2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
28 #include <linux/module.h>
29 #include <linux/debugfs.h>
30 #include <linux/kthread.h>
31 #include <asm/unaligned.h>
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35 #include <net/bluetooth/l2cap.h>
36 #include <net/bluetooth/rfcomm.h>
38 #define VERSION "1.11"
40 static bool disable_cfc;
41 static bool l2cap_ertm;
42 static int channel_mtu = -1;
43 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
45 static struct task_struct *rfcomm_thread;
47 static DEFINE_MUTEX(rfcomm_mutex);
48 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
49 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
52 static LIST_HEAD(session_list);
54 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
55 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
56 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
57 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
58 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
59 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
60 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
61 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
62 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
63 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
65 static void rfcomm_process_connect(struct rfcomm_session *s);
67 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
71 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
72 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s);
74 /* ---- RFCOMM frame parsing macros ---- */
75 #define __get_dlci(b) ((b & 0xfc) >> 2)
76 #define __get_channel(b) ((b & 0xf8) >> 3)
77 #define __get_dir(b) ((b & 0x04) >> 2)
78 #define __get_type(b) ((b & 0xef))
80 #define __test_ea(b) ((b & 0x01))
81 #define __test_cr(b) ((b & 0x02))
82 #define __test_pf(b) ((b & 0x10))
84 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
85 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
86 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
87 #define __srv_channel(dlci) (dlci >> 1)
88 #define __dir(dlci) (dlci & 0x01)
90 #define __len8(len) (((len) << 1) | 1)
91 #define __len16(len) ((len) << 1)
94 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
95 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
96 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
99 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
100 #define __get_rpn_data_bits(line) ((line) & 0x3)
101 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
102 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
104 static void rfcomm_schedule(void)
108 wake_up_process(rfcomm_thread);
111 /* ---- RFCOMM FCS computation ---- */
113 /* reversed, 8-bit, poly=0x07 */
114 static unsigned char rfcomm_crc_table[256] = {
115 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
116 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
117 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
118 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
120 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
121 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
122 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
123 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
125 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
126 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
127 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
128 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
130 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
131 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
132 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
133 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
135 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
136 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
137 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
138 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
140 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
141 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
142 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
143 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
145 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
146 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
147 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
148 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
150 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
151 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
152 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
153 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
157 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
160 static inline u8 __fcs(u8 *data)
162 return 0xff - __crc(data);
166 static inline u8 __fcs2(u8 *data)
168 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
172 static inline int __check_fcs(u8 *data, int type, u8 fcs)
176 if (type != RFCOMM_UIH)
177 f = rfcomm_crc_table[f ^ data[2]];
179 return rfcomm_crc_table[f ^ fcs] != 0xcf;
182 /* ---- L2CAP callbacks ---- */
183 static void rfcomm_l2state_change(struct sock *sk)
185 BT_DBG("%p state %d", sk, sk->sk_state);
189 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
191 BT_DBG("%p bytes %d", sk, bytes);
195 static int rfcomm_l2sock_create(struct socket **sock)
201 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
203 struct sock *sk = (*sock)->sk;
204 sk->sk_data_ready = rfcomm_l2data_ready;
205 sk->sk_state_change = rfcomm_l2state_change;
210 static int rfcomm_check_security(struct rfcomm_dlc *d)
212 struct sock *sk = d->session->sock->sk;
213 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
217 switch (d->sec_level) {
218 case BT_SECURITY_HIGH:
219 auth_type = HCI_AT_GENERAL_BONDING_MITM;
221 case BT_SECURITY_MEDIUM:
222 auth_type = HCI_AT_GENERAL_BONDING;
225 auth_type = HCI_AT_NO_BONDING;
229 return hci_conn_security(conn->hcon, d->sec_level, auth_type);
232 static void rfcomm_session_timeout(unsigned long arg)
234 struct rfcomm_session *s = (void *) arg;
236 BT_DBG("session %p state %ld", s, s->state);
