2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/kernel.h>
31 #include <linux/sched.h>
32 #include <linux/signal.h>
33 #include <linux/init.h>
34 #include <linux/wait.h>
35 #include <linux/device.h>
36 #include <linux/debugfs.h>
37 #include <linux/seq_file.h>
38 #include <linux/net.h>
39 #include <linux/mutex.h>
40 #include <linux/kthread.h>
41 #include <linux/slab.h>
44 #include <linux/uaccess.h>
45 #include <asm/unaligned.h>
47 #include <net/bluetooth/bluetooth.h>
48 #include <net/bluetooth/hci_core.h>
49 #include <net/bluetooth/l2cap.h>
50 #include <net/bluetooth/rfcomm.h>
52 #define VERSION "1.11"
54 static int disable_cfc;
55 static int l2cap_ertm;
56 static int channel_mtu = -1;
57 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
59 static struct task_struct *rfcomm_thread;
61 static DEFINE_MUTEX(rfcomm_mutex);
62 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
63 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
66 static LIST_HEAD(session_list);
68 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
69 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
70 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
71 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
72 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
73 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
74 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
75 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
76 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
77 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
79 static void rfcomm_process_connect(struct rfcomm_session *s);
81 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
85 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
86 static void rfcomm_session_del(struct rfcomm_session *s);
88 /* ---- RFCOMM frame parsing macros ---- */
89 #define __get_dlci(b) ((b & 0xfc) >> 2)
90 #define __get_channel(b) ((b & 0xf8) >> 3)
91 #define __get_dir(b) ((b & 0x04) >> 2)
92 #define __get_type(b) ((b & 0xef))
94 #define __test_ea(b) ((b & 0x01))
95 #define __test_cr(b) ((b & 0x02))
96 #define __test_pf(b) ((b & 0x10))
98 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
99 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
100 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
101 #define __srv_channel(dlci) (dlci >> 1)
102 #define __dir(dlci) (dlci & 0x01)
104 #define __len8(len) (((len) << 1) | 1)
105 #define __len16(len) ((len) << 1)
108 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
109 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
110 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
113 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
114 #define __get_rpn_data_bits(line) ((line) & 0x3)
115 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
116 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
118 static inline void rfcomm_schedule(void)
122 wake_up_process(rfcomm_thread);
125 static inline void rfcomm_session_put(struct rfcomm_session *s)
127 if (atomic_dec_and_test(&s->refcnt))
128 rfcomm_session_del(s);
131 /* ---- RFCOMM FCS computation ---- */
133 /* reversed, 8-bit, poly=0x07 */
134 static unsigned char rfcomm_crc_table[256] = {
135 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
136 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
137 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
138 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
140 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
141 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
142 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
143 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
145 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
146 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
147 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
148 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
150 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
151 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
152 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
153 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
155 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
156 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
157 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
158 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
160 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
161 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
162 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
163 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
165 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
166 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
167 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
168 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
170 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
171 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
172 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
173 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
177 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
180 static inline u8 __fcs(u8 *data)
182 return 0xff - __crc(data);
186 static inline u8 __fcs2(u8 *data)
188 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
192 static inline int __check_fcs(u8 *data, int type, u8 fcs)
196 if (type != RFCOMM_UIH)
197 f = rfcomm_crc_table[f ^ data[2]];
199 return rfcomm_crc_table[f ^ fcs] != 0xcf;
202 /* ---- L2CAP callbacks ---- */
203 static void rfcomm_l2state_change(struct sock *sk)
205 BT_DBG("%p state %d", sk, sk->sk_state);
209 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
211 BT_DBG("%p bytes %d", sk, bytes);
215 static int rfcomm_l2sock_create(struct socket **sock)
221 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
223 struct sock *sk = (*sock)->sk;
224 sk->sk_data_ready = rfcomm_l2data_ready;
225 sk->sk_state_change = rfcomm_l2state_change;
230 static inline int rfcomm_check_security(struct rfcomm_dlc *d)
232 struct sock *sk = d->session->sock->sk;
233 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
237 switch (d->sec_level) {
238 case BT_SECURITY_HIGH:
239 auth_type = HCI_AT_GENERAL_BONDING_MITM;
241 case BT_SECURITY_MEDIUM:
