2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
28 #include <linux/module.h>
29 #include <linux/debugfs.h>
30 #include <linux/kthread.h>
31 #include <asm/unaligned.h>
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35 #include <net/bluetooth/l2cap.h>
36 #include <net/bluetooth/rfcomm.h>
38 #define VERSION "1.11"
40 static bool disable_cfc;
41 static bool l2cap_ertm;
42 static int channel_mtu = -1;
43 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
45 static struct task_struct *rfcomm_thread;
47 static DEFINE_MUTEX(rfcomm_mutex);
48 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
49 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
52 static LIST_HEAD(session_list);
54 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
55 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
56 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
57 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
58 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
59 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
60 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
61 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
62 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
63 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
65 static void rfcomm_process_connect(struct rfcomm_session *s);
67 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
71 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
72 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s);
74 /* ---- RFCOMM frame parsing macros ---- */
75 #define __get_dlci(b) ((b & 0xfc) >> 2)
76 #define __get_channel(b) ((b & 0xf8) >> 3)
77 #define __get_dir(b) ((b & 0x04) >> 2)
78 #define __get_type(b) ((b & 0xef))
80 #define __test_ea(b) ((b & 0x01))
81 #define __test_cr(b) ((b & 0x02))
82 #define __test_pf(b) ((b & 0x10))
84 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
85 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
86 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
87 #define __srv_channel(dlci) (dlci >> 1)
88 #define __dir(dlci) (dlci & 0x01)
90 #define __len8(len) (((len) << 1) | 1)
91 #define __len16(len) ((len) << 1)
94 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
95 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
96 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
99 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
100 #define __get_rpn_data_bits(line) ((line) & 0x3)
101 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
102 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
104 static void rfcomm_schedule(void)
108 wake_up_process(rfcomm_thread);
111 /* ---- RFCOMM FCS computation ---- */
113 /* reversed, 8-bit, poly=0x07 */
114 static unsigned char rfcomm_crc_table[256] = {
115 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
116 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
117 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
118 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
120 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
121 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
122 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
123 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
125 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
126 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
127 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
128 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
130 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
131 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
132 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
133 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
135 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
136 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
137 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
138 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
140 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
141 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
142 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
143 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
145 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
146 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
147 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
148 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
150 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
151 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
152 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
153 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
157 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
160 static inline u8 __fcs(u8 *data)
162 return 0xff - __crc(data);
166 static inline u8 __fcs2(u8 *data)
168 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
172 static inline int __check_fcs(u8 *data, int type, u8 fcs)
176 if (type != RFCOMM_UIH)
177 f = rfcomm_crc_table[f ^ data[2]];
179 return rfcomm_crc_table[f ^ fcs] != 0xcf;
182 /* ---- L2CAP callbacks ---- */
183 static void rfcomm_l2state_change(struct sock *sk)
185 BT_DBG("%p state %d", sk, sk->sk_state);
189 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
191 BT_DBG("%p bytes %d", sk, bytes);
195 static int rfcomm_l2sock_create(struct socket **sock)
201 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
203 struct sock *sk = (*sock)->sk;
204 sk->sk_data_ready = rfcomm_l2data_ready;
205 sk->sk_state_change = rfcomm_l2state_change;
210 static int rfcomm_check_security(struct rfcomm_dlc *d)
212 struct sock *sk = d->session->sock->sk;
213 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
217 switch (d->sec_level) {
218 case BT_SECURITY_HIGH:
219 auth_type = HCI_AT_GENERAL_BONDING_MITM;
221 case BT_SECURITY_MEDIUM:
222 auth_type = HCI_AT_GENERAL_BONDING;
225 auth_type = HCI_AT_NO_BONDING;
229 return hci_conn_security(conn->hcon, d->sec_level, auth_type);
232 static void rfcomm_session_timeout(unsigned long arg)
234 struct rfcomm_session *s = (void *) arg;
236 BT_DBG("session %p state %ld", s, s->state);