238 set_bit(RFCOMM_TIMED_OUT, &s->flags);
242 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
244 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
246 mod_timer(&s->timer, jiffies + timeout);
249 static void rfcomm_session_clear_timer(struct rfcomm_session *s)
251 BT_DBG("session %p state %ld", s, s->state);
253 del_timer_sync(&s->timer);
256 /* ---- RFCOMM DLCs ---- */
257 static void rfcomm_dlc_timeout(unsigned long arg)
259 struct rfcomm_dlc *d = (void *) arg;
261 BT_DBG("dlc %p state %ld", d, d->state);
263 set_bit(RFCOMM_TIMED_OUT, &d->flags);
268 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
270 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
272 if (!mod_timer(&d->timer, jiffies + timeout))
276 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
278 BT_DBG("dlc %p state %ld", d, d->state);
280 if (del_timer(&d->timer))
284 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
291 d->sec_level = BT_SECURITY_LOW;
292 d->mtu = RFCOMM_DEFAULT_MTU;
293 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
295 d->cfc = RFCOMM_CFC_DISABLED;
296 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
299 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
301 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
306 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
308 skb_queue_head_init(&d->tx_queue);
309 spin_lock_init(&d->lock);
310 atomic_set(&d->refcnt, 1);
312 rfcomm_dlc_clear_state(d);
319 void rfcomm_dlc_free(struct rfcomm_dlc *d)
323 skb_queue_purge(&d->tx_queue);
327 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
329 BT_DBG("dlc %p session %p", d, s);
331 rfcomm_session_clear_timer(s);
333 list_add(&d->list, &s->dlcs);
337 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
339 struct rfcomm_session *s = d->session;
341 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
347 if (list_empty(&s->dlcs))
348 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
351 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
353 struct rfcomm_dlc *d;
355 list_for_each_entry(d, &s->dlcs, list)
362 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
364 struct rfcomm_session *s;
368 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d",
369 d, d->state, src, dst, channel);
371 if (channel < 1 || channel > 30)
374 if (d->state != BT_OPEN && d->state != BT_CLOSED)
377 s = rfcomm_session_get(src, dst);
379 s = rfcomm_session_create(src, dst, d->sec_level, &err);
384 dlci = __dlci(!s->initiator, channel);
386 /* Check if DLCI already exists */
387 if (rfcomm_dlc_get(s, dlci))
390 rfcomm_dlc_clear_state(d);
393 d->addr = __addr(s->initiator, dlci);
396 d->state = BT_CONFIG;
397 rfcomm_dlc_link(s, d);
402 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
404 if (s->state == BT_CONNECTED) {
405 if (rfcomm_check_security(d))
406 rfcomm_send_pn(s, 1, d);
408 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
411 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
416 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
422 r = __rfcomm_dlc_open(d, src, dst, channel);
428 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
430 struct rfcomm_session *s = d->session;
434 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
435 d, d->state, d->dlci, err, s);
439 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
440 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
447 d->state = BT_DISCONN;
448 if (skb_queue_empty(&d->tx_queue)) {
449 rfcomm_send_disc(s, d->dlci);
450 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
452 rfcomm_queue_disc(d);
453 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
459 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
460 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
467 rfcomm_dlc_clear_timer(d);
470 d->state = BT_CLOSED;
471 d->state_change(d, err);
472 rfcomm_dlc_unlock(d);
474 skb_queue_purge(&d->tx_queue);
475 rfcomm_dlc_unlink(d);
481 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
484 struct rfcomm_dlc *d_list;
485 struct rfcomm_session *s, *s_list;
487 BT_DBG("dlc %p state %ld dlci %d err %d", d, d->state, d->dlci, err);
495 /* after waiting on the mutex check the session still exists
496 * then check the dlc still exists
498 list_for_each_entry(s_list, &session_list, list) {
500 list_for_each_entry(d_list, &s->dlcs, list) {
502 r = __rfcomm_dlc_close(d, err);
515 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
519 if (d->state != BT_CONNECTED)
522 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
527 rfcomm_make_uih(skb, d->addr);
528 skb_queue_tail(&d->tx_queue, skb);
530 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
535 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
537 BT_DBG("dlc %p state %ld", d, d->state);
540 d->v24_sig |= RFCOMM_V24_FC;
541 set_bit(RFCOMM_MSC_PENDING, &d->flags);
546 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
548 BT_DBG("dlc %p state %ld", d, d->state);
551 d->v24_sig &= ~RFCOMM_V24_FC;
552 set_bit(RFCOMM_MSC_PENDING, &d->flags);
558 Set/get modem status functions use _local_ status i.e. what we report
560 Remote status is provided by dlc->modem_status() callback.
562 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
564 BT_DBG("dlc %p state %ld v24_sig 0x%x",
565 d, d->state, v24_sig);
567 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
568 v24_sig |= RFCOMM_V24_FC;
570 v24_sig &= ~RFCOMM_V24_FC;
572 d->v24_sig = v24_sig;
574 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
580 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
582 BT_DBG("dlc %p state %ld v24_sig 0x%x",
583 d, d->state, d->v24_sig);
585 *v24_sig = d->v24_sig;
589 /* ---- RFCOMM sessions ---- */
590 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
592 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
597 BT_DBG("session %p sock %p", s, sock);
599 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
601 INIT_LIST_HEAD(&s->dlcs);
605 s->mtu = RFCOMM_DEFAULT_MTU;
606 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
608 /* Do not increment module usage count for listening sessions.
