2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
28 #include <linux/module.h>
29 #include <linux/debugfs.h>
30 #include <linux/kthread.h>
31 #include <asm/unaligned.h>
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35 #include <net/bluetooth/l2cap.h>
36 #include <net/bluetooth/rfcomm.h>
38 #define VERSION "1.11"
40 static bool disable_cfc;
41 static bool l2cap_ertm;
42 static int channel_mtu = -1;
43 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
45 static struct task_struct *rfcomm_thread;
47 static DEFINE_MUTEX(rfcomm_mutex);
48 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
49 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
52 static LIST_HEAD(session_list);
54 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
55 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
56 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
57 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
58 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
59 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
60 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
61 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
62 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
63 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
65 static void rfcomm_process_connect(struct rfcomm_session *s);
67 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
71 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
72 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s);
74 /* ---- RFCOMM frame parsing macros ---- */
75 #define __get_dlci(b) ((b & 0xfc) >> 2)
76 #define __get_channel(b) ((b & 0xf8) >> 3)
77 #define __get_dir(b) ((b & 0x04) >> 2)
78 #define __get_type(b) ((b & 0xef))
80 #define __test_ea(b) ((b & 0x01))
81 #define __test_cr(b) (!!(b & 0x02))
82 #define __test_pf(b) (!!(b & 0x10))
84 #define __session_dir(s) ((s)->initiator ? 0x00 : 0x01)
86 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
87 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
88 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
89 #define __srv_channel(dlci) (dlci >> 1)
90 #define __dir(dlci) (dlci & 0x01)
92 #define __len8(len) (((len) << 1) | 1)
93 #define __len16(len) ((len) << 1)
96 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
97 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
98 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
101 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
102 #define __get_rpn_data_bits(line) ((line) & 0x3)
103 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
104 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
106 static DECLARE_WAIT_QUEUE_HEAD(rfcomm_wq);
108 static void rfcomm_schedule(void)
110 wake_up_all(&rfcomm_wq);
113 /* ---- RFCOMM FCS computation ---- */
115 /* reversed, 8-bit, poly=0x07 */
116 static unsigned char rfcomm_crc_table[256] = {
117 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
118 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
119 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
120 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
122 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
123 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
124 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
125 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
127 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
128 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
129 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
130 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
132 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
133 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
134 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
135 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
137 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
138 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
139 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
140 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
142 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
143 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
144 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
145 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
147 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
148 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
149 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
150 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
152 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
153 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
154 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
155 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
159 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
162 static inline u8 __fcs(u8 *data)
164 return 0xff - __crc(data);
168 static inline u8 __fcs2(u8 *data)
170 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
174 static inline int __check_fcs(u8 *data, int type, u8 fcs)
178 if (type != RFCOMM_UIH)
179 f = rfcomm_crc_table[f ^ data[2]];
181 return rfcomm_crc_table[f ^ fcs] != 0xcf;
184 /* ---- L2CAP callbacks ---- */
185 static void rfcomm_l2state_change(struct sock *sk)
187 BT_DBG("%p state %d", sk, sk->sk_state);
191 static void rfcomm_l2data_ready(struct sock *sk)
197 static int rfcomm_l2sock_create(struct socket **sock)
203 err = sock_create_kern(&init_net, PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
205 struct sock *sk = (*sock)->sk;
206 sk->sk_data_ready = rfcomm_l2data_ready;
207 sk->sk_state_change = rfcomm_l2state_change;
212 static int rfcomm_check_security(struct rfcomm_dlc *d)
214 struct sock *sk = d->session->sock->sk;
215 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
219 switch (d->sec_level) {
220 case BT_SECURITY_HIGH:
221 case BT_SECURITY_FIPS:
222 auth_type = HCI_AT_GENERAL_BONDING_MITM;
224 case BT_SECURITY_MEDIUM:
225 auth_type = HCI_AT_GENERAL_BONDING;
228 auth_type = HCI_AT_NO_BONDING;
232 return hci_conn_security(conn->hcon, d->sec_level, auth_type,
236 static void rfcomm_session_timeout(unsigned long arg)
238 struct rfcomm_session *s = (void *) arg;
240 BT_DBG("session %p state %ld", s, s->state);
242 set_bit(RFCOMM_TIMED_OUT, &s->flags);
246 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
248 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
250 mod_timer(&s->timer, jiffies + timeout);
253 static void rfcomm_session_clear_timer(struct rfcomm_session *s)
255 BT_DBG("session %p state %ld", s, s->state);
257 del_timer_sync(&s->timer);
260 /* ---- RFCOMM DLCs ---- */