238 set_bit(RFCOMM_TIMED_OUT, &s->flags);
242 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
244 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
246 mod_timer(&s->timer, jiffies + timeout);
249 static void rfcomm_session_clear_timer(struct rfcomm_session *s)
251 BT_DBG("session %p state %ld", s, s->state);
253 del_timer_sync(&s->timer);
256 /* ---- RFCOMM DLCs ---- */
257 static void rfcomm_dlc_timeout(unsigned long arg)
259 struct rfcomm_dlc *d = (void *) arg;
261 BT_DBG("dlc %p state %ld", d, d->state);
263 set_bit(RFCOMM_TIMED_OUT, &d->flags);
268 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
270 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
272 if (!mod_timer(&d->timer, jiffies + timeout))
276 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
278 BT_DBG("dlc %p state %ld", d, d->state);
280 if (del_timer(&d->timer))
284 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
291 d->sec_level = BT_SECURITY_LOW;
292 d->mtu = RFCOMM_DEFAULT_MTU;
293 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
295 d->cfc = RFCOMM_CFC_DISABLED;
296 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
299 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
301 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
306 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
308 skb_queue_head_init(&d->tx_queue);
309 spin_lock_init(&d->lock);
310 atomic_set(&d->refcnt, 1);
312 rfcomm_dlc_clear_state(d);
319 void rfcomm_dlc_free(struct rfcomm_dlc *d)
323 skb_queue_purge(&d->tx_queue);
327 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
329 BT_DBG("dlc %p session %p", d, s);
331 rfcomm_session_clear_timer(s);
333 list_add(&d->list, &s->dlcs);
337 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
339 struct rfcomm_session *s = d->session;
341 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
347 if (list_empty(&s->dlcs))
348 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
351 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
353 struct rfcomm_dlc *d;
355 list_for_each_entry(d, &s->dlcs, list)
362 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
364 struct rfcomm_session *s;
368 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d",
369 d, d->state, src, dst, channel);
371 if (channel < 1 || channel > 30)
374 if (d->state != BT_OPEN && d->state != BT_CLOSED)
377 s = rfcomm_session_get(src, dst);
379 s = rfcomm_session_create(src, dst, d->sec_level, &err);
384 dlci = __dlci(!s->initiator, channel);
386 /* Check if DLCI already exists */
387 if (rfcomm_dlc_get(s, dlci))
390 rfcomm_dlc_clear_state(d);
393 d->addr = __addr(s->initiator, dlci);
396 d->state = BT_CONFIG;
397 rfcomm_dlc_link(s, d);
402 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
404 if (s->state == BT_CONNECTED) {
405 if (rfcomm_check_security(d))
406 rfcomm_send_pn(s, 1, d);
408 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
411 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
416 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
422 r = __rfcomm_dlc_open(d, src, dst, channel);
428 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
430 struct rfcomm_session *s = d->session;
434 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
435 d, d->state, d->dlci, err, s);
440 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
441 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
448 d->state = BT_DISCONN;
449 if (skb_queue_empty(&d->tx_queue)) {
450 rfcomm_send_disc(s, d->dlci);
451 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
453 rfcomm_queue_disc(d);
454 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
460 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
461 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
468 rfcomm_dlc_clear_timer(d);
471 d->state = BT_CLOSED;
472 d->state_change(d, err);
473 rfcomm_dlc_unlock(d);
475 skb_queue_purge(&d->tx_queue);
476 rfcomm_dlc_unlink(d);
482 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
485 struct rfcomm_dlc *d_list;
486 struct rfcomm_session *s, *s_list;
488 BT_DBG("dlc %p state %ld dlci %d err %d", d, d->state, d->dlci, err);
496 /* after waiting on the mutex check the session still exists
497 * then check the dlc still exists
499 list_for_each_entry(s_list, &session_list, list) {
501 list_for_each_entry(d_list, &s->dlcs, list) {
503 r = __rfcomm_dlc_close(d, err);
516 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
520 if (d->state != BT_CONNECTED)
523 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
528 rfcomm_make_uih(skb, d->addr);
529 skb_queue_tail(&d->tx_queue, skb);
531 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
536 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
538 BT_DBG("dlc %p state %ld", d, d->state);
541 d->v24_sig |= RFCOMM_V24_FC;
542 set_bit(RFCOMM_MSC_PENDING, &d->flags);
547 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
549 BT_DBG("dlc %p state %ld", d, d->state);
552 d->v24_sig &= ~RFCOMM_V24_FC;
553 set_bit(RFCOMM_MSC_PENDING, &d->flags);
559 Set/get modem status functions use _local_ status i.e. what we report
561 Remote status is provided by dlc->modem_status() callback.
563 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
565 BT_DBG("dlc %p state %ld v24_sig 0x%x",
566 d, d->state, v24_sig);
568 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
569 v24_sig |= RFCOMM_V24_FC;
571 v24_sig &= ~RFCOMM_V24_FC;
573 d->v24_sig = v24_sig;
575 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
581 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
583 BT_DBG("dlc %p state %ld v24_sig 0x%x",
584 d, d->state, d->v24_sig);
586 *v24_sig = d->v24_sig;
590 /* ---- RFCOMM sessions ---- */
591 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
593 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
598 BT_DBG("session %p sock %p", s, sock);
600 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
602 INIT_LIST_HEAD(&s->dlcs);
606 s->mtu = RFCOMM_DEFAULT_MTU;
607 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
609 /* Do not increment module usage count for listening sessions.