609 * Otherwise we won't be able to unload the module. */
610 if (state != BT_LISTEN)
611 if (!try_module_get(THIS_MODULE)) {
616 list_add(&s->list, &session_list);
621 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s)
623 int state = s->state;
625 BT_DBG("session %p state %ld", s, s->state);
629 rfcomm_session_clear_timer(s);
630 sock_release(s->sock);
633 if (state != BT_LISTEN)
634 module_put(THIS_MODULE);
639 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
641 struct rfcomm_session *s;
642 struct list_head *p, *n;
644 list_for_each_safe(p, n, &session_list) {
645 s = list_entry(p, struct rfcomm_session, list);
646 sk = bt_sk(s->sock->sk);
648 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
649 !bacmp(&sk->dst, dst))
655 static struct rfcomm_session *rfcomm_session_close(struct rfcomm_session *s,
658 struct rfcomm_dlc *d;
659 struct list_head *p, *n;
661 s->state = BT_CLOSED;
663 BT_DBG("session %p state %ld err %d", s, s->state, err);
666 list_for_each_safe(p, n, &s->dlcs) {
667 d = list_entry(p, struct rfcomm_dlc, list);
668 d->state = BT_CLOSED;
669 __rfcomm_dlc_close(d, err);
672 rfcomm_session_clear_timer(s);
673 return rfcomm_session_del(s);
676 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
681 struct rfcomm_session *s = NULL;
682 struct sockaddr_l2 addr;
686 BT_DBG("%pMR -> %pMR", src, dst);
688 *err = rfcomm_l2sock_create(&sock);
692 bacpy(&addr.l2_bdaddr, src);
693 addr.l2_family = AF_BLUETOOTH;
696 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
700 /* Set L2CAP options */
703 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
704 l2cap_pi(sk)->chan->sec_level = sec_level;
706 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
709 s = rfcomm_session_add(sock, BT_BOUND);
717 bacpy(&addr.l2_bdaddr, dst);
718 addr.l2_family = AF_BLUETOOTH;
719 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
721 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
722 if (*err == 0 || *err == -EINPROGRESS)
725 return rfcomm_session_del(s);
732 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
734 struct sock *sk = s->sock->sk;
736 bacpy(src, &bt_sk(sk)->src);
738 bacpy(dst, &bt_sk(sk)->dst);
741 /* ---- RFCOMM frame sending ---- */
742 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
744 struct kvec iv = { data, len };
747 BT_DBG("session %p len %d", s, len);
749 memset(&msg, 0, sizeof(msg));
751 return kernel_sendmsg(s->sock, &msg, &iv, 1, len);
754 static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd)
756 BT_DBG("%p cmd %u", s, cmd->ctrl);
758 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd));
761 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
763 struct rfcomm_cmd cmd;
765 BT_DBG("%p dlci %d", s, dlci);
767 cmd.addr = __addr(s->initiator, dlci);
768 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
770 cmd.fcs = __fcs2((u8 *) &cmd);
772 return rfcomm_send_cmd(s, &cmd);
775 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
777 struct rfcomm_cmd cmd;
779 BT_DBG("%p dlci %d", s, dlci);
781 cmd.addr = __addr(!s->initiator, dlci);
782 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
784 cmd.fcs = __fcs2((u8 *) &cmd);
786 return rfcomm_send_cmd(s, &cmd);
789 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
791 struct rfcomm_cmd cmd;
793 BT_DBG("%p dlci %d", s, dlci);
795 cmd.addr = __addr(s->initiator, dlci);
796 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
798 cmd.fcs = __fcs2((u8 *) &cmd);
800 return rfcomm_send_cmd(s, &cmd);
803 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
805 struct rfcomm_cmd *cmd;
808 BT_DBG("dlc %p dlci %d", d, d->dlci);
810 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
814 cmd = (void *) __skb_put(skb, sizeof(*cmd));
816 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
817 cmd->len = __len8(0);
818 cmd->fcs = __fcs2((u8 *) cmd);
820 skb_queue_tail(&d->tx_queue, skb);
825 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
827 struct rfcomm_cmd cmd;
829 BT_DBG("%p dlci %d", s, dlci);
831 cmd.addr = __addr(!s->initiator, dlci);
832 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
834 cmd.fcs = __fcs2((u8 *) &cmd);
836 return rfcomm_send_cmd(s, &cmd);
839 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
841 struct rfcomm_hdr *hdr;
842 struct rfcomm_mcc *mcc;
843 u8 buf[16], *ptr = buf;
845 BT_DBG("%p cr %d type %d", s, cr, type);
847 hdr = (void *) ptr; ptr += sizeof(*hdr);
848 hdr->addr = __addr(s->initiator, 0);
849 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
850 hdr->len = __len8(sizeof(*mcc) + 1);
852 mcc = (void *) ptr; ptr += sizeof(*mcc);
853 mcc->type = __mcc_type(cr, RFCOMM_NSC);
854 mcc->len = __len8(1);
856 /* Type that we didn't like */
857 *ptr = __mcc_type(cr, type); ptr++;
859 *ptr = __fcs(buf); ptr++;
861 return rfcomm_send_frame(s, buf, ptr - buf);
864 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
866 struct rfcomm_hdr *hdr;
867 struct rfcomm_mcc *mcc;
868 struct rfcomm_pn *pn;
869 u8 buf[16], *ptr = buf;
871 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
873 hdr = (void *) ptr; ptr += sizeof(*hdr);
874 hdr->addr = __addr(s->initiator, 0);