261 static void rfcomm_dlc_timeout(unsigned long arg)
263 struct rfcomm_dlc *d = (void *) arg;
265 BT_DBG("dlc %p state %ld", d, d->state);
267 set_bit(RFCOMM_TIMED_OUT, &d->flags);
272 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
274 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
276 if (!mod_timer(&d->timer, jiffies + timeout))
280 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
282 BT_DBG("dlc %p state %ld", d, d->state);
284 if (del_timer(&d->timer))
288 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
295 d->sec_level = BT_SECURITY_LOW;
296 d->mtu = RFCOMM_DEFAULT_MTU;
297 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
299 d->cfc = RFCOMM_CFC_DISABLED;
300 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
303 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
305 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
310 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
312 skb_queue_head_init(&d->tx_queue);
313 mutex_init(&d->lock);
314 atomic_set(&d->refcnt, 1);
316 rfcomm_dlc_clear_state(d);
323 void rfcomm_dlc_free(struct rfcomm_dlc *d)
327 skb_queue_purge(&d->tx_queue);
331 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
333 BT_DBG("dlc %p session %p", d, s);
335 rfcomm_session_clear_timer(s);
337 list_add(&d->list, &s->dlcs);
341 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
343 struct rfcomm_session *s = d->session;
345 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
351 if (list_empty(&s->dlcs))
352 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
355 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
357 struct rfcomm_dlc *d;
359 list_for_each_entry(d, &s->dlcs, list)
366 static int rfcomm_check_channel(u8 channel)
368 return channel < 1 || channel > 30;
371 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
373 struct rfcomm_session *s;
377 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d",
378 d, d->state, src, dst, channel);
380 if (rfcomm_check_channel(channel))
383 if (d->state != BT_OPEN && d->state != BT_CLOSED)
386 s = rfcomm_session_get(src, dst);
388 s = rfcomm_session_create(src, dst, d->sec_level, &err);
393 dlci = __dlci(__session_dir(s), channel);
395 /* Check if DLCI already exists */
396 if (rfcomm_dlc_get(s, dlci))
399 rfcomm_dlc_clear_state(d);
402 d->addr = __addr(s->initiator, dlci);
405 d->state = BT_CONFIG;
406 rfcomm_dlc_link(s, d);
411 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
413 if (s->state == BT_CONNECTED) {
414 if (rfcomm_check_security(d))
415 rfcomm_send_pn(s, 1, d);
417 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
420 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
425 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
431 r = __rfcomm_dlc_open(d, src, dst, channel);
437 static void __rfcomm_dlc_disconn(struct rfcomm_dlc *d)
439 struct rfcomm_session *s = d->session;
441 d->state = BT_DISCONN;
442 if (skb_queue_empty(&d->tx_queue)) {
443 rfcomm_send_disc(s, d->dlci);
444 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
446 rfcomm_queue_disc(d);
447 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
451 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
453 struct rfcomm_session *s = d->session;
457 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
458 d, d->state, d->dlci, err, s);
465 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
466 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
475 __rfcomm_dlc_disconn(d);
479 if (s->state != BT_BOUND) {
480 __rfcomm_dlc_disconn(d);
483 /* if closing a dlc in a session that hasn't been started,
484 * just close and unlink the dlc
488 rfcomm_dlc_clear_timer(d);
491 d->state = BT_CLOSED;
492 d->state_change(d, err);
493 rfcomm_dlc_unlock(d);
495 skb_queue_purge(&d->tx_queue);
496 rfcomm_dlc_unlink(d);
502 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
505 struct rfcomm_dlc *d_list;
506 struct rfcomm_session *s, *s_list;
508 BT_DBG("dlc %p state %ld dlci %d err %d", d, d->state, d->dlci, err);
516 /* after waiting on the mutex check the session still exists
517 * then check the dlc still exists
519 list_for_each_entry(s_list, &session_list, list) {
521 list_for_each_entry(d_list, &s->dlcs, list) {
523 r = __rfcomm_dlc_close(d, err);
536 struct rfcomm_dlc *rfcomm_dlc_exists(bdaddr_t *src, bdaddr_t *dst, u8 channel)
538 struct rfcomm_session *s;
539 struct rfcomm_dlc *dlc = NULL;
542 if (rfcomm_check_channel(channel))
543 return ERR_PTR(-EINVAL);
546 s = rfcomm_session_get(src, dst);
548 dlci = __dlci(__session_dir(s), channel);
549 dlc = rfcomm_dlc_get(s, dlci);
555 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
559 if (d->state != BT_CONNECTED)
562 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
567 rfcomm_make_uih(skb, d->addr);
568 skb_queue_tail(&d->tx_queue, skb);
570 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
575 void rfcomm_dlc_send_noerror(struct rfcomm_dlc *d, struct sk_buff *skb)
579 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
581 rfcomm_make_uih(skb, d->addr);
582 skb_queue_tail(&d->tx_queue, skb);
584 if (d->state == BT_CONNECTED &&
585 !test_bit(RFCOMM_TX_THROTTLED, &d->flags))
589 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
591 BT_DBG("dlc %p state %ld", d, d->state);
594 d->v24_sig |= RFCOMM_V24_FC;
595 set_bit(RFCOMM_MSC_PENDING, &d->flags);
600 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
602 BT_DBG("dlc %p state %ld", d, d->state);
605 d->v24_sig &= ~RFCOMM_V24_FC;
606 set_bit(RFCOMM_MSC_PENDING, &d->flags);
612 Set/get modem status functions use _local_ status i.e. what we report
614 Remote status is provided by dlc->modem_status() callback.
616 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
618 BT_DBG("dlc %p state %ld v24_sig 0x%x",
619 d, d->state, v24_sig);
621 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
622 v24_sig |= RFCOMM_V24_FC;
624 v24_sig &= ~RFCOMM_V24_FC;
626 d->v24_sig = v24_sig;
628 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
634 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
636 BT_DBG("dlc %p state %ld v24_sig 0x%x",
637 d, d->state, d->v24_sig);
639 *v24_sig = d->v24_sig;
643 /* ---- RFCOMM sessions ---- */
644 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
646 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
651 BT_DBG("session %p sock %p", s, sock);
653 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
655 INIT_LIST_HEAD(&s->dlcs);
659 s->mtu = RFCOMM_DEFAULT_MTU;
660 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
662 /* Do not increment module usage count for listening sessions.
