2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
28 #include <linux/module.h>
29 #include <linux/debugfs.h>
30 #include <linux/kthread.h>
31 #include <asm/unaligned.h>
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35 #include <net/bluetooth/l2cap.h>
36 #include <net/bluetooth/rfcomm.h>
38 #define VERSION "1.11"
40 static bool disable_cfc;
41 static bool l2cap_ertm;
42 static int channel_mtu = -1;
44 static struct task_struct *rfcomm_thread;
46 static DEFINE_MUTEX(rfcomm_mutex);
47 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
48 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
51 static LIST_HEAD(session_list);
53 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
54 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
55 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
56 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
57 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
58 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
59 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
60 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
61 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
62 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
64 static void rfcomm_process_connect(struct rfcomm_session *s);
66 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
70 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
71 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s);
73 /* ---- RFCOMM frame parsing macros ---- */
74 #define __get_dlci(b) ((b & 0xfc) >> 2)
75 #define __get_type(b) ((b & 0xef))
77 #define __test_ea(b) ((b & 0x01))
78 #define __test_cr(b) (!!(b & 0x02))
79 #define __test_pf(b) (!!(b & 0x10))
81 #define __session_dir(s) ((s)->initiator ? 0x00 : 0x01)
83 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
84 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
85 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
86 #define __srv_channel(dlci) (dlci >> 1)
88 #define __len8(len) (((len) << 1) | 1)
89 #define __len16(len) ((len) << 1)
92 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
93 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
94 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
97 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
98 #define __get_rpn_data_bits(line) ((line) & 0x3)
99 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
100 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
102 static DECLARE_WAIT_QUEUE_HEAD(rfcomm_wq);
104 static void rfcomm_schedule(void)
106 wake_up_all(&rfcomm_wq);
109 /* ---- RFCOMM FCS computation ---- */
111 /* reversed, 8-bit, poly=0x07 */
112 static unsigned char rfcomm_crc_table[256] = {
113 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
114 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
115 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
116 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
118 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
119 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
120 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
121 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
123 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
124 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
125 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
126 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
128 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
129 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
130 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
131 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
133 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
134 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
135 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
136 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
138 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
139 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
140 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
141 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
143 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
144 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
145 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
146 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
148 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
149 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
150 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
151 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
155 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
158 static inline u8 __fcs(u8 *data)
160 return 0xff - __crc(data);
164 static inline u8 __fcs2(u8 *data)
166 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
170 static inline int __check_fcs(u8 *data, int type, u8 fcs)
174 if (type != RFCOMM_UIH)
175 f = rfcomm_crc_table[f ^ data[2]];
177 return rfcomm_crc_table[f ^ fcs] != 0xcf;
180 /* ---- L2CAP callbacks ---- */
181 static void rfcomm_l2state_change(struct sock *sk)
183 BT_DBG("%p state %d", sk, sk->sk_state);
187 static void rfcomm_l2data_ready(struct sock *sk)
193 static int rfcomm_l2sock_create(struct socket **sock)
199 err = sock_create_kern(&init_net, PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
201 struct sock *sk = (*sock)->sk;
202 sk->sk_data_ready = rfcomm_l2data_ready;
203 sk->sk_state_change = rfcomm_l2state_change;
208 static int rfcomm_check_security(struct rfcomm_dlc *d)
210 struct sock *sk = d->session->sock->sk;
211 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
215 switch (d->sec_level) {
216 case BT_SECURITY_HIGH:
217 case BT_SECURITY_FIPS:
218 auth_type = HCI_AT_GENERAL_BONDING_MITM;
220 case BT_SECURITY_MEDIUM:
221 auth_type = HCI_AT_GENERAL_BONDING;
224 auth_type = HCI_AT_NO_BONDING;
228 return hci_conn_security(conn->hcon, d->sec_level, auth_type,
232 static void rfcomm_session_timeout(struct timer_list *t)
234 struct rfcomm_session *s = from_timer(s, t, timer);