875 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
876 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
878 mcc = (void *) ptr; ptr += sizeof(*mcc);
879 mcc->type = __mcc_type(cr, RFCOMM_PN);
880 mcc->len = __len8(sizeof(*pn));
882 pn = (void *) ptr; ptr += sizeof(*pn);
884 pn->priority = d->priority;
889 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
890 pn->credits = RFCOMM_DEFAULT_CREDITS;
896 if (cr && channel_mtu >= 0)
897 pn->mtu = cpu_to_le16(channel_mtu);
899 pn->mtu = cpu_to_le16(d->mtu);
901 *ptr = __fcs(buf); ptr++;
903 return rfcomm_send_frame(s, buf, ptr - buf);
906 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
907 u8 bit_rate, u8 data_bits, u8 stop_bits,
908 u8 parity, u8 flow_ctrl_settings,
909 u8 xon_char, u8 xoff_char, u16 param_mask)
911 struct rfcomm_hdr *hdr;
912 struct rfcomm_mcc *mcc;
913 struct rfcomm_rpn *rpn;
914 u8 buf[16], *ptr = buf;
916 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
917 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
918 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
919 flow_ctrl_settings, xon_char, xoff_char, param_mask);
921 hdr = (void *) ptr; ptr += sizeof(*hdr);
922 hdr->addr = __addr(s->initiator, 0);
923 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
924 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
926 mcc = (void *) ptr; ptr += sizeof(*mcc);
927 mcc->type = __mcc_type(cr, RFCOMM_RPN);
928 mcc->len = __len8(sizeof(*rpn));
930 rpn = (void *) ptr; ptr += sizeof(*rpn);
931 rpn->dlci = __addr(1, dlci);
932 rpn->bit_rate = bit_rate;
933 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
934 rpn->flow_ctrl = flow_ctrl_settings;
935 rpn->xon_char = xon_char;
936 rpn->xoff_char = xoff_char;
937 rpn->param_mask = cpu_to_le16(param_mask);
939 *ptr = __fcs(buf); ptr++;
941 return rfcomm_send_frame(s, buf, ptr - buf);
944 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
946 struct rfcomm_hdr *hdr;
947 struct rfcomm_mcc *mcc;
948 struct rfcomm_rls *rls;
949 u8 buf[16], *ptr = buf;
951 BT_DBG("%p cr %d status 0x%x", s, cr, status);
953 hdr = (void *) ptr; ptr += sizeof(*hdr);
954 hdr->addr = __addr(s->initiator, 0);
955 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
956 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
958 mcc = (void *) ptr; ptr += sizeof(*mcc);
959 mcc->type = __mcc_type(cr, RFCOMM_RLS);
960 mcc->len = __len8(sizeof(*rls));
962 rls = (void *) ptr; ptr += sizeof(*rls);
963 rls->dlci = __addr(1, dlci);
964 rls->status = status;
966 *ptr = __fcs(buf); ptr++;
968 return rfcomm_send_frame(s, buf, ptr - buf);
971 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
973 struct rfcomm_hdr *hdr;
974 struct rfcomm_mcc *mcc;
975 struct rfcomm_msc *msc;
976 u8 buf[16], *ptr = buf;
978 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
980 hdr = (void *) ptr; ptr += sizeof(*hdr);
981 hdr->addr = __addr(s->initiator, 0);
982 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
983 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
985 mcc = (void *) ptr; ptr += sizeof(*mcc);
986 mcc->type = __mcc_type(cr, RFCOMM_MSC);
987 mcc->len = __len8(sizeof(*msc));
989 msc = (void *) ptr; ptr += sizeof(*msc);
990 msc->dlci = __addr(1, dlci);
991 msc->v24_sig = v24_sig | 0x01;
993 *ptr = __fcs(buf); ptr++;
995 return rfcomm_send_frame(s, buf, ptr - buf);
998 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
1000 struct rfcomm_hdr *hdr;
1001 struct rfcomm_mcc *mcc;
1002 u8 buf[16], *ptr = buf;
1004 BT_DBG("%p cr %d", s, cr);
1006 hdr = (void *) ptr; ptr += sizeof(*hdr);
1007 hdr->addr = __addr(s->initiator, 0);
1008 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1009 hdr->len = __len8(sizeof(*mcc));
1011 mcc = (void *) ptr; ptr += sizeof(*mcc);
1012 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1013 mcc->len = __len8(0);
1015 *ptr = __fcs(buf); ptr++;
1017 return rfcomm_send_frame(s, buf, ptr - buf);
1020 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1022 struct rfcomm_hdr *hdr;
1023 struct rfcomm_mcc *mcc;
1024 u8 buf[16], *ptr = buf;
1026 BT_DBG("%p cr %d", s, cr);
1028 hdr = (void *) ptr; ptr += sizeof(*hdr);
1029 hdr->addr = __addr(s->initiator, 0);
1030 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1031 hdr->len = __len8(sizeof(*mcc));
1033 mcc = (void *) ptr; ptr += sizeof(*mcc);
1034 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1035 mcc->len = __len8(0);
1037 *ptr = __fcs(buf); ptr++;
1039 return rfcomm_send_frame(s, buf, ptr - buf);
1042 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1044 struct socket *sock = s->sock;
1047 unsigned char hdr[5], crc[1];
1052 BT_DBG("%p cr %d", s, cr);
1054 hdr[0] = __addr(s->initiator, 0);
1055 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1056 hdr[2] = 0x01 | ((len + 2) << 1);
1057 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1058 hdr[4] = 0x01 | (len << 1);
1060 crc[0] = __fcs(hdr);
1062 iv[0].iov_base = hdr;
1064 iv[1].iov_base = pattern;
1065 iv[1].iov_len = len;
1066 iv[2].iov_base = crc;
1069 memset(&msg, 0, sizeof(msg));
1071 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1074 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1076 struct rfcomm_hdr *hdr;
