2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
28 #include <linux/module.h>
29 #include <linux/debugfs.h>
30 #include <linux/kthread.h>
31 #include <asm/unaligned.h>
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35 #include <net/bluetooth/l2cap.h>
36 #include <net/bluetooth/rfcomm.h>
38 #define VERSION "1.11"
40 static bool disable_cfc;
41 static bool l2cap_ertm;
42 static int channel_mtu = -1;
43 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
45 static struct task_struct *rfcomm_thread;
47 static DEFINE_MUTEX(rfcomm_mutex);
48 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
49 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
52 static LIST_HEAD(session_list);
54 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
55 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
56 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
57 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
58 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
59 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
60 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
61 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
62 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
63 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
65 static void rfcomm_process_connect(struct rfcomm_session *s);
67 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
71 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
72 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s);
74 /* ---- RFCOMM frame parsing macros ---- */
75 #define __get_dlci(b) ((b & 0xfc) >> 2)
76 #define __get_channel(b) ((b & 0xf8) >> 3)
77 #define __get_dir(b) ((b & 0x04) >> 2)
78 #define __get_type(b) ((b & 0xef))
80 #define __test_ea(b) ((b & 0x01))
81 #define __test_cr(b) ((b & 0x02))
82 #define __test_pf(b) ((b & 0x10))
84 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
85 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
86 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
87 #define __srv_channel(dlci) (dlci >> 1)
88 #define __dir(dlci) (dlci & 0x01)
90 #define __len8(len) (((len) << 1) | 1)
91 #define __len16(len) ((len) << 1)
94 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
95 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
96 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
99 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
100 #define __get_rpn_data_bits(line) ((line) & 0x3)
101 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
102 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
104 static void rfcomm_schedule(void)
108 wake_up_process(rfcomm_thread);
111 /* ---- RFCOMM FCS computation ---- */
113 /* reversed, 8-bit, poly=0x07 */
114 static unsigned char rfcomm_crc_table[256] = {
115 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
116 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
117 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
118 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
120 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
121 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
122 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
123 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
125 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
126 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
127 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
128 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
130 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
131 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
132 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
133 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
135 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
136 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
137 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
138 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
140 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
141 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
142 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
143 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
145 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
146 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
147 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
148 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
150 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
151 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
152 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
153 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
157 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
160 static inline u8 __fcs(u8 *data)
162 return 0xff - __crc(data);
166 static inline u8 __fcs2(u8 *data)
168 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
172 static inline int __check_fcs(u8 *data, int type, u8 fcs)
176 if (type != RFCOMM_UIH)
177 f = rfcomm_crc_table[f ^ data[2]];
179 return rfcomm_crc_table[f ^ fcs] != 0xcf;
182 /* ---- L2CAP callbacks ---- */
183 static void rfcomm_l2state_change(struct sock *sk)
185 BT_DBG("%p state %d", sk, sk->sk_state);
189 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
191 BT_DBG("%p bytes %d", sk, bytes);
195 static int rfcomm_l2sock_create(struct socket **sock)
201 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
203 struct sock *sk = (*sock)->sk;
204 sk->sk_data_ready = rfcomm_l2data_ready;
205 sk->sk_state_change = rfcomm_l2state_change;
210 static int rfcomm_check_security(struct rfcomm_dlc *d)
212 struct sock *sk = d->session->sock->sk;
213 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
217 switch (d->sec_level) {
218 case BT_SECURITY_HIGH:
219 auth_type = HCI_AT_GENERAL_BONDING_MITM;
221 case BT_SECURITY_MEDIUM:
222 auth_type = HCI_AT_GENERAL_BONDING;
225 auth_type = HCI_AT_NO_BONDING;
229 return hci_conn_security(conn->hcon, d->sec_level, auth_type);
232 static void rfcomm_session_timeout(unsigned long arg)
234 struct rfcomm_session *s = (void *) arg;
236 BT_DBG("session %p state %ld", s, s->state);