236 BT_DBG("session %p state %ld", s, s->state);
238 set_bit(RFCOMM_TIMED_OUT, &s->flags);
242 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
244 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
246 mod_timer(&s->timer, jiffies + timeout);
249 static void rfcomm_session_clear_timer(struct rfcomm_session *s)
251 BT_DBG("session %p state %ld", s, s->state);
253 del_timer_sync(&s->timer);
256 /* ---- RFCOMM DLCs ---- */
257 static void rfcomm_dlc_timeout(struct timer_list *t)
259 struct rfcomm_dlc *d = from_timer(d, t, timer);
261 BT_DBG("dlc %p state %ld", d, d->state);
263 set_bit(RFCOMM_TIMED_OUT, &d->flags);
268 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
270 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
272 if (!mod_timer(&d->timer, jiffies + timeout))
276 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
278 BT_DBG("dlc %p state %ld", d, d->state);
280 if (del_timer(&d->timer))
284 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
291 d->sec_level = BT_SECURITY_LOW;
292 d->mtu = RFCOMM_DEFAULT_MTU;
293 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
295 d->cfc = RFCOMM_CFC_DISABLED;
296 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
299 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
301 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
306 timer_setup(&d->timer, rfcomm_dlc_timeout, 0);
308 skb_queue_head_init(&d->tx_queue);
309 mutex_init(&d->lock);
310 refcount_set(&d->refcnt, 1);
312 rfcomm_dlc_clear_state(d);
319 void rfcomm_dlc_free(struct rfcomm_dlc *d)
323 skb_queue_purge(&d->tx_queue);
327 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
329 BT_DBG("dlc %p session %p", d, s);
331 rfcomm_session_clear_timer(s);
333 list_add(&d->list, &s->dlcs);
337 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
339 struct rfcomm_session *s = d->session;
341 BT_DBG("dlc %p refcnt %d session %p", d, refcount_read(&d->refcnt), s);
347 if (list_empty(&s->dlcs))
348 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
351 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
353 struct rfcomm_dlc *d;
355 list_for_each_entry(d, &s->dlcs, list)
362 static int rfcomm_check_channel(u8 channel)
364 return channel < 1 || channel > 30;
367 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
369 struct rfcomm_session *s;
373 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d",
374 d, d->state, src, dst, channel);
376 if (rfcomm_check_channel(channel))
379 if (d->state != BT_OPEN && d->state != BT_CLOSED)
382 s = rfcomm_session_get(src, dst);
384 s = rfcomm_session_create(src, dst, d->sec_level, &err);
389 dlci = __dlci(__session_dir(s), channel);
391 /* Check if DLCI already exists */
392 if (rfcomm_dlc_get(s, dlci))
395 rfcomm_dlc_clear_state(d);
398 d->addr = __addr(s->initiator, dlci);
401 d->state = BT_CONFIG;
402 rfcomm_dlc_link(s, d);
407 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
409 if (s->state == BT_CONNECTED) {
410 if (rfcomm_check_security(d))
411 rfcomm_send_pn(s, 1, d);
413 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
416 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
421 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
427 r = __rfcomm_dlc_open(d, src, dst, channel);
433 static void __rfcomm_dlc_disconn(struct rfcomm_dlc *d)
435 struct rfcomm_session *s = d->session;
437 d->state = BT_DISCONN;
438 if (skb_queue_empty(&d->tx_queue)) {
439 rfcomm_send_disc(s, d->dlci);
440 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
442 rfcomm_queue_disc(d);
443 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
447 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
449 struct rfcomm_session *s = d->session;
453 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
454 d, d->state, d->dlci, err, s);
461 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
462 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
471 __rfcomm_dlc_disconn(d);
475 if (s->state != BT_BOUND) {
476 __rfcomm_dlc_disconn(d);
479 /* if closing a dlc in a session that hasn't been started,
480 * just close and unlink the dlc
485 rfcomm_dlc_clear_timer(d);
488 d->state = BT_CLOSED;
489 d->state_change(d, err);
490 rfcomm_dlc_unlock(d);
492 skb_queue_purge(&d->tx_queue);
493 rfcomm_dlc_unlink(d);
499 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
502 struct rfcomm_dlc *d_list;
503 struct rfcomm_session *s, *s_list;
505 BT_DBG("dlc %p state %ld dlci %d err %d", d, d->state, d->dlci, err);
513 /* after waiting on the mutex check the session still exists
514 * then check the dlc still exists
516 list_for_each_entry(s_list, &session_list, list) {
518 list_for_each_entry(d_list, &s->dlcs, list) {
520 r = __rfcomm_dlc_close(d, err);
533 struct rfcomm_dlc *rfcomm_dlc_exists(bdaddr_t *src, bdaddr_t *dst, u8 channel)
535 struct rfcomm_session *s;
536 struct rfcomm_dlc *dlc = NULL;
539 if (rfcomm_check_channel(channel))
540 return ERR_PTR(-EINVAL);
543 s = rfcomm_session_get(src, dst);
545 dlci = __dlci(__session_dir(s), channel);
546 dlc = rfcomm_dlc_get(s, dlci);
552 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
556 if (d->state != BT_CONNECTED)
559 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
564 rfcomm_make_uih(skb, d->addr);
565 skb_queue_tail(&d->tx_queue, skb);
567 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
572 void rfcomm_dlc_send_noerror(struct rfcomm_dlc *d, struct sk_buff *skb)
576 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
578 rfcomm_make_uih(skb, d->addr);
579 skb_queue_tail(&d->tx_queue, skb);
581 if (d->state == BT_CONNECTED &&
582 !test_bit(RFCOMM_TX_THROTTLED, &d->flags))
586 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
588 BT_DBG("dlc %p state %ld", d, d->state);
591 d->v24_sig |= RFCOMM_V24_FC;
592 set_bit(RFCOMM_MSC_PENDING, &d->flags);
597 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
599 BT_DBG("dlc %p state %ld", d, d->state);
602 d->v24_sig &= ~RFCOMM_V24_FC;
603 set_bit(RFCOMM_MSC_PENDING, &d->flags);
