2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
28 #include <linux/module.h>
29 #include <linux/debugfs.h>
30 #include <linux/kthread.h>
31 #include <asm/unaligned.h>
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35 #include <net/bluetooth/l2cap.h>
36 #include <net/bluetooth/rfcomm.h>
38 #define VERSION "1.11"
40 static bool disable_cfc;
41 static bool l2cap_ertm;
42 static int channel_mtu = -1;
43 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
45 static struct task_struct *rfcomm_thread;
47 static DEFINE_MUTEX(rfcomm_mutex);
48 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
49 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
52 static LIST_HEAD(session_list);
54 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
55 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
56 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
57 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
58 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
59 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
60 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
61 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
62 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
63 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
65 static void rfcomm_process_connect(struct rfcomm_session *s);
67 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
71 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
72 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s);
74 /* ---- RFCOMM frame parsing macros ---- */
75 #define __get_dlci(b) ((b & 0xfc) >> 2)
76 #define __get_channel(b) ((b & 0xf8) >> 3)
77 #define __get_dir(b) ((b & 0x04) >> 2)
78 #define __get_type(b) ((b & 0xef))
80 #define __test_ea(b) ((b & 0x01))
81 #define __test_cr(b) ((b & 0x02))
82 #define __test_pf(b) ((b & 0x10))
84 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
85 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
86 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
87 #define __srv_channel(dlci) (dlci >> 1)
88 #define __dir(dlci) (dlci & 0x01)
90 #define __len8(len) (((len) << 1) | 1)
91 #define __len16(len) ((len) << 1)
94 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
95 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
96 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
99 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
100 #define __get_rpn_data_bits(line) ((line) & 0x3)
101 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
102 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
104 static void rfcomm_schedule(void)
108 wake_up_process(rfcomm_thread);
111 /* ---- RFCOMM FCS computation ---- */
113 /* reversed, 8-bit, poly=0x07 */
114 static unsigned char rfcomm_crc_table[256] = {
115 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
116 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
117 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
118 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
120 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
121 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
122 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
123 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
125 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
126 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
127 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
128 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
130 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
131 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
132 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
133 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
135 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
136 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
137 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
138 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
140 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
141 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
142 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
143 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
145 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
146 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
147 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
148 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
150 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
151 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
152 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
153 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
157 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
160 static inline u8 __fcs(u8 *data)
162 return 0xff - __crc(data);
166 static inline u8 __fcs2(u8 *data)
168 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
172 static inline int __check_fcs(u8 *data, int type, u8 fcs)
176 if (type != RFCOMM_UIH)
177 f = rfcomm_crc_table[f ^ data[2]];
179 return rfcomm_crc_table[f ^ fcs] != 0xcf;
182 /* ---- L2CAP callbacks ---- */
183 static void rfcomm_l2state_change(struct sock *sk)
185 BT_DBG("%p state %d", sk, sk->sk_state);
189 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
191 BT_DBG("%p bytes %d", sk, bytes);
195 static int rfcomm_l2sock_create(struct socket **sock)
201 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
203 struct sock *sk = (*sock)->sk;
204 sk->sk_data_ready = rfcomm_l2data_ready;
205 sk->sk_state_change = rfcomm_l2state_change;
210 static int rfcomm_check_security(struct rfcomm_dlc *d)
212 struct sock *sk = d->session->sock->sk;
213 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
217 switch (d->sec_level) {
218 case BT_SECURITY_HIGH:
219 auth_type = HCI_AT_GENERAL_BONDING_MITM;
221 case BT_SECURITY_MEDIUM:
222 auth_type = HCI_AT_GENERAL_BONDING;
225 auth_type = HCI_AT_NO_BONDING;
229 return hci_conn_security(conn->hcon, d->sec_level, auth_type);
232 static void rfcomm_session_timeout(unsigned long arg)
234 struct rfcomm_session *s = (void *) arg;
236 BT_DBG("session %p state %ld", s, s->state);