242 auth_type = HCI_AT_GENERAL_BONDING;
245 auth_type = HCI_AT_NO_BONDING;
249 return hci_conn_security(conn->hcon, d->sec_level, auth_type);
252 static void rfcomm_session_timeout(unsigned long arg)
254 struct rfcomm_session *s = (void *) arg;
256 BT_DBG("session %p state %ld", s, s->state);
258 set_bit(RFCOMM_TIMED_OUT, &s->flags);
262 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
264 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
266 if (!mod_timer(&s->timer, jiffies + timeout))
267 rfcomm_session_hold(s);
270 static void rfcomm_session_clear_timer(struct rfcomm_session *s)
272 BT_DBG("session %p state %ld", s, s->state);
274 if (timer_pending(&s->timer) && del_timer(&s->timer))
275 rfcomm_session_put(s);
278 /* ---- RFCOMM DLCs ---- */
279 static void rfcomm_dlc_timeout(unsigned long arg)
281 struct rfcomm_dlc *d = (void *) arg;
283 BT_DBG("dlc %p state %ld", d, d->state);
285 set_bit(RFCOMM_TIMED_OUT, &d->flags);
290 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
292 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
294 if (!mod_timer(&d->timer, jiffies + timeout))
298 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
300 BT_DBG("dlc %p state %ld", d, d->state);
302 if (timer_pending(&d->timer) && del_timer(&d->timer))
306 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
313 d->sec_level = BT_SECURITY_LOW;
314 d->mtu = RFCOMM_DEFAULT_MTU;
315 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
317 d->cfc = RFCOMM_CFC_DISABLED;
318 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
321 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
323 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
328 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
330 skb_queue_head_init(&d->tx_queue);
331 spin_lock_init(&d->lock);
332 atomic_set(&d->refcnt, 1);
334 rfcomm_dlc_clear_state(d);
341 void rfcomm_dlc_free(struct rfcomm_dlc *d)
345 skb_queue_purge(&d->tx_queue);
349 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
351 BT_DBG("dlc %p session %p", d, s);
353 rfcomm_session_hold(s);
355 rfcomm_session_clear_timer(s);
357 list_add(&d->list, &s->dlcs);
361 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
363 struct rfcomm_session *s = d->session;
365 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
371 if (list_empty(&s->dlcs))
372 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
374 rfcomm_session_put(s);
377 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
379 struct rfcomm_dlc *d;
382 list_for_each(p, &s->dlcs) {
383 d = list_entry(p, struct rfcomm_dlc, list);
390 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
392 struct rfcomm_session *s;
396 BT_DBG("dlc %p state %ld %s %s channel %d",
397 d, d->state, batostr(src), batostr(dst), channel);
399 if (channel < 1 || channel > 30)
402 if (d->state != BT_OPEN && d->state != BT_CLOSED)
405 s = rfcomm_session_get(src, dst);
407 s = rfcomm_session_create(src, dst, d->sec_level, &err);
412 dlci = __dlci(!s->initiator, channel);
414 /* Check if DLCI already exists */
415 if (rfcomm_dlc_get(s, dlci))
418 rfcomm_dlc_clear_state(d);
421 d->addr = __addr(s->initiator, dlci);
424 d->state = BT_CONFIG;
425 rfcomm_dlc_link(s, d);
430 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
432 if (s->state == BT_CONNECTED) {
433 if (rfcomm_check_security(d))
434 rfcomm_send_pn(s, 1, d);
436 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
439 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
444 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
450 r = __rfcomm_dlc_open(d, src, dst, channel);
456 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
458 struct rfcomm_session *s = d->session;
462 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
463 d, d->state, d->dlci, err, s);
467 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
468 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
475 d->state = BT_DISCONN;
476 if (skb_queue_empty(&d->tx_queue)) {
477 rfcomm_send_disc(s, d->dlci);
478 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
480 rfcomm_queue_disc(d);
481 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
487 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
488 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
495 rfcomm_dlc_clear_timer(d);
498 d->state = BT_CLOSED;
499 d->state_change(d, err);
500 rfcomm_dlc_unlock(d);
502 skb_queue_purge(&d->tx_queue);
503 rfcomm_dlc_unlink(d);
509 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
515 r = __rfcomm_dlc_close(d, err);
521 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
525 if (d->state != BT_CONNECTED)
528 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
533 rfcomm_make_uih(skb, d->addr);
534 skb_queue_tail(&d->tx_queue, skb);
536 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
541 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
543 BT_DBG("dlc %p state %ld", d, d->state);
546 d->v24_sig |= RFCOMM_V24_FC;
547 set_bit(RFCOMM_MSC_PENDING, &d->flags);
552 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
554 BT_DBG("dlc %p state %ld", d, d->state);
557 d->v24_sig &= ~RFCOMM_V24_FC;
558 set_bit(RFCOMM_MSC_PENDING, &d->flags);
564 Set/get modem status functions use _local_ status i.e. what we report
566 Remote status is provided by dlc->modem_status() callback.
568 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
570 BT_DBG("dlc %p state %ld v24_sig 0x%x",
571 d, d->state, v24_sig);
573 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
574 v24_sig |= RFCOMM_V24_FC;
576 v24_sig &= ~RFCOMM_V24_FC;
578 d->v24_sig = v24_sig;
580 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
586 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
588 BT_DBG("dlc %p state %ld v24_sig 0x%x",
589 d, d->state, d->v24_sig);
591 *v24_sig = d->v24_sig;
595 /* ---- RFCOMM sessions ---- */
596 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
598 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
603 BT_DBG("session %p sock %p", s, sock);
605 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
607 INIT_LIST_HEAD(&s->dlcs);
611 s->mtu = RFCOMM_DEFAULT_MTU;
612 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
614 /* Do not increment module usage count for listening sessions.
