2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/kernel.h>
31 #include <linux/sched.h>
32 #include <linux/signal.h>
33 #include <linux/init.h>
34 #include <linux/wait.h>
35 #include <linux/device.h>
36 #include <linux/debugfs.h>
37 #include <linux/seq_file.h>
38 #include <linux/net.h>
39 #include <linux/mutex.h>
40 #include <linux/kthread.h>
41 #include <linux/slab.h>
44 #include <asm/uaccess.h>
45 #include <asm/unaligned.h>
47 #include <net/bluetooth/bluetooth.h>
48 #include <net/bluetooth/hci_core.h>
49 #include <net/bluetooth/l2cap.h>
50 #include <net/bluetooth/rfcomm.h>
52 #define VERSION "1.11"
54 static int disable_cfc = 0;
55 static int channel_mtu = -1;
56 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
57 static int l2cap_ertm = 0;
59 static struct task_struct *rfcomm_thread;
61 static DEFINE_MUTEX(rfcomm_mutex);
62 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
63 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
65 static unsigned long rfcomm_event;
67 static LIST_HEAD(session_list);
69 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
70 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
71 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
72 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
73 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
74 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
75 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
76 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
77 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
78 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
80 static void rfcomm_process_connect(struct rfcomm_session *s);
82 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
83 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
84 static void rfcomm_session_del(struct rfcomm_session *s);
86 /* ---- RFCOMM frame parsing macros ---- */
87 #define __get_dlci(b) ((b & 0xfc) >> 2)
88 #define __get_channel(b) ((b & 0xf8) >> 3)
89 #define __get_dir(b) ((b & 0x04) >> 2)
90 #define __get_type(b) ((b & 0xef))
92 #define __test_ea(b) ((b & 0x01))
93 #define __test_cr(b) ((b & 0x02))
94 #define __test_pf(b) ((b & 0x10))
96 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
97 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
98 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
99 #define __srv_channel(dlci) (dlci >> 1)
100 #define __dir(dlci) (dlci & 0x01)
102 #define __len8(len) (((len) << 1) | 1)
103 #define __len16(len) ((len) << 1)
106 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
107 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
108 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
111 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
112 #define __get_rpn_data_bits(line) ((line) & 0x3)
113 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
114 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
116 static inline void rfcomm_schedule(uint event)
120 //set_bit(event, &rfcomm_event);
121 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
122 wake_up_process(rfcomm_thread);
125 static inline void rfcomm_session_put(struct rfcomm_session *s)
127 if (atomic_dec_and_test(&s->refcnt))
128 rfcomm_session_del(s);
131 /* ---- RFCOMM FCS computation ---- */
133 /* reversed, 8-bit, poly=0x07 */
134 static unsigned char rfcomm_crc_table[256] = {
135 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
136 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
137 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
138 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
140 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
141 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
142 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
143 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
145 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
146 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
147 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
148 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
150 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
151 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
152 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
153 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
155 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
156 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
157 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
158 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
160 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
161 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
162 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
163 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
165 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
166 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
167 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
168 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
170 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
171 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
172 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
173 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
177 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
180 static inline u8 __fcs(u8 *data)
182 return (0xff - __crc(data));
186 static inline u8 __fcs2(u8 *data)
188 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
192 static inline int __check_fcs(u8 *data, int type, u8 fcs)
196 if (type != RFCOMM_UIH)
197 f = rfcomm_crc_table[f ^ data[2]];
199 return rfcomm_crc_table[f ^ fcs] != 0xcf;
202 /* ---- L2CAP callbacks ---- */
203 static void rfcomm_l2state_change(struct sock *sk)
205 BT_DBG("%p state %d", sk, sk->sk_state);
206 rfcomm_schedule(RFCOMM_SCHED_STATE);
209 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
211 BT_DBG("%p bytes %d", sk, bytes);
212 rfcomm_schedule(RFCOMM_SCHED_RX);
215 static int rfcomm_l2sock_create(struct socket **sock)
221 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