609 Set/get modem status functions use _local_ status i.e. what we report
611 Remote status is provided by dlc->modem_status() callback.
613 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
615 BT_DBG("dlc %p state %ld v24_sig 0x%x",
616 d, d->state, v24_sig);
618 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
619 v24_sig |= RFCOMM_V24_FC;
621 v24_sig &= ~RFCOMM_V24_FC;
623 d->v24_sig = v24_sig;
625 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
631 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
633 BT_DBG("dlc %p state %ld v24_sig 0x%x",
634 d, d->state, d->v24_sig);
636 *v24_sig = d->v24_sig;
640 /* ---- RFCOMM sessions ---- */
641 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
643 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
648 BT_DBG("session %p sock %p", s, sock);
650 timer_setup(&s->timer, rfcomm_session_timeout, 0);
652 INIT_LIST_HEAD(&s->dlcs);
656 s->mtu = RFCOMM_DEFAULT_MTU;
657 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
659 /* Do not increment module usage count for listening sessions.
660 * Otherwise we won't be able to unload the module. */
661 if (state != BT_LISTEN)
662 if (!try_module_get(THIS_MODULE)) {
667 list_add(&s->list, &session_list);
672 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s)
674 int state = s->state;
676 BT_DBG("session %p state %ld", s, s->state);
680 rfcomm_session_clear_timer(s);
681 sock_release(s->sock);
684 if (state != BT_LISTEN)
685 module_put(THIS_MODULE);
690 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
692 struct rfcomm_session *s, *n;
693 struct l2cap_chan *chan;
694 list_for_each_entry_safe(s, n, &session_list, list) {
695 chan = l2cap_pi(s->sock->sk)->chan;
697 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&chan->src, src)) &&
698 !bacmp(&chan->dst, dst))
704 static struct rfcomm_session *rfcomm_session_close(struct rfcomm_session *s,
707 struct rfcomm_dlc *d, *n;
709 s->state = BT_CLOSED;
711 BT_DBG("session %p state %ld err %d", s, s->state, err);
714 list_for_each_entry_safe(d, n, &s->dlcs, list) {
715 d->state = BT_CLOSED;
716 __rfcomm_dlc_close(d, err);
719 rfcomm_session_clear_timer(s);
720 return rfcomm_session_del(s);
723 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
728 struct rfcomm_session *s = NULL;
729 struct sockaddr_l2 addr;
733 BT_DBG("%pMR -> %pMR", src, dst);
735 *err = rfcomm_l2sock_create(&sock);
739 bacpy(&addr.l2_bdaddr, src);
740 addr.l2_family = AF_BLUETOOTH;
743 addr.l2_bdaddr_type = BDADDR_BREDR;
744 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
748 /* Set L2CAP options */
751 /* Set MTU to 0 so L2CAP can auto select the MTU */
752 l2cap_pi(sk)->chan->imtu = 0;
753 l2cap_pi(sk)->chan->sec_level = sec_level;
755 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
758 s = rfcomm_session_add(sock, BT_BOUND);
766 bacpy(&addr.l2_bdaddr, dst);
767 addr.l2_family = AF_BLUETOOTH;
768 addr.l2_psm = cpu_to_le16(L2CAP_PSM_RFCOMM);
770 addr.l2_bdaddr_type = BDADDR_BREDR;
771 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
772 if (*err == 0 || *err == -EINPROGRESS)
775 return rfcomm_session_del(s);
782 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
784 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
786 bacpy(src, &chan->src);
788 bacpy(dst, &chan->dst);
791 /* ---- RFCOMM frame sending ---- */
792 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
794 struct kvec iv = { data, len };
797 BT_DBG("session %p len %d", s, len);
799 memset(&msg, 0, sizeof(msg));
801 return kernel_sendmsg(s->sock, &msg, &iv, 1, len);
804 static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd)
806 BT_DBG("%p cmd %u", s, cmd->ctrl);
808 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd));
811 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
813 struct rfcomm_cmd cmd;
815 BT_DBG("%p dlci %d", s, dlci);
817 cmd.addr = __addr(s->initiator, dlci);
818 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
820 cmd.fcs = __fcs2((u8 *) &cmd);
822 return rfcomm_send_cmd(s, &cmd);
825 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
827 struct rfcomm_cmd cmd;
829 BT_DBG("%p dlci %d", s, dlci);