615 * Otherwise we won't be able to unload the module. */
616 if (state != BT_LISTEN)
617 if (!try_module_get(THIS_MODULE)) {
622 list_add(&s->list, &session_list);
627 static void rfcomm_session_del(struct rfcomm_session *s)
629 int state = s->state;
631 BT_DBG("session %p state %ld", s, s->state);
635 if (state == BT_CONNECTED)
636 rfcomm_send_disc(s, 0);
638 rfcomm_session_clear_timer(s);
639 sock_release(s->sock);
642 if (state != BT_LISTEN)
643 module_put(THIS_MODULE);
646 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
648 struct rfcomm_session *s;
649 struct list_head *p, *n;
651 list_for_each_safe(p, n, &session_list) {
652 s = list_entry(p, struct rfcomm_session, list);
653 sk = bt_sk(s->sock->sk);
655 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
656 !bacmp(&sk->dst, dst))
662 static void rfcomm_session_close(struct rfcomm_session *s, int err)
664 struct rfcomm_dlc *d;
665 struct list_head *p, *n;
667 BT_DBG("session %p state %ld err %d", s, s->state, err);
669 rfcomm_session_hold(s);
671 s->state = BT_CLOSED;
674 list_for_each_safe(p, n, &s->dlcs) {
675 d = list_entry(p, struct rfcomm_dlc, list);
676 d->state = BT_CLOSED;
677 __rfcomm_dlc_close(d, err);
680 rfcomm_session_clear_timer(s);
681 rfcomm_session_put(s);
684 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
689 struct rfcomm_session *s = NULL;
690 struct sockaddr_l2 addr;
694 BT_DBG("%s %s", batostr(src), batostr(dst));
696 *err = rfcomm_l2sock_create(&sock);
700 bacpy(&addr.l2_bdaddr, src);
701 addr.l2_family = AF_BLUETOOTH;
704 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
708 /* Set L2CAP options */
711 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
712 l2cap_pi(sk)->chan->sec_level = sec_level;
714 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
717 s = rfcomm_session_add(sock, BT_BOUND);
725 bacpy(&addr.l2_bdaddr, dst);
726 addr.l2_family = AF_BLUETOOTH;
727 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
729 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
730 if (*err == 0 || *err == -EINPROGRESS)
733 rfcomm_session_del(s);
741 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
743 struct sock *sk = s->sock->sk;
745 bacpy(src, &bt_sk(sk)->src);
747 bacpy(dst, &bt_sk(sk)->dst);
750 /* ---- RFCOMM frame sending ---- */
751 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
753 struct socket *sock = s->sock;
754 struct kvec iv = { data, len };
757 BT_DBG("session %p len %d", s, len);
759 memset(&msg, 0, sizeof(msg));
761 return kernel_sendmsg(sock, &msg, &iv, 1, len);
764 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
766 struct rfcomm_cmd cmd;
768 BT_DBG("%p dlci %d", s, dlci);
770 cmd.addr = __addr(s->initiator, dlci);
771 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
773 cmd.fcs = __fcs2((u8 *) &cmd);
775 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
778 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
780 struct rfcomm_cmd cmd;
782 BT_DBG("%p dlci %d", s, dlci);
784 cmd.addr = __addr(!s->initiator, dlci);
785 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
787 cmd.fcs = __fcs2((u8 *) &cmd);
789 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
792 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
794 struct rfcomm_cmd cmd;
796 BT_DBG("%p dlci %d", s, dlci);
798 cmd.addr = __addr(s->initiator, dlci);
799 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
801 cmd.fcs = __fcs2((u8 *) &cmd);
803 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
806 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
808 struct rfcomm_cmd *cmd;
811 BT_DBG("dlc %p dlci %d", d, d->dlci);
813 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
817 cmd = (void *) __skb_put(skb, sizeof(*cmd));
819 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
820 cmd->len = __len8(0);
821 cmd->fcs = __fcs2((u8 *) cmd);
823 skb_queue_tail(&d->tx_queue, skb);
828 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
830 struct rfcomm_cmd cmd;
832 BT_DBG("%p dlci %d", s, dlci);
834 cmd.addr = __addr(!s->initiator, dlci);
835 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
837 cmd.fcs = __fcs2((u8 *) &cmd);
839 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
842 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
844 struct rfcomm_hdr *hdr;
845 struct rfcomm_mcc *mcc;
846 u8 buf[16], *ptr = buf;
848 BT_DBG("%p cr %d type %d", s, cr, type);
850 hdr = (void *) ptr; ptr += sizeof(*hdr);
851 hdr->addr = __addr(s->initiator, 0);
852 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
853 hdr->len = __len8(sizeof(*mcc) + 1);
855 mcc = (void *) ptr; ptr += sizeof(*mcc);
856 mcc->type = __mcc_type(cr, RFCOMM_NSC);
857 mcc->len = __len8(1);
859 /* Type that we didn't like */
860 *ptr = __mcc_type(cr, type); ptr++;
862 *ptr = __fcs(buf); ptr++;
864 return rfcomm_send_frame(s, buf, ptr - buf);
867 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
869 struct rfcomm_hdr *hdr;
870 struct rfcomm_mcc *mcc;
871 struct rfcomm_pn *pn;
872 u8 buf[16], *ptr = buf;
874 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
876 hdr = (void *) ptr; ptr += sizeof(*hdr);
877 hdr->addr = __addr(s->initiator, 0);