610 * Otherwise we won't be able to unload the module. */
611 if (state != BT_LISTEN)
612 if (!try_module_get(THIS_MODULE)) {
617 list_add(&s->list, &session_list);
622 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s)
624 int state = s->state;
626 BT_DBG("session %p state %ld", s, s->state);
630 rfcomm_session_clear_timer(s);
631 sock_release(s->sock);
634 if (state != BT_LISTEN)
635 module_put(THIS_MODULE);
640 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
642 struct rfcomm_session *s;
643 struct list_head *p, *n;
644 struct l2cap_chan *chan;
645 list_for_each_safe(p, n, &session_list) {
646 s = list_entry(p, struct rfcomm_session, list);
647 chan = l2cap_pi(s->sock->sk)->chan;
649 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&chan->src, src)) &&
650 !bacmp(&chan->dst, dst))
656 static struct rfcomm_session *rfcomm_session_close(struct rfcomm_session *s,
659 struct rfcomm_dlc *d;
660 struct list_head *p, *n;
662 s->state = BT_CLOSED;
664 BT_DBG("session %p state %ld err %d", s, s->state, err);
667 list_for_each_safe(p, n, &s->dlcs) {
668 d = list_entry(p, struct rfcomm_dlc, list);
669 d->state = BT_CLOSED;
670 __rfcomm_dlc_close(d, err);
673 rfcomm_session_clear_timer(s);
674 return rfcomm_session_del(s);
677 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
682 struct rfcomm_session *s = NULL;
683 struct sockaddr_l2 addr;
687 BT_DBG("%pMR -> %pMR", src, dst);
689 *err = rfcomm_l2sock_create(&sock);
693 bacpy(&addr.l2_bdaddr, src);
694 addr.l2_family = AF_BLUETOOTH;
697 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
701 /* Set L2CAP options */
704 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
705 l2cap_pi(sk)->chan->sec_level = sec_level;
707 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
710 s = rfcomm_session_add(sock, BT_BOUND);
718 bacpy(&addr.l2_bdaddr, dst);
719 addr.l2_family = AF_BLUETOOTH;
720 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
722 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
723 if (*err == 0 || *err == -EINPROGRESS)
726 return rfcomm_session_del(s);
733 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
735 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
737 bacpy(src, &chan->src);
739 bacpy(dst, &chan->dst);
742 /* ---- RFCOMM frame sending ---- */
743 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
745 struct kvec iv = { data, len };
748 BT_DBG("session %p len %d", s, len);
750 memset(&msg, 0, sizeof(msg));
752 return kernel_sendmsg(s->sock, &msg, &iv, 1, len);
755 static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd)
757 BT_DBG("%p cmd %u", s, cmd->ctrl);
759 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd));
762 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
764 struct rfcomm_cmd cmd;
766 BT_DBG("%p dlci %d", s, dlci);
768 cmd.addr = __addr(s->initiator, dlci);
769 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
771 cmd.fcs = __fcs2((u8 *) &cmd);
773 return rfcomm_send_cmd(s, &cmd);
776 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
778 struct rfcomm_cmd cmd;
780 BT_DBG("%p dlci %d", s, dlci);
782 cmd.addr = __addr(!s->initiator, dlci);
783 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
785 cmd.fcs = __fcs2((u8 *) &cmd);
787 return rfcomm_send_cmd(s, &cmd);
790 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
792 struct rfcomm_cmd cmd;
794 BT_DBG("%p dlci %d", s, dlci);
796 cmd.addr = __addr(s->initiator, dlci);
797 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
799 cmd.fcs = __fcs2((u8 *) &cmd);
801 return rfcomm_send_cmd(s, &cmd);
804 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
806 struct rfcomm_cmd *cmd;
809 BT_DBG("dlc %p dlci %d", d, d->dlci);
811 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
815 cmd = (void *) __skb_put(skb, sizeof(*cmd));
817 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
818 cmd->len = __len8(0);
819 cmd->fcs = __fcs2((u8 *) cmd);
821 skb_queue_tail(&d->tx_queue, skb);
826 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
828 struct rfcomm_cmd cmd;
830 BT_DBG("%p dlci %d", s, dlci);
832 cmd.addr = __addr(!s->initiator, dlci);
833 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
835 cmd.fcs = __fcs2((u8 *) &cmd);
837 return rfcomm_send_cmd(s, &cmd);
840 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
842 struct rfcomm_hdr *hdr;
843 struct rfcomm_mcc *mcc;
844 u8 buf[16], *ptr = buf;
846 BT_DBG("%p cr %d type %d", s, cr, type);
848 hdr = (void *) ptr; ptr += sizeof(*hdr);
849 hdr->addr = __addr(s->initiator, 0);
850 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
851 hdr->len = __len8(sizeof(*mcc) + 1);
853 mcc = (void *) ptr; ptr += sizeof(*mcc);
854 mcc->type = __mcc_type(cr, RFCOMM_NSC);
855 mcc->len = __len8(1);
857 /* Type that we didn't like */
858 *ptr = __mcc_type(cr, type); ptr++;
860 *ptr = __fcs(buf); ptr++;
862 return rfcomm_send_frame(s, buf, ptr - buf);
865 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
867 struct rfcomm_hdr *hdr;
868 struct rfcomm_mcc *mcc;
869 struct rfcomm_pn *pn;
870 u8 buf[16], *ptr = buf;
872 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
874 hdr = (void *) ptr; ptr += sizeof(*hdr);