1077 u8 buf[16], *ptr = buf;
1079 BT_DBG("%p addr %d credits %d", s, addr, credits);
1081 hdr = (void *) ptr; ptr += sizeof(*hdr);
1083 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1084 hdr->len = __len8(0);
1086 *ptr = credits; ptr++;
1088 *ptr = __fcs(buf); ptr++;
1090 return rfcomm_send_frame(s, buf, ptr - buf);
1093 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1095 struct rfcomm_hdr *hdr;
1100 hdr = (void *) skb_push(skb, 4);
1101 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1103 hdr = (void *) skb_push(skb, 3);
1104 hdr->len = __len8(len);
1107 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1109 crc = skb_put(skb, 1);
1110 *crc = __fcs((void *) hdr);
1113 /* ---- RFCOMM frame reception ---- */
1114 static struct rfcomm_session *rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1116 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1120 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1122 rfcomm_send_dm(s, dlci);
1128 rfcomm_dlc_clear_timer(d);
1131 d->state = BT_CONNECTED;
1132 d->state_change(d, 0);
1133 rfcomm_dlc_unlock(d);
1135 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1139 d->state = BT_CLOSED;
1140 __rfcomm_dlc_close(d, 0);
1142 if (list_empty(&s->dlcs)) {
1143 s->state = BT_DISCONN;
1144 rfcomm_send_disc(s, 0);
1145 rfcomm_session_clear_timer(s);
1151 /* Control channel */
1154 s->state = BT_CONNECTED;
1155 rfcomm_process_connect(s);
1159 s = rfcomm_session_close(s, ECONNRESET);
1166 static struct rfcomm_session *rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1170 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1174 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1176 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1181 d->state = BT_CLOSED;
1182 __rfcomm_dlc_close(d, err);
1185 if (s->state == BT_CONNECT)
1190 s = rfcomm_session_close(s, err);
1195 static struct rfcomm_session *rfcomm_recv_disc(struct rfcomm_session *s,
1200 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1203 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1205 rfcomm_send_ua(s, dlci);
1207 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1212 d->state = BT_CLOSED;
1213 __rfcomm_dlc_close(d, err);
1215 rfcomm_send_dm(s, dlci);
1218 rfcomm_send_ua(s, 0);
1220 if (s->state == BT_CONNECT)
1225 s = rfcomm_session_close(s, err);
1230 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1232 struct sock *sk = d->session->sock->sk;
1233 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1235 BT_DBG("dlc %p", d);
1237 rfcomm_send_ua(d->session, d->dlci);
1239 rfcomm_dlc_clear_timer(d);
1242 d->state = BT_CONNECTED;
1243 d->state_change(d, 0);
1244 rfcomm_dlc_unlock(d);
1247 hci_conn_switch_role(conn->hcon, 0x00);
1249 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1252 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1254 if (rfcomm_check_security(d)) {
1255 if (d->defer_setup) {
1256 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1257 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1260 d->state = BT_CONNECT2;
1261 d->state_change(d, 0);
1262 rfcomm_dlc_unlock(d);
1264 rfcomm_dlc_accept(d);
1266 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1267 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1271 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1273 struct rfcomm_dlc *d;
1276 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1279 rfcomm_send_ua(s, 0);
1281 if (s->state == BT_OPEN) {
1282 s->state = BT_CONNECTED;
1283 rfcomm_process_connect(s);
1288 /* Check if DLC exists */
1289 d = rfcomm_dlc_get(s, dlci);
1291 if (d->state == BT_OPEN) {
1292 /* DLC was previously opened by PN request */
1293 rfcomm_check_accept(d);
1298 /* Notify socket layer about incoming connection */
1299 channel = __srv_channel(dlci);
1300 if (rfcomm_connect_ind(s, channel, &d)) {
1302 d->addr = __addr(s->initiator, dlci);
1303 rfcomm_dlc_link(s, d);
1305 rfcomm_check_accept(d);
1307 rfcomm_send_dm(s, dlci);
1313 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1315 struct rfcomm_session *s = d->session;
1317 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1318 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1320 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1321 pn->flow_ctrl == 0xe0) {
1322 d->cfc = RFCOMM_CFC_ENABLED;
1323 d->tx_credits = pn->credits;
1325 d->cfc = RFCOMM_CFC_DISABLED;
1326 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1329 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1332 d->priority = pn->priority;
1334 d->mtu = __le16_to_cpu(pn->mtu);
1336 if (cr && d->mtu > s->mtu)
1342 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1344 struct rfcomm_pn *pn = (void *) skb->data;
1345 struct rfcomm_dlc *d;
1348 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1353 d = rfcomm_dlc_get(s, dlci);
1357 rfcomm_apply_pn(d, cr, pn);
1358 rfcomm_send_pn(s, 0, d);
1363 rfcomm_apply_pn(d, cr, pn);
1365 d->state = BT_CONNECT;
1366 rfcomm_send_sabm(s, d->dlci);
1371 u8 channel = __srv_channel(dlci);
1376 /* PN request for non existing DLC.