223 struct sock *sk = (*sock)->sk;
224 sk->sk_data_ready = rfcomm_l2data_ready;
225 sk->sk_state_change = rfcomm_l2state_change;
230 static inline int rfcomm_check_security(struct rfcomm_dlc *d)
232 struct sock *sk = d->session->sock->sk;
235 switch (d->sec_level) {
236 case BT_SECURITY_HIGH:
237 auth_type = HCI_AT_GENERAL_BONDING_MITM;
239 case BT_SECURITY_MEDIUM:
240 auth_type = HCI_AT_GENERAL_BONDING;
243 auth_type = HCI_AT_NO_BONDING;
247 return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level,
251 /* ---- RFCOMM DLCs ---- */
252 static void rfcomm_dlc_timeout(unsigned long arg)
254 struct rfcomm_dlc *d = (void *) arg;
256 BT_DBG("dlc %p state %ld", d, d->state);
258 set_bit(RFCOMM_TIMED_OUT, &d->flags);
260 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
263 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
265 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
267 if (!mod_timer(&d->timer, jiffies + timeout))
271 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
273 BT_DBG("dlc %p state %ld", d, d->state);
275 if (timer_pending(&d->timer) && del_timer(&d->timer))
279 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
286 d->mtu = RFCOMM_DEFAULT_MTU;
287 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
289 d->cfc = RFCOMM_CFC_DISABLED;
290 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
293 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
295 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
300 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
302 skb_queue_head_init(&d->tx_queue);
303 spin_lock_init(&d->lock);
304 atomic_set(&d->refcnt, 1);
306 rfcomm_dlc_clear_state(d);
313 void rfcomm_dlc_free(struct rfcomm_dlc *d)
317 skb_queue_purge(&d->tx_queue);
321 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
323 BT_DBG("dlc %p session %p", d, s);
325 rfcomm_session_hold(s);
328 list_add(&d->list, &s->dlcs);
332 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
334 struct rfcomm_session *s = d->session;
336 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
342 rfcomm_session_put(s);
345 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
347 struct rfcomm_dlc *d;
350 list_for_each(p, &s->dlcs) {
351 d = list_entry(p, struct rfcomm_dlc, list);
358 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
360 struct rfcomm_session *s;
364 BT_DBG("dlc %p state %ld %s %s channel %d",
365 d, d->state, batostr(src), batostr(dst), channel);
367 if (channel < 1 || channel > 30)
370 if (d->state != BT_OPEN && d->state != BT_CLOSED)
373 s = rfcomm_session_get(src, dst);
375 s = rfcomm_session_create(src, dst, &err);
380 dlci = __dlci(!s->initiator, channel);
382 /* Check if DLCI already exists */
383 if (rfcomm_dlc_get(s, dlci))
386 rfcomm_dlc_clear_state(d);
389 d->addr = __addr(s->initiator, dlci);
392 d->state = BT_CONFIG;
393 rfcomm_dlc_link(s, d);
398 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
400 if (s->state == BT_CONNECTED) {
401 if (rfcomm_check_security(d))
402 rfcomm_send_pn(s, 1, d);
404 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
407 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
412 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
418 r = __rfcomm_dlc_open(d, src, dst, channel);
424 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
426 struct rfcomm_session *s = d->session;
430 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
431 d, d->state, d->dlci, err, s);
435 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
436 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
437 rfcomm_schedule(RFCOMM_SCHED_AUTH);
443 d->state = BT_DISCONN;
444 if (skb_queue_empty(&d->tx_queue)) {
445 rfcomm_send_disc(s, d->dlci);
446 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
448 rfcomm_queue_disc(d);
449 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
454 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
455 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
456 rfcomm_schedule(RFCOMM_SCHED_AUTH);
462 rfcomm_dlc_clear_timer(d);
465 d->state = BT_CLOSED;
466 d->state_change(d, err);
467 rfcomm_dlc_unlock(d);
469 skb_queue_purge(&d->tx_queue);
470 rfcomm_dlc_unlink(d);
476 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
482 r = __rfcomm_dlc_close(d, err);
488 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
492 if (d->state != BT_CONNECTED)
495 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
500 rfcomm_make_uih(skb, d->addr);
501 skb_queue_tail(&d->tx_queue, skb);
503 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
504 rfcomm_schedule(RFCOMM_SCHED_TX);
508 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
510 BT_DBG("dlc %p state %ld", d, d->state);
513 d->v24_sig |= RFCOMM_V24_FC;
514 set_bit(RFCOMM_MSC_PENDING, &d->flags);
516 rfcomm_schedule(RFCOMM_SCHED_TX);
519 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
521 BT_DBG("dlc %p state %ld", d, d->state);
524 d->v24_sig &= ~RFCOMM_V24_FC;
525 set_bit(RFCOMM_MSC_PENDING, &d->flags);
527 rfcomm_schedule(RFCOMM_SCHED_TX);
531 Set/get modem status functions use _local_ status i.e. what we report
533 Remote status is provided by dlc->modem_status() callback.
535 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
537 BT_DBG("dlc %p state %ld v24_sig 0x%x",
538 d, d->state, v24_sig);
540 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
541 v24_sig |= RFCOMM_V24_FC;
543 v24_sig &= ~RFCOMM_V24_FC;
545 d->v24_sig = v24_sig;
547 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
548 rfcomm_schedule(RFCOMM_SCHED_TX);
553 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
555 BT_DBG("dlc %p state %ld v24_sig 0x%x",
556 d, d->state, d->v24_sig);
558 *v24_sig = d->v24_sig;
562 /* ---- RFCOMM sessions ---- */
563 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
565 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
570 BT_DBG("session %p sock %p", s, sock);
572 INIT_LIST_HEAD(&s->dlcs);
576 s->mtu = RFCOMM_DEFAULT_MTU;
577 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
579 /* Do not increment module usage count for listening sessions.