831 cmd.addr = __addr(!s->initiator, dlci);
832 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
834 cmd.fcs = __fcs2((u8 *) &cmd);
836 return rfcomm_send_cmd(s, &cmd);
839 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
841 struct rfcomm_cmd cmd;
843 BT_DBG("%p dlci %d", s, dlci);
845 cmd.addr = __addr(s->initiator, dlci);
846 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
848 cmd.fcs = __fcs2((u8 *) &cmd);
850 return rfcomm_send_cmd(s, &cmd);
853 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
855 struct rfcomm_cmd *cmd;
858 BT_DBG("dlc %p dlci %d", d, d->dlci);
860 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
864 cmd = __skb_put(skb, sizeof(*cmd));
866 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
867 cmd->len = __len8(0);
868 cmd->fcs = __fcs2((u8 *) cmd);
870 skb_queue_tail(&d->tx_queue, skb);
875 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
877 struct rfcomm_cmd cmd;
879 BT_DBG("%p dlci %d", s, dlci);
881 cmd.addr = __addr(!s->initiator, dlci);
882 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
884 cmd.fcs = __fcs2((u8 *) &cmd);
886 return rfcomm_send_cmd(s, &cmd);
889 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
891 struct rfcomm_hdr *hdr;
892 struct rfcomm_mcc *mcc;
893 u8 buf[16], *ptr = buf;
895 BT_DBG("%p cr %d type %d", s, cr, type);
897 hdr = (void *) ptr; ptr += sizeof(*hdr);
898 hdr->addr = __addr(s->initiator, 0);
899 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
900 hdr->len = __len8(sizeof(*mcc) + 1);
902 mcc = (void *) ptr; ptr += sizeof(*mcc);
903 mcc->type = __mcc_type(0, RFCOMM_NSC);
904 mcc->len = __len8(1);
906 /* Type that we didn't like */
907 *ptr = __mcc_type(cr, type); ptr++;
909 *ptr = __fcs(buf); ptr++;
911 return rfcomm_send_frame(s, buf, ptr - buf);
914 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
916 struct rfcomm_hdr *hdr;
917 struct rfcomm_mcc *mcc;
918 struct rfcomm_pn *pn;
919 u8 buf[16], *ptr = buf;
921 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
923 hdr = (void *) ptr; ptr += sizeof(*hdr);
924 hdr->addr = __addr(s->initiator, 0);
925 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
926 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
928 mcc = (void *) ptr; ptr += sizeof(*mcc);
929 mcc->type = __mcc_type(cr, RFCOMM_PN);
930 mcc->len = __len8(sizeof(*pn));
932 pn = (void *) ptr; ptr += sizeof(*pn);
934 pn->priority = d->priority;
939 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
940 pn->credits = RFCOMM_DEFAULT_CREDITS;
946 if (cr && channel_mtu >= 0)
947 pn->mtu = cpu_to_le16(channel_mtu);
949 pn->mtu = cpu_to_le16(d->mtu);
951 *ptr = __fcs(buf); ptr++;
953 return rfcomm_send_frame(s, buf, ptr - buf);
956 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
957 u8 bit_rate, u8 data_bits, u8 stop_bits,
958 u8 parity, u8 flow_ctrl_settings,
959 u8 xon_char, u8 xoff_char, u16 param_mask)
961 struct rfcomm_hdr *hdr;
962 struct rfcomm_mcc *mcc;
963 struct rfcomm_rpn *rpn;
964 u8 buf[16], *ptr = buf;
966 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
967 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
968 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
969 flow_ctrl_settings, xon_char, xoff_char, param_mask);
971 hdr = (void *) ptr; ptr += sizeof(*hdr);
972 hdr->addr = __addr(s->initiator, 0);
973 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
974 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
976 mcc = (void *) ptr; ptr += sizeof(*mcc);
977 mcc->type = __mcc_type(cr, RFCOMM_RPN);
978 mcc->len = __len8(sizeof(*rpn));
980 rpn = (void *) ptr; ptr += sizeof(*rpn);
981 rpn->dlci = __addr(1, dlci);
982 rpn->bit_rate = bit_rate;
983 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
984 rpn->flow_ctrl = flow_ctrl_settings;
985 rpn->xon_char = xon_char;
986 rpn->xoff_char = xoff_char;
987 rpn->param_mask = cpu_to_le16(param_mask);
989 *ptr = __fcs(buf); ptr++;
991 return rfcomm_send_frame(s, buf, ptr - buf);
994 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
996 struct rfcomm_hdr *hdr;
997 struct rfcomm_mcc *mcc;
998 struct rfcomm_rls *rls;