238 set_bit(RFCOMM_TIMED_OUT, &s->flags);
242 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
244 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
246 mod_timer(&s->timer, jiffies + timeout);
249 static void rfcomm_session_clear_timer(struct rfcomm_session *s)
251 BT_DBG("session %p state %ld", s, s->state);
253 del_timer_sync(&s->timer);
256 /* ---- RFCOMM DLCs ---- */
257 static void rfcomm_dlc_timeout(unsigned long arg)
259 struct rfcomm_dlc *d = (void *) arg;
261 BT_DBG("dlc %p state %ld", d, d->state);
263 set_bit(RFCOMM_TIMED_OUT, &d->flags);
268 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
270 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
272 if (!mod_timer(&d->timer, jiffies + timeout))
276 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
278 BT_DBG("dlc %p state %ld", d, d->state);
280 if (del_timer(&d->timer))
284 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
291 d->sec_level = BT_SECURITY_LOW;
292 d->mtu = RFCOMM_DEFAULT_MTU;
293 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
295 d->cfc = RFCOMM_CFC_DISABLED;
296 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
299 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
301 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
306 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
308 skb_queue_head_init(&d->tx_queue);
309 spin_lock_init(&d->lock);
310 atomic_set(&d->refcnt, 1);
312 rfcomm_dlc_clear_state(d);
319 void rfcomm_dlc_free(struct rfcomm_dlc *d)
323 skb_queue_purge(&d->tx_queue);
327 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
329 BT_DBG("dlc %p session %p", d, s);
331 rfcomm_session_clear_timer(s);
333 list_add(&d->list, &s->dlcs);
337 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
339 struct rfcomm_session *s = d->session;
341 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
347 if (list_empty(&s->dlcs))
348 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
351 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
353 struct rfcomm_dlc *d;
355 list_for_each_entry(d, &s->dlcs, list)
362 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
364 struct rfcomm_session *s;
368 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d",
369 d, d->state, src, dst, channel);
371 if (channel < 1 || channel > 30)
374 if (d->state != BT_OPEN && d->state != BT_CLOSED)
377 s = rfcomm_session_get(src, dst);
379 s = rfcomm_session_create(src, dst, d->sec_level, &err);
384 dlci = __dlci(!s->initiator, channel);
386 /* Check if DLCI already exists */
387 if (rfcomm_dlc_get(s, dlci))
390 rfcomm_dlc_clear_state(d);
393 d->addr = __addr(s->initiator, dlci);
396 d->state = BT_CONFIG;
397 rfcomm_dlc_link(s, d);
402 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
404 if (s->state == BT_CONNECTED) {
405 if (rfcomm_check_security(d))
406 rfcomm_send_pn(s, 1, d);
408 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
411 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
416 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
422 r = __rfcomm_dlc_open(d, src, dst, channel);
428 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
430 struct rfcomm_session *s = d->session;
434 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
435 d, d->state, d->dlci, err, s);
440 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
441 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
448 d->state = BT_DISCONN;
449 if (skb_queue_empty(&d->tx_queue)) {
450 rfcomm_send_disc(s, d->dlci);
451 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
453 rfcomm_queue_disc(d);
454 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
460 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
461 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
468 rfcomm_dlc_clear_timer(d);
471 d->state = BT_CLOSED;
472 d->state_change(d, err);
473 rfcomm_dlc_unlock(d);
475 skb_queue_purge(&d->tx_queue);
476 rfcomm_dlc_unlink(d);
482 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
485 struct rfcomm_dlc *d_list;
486 struct rfcomm_session *s, *s_list;
488 BT_DBG("dlc %p state %ld dlci %d err %d", d, d->state, d->dlci, err);
496 /* after waiting on the mutex check the session still exists
497 * then check the dlc still exists
499 list_for_each_entry(s_list, &session_list, list) {
501 list_for_each_entry(d_list, &s->dlcs, list) {
503 r = __rfcomm_dlc_close(d, err);
516 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
520 if (d->state != BT_CONNECTED)
523 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
528 rfcomm_make_uih(skb, d->addr);
529 skb_queue_tail(&d->tx_queue, skb);
531 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
536 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
538 BT_DBG("dlc %p state %ld", d, d->state);
541 d->v24_sig |= RFCOMM_V24_FC;
542 set_bit(RFCOMM_MSC_PENDING, &d->flags);
547 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
549 BT_DBG("dlc %p state %ld", d, d->state);
552 d->v24_sig &= ~RFCOMM_V24_FC;
553 set_bit(RFCOMM_MSC_PENDING, &d->flags);
559 Set/get modem status functions use _local_ status i.e. what we report
561 Remote status is provided by dlc->modem_status() callback.
563 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
565 BT_DBG("dlc %p state %ld v24_sig 0x%x",
566 d, d->state, v24_sig);
568 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
569 v24_sig |= RFCOMM_V24_FC;
571 v24_sig &= ~RFCOMM_V24_FC;
573 d->v24_sig = v24_sig;
575 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
581 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
583 BT_DBG("dlc %p state %ld v24_sig 0x%x",
584 d, d->state, d->v24_sig);
586 *v24_sig = d->v24_sig;
590 /* ---- RFCOMM sessions ---- */
591 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
593 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
598 BT_DBG("session %p sock %p", s, sock);
600 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
602 INIT_LIST_HEAD(&s->dlcs);
606 s->mtu = RFCOMM_DEFAULT_MTU;
607 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
609 /* Do not increment module usage count for listening sessions.