580 * Otherwise we won't be able to unload the module. */
581 if (state != BT_LISTEN)
582 if (!try_module_get(THIS_MODULE)) {
587 list_add(&s->list, &session_list);
592 static void rfcomm_session_del(struct rfcomm_session *s)
594 int state = s->state;
596 BT_DBG("session %p state %ld", s, s->state);
600 if (state == BT_CONNECTED)
601 rfcomm_send_disc(s, 0);
603 sock_release(s->sock);
606 if (state != BT_LISTEN)
607 module_put(THIS_MODULE);
610 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
612 struct rfcomm_session *s;
613 struct list_head *p, *n;
615 list_for_each_safe(p, n, &session_list) {
616 s = list_entry(p, struct rfcomm_session, list);
617 sk = bt_sk(s->sock->sk);
619 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
620 !bacmp(&sk->dst, dst))
626 static void rfcomm_session_close(struct rfcomm_session *s, int err)
628 struct rfcomm_dlc *d;
629 struct list_head *p, *n;
631 BT_DBG("session %p state %ld err %d", s, s->state, err);
633 rfcomm_session_hold(s);
635 s->state = BT_CLOSED;
638 list_for_each_safe(p, n, &s->dlcs) {
639 d = list_entry(p, struct rfcomm_dlc, list);
640 d->state = BT_CLOSED;
641 __rfcomm_dlc_close(d, err);
644 rfcomm_session_put(s);
647 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
649 struct rfcomm_session *s = NULL;
650 struct sockaddr_l2 addr;
654 BT_DBG("%s %s", batostr(src), batostr(dst));
656 *err = rfcomm_l2sock_create(&sock);
660 bacpy(&addr.l2_bdaddr, src);
661 addr.l2_family = AF_BLUETOOTH;
664 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
668 /* Set L2CAP options */
671 l2cap_pi(sk)->imtu = l2cap_mtu;
673 l2cap_pi(sk)->mode = L2CAP_MODE_ERTM;
676 s = rfcomm_session_add(sock, BT_BOUND);
684 bacpy(&addr.l2_bdaddr, dst);
685 addr.l2_family = AF_BLUETOOTH;
686 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
688 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
689 if (*err == 0 || *err == -EINPROGRESS)
692 rfcomm_session_del(s);
700 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
702 struct sock *sk = s->sock->sk;
704 bacpy(src, &bt_sk(sk)->src);
706 bacpy(dst, &bt_sk(sk)->dst);
709 /* ---- RFCOMM frame sending ---- */
710 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
712 struct socket *sock = s->sock;
713 struct kvec iv = { data, len };
716 BT_DBG("session %p len %d", s, len);
718 memset(&msg, 0, sizeof(msg));
720 return kernel_sendmsg(sock, &msg, &iv, 1, len);
723 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
725 struct rfcomm_cmd cmd;
727 BT_DBG("%p dlci %d", s, dlci);
729 cmd.addr = __addr(s->initiator, dlci);
730 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
732 cmd.fcs = __fcs2((u8 *) &cmd);
734 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
737 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
739 struct rfcomm_cmd cmd;
741 BT_DBG("%p dlci %d", s, dlci);
743 cmd.addr = __addr(!s->initiator, dlci);
744 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
746 cmd.fcs = __fcs2((u8 *) &cmd);
748 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
751 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
753 struct rfcomm_cmd cmd;
755 BT_DBG("%p dlci %d", s, dlci);
757 cmd.addr = __addr(s->initiator, dlci);
758 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
760 cmd.fcs = __fcs2((u8 *) &cmd);
762 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
765 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
767 struct rfcomm_cmd *cmd;
770 BT_DBG("dlc %p dlci %d", d, d->dlci);
772 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
776 cmd = (void *) __skb_put(skb, sizeof(*cmd));
778 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
779 cmd->len = __len8(0);
780 cmd->fcs = __fcs2((u8 *) cmd);
782 skb_queue_tail(&d->tx_queue, skb);
783 rfcomm_schedule(RFCOMM_SCHED_TX);
787 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
789 struct rfcomm_cmd cmd;
791 BT_DBG("%p dlci %d", s, dlci);
793 cmd.addr = __addr(!s->initiator, dlci);
794 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
796 cmd.fcs = __fcs2((u8 *) &cmd);
798 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
801 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
803 struct rfcomm_hdr *hdr;
804 struct rfcomm_mcc *mcc;
805 u8 buf[16], *ptr = buf;
807 BT_DBG("%p cr %d type %d", s, cr, type);
809 hdr = (void *) ptr; ptr += sizeof(*hdr);
810 hdr->addr = __addr(s->initiator, 0);
811 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
812 hdr->len = __len8(sizeof(*mcc) + 1);
814 mcc = (void *) ptr; ptr += sizeof(*mcc);
815 mcc->type = __mcc_type(cr, RFCOMM_NSC);
816 mcc->len = __len8(1);
818 /* Type that we didn't like */
819 *ptr = __mcc_type(cr, type); ptr++;
821 *ptr = __fcs(buf); ptr++;
823 return rfcomm_send_frame(s, buf, ptr - buf);
826 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
828 struct rfcomm_hdr *hdr;
829 struct rfcomm_mcc *mcc;
830 struct rfcomm_pn *pn;
831 u8 buf[16], *ptr = buf;
833 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
835 hdr = (void *) ptr; ptr += sizeof(*hdr);
836 hdr->addr = __addr(s->initiator, 0);