663 * Otherwise we won't be able to unload the module. */
664 if (state != BT_LISTEN)
665 if (!try_module_get(THIS_MODULE)) {
670 list_add(&s->list, &session_list);
675 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s)
677 int state = s->state;
679 BT_DBG("session %p state %ld", s, s->state);
683 rfcomm_session_clear_timer(s);
684 sock_release(s->sock);
687 if (state != BT_LISTEN)
688 module_put(THIS_MODULE);
693 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
695 struct rfcomm_session *s, *n;
696 struct l2cap_chan *chan;
697 list_for_each_entry_safe(s, n, &session_list, list) {
698 chan = l2cap_pi(s->sock->sk)->chan;
700 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&chan->src, src)) &&
701 !bacmp(&chan->dst, dst))
707 static struct rfcomm_session *rfcomm_session_close(struct rfcomm_session *s,
710 struct rfcomm_dlc *d, *n;
712 s->state = BT_CLOSED;
714 BT_DBG("session %p state %ld err %d", s, s->state, err);
717 list_for_each_entry_safe(d, n, &s->dlcs, list) {
718 d->state = BT_CLOSED;
719 __rfcomm_dlc_close(d, err);
722 rfcomm_session_clear_timer(s);
723 return rfcomm_session_del(s);
726 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
731 struct rfcomm_session *s = NULL;
732 struct sockaddr_l2 addr;
736 BT_DBG("%pMR -> %pMR", src, dst);
738 *err = rfcomm_l2sock_create(&sock);
742 bacpy(&addr.l2_bdaddr, src);
743 addr.l2_family = AF_BLUETOOTH;
746 addr.l2_bdaddr_type = BDADDR_BREDR;
747 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
751 /* Set L2CAP options */
754 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
755 l2cap_pi(sk)->chan->sec_level = sec_level;
757 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
760 s = rfcomm_session_add(sock, BT_BOUND);
768 bacpy(&addr.l2_bdaddr, dst);
769 addr.l2_family = AF_BLUETOOTH;
770 addr.l2_psm = cpu_to_le16(L2CAP_PSM_RFCOMM);
772 addr.l2_bdaddr_type = BDADDR_BREDR;
773 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
774 if (*err == 0 || *err == -EINPROGRESS)
777 return rfcomm_session_del(s);
784 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
786 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
788 bacpy(src, &chan->src);
790 bacpy(dst, &chan->dst);
793 /* ---- RFCOMM frame sending ---- */
794 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
796 struct kvec iv = { data, len };
799 BT_DBG("session %p len %d", s, len);
801 memset(&msg, 0, sizeof(msg));
803 return kernel_sendmsg(s->sock, &msg, &iv, 1, len);
806 static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd)
808 BT_DBG("%p cmd %u", s, cmd->ctrl);
810 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd));
813 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
815 struct rfcomm_cmd cmd;
817 BT_DBG("%p dlci %d", s, dlci);
819 cmd.addr = __addr(s->initiator, dlci);
820 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
822 cmd.fcs = __fcs2((u8 *) &cmd);
824 return rfcomm_send_cmd(s, &cmd);
827 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
829 struct rfcomm_cmd cmd;
831 BT_DBG("%p dlci %d", s, dlci);
833 cmd.addr = __addr(!s->initiator, dlci);
834 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
836 cmd.fcs = __fcs2((u8 *) &cmd);
838 return rfcomm_send_cmd(s, &cmd);
841 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
843 struct rfcomm_cmd cmd;
845 BT_DBG("%p dlci %d", s, dlci);
847 cmd.addr = __addr(s->initiator, dlci);
848 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
850 cmd.fcs = __fcs2((u8 *) &cmd);
852 return rfcomm_send_cmd(s, &cmd);
855 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
857 struct rfcomm_cmd *cmd;
860 BT_DBG("dlc %p dlci %d", d, d->dlci);
862 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
866 cmd = (void *) __skb_put(skb, sizeof(*cmd));
868 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
869 cmd->len = __len8(0);
870 cmd->fcs = __fcs2((u8 *) cmd);
872 skb_queue_tail(&d->tx_queue, skb);
877 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
879 struct rfcomm_cmd cmd;
881 BT_DBG("%p dlci %d", s, dlci);
883 cmd.addr = __addr(!s->initiator, dlci);
884 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
886 cmd.fcs = __fcs2((u8 *) &cmd);
888 return rfcomm_send_cmd(s, &cmd);
891 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
893 struct rfcomm_hdr *hdr;
894 struct rfcomm_mcc *mcc;
895 u8 buf[16], *ptr = buf;
897 BT_DBG("%p cr %d type %d", s, cr, type);
899 hdr = (void *) ptr; ptr += sizeof(*hdr);
900 hdr->addr = __addr(s->initiator, 0);
901 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
902 hdr->len = __len8(sizeof(*mcc) + 1);
904 mcc = (void *) ptr; ptr += sizeof(*mcc);
905 mcc->type = __mcc_type(0, RFCOMM_NSC);
906 mcc->len = __len8(1);
908 /* Type that we didn't like */
909 *ptr = __mcc_type(cr, type); ptr++;
911 *ptr = __fcs(buf); ptr++;
913 return rfcomm_send_frame(s, buf, ptr - buf);
916 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
918 struct rfcomm_hdr *hdr;
919 struct rfcomm_mcc *mcc;
920 struct rfcomm_pn *pn;
921 u8 buf[16], *ptr = buf;
923 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
925 hdr = (void *) ptr; ptr += sizeof(*hdr);
926 hdr->addr = __addr(s->initiator, 0);