878 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
879 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
881 mcc = (void *) ptr; ptr += sizeof(*mcc);
882 mcc->type = __mcc_type(cr, RFCOMM_PN);
883 mcc->len = __len8(sizeof(*pn));
885 pn = (void *) ptr; ptr += sizeof(*pn);
887 pn->priority = d->priority;
892 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
893 pn->credits = RFCOMM_DEFAULT_CREDITS;
899 if (cr && channel_mtu >= 0)
900 pn->mtu = cpu_to_le16(channel_mtu);
902 pn->mtu = cpu_to_le16(d->mtu);
904 *ptr = __fcs(buf); ptr++;
906 return rfcomm_send_frame(s, buf, ptr - buf);
909 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
910 u8 bit_rate, u8 data_bits, u8 stop_bits,
911 u8 parity, u8 flow_ctrl_settings,
912 u8 xon_char, u8 xoff_char, u16 param_mask)
914 struct rfcomm_hdr *hdr;
915 struct rfcomm_mcc *mcc;
916 struct rfcomm_rpn *rpn;
917 u8 buf[16], *ptr = buf;
919 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
920 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
921 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
922 flow_ctrl_settings, xon_char, xoff_char, param_mask);
924 hdr = (void *) ptr; ptr += sizeof(*hdr);
925 hdr->addr = __addr(s->initiator, 0);
926 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
927 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
929 mcc = (void *) ptr; ptr += sizeof(*mcc);
930 mcc->type = __mcc_type(cr, RFCOMM_RPN);
931 mcc->len = __len8(sizeof(*rpn));
933 rpn = (void *) ptr; ptr += sizeof(*rpn);
934 rpn->dlci = __addr(1, dlci);
935 rpn->bit_rate = bit_rate;
936 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
937 rpn->flow_ctrl = flow_ctrl_settings;
938 rpn->xon_char = xon_char;
939 rpn->xoff_char = xoff_char;
940 rpn->param_mask = cpu_to_le16(param_mask);
942 *ptr = __fcs(buf); ptr++;
944 return rfcomm_send_frame(s, buf, ptr - buf);
947 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
949 struct rfcomm_hdr *hdr;
950 struct rfcomm_mcc *mcc;
951 struct rfcomm_rls *rls;
952 u8 buf[16], *ptr = buf;
954 BT_DBG("%p cr %d status 0x%x", s, cr, status);
956 hdr = (void *) ptr; ptr += sizeof(*hdr);
957 hdr->addr = __addr(s->initiator, 0);
958 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
959 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
961 mcc = (void *) ptr; ptr += sizeof(*mcc);
962 mcc->type = __mcc_type(cr, RFCOMM_RLS);
963 mcc->len = __len8(sizeof(*rls));
965 rls = (void *) ptr; ptr += sizeof(*rls);
966 rls->dlci = __addr(1, dlci);
967 rls->status = status;
969 *ptr = __fcs(buf); ptr++;
971 return rfcomm_send_frame(s, buf, ptr - buf);
974 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
976 struct rfcomm_hdr *hdr;
977 struct rfcomm_mcc *mcc;
978 struct rfcomm_msc *msc;
979 u8 buf[16], *ptr = buf;
981 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
983 hdr = (void *) ptr; ptr += sizeof(*hdr);
984 hdr->addr = __addr(s->initiator, 0);
985 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
986 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
988 mcc = (void *) ptr; ptr += sizeof(*mcc);
989 mcc->type = __mcc_type(cr, RFCOMM_MSC);
990 mcc->len = __len8(sizeof(*msc));
992 msc = (void *) ptr; ptr += sizeof(*msc);
993 msc->dlci = __addr(1, dlci);
994 msc->v24_sig = v24_sig | 0x01;
996 *ptr = __fcs(buf); ptr++;
998 return rfcomm_send_frame(s, buf, ptr - buf);
1001 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
1003 struct rfcomm_hdr *hdr;
1004 struct rfcomm_mcc *mcc;
1005 u8 buf[16], *ptr = buf;
1007 BT_DBG("%p cr %d", s, cr);
1009 hdr = (void *) ptr; ptr += sizeof(*hdr);
1010 hdr->addr = __addr(s->initiator, 0);
1011 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1012 hdr->len = __len8(sizeof(*mcc));
1014 mcc = (void *) ptr; ptr += sizeof(*mcc);
1015 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1016 mcc->len = __len8(0);
1018 *ptr = __fcs(buf); ptr++;
1020 return rfcomm_send_frame(s, buf, ptr - buf);
1023 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1025 struct rfcomm_hdr *hdr;
1026 struct rfcomm_mcc *mcc;
1027 u8 buf[16], *ptr = buf;
1029 BT_DBG("%p cr %d", s, cr);
1031 hdr = (void *) ptr; ptr += sizeof(*hdr);
1032 hdr->addr = __addr(s->initiator, 0);
1033 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1034 hdr->len = __len8(sizeof(*mcc));
1036 mcc = (void *) ptr; ptr += sizeof(*mcc);
1037 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1038 mcc->len = __len8(0);
1040 *ptr = __fcs(buf); ptr++;
1042 return rfcomm_send_frame(s, buf, ptr - buf);
1045 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1047 struct socket *sock = s->sock;
1050 unsigned char hdr[5], crc[1];
1055 BT_DBG("%p cr %d", s, cr);
1057 hdr[0] = __addr(s->initiator, 0);
1058 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1059 hdr[2] = 0x01 | ((len + 2) << 1);
1060 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1061 hdr[4] = 0x01 | (len << 1);
1063 crc[0] = __fcs(hdr);
1065 iv[0].iov_base = hdr;
1067 iv[1].iov_base = pattern;
1068 iv[1].iov_len = len;
1069 iv[2].iov_base = crc;
1072 memset(&msg, 0, sizeof(msg));
1074 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1077 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1079 struct rfcomm_hdr *hdr;