837 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
838 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
840 mcc = (void *) ptr; ptr += sizeof(*mcc);
841 mcc->type = __mcc_type(cr, RFCOMM_PN);
842 mcc->len = __len8(sizeof(*pn));
844 pn = (void *) ptr; ptr += sizeof(*pn);
846 pn->priority = d->priority;
851 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
852 pn->credits = RFCOMM_DEFAULT_CREDITS;
858 if (cr && channel_mtu >= 0)
859 pn->mtu = cpu_to_le16(channel_mtu);
861 pn->mtu = cpu_to_le16(d->mtu);
863 *ptr = __fcs(buf); ptr++;
865 return rfcomm_send_frame(s, buf, ptr - buf);
868 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
869 u8 bit_rate, u8 data_bits, u8 stop_bits,
870 u8 parity, u8 flow_ctrl_settings,
871 u8 xon_char, u8 xoff_char, u16 param_mask)
873 struct rfcomm_hdr *hdr;
874 struct rfcomm_mcc *mcc;
875 struct rfcomm_rpn *rpn;
876 u8 buf[16], *ptr = buf;
878 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
879 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
880 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
881 flow_ctrl_settings, xon_char, xoff_char, param_mask);
883 hdr = (void *) ptr; ptr += sizeof(*hdr);
884 hdr->addr = __addr(s->initiator, 0);
885 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
886 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
888 mcc = (void *) ptr; ptr += sizeof(*mcc);
889 mcc->type = __mcc_type(cr, RFCOMM_RPN);
890 mcc->len = __len8(sizeof(*rpn));
892 rpn = (void *) ptr; ptr += sizeof(*rpn);
893 rpn->dlci = __addr(1, dlci);
894 rpn->bit_rate = bit_rate;
895 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
896 rpn->flow_ctrl = flow_ctrl_settings;
897 rpn->xon_char = xon_char;
898 rpn->xoff_char = xoff_char;
899 rpn->param_mask = cpu_to_le16(param_mask);
901 *ptr = __fcs(buf); ptr++;
903 return rfcomm_send_frame(s, buf, ptr - buf);
906 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
908 struct rfcomm_hdr *hdr;
909 struct rfcomm_mcc *mcc;
910 struct rfcomm_rls *rls;
911 u8 buf[16], *ptr = buf;
913 BT_DBG("%p cr %d status 0x%x", s, cr, status);
915 hdr = (void *) ptr; ptr += sizeof(*hdr);
916 hdr->addr = __addr(s->initiator, 0);
917 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
918 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
920 mcc = (void *) ptr; ptr += sizeof(*mcc);
921 mcc->type = __mcc_type(cr, RFCOMM_RLS);
922 mcc->len = __len8(sizeof(*rls));
924 rls = (void *) ptr; ptr += sizeof(*rls);
925 rls->dlci = __addr(1, dlci);
926 rls->status = status;
928 *ptr = __fcs(buf); ptr++;
930 return rfcomm_send_frame(s, buf, ptr - buf);
933 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
935 struct rfcomm_hdr *hdr;
936 struct rfcomm_mcc *mcc;
937 struct rfcomm_msc *msc;
938 u8 buf[16], *ptr = buf;
940 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
942 hdr = (void *) ptr; ptr += sizeof(*hdr);
943 hdr->addr = __addr(s->initiator, 0);
944 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
945 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
947 mcc = (void *) ptr; ptr += sizeof(*mcc);
948 mcc->type = __mcc_type(cr, RFCOMM_MSC);
949 mcc->len = __len8(sizeof(*msc));
951 msc = (void *) ptr; ptr += sizeof(*msc);
952 msc->dlci = __addr(1, dlci);
953 msc->v24_sig = v24_sig | 0x01;
955 *ptr = __fcs(buf); ptr++;
957 return rfcomm_send_frame(s, buf, ptr - buf);
960 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
962 struct rfcomm_hdr *hdr;
963 struct rfcomm_mcc *mcc;
964 u8 buf[16], *ptr = buf;
966 BT_DBG("%p cr %d", s, cr);
968 hdr = (void *) ptr; ptr += sizeof(*hdr);
969 hdr->addr = __addr(s->initiator, 0);
970 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
971 hdr->len = __len8(sizeof(*mcc));
973 mcc = (void *) ptr; ptr += sizeof(*mcc);
974 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
975 mcc->len = __len8(0);
977 *ptr = __fcs(buf); ptr++;
979 return rfcomm_send_frame(s, buf, ptr - buf);
982 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
984 struct rfcomm_hdr *hdr;
985 struct rfcomm_mcc *mcc;
986 u8 buf[16], *ptr = buf;
988 BT_DBG("%p cr %d", s, cr);
990 hdr = (void *) ptr; ptr += sizeof(*hdr);
991 hdr->addr = __addr(s->initiator, 0);
992 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
993 hdr->len = __len8(sizeof(*mcc));
995 mcc = (void *) ptr; ptr += sizeof(*mcc);
996 mcc->type = __mcc_type(cr, RFCOMM_FCON);
997 mcc->len = __len8(0);
999 *ptr = __fcs(buf); ptr++;
1001 return rfcomm_send_frame(s, buf, ptr - buf);
1004 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1006 struct socket *sock = s->sock;
1009 unsigned char hdr[5], crc[1];
1014 BT_DBG("%p cr %d", s, cr);
1016 hdr[0] = __addr(s->initiator, 0);
1017 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1018 hdr[2] = 0x01 | ((len + 2) << 1);
1019 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1020 hdr[4] = 0x01 | (len << 1);
1022 crc[0] = __fcs(hdr);
1024 iv[0].iov_base = hdr;
1026 iv[1].iov_base = pattern;
1027 iv[1].iov_len = len;
1028 iv[2].iov_base = crc;
1031 memset(&msg, 0, sizeof(msg));