238 set_bit(RFCOMM_TIMED_OUT, &s->flags);
242 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
244 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
246 mod_timer(&s->timer, jiffies + timeout);
249 static void rfcomm_session_clear_timer(struct rfcomm_session *s)
251 BT_DBG("session %p state %ld", s, s->state);
253 del_timer_sync(&s->timer);
256 /* ---- RFCOMM DLCs ---- */
257 static void rfcomm_dlc_timeout(unsigned long arg)
259 struct rfcomm_dlc *d = (void *) arg;
261 BT_DBG("dlc %p state %ld", d, d->state);
263 set_bit(RFCOMM_TIMED_OUT, &d->flags);
268 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
270 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
272 if (!mod_timer(&d->timer, jiffies + timeout))
276 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
278 BT_DBG("dlc %p state %ld", d, d->state);
280 if (del_timer(&d->timer))
284 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
291 d->sec_level = BT_SECURITY_LOW;
292 d->mtu = RFCOMM_DEFAULT_MTU;
293 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
295 d->cfc = RFCOMM_CFC_DISABLED;
296 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
299 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
301 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
306 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
308 skb_queue_head_init(&d->tx_queue);
309 spin_lock_init(&d->lock);
310 atomic_set(&d->refcnt, 1);
312 rfcomm_dlc_clear_state(d);
319 void rfcomm_dlc_free(struct rfcomm_dlc *d)
323 skb_queue_purge(&d->tx_queue);
327 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
329 BT_DBG("dlc %p session %p", d, s);
331 rfcomm_session_clear_timer(s);
333 list_add(&d->list, &s->dlcs);
337 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
339 struct rfcomm_session *s = d->session;
341 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
347 if (list_empty(&s->dlcs))
348 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
351 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
353 struct rfcomm_dlc *d;
355 list_for_each_entry(d, &s->dlcs, list)
362 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
364 struct rfcomm_session *s;
368 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d",
369 d, d->state, src, dst, channel);
371 if (channel < 1 || channel > 30)
374 if (d->state != BT_OPEN && d->state != BT_CLOSED)
377 s = rfcomm_session_get(src, dst);
379 s = rfcomm_session_create(src, dst, d->sec_level, &err);
384 dlci = __dlci(!s->initiator, channel);
386 /* Check if DLCI already exists */
387 if (rfcomm_dlc_get(s, dlci))
390 rfcomm_dlc_clear_state(d);
393 d->addr = __addr(s->initiator, dlci);
396 d->state = BT_CONFIG;
397 rfcomm_dlc_link(s, d);
402 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
404 if (s->state == BT_CONNECTED) {
405 if (rfcomm_check_security(d))
406 rfcomm_send_pn(s, 1, d);
408 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
411 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
416 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
422 r = __rfcomm_dlc_open(d, src, dst, channel);
428 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
430 struct rfcomm_session *s = d->session;
434 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
435 d, d->state, d->dlci, err, s);
440 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
441 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
448 d->state = BT_DISCONN;
449 if (skb_queue_empty(&d->tx_queue)) {
450 rfcomm_send_disc(s, d->dlci);
451 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
453 rfcomm_queue_disc(d);
454 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
460 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
461 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
468 rfcomm_dlc_clear_timer(d);
471 d->state = BT_CLOSED;
472 d->state_change(d, err);
473 rfcomm_dlc_unlock(d);
475 skb_queue_purge(&d->tx_queue);
476 rfcomm_dlc_unlink(d);
482 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
485 struct rfcomm_dlc *d_list;
486 struct rfcomm_session *s, *s_list;
488 BT_DBG("dlc %p state %ld dlci %d err %d", d, d->state, d->dlci, err);
496 /* after waiting on the mutex check the session still exists
497 * then check the dlc still exists
499 list_for_each_entry(s_list, &session_list, list) {
501 list_for_each_entry(d_list, &s->dlcs, list) {
503 r = __rfcomm_dlc_close(d, err);
516 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
520 if (d->state != BT_CONNECTED)
523 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
528 rfcomm_make_uih(skb, d->addr);
529 skb_queue_tail(&d->tx_queue, skb);
531 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
536 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
538 BT_DBG("dlc %p state %ld", d, d->state);
541 d->v24_sig |= RFCOMM_V24_FC;
542 set_bit(RFCOMM_MSC_PENDING, &d->flags);
547 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
549 BT_DBG("dlc %p state %ld", d, d->state);
552 d->v24_sig &= ~RFCOMM_V24_FC;
553 set_bit(RFCOMM_MSC_PENDING, &d->flags);
559 Set/get modem status functions use _local_ status i.e. what we report
561 Remote status is provided by dlc->modem_status() callback.
563 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
565 BT_DBG("dlc %p state %ld v24_sig 0x%x",
566 d, d->state, v24_sig);
568 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
569 v24_sig |= RFCOMM_V24_FC;
571 v24_sig &= ~RFCOMM_V24_FC;
573 d->v24_sig = v24_sig;
575 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
581 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
583 BT_DBG("dlc %p state %ld v24_sig 0x%x",
584 d, d->state, d->v24_sig);
586 *v24_sig = d->v24_sig;
590 /* ---- RFCOMM sessions ---- */
591 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
593 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
598 BT_DBG("session %p sock %p", s, sock);
600 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
602 INIT_LIST_HEAD(&s->dlcs);
606 s->mtu = RFCOMM_DEFAULT_MTU;
607 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
609 /* Do not increment module usage count for listening sessions.