610 * Otherwise we won't be able to unload the module. */
611 if (state != BT_LISTEN)
612 if (!try_module_get(THIS_MODULE)) {
617 list_add(&s->list, &session_list);
622 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s)
624 int state = s->state;
626 BT_DBG("session %p state %ld", s, s->state);
630 rfcomm_session_clear_timer(s);
631 sock_release(s->sock);
634 if (state != BT_LISTEN)
635 module_put(THIS_MODULE);
640 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
642 struct rfcomm_session *s;
643 struct list_head *p, *n;
644 struct l2cap_chan *chan;
645 list_for_each_safe(p, n, &session_list) {
646 s = list_entry(p, struct rfcomm_session, list);
647 chan = l2cap_pi(s->sock->sk)->chan;
649 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&chan->src, src)) &&
650 !bacmp(&chan->dst, dst))
656 static struct rfcomm_session *rfcomm_session_close(struct rfcomm_session *s,
659 struct rfcomm_dlc *d;
660 struct list_head *p, *n;
662 s->state = BT_CLOSED;
664 BT_DBG("session %p state %ld err %d", s, s->state, err);
667 list_for_each_safe(p, n, &s->dlcs) {
668 d = list_entry(p, struct rfcomm_dlc, list);
669 d->state = BT_CLOSED;
670 __rfcomm_dlc_close(d, err);
673 rfcomm_session_clear_timer(s);
674 return rfcomm_session_del(s);
677 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
682 struct rfcomm_session *s = NULL;
683 struct sockaddr_l2 addr;
687 BT_DBG("%pMR -> %pMR", src, dst);
689 *err = rfcomm_l2sock_create(&sock);
693 bacpy(&addr.l2_bdaddr, src);
694 addr.l2_family = AF_BLUETOOTH;
697 addr.l2_bdaddr_type = BDADDR_BREDR;
698 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
702 /* Set L2CAP options */
705 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
706 l2cap_pi(sk)->chan->sec_level = sec_level;
708 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
711 s = rfcomm_session_add(sock, BT_BOUND);
719 bacpy(&addr.l2_bdaddr, dst);
720 addr.l2_family = AF_BLUETOOTH;
721 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
723 addr.l2_bdaddr_type = BDADDR_BREDR;
724 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
725 if (*err == 0 || *err == -EINPROGRESS)
728 return rfcomm_session_del(s);
735 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
737 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
739 bacpy(src, &chan->src);
741 bacpy(dst, &chan->dst);
744 /* ---- RFCOMM frame sending ---- */
745 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
747 struct kvec iv = { data, len };
750 BT_DBG("session %p len %d", s, len);
752 memset(&msg, 0, sizeof(msg));
754 return kernel_sendmsg(s->sock, &msg, &iv, 1, len);
757 static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd)
759 BT_DBG("%p cmd %u", s, cmd->ctrl);
761 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd));
764 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
766 struct rfcomm_cmd cmd;
768 BT_DBG("%p dlci %d", s, dlci);
770 cmd.addr = __addr(s->initiator, dlci);
771 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
773 cmd.fcs = __fcs2((u8 *) &cmd);
775 return rfcomm_send_cmd(s, &cmd);
778 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
780 struct rfcomm_cmd cmd;
782 BT_DBG("%p dlci %d", s, dlci);
784 cmd.addr = __addr(!s->initiator, dlci);
785 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
787 cmd.fcs = __fcs2((u8 *) &cmd);
789 return rfcomm_send_cmd(s, &cmd);
792 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
794 struct rfcomm_cmd cmd;
796 BT_DBG("%p dlci %d", s, dlci);
798 cmd.addr = __addr(s->initiator, dlci);
799 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
801 cmd.fcs = __fcs2((u8 *) &cmd);
803 return rfcomm_send_cmd(s, &cmd);
806 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
808 struct rfcomm_cmd *cmd;
811 BT_DBG("dlc %p dlci %d", d, d->dlci);
813 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
817 cmd = (void *) __skb_put(skb, sizeof(*cmd));
819 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
820 cmd->len = __len8(0);
821 cmd->fcs = __fcs2((u8 *) cmd);
823 skb_queue_tail(&d->tx_queue, skb);
828 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
830 struct rfcomm_cmd cmd;
832 BT_DBG("%p dlci %d", s, dlci);
834 cmd.addr = __addr(!s->initiator, dlci);
835 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
837 cmd.fcs = __fcs2((u8 *) &cmd);
839 return rfcomm_send_cmd(s, &cmd);
842 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
844 struct rfcomm_hdr *hdr;
845 struct rfcomm_mcc *mcc;
846 u8 buf[16], *ptr = buf;
848 BT_DBG("%p cr %d type %d", s, cr, type);
850 hdr = (void *) ptr; ptr += sizeof(*hdr);
851 hdr->addr = __addr(s->initiator, 0);
852 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
853 hdr->len = __len8(sizeof(*mcc) + 1);
855 mcc = (void *) ptr; ptr += sizeof(*mcc);
856 mcc->type = __mcc_type(cr, RFCOMM_NSC);
857 mcc->len = __len8(1);
859 /* Type that we didn't like */
860 *ptr = __mcc_type(cr, type); ptr++;
862 *ptr = __fcs(buf); ptr++;
864 return rfcomm_send_frame(s, buf, ptr - buf);
867 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
869 struct rfcomm_hdr *hdr;
870 struct rfcomm_mcc *mcc;
871 struct rfcomm_pn *pn;
872 u8 buf[16], *ptr = buf;
874 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