927 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
928 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
930 mcc = (void *) ptr; ptr += sizeof(*mcc);
931 mcc->type = __mcc_type(cr, RFCOMM_PN);
932 mcc->len = __len8(sizeof(*pn));
934 pn = (void *) ptr; ptr += sizeof(*pn);
936 pn->priority = d->priority;
941 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
942 pn->credits = RFCOMM_DEFAULT_CREDITS;
948 if (cr && channel_mtu >= 0)
949 pn->mtu = cpu_to_le16(channel_mtu);
951 pn->mtu = cpu_to_le16(d->mtu);
953 *ptr = __fcs(buf); ptr++;
955 return rfcomm_send_frame(s, buf, ptr - buf);
958 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
959 u8 bit_rate, u8 data_bits, u8 stop_bits,
960 u8 parity, u8 flow_ctrl_settings,
961 u8 xon_char, u8 xoff_char, u16 param_mask)
963 struct rfcomm_hdr *hdr;
964 struct rfcomm_mcc *mcc;
965 struct rfcomm_rpn *rpn;
966 u8 buf[16], *ptr = buf;
968 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
969 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
970 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
971 flow_ctrl_settings, xon_char, xoff_char, param_mask);
973 hdr = (void *) ptr; ptr += sizeof(*hdr);
974 hdr->addr = __addr(s->initiator, 0);
975 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
976 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
978 mcc = (void *) ptr; ptr += sizeof(*mcc);
979 mcc->type = __mcc_type(cr, RFCOMM_RPN);
980 mcc->len = __len8(sizeof(*rpn));
982 rpn = (void *) ptr; ptr += sizeof(*rpn);
983 rpn->dlci = __addr(1, dlci);
984 rpn->bit_rate = bit_rate;
985 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
986 rpn->flow_ctrl = flow_ctrl_settings;
987 rpn->xon_char = xon_char;
988 rpn->xoff_char = xoff_char;
989 rpn->param_mask = cpu_to_le16(param_mask);
991 *ptr = __fcs(buf); ptr++;
993 return rfcomm_send_frame(s, buf, ptr - buf);
996 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
998 struct rfcomm_hdr *hdr;
999 struct rfcomm_mcc *mcc;
1000 struct rfcomm_rls *rls;
1001 u8 buf[16], *ptr = buf;
1003 BT_DBG("%p cr %d status 0x%x", s, cr, status);
1005 hdr = (void *) ptr; ptr += sizeof(*hdr);
1006 hdr->addr = __addr(s->initiator, 0);
1007 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1008 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
1010 mcc = (void *) ptr; ptr += sizeof(*mcc);
1011 mcc->type = __mcc_type(cr, RFCOMM_RLS);
1012 mcc->len = __len8(sizeof(*rls));
1014 rls = (void *) ptr; ptr += sizeof(*rls);
1015 rls->dlci = __addr(1, dlci);
1016 rls->status = status;
1018 *ptr = __fcs(buf); ptr++;
1020 return rfcomm_send_frame(s, buf, ptr - buf);
1023 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
1025 struct rfcomm_hdr *hdr;
1026 struct rfcomm_mcc *mcc;
1027 struct rfcomm_msc *msc;
1028 u8 buf[16], *ptr = buf;
1030 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
1032 hdr = (void *) ptr; ptr += sizeof(*hdr);
1033 hdr->addr = __addr(s->initiator, 0);
1034 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1035 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
1037 mcc = (void *) ptr; ptr += sizeof(*mcc);
1038 mcc->type = __mcc_type(cr, RFCOMM_MSC);
1039 mcc->len = __len8(sizeof(*msc));
1041 msc = (void *) ptr; ptr += sizeof(*msc);
1042 msc->dlci = __addr(1, dlci);
1043 msc->v24_sig = v24_sig | 0x01;
1045 *ptr = __fcs(buf); ptr++;
1047 return rfcomm_send_frame(s, buf, ptr - buf);
1050 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
1052 struct rfcomm_hdr *hdr;
1053 struct rfcomm_mcc *mcc;
1054 u8 buf[16], *ptr = buf;
1056 BT_DBG("%p cr %d", s, cr);
1058 hdr = (void *) ptr; ptr += sizeof(*hdr);
1059 hdr->addr = __addr(s->initiator, 0);
1060 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1061 hdr->len = __len8(sizeof(*mcc));
1063 mcc = (void *) ptr; ptr += sizeof(*mcc);
1064 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1065 mcc->len = __len8(0);
1067 *ptr = __fcs(buf); ptr++;
1069 return rfcomm_send_frame(s, buf, ptr - buf);
1072 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1074 struct rfcomm_hdr *hdr;
1075 struct rfcomm_mcc *mcc;
1076 u8 buf[16], *ptr = buf;
1078 BT_DBG("%p cr %d", s, cr);
1080 hdr = (void *) ptr; ptr += sizeof(*hdr);
1081 hdr->addr = __addr(s->initiator, 0);
1082 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1083 hdr->len = __len8(sizeof(*mcc));
1085 mcc = (void *) ptr; ptr += sizeof(*mcc);
1086 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1087 mcc->len = __len8(0);
1089 *ptr = __fcs(buf); ptr++;
1091 return rfcomm_send_frame(s, buf, ptr - buf);
1094 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1096 struct socket *sock = s->sock;
1099 unsigned char hdr[5], crc[1];
1104 BT_DBG("%p cr %d", s, cr);
1106 hdr[0] = __addr(s->initiator, 0);
1107 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1108 hdr[2] = 0x01 | ((len + 2) << 1);
1109 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1110 hdr[4] = 0x01 | (len << 1);
1112 crc[0] = __fcs(hdr);
1114 iv[0].iov_base = hdr;
1116 iv[1].iov_base = pattern;
1117 iv[1].iov_len = len;
1118 iv[2].iov_base = crc;
1121 memset(&msg, 0, sizeof(msg));