999 u8 buf[16], *ptr = buf;
1001 BT_DBG("%p cr %d status 0x%x", s, cr, status);
1003 hdr = (void *) ptr; ptr += sizeof(*hdr);
1004 hdr->addr = __addr(s->initiator, 0);
1005 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1006 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
1008 mcc = (void *) ptr; ptr += sizeof(*mcc);
1009 mcc->type = __mcc_type(cr, RFCOMM_RLS);
1010 mcc->len = __len8(sizeof(*rls));
1012 rls = (void *) ptr; ptr += sizeof(*rls);
1013 rls->dlci = __addr(1, dlci);
1014 rls->status = status;
1016 *ptr = __fcs(buf); ptr++;
1018 return rfcomm_send_frame(s, buf, ptr - buf);
1021 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
1023 struct rfcomm_hdr *hdr;
1024 struct rfcomm_mcc *mcc;
1025 struct rfcomm_msc *msc;
1026 u8 buf[16], *ptr = buf;
1028 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
1030 hdr = (void *) ptr; ptr += sizeof(*hdr);
1031 hdr->addr = __addr(s->initiator, 0);
1032 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1033 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
1035 mcc = (void *) ptr; ptr += sizeof(*mcc);
1036 mcc->type = __mcc_type(cr, RFCOMM_MSC);
1037 mcc->len = __len8(sizeof(*msc));
1039 msc = (void *) ptr; ptr += sizeof(*msc);
1040 msc->dlci = __addr(1, dlci);
1041 msc->v24_sig = v24_sig | 0x01;
1043 *ptr = __fcs(buf); ptr++;
1045 return rfcomm_send_frame(s, buf, ptr - buf);
1048 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
1050 struct rfcomm_hdr *hdr;
1051 struct rfcomm_mcc *mcc;
1052 u8 buf[16], *ptr = buf;
1054 BT_DBG("%p cr %d", s, cr);
1056 hdr = (void *) ptr; ptr += sizeof(*hdr);
1057 hdr->addr = __addr(s->initiator, 0);
1058 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1059 hdr->len = __len8(sizeof(*mcc));
1061 mcc = (void *) ptr; ptr += sizeof(*mcc);
1062 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1063 mcc->len = __len8(0);
1065 *ptr = __fcs(buf); ptr++;
1067 return rfcomm_send_frame(s, buf, ptr - buf);
1070 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1072 struct rfcomm_hdr *hdr;
1073 struct rfcomm_mcc *mcc;
1074 u8 buf[16], *ptr = buf;
1076 BT_DBG("%p cr %d", s, cr);
1078 hdr = (void *) ptr; ptr += sizeof(*hdr);
1079 hdr->addr = __addr(s->initiator, 0);
1080 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1081 hdr->len = __len8(sizeof(*mcc));
1083 mcc = (void *) ptr; ptr += sizeof(*mcc);
1084 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1085 mcc->len = __len8(0);
1087 *ptr = __fcs(buf); ptr++;
1089 return rfcomm_send_frame(s, buf, ptr - buf);
1092 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1094 struct socket *sock = s->sock;
1097 unsigned char hdr[5], crc[1];
1102 BT_DBG("%p cr %d", s, cr);
1104 hdr[0] = __addr(s->initiator, 0);
1105 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1106 hdr[2] = 0x01 | ((len + 2) << 1);
1107 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1108 hdr[4] = 0x01 | (len << 1);
1110 crc[0] = __fcs(hdr);
1112 iv[0].iov_base = hdr;
1114 iv[1].iov_base = pattern;
1115 iv[1].iov_len = len;
1116 iv[2].iov_base = crc;
1119 memset(&msg, 0, sizeof(msg));
1121 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1124 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1126 struct rfcomm_hdr *hdr;
1127 u8 buf[16], *ptr = buf;
1129 BT_DBG("%p addr %d credits %d", s, addr, credits);
1131 hdr = (void *) ptr; ptr += sizeof(*hdr);
1133 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1134 hdr->len = __len8(0);
1136 *ptr = credits; ptr++;
1138 *ptr = __fcs(buf); ptr++;
1140 return rfcomm_send_frame(s, buf, ptr - buf);
1143 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1145 struct rfcomm_hdr *hdr;
1150 hdr = skb_push(skb, 4);
1151 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1153 hdr = skb_push(skb, 3);
1154 hdr->len = __len8(len);
1157 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1159 crc = skb_put(skb, 1);
1160 *crc = __fcs((void *) hdr);
1163 /* ---- RFCOMM frame reception ---- */
1164 static struct rfcomm_session *rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1166 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1170 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1172 rfcomm_send_dm(s, dlci);