875 hdr->addr = __addr(s->initiator, 0);
876 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
877 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
879 mcc = (void *) ptr; ptr += sizeof(*mcc);
880 mcc->type = __mcc_type(cr, RFCOMM_PN);
881 mcc->len = __len8(sizeof(*pn));
883 pn = (void *) ptr; ptr += sizeof(*pn);
885 pn->priority = d->priority;
890 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
891 pn->credits = RFCOMM_DEFAULT_CREDITS;
897 if (cr && channel_mtu >= 0)
898 pn->mtu = cpu_to_le16(channel_mtu);
900 pn->mtu = cpu_to_le16(d->mtu);
902 *ptr = __fcs(buf); ptr++;
904 return rfcomm_send_frame(s, buf, ptr - buf);
907 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
908 u8 bit_rate, u8 data_bits, u8 stop_bits,
909 u8 parity, u8 flow_ctrl_settings,
910 u8 xon_char, u8 xoff_char, u16 param_mask)
912 struct rfcomm_hdr *hdr;
913 struct rfcomm_mcc *mcc;
914 struct rfcomm_rpn *rpn;
915 u8 buf[16], *ptr = buf;
917 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
918 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
919 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
920 flow_ctrl_settings, xon_char, xoff_char, param_mask);
922 hdr = (void *) ptr; ptr += sizeof(*hdr);
923 hdr->addr = __addr(s->initiator, 0);
924 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
925 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
927 mcc = (void *) ptr; ptr += sizeof(*mcc);
928 mcc->type = __mcc_type(cr, RFCOMM_RPN);
929 mcc->len = __len8(sizeof(*rpn));
931 rpn = (void *) ptr; ptr += sizeof(*rpn);
932 rpn->dlci = __addr(1, dlci);
933 rpn->bit_rate = bit_rate;
934 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
935 rpn->flow_ctrl = flow_ctrl_settings;
936 rpn->xon_char = xon_char;
937 rpn->xoff_char = xoff_char;
938 rpn->param_mask = cpu_to_le16(param_mask);
940 *ptr = __fcs(buf); ptr++;
942 return rfcomm_send_frame(s, buf, ptr - buf);
945 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
947 struct rfcomm_hdr *hdr;
948 struct rfcomm_mcc *mcc;
949 struct rfcomm_rls *rls;
950 u8 buf[16], *ptr = buf;
952 BT_DBG("%p cr %d status 0x%x", s, cr, status);
954 hdr = (void *) ptr; ptr += sizeof(*hdr);
955 hdr->addr = __addr(s->initiator, 0);
956 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
957 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
959 mcc = (void *) ptr; ptr += sizeof(*mcc);
960 mcc->type = __mcc_type(cr, RFCOMM_RLS);
961 mcc->len = __len8(sizeof(*rls));
963 rls = (void *) ptr; ptr += sizeof(*rls);
964 rls->dlci = __addr(1, dlci);
965 rls->status = status;
967 *ptr = __fcs(buf); ptr++;
969 return rfcomm_send_frame(s, buf, ptr - buf);
972 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
974 struct rfcomm_hdr *hdr;
975 struct rfcomm_mcc *mcc;
976 struct rfcomm_msc *msc;
977 u8 buf[16], *ptr = buf;
979 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
981 hdr = (void *) ptr; ptr += sizeof(*hdr);
982 hdr->addr = __addr(s->initiator, 0);
983 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
984 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
986 mcc = (void *) ptr; ptr += sizeof(*mcc);
987 mcc->type = __mcc_type(cr, RFCOMM_MSC);
988 mcc->len = __len8(sizeof(*msc));
990 msc = (void *) ptr; ptr += sizeof(*msc);
991 msc->dlci = __addr(1, dlci);
992 msc->v24_sig = v24_sig | 0x01;
994 *ptr = __fcs(buf); ptr++;
996 return rfcomm_send_frame(s, buf, ptr - buf);
999 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
1001 struct rfcomm_hdr *hdr;
1002 struct rfcomm_mcc *mcc;
1003 u8 buf[16], *ptr = buf;
1005 BT_DBG("%p cr %d", s, cr);
1007 hdr = (void *) ptr; ptr += sizeof(*hdr);
1008 hdr->addr = __addr(s->initiator, 0);
1009 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1010 hdr->len = __len8(sizeof(*mcc));
1012 mcc = (void *) ptr; ptr += sizeof(*mcc);
1013 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1014 mcc->len = __len8(0);
1016 *ptr = __fcs(buf); ptr++;
1018 return rfcomm_send_frame(s, buf, ptr - buf);
1021 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1023 struct rfcomm_hdr *hdr;
1024 struct rfcomm_mcc *mcc;
1025 u8 buf[16], *ptr = buf;
1027 BT_DBG("%p cr %d", s, cr);
1029 hdr = (void *) ptr; ptr += sizeof(*hdr);
1030 hdr->addr = __addr(s->initiator, 0);
1031 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1032 hdr->len = __len8(sizeof(*mcc));
1034 mcc = (void *) ptr; ptr += sizeof(*mcc);
1035 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1036 mcc->len = __len8(0);
1038 *ptr = __fcs(buf); ptr++;
1040 return rfcomm_send_frame(s, buf, ptr - buf);
1043 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1045 struct socket *sock = s->sock;
1048 unsigned char hdr[5], crc[1];
1053 BT_DBG("%p cr %d", s, cr);
1055 hdr[0] = __addr(s->initiator, 0);
1056 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1057 hdr[2] = 0x01 | ((len + 2) << 1);
1058 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1059 hdr[4] = 0x01 | (len << 1);
1061 crc[0] = __fcs(hdr);
1063 iv[0].iov_base = hdr;
1065 iv[1].iov_base = pattern;
1066 iv[1].iov_len = len;
1067 iv[2].iov_base = crc;
1070 memset(&msg, 0, sizeof(msg));