610 * Otherwise we won't be able to unload the module. */
611 if (state != BT_LISTEN)
612 if (!try_module_get(THIS_MODULE)) {
617 list_add(&s->list, &session_list);
622 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s)
624 int state = s->state;
626 BT_DBG("session %p state %ld", s, s->state);
630 rfcomm_session_clear_timer(s);
631 sock_release(s->sock);
634 if (state != BT_LISTEN)
635 module_put(THIS_MODULE);
640 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
642 struct rfcomm_session *s;
643 struct list_head *p, *n;
645 list_for_each_safe(p, n, &session_list) {
646 s = list_entry(p, struct rfcomm_session, list);
647 sk = bt_sk(s->sock->sk);
649 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
650 !bacmp(&sk->dst, dst))
656 static struct rfcomm_session *rfcomm_session_close(struct rfcomm_session *s,
659 struct rfcomm_dlc *d;
660 struct list_head *p, *n;
662 s->state = BT_CLOSED;
664 BT_DBG("session %p state %ld err %d", s, s->state, err);
667 list_for_each_safe(p, n, &s->dlcs) {
668 d = list_entry(p, struct rfcomm_dlc, list);
669 d->state = BT_CLOSED;
670 __rfcomm_dlc_close(d, err);
673 rfcomm_session_clear_timer(s);
674 return rfcomm_session_del(s);
677 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
682 struct rfcomm_session *s = NULL;
683 struct sockaddr_l2 addr;
687 BT_DBG("%pMR -> %pMR", src, dst);
689 *err = rfcomm_l2sock_create(&sock);
693 bacpy(&addr.l2_bdaddr, src);
694 addr.l2_family = AF_BLUETOOTH;
697 addr.l2_bdaddr_type = BDADDR_BREDR;
698 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
702 /* Set L2CAP options */
705 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
706 l2cap_pi(sk)->chan->sec_level = sec_level;
708 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
711 s = rfcomm_session_add(sock, BT_BOUND);
719 bacpy(&addr.l2_bdaddr, dst);
720 addr.l2_family = AF_BLUETOOTH;
721 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
723 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
724 if (*err == 0 || *err == -EINPROGRESS)
727 return rfcomm_session_del(s);
734 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
736 struct sock *sk = s->sock->sk;
738 bacpy(src, &bt_sk(sk)->src);
740 bacpy(dst, &bt_sk(sk)->dst);
743 /* ---- RFCOMM frame sending ---- */
744 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
746 struct kvec iv = { data, len };
749 BT_DBG("session %p len %d", s, len);
751 memset(&msg, 0, sizeof(msg));
753 return kernel_sendmsg(s->sock, &msg, &iv, 1, len);
756 static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd)
758 BT_DBG("%p cmd %u", s, cmd->ctrl);
760 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd));
763 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
765 struct rfcomm_cmd cmd;
767 BT_DBG("%p dlci %d", s, dlci);
769 cmd.addr = __addr(s->initiator, dlci);
770 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
772 cmd.fcs = __fcs2((u8 *) &cmd);
774 return rfcomm_send_cmd(s, &cmd);
777 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
779 struct rfcomm_cmd cmd;
781 BT_DBG("%p dlci %d", s, dlci);
783 cmd.addr = __addr(!s->initiator, dlci);
784 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
786 cmd.fcs = __fcs2((u8 *) &cmd);
788 return rfcomm_send_cmd(s, &cmd);
791 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
793 struct rfcomm_cmd cmd;
795 BT_DBG("%p dlci %d", s, dlci);
797 cmd.addr = __addr(s->initiator, dlci);
798 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
800 cmd.fcs = __fcs2((u8 *) &cmd);
802 return rfcomm_send_cmd(s, &cmd);
805 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
807 struct rfcomm_cmd *cmd;
810 BT_DBG("dlc %p dlci %d", d, d->dlci);
812 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
816 cmd = (void *) __skb_put(skb, sizeof(*cmd));
818 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
819 cmd->len = __len8(0);
820 cmd->fcs = __fcs2((u8 *) cmd);
822 skb_queue_tail(&d->tx_queue, skb);
827 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
829 struct rfcomm_cmd cmd;
831 BT_DBG("%p dlci %d", s, dlci);
833 cmd.addr = __addr(!s->initiator, dlci);
834 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
836 cmd.fcs = __fcs2((u8 *) &cmd);
838 return rfcomm_send_cmd(s, &cmd);
841 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
843 struct rfcomm_hdr *hdr;
844 struct rfcomm_mcc *mcc;
845 u8 buf[16], *ptr = buf;
847 BT_DBG("%p cr %d type %d", s, cr, type);
849 hdr = (void *) ptr; ptr += sizeof(*hdr);
850 hdr->addr = __addr(s->initiator, 0);
851 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
852 hdr->len = __len8(sizeof(*mcc) + 1);
854 mcc = (void *) ptr; ptr += sizeof(*mcc);
855 mcc->type = __mcc_type(cr, RFCOMM_NSC);
856 mcc->len = __len8(1);
858 /* Type that we didn't like */
859 *ptr = __mcc_type(cr, type); ptr++;
861 *ptr = __fcs(buf); ptr++;
863 return rfcomm_send_frame(s, buf, ptr - buf);
866 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
868 struct rfcomm_hdr *hdr;
869 struct rfcomm_mcc *mcc;
870 struct rfcomm_pn *pn;
871 u8 buf[16], *ptr = buf;
873 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
875 hdr = (void *) ptr; ptr += sizeof(*hdr);