1080 u8 buf[16], *ptr = buf;
1082 BT_DBG("%p addr %d credits %d", s, addr, credits);
1084 hdr = (void *) ptr; ptr += sizeof(*hdr);
1086 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1087 hdr->len = __len8(0);
1089 *ptr = credits; ptr++;
1091 *ptr = __fcs(buf); ptr++;
1093 return rfcomm_send_frame(s, buf, ptr - buf);
1096 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1098 struct rfcomm_hdr *hdr;
1103 hdr = (void *) skb_push(skb, 4);
1104 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1106 hdr = (void *) skb_push(skb, 3);
1107 hdr->len = __len8(len);
1110 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1112 crc = skb_put(skb, 1);
1113 *crc = __fcs((void *) hdr);
1116 /* ---- RFCOMM frame reception ---- */
1117 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1119 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1123 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1125 rfcomm_send_dm(s, dlci);
1131 rfcomm_dlc_clear_timer(d);
1134 d->state = BT_CONNECTED;
1135 d->state_change(d, 0);
1136 rfcomm_dlc_unlock(d);
1138 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1142 d->state = BT_CLOSED;
1143 __rfcomm_dlc_close(d, 0);
1145 if (list_empty(&s->dlcs)) {
1146 s->state = BT_DISCONN;
1147 rfcomm_send_disc(s, 0);
1153 /* Control channel */
1156 s->state = BT_CONNECTED;
1157 rfcomm_process_connect(s);
1161 /* When socket is closed and we are not RFCOMM
1162 * initiator rfcomm_process_rx already calls
1163 * rfcomm_session_put() */
1164 if (s->sock->sk->sk_state != BT_CLOSED)
1165 if (list_empty(&s->dlcs))
1166 rfcomm_session_put(s);
1173 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1177 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1181 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1183 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1188 d->state = BT_CLOSED;
1189 __rfcomm_dlc_close(d, err);
1192 if (s->state == BT_CONNECT)
1197 s->state = BT_CLOSED;
1198 rfcomm_session_close(s, err);
1203 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1207 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1210 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1212 rfcomm_send_ua(s, dlci);
1214 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1219 d->state = BT_CLOSED;
1220 __rfcomm_dlc_close(d, err);
1222 rfcomm_send_dm(s, dlci);
1225 rfcomm_send_ua(s, 0);
1227 if (s->state == BT_CONNECT)
1232 s->state = BT_CLOSED;
1233 rfcomm_session_close(s, err);
1239 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1241 struct sock *sk = d->session->sock->sk;
1242 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1244 BT_DBG("dlc %p", d);
1246 rfcomm_send_ua(d->session, d->dlci);
1248 rfcomm_dlc_clear_timer(d);
1251 d->state = BT_CONNECTED;
1252 d->state_change(d, 0);
1253 rfcomm_dlc_unlock(d);
1256 hci_conn_switch_role(conn->hcon, 0x00);
1258 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1261 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1263 if (rfcomm_check_security(d)) {
1264 if (d->defer_setup) {
1265 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1266 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1269 d->state = BT_CONNECT2;
1270 d->state_change(d, 0);
1271 rfcomm_dlc_unlock(d);
1273 rfcomm_dlc_accept(d);
1275 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1276 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1280 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1282 struct rfcomm_dlc *d;
1285 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1288 rfcomm_send_ua(s, 0);
1290 if (s->state == BT_OPEN) {
1291 s->state = BT_CONNECTED;
1292 rfcomm_process_connect(s);
1297 /* Check if DLC exists */
1298 d = rfcomm_dlc_get(s, dlci);
1300 if (d->state == BT_OPEN) {
1301 /* DLC was previously opened by PN request */
1302 rfcomm_check_accept(d);
1307 /* Notify socket layer about incoming connection */
1308 channel = __srv_channel(dlci);
1309 if (rfcomm_connect_ind(s, channel, &d)) {
1311 d->addr = __addr(s->initiator, dlci);
1312 rfcomm_dlc_link(s, d);
1314 rfcomm_check_accept(d);
1316 rfcomm_send_dm(s, dlci);
1322 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1324 struct rfcomm_session *s = d->session;
1326 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1327 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1329 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1330 pn->flow_ctrl == 0xe0) {
1331 d->cfc = RFCOMM_CFC_ENABLED;
1332 d->tx_credits = pn->credits;
1334 d->cfc = RFCOMM_CFC_DISABLED;
1335 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1338 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1341 d->priority = pn->priority;
1343 d->mtu = __le16_to_cpu(pn->mtu);
1345 if (cr && d->mtu > s->mtu)
1351 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1353 struct rfcomm_pn *pn = (void *) skb->data;
1354 struct rfcomm_dlc *d;
1357 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1362 d = rfcomm_dlc_get(s, dlci);
1366 rfcomm_apply_pn(d, cr, pn);
1367 rfcomm_send_pn(s, 0, d);
1372 rfcomm_apply_pn(d, cr, pn);
1374 d->state = BT_CONNECT;
1375 rfcomm_send_sabm(s, d->dlci);
1380 u8 channel = __srv_channel(dlci);
1385 /* PN request for non existing DLC.