1178 rfcomm_dlc_clear_timer(d);
1181 d->state = BT_CONNECTED;
1182 d->state_change(d, 0);
1183 rfcomm_dlc_unlock(d);
1185 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1189 d->state = BT_CLOSED;
1190 __rfcomm_dlc_close(d, 0);
1192 if (list_empty(&s->dlcs)) {
1193 s->state = BT_DISCONN;
1194 rfcomm_send_disc(s, 0);
1195 rfcomm_session_clear_timer(s);
1201 /* Control channel */
1204 s->state = BT_CONNECTED;
1205 rfcomm_process_connect(s);
1209 s = rfcomm_session_close(s, ECONNRESET);
1216 static struct rfcomm_session *rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1220 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1224 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1226 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1231 d->state = BT_CLOSED;
1232 __rfcomm_dlc_close(d, err);
1235 if (s->state == BT_CONNECT)
1240 s = rfcomm_session_close(s, err);
1245 static struct rfcomm_session *rfcomm_recv_disc(struct rfcomm_session *s,
1250 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1253 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1255 rfcomm_send_ua(s, dlci);
1257 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1262 d->state = BT_CLOSED;
1263 __rfcomm_dlc_close(d, err);
1265 rfcomm_send_dm(s, dlci);
1268 rfcomm_send_ua(s, 0);
1270 if (s->state == BT_CONNECT)
1275 s = rfcomm_session_close(s, err);
1280 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1282 struct sock *sk = d->session->sock->sk;
1283 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1285 BT_DBG("dlc %p", d);
1287 rfcomm_send_ua(d->session, d->dlci);
1289 rfcomm_dlc_clear_timer(d);
1292 d->state = BT_CONNECTED;
1293 d->state_change(d, 0);
1294 rfcomm_dlc_unlock(d);
1297 hci_conn_switch_role(conn->hcon, 0x00);
1299 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1302 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1304 if (rfcomm_check_security(d)) {
1305 if (d->defer_setup) {
1306 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1307 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1310 d->state = BT_CONNECT2;
1311 d->state_change(d, 0);
1312 rfcomm_dlc_unlock(d);
1314 rfcomm_dlc_accept(d);
1316 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1317 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1321 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1323 struct rfcomm_dlc *d;
1326 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1329 rfcomm_send_ua(s, 0);
1331 if (s->state == BT_OPEN) {
1332 s->state = BT_CONNECTED;
1333 rfcomm_process_connect(s);
1338 /* Check if DLC exists */
1339 d = rfcomm_dlc_get(s, dlci);
1341 if (d->state == BT_OPEN) {
1342 /* DLC was previously opened by PN request */
1343 rfcomm_check_accept(d);
1348 /* Notify socket layer about incoming connection */
1349 channel = __srv_channel(dlci);
1350 if (rfcomm_connect_ind(s, channel, &d)) {
1352 d->addr = __addr(s->initiator, dlci);
1353 rfcomm_dlc_link(s, d);
1355 rfcomm_check_accept(d);
1357 rfcomm_send_dm(s, dlci);
1363 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1365 struct rfcomm_session *s = d->session;
1367 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1368 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1370 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1371 pn->flow_ctrl == 0xe0) {
1372 d->cfc = RFCOMM_CFC_ENABLED;
1373 d->tx_credits = pn->credits;
1375 d->cfc = RFCOMM_CFC_DISABLED;
1376 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1379 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1382 d->priority = pn->priority;
1384 d->mtu = __le16_to_cpu(pn->mtu);
1386 if (cr && d->mtu > s->mtu)
1392 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1394 struct rfcomm_pn *pn = (void *) skb->data;
1395 struct rfcomm_dlc *d;
1398 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1403 d = rfcomm_dlc_get(s, dlci);
1407 rfcomm_apply_pn(d, cr, pn);
1408 rfcomm_send_pn(s, 0, d);
1413 rfcomm_apply_pn(d, cr, pn);
1415 d->state = BT_CONNECT;
1416 rfcomm_send_sabm(s, d->dlci);
1421 u8 channel = __srv_channel(dlci);
1426 /* PN request for non existing DLC.