1123 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1126 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1128 struct rfcomm_hdr *hdr;
1129 u8 buf[16], *ptr = buf;
1131 BT_DBG("%p addr %d credits %d", s, addr, credits);
1133 hdr = (void *) ptr; ptr += sizeof(*hdr);
1135 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1136 hdr->len = __len8(0);
1138 *ptr = credits; ptr++;
1140 *ptr = __fcs(buf); ptr++;
1142 return rfcomm_send_frame(s, buf, ptr - buf);
1145 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1147 struct rfcomm_hdr *hdr;
1152 hdr = (void *) skb_push(skb, 4);
1153 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1155 hdr = (void *) skb_push(skb, 3);
1156 hdr->len = __len8(len);
1159 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1161 crc = skb_put(skb, 1);
1162 *crc = __fcs((void *) hdr);
1165 /* ---- RFCOMM frame reception ---- */
1166 static struct rfcomm_session *rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1168 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1172 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1174 rfcomm_send_dm(s, dlci);
1180 rfcomm_dlc_clear_timer(d);
1183 d->state = BT_CONNECTED;
1184 d->state_change(d, 0);
1185 rfcomm_dlc_unlock(d);
1187 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1191 d->state = BT_CLOSED;
1192 __rfcomm_dlc_close(d, 0);
1194 if (list_empty(&s->dlcs)) {
1195 s->state = BT_DISCONN;
1196 rfcomm_send_disc(s, 0);
1197 rfcomm_session_clear_timer(s);
1203 /* Control channel */
1206 s->state = BT_CONNECTED;
1207 rfcomm_process_connect(s);
1211 s = rfcomm_session_close(s, ECONNRESET);
1218 static struct rfcomm_session *rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1222 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1226 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1228 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1233 d->state = BT_CLOSED;
1234 __rfcomm_dlc_close(d, err);
1237 if (s->state == BT_CONNECT)
1242 s = rfcomm_session_close(s, err);
1247 static struct rfcomm_session *rfcomm_recv_disc(struct rfcomm_session *s,
1252 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1255 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1257 rfcomm_send_ua(s, dlci);
1259 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1264 d->state = BT_CLOSED;
1265 __rfcomm_dlc_close(d, err);
1267 rfcomm_send_dm(s, dlci);
1270 rfcomm_send_ua(s, 0);
1272 if (s->state == BT_CONNECT)
1277 s = rfcomm_session_close(s, err);
1282 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1284 struct sock *sk = d->session->sock->sk;
1285 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1287 BT_DBG("dlc %p", d);
1289 rfcomm_send_ua(d->session, d->dlci);
1291 rfcomm_dlc_clear_timer(d);
1294 d->state = BT_CONNECTED;
1295 d->state_change(d, 0);
1296 rfcomm_dlc_unlock(d);
1299 hci_conn_switch_role(conn->hcon, 0x00);
1301 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1304 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1306 if (rfcomm_check_security(d)) {
1307 if (d->defer_setup) {
1308 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1309 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1312 d->state = BT_CONNECT2;
1313 d->state_change(d, 0);
1314 rfcomm_dlc_unlock(d);
1316 rfcomm_dlc_accept(d);
1318 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1319 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1323 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1325 struct rfcomm_dlc *d;
1328 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1331 rfcomm_send_ua(s, 0);
1333 if (s->state == BT_OPEN) {
1334 s->state = BT_CONNECTED;
1335 rfcomm_process_connect(s);
1340 /* Check if DLC exists */
1341 d = rfcomm_dlc_get(s, dlci);
1343 if (d->state == BT_OPEN) {
1344 /* DLC was previously opened by PN request */
1345 rfcomm_check_accept(d);
1350 /* Notify socket layer about incoming connection */
1351 channel = __srv_channel(dlci);
1352 if (rfcomm_connect_ind(s, channel, &d)) {
1354 d->addr = __addr(s->initiator, dlci);
1355 rfcomm_dlc_link(s, d);
1357 rfcomm_check_accept(d);
1359 rfcomm_send_dm(s, dlci);
1365 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1367 struct rfcomm_session *s = d->session;
1369 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1370 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1372 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1373 pn->flow_ctrl == 0xe0) {
1374 d->cfc = RFCOMM_CFC_ENABLED;
1375 d->tx_credits = pn->credits;
1377 d->cfc = RFCOMM_CFC_DISABLED;
1378 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1381 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1384 d->priority = pn->priority;
1386 d->mtu = __le16_to_cpu(pn->mtu);
1388 if (cr && d->mtu > s->mtu)
1394 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1396 struct rfcomm_pn *pn = (void *) skb->data;
1397 struct rfcomm_dlc *d;
1400 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1405 d = rfcomm_dlc_get(s, dlci);
1409 rfcomm_apply_pn(d, cr, pn);
1410 rfcomm_send_pn(s, 0, d);
1415 rfcomm_apply_pn(d, cr, pn);
1417 d->state = BT_CONNECT;
1418 rfcomm_send_sabm(s, d->dlci);
1423 u8 channel = __srv_channel(dlci);
1428 /* PN request for non existing DLC.