1386 * Assume incoming connection. */
1387 if (rfcomm_connect_ind(s, channel, &d)) {
1389 d->addr = __addr(s->initiator, dlci);
1390 rfcomm_dlc_link(s, d);
1392 rfcomm_apply_pn(d, cr, pn);
1395 rfcomm_send_pn(s, 0, d);
1397 rfcomm_send_dm(s, dlci);
1403 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1405 struct rfcomm_rpn *rpn = (void *) skb->data;
1406 u8 dlci = __get_dlci(rpn->dlci);
1415 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1417 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1418 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1419 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1425 /* This is a request, return default (according to ETSI TS 07.10) settings */
1426 bit_rate = RFCOMM_RPN_BR_9600;
1427 data_bits = RFCOMM_RPN_DATA_8;
1428 stop_bits = RFCOMM_RPN_STOP_1;
1429 parity = RFCOMM_RPN_PARITY_NONE;
1430 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1431 xon_char = RFCOMM_RPN_XON_CHAR;
1432 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1436 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1437 * no parity, no flow control lines, normal XON/XOFF chars */
1439 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1440 bit_rate = rpn->bit_rate;
1441 if (bit_rate > RFCOMM_RPN_BR_230400) {
1442 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1443 bit_rate = RFCOMM_RPN_BR_9600;
1444 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1448 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1449 data_bits = __get_rpn_data_bits(rpn->line_settings);
1450 if (data_bits != RFCOMM_RPN_DATA_8) {
1451 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1452 data_bits = RFCOMM_RPN_DATA_8;
1453 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1457 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1458 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1459 if (stop_bits != RFCOMM_RPN_STOP_1) {
1460 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1461 stop_bits = RFCOMM_RPN_STOP_1;
1462 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1466 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1467 parity = __get_rpn_parity(rpn->line_settings);
1468 if (parity != RFCOMM_RPN_PARITY_NONE) {
1469 BT_DBG("RPN parity mismatch 0x%x", parity);
1470 parity = RFCOMM_RPN_PARITY_NONE;
1471 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1475 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1476 flow_ctrl = rpn->flow_ctrl;
1477 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1478 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1479 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1480 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1484 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1485 xon_char = rpn->xon_char;
1486 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1487 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1488 xon_char = RFCOMM_RPN_XON_CHAR;
1489 rpn_mask ^= RFCOMM_RPN_PM_XON;
1493 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1494 xoff_char = rpn->xoff_char;
1495 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1496 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1497 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1498 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1503 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1504 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1509 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1511 struct rfcomm_rls *rls = (void *) skb->data;
1512 u8 dlci = __get_dlci(rls->dlci);
1514 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1519 /* We should probably do something with this information here. But
1520 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1521 * mandatory to recognise and respond to RLS */
1523 rfcomm_send_rls(s, 0, dlci, rls->status);
1528 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1530 struct rfcomm_msc *msc = (void *) skb->data;
1531 struct rfcomm_dlc *d;
1532 u8 dlci = __get_dlci(msc->dlci);
1534 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1536 d = rfcomm_dlc_get(s, dlci);
1541 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1542 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1544 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1548 d->remote_v24_sig = msc->v24_sig;
1550 if (d->modem_status)
1551 d->modem_status(d, msc->v24_sig);
1553 rfcomm_dlc_unlock(d);
1555 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1557 d->mscex |= RFCOMM_MSCEX_RX;
1559 d->mscex |= RFCOMM_MSCEX_TX;
1564 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1566 struct rfcomm_mcc *mcc = (void *) skb->data;
1569 cr = __test_cr(mcc->type);
1570 type = __get_mcc_type(mcc->type);
1571 len = __get_mcc_len(mcc->len);
1573 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1579 rfcomm_recv_pn(s, cr, skb);
1583 rfcomm_recv_rpn(s, cr, len, skb);
1587 rfcomm_recv_rls(s, cr, skb);
1591 rfcomm_recv_msc(s, cr, skb);
1596 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1597 rfcomm_send_fcoff(s, 0);
1603 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1604 rfcomm_send_fcon(s, 0);
1610 rfcomm_send_test(s, 0, skb->data, skb->len);
1617 BT_ERR("Unknown control type 0x%02x", type);
1618 rfcomm_send_nsc(s, cr, type);
1624 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1626 struct rfcomm_dlc *d;
1628 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1630 d = rfcomm_dlc_get(s, dlci);
1632 rfcomm_send_dm(s, dlci);
1637 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1639 d->tx_credits += credits;
1641 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1644 if (skb->len && d->state == BT_CONNECTED) {
1647 d->data_ready(d, skb);
1648 rfcomm_dlc_unlock(d);
1657 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1659 struct rfcomm_hdr *hdr = (void *) skb->data;
1662 dlci = __get_dlci(hdr->addr);
1663 type = __get_type(hdr->ctrl);
1666 skb->len--; skb->tail--;
1667 fcs = *(u8 *)skb_tail_pointer(skb);
1669 if (__check_fcs(skb->data, type, fcs)) {
1670 BT_ERR("bad checksum in packet");
1675 if (__test_ea(hdr->len))
1682 if (__test_pf(hdr->ctrl))
1683 rfcomm_recv_sabm(s, dlci);
1687 if (__test_pf(hdr->ctrl))
1688 rfcomm_recv_disc(s, dlci);
1692 if (__test_pf(hdr->ctrl))
1693 rfcomm_recv_ua(s, dlci);
1697 rfcomm_recv_dm(s, dlci);
1702 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1704 rfcomm_recv_mcc(s, skb);
1708 BT_ERR("Unknown packet type 0x%02x", type);
1715 /* ---- Connection and data processing ---- */
1717 static void rfcomm_process_connect(struct rfcomm_session *s)
1719 struct rfcomm_dlc *d;
1720 struct list_head *p, *n;
1722 BT_DBG("session %p state %ld", s, s->state);
1724 list_for_each_safe(p, n, &s->dlcs) {
1725 d = list_entry(p, struct rfcomm_dlc, list);
1726 if (d->state == BT_CONFIG) {
1728 if (rfcomm_check_security(d)) {
1729 rfcomm_send_pn(s, 1, d);
1731 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1732 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1738 /* Send data queued for the DLC.