876 hdr = (void *) ptr; ptr += sizeof(*hdr);
877 hdr->addr = __addr(s->initiator, 0);
878 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
879 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
881 mcc = (void *) ptr; ptr += sizeof(*mcc);
882 mcc->type = __mcc_type(cr, RFCOMM_PN);
883 mcc->len = __len8(sizeof(*pn));
885 pn = (void *) ptr; ptr += sizeof(*pn);
887 pn->priority = d->priority;
892 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
893 pn->credits = RFCOMM_DEFAULT_CREDITS;
899 if (cr && channel_mtu >= 0)
900 pn->mtu = cpu_to_le16(channel_mtu);
902 pn->mtu = cpu_to_le16(d->mtu);
904 *ptr = __fcs(buf); ptr++;
906 return rfcomm_send_frame(s, buf, ptr - buf);
909 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
910 u8 bit_rate, u8 data_bits, u8 stop_bits,
911 u8 parity, u8 flow_ctrl_settings,
912 u8 xon_char, u8 xoff_char, u16 param_mask)
914 struct rfcomm_hdr *hdr;
915 struct rfcomm_mcc *mcc;
916 struct rfcomm_rpn *rpn;
917 u8 buf[16], *ptr = buf;
919 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
920 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
921 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
922 flow_ctrl_settings, xon_char, xoff_char, param_mask);
924 hdr = (void *) ptr; ptr += sizeof(*hdr);
925 hdr->addr = __addr(s->initiator, 0);
926 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
927 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
929 mcc = (void *) ptr; ptr += sizeof(*mcc);
930 mcc->type = __mcc_type(cr, RFCOMM_RPN);
931 mcc->len = __len8(sizeof(*rpn));
933 rpn = (void *) ptr; ptr += sizeof(*rpn);
934 rpn->dlci = __addr(1, dlci);
935 rpn->bit_rate = bit_rate;
936 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
937 rpn->flow_ctrl = flow_ctrl_settings;
938 rpn->xon_char = xon_char;
939 rpn->xoff_char = xoff_char;
940 rpn->param_mask = cpu_to_le16(param_mask);
942 *ptr = __fcs(buf); ptr++;
944 return rfcomm_send_frame(s, buf, ptr - buf);
947 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
949 struct rfcomm_hdr *hdr;
950 struct rfcomm_mcc *mcc;
951 struct rfcomm_rls *rls;
952 u8 buf[16], *ptr = buf;
954 BT_DBG("%p cr %d status 0x%x", s, cr, status);
956 hdr = (void *) ptr; ptr += sizeof(*hdr);
957 hdr->addr = __addr(s->initiator, 0);
958 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
959 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
961 mcc = (void *) ptr; ptr += sizeof(*mcc);
962 mcc->type = __mcc_type(cr, RFCOMM_RLS);
963 mcc->len = __len8(sizeof(*rls));
965 rls = (void *) ptr; ptr += sizeof(*rls);
966 rls->dlci = __addr(1, dlci);
967 rls->status = status;
969 *ptr = __fcs(buf); ptr++;
971 return rfcomm_send_frame(s, buf, ptr - buf);
974 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
976 struct rfcomm_hdr *hdr;
977 struct rfcomm_mcc *mcc;
978 struct rfcomm_msc *msc;
979 u8 buf[16], *ptr = buf;
981 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
983 hdr = (void *) ptr; ptr += sizeof(*hdr);
984 hdr->addr = __addr(s->initiator, 0);
985 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
986 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
988 mcc = (void *) ptr; ptr += sizeof(*mcc);
989 mcc->type = __mcc_type(cr, RFCOMM_MSC);
990 mcc->len = __len8(sizeof(*msc));
992 msc = (void *) ptr; ptr += sizeof(*msc);
993 msc->dlci = __addr(1, dlci);
994 msc->v24_sig = v24_sig | 0x01;
996 *ptr = __fcs(buf); ptr++;
998 return rfcomm_send_frame(s, buf, ptr - buf);
1001 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
1003 struct rfcomm_hdr *hdr;
1004 struct rfcomm_mcc *mcc;
1005 u8 buf[16], *ptr = buf;
1007 BT_DBG("%p cr %d", s, cr);
1009 hdr = (void *) ptr; ptr += sizeof(*hdr);
1010 hdr->addr = __addr(s->initiator, 0);
1011 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1012 hdr->len = __len8(sizeof(*mcc));
1014 mcc = (void *) ptr; ptr += sizeof(*mcc);
1015 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1016 mcc->len = __len8(0);
1018 *ptr = __fcs(buf); ptr++;
1020 return rfcomm_send_frame(s, buf, ptr - buf);
1023 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1025 struct rfcomm_hdr *hdr;
1026 struct rfcomm_mcc *mcc;
1027 u8 buf[16], *ptr = buf;
1029 BT_DBG("%p cr %d", s, cr);
1031 hdr = (void *) ptr; ptr += sizeof(*hdr);
1032 hdr->addr = __addr(s->initiator, 0);
1033 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1034 hdr->len = __len8(sizeof(*mcc));
1036 mcc = (void *) ptr; ptr += sizeof(*mcc);
1037 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1038 mcc->len = __len8(0);
1040 *ptr = __fcs(buf); ptr++;
1042 return rfcomm_send_frame(s, buf, ptr - buf);
1045 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1047 struct socket *sock = s->sock;
1050 unsigned char hdr[5], crc[1];
1055 BT_DBG("%p cr %d", s, cr);
1057 hdr[0] = __addr(s->initiator, 0);
1058 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1059 hdr[2] = 0x01 | ((len + 2) << 1);
1060 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1061 hdr[4] = 0x01 | (len << 1);
1063 crc[0] = __fcs(hdr);
1065 iv[0].iov_base = hdr;
1067 iv[1].iov_base = pattern;
1068 iv[1].iov_len = len;
1069 iv[2].iov_base = crc;
1072 memset(&msg, 0, sizeof(msg));