876 hdr->addr = __addr(s->initiator, 0);
877 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
878 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
880 mcc = (void *) ptr; ptr += sizeof(*mcc);
881 mcc->type = __mcc_type(cr, RFCOMM_PN);
882 mcc->len = __len8(sizeof(*pn));
884 pn = (void *) ptr; ptr += sizeof(*pn);
886 pn->priority = d->priority;
891 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
892 pn->credits = RFCOMM_DEFAULT_CREDITS;
898 if (cr && channel_mtu >= 0)
899 pn->mtu = cpu_to_le16(channel_mtu);
901 pn->mtu = cpu_to_le16(d->mtu);
903 *ptr = __fcs(buf); ptr++;
905 return rfcomm_send_frame(s, buf, ptr - buf);
908 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
909 u8 bit_rate, u8 data_bits, u8 stop_bits,
910 u8 parity, u8 flow_ctrl_settings,
911 u8 xon_char, u8 xoff_char, u16 param_mask)
913 struct rfcomm_hdr *hdr;
914 struct rfcomm_mcc *mcc;
915 struct rfcomm_rpn *rpn;
916 u8 buf[16], *ptr = buf;
918 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
919 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
920 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
921 flow_ctrl_settings, xon_char, xoff_char, param_mask);
923 hdr = (void *) ptr; ptr += sizeof(*hdr);
924 hdr->addr = __addr(s->initiator, 0);
925 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
926 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
928 mcc = (void *) ptr; ptr += sizeof(*mcc);
929 mcc->type = __mcc_type(cr, RFCOMM_RPN);
930 mcc->len = __len8(sizeof(*rpn));
932 rpn = (void *) ptr; ptr += sizeof(*rpn);
933 rpn->dlci = __addr(1, dlci);
934 rpn->bit_rate = bit_rate;
935 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
936 rpn->flow_ctrl = flow_ctrl_settings;
937 rpn->xon_char = xon_char;
938 rpn->xoff_char = xoff_char;
939 rpn->param_mask = cpu_to_le16(param_mask);
941 *ptr = __fcs(buf); ptr++;
943 return rfcomm_send_frame(s, buf, ptr - buf);
946 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
948 struct rfcomm_hdr *hdr;
949 struct rfcomm_mcc *mcc;
950 struct rfcomm_rls *rls;
951 u8 buf[16], *ptr = buf;
953 BT_DBG("%p cr %d status 0x%x", s, cr, status);
955 hdr = (void *) ptr; ptr += sizeof(*hdr);
956 hdr->addr = __addr(s->initiator, 0);
957 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
958 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
960 mcc = (void *) ptr; ptr += sizeof(*mcc);
961 mcc->type = __mcc_type(cr, RFCOMM_RLS);
962 mcc->len = __len8(sizeof(*rls));
964 rls = (void *) ptr; ptr += sizeof(*rls);
965 rls->dlci = __addr(1, dlci);
966 rls->status = status;
968 *ptr = __fcs(buf); ptr++;
970 return rfcomm_send_frame(s, buf, ptr - buf);
973 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
975 struct rfcomm_hdr *hdr;
976 struct rfcomm_mcc *mcc;
977 struct rfcomm_msc *msc;
978 u8 buf[16], *ptr = buf;
980 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
982 hdr = (void *) ptr; ptr += sizeof(*hdr);
983 hdr->addr = __addr(s->initiator, 0);
984 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
985 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
987 mcc = (void *) ptr; ptr += sizeof(*mcc);
988 mcc->type = __mcc_type(cr, RFCOMM_MSC);
989 mcc->len = __len8(sizeof(*msc));
991 msc = (void *) ptr; ptr += sizeof(*msc);
992 msc->dlci = __addr(1, dlci);
993 msc->v24_sig = v24_sig | 0x01;
995 *ptr = __fcs(buf); ptr++;
997 return rfcomm_send_frame(s, buf, ptr - buf);
1000 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
1002 struct rfcomm_hdr *hdr;
1003 struct rfcomm_mcc *mcc;
1004 u8 buf[16], *ptr = buf;
1006 BT_DBG("%p cr %d", s, cr);
1008 hdr = (void *) ptr; ptr += sizeof(*hdr);
1009 hdr->addr = __addr(s->initiator, 0);
1010 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1011 hdr->len = __len8(sizeof(*mcc));
1013 mcc = (void *) ptr; ptr += sizeof(*mcc);
1014 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1015 mcc->len = __len8(0);
1017 *ptr = __fcs(buf); ptr++;
1019 return rfcomm_send_frame(s, buf, ptr - buf);
1022 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1024 struct rfcomm_hdr *hdr;
1025 struct rfcomm_mcc *mcc;
1026 u8 buf[16], *ptr = buf;
1028 BT_DBG("%p cr %d", s, cr);
1030 hdr = (void *) ptr; ptr += sizeof(*hdr);
1031 hdr->addr = __addr(s->initiator, 0);
1032 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1033 hdr->len = __len8(sizeof(*mcc));
1035 mcc = (void *) ptr; ptr += sizeof(*mcc);
1036 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1037 mcc->len = __len8(0);
1039 *ptr = __fcs(buf); ptr++;
1041 return rfcomm_send_frame(s, buf, ptr - buf);
1044 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1046 struct socket *sock = s->sock;
1049 unsigned char hdr[5], crc[1];
1054 BT_DBG("%p cr %d", s, cr);
1056 hdr[0] = __addr(s->initiator, 0);
1057 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1058 hdr[2] = 0x01 | ((len + 2) << 1);
1059 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1060 hdr[4] = 0x01 | (len << 1);
1062 crc[0] = __fcs(hdr);
1064 iv[0].iov_base = hdr;
1066 iv[1].iov_base = pattern;
1067 iv[1].iov_len = len;
1068 iv[2].iov_base = crc;
1071 memset(&msg, 0, sizeof(msg));