1072 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1075 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1077 struct rfcomm_hdr *hdr;
1078 u8 buf[16], *ptr = buf;
1080 BT_DBG("%p addr %d credits %d", s, addr, credits);
1082 hdr = (void *) ptr; ptr += sizeof(*hdr);
1084 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1085 hdr->len = __len8(0);
1087 *ptr = credits; ptr++;
1089 *ptr = __fcs(buf); ptr++;
1091 return rfcomm_send_frame(s, buf, ptr - buf);
1094 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1096 struct rfcomm_hdr *hdr;
1101 hdr = (void *) skb_push(skb, 4);
1102 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1104 hdr = (void *) skb_push(skb, 3);
1105 hdr->len = __len8(len);
1108 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1110 crc = skb_put(skb, 1);
1111 *crc = __fcs((void *) hdr);
1114 /* ---- RFCOMM frame reception ---- */
1115 static struct rfcomm_session *rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1117 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1121 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1123 rfcomm_send_dm(s, dlci);
1129 rfcomm_dlc_clear_timer(d);
1132 d->state = BT_CONNECTED;
1133 d->state_change(d, 0);
1134 rfcomm_dlc_unlock(d);
1136 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1140 d->state = BT_CLOSED;
1141 __rfcomm_dlc_close(d, 0);
1143 if (list_empty(&s->dlcs)) {
1144 s->state = BT_DISCONN;
1145 rfcomm_send_disc(s, 0);
1146 rfcomm_session_clear_timer(s);
1152 /* Control channel */
1155 s->state = BT_CONNECTED;
1156 rfcomm_process_connect(s);
1160 s = rfcomm_session_close(s, ECONNRESET);
1167 static struct rfcomm_session *rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1171 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1175 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1177 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1182 d->state = BT_CLOSED;
1183 __rfcomm_dlc_close(d, err);
1186 if (s->state == BT_CONNECT)
1191 s = rfcomm_session_close(s, err);
1196 static struct rfcomm_session *rfcomm_recv_disc(struct rfcomm_session *s,
1201 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1204 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1206 rfcomm_send_ua(s, dlci);
1208 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1213 d->state = BT_CLOSED;
1214 __rfcomm_dlc_close(d, err);
1216 rfcomm_send_dm(s, dlci);
1219 rfcomm_send_ua(s, 0);
1221 if (s->state == BT_CONNECT)
1226 s = rfcomm_session_close(s, err);
1231 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1233 struct sock *sk = d->session->sock->sk;
1234 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1236 BT_DBG("dlc %p", d);
1238 rfcomm_send_ua(d->session, d->dlci);
1240 rfcomm_dlc_clear_timer(d);
1243 d->state = BT_CONNECTED;
1244 d->state_change(d, 0);
1245 rfcomm_dlc_unlock(d);
1248 hci_conn_switch_role(conn->hcon, 0x00);
1250 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1253 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1255 if (rfcomm_check_security(d)) {
1256 if (d->defer_setup) {
1257 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1258 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1261 d->state = BT_CONNECT2;
1262 d->state_change(d, 0);
1263 rfcomm_dlc_unlock(d);
1265 rfcomm_dlc_accept(d);
1267 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1268 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1272 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1274 struct rfcomm_dlc *d;
1277 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1280 rfcomm_send_ua(s, 0);
1282 if (s->state == BT_OPEN) {
1283 s->state = BT_CONNECTED;
1284 rfcomm_process_connect(s);
1289 /* Check if DLC exists */
1290 d = rfcomm_dlc_get(s, dlci);
1292 if (d->state == BT_OPEN) {
1293 /* DLC was previously opened by PN request */
1294 rfcomm_check_accept(d);
1299 /* Notify socket layer about incoming connection */
1300 channel = __srv_channel(dlci);
1301 if (rfcomm_connect_ind(s, channel, &d)) {
1303 d->addr = __addr(s->initiator, dlci);
1304 rfcomm_dlc_link(s, d);
1306 rfcomm_check_accept(d);
1308 rfcomm_send_dm(s, dlci);
1314 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1316 struct rfcomm_session *s = d->session;
1318 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1319 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1321 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1322 pn->flow_ctrl == 0xe0) {
1323 d->cfc = RFCOMM_CFC_ENABLED;
1324 d->tx_credits = pn->credits;
1326 d->cfc = RFCOMM_CFC_DISABLED;
1327 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1330 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1333 d->priority = pn->priority;
1335 d->mtu = __le16_to_cpu(pn->mtu);
1337 if (cr && d->mtu > s->mtu)
1343 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1345 struct rfcomm_pn *pn = (void *) skb->data;
1346 struct rfcomm_dlc *d;
1349 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1354 d = rfcomm_dlc_get(s, dlci);
1358 rfcomm_apply_pn(d, cr, pn);
1359 rfcomm_send_pn(s, 0, d);
1364 rfcomm_apply_pn(d, cr, pn);
1366 d->state = BT_CONNECT;
1367 rfcomm_send_sabm(s, d->dlci);
1372 u8 channel = __srv_channel(dlci);
1377 /* PN request for non existing DLC.