1033 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1036 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1038 struct rfcomm_hdr *hdr;
1039 u8 buf[16], *ptr = buf;
1041 BT_DBG("%p addr %d credits %d", s, addr, credits);
1043 hdr = (void *) ptr; ptr += sizeof(*hdr);
1045 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1046 hdr->len = __len8(0);
1048 *ptr = credits; ptr++;
1050 *ptr = __fcs(buf); ptr++;
1052 return rfcomm_send_frame(s, buf, ptr - buf);
1055 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1057 struct rfcomm_hdr *hdr;
1062 hdr = (void *) skb_push(skb, 4);
1063 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1065 hdr = (void *) skb_push(skb, 3);
1066 hdr->len = __len8(len);
1069 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1071 crc = skb_put(skb, 1);
1072 *crc = __fcs((void *) hdr);
1075 /* ---- RFCOMM frame reception ---- */
1076 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1078 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1082 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1084 rfcomm_send_dm(s, dlci);
1090 rfcomm_dlc_clear_timer(d);
1093 d->state = BT_CONNECTED;
1094 d->state_change(d, 0);
1095 rfcomm_dlc_unlock(d);
1097 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1101 d->state = BT_CLOSED;
1102 __rfcomm_dlc_close(d, 0);
1104 if (list_empty(&s->dlcs)) {
1105 s->state = BT_DISCONN;
1106 rfcomm_send_disc(s, 0);
1112 /* Control channel */
1115 s->state = BT_CONNECTED;
1116 rfcomm_process_connect(s);
1120 /* When socket is closed and we are not RFCOMM
1121 * initiator rfcomm_process_rx already calls
1122 * rfcomm_session_put() */
1123 if (s->sock->sk->sk_state != BT_CLOSED)
1124 rfcomm_session_put(s);
1131 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1135 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1139 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1141 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1146 d->state = BT_CLOSED;
1147 __rfcomm_dlc_close(d, err);
1150 if (s->state == BT_CONNECT)
1155 s->state = BT_CLOSED;
1156 rfcomm_session_close(s, err);
1161 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1165 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1168 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1170 rfcomm_send_ua(s, dlci);
1172 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1177 d->state = BT_CLOSED;
1178 __rfcomm_dlc_close(d, err);
1180 rfcomm_send_dm(s, dlci);
1183 rfcomm_send_ua(s, 0);
1185 if (s->state == BT_CONNECT)
1190 s->state = BT_CLOSED;
1191 rfcomm_session_close(s, err);
1197 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1199 struct sock *sk = d->session->sock->sk;
1201 BT_DBG("dlc %p", d);
1203 rfcomm_send_ua(d->session, d->dlci);
1206 d->state = BT_CONNECTED;
1207 d->state_change(d, 0);
1208 rfcomm_dlc_unlock(d);
1211 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);
1213 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1216 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1218 if (rfcomm_check_security(d)) {
1219 if (d->defer_setup) {
1220 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1221 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1223 rfcomm_dlc_accept(d);
1225 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1226 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1230 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1232 struct rfcomm_dlc *d;
1235 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1238 rfcomm_send_ua(s, 0);
1240 if (s->state == BT_OPEN) {
1241 s->state = BT_CONNECTED;
1242 rfcomm_process_connect(s);
1247 /* Check if DLC exists */
1248 d = rfcomm_dlc_get(s, dlci);
1250 if (d->state == BT_OPEN) {
1251 /* DLC was previously opened by PN request */
1252 rfcomm_check_accept(d);
1257 /* Notify socket layer about incoming connection */
1258 channel = __srv_channel(dlci);
1259 if (rfcomm_connect_ind(s, channel, &d)) {
1261 d->addr = __addr(s->initiator, dlci);
1262 rfcomm_dlc_link(s, d);
1264 rfcomm_check_accept(d);
1266 rfcomm_send_dm(s, dlci);
1272 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1274 struct rfcomm_session *s = d->session;
1276 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1277 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1279 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1280 pn->flow_ctrl == 0xe0) {
1281 d->cfc = RFCOMM_CFC_ENABLED;
1282 d->tx_credits = pn->credits;
1284 d->cfc = RFCOMM_CFC_DISABLED;
1285 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1288 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1291 d->priority = pn->priority;
1293 d->mtu = __le16_to_cpu(pn->mtu);
1295 if (cr && d->mtu > s->mtu)
1301 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1303 struct rfcomm_pn *pn = (void *) skb->data;
1304 struct rfcomm_dlc *d;
1307 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1312 d = rfcomm_dlc_get(s, dlci);
1316 rfcomm_apply_pn(d, cr, pn);
1317 rfcomm_send_pn(s, 0, d);
1322 rfcomm_apply_pn(d, cr, pn);
1324 d->state = BT_CONNECT;
1325 rfcomm_send_sabm(s, d->dlci);
1330 u8 channel = __srv_channel(dlci);
1335 /* PN request for non existing DLC.