1073 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1076 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1078 struct rfcomm_hdr *hdr;
1079 u8 buf[16], *ptr = buf;
1081 BT_DBG("%p addr %d credits %d", s, addr, credits);
1083 hdr = (void *) ptr; ptr += sizeof(*hdr);
1085 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1086 hdr->len = __len8(0);
1088 *ptr = credits; ptr++;
1090 *ptr = __fcs(buf); ptr++;
1092 return rfcomm_send_frame(s, buf, ptr - buf);
1095 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1097 struct rfcomm_hdr *hdr;
1102 hdr = (void *) skb_push(skb, 4);
1103 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1105 hdr = (void *) skb_push(skb, 3);
1106 hdr->len = __len8(len);
1109 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1111 crc = skb_put(skb, 1);
1112 *crc = __fcs((void *) hdr);
1115 /* ---- RFCOMM frame reception ---- */
1116 static struct rfcomm_session *rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1118 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1122 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1124 rfcomm_send_dm(s, dlci);
1130 rfcomm_dlc_clear_timer(d);
1133 d->state = BT_CONNECTED;
1134 d->state_change(d, 0);
1135 rfcomm_dlc_unlock(d);
1137 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1141 d->state = BT_CLOSED;
1142 __rfcomm_dlc_close(d, 0);
1144 if (list_empty(&s->dlcs)) {
1145 s->state = BT_DISCONN;
1146 rfcomm_send_disc(s, 0);
1147 rfcomm_session_clear_timer(s);
1153 /* Control channel */
1156 s->state = BT_CONNECTED;
1157 rfcomm_process_connect(s);
1161 s = rfcomm_session_close(s, ECONNRESET);
1168 static struct rfcomm_session *rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1172 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1176 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1178 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1183 d->state = BT_CLOSED;
1184 __rfcomm_dlc_close(d, err);
1187 if (s->state == BT_CONNECT)
1192 s = rfcomm_session_close(s, err);
1197 static struct rfcomm_session *rfcomm_recv_disc(struct rfcomm_session *s,
1202 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1205 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1207 rfcomm_send_ua(s, dlci);
1209 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1214 d->state = BT_CLOSED;
1215 __rfcomm_dlc_close(d, err);
1217 rfcomm_send_dm(s, dlci);
1220 rfcomm_send_ua(s, 0);
1222 if (s->state == BT_CONNECT)
1227 s = rfcomm_session_close(s, err);
1232 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1234 struct sock *sk = d->session->sock->sk;
1235 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1237 BT_DBG("dlc %p", d);
1239 rfcomm_send_ua(d->session, d->dlci);
1241 rfcomm_dlc_clear_timer(d);
1244 d->state = BT_CONNECTED;
1245 d->state_change(d, 0);
1246 rfcomm_dlc_unlock(d);
1249 hci_conn_switch_role(conn->hcon, 0x00);
1251 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1254 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1256 if (rfcomm_check_security(d)) {
1257 if (d->defer_setup) {
1258 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1259 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1262 d->state = BT_CONNECT2;
1263 d->state_change(d, 0);
1264 rfcomm_dlc_unlock(d);
1266 rfcomm_dlc_accept(d);
1268 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1269 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1273 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1275 struct rfcomm_dlc *d;
1278 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1281 rfcomm_send_ua(s, 0);
1283 if (s->state == BT_OPEN) {
1284 s->state = BT_CONNECTED;
1285 rfcomm_process_connect(s);
1290 /* Check if DLC exists */
1291 d = rfcomm_dlc_get(s, dlci);
1293 if (d->state == BT_OPEN) {
1294 /* DLC was previously opened by PN request */
1295 rfcomm_check_accept(d);
1300 /* Notify socket layer about incoming connection */
1301 channel = __srv_channel(dlci);
1302 if (rfcomm_connect_ind(s, channel, &d)) {
1304 d->addr = __addr(s->initiator, dlci);
1305 rfcomm_dlc_link(s, d);
1307 rfcomm_check_accept(d);
1309 rfcomm_send_dm(s, dlci);
1315 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1317 struct rfcomm_session *s = d->session;
1319 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1320 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1322 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1323 pn->flow_ctrl == 0xe0) {
1324 d->cfc = RFCOMM_CFC_ENABLED;
1325 d->tx_credits = pn->credits;
1327 d->cfc = RFCOMM_CFC_DISABLED;
1328 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1331 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1334 d->priority = pn->priority;
1336 d->mtu = __le16_to_cpu(pn->mtu);
1338 if (cr && d->mtu > s->mtu)
1344 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1346 struct rfcomm_pn *pn = (void *) skb->data;
1347 struct rfcomm_dlc *d;
1350 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1355 d = rfcomm_dlc_get(s, dlci);
1359 rfcomm_apply_pn(d, cr, pn);
1360 rfcomm_send_pn(s, 0, d);
1365 rfcomm_apply_pn(d, cr, pn);
1367 d->state = BT_CONNECT;
1368 rfcomm_send_sabm(s, d->dlci);
1373 u8 channel = __srv_channel(dlci);
1378 /* PN request for non existing DLC.