1378 * Assume incoming connection. */
1379 if (rfcomm_connect_ind(s, channel, &d)) {
1381 d->addr = __addr(s->initiator, dlci);
1382 rfcomm_dlc_link(s, d);
1384 rfcomm_apply_pn(d, cr, pn);
1387 rfcomm_send_pn(s, 0, d);
1389 rfcomm_send_dm(s, dlci);
1395 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1397 struct rfcomm_rpn *rpn = (void *) skb->data;
1398 u8 dlci = __get_dlci(rpn->dlci);
1407 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1409 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1410 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1411 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1417 /* This is a request, return default (according to ETSI TS 07.10) settings */
1418 bit_rate = RFCOMM_RPN_BR_9600;
1419 data_bits = RFCOMM_RPN_DATA_8;
1420 stop_bits = RFCOMM_RPN_STOP_1;
1421 parity = RFCOMM_RPN_PARITY_NONE;
1422 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1423 xon_char = RFCOMM_RPN_XON_CHAR;
1424 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1428 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1429 * no parity, no flow control lines, normal XON/XOFF chars */
1431 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1432 bit_rate = rpn->bit_rate;
1433 if (bit_rate > RFCOMM_RPN_BR_230400) {
1434 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1435 bit_rate = RFCOMM_RPN_BR_9600;
1436 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1440 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1441 data_bits = __get_rpn_data_bits(rpn->line_settings);
1442 if (data_bits != RFCOMM_RPN_DATA_8) {
1443 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1444 data_bits = RFCOMM_RPN_DATA_8;
1445 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1449 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1450 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1451 if (stop_bits != RFCOMM_RPN_STOP_1) {
1452 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1453 stop_bits = RFCOMM_RPN_STOP_1;
1454 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1458 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1459 parity = __get_rpn_parity(rpn->line_settings);
1460 if (parity != RFCOMM_RPN_PARITY_NONE) {
1461 BT_DBG("RPN parity mismatch 0x%x", parity);
1462 parity = RFCOMM_RPN_PARITY_NONE;
1463 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1467 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1468 flow_ctrl = rpn->flow_ctrl;
1469 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1470 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1471 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1472 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1476 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1477 xon_char = rpn->xon_char;
1478 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1479 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1480 xon_char = RFCOMM_RPN_XON_CHAR;
1481 rpn_mask ^= RFCOMM_RPN_PM_XON;
1485 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1486 xoff_char = rpn->xoff_char;
1487 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1488 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1489 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1490 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1495 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1496 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1501 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1503 struct rfcomm_rls *rls = (void *) skb->data;
1504 u8 dlci = __get_dlci(rls->dlci);
1506 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1511 /* We should probably do something with this information here. But
1512 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1513 * mandatory to recognise and respond to RLS */
1515 rfcomm_send_rls(s, 0, dlci, rls->status);
1520 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1522 struct rfcomm_msc *msc = (void *) skb->data;
1523 struct rfcomm_dlc *d;
1524 u8 dlci = __get_dlci(msc->dlci);
1526 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1528 d = rfcomm_dlc_get(s, dlci);
1533 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1534 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1536 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1540 d->remote_v24_sig = msc->v24_sig;
1542 if (d->modem_status)
1543 d->modem_status(d, msc->v24_sig);
1545 rfcomm_dlc_unlock(d);
1547 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1549 d->mscex |= RFCOMM_MSCEX_RX;
1551 d->mscex |= RFCOMM_MSCEX_TX;
1556 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1558 struct rfcomm_mcc *mcc = (void *) skb->data;
1561 cr = __test_cr(mcc->type);
1562 type = __get_mcc_type(mcc->type);
1563 len = __get_mcc_len(mcc->len);
1565 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1571 rfcomm_recv_pn(s, cr, skb);
1575 rfcomm_recv_rpn(s, cr, len, skb);
1579 rfcomm_recv_rls(s, cr, skb);
1583 rfcomm_recv_msc(s, cr, skb);
1588 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1589 rfcomm_send_fcoff(s, 0);
1595 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1596 rfcomm_send_fcon(s, 0);
1602 rfcomm_send_test(s, 0, skb->data, skb->len);
1609 BT_ERR("Unknown control type 0x%02x", type);
1610 rfcomm_send_nsc(s, cr, type);
1616 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1618 struct rfcomm_dlc *d;
1620 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1622 d = rfcomm_dlc_get(s, dlci);
1624 rfcomm_send_dm(s, dlci);
1629 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1631 d->tx_credits += credits;
1633 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1636 if (skb->len && d->state == BT_CONNECTED) {
1639 d->data_ready(d, skb);
1640 rfcomm_dlc_unlock(d);
1649 static struct rfcomm_session *rfcomm_recv_frame(struct rfcomm_session *s,
1650 struct sk_buff *skb)
1652 struct rfcomm_hdr *hdr = (void *) skb->data;
1656 /* no session, so free socket data */
1661 dlci = __get_dlci(hdr->addr);
1662 type = __get_type(hdr->ctrl);
1665 skb->len--; skb->tail--;
1666 fcs = *(u8 *)skb_tail_pointer(skb);
1668 if (__check_fcs(skb->data, type, fcs)) {
1669 BT_ERR("bad checksum in packet");
1674 if (__test_ea(hdr->len))
1681 if (__test_pf(hdr->ctrl))
1682 rfcomm_recv_sabm(s, dlci);
1686 if (__test_pf(hdr->ctrl))
1687 s = rfcomm_recv_disc(s, dlci);
1691 if (__test_pf(hdr->ctrl))
1692 s = rfcomm_recv_ua(s, dlci);
1696 s = rfcomm_recv_dm(s, dlci);
1701 rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1704 rfcomm_recv_mcc(s, skb);
1708 BT_ERR("Unknown packet type 0x%02x", type);
1715 /* ---- Connection and data processing ---- */
1717 static void rfcomm_process_connect(struct rfcomm_session *s)
1719 struct rfcomm_dlc *d;
1720 struct list_head *p, *n;
1722 BT_DBG("session %p state %ld", s, s->state);
1724 list_for_each_safe(p, n, &s->dlcs) {
1725 d = list_entry(p, struct rfcomm_dlc, list);
1726 if (d->state == BT_CONFIG) {
1728 if (rfcomm_check_security(d)) {
1729 rfcomm_send_pn(s, 1, d);
1731 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1732 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1738 /* Send data queued for the DLC.