1074 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1077 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1079 struct rfcomm_hdr *hdr;
1080 u8 buf[16], *ptr = buf;
1082 BT_DBG("%p addr %d credits %d", s, addr, credits);
1084 hdr = (void *) ptr; ptr += sizeof(*hdr);
1086 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1087 hdr->len = __len8(0);
1089 *ptr = credits; ptr++;
1091 *ptr = __fcs(buf); ptr++;
1093 return rfcomm_send_frame(s, buf, ptr - buf);
1096 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1098 struct rfcomm_hdr *hdr;
1103 hdr = (void *) skb_push(skb, 4);
1104 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1106 hdr = (void *) skb_push(skb, 3);
1107 hdr->len = __len8(len);
1110 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1112 crc = skb_put(skb, 1);
1113 *crc = __fcs((void *) hdr);
1116 /* ---- RFCOMM frame reception ---- */
1117 static struct rfcomm_session *rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1119 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1123 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1125 rfcomm_send_dm(s, dlci);
1131 rfcomm_dlc_clear_timer(d);
1134 d->state = BT_CONNECTED;
1135 d->state_change(d, 0);
1136 rfcomm_dlc_unlock(d);
1138 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1142 d->state = BT_CLOSED;
1143 __rfcomm_dlc_close(d, 0);
1145 if (list_empty(&s->dlcs)) {
1146 s->state = BT_DISCONN;
1147 rfcomm_send_disc(s, 0);
1148 rfcomm_session_clear_timer(s);
1154 /* Control channel */
1157 s->state = BT_CONNECTED;
1158 rfcomm_process_connect(s);
1162 s = rfcomm_session_close(s, ECONNRESET);
1169 static struct rfcomm_session *rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1173 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1177 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1179 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1184 d->state = BT_CLOSED;
1185 __rfcomm_dlc_close(d, err);
1188 if (s->state == BT_CONNECT)
1193 s = rfcomm_session_close(s, err);
1198 static struct rfcomm_session *rfcomm_recv_disc(struct rfcomm_session *s,
1203 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1206 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1208 rfcomm_send_ua(s, dlci);
1210 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1215 d->state = BT_CLOSED;
1216 __rfcomm_dlc_close(d, err);
1218 rfcomm_send_dm(s, dlci);
1221 rfcomm_send_ua(s, 0);
1223 if (s->state == BT_CONNECT)
1228 s = rfcomm_session_close(s, err);
1233 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1235 struct sock *sk = d->session->sock->sk;
1236 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1238 BT_DBG("dlc %p", d);
1240 rfcomm_send_ua(d->session, d->dlci);
1242 rfcomm_dlc_clear_timer(d);
1245 d->state = BT_CONNECTED;
1246 d->state_change(d, 0);
1247 rfcomm_dlc_unlock(d);
1250 hci_conn_switch_role(conn->hcon, 0x00);
1252 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1255 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1257 if (rfcomm_check_security(d)) {
1258 if (d->defer_setup) {
1259 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1260 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1263 d->state = BT_CONNECT2;
1264 d->state_change(d, 0);
1265 rfcomm_dlc_unlock(d);
1267 rfcomm_dlc_accept(d);
1269 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1270 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1274 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1276 struct rfcomm_dlc *d;
1279 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1282 rfcomm_send_ua(s, 0);
1284 if (s->state == BT_OPEN) {
1285 s->state = BT_CONNECTED;
1286 rfcomm_process_connect(s);
1291 /* Check if DLC exists */
1292 d = rfcomm_dlc_get(s, dlci);
1294 if (d->state == BT_OPEN) {
1295 /* DLC was previously opened by PN request */
1296 rfcomm_check_accept(d);
1301 /* Notify socket layer about incoming connection */
1302 channel = __srv_channel(dlci);
1303 if (rfcomm_connect_ind(s, channel, &d)) {
1305 d->addr = __addr(s->initiator, dlci);
1306 rfcomm_dlc_link(s, d);
1308 rfcomm_check_accept(d);
1310 rfcomm_send_dm(s, dlci);
1316 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1318 struct rfcomm_session *s = d->session;
1320 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1321 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1323 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1324 pn->flow_ctrl == 0xe0) {
1325 d->cfc = RFCOMM_CFC_ENABLED;
1326 d->tx_credits = pn->credits;
1328 d->cfc = RFCOMM_CFC_DISABLED;
1329 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1332 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1335 d->priority = pn->priority;
1337 d->mtu = __le16_to_cpu(pn->mtu);
1339 if (cr && d->mtu > s->mtu)
1345 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1347 struct rfcomm_pn *pn = (void *) skb->data;
1348 struct rfcomm_dlc *d;
1351 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1356 d = rfcomm_dlc_get(s, dlci);
1360 rfcomm_apply_pn(d, cr, pn);
1361 rfcomm_send_pn(s, 0, d);
1366 rfcomm_apply_pn(d, cr, pn);
1368 d->state = BT_CONNECT;
1369 rfcomm_send_sabm(s, d->dlci);
1374 u8 channel = __srv_channel(dlci);
1379 /* PN request for non existing DLC.