1379 * Assume incoming connection. */
1380 if (rfcomm_connect_ind(s, channel, &d)) {
1382 d->addr = __addr(s->initiator, dlci);
1383 rfcomm_dlc_link(s, d);
1385 rfcomm_apply_pn(d, cr, pn);
1388 rfcomm_send_pn(s, 0, d);
1390 rfcomm_send_dm(s, dlci);
1396 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1398 struct rfcomm_rpn *rpn = (void *) skb->data;
1399 u8 dlci = __get_dlci(rpn->dlci);
1408 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1410 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1411 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1412 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1418 /* This is a request, return default (according to ETSI TS 07.10) settings */
1419 bit_rate = RFCOMM_RPN_BR_9600;
1420 data_bits = RFCOMM_RPN_DATA_8;
1421 stop_bits = RFCOMM_RPN_STOP_1;
1422 parity = RFCOMM_RPN_PARITY_NONE;
1423 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1424 xon_char = RFCOMM_RPN_XON_CHAR;
1425 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1429 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1430 * no parity, no flow control lines, normal XON/XOFF chars */
1432 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1433 bit_rate = rpn->bit_rate;
1434 if (bit_rate > RFCOMM_RPN_BR_230400) {
1435 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1436 bit_rate = RFCOMM_RPN_BR_9600;
1437 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1441 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1442 data_bits = __get_rpn_data_bits(rpn->line_settings);
1443 if (data_bits != RFCOMM_RPN_DATA_8) {
1444 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1445 data_bits = RFCOMM_RPN_DATA_8;
1446 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1450 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1451 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1452 if (stop_bits != RFCOMM_RPN_STOP_1) {
1453 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1454 stop_bits = RFCOMM_RPN_STOP_1;
1455 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1459 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1460 parity = __get_rpn_parity(rpn->line_settings);
1461 if (parity != RFCOMM_RPN_PARITY_NONE) {
1462 BT_DBG("RPN parity mismatch 0x%x", parity);
1463 parity = RFCOMM_RPN_PARITY_NONE;
1464 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1468 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1469 flow_ctrl = rpn->flow_ctrl;
1470 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1471 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1472 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1473 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1477 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1478 xon_char = rpn->xon_char;
1479 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1480 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1481 xon_char = RFCOMM_RPN_XON_CHAR;
1482 rpn_mask ^= RFCOMM_RPN_PM_XON;
1486 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1487 xoff_char = rpn->xoff_char;
1488 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1489 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1490 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1491 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1496 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1497 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1502 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1504 struct rfcomm_rls *rls = (void *) skb->data;
1505 u8 dlci = __get_dlci(rls->dlci);
1507 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1512 /* We should probably do something with this information here. But
1513 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1514 * mandatory to recognise and respond to RLS */
1516 rfcomm_send_rls(s, 0, dlci, rls->status);
1521 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1523 struct rfcomm_msc *msc = (void *) skb->data;
1524 struct rfcomm_dlc *d;
1525 u8 dlci = __get_dlci(msc->dlci);
1527 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1529 d = rfcomm_dlc_get(s, dlci);
1534 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1535 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1537 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1541 d->remote_v24_sig = msc->v24_sig;
1543 if (d->modem_status)
1544 d->modem_status(d, msc->v24_sig);
1546 rfcomm_dlc_unlock(d);
1548 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1550 d->mscex |= RFCOMM_MSCEX_RX;
1552 d->mscex |= RFCOMM_MSCEX_TX;
1557 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1559 struct rfcomm_mcc *mcc = (void *) skb->data;
1562 cr = __test_cr(mcc->type);
1563 type = __get_mcc_type(mcc->type);
1564 len = __get_mcc_len(mcc->len);
1566 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1572 rfcomm_recv_pn(s, cr, skb);
1576 rfcomm_recv_rpn(s, cr, len, skb);
1580 rfcomm_recv_rls(s, cr, skb);
1584 rfcomm_recv_msc(s, cr, skb);
1589 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1590 rfcomm_send_fcoff(s, 0);
1596 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1597 rfcomm_send_fcon(s, 0);
1603 rfcomm_send_test(s, 0, skb->data, skb->len);
1610 BT_ERR("Unknown control type 0x%02x", type);
1611 rfcomm_send_nsc(s, cr, type);
1617 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1619 struct rfcomm_dlc *d;
1621 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1623 d = rfcomm_dlc_get(s, dlci);
1625 rfcomm_send_dm(s, dlci);
1630 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1632 d->tx_credits += credits;
1634 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1637 if (skb->len && d->state == BT_CONNECTED) {
1640 d->data_ready(d, skb);
1641 rfcomm_dlc_unlock(d);
1650 static struct rfcomm_session *rfcomm_recv_frame(struct rfcomm_session *s,
1651 struct sk_buff *skb)
1653 struct rfcomm_hdr *hdr = (void *) skb->data;
1657 /* no session, so free socket data */
1662 dlci = __get_dlci(hdr->addr);
1663 type = __get_type(hdr->ctrl);
1666 skb->len--; skb->tail--;
1667 fcs = *(u8 *)skb_tail_pointer(skb);
1669 if (__check_fcs(skb->data, type, fcs)) {
1670 BT_ERR("bad checksum in packet");
1675 if (__test_ea(hdr->len))
1682 if (__test_pf(hdr->ctrl))
1683 rfcomm_recv_sabm(s, dlci);
1687 if (__test_pf(hdr->ctrl))
1688 s = rfcomm_recv_disc(s, dlci);
1692 if (__test_pf(hdr->ctrl))
1693 s = rfcomm_recv_ua(s, dlci);
1697 s = rfcomm_recv_dm(s, dlci);
1702 rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1705 rfcomm_recv_mcc(s, skb);
1709 BT_ERR("Unknown packet type 0x%02x", type);
1716 /* ---- Connection and data processing ---- */
1718 static void rfcomm_process_connect(struct rfcomm_session *s)
1720 struct rfcomm_dlc *d;
1721 struct list_head *p, *n;
1723 BT_DBG("session %p state %ld", s, s->state);
1725 list_for_each_safe(p, n, &s->dlcs) {
1726 d = list_entry(p, struct rfcomm_dlc, list);
1727 if (d->state == BT_CONFIG) {
1729 if (rfcomm_check_security(d)) {
1730 rfcomm_send_pn(s, 1, d);
1732 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1733 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1739 /* Send data queued for the DLC.