1739 * Return number of frames left in the queue.
1741 static int rfcomm_process_tx(struct rfcomm_dlc *d)
1743 struct sk_buff *skb;
1746 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1747 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1749 /* Send pending MSC */
1750 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1751 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1755 * Give them some credits */
1756 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1757 d->rx_credits <= (d->cfc >> 2)) {
1758 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1759 d->rx_credits = d->cfc;
1763 * Give ourselves some credits */
1767 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1768 return skb_queue_len(&d->tx_queue);
1770 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1771 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1773 skb_queue_head(&d->tx_queue, skb);
1780 if (d->cfc && !d->tx_credits) {
1781 /* We're out of TX credits.
1782 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1783 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1786 return skb_queue_len(&d->tx_queue);
1789 static void rfcomm_process_dlcs(struct rfcomm_session *s)
1791 struct rfcomm_dlc *d;
1792 struct list_head *p, *n;
1794 BT_DBG("session %p state %ld", s, s->state);
1796 list_for_each_safe(p, n, &s->dlcs) {
1797 d = list_entry(p, struct rfcomm_dlc, list);
1799 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1800 __rfcomm_dlc_close(d, ETIMEDOUT);
1804 if (test_bit(RFCOMM_ENC_DROP, &d->flags)) {
1805 __rfcomm_dlc_close(d, ECONNREFUSED);
1809 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1810 rfcomm_dlc_clear_timer(d);
1812 rfcomm_send_pn(s, 1, d);
1813 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1815 if (d->defer_setup) {
1816 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1817 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1820 d->state = BT_CONNECT2;
1821 d->state_change(d, 0);
1822 rfcomm_dlc_unlock(d);
1824 rfcomm_dlc_accept(d);
1827 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1828 rfcomm_dlc_clear_timer(d);
1830 rfcomm_send_dm(s, d->dlci);
1832 d->state = BT_CLOSED;
1833 __rfcomm_dlc_close(d, ECONNREFUSED);
1837 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1840 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1843 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1844 d->mscex == RFCOMM_MSCEX_OK)
1845 rfcomm_process_tx(d);
1849 static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s)
1851 struct socket *sock = s->sock;
1852 struct sock *sk = sock->sk;
1853 struct sk_buff *skb;
1855 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1857 /* Get data directly from socket receive queue without copying it. */
1858 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1860 if (!skb_linearize(skb))
1861 s = rfcomm_recv_frame(s, skb);
1866 if (s && (sk->sk_state == BT_CLOSED))
1867 s = rfcomm_session_close(s, sk->sk_err);
1872 static void rfcomm_accept_connection(struct rfcomm_session *s)
1874 struct socket *sock = s->sock, *nsock;
1877 /* Fast check for a new connection.
1878 * Avoids unnesesary socket allocations. */
1879 if (list_empty(&bt_sk(sock->sk)->accept_q))
1882 BT_DBG("session %p", s);
1884 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1888 /* Set our callbacks */
1889 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1890 nsock->sk->sk_state_change = rfcomm_l2state_change;
1892 s = rfcomm_session_add(nsock, BT_OPEN);
1894 /* We should adjust MTU on incoming sessions.
1895 * L2CAP MTU minus UIH header and FCS. */
1896 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1897 l2cap_pi(nsock->sk)->chan->imtu) - 5;
1901 sock_release(nsock);
1904 static struct rfcomm_session *rfcomm_check_connection(struct rfcomm_session *s)
1906 struct sock *sk = s->sock->sk;
1908 BT_DBG("%p state %ld", s, s->state);
1910 switch (sk->sk_state) {
1912 s->state = BT_CONNECT;
1914 /* We can adjust MTU on outgoing sessions.