1380 * Assume incoming connection. */
1381 if (rfcomm_connect_ind(s, channel, &d)) {
1383 d->addr = __addr(s->initiator, dlci);
1384 rfcomm_dlc_link(s, d);
1386 rfcomm_apply_pn(d, cr, pn);
1389 rfcomm_send_pn(s, 0, d);
1391 rfcomm_send_dm(s, dlci);
1397 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1399 struct rfcomm_rpn *rpn = (void *) skb->data;
1400 u8 dlci = __get_dlci(rpn->dlci);
1409 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1411 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1412 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1413 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1419 /* This is a request, return default (according to ETSI TS 07.10) settings */
1420 bit_rate = RFCOMM_RPN_BR_9600;
1421 data_bits = RFCOMM_RPN_DATA_8;
1422 stop_bits = RFCOMM_RPN_STOP_1;
1423 parity = RFCOMM_RPN_PARITY_NONE;
1424 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1425 xon_char = RFCOMM_RPN_XON_CHAR;
1426 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1430 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1431 * no parity, no flow control lines, normal XON/XOFF chars */
1433 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1434 bit_rate = rpn->bit_rate;
1435 if (bit_rate > RFCOMM_RPN_BR_230400) {
1436 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1437 bit_rate = RFCOMM_RPN_BR_9600;
1438 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1442 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1443 data_bits = __get_rpn_data_bits(rpn->line_settings);
1444 if (data_bits != RFCOMM_RPN_DATA_8) {
1445 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1446 data_bits = RFCOMM_RPN_DATA_8;
1447 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1451 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1452 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1453 if (stop_bits != RFCOMM_RPN_STOP_1) {
1454 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1455 stop_bits = RFCOMM_RPN_STOP_1;
1456 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1460 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1461 parity = __get_rpn_parity(rpn->line_settings);
1462 if (parity != RFCOMM_RPN_PARITY_NONE) {
1463 BT_DBG("RPN parity mismatch 0x%x", parity);
1464 parity = RFCOMM_RPN_PARITY_NONE;
1465 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1469 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1470 flow_ctrl = rpn->flow_ctrl;
1471 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1472 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1473 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1474 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1478 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1479 xon_char = rpn->xon_char;
1480 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1481 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1482 xon_char = RFCOMM_RPN_XON_CHAR;
1483 rpn_mask ^= RFCOMM_RPN_PM_XON;
1487 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1488 xoff_char = rpn->xoff_char;
1489 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1490 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1491 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1492 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1497 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1498 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1503 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1505 struct rfcomm_rls *rls = (void *) skb->data;
1506 u8 dlci = __get_dlci(rls->dlci);
1508 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1513 /* We should probably do something with this information here. But
1514 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1515 * mandatory to recognise and respond to RLS */
1517 rfcomm_send_rls(s, 0, dlci, rls->status);
1522 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1524 struct rfcomm_msc *msc = (void *) skb->data;
1525 struct rfcomm_dlc *d;
1526 u8 dlci = __get_dlci(msc->dlci);
1528 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1530 d = rfcomm_dlc_get(s, dlci);
1535 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1536 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1538 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1542 d->remote_v24_sig = msc->v24_sig;
1544 if (d->modem_status)
1545 d->modem_status(d, msc->v24_sig);
1547 rfcomm_dlc_unlock(d);
1549 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1551 d->mscex |= RFCOMM_MSCEX_RX;
1553 d->mscex |= RFCOMM_MSCEX_TX;
1558 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1560 struct rfcomm_mcc *mcc = (void *) skb->data;
1563 cr = __test_cr(mcc->type);
1564 type = __get_mcc_type(mcc->type);
1565 len = __get_mcc_len(mcc->len);
1567 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1573 rfcomm_recv_pn(s, cr, skb);
1577 rfcomm_recv_rpn(s, cr, len, skb);
1581 rfcomm_recv_rls(s, cr, skb);
1585 rfcomm_recv_msc(s, cr, skb);
1590 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1591 rfcomm_send_fcoff(s, 0);
1597 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1598 rfcomm_send_fcon(s, 0);
1604 rfcomm_send_test(s, 0, skb->data, skb->len);
1611 BT_ERR("Unknown control type 0x%02x", type);
1612 rfcomm_send_nsc(s, cr, type);
1618 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1620 struct rfcomm_dlc *d;
1622 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1624 d = rfcomm_dlc_get(s, dlci);
1626 rfcomm_send_dm(s, dlci);
1631 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1633 d->tx_credits += credits;
1635 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1638 if (skb->len && d->state == BT_CONNECTED) {
1641 d->data_ready(d, skb);
1642 rfcomm_dlc_unlock(d);
1651 static struct rfcomm_session *rfcomm_recv_frame(struct rfcomm_session *s,
1652 struct sk_buff *skb)
1654 struct rfcomm_hdr *hdr = (void *) skb->data;
1658 /* no session, so free socket data */
1663 dlci = __get_dlci(hdr->addr);
1664 type = __get_type(hdr->ctrl);
1667 skb->len--; skb->tail--;
1668 fcs = *(u8 *)skb_tail_pointer(skb);
1670 if (__check_fcs(skb->data, type, fcs)) {
1671 BT_ERR("bad checksum in packet");
1676 if (__test_ea(hdr->len))
1683 if (__test_pf(hdr->ctrl))
1684 rfcomm_recv_sabm(s, dlci);
1688 if (__test_pf(hdr->ctrl))
1689 s = rfcomm_recv_disc(s, dlci);
1693 if (__test_pf(hdr->ctrl))
1694 s = rfcomm_recv_ua(s, dlci);
1698 s = rfcomm_recv_dm(s, dlci);
1703 rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1706 rfcomm_recv_mcc(s, skb);
1710 BT_ERR("Unknown packet type 0x%02x", type);
1717 /* ---- Connection and data processing ---- */
1719 static void rfcomm_process_connect(struct rfcomm_session *s)
1721 struct rfcomm_dlc *d;
1722 struct list_head *p, *n;
1724 BT_DBG("session %p state %ld", s, s->state);
1726 list_for_each_safe(p, n, &s->dlcs) {
1727 d = list_entry(p, struct rfcomm_dlc, list);
1728 if (d->state == BT_CONFIG) {
1730 if (rfcomm_check_security(d)) {
1731 rfcomm_send_pn(s, 1, d);
1733 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1734 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1740 /* Send data queued for the DLC.