1377 * Assume incoming connection. */
1378 if (rfcomm_connect_ind(s, channel, &d)) {
1380 d->addr = __addr(s->initiator, dlci);
1381 rfcomm_dlc_link(s, d);
1383 rfcomm_apply_pn(d, cr, pn);
1386 rfcomm_send_pn(s, 0, d);
1388 rfcomm_send_dm(s, dlci);
1394 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1396 struct rfcomm_rpn *rpn = (void *) skb->data;
1397 u8 dlci = __get_dlci(rpn->dlci);
1406 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1408 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1409 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1410 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1416 /* This is a request, return default (according to ETSI TS 07.10) settings */
1417 bit_rate = RFCOMM_RPN_BR_9600;
1418 data_bits = RFCOMM_RPN_DATA_8;
1419 stop_bits = RFCOMM_RPN_STOP_1;
1420 parity = RFCOMM_RPN_PARITY_NONE;
1421 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1422 xon_char = RFCOMM_RPN_XON_CHAR;
1423 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1427 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1428 * no parity, no flow control lines, normal XON/XOFF chars */
1430 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1431 bit_rate = rpn->bit_rate;
1432 if (bit_rate > RFCOMM_RPN_BR_230400) {
1433 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1434 bit_rate = RFCOMM_RPN_BR_9600;
1435 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1439 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1440 data_bits = __get_rpn_data_bits(rpn->line_settings);
1441 if (data_bits != RFCOMM_RPN_DATA_8) {
1442 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1443 data_bits = RFCOMM_RPN_DATA_8;
1444 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1448 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1449 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1450 if (stop_bits != RFCOMM_RPN_STOP_1) {
1451 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1452 stop_bits = RFCOMM_RPN_STOP_1;
1453 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1457 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1458 parity = __get_rpn_parity(rpn->line_settings);
1459 if (parity != RFCOMM_RPN_PARITY_NONE) {
1460 BT_DBG("RPN parity mismatch 0x%x", parity);
1461 parity = RFCOMM_RPN_PARITY_NONE;
1462 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1466 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1467 flow_ctrl = rpn->flow_ctrl;
1468 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1469 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1470 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1471 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1475 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1476 xon_char = rpn->xon_char;
1477 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1478 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1479 xon_char = RFCOMM_RPN_XON_CHAR;
1480 rpn_mask ^= RFCOMM_RPN_PM_XON;
1484 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1485 xoff_char = rpn->xoff_char;
1486 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1487 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1488 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1489 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1494 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1495 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1500 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1502 struct rfcomm_rls *rls = (void *) skb->data;
1503 u8 dlci = __get_dlci(rls->dlci);
1505 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1510 /* We should probably do something with this information here. But
1511 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1512 * mandatory to recognise and respond to RLS */
1514 rfcomm_send_rls(s, 0, dlci, rls->status);
1519 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1521 struct rfcomm_msc *msc = (void *) skb->data;
1522 struct rfcomm_dlc *d;
1523 u8 dlci = __get_dlci(msc->dlci);
1525 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1527 d = rfcomm_dlc_get(s, dlci);
1532 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1533 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1535 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1539 d->remote_v24_sig = msc->v24_sig;
1541 if (d->modem_status)
1542 d->modem_status(d, msc->v24_sig);
1544 rfcomm_dlc_unlock(d);
1546 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1548 d->mscex |= RFCOMM_MSCEX_RX;
1550 d->mscex |= RFCOMM_MSCEX_TX;
1555 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1557 struct rfcomm_mcc *mcc = (void *) skb->data;
1560 cr = __test_cr(mcc->type);
1561 type = __get_mcc_type(mcc->type);
1562 len = __get_mcc_len(mcc->len);
1564 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1570 rfcomm_recv_pn(s, cr, skb);
1574 rfcomm_recv_rpn(s, cr, len, skb);
1578 rfcomm_recv_rls(s, cr, skb);
1582 rfcomm_recv_msc(s, cr, skb);
1587 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1588 rfcomm_send_fcoff(s, 0);
1594 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1595 rfcomm_send_fcon(s, 0);
1601 rfcomm_send_test(s, 0, skb->data, skb->len);
1608 BT_ERR("Unknown control type 0x%02x", type);
1609 rfcomm_send_nsc(s, cr, type);
1615 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1617 struct rfcomm_dlc *d;
1619 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1621 d = rfcomm_dlc_get(s, dlci);
1623 rfcomm_send_dm(s, dlci);
1628 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1630 d->tx_credits += credits;
1632 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1635 if (skb->len && d->state == BT_CONNECTED) {
1638 d->data_ready(d, skb);
1639 rfcomm_dlc_unlock(d);
1648 static struct rfcomm_session *rfcomm_recv_frame(struct rfcomm_session *s,
1649 struct sk_buff *skb)
1651 struct rfcomm_hdr *hdr = (void *) skb->data;
1655 /* no session, so free socket data */
1660 dlci = __get_dlci(hdr->addr);
1661 type = __get_type(hdr->ctrl);
1664 skb->len--; skb->tail--;
1665 fcs = *(u8 *)skb_tail_pointer(skb);
1667 if (__check_fcs(skb->data, type, fcs)) {
1668 BT_ERR("bad checksum in packet");
1673 if (__test_ea(hdr->len))
1680 if (__test_pf(hdr->ctrl))
1681 rfcomm_recv_sabm(s, dlci);
1685 if (__test_pf(hdr->ctrl))
1686 s = rfcomm_recv_disc(s, dlci);
1690 if (__test_pf(hdr->ctrl))
1691 s = rfcomm_recv_ua(s, dlci);
1695 s = rfcomm_recv_dm(s, dlci);
1700 rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1703 rfcomm_recv_mcc(s, skb);
1707 BT_ERR("Unknown packet type 0x%02x", type);
1714 /* ---- Connection and data processing ---- */
1716 static void rfcomm_process_connect(struct rfcomm_session *s)
1718 struct rfcomm_dlc *d;
1719 struct list_head *p, *n;
1721 BT_DBG("session %p state %ld", s, s->state);
1723 list_for_each_safe(p, n, &s->dlcs) {
1724 d = list_entry(p, struct rfcomm_dlc, list);
1725 if (d->state == BT_CONFIG) {
1727 if (rfcomm_check_security(d)) {
1728 rfcomm_send_pn(s, 1, d);
1730 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1731 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1737 /* Send data queued for the DLC.