1915 * L2CAP MTU minus UIH header and FCS. */
1916 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
1918 rfcomm_send_sabm(s, 0);
1922 s = rfcomm_session_close(s, sk->sk_err);
1928 static void rfcomm_process_sessions(void)
1930 struct list_head *p, *n;
1934 list_for_each_safe(p, n, &session_list) {
1935 struct rfcomm_session *s;
1936 s = list_entry(p, struct rfcomm_session, list);
1938 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1939 s->state = BT_DISCONN;
1940 rfcomm_send_disc(s, 0);
1944 if (s->state == BT_LISTEN) {
1945 rfcomm_accept_connection(s);
1951 s = rfcomm_check_connection(s);
1955 s = rfcomm_process_rx(s);
1960 rfcomm_process_dlcs(s);
1966 static int rfcomm_add_listener(bdaddr_t *ba)
1968 struct sockaddr_l2 addr;
1969 struct socket *sock;
1971 struct rfcomm_session *s;
1975 err = rfcomm_l2sock_create(&sock);
1977 BT_ERR("Create socket failed %d", err);
1982 bacpy(&addr.l2_bdaddr, ba);
1983 addr.l2_family = AF_BLUETOOTH;
1984 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
1986 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1988 BT_ERR("Bind failed %d", err);
1992 /* Set L2CAP options */
1995 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
1998 /* Start listening on the socket */
1999 err = kernel_listen(sock, 10);
2001 BT_ERR("Listen failed %d", err);
2005 /* Add listening session */
2006 s = rfcomm_session_add(sock, BT_LISTEN);
2018 static void rfcomm_kill_listener(void)
2020 struct rfcomm_session *s;
2021 struct list_head *p, *n;
2025 list_for_each_safe(p, n, &session_list) {
2026 s = list_entry(p, struct rfcomm_session, list);
2027 rfcomm_session_del(s);
2031 static int rfcomm_run(void *unused)
2035 set_user_nice(current, -10);
2037 rfcomm_add_listener(BDADDR_ANY);
2040 set_current_state(TASK_INTERRUPTIBLE);
2042 if (kthread_should_stop())
2046 rfcomm_process_sessions();
2050 __set_current_state(TASK_RUNNING);
2052 rfcomm_kill_listener();
2057 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2059 struct rfcomm_session *s;
2060 struct rfcomm_dlc *d;
2061 struct list_head *p, *n;
2063 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2065 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2069 list_for_each_safe(p, n, &s->dlcs) {
2070 d = list_entry(p, struct rfcomm_dlc, list);
2072 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2073 rfcomm_dlc_clear_timer(d);
2074 if (status || encrypt == 0x00) {
2075 set_bit(RFCOMM_ENC_DROP, &d->flags);
2080 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2081 if (d->sec_level == BT_SECURITY_MEDIUM) {
2082 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2083 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2085 } else if (d->sec_level == BT_SECURITY_HIGH) {
2086 set_bit(RFCOMM_ENC_DROP, &d->flags);
2091 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2094 if (!status && hci_conn_check_secure(conn, d->sec_level))
2095 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2097 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2103 static struct hci_cb rfcomm_cb = {
2105 .security_cfm = rfcomm_security_cfm
2108 static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2110 struct rfcomm_session *s;
2114 list_for_each_entry(s, &session_list, list) {
2115 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
2116 struct rfcomm_dlc *d;
2117 list_for_each_entry(d, &s->dlcs, list) {
2118 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n",
2119 &chan->src, &chan->dst,
2120 d->state, d->dlci, d->mtu,
2121 d->rx_credits, d->tx_credits);
2130 static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file)
2132 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private);
2135 static const struct file_operations rfcomm_dlc_debugfs_fops = {
2136 .open = rfcomm_dlc_debugfs_open,
2138 .llseek = seq_lseek,
2139 .release = single_release,
2142 static struct dentry *rfcomm_dlc_debugfs;
2144 /* ---- Initialization ---- */
2145 static int __init rfcomm_init(void)
2149 hci_register_cb(&rfcomm_cb);
2151 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2152 if (IS_ERR(rfcomm_thread)) {
2153 err = PTR_ERR(rfcomm_thread);
2158 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2159 bt_debugfs, NULL, &rfcomm_dlc_debugfs_fops);
2160 if (!rfcomm_dlc_debugfs)
2161 BT_ERR("Failed to create RFCOMM debug file");
2164 err = rfcomm_init_ttys();
2168 err = rfcomm_init_sockets();
2172 BT_INFO("RFCOMM ver %s", VERSION);
2177 rfcomm_cleanup_ttys();
2180 kthread_stop(rfcomm_thread);
2183 hci_unregister_cb(&rfcomm_cb);
2188 static void __exit rfcomm_exit(void)
2190 debugfs_remove(rfcomm_dlc_debugfs);
2192 hci_unregister_cb(&rfcomm_cb);
2194 kthread_stop(rfcomm_thread);
2196 rfcomm_cleanup_ttys();
2198 rfcomm_cleanup_sockets();
2201 module_init(rfcomm_init);
2202 module_exit(rfcomm_exit);
2204 module_param(disable_cfc, bool, 0644);
2205 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2207 module_param(channel_mtu, int, 0644);
2208 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2210 module_param(l2cap_mtu, uint, 0644);
2211 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2213 module_param(l2cap_ertm, bool, 0644);
2214 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2216 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2217 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2218 MODULE_VERSION(VERSION);
2219 MODULE_LICENSE("GPL");
2220 MODULE_ALIAS("bt-proto-3");
projects / cascardo / linux.git / blob