1741 * Return number of frames left in the queue.
1743 static int rfcomm_process_tx(struct rfcomm_dlc *d)
1745 struct sk_buff *skb;
1748 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1749 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1751 /* Send pending MSC */
1752 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1753 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1757 * Give them some credits */
1758 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1759 d->rx_credits <= (d->cfc >> 2)) {
1760 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1761 d->rx_credits = d->cfc;
1765 * Give ourselves some credits */
1769 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1770 return skb_queue_len(&d->tx_queue);
1772 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1773 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1775 skb_queue_head(&d->tx_queue, skb);
1782 if (d->cfc && !d->tx_credits) {
1783 /* We're out of TX credits.
1784 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1785 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1788 return skb_queue_len(&d->tx_queue);
1791 static void rfcomm_process_dlcs(struct rfcomm_session *s)
1793 struct rfcomm_dlc *d;
1794 struct list_head *p, *n;
1796 BT_DBG("session %p state %ld", s, s->state);
1798 list_for_each_safe(p, n, &s->dlcs) {
1799 d = list_entry(p, struct rfcomm_dlc, list);
1801 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1802 __rfcomm_dlc_close(d, ETIMEDOUT);
1806 if (test_bit(RFCOMM_ENC_DROP, &d->flags)) {
1807 __rfcomm_dlc_close(d, ECONNREFUSED);
1811 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1812 rfcomm_dlc_clear_timer(d);
1814 rfcomm_send_pn(s, 1, d);
1815 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1817 if (d->defer_setup) {
1818 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1819 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1822 d->state = BT_CONNECT2;
1823 d->state_change(d, 0);
1824 rfcomm_dlc_unlock(d);
1826 rfcomm_dlc_accept(d);
1829 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1830 rfcomm_dlc_clear_timer(d);
1832 rfcomm_send_dm(s, d->dlci);
1834 d->state = BT_CLOSED;
1835 __rfcomm_dlc_close(d, ECONNREFUSED);
1839 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1842 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1845 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1846 d->mscex == RFCOMM_MSCEX_OK)
1847 rfcomm_process_tx(d);
1851 static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s)
1853 struct socket *sock = s->sock;
1854 struct sock *sk = sock->sk;
1855 struct sk_buff *skb;
1857 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1859 /* Get data directly from socket receive queue without copying it. */
1860 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1862 if (!skb_linearize(skb))
1863 s = rfcomm_recv_frame(s, skb);
1868 if (s && (sk->sk_state == BT_CLOSED))
1869 s = rfcomm_session_close(s, sk->sk_err);
1874 static void rfcomm_accept_connection(struct rfcomm_session *s)
1876 struct socket *sock = s->sock, *nsock;
1879 /* Fast check for a new connection.
1880 * Avoids unnesesary socket allocations. */
1881 if (list_empty(&bt_sk(sock->sk)->accept_q))
1884 BT_DBG("session %p", s);
1886 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1890 /* Set our callbacks */
1891 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1892 nsock->sk->sk_state_change = rfcomm_l2state_change;
1894 s = rfcomm_session_add(nsock, BT_OPEN);
1896 /* We should adjust MTU on incoming sessions.
1897 * L2CAP MTU minus UIH header and FCS. */
1898 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1899 l2cap_pi(nsock->sk)->chan->imtu) - 5;
1903 sock_release(nsock);
1906 static struct rfcomm_session *rfcomm_check_connection(struct rfcomm_session *s)
1908 struct sock *sk = s->sock->sk;
1910 BT_DBG("%p state %ld", s, s->state);
1912 switch (sk->sk_state) {
1914 s->state = BT_CONNECT;
1916 /* We can adjust MTU on outgoing sessions.