1427 * Assume incoming connection. */
1428 if (rfcomm_connect_ind(s, channel, &d)) {
1430 d->addr = __addr(s->initiator, dlci);
1431 rfcomm_dlc_link(s, d);
1433 rfcomm_apply_pn(d, cr, pn);
1436 rfcomm_send_pn(s, 0, d);
1438 rfcomm_send_dm(s, dlci);
1444 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1446 struct rfcomm_rpn *rpn = (void *) skb->data;
1447 u8 dlci = __get_dlci(rpn->dlci);
1456 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1458 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1459 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1460 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1466 /* This is a request, return default (according to ETSI TS 07.10) settings */
1467 bit_rate = RFCOMM_RPN_BR_9600;
1468 data_bits = RFCOMM_RPN_DATA_8;
1469 stop_bits = RFCOMM_RPN_STOP_1;
1470 parity = RFCOMM_RPN_PARITY_NONE;
1471 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1472 xon_char = RFCOMM_RPN_XON_CHAR;
1473 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1477 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1478 * no parity, no flow control lines, normal XON/XOFF chars */
1480 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1481 bit_rate = rpn->bit_rate;
1482 if (bit_rate > RFCOMM_RPN_BR_230400) {
1483 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1484 bit_rate = RFCOMM_RPN_BR_9600;
1485 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1489 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1490 data_bits = __get_rpn_data_bits(rpn->line_settings);
1491 if (data_bits != RFCOMM_RPN_DATA_8) {
1492 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1493 data_bits = RFCOMM_RPN_DATA_8;
1494 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1498 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1499 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1500 if (stop_bits != RFCOMM_RPN_STOP_1) {
1501 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1502 stop_bits = RFCOMM_RPN_STOP_1;
1503 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1507 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1508 parity = __get_rpn_parity(rpn->line_settings);
1509 if (parity != RFCOMM_RPN_PARITY_NONE) {
1510 BT_DBG("RPN parity mismatch 0x%x", parity);
1511 parity = RFCOMM_RPN_PARITY_NONE;
1512 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1516 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1517 flow_ctrl = rpn->flow_ctrl;
1518 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1519 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1520 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1521 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1525 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1526 xon_char = rpn->xon_char;
1527 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1528 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1529 xon_char = RFCOMM_RPN_XON_CHAR;
1530 rpn_mask ^= RFCOMM_RPN_PM_XON;
1534 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1535 xoff_char = rpn->xoff_char;
1536 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1537 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1538 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1539 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1544 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1545 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1550 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1552 struct rfcomm_rls *rls = (void *) skb->data;
1553 u8 dlci = __get_dlci(rls->dlci);
1555 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1560 /* We should probably do something with this information here. But
1561 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1562 * mandatory to recognise and respond to RLS */
1564 rfcomm_send_rls(s, 0, dlci, rls->status);
1569 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1571 struct rfcomm_msc *msc = (void *) skb->data;
1572 struct rfcomm_dlc *d;
1573 u8 dlci = __get_dlci(msc->dlci);
1575 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1577 d = rfcomm_dlc_get(s, dlci);
1582 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1583 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1585 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1589 d->remote_v24_sig = msc->v24_sig;
1591 if (d->modem_status)
1592 d->modem_status(d, msc->v24_sig);
1594 rfcomm_dlc_unlock(d);
1596 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1598 d->mscex |= RFCOMM_MSCEX_RX;
1600 d->mscex |= RFCOMM_MSCEX_TX;
1605 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1607 struct rfcomm_mcc *mcc = (void *) skb->data;
1610 cr = __test_cr(mcc->type);
1611 type = __get_mcc_type(mcc->type);
1612 len = __get_mcc_len(mcc->len);
1614 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1620 rfcomm_recv_pn(s, cr, skb);
1624 rfcomm_recv_rpn(s, cr, len, skb);
1628 rfcomm_recv_rls(s, cr, skb);
1632 rfcomm_recv_msc(s, cr, skb);
1637 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1638 rfcomm_send_fcoff(s, 0);
1644 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1645 rfcomm_send_fcon(s, 0);
1651 rfcomm_send_test(s, 0, skb->data, skb->len);
1658 BT_ERR("Unknown control type 0x%02x", type);
1659 rfcomm_send_nsc(s, cr, type);
1665 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1667 struct rfcomm_dlc *d;
1669 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1671 d = rfcomm_dlc_get(s, dlci);
1673 rfcomm_send_dm(s, dlci);
1678 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1680 d->tx_credits += credits;
1682 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1685 if (skb->len && d->state == BT_CONNECTED) {
1688 d->data_ready(d, skb);
1689 rfcomm_dlc_unlock(d);
1698 static struct rfcomm_session *rfcomm_recv_frame(struct rfcomm_session *s,
1699 struct sk_buff *skb)
1701 struct rfcomm_hdr *hdr = (void *) skb->data;
1705 /* no session, so free socket data */
1710 dlci = __get_dlci(hdr->addr);
1711 type = __get_type(hdr->ctrl);
1714 skb->len--; skb->tail--;
1715 fcs = *(u8 *)skb_tail_pointer(skb);
1717 if (__check_fcs(skb->data, type, fcs)) {
1718 BT_ERR("bad checksum in packet");
1723 if (__test_ea(hdr->len))
1730 if (__test_pf(hdr->ctrl))
1731 rfcomm_recv_sabm(s, dlci);
1735 if (__test_pf(hdr->ctrl))
1736 s = rfcomm_recv_disc(s, dlci);
1740 if (__test_pf(hdr->ctrl))
1741 s = rfcomm_recv_ua(s, dlci);
1745 s = rfcomm_recv_dm(s, dlci);
1750 rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1753 rfcomm_recv_mcc(s, skb);
1757 BT_ERR("Unknown packet type 0x%02x", type);
1764 /* ---- Connection and data processing ---- */
1766 static void rfcomm_process_connect(struct rfcomm_session *s)
1768 struct rfcomm_dlc *d, *n;
1770 BT_DBG("session %p state %ld", s, s->state);
1772 list_for_each_entry_safe(d, n, &s->dlcs, list) {
1773 if (d->state == BT_CONFIG) {
1775 if (rfcomm_check_security(d)) {
1776 rfcomm_send_pn(s, 1, d);
1778 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1779 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1785 /* Send data queued for the DLC.