1336 * Assume incoming connection. */
1337 if (rfcomm_connect_ind(s, channel, &d)) {
1339 d->addr = __addr(s->initiator, dlci);
1340 rfcomm_dlc_link(s, d);
1342 rfcomm_apply_pn(d, cr, pn);
1345 rfcomm_send_pn(s, 0, d);
1347 rfcomm_send_dm(s, dlci);
1353 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1355 struct rfcomm_rpn *rpn = (void *) skb->data;
1356 u8 dlci = __get_dlci(rpn->dlci);
1365 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1367 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1368 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1369 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1375 /* This is a request, return default settings */
1376 bit_rate = RFCOMM_RPN_BR_115200;
1377 data_bits = RFCOMM_RPN_DATA_8;
1378 stop_bits = RFCOMM_RPN_STOP_1;
1379 parity = RFCOMM_RPN_PARITY_NONE;
1380 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1381 xon_char = RFCOMM_RPN_XON_CHAR;
1382 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1386 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1387 * no parity, no flow control lines, normal XON/XOFF chars */
1389 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1390 bit_rate = rpn->bit_rate;
1391 if (bit_rate != RFCOMM_RPN_BR_115200) {
1392 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1393 bit_rate = RFCOMM_RPN_BR_115200;
1394 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1398 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1399 data_bits = __get_rpn_data_bits(rpn->line_settings);
1400 if (data_bits != RFCOMM_RPN_DATA_8) {
1401 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1402 data_bits = RFCOMM_RPN_DATA_8;
1403 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1407 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1408 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1409 if (stop_bits != RFCOMM_RPN_STOP_1) {
1410 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1411 stop_bits = RFCOMM_RPN_STOP_1;
1412 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1416 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1417 parity = __get_rpn_parity(rpn->line_settings);
1418 if (parity != RFCOMM_RPN_PARITY_NONE) {
1419 BT_DBG("RPN parity mismatch 0x%x", parity);
1420 parity = RFCOMM_RPN_PARITY_NONE;
1421 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1425 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1426 flow_ctrl = rpn->flow_ctrl;
1427 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1428 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1429 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1430 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1434 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1435 xon_char = rpn->xon_char;
1436 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1437 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1438 xon_char = RFCOMM_RPN_XON_CHAR;
1439 rpn_mask ^= RFCOMM_RPN_PM_XON;
1443 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1444 xoff_char = rpn->xoff_char;
1445 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1446 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1447 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1448 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1453 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1454 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1459 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1461 struct rfcomm_rls *rls = (void *) skb->data;
1462 u8 dlci = __get_dlci(rls->dlci);
1464 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1469 /* We should probably do something with this information here. But
1470 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1471 * mandatory to recognise and respond to RLS */
1473 rfcomm_send_rls(s, 0, dlci, rls->status);
1478 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1480 struct rfcomm_msc *msc = (void *) skb->data;
1481 struct rfcomm_dlc *d;
1482 u8 dlci = __get_dlci(msc->dlci);
1484 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1486 d = rfcomm_dlc_get(s, dlci);
1491 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1492 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1494 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1498 d->remote_v24_sig = msc->v24_sig;
1500 if (d->modem_status)
1501 d->modem_status(d, msc->v24_sig);
1503 rfcomm_dlc_unlock(d);
1505 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1507 d->mscex |= RFCOMM_MSCEX_RX;
1509 d->mscex |= RFCOMM_MSCEX_TX;
1514 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1516 struct rfcomm_mcc *mcc = (void *) skb->data;
1519 cr = __test_cr(mcc->type);
1520 type = __get_mcc_type(mcc->type);
1521 len = __get_mcc_len(mcc->len);
1523 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1529 rfcomm_recv_pn(s, cr, skb);
1533 rfcomm_recv_rpn(s, cr, len, skb);
1537 rfcomm_recv_rls(s, cr, skb);
1541 rfcomm_recv_msc(s, cr, skb);
1546 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1547 rfcomm_send_fcoff(s, 0);
1553 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1554 rfcomm_send_fcon(s, 0);
1560 rfcomm_send_test(s, 0, skb->data, skb->len);
1567 BT_ERR("Unknown control type 0x%02x", type);
1568 rfcomm_send_nsc(s, cr, type);
1574 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1576 struct rfcomm_dlc *d;
1578 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1580 d = rfcomm_dlc_get(s, dlci);
1582 rfcomm_send_dm(s, dlci);
1587 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1589 d->tx_credits += credits;
1591 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1594 if (skb->len && d->state == BT_CONNECTED) {
1597 d->data_ready(d, skb);
1598 rfcomm_dlc_unlock(d);
1607 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1609 struct rfcomm_hdr *hdr = (void *) skb->data;
1612 dlci = __get_dlci(hdr->addr);
1613 type = __get_type(hdr->ctrl);
1616 skb->len--; skb->tail--;
1617 fcs = *(u8 *)skb_tail_pointer(skb);
1619 if (__check_fcs(skb->data, type, fcs)) {
1620 BT_ERR("bad checksum in packet");
1625 if (__test_ea(hdr->len))
1632 if (__test_pf(hdr->ctrl))
1633 rfcomm_recv_sabm(s, dlci);
1637 if (__test_pf(hdr->ctrl))
1638 rfcomm_recv_disc(s, dlci);
1642 if (__test_pf(hdr->ctrl))
1643 rfcomm_recv_ua(s, dlci);
1647 rfcomm_recv_dm(s, dlci);
1652 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1654 rfcomm_recv_mcc(s, skb);
1658 BT_ERR("Unknown packet type 0x%02x\n", type);
1665 /* ---- Connection and data processing ---- */
1667 static void rfcomm_process_connect(struct rfcomm_session *s)
1669 struct rfcomm_dlc *d;
1670 struct list_head *p, *n;
1672 BT_DBG("session %p state %ld", s, s->state);
1674 list_for_each_safe(p, n, &s->dlcs) {
1675 d = list_entry(p, struct rfcomm_dlc, list);
1676 if (d->state == BT_CONFIG) {
1678 if (rfcomm_check_security(d)) {
1679 rfcomm_send_pn(s, 1, d);
1681 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1682 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1688 /* Send data queued for the DLC.