1738 * Return number of frames left in the queue.
1740 static int rfcomm_process_tx(struct rfcomm_dlc *d)
1742 struct sk_buff *skb;
1745 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1746 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1748 /* Send pending MSC */
1749 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1750 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1754 * Give them some credits */
1755 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1756 d->rx_credits <= (d->cfc >> 2)) {
1757 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1758 d->rx_credits = d->cfc;
1762 * Give ourselves some credits */
1766 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1767 return skb_queue_len(&d->tx_queue);
1769 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1770 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1772 skb_queue_head(&d->tx_queue, skb);
1779 if (d->cfc && !d->tx_credits) {
1780 /* We're out of TX credits.
1781 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1782 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1785 return skb_queue_len(&d->tx_queue);
1788 static void rfcomm_process_dlcs(struct rfcomm_session *s)
1790 struct rfcomm_dlc *d;
1791 struct list_head *p, *n;
1793 BT_DBG("session %p state %ld", s, s->state);
1795 list_for_each_safe(p, n, &s->dlcs) {
1796 d = list_entry(p, struct rfcomm_dlc, list);
1798 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1799 __rfcomm_dlc_close(d, ETIMEDOUT);
1803 if (test_bit(RFCOMM_ENC_DROP, &d->flags)) {
1804 __rfcomm_dlc_close(d, ECONNREFUSED);
1808 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1809 rfcomm_dlc_clear_timer(d);
1811 rfcomm_send_pn(s, 1, d);
1812 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1814 if (d->defer_setup) {
1815 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1816 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1819 d->state = BT_CONNECT2;
1820 d->state_change(d, 0);
1821 rfcomm_dlc_unlock(d);
1823 rfcomm_dlc_accept(d);
1826 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1827 rfcomm_dlc_clear_timer(d);
1829 rfcomm_send_dm(s, d->dlci);
1831 d->state = BT_CLOSED;
1832 __rfcomm_dlc_close(d, ECONNREFUSED);
1836 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1839 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1842 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1843 d->mscex == RFCOMM_MSCEX_OK)
1844 rfcomm_process_tx(d);
1848 static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s)
1850 struct socket *sock = s->sock;
1851 struct sock *sk = sock->sk;
1852 struct sk_buff *skb;
1854 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1856 /* Get data directly from socket receive queue without copying it. */
1857 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1859 if (!skb_linearize(skb))
1860 s = rfcomm_recv_frame(s, skb);
1865 if (s && (sk->sk_state == BT_CLOSED))
1866 s = rfcomm_session_close(s, sk->sk_err);
1871 static void rfcomm_accept_connection(struct rfcomm_session *s)
1873 struct socket *sock = s->sock, *nsock;
1876 /* Fast check for a new connection.
1877 * Avoids unnesesary socket allocations. */
1878 if (list_empty(&bt_sk(sock->sk)->accept_q))
1881 BT_DBG("session %p", s);
1883 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1887 /* Set our callbacks */
1888 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1889 nsock->sk->sk_state_change = rfcomm_l2state_change;
1891 s = rfcomm_session_add(nsock, BT_OPEN);
1893 /* We should adjust MTU on incoming sessions.
1894 * L2CAP MTU minus UIH header and FCS. */
1895 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1896 l2cap_pi(nsock->sk)->chan->imtu) - 5;
1900 sock_release(nsock);
1903 static struct rfcomm_session *rfcomm_check_connection(struct rfcomm_session *s)
1905 struct sock *sk = s->sock->sk;
1907 BT_DBG("%p state %ld", s, s->state);
1909 switch (sk->sk_state) {
1911 s->state = BT_CONNECT;
1913 /* We can adjust MTU on outgoing sessions.