1740 * Return number of frames left in the queue.
1742 static int rfcomm_process_tx(struct rfcomm_dlc *d)
1744 struct sk_buff *skb;
1747 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1748 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1750 /* Send pending MSC */
1751 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1752 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1756 * Give them some credits */
1757 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1758 d->rx_credits <= (d->cfc >> 2)) {
1759 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1760 d->rx_credits = d->cfc;
1764 * Give ourselves some credits */
1768 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1769 return skb_queue_len(&d->tx_queue);
1771 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1772 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1774 skb_queue_head(&d->tx_queue, skb);
1781 if (d->cfc && !d->tx_credits) {
1782 /* We're out of TX credits.
1783 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1784 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1787 return skb_queue_len(&d->tx_queue);
1790 static void rfcomm_process_dlcs(struct rfcomm_session *s)
1792 struct rfcomm_dlc *d;
1793 struct list_head *p, *n;
1795 BT_DBG("session %p state %ld", s, s->state);
1797 list_for_each_safe(p, n, &s->dlcs) {
1798 d = list_entry(p, struct rfcomm_dlc, list);
1800 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1801 __rfcomm_dlc_close(d, ETIMEDOUT);
1805 if (test_bit(RFCOMM_ENC_DROP, &d->flags)) {
1806 __rfcomm_dlc_close(d, ECONNREFUSED);
1810 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1811 rfcomm_dlc_clear_timer(d);
1813 rfcomm_send_pn(s, 1, d);
1814 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1816 if (d->defer_setup) {
1817 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1818 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1821 d->state = BT_CONNECT2;
1822 d->state_change(d, 0);
1823 rfcomm_dlc_unlock(d);
1825 rfcomm_dlc_accept(d);
1828 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1829 rfcomm_dlc_clear_timer(d);
1831 rfcomm_send_dm(s, d->dlci);
1833 d->state = BT_CLOSED;
1834 __rfcomm_dlc_close(d, ECONNREFUSED);
1838 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1841 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1844 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1845 d->mscex == RFCOMM_MSCEX_OK)
1846 rfcomm_process_tx(d);
1850 static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s)
1852 struct socket *sock = s->sock;
1853 struct sock *sk = sock->sk;
1854 struct sk_buff *skb;
1856 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1858 /* Get data directly from socket receive queue without copying it. */
1859 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1861 if (!skb_linearize(skb))
1862 s = rfcomm_recv_frame(s, skb);
1867 if (s && (sk->sk_state == BT_CLOSED))
1868 s = rfcomm_session_close(s, sk->sk_err);
1873 static void rfcomm_accept_connection(struct rfcomm_session *s)
1875 struct socket *sock = s->sock, *nsock;
1878 /* Fast check for a new connection.
1879 * Avoids unnesesary socket allocations. */
1880 if (list_empty(&bt_sk(sock->sk)->accept_q))
1883 BT_DBG("session %p", s);
1885 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1889 /* Set our callbacks */
1890 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1891 nsock->sk->sk_state_change = rfcomm_l2state_change;
1893 s = rfcomm_session_add(nsock, BT_OPEN);
1895 /* We should adjust MTU on incoming sessions.
1896 * L2CAP MTU minus UIH header and FCS. */
1897 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1898 l2cap_pi(nsock->sk)->chan->imtu) - 5;
1902 sock_release(nsock);
1905 static struct rfcomm_session *rfcomm_check_connection(struct rfcomm_session *s)
1907 struct sock *sk = s->sock->sk;
1909 BT_DBG("%p state %ld", s, s->state);
1911 switch (sk->sk_state) {
1913 s->state = BT_CONNECT;
1915 /* We can adjust MTU on outgoing sessions.