1689 * Return number of frames left in the queue.
1691 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1693 struct sk_buff *skb;
1696 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1697 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1699 /* Send pending MSC */
1700 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1701 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1705 * Give them some credits */
1706 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1707 d->rx_credits <= (d->cfc >> 2)) {
1708 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1709 d->rx_credits = d->cfc;
1713 * Give ourselves some credits */
1717 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1718 return skb_queue_len(&d->tx_queue);
1720 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1721 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1723 skb_queue_head(&d->tx_queue, skb);
1730 if (d->cfc && !d->tx_credits) {
1731 /* We're out of TX credits.
1732 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1733 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1736 return skb_queue_len(&d->tx_queue);
1739 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1741 struct rfcomm_dlc *d;
1742 struct list_head *p, *n;
1744 BT_DBG("session %p state %ld", s, s->state);
1746 list_for_each_safe(p, n, &s->dlcs) {
1747 d = list_entry(p, struct rfcomm_dlc, list);
1749 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1750 __rfcomm_dlc_close(d, ETIMEDOUT);
1754 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1755 rfcomm_dlc_clear_timer(d);
1757 rfcomm_send_pn(s, 1, d);
1758 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1760 if (d->defer_setup) {
1761 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1762 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1764 rfcomm_dlc_accept(d);
1767 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1768 rfcomm_dlc_clear_timer(d);
1770 rfcomm_send_dm(s, d->dlci);
1772 d->state = BT_CLOSED;
1773 __rfcomm_dlc_close(d, ECONNREFUSED);
1777 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1780 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1783 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1784 d->mscex == RFCOMM_MSCEX_OK)
1785 rfcomm_process_tx(d);
1789 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1791 struct socket *sock = s->sock;
1792 struct sock *sk = sock->sk;
1793 struct sk_buff *skb;
1795 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1797 /* Get data directly from socket receive queue without copying it. */
1798 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1800 rfcomm_recv_frame(s, skb);
1803 if (sk->sk_state == BT_CLOSED) {
1805 rfcomm_session_put(s);
1807 rfcomm_session_close(s, sk->sk_err);
1811 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1813 struct socket *sock = s->sock, *nsock;
1816 /* Fast check for a new connection.
1817 * Avoids unnesesary socket allocations. */
1818 if (list_empty(&bt_sk(sock->sk)->accept_q))
1821 BT_DBG("session %p", s);
1823 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1827 /* Set our callbacks */
1828 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1829 nsock->sk->sk_state_change = rfcomm_l2state_change;
1831 s = rfcomm_session_add(nsock, BT_OPEN);
1833 rfcomm_session_hold(s);
1835 /* We should adjust MTU on incoming sessions.
1836 * L2CAP MTU minus UIH header and FCS. */
1837 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5;
1839 rfcomm_schedule(RFCOMM_SCHED_RX);
1841 sock_release(nsock);
1844 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1846 struct sock *sk = s->sock->sk;
1848 BT_DBG("%p state %ld", s, s->state);
1850 switch(sk->sk_state) {
1852 s->state = BT_CONNECT;
1854 /* We can adjust MTU on outgoing sessions.