1917 * L2CAP MTU minus UIH header and FCS. */
1918 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
1920 rfcomm_send_sabm(s, 0);
1924 s = rfcomm_session_close(s, sk->sk_err);
1930 static void rfcomm_process_sessions(void)
1932 struct list_head *p, *n;
1936 list_for_each_safe(p, n, &session_list) {
1937 struct rfcomm_session *s;
1938 s = list_entry(p, struct rfcomm_session, list);
1940 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1941 s->state = BT_DISCONN;
1942 rfcomm_send_disc(s, 0);
1946 if (s->state == BT_LISTEN) {
1947 rfcomm_accept_connection(s);
1953 s = rfcomm_check_connection(s);
1957 s = rfcomm_process_rx(s);
1962 rfcomm_process_dlcs(s);
1968 static int rfcomm_add_listener(bdaddr_t *ba)
1970 struct sockaddr_l2 addr;
1971 struct socket *sock;
1973 struct rfcomm_session *s;
1977 err = rfcomm_l2sock_create(&sock);
1979 BT_ERR("Create socket failed %d", err);
1984 bacpy(&addr.l2_bdaddr, ba);
1985 addr.l2_family = AF_BLUETOOTH;
1986 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
1988 addr.l2_bdaddr_type = BDADDR_BREDR;
1989 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1991 BT_ERR("Bind failed %d", err);
1995 /* Set L2CAP options */
1998 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
2001 /* Start listening on the socket */
2002 err = kernel_listen(sock, 10);
2004 BT_ERR("Listen failed %d", err);
2008 /* Add listening session */
2009 s = rfcomm_session_add(sock, BT_LISTEN);
2021 static void rfcomm_kill_listener(void)
2023 struct rfcomm_session *s;
2024 struct list_head *p, *n;
2028 list_for_each_safe(p, n, &session_list) {
2029 s = list_entry(p, struct rfcomm_session, list);
2030 rfcomm_session_del(s);
2034 static int rfcomm_run(void *unused)
2038 set_user_nice(current, -10);
2040 rfcomm_add_listener(BDADDR_ANY);
2043 set_current_state(TASK_INTERRUPTIBLE);
2045 if (kthread_should_stop())
2049 rfcomm_process_sessions();
2053 __set_current_state(TASK_RUNNING);
2055 rfcomm_kill_listener();
2060 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2062 struct rfcomm_session *s;
2063 struct rfcomm_dlc *d;
2064 struct list_head *p, *n;
2066 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2068 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2072 list_for_each_safe(p, n, &s->dlcs) {
2073 d = list_entry(p, struct rfcomm_dlc, list);
2075 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2076 rfcomm_dlc_clear_timer(d);
2077 if (status || encrypt == 0x00) {
2078 set_bit(RFCOMM_ENC_DROP, &d->flags);
2083 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2084 if (d->sec_level == BT_SECURITY_MEDIUM) {
2085 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2086 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2088 } else if (d->sec_level == BT_SECURITY_HIGH) {
2089 set_bit(RFCOMM_ENC_DROP, &d->flags);
2094 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2097 if (!status && hci_conn_check_secure(conn, d->sec_level))
2098 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2100 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2106 static struct hci_cb rfcomm_cb = {
2108 .security_cfm = rfcomm_security_cfm
2111 static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2113 struct rfcomm_session *s;
2117 list_for_each_entry(s, &session_list, list) {
2118 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
2119 struct rfcomm_dlc *d;
2120 list_for_each_entry(d, &s->dlcs, list) {
2121 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n",
2122 &chan->src, &chan->dst,
2123 d->state, d->dlci, d->mtu,
2124 d->rx_credits, d->tx_credits);
2133 static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file)
2135 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private);
2138 static const struct file_operations rfcomm_dlc_debugfs_fops = {
2139 .open = rfcomm_dlc_debugfs_open,
2141 .llseek = seq_lseek,
2142 .release = single_release,
2145 static struct dentry *rfcomm_dlc_debugfs;
2147 /* ---- Initialization ---- */
2148 static int __init rfcomm_init(void)
2152 hci_register_cb(&rfcomm_cb);
2154 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2155 if (IS_ERR(rfcomm_thread)) {
2156 err = PTR_ERR(rfcomm_thread);
2160 err = rfcomm_init_ttys();
2164 err = rfcomm_init_sockets();
2168 BT_INFO("RFCOMM ver %s", VERSION);
2170 if (IS_ERR_OR_NULL(bt_debugfs))
2173 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2175 &rfcomm_dlc_debugfs_fops);
2180 rfcomm_cleanup_ttys();
2183 kthread_stop(rfcomm_thread);
2186 hci_unregister_cb(&rfcomm_cb);
2191 static void __exit rfcomm_exit(void)
2193 debugfs_remove(rfcomm_dlc_debugfs);
2195 hci_unregister_cb(&rfcomm_cb);
2197 kthread_stop(rfcomm_thread);
2199 rfcomm_cleanup_ttys();
2201 rfcomm_cleanup_sockets();
2204 module_init(rfcomm_init);
2205 module_exit(rfcomm_exit);
2207 module_param(disable_cfc, bool, 0644);
2208 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2210 module_param(channel_mtu, int, 0644);
2211 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2213 module_param(l2cap_mtu, uint, 0644);
2214 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2216 module_param(l2cap_ertm, bool, 0644);
2217 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2219 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2220 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2221 MODULE_VERSION(VERSION);
2222 MODULE_LICENSE("GPL");
2223 MODULE_ALIAS("bt-proto-3");
projects / cascardo / linux.git / blob