1916 * L2CAP MTU minus UIH header and FCS. */
1917 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
1919 rfcomm_send_sabm(s, 0);
1923 s = rfcomm_session_close(s, sk->sk_err);
1929 static void rfcomm_process_sessions(void)
1931 struct list_head *p, *n;
1935 list_for_each_safe(p, n, &session_list) {
1936 struct rfcomm_session *s;
1937 s = list_entry(p, struct rfcomm_session, list);
1939 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1940 s->state = BT_DISCONN;
1941 rfcomm_send_disc(s, 0);
1945 if (s->state == BT_LISTEN) {
1946 rfcomm_accept_connection(s);
1952 s = rfcomm_check_connection(s);
1956 s = rfcomm_process_rx(s);
1961 rfcomm_process_dlcs(s);
1967 static int rfcomm_add_listener(bdaddr_t *ba)
1969 struct sockaddr_l2 addr;
1970 struct socket *sock;
1972 struct rfcomm_session *s;
1976 err = rfcomm_l2sock_create(&sock);
1978 BT_ERR("Create socket failed %d", err);
1983 bacpy(&addr.l2_bdaddr, ba);
1984 addr.l2_family = AF_BLUETOOTH;
1985 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
1987 addr.l2_bdaddr_type = BDADDR_BREDR;
1988 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1990 BT_ERR("Bind failed %d", err);
1994 /* Set L2CAP options */
1997 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
2000 /* Start listening on the socket */
2001 err = kernel_listen(sock, 10);
2003 BT_ERR("Listen failed %d", err);
2007 /* Add listening session */
2008 s = rfcomm_session_add(sock, BT_LISTEN);
2020 static void rfcomm_kill_listener(void)
2022 struct rfcomm_session *s;
2023 struct list_head *p, *n;
2027 list_for_each_safe(p, n, &session_list) {
2028 s = list_entry(p, struct rfcomm_session, list);
2029 rfcomm_session_del(s);
2033 static int rfcomm_run(void *unused)
2037 set_user_nice(current, -10);
2039 rfcomm_add_listener(BDADDR_ANY);
2042 set_current_state(TASK_INTERRUPTIBLE);
2044 if (kthread_should_stop())
2048 rfcomm_process_sessions();
2052 __set_current_state(TASK_RUNNING);
2054 rfcomm_kill_listener();
2059 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2061 struct rfcomm_session *s;
2062 struct rfcomm_dlc *d;
2063 struct list_head *p, *n;
2065 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2067 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2071 list_for_each_safe(p, n, &s->dlcs) {
2072 d = list_entry(p, struct rfcomm_dlc, list);
2074 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2075 rfcomm_dlc_clear_timer(d);
2076 if (status || encrypt == 0x00) {
2077 set_bit(RFCOMM_ENC_DROP, &d->flags);
2082 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2083 if (d->sec_level == BT_SECURITY_MEDIUM) {
2084 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2085 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2087 } else if (d->sec_level == BT_SECURITY_HIGH) {
2088 set_bit(RFCOMM_ENC_DROP, &d->flags);
2093 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2096 if (!status && hci_conn_check_secure(conn, d->sec_level))
2097 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2099 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2105 static struct hci_cb rfcomm_cb = {
2107 .security_cfm = rfcomm_security_cfm
2110 static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2112 struct rfcomm_session *s;
2116 list_for_each_entry(s, &session_list, list) {
2117 struct rfcomm_dlc *d;
2118 list_for_each_entry(d, &s->dlcs, list) {
2119 struct sock *sk = s->sock->sk;
2121 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n",
2122 &bt_sk(sk)->src, &bt_sk(sk)->dst,
2123 d->state, d->dlci, d->mtu,
2124 d->rx_credits, d->tx_credits);
2133 static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file)
2135 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private);
2138 static const struct file_operations rfcomm_dlc_debugfs_fops = {
2139 .open = rfcomm_dlc_debugfs_open,
2141 .llseek = seq_lseek,
2142 .release = single_release,
2145 static struct dentry *rfcomm_dlc_debugfs;
2147 /* ---- Initialization ---- */
2148 static int __init rfcomm_init(void)
2152 hci_register_cb(&rfcomm_cb);
2154 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2155 if (IS_ERR(rfcomm_thread)) {
2156 err = PTR_ERR(rfcomm_thread);
2161 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2162 bt_debugfs, NULL, &rfcomm_dlc_debugfs_fops);
2163 if (!rfcomm_dlc_debugfs)
2164 BT_ERR("Failed to create RFCOMM debug file");
2167 err = rfcomm_init_ttys();
2171 err = rfcomm_init_sockets();
2175 BT_INFO("RFCOMM ver %s", VERSION);
2180 rfcomm_cleanup_ttys();
2183 kthread_stop(rfcomm_thread);
2186 hci_unregister_cb(&rfcomm_cb);
2191 static void __exit rfcomm_exit(void)
2193 debugfs_remove(rfcomm_dlc_debugfs);
2195 hci_unregister_cb(&rfcomm_cb);
2197 kthread_stop(rfcomm_thread);
2199 rfcomm_cleanup_ttys();
2201 rfcomm_cleanup_sockets();
2204 module_init(rfcomm_init);
2205 module_exit(rfcomm_exit);
2207 module_param(disable_cfc, bool, 0644);
2208 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2210 module_param(channel_mtu, int, 0644);
2211 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2213 module_param(l2cap_mtu, uint, 0644);
2214 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2216 module_param(l2cap_ertm, bool, 0644);
2217 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2219 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2220 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2221 MODULE_VERSION(VERSION);
2222 MODULE_LICENSE("GPL");
2223 MODULE_ALIAS("bt-proto-3");
projects / cascardo / linux.git / blob