1429 * Assume incoming connection. */
1430 if (rfcomm_connect_ind(s, channel, &d)) {
1432 d->addr = __addr(s->initiator, dlci);
1433 rfcomm_dlc_link(s, d);
1435 rfcomm_apply_pn(d, cr, pn);
1438 rfcomm_send_pn(s, 0, d);
1440 rfcomm_send_dm(s, dlci);
1446 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1448 struct rfcomm_rpn *rpn = (void *) skb->data;
1449 u8 dlci = __get_dlci(rpn->dlci);
1458 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1460 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1461 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1462 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1468 /* This is a request, return default (according to ETSI TS 07.10) settings */
1469 bit_rate = RFCOMM_RPN_BR_9600;
1470 data_bits = RFCOMM_RPN_DATA_8;
1471 stop_bits = RFCOMM_RPN_STOP_1;
1472 parity = RFCOMM_RPN_PARITY_NONE;
1473 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1474 xon_char = RFCOMM_RPN_XON_CHAR;
1475 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1479 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1480 * no parity, no flow control lines, normal XON/XOFF chars */
1482 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1483 bit_rate = rpn->bit_rate;
1484 if (bit_rate > RFCOMM_RPN_BR_230400) {
1485 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1486 bit_rate = RFCOMM_RPN_BR_9600;
1487 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1491 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1492 data_bits = __get_rpn_data_bits(rpn->line_settings);
1493 if (data_bits != RFCOMM_RPN_DATA_8) {
1494 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1495 data_bits = RFCOMM_RPN_DATA_8;
1496 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1500 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1501 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1502 if (stop_bits != RFCOMM_RPN_STOP_1) {
1503 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1504 stop_bits = RFCOMM_RPN_STOP_1;
1505 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1509 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1510 parity = __get_rpn_parity(rpn->line_settings);
1511 if (parity != RFCOMM_RPN_PARITY_NONE) {
1512 BT_DBG("RPN parity mismatch 0x%x", parity);
1513 parity = RFCOMM_RPN_PARITY_NONE;
1514 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1518 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1519 flow_ctrl = rpn->flow_ctrl;
1520 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1521 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1522 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1523 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1527 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1528 xon_char = rpn->xon_char;
1529 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1530 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1531 xon_char = RFCOMM_RPN_XON_CHAR;
1532 rpn_mask ^= RFCOMM_RPN_PM_XON;
1536 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1537 xoff_char = rpn->xoff_char;
1538 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1539 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1540 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1541 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1546 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1547 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1552 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1554 struct rfcomm_rls *rls = (void *) skb->data;
1555 u8 dlci = __get_dlci(rls->dlci);
1557 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1562 /* We should probably do something with this information here. But
1563 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1564 * mandatory to recognise and respond to RLS */
1566 rfcomm_send_rls(s, 0, dlci, rls->status);
1571 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1573 struct rfcomm_msc *msc = (void *) skb->data;
1574 struct rfcomm_dlc *d;
1575 u8 dlci = __get_dlci(msc->dlci);
1577 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1579 d = rfcomm_dlc_get(s, dlci);
1584 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1585 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1587 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1591 d->remote_v24_sig = msc->v24_sig;
1593 if (d->modem_status)
1594 d->modem_status(d, msc->v24_sig);
1596 rfcomm_dlc_unlock(d);
1598 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1600 d->mscex |= RFCOMM_MSCEX_RX;
1602 d->mscex |= RFCOMM_MSCEX_TX;
1607 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1609 struct rfcomm_mcc *mcc = (void *) skb->data;
1612 cr = __test_cr(mcc->type);
1613 type = __get_mcc_type(mcc->type);
1614 len = __get_mcc_len(mcc->len);
1616 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1622 rfcomm_recv_pn(s, cr, skb);
1626 rfcomm_recv_rpn(s, cr, len, skb);
1630 rfcomm_recv_rls(s, cr, skb);
1634 rfcomm_recv_msc(s, cr, skb);
1639 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1640 rfcomm_send_fcoff(s, 0);
1646 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1647 rfcomm_send_fcon(s, 0);
1653 rfcomm_send_test(s, 0, skb->data, skb->len);
1660 BT_ERR("Unknown control type 0x%02x", type);
1661 rfcomm_send_nsc(s, cr, type);
1667 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1669 struct rfcomm_dlc *d;
1671 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1673 d = rfcomm_dlc_get(s, dlci);
1675 rfcomm_send_dm(s, dlci);