1739 * Return number of frames left in the queue.
1741 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1743 struct sk_buff *skb;
1746 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1747 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1749 /* Send pending MSC */
1750 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1751 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1755 * Give them some credits */
1756 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1757 d->rx_credits <= (d->cfc >> 2)) {
1758 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1759 d->rx_credits = d->cfc;
1763 * Give ourselves some credits */
1767 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1768 return skb_queue_len(&d->tx_queue);
1770 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1771 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1773 skb_queue_head(&d->tx_queue, skb);
1780 if (d->cfc && !d->tx_credits) {
1781 /* We're out of TX credits.
1782 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1783 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1786 return skb_queue_len(&d->tx_queue);
1789 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1791 struct rfcomm_dlc *d;
1792 struct list_head *p, *n;
1794 BT_DBG("session %p state %ld", s, s->state);
1796 list_for_each_safe(p, n, &s->dlcs) {
1797 d = list_entry(p, struct rfcomm_dlc, list);
1799 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1800 __rfcomm_dlc_close(d, ETIMEDOUT);
1804 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1805 rfcomm_dlc_clear_timer(d);
1807 rfcomm_send_pn(s, 1, d);
1808 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1810 if (d->defer_setup) {
1811 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1812 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1815 d->state = BT_CONNECT2;
1816 d->state_change(d, 0);
1817 rfcomm_dlc_unlock(d);
1819 rfcomm_dlc_accept(d);
1822 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1823 rfcomm_dlc_clear_timer(d);
1825 rfcomm_send_dm(s, d->dlci);
1827 d->state = BT_CLOSED;
1828 __rfcomm_dlc_close(d, ECONNREFUSED);
1832 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1835 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1838 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1839 d->mscex == RFCOMM_MSCEX_OK)
1840 rfcomm_process_tx(d);
1844 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1846 struct socket *sock = s->sock;
1847 struct sock *sk = sock->sk;
1848 struct sk_buff *skb;
1850 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1852 /* Get data directly from socket receive queue without copying it. */
1853 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1855 rfcomm_recv_frame(s, skb);
1858 if (sk->sk_state == BT_CLOSED) {
1860 rfcomm_session_put(s);
1862 rfcomm_session_close(s, sk->sk_err);
1866 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1868 struct socket *sock = s->sock, *nsock;
1871 /* Fast check for a new connection.
1872 * Avoids unnesesary socket allocations. */
1873 if (list_empty(&bt_sk(sock->sk)->accept_q))
1876 BT_DBG("session %p", s);
1878 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1882 /* Set our callbacks */
1883 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1884 nsock->sk->sk_state_change = rfcomm_l2state_change;
1886 s = rfcomm_session_add(nsock, BT_OPEN);
1888 rfcomm_session_hold(s);
1890 /* We should adjust MTU on incoming sessions.
1891 * L2CAP MTU minus UIH header and FCS. */
1892 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1893 l2cap_pi(nsock->sk)->chan->imtu) - 5;
1897 sock_release(nsock);
1900 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1902 struct sock *sk = s->sock->sk;
1904 BT_DBG("%p state %ld", s, s->state);
1906 switch (sk->sk_state) {
1908 s->state = BT_CONNECT;
1910 /* We can adjust MTU on outgoing sessions.