1914 * L2CAP MTU minus UIH header and FCS. */
1915 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
1917 rfcomm_send_sabm(s, 0);
1921 s = rfcomm_session_close(s, sk->sk_err);
1927 static void rfcomm_process_sessions(void)
1929 struct list_head *p, *n;
1933 list_for_each_safe(p, n, &session_list) {
1934 struct rfcomm_session *s;
1935 s = list_entry(p, struct rfcomm_session, list);
1937 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1938 s->state = BT_DISCONN;
1939 rfcomm_send_disc(s, 0);
1943 if (s->state == BT_LISTEN) {
1944 rfcomm_accept_connection(s);
1950 s = rfcomm_check_connection(s);
1954 s = rfcomm_process_rx(s);
1959 rfcomm_process_dlcs(s);
1965 static int rfcomm_add_listener(bdaddr_t *ba)
1967 struct sockaddr_l2 addr;
1968 struct socket *sock;
1970 struct rfcomm_session *s;
1974 err = rfcomm_l2sock_create(&sock);
1976 BT_ERR("Create socket failed %d", err);
1981 bacpy(&addr.l2_bdaddr, ba);
1982 addr.l2_family = AF_BLUETOOTH;
1983 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
1985 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1987 BT_ERR("Bind failed %d", err);
1991 /* Set L2CAP options */
1994 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
1997 /* Start listening on the socket */
1998 err = kernel_listen(sock, 10);
2000 BT_ERR("Listen failed %d", err);
2004 /* Add listening session */
2005 s = rfcomm_session_add(sock, BT_LISTEN);
2017 static void rfcomm_kill_listener(void)
2019 struct rfcomm_session *s;
2020 struct list_head *p, *n;
2024 list_for_each_safe(p, n, &session_list) {
2025 s = list_entry(p, struct rfcomm_session, list);
2026 rfcomm_session_del(s);
2030 static int rfcomm_run(void *unused)
2034 set_user_nice(current, -10);
2036 rfcomm_add_listener(BDADDR_ANY);
2039 set_current_state(TASK_INTERRUPTIBLE);
2041 if (kthread_should_stop())
2045 rfcomm_process_sessions();
2049 __set_current_state(TASK_RUNNING);
2051 rfcomm_kill_listener();
2056 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2058 struct rfcomm_session *s;
2059 struct rfcomm_dlc *d;
2060 struct list_head *p, *n;
2062 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2064 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2068 list_for_each_safe(p, n, &s->dlcs) {
2069 d = list_entry(p, struct rfcomm_dlc, list);
2071 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2072 rfcomm_dlc_clear_timer(d);
2073 if (status || encrypt == 0x00) {
2074 set_bit(RFCOMM_ENC_DROP, &d->flags);
2079 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2080 if (d->sec_level == BT_SECURITY_MEDIUM) {
2081 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2082 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2084 } else if (d->sec_level == BT_SECURITY_HIGH) {
2085 set_bit(RFCOMM_ENC_DROP, &d->flags);
2090 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2093 if (!status && hci_conn_check_secure(conn, d->sec_level))
2094 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2096 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2102 static struct hci_cb rfcomm_cb = {
2104 .security_cfm = rfcomm_security_cfm
2107 static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2109 struct rfcomm_session *s;
2113 list_for_each_entry(s, &session_list, list) {
2114 struct rfcomm_dlc *d;
2115 list_for_each_entry(d, &s->dlcs, list) {
2116 struct sock *sk = s->sock->sk;
2118 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n",
2119 &bt_sk(sk)->src, &bt_sk(sk)->dst,
2120 d->state, d->dlci, d->mtu,
2121 d->rx_credits, d->tx_credits);
2130 static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file)
2132 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private);
2135 static const struct file_operations rfcomm_dlc_debugfs_fops = {
2136 .open = rfcomm_dlc_debugfs_open,
2138 .llseek = seq_lseek,
2139 .release = single_release,
2142 static struct dentry *rfcomm_dlc_debugfs;
2144 /* ---- Initialization ---- */
2145 static int __init rfcomm_init(void)
2149 hci_register_cb(&rfcomm_cb);
2151 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2152 if (IS_ERR(rfcomm_thread)) {
2153 err = PTR_ERR(rfcomm_thread);
2158 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2159 bt_debugfs, NULL, &rfcomm_dlc_debugfs_fops);
2160 if (!rfcomm_dlc_debugfs)
2161 BT_ERR("Failed to create RFCOMM debug file");
2164 err = rfcomm_init_ttys();
2168 err = rfcomm_init_sockets();
2172 BT_INFO("RFCOMM ver %s", VERSION);
2177 rfcomm_cleanup_ttys();
2180 kthread_stop(rfcomm_thread);
2183 hci_unregister_cb(&rfcomm_cb);
2188 static void __exit rfcomm_exit(void)
2190 debugfs_remove(rfcomm_dlc_debugfs);
2192 hci_unregister_cb(&rfcomm_cb);
2194 kthread_stop(rfcomm_thread);
2196 rfcomm_cleanup_ttys();
2198 rfcomm_cleanup_sockets();
2201 module_init(rfcomm_init);
2202 module_exit(rfcomm_exit);
2204 module_param(disable_cfc, bool, 0644);
2205 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2207 module_param(channel_mtu, int, 0644);
2208 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2210 module_param(l2cap_mtu, uint, 0644);
2211 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2213 module_param(l2cap_ertm, bool, 0644);
2214 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2216 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2217 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2218 MODULE_VERSION(VERSION);
2219 MODULE_LICENSE("GPL");
2220 MODULE_ALIAS("bt-proto-3");
projects / firefly-linux-kernel-4.4.55.git / blob