1680 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1682 d->tx_credits += credits;
1684 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1687 if (skb->len && d->state == BT_CONNECTED) {
1690 d->data_ready(d, skb);
1691 rfcomm_dlc_unlock(d);
1700 static struct rfcomm_session *rfcomm_recv_frame(struct rfcomm_session *s,
1701 struct sk_buff *skb)
1703 struct rfcomm_hdr *hdr = (void *) skb->data;
1707 /* no session, so free socket data */
1712 dlci = __get_dlci(hdr->addr);
1713 type = __get_type(hdr->ctrl);
1716 skb->len--; skb->tail--;
1717 fcs = *(u8 *)skb_tail_pointer(skb);
1719 if (__check_fcs(skb->data, type, fcs)) {
1720 BT_ERR("bad checksum in packet");
1725 if (__test_ea(hdr->len))
1732 if (__test_pf(hdr->ctrl))
1733 rfcomm_recv_sabm(s, dlci);
1737 if (__test_pf(hdr->ctrl))
1738 s = rfcomm_recv_disc(s, dlci);
1742 if (__test_pf(hdr->ctrl))
1743 s = rfcomm_recv_ua(s, dlci);
1747 s = rfcomm_recv_dm(s, dlci);
1752 rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1755 rfcomm_recv_mcc(s, skb);
1759 BT_ERR("Unknown packet type 0x%02x", type);
1766 /* ---- Connection and data processing ---- */
1768 static void rfcomm_process_connect(struct rfcomm_session *s)
1770 struct rfcomm_dlc *d, *n;
1772 BT_DBG("session %p state %ld", s, s->state);
1774 list_for_each_entry_safe(d, n, &s->dlcs, list) {
1775 if (d->state == BT_CONFIG) {
1777 if (rfcomm_check_security(d)) {
1778 rfcomm_send_pn(s, 1, d);
1780 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1781 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1787 /* Send data queued for the DLC.
1788 * Return number of frames left in the queue.
1790 static int rfcomm_process_tx(struct rfcomm_dlc *d)
1792 struct sk_buff *skb;
1795 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1796 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1798 /* Send pending MSC */
1799 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1800 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1804 * Give them some credits */
1805 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1806 d->rx_credits <= (d->cfc >> 2)) {
1807 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1808 d->rx_credits = d->cfc;
1812 * Give ourselves some credits */
1816 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1817 return skb_queue_len(&d->tx_queue);
1819 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1820 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1822 skb_queue_head(&d->tx_queue, skb);
1829 if (d->cfc && !d->tx_credits) {
1830 /* We're out of TX credits.
1831 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1832 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1835 return skb_queue_len(&d->tx_queue);
1838 static void rfcomm_process_dlcs(struct rfcomm_session *s)
1840 struct rfcomm_dlc *d, *n;
1842 BT_DBG("session %p state %ld", s, s->state);
1844 list_for_each_entry_safe(d, n, &s->dlcs, list) {
1845 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1846 __rfcomm_dlc_close(d, ETIMEDOUT);
1850 if (test_bit(RFCOMM_ENC_DROP, &d->flags)) {
1851 __rfcomm_dlc_close(d, ECONNREFUSED);
1855 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1856 rfcomm_dlc_clear_timer(d);
1858 rfcomm_send_pn(s, 1, d);
1859 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1861 if (d->defer_setup) {
1862 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1863 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1866 d->state = BT_CONNECT2;
1867 d->state_change(d, 0);
1868 rfcomm_dlc_unlock(d);
1870 rfcomm_dlc_accept(d);
1873 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1874 rfcomm_dlc_clear_timer(d);
1876 rfcomm_send_dm(s, d->dlci);
1878 d->state = BT_CLOSED;
1879 __rfcomm_dlc_close(d, ECONNREFUSED);
1883 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1886 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1889 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1890 d->mscex == RFCOMM_MSCEX_OK)
1891 rfcomm_process_tx(d);
1895 static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s)
1897 struct socket *sock = s->sock;
1898 struct sock *sk = sock->sk;
1899 struct sk_buff *skb;
1901 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1903 /* Get data directly from socket receive queue without copying it. */
1904 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1906 if (!skb_linearize(skb)) {
1907 s = rfcomm_recv_frame(s, skb);
1915 if (s && (sk->sk_state == BT_CLOSED))
1916 s = rfcomm_session_close(s, sk->sk_err);
1921 static void rfcomm_accept_connection(struct rfcomm_session *s)
1923 struct socket *sock = s->sock, *nsock;
1926 /* Fast check for a new connection.
1927 * Avoids unnesesary socket allocations. */
1928 if (list_empty(&bt_sk(sock->sk)->accept_q))
1931 BT_DBG("session %p", s);
1933 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1937 /* Set our callbacks */
1938 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1939 nsock->sk->sk_state_change = rfcomm_l2state_change;
1941 s = rfcomm_session_add(nsock, BT_OPEN);
1943 /* We should adjust MTU on incoming sessions.
1944 * L2CAP MTU minus UIH header and FCS. */
1945 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1946 l2cap_pi(nsock->sk)->chan->imtu) - 5;
1950 sock_release(nsock);
1953 static struct rfcomm_session *rfcomm_check_connection(struct rfcomm_session *s)
1955 struct sock *sk = s->sock->sk;
1957 BT_DBG("%p state %ld", s, s->state);
1959 switch (sk->sk_state) {
1961 s->state = BT_CONNECT;
1963 /* We can adjust MTU on outgoing sessions.