1911 * L2CAP MTU minus UIH header and FCS. */
1912 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
1914 rfcomm_send_sabm(s, 0);
1918 s->state = BT_CLOSED;
1919 rfcomm_session_close(s, sk->sk_err);
1924 static inline void rfcomm_process_sessions(void)
1926 struct list_head *p, *n;
1930 list_for_each_safe(p, n, &session_list) {
1931 struct rfcomm_session *s;
1932 s = list_entry(p, struct rfcomm_session, list);
1934 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1935 s->state = BT_DISCONN;
1936 rfcomm_send_disc(s, 0);
1937 rfcomm_session_put(s);
1941 if (s->state == BT_LISTEN) {
1942 rfcomm_accept_connection(s);
1946 rfcomm_session_hold(s);
1950 rfcomm_check_connection(s);
1954 rfcomm_process_rx(s);
1958 rfcomm_process_dlcs(s);
1960 rfcomm_session_put(s);
1966 static int rfcomm_add_listener(bdaddr_t *ba)
1968 struct sockaddr_l2 addr;
1969 struct socket *sock;
1971 struct rfcomm_session *s;
1975 err = rfcomm_l2sock_create(&sock);
1977 BT_ERR("Create socket failed %d", err);
1982 bacpy(&addr.l2_bdaddr, ba);
1983 addr.l2_family = AF_BLUETOOTH;
1984 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
1986 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1988 BT_ERR("Bind failed %d", err);
1992 /* Set L2CAP options */
1995 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
1998 /* Start listening on the socket */
1999 err = kernel_listen(sock, 10);
2001 BT_ERR("Listen failed %d", err);
2005 /* Add listening session */
2006 s = rfcomm_session_add(sock, BT_LISTEN);
2010 rfcomm_session_hold(s);
2017 static void rfcomm_kill_listener(void)
2019 struct rfcomm_session *s;
2020 struct list_head *p, *n;
2024 list_for_each_safe(p, n, &session_list) {
2025 s = list_entry(p, struct rfcomm_session, list);
2026 rfcomm_session_del(s);
2030 static int rfcomm_run(void *unused)
2034 set_user_nice(current, -10);
2036 rfcomm_add_listener(BDADDR_ANY);
2039 set_current_state(TASK_INTERRUPTIBLE);
2041 if (kthread_should_stop())
2045 rfcomm_process_sessions();
2049 __set_current_state(TASK_RUNNING);
2051 rfcomm_kill_listener();
2056 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2058 struct rfcomm_session *s;
2059 struct rfcomm_dlc *d;
2060 struct list_head *p, *n;
2062 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2064 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2068 rfcomm_session_hold(s);
2070 list_for_each_safe(p, n, &s->dlcs) {
2071 d = list_entry(p, struct rfcomm_dlc, list);
2073 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2074 rfcomm_dlc_clear_timer(d);
2075 if (status || encrypt == 0x00) {
2076 __rfcomm_dlc_close(d, ECONNREFUSED);
2081 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2082 if (d->sec_level == BT_SECURITY_MEDIUM) {
2083 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2084 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2086 } else if (d->sec_level == BT_SECURITY_HIGH) {
2087 __rfcomm_dlc_close(d, ECONNREFUSED);
2092 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2095 if (!status && hci_conn_check_secure(conn, d->sec_level))
2096 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2098 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2101 rfcomm_session_put(s);
2106 static struct hci_cb rfcomm_cb = {
2108 .security_cfm = rfcomm_security_cfm
2111 static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2113 struct rfcomm_session *s;
2114 struct list_head *pp, *p;
2118 list_for_each(p, &session_list) {
2119 s = list_entry(p, struct rfcomm_session, list);
2120 list_for_each(pp, &s->dlcs) {
2121 struct sock *sk = s->sock->sk;
2122 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
2124 seq_printf(f, "%s %s %ld %d %d %d %d\n",
2125 batostr(&bt_sk(sk)->src),
2126 batostr(&bt_sk(sk)->dst),
2127 d->state, d->dlci, d->mtu,
2128 d->rx_credits, d->tx_credits);
2137 static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file)
2139 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private);
2142 static const struct file_operations rfcomm_dlc_debugfs_fops = {
2143 .open = rfcomm_dlc_debugfs_open,
2145 .llseek = seq_lseek,
2146 .release = single_release,
2149 static struct dentry *rfcomm_dlc_debugfs;
2151 /* ---- Initialization ---- */
2152 static int __init rfcomm_init(void)
2156 hci_register_cb(&rfcomm_cb);
2158 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2159 if (IS_ERR(rfcomm_thread)) {
2160 err = PTR_ERR(rfcomm_thread);
2165 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2166 bt_debugfs, NULL, &rfcomm_dlc_debugfs_fops);
2167 if (!rfcomm_dlc_debugfs)
2168 BT_ERR("Failed to create RFCOMM debug file");
2171 err = rfcomm_init_ttys();
2175 err = rfcomm_init_sockets();
2179 BT_INFO("RFCOMM ver %s", VERSION);
2184 rfcomm_cleanup_ttys();
2187 kthread_stop(rfcomm_thread);
2190 hci_unregister_cb(&rfcomm_cb);
2195 static void __exit rfcomm_exit(void)
2197 debugfs_remove(rfcomm_dlc_debugfs);
2199 hci_unregister_cb(&rfcomm_cb);
2201 kthread_stop(rfcomm_thread);
2203 rfcomm_cleanup_ttys();
2205 rfcomm_cleanup_sockets();
2208 module_init(rfcomm_init);
2209 module_exit(rfcomm_exit);
2211 module_param(disable_cfc, bool, 0644);
2212 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2214 module_param(channel_mtu, int, 0644);
2215 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2217 module_param(l2cap_mtu, uint, 0644);
2218 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2220 module_param(l2cap_ertm, bool, 0644);
2221 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2223 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2224 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2225 MODULE_VERSION(VERSION);
2226 MODULE_LICENSE("GPL");
2227 MODULE_ALIAS("bt-proto-3");