1855 * L2CAP MTU minus UIH header and FCS. */
1856 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1858 rfcomm_send_sabm(s, 0);
1862 s->state = BT_CLOSED;
1863 rfcomm_session_close(s, sk->sk_err);
1868 static inline void rfcomm_process_sessions(void)
1870 struct list_head *p, *n;
1874 list_for_each_safe(p, n, &session_list) {
1875 struct rfcomm_session *s;
1876 s = list_entry(p, struct rfcomm_session, list);
1878 if (s->state == BT_LISTEN) {
1879 rfcomm_accept_connection(s);
1883 rfcomm_session_hold(s);
1887 rfcomm_check_connection(s);
1891 rfcomm_process_rx(s);
1895 rfcomm_process_dlcs(s);
1897 rfcomm_session_put(s);
1903 static int rfcomm_add_listener(bdaddr_t *ba)
1905 struct sockaddr_l2 addr;
1906 struct socket *sock;
1908 struct rfcomm_session *s;
1912 err = rfcomm_l2sock_create(&sock);
1914 BT_ERR("Create socket failed %d", err);
1919 bacpy(&addr.l2_bdaddr, ba);
1920 addr.l2_family = AF_BLUETOOTH;
1921 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
1923 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1925 BT_ERR("Bind failed %d", err);
1929 /* Set L2CAP options */
1932 l2cap_pi(sk)->imtu = l2cap_mtu;
1935 /* Start listening on the socket */
1936 err = kernel_listen(sock, 10);
1938 BT_ERR("Listen failed %d", err);
1942 /* Add listening session */
1943 s = rfcomm_session_add(sock, BT_LISTEN);
1947 rfcomm_session_hold(s);
1954 static void rfcomm_kill_listener(void)
1956 struct rfcomm_session *s;
1957 struct list_head *p, *n;
1961 list_for_each_safe(p, n, &session_list) {
1962 s = list_entry(p, struct rfcomm_session, list);
1963 rfcomm_session_del(s);
1967 static int rfcomm_run(void *unused)
1971 set_user_nice(current, -10);
1973 rfcomm_add_listener(BDADDR_ANY);
1975 while (!kthread_should_stop()) {
1976 set_current_state(TASK_INTERRUPTIBLE);
1977 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1978 /* No pending events. Let's sleep.
1979 * Incoming connections and data will wake us up. */
1982 set_current_state(TASK_RUNNING);
1985 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1986 rfcomm_process_sessions();
1989 rfcomm_kill_listener();
1994 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1996 struct rfcomm_session *s;
1997 struct rfcomm_dlc *d;
1998 struct list_head *p, *n;
2000 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2002 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2006 rfcomm_session_hold(s);
2008 list_for_each_safe(p, n, &s->dlcs) {
2009 d = list_entry(p, struct rfcomm_dlc, list);
2011 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2012 rfcomm_dlc_clear_timer(d);
2013 if (status || encrypt == 0x00) {
2014 __rfcomm_dlc_close(d, ECONNREFUSED);
2019 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2020 if (d->sec_level == BT_SECURITY_MEDIUM) {
2021 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2022 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2024 } else if (d->sec_level == BT_SECURITY_HIGH) {
2025 __rfcomm_dlc_close(d, ECONNREFUSED);
2030 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2034 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2036 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2039 rfcomm_session_put(s);
2041 rfcomm_schedule(RFCOMM_SCHED_AUTH);
2044 static struct hci_cb rfcomm_cb = {
2046 .security_cfm = rfcomm_security_cfm
2049 static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2051 struct rfcomm_session *s;
2052 struct list_head *pp, *p;
2056 list_for_each(p, &session_list) {
2057 s = list_entry(p, struct rfcomm_session, list);
2058 list_for_each(pp, &s->dlcs) {
2059 struct sock *sk = s->sock->sk;
2060 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
2062 seq_printf(f, "%s %s %ld %d %d %d %d\n",
2063 batostr(&bt_sk(sk)->src),
2064 batostr(&bt_sk(sk)->dst),
2065 d->state, d->dlci, d->mtu,
2066 d->rx_credits, d->tx_credits);
2075 static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file)
2077 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private);
2080 static const struct file_operations rfcomm_dlc_debugfs_fops = {
2081 .open = rfcomm_dlc_debugfs_open,
2083 .llseek = seq_lseek,
2084 .release = single_release,
2087 static struct dentry *rfcomm_dlc_debugfs;
2089 /* ---- Initialization ---- */
2090 static int __init rfcomm_init(void)
2096 hci_register_cb(&rfcomm_cb);
2098 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2099 if (IS_ERR(rfcomm_thread)) {
2100 err = PTR_ERR(rfcomm_thread);
2105 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2106 bt_debugfs, NULL, &rfcomm_dlc_debugfs_fops);
2107 if (!rfcomm_dlc_debugfs)
2108 BT_ERR("Failed to create RFCOMM debug file");
2111 err = rfcomm_init_ttys();
2115 err = rfcomm_init_sockets();
2119 BT_INFO("RFCOMM ver %s", VERSION);
2124 rfcomm_cleanup_ttys();
2127 kthread_stop(rfcomm_thread);
2130 hci_unregister_cb(&rfcomm_cb);
2135 static void __exit rfcomm_exit(void)
2137 debugfs_remove(rfcomm_dlc_debugfs);
2139 hci_unregister_cb(&rfcomm_cb);
2141 kthread_stop(rfcomm_thread);
2143 rfcomm_cleanup_ttys();
2145 rfcomm_cleanup_sockets();
2148 module_init(rfcomm_init);
2149 module_exit(rfcomm_exit);
2151 module_param(disable_cfc, bool, 0644);
2152 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2154 module_param(channel_mtu, int, 0644);
2155 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2157 module_param(l2cap_mtu, uint, 0644);
2158 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2160 module_param(l2cap_ertm, bool, 0644);
2161 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2163 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2164 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2165 MODULE_VERSION(VERSION);
2166 MODULE_LICENSE("GPL");
2167 MODULE_ALIAS("bt-proto-3");