1964 * L2CAP MTU minus UIH header and FCS. */
1965 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
1967 rfcomm_send_sabm(s, 0);
1971 s = rfcomm_session_close(s, sk->sk_err);
1977 static void rfcomm_process_sessions(void)
1979 struct rfcomm_session *s, *n;
1983 list_for_each_entry_safe(s, n, &session_list, list) {
1984 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1985 s->state = BT_DISCONN;
1986 rfcomm_send_disc(s, 0);
1992 rfcomm_accept_connection(s);
1996 s = rfcomm_check_connection(s);
2000 s = rfcomm_process_rx(s);
2005 rfcomm_process_dlcs(s);
2011 static int rfcomm_add_listener(bdaddr_t *ba)
2013 struct sockaddr_l2 addr;
2014 struct socket *sock;
2016 struct rfcomm_session *s;
2020 err = rfcomm_l2sock_create(&sock);
2022 BT_ERR("Create socket failed %d", err);
2027 bacpy(&addr.l2_bdaddr, ba);
2028 addr.l2_family = AF_BLUETOOTH;
2029 addr.l2_psm = cpu_to_le16(L2CAP_PSM_RFCOMM);
2031 addr.l2_bdaddr_type = BDADDR_BREDR;
2032 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
2034 BT_ERR("Bind failed %d", err);
2038 /* Set L2CAP options */
2041 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
2044 /* Start listening on the socket */
2045 err = kernel_listen(sock, 10);
2047 BT_ERR("Listen failed %d", err);
2051 /* Add listening session */
2052 s = rfcomm_session_add(sock, BT_LISTEN);
2064 static void rfcomm_kill_listener(void)
2066 struct rfcomm_session *s, *n;
2070 list_for_each_entry_safe(s, n, &session_list, list)
2071 rfcomm_session_del(s);
2074 static int rfcomm_run(void *unused)
2076 DEFINE_WAIT_FUNC(wait, woken_wake_function);
2079 set_user_nice(current, -10);
2081 rfcomm_add_listener(BDADDR_ANY);
2083 add_wait_queue(&rfcomm_wq, &wait);
2084 while (!kthread_should_stop()) {
2087 rfcomm_process_sessions();
2089 wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
2091 remove_wait_queue(&rfcomm_wq, &wait);
2093 rfcomm_kill_listener();
2098 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2100 struct rfcomm_session *s;
2101 struct rfcomm_dlc *d, *n;
2103 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2105 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2109 list_for_each_entry_safe(d, n, &s->dlcs, list) {
2110 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2111 rfcomm_dlc_clear_timer(d);
2112 if (status || encrypt == 0x00) {
2113 set_bit(RFCOMM_ENC_DROP, &d->flags);
2118 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2119 if (d->sec_level == BT_SECURITY_MEDIUM) {
2120 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2121 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2123 } else if (d->sec_level == BT_SECURITY_HIGH ||
2124 d->sec_level == BT_SECURITY_FIPS) {
2125 set_bit(RFCOMM_ENC_DROP, &d->flags);
2130 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2133 if (!status && hci_conn_check_secure(conn, d->sec_level))
2134 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2136 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2142 static struct hci_cb rfcomm_cb = {
2144 .security_cfm = rfcomm_security_cfm
2147 static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2149 struct rfcomm_session *s;
2153 list_for_each_entry(s, &session_list, list) {
2154 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
2155 struct rfcomm_dlc *d;
2156 list_for_each_entry(d, &s->dlcs, list) {
2157 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n",
2158 &chan->src, &chan->dst,
2159 d->state, d->dlci, d->mtu,
2160 d->rx_credits, d->tx_credits);
2169 static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file)
2171 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private);
2174 static const struct file_operations rfcomm_dlc_debugfs_fops = {
2175 .open = rfcomm_dlc_debugfs_open,
2177 .llseek = seq_lseek,
2178 .release = single_release,
2181 static struct dentry *rfcomm_dlc_debugfs;
2183 /* ---- Initialization ---- */
2184 static int __init rfcomm_init(void)
2188 hci_register_cb(&rfcomm_cb);
2190 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2191 if (IS_ERR(rfcomm_thread)) {
2192 err = PTR_ERR(rfcomm_thread);
2196 err = rfcomm_init_ttys();
2200 err = rfcomm_init_sockets();
2204 BT_INFO("RFCOMM ver %s", VERSION);
2206 if (IS_ERR_OR_NULL(bt_debugfs))
2209 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2211 &rfcomm_dlc_debugfs_fops);
2216 rfcomm_cleanup_ttys();
2219 kthread_stop(rfcomm_thread);
2222 hci_unregister_cb(&rfcomm_cb);
2227 static void __exit rfcomm_exit(void)
2229 debugfs_remove(rfcomm_dlc_debugfs);
2231 hci_unregister_cb(&rfcomm_cb);
2233 kthread_stop(rfcomm_thread);
2235 rfcomm_cleanup_ttys();
2237 rfcomm_cleanup_sockets();
2240 module_init(rfcomm_init);
2241 module_exit(rfcomm_exit);
2243 module_param(disable_cfc, bool, 0644);
2244 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2246 module_param(channel_mtu, int, 0644);
2247 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2249 module_param(l2cap_mtu, uint, 0644);
2250 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2252 module_param(l2cap_ertm, bool, 0644);
2253 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2255 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2256 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2257 MODULE_VERSION(VERSION);
2258 MODULE_LICENSE("GPL");
2259 MODULE_ALIAS("bt-proto-3");
projects / cascardo / linux.git / blob