BT_RFCOMM_TTY
2073 BT_INFO("RFCOMM ver %s", VERSION);
2078 static void __exit rfcomm_exit(void)
2080 class_remove_file(bt_class, &class_attr_rfcomm_dlc);
2082 hci_unregister_cb(&rfcomm_cb);
2084 /* Terminate working thread.
2085 * ie. Set terminate flag and wake it up */
2086 atomic_inc(&terminate);
2087 rfcomm_schedule(RFCOMM_SCHED_STATE);
2089 /* Wait until thread is running */
2090 while (atomic_read(&running))
2093 #ifdef CONFIG_BT_RFCOMM_TTY
2094 rfcomm_cleanup_ttys();
2097 rfcomm_cleanup_sockets();
2100 module_init(rfcomm_init);
2101 module_exit(rfcomm_exit);
2103 module_param(disable_cfc, bool, 0644);
2104 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2106 module_param(channel_mtu, int, 0644);
2107 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2109 module_param(l2cap_mtu, uint, 0644);
2110 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2112 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
2113 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2114 MODULE_VERSION(VERSION);
2115 MODULE_LICENSE("GPL");
2116 MODULE_ALIAS("bt-proto-3");
git.openpandora.org / pandora-kernel.git / blob