1786 * Return number of frames left in the queue.
1788 static int rfcomm_process_tx(struct rfcomm_dlc *d)
1790 struct sk_buff *skb;
1793 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1794 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1796 /* Send pending MSC */
1797 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1798 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1802 * Give them some credits */
1803 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1804 d->rx_credits <= (d->cfc >> 2)) {
1805 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1806 d->rx_credits = d->cfc;
1810 * Give ourselves some credits */
1814 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1815 return skb_queue_len(&d->tx_queue);
1817 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1818 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1820 skb_queue_head(&d->tx_queue, skb);
1827 if (d->cfc && !d->tx_credits) {
1828 /* We're out of TX credits.
1829 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1830 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1833 return skb_queue_len(&d->tx_queue);
1836 static void rfcomm_process_dlcs(struct rfcomm_session *s)
1838 struct rfcomm_dlc *d, *n;
1840 BT_DBG("session %p state %ld", s, s->state);
1842 list_for_each_entry_safe(d, n, &s->dlcs, list) {
1843 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1844 __rfcomm_dlc_close(d, ETIMEDOUT);
1848 if (test_bit(RFCOMM_ENC_DROP, &d->flags)) {
1849 __rfcomm_dlc_close(d, ECONNREFUSED);
1853 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1854 rfcomm_dlc_clear_timer(d);
1856 rfcomm_send_pn(s, 1, d);
1857 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1859 if (d->defer_setup) {
1860 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1861 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1864 d->state = BT_CONNECT2;
1865 d->state_change(d, 0);
1866 rfcomm_dlc_unlock(d);
1868 rfcomm_dlc_accept(d);
1871 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1872 rfcomm_dlc_clear_timer(d);
1874 rfcomm_send_dm(s, d->dlci);
1876 d->state = BT_CLOSED;
1877 __rfcomm_dlc_close(d, ECONNREFUSED);
1881 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1884 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1887 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1888 d->mscex == RFCOMM_MSCEX_OK)
1889 rfcomm_process_tx(d);
1893 static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s)
1895 struct socket *sock = s->sock;
1896 struct sock *sk = sock->sk;
1897 struct sk_buff *skb;
1899 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1901 /* Get data directly from socket receive queue without copying it. */
1902 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1904 if (!skb_linearize(skb)) {
1905 s = rfcomm_recv_frame(s, skb);
1913 if (s && (sk->sk_state == BT_CLOSED))
1914 s = rfcomm_session_close(s, sk->sk_err);
1919 static void rfcomm_accept_connection(struct rfcomm_session *s)
1921 struct socket *sock = s->sock, *nsock;
1924 /* Fast check for a new connection.
1925 * Avoids unnesesary socket allocations. */
1926 if (list_empty(&bt_sk(sock->sk)->accept_q))
1929 BT_DBG("session %p", s);
1931 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1935 /* Set our callbacks */
1936 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1937 nsock->sk->sk_state_change = rfcomm_l2state_change;
1939 s = rfcomm_session_add(nsock, BT_OPEN);
1941 /* We should adjust MTU on incoming sessions.
1942 * L2CAP MTU minus UIH header and FCS. */
1943 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1944 l2cap_pi(nsock->sk)->chan->imtu) - 5;
1948 sock_release(nsock);
1951 static struct rfcomm_session *rfcomm_check_connection(struct rfcomm_session *s)
1953 struct sock *sk = s->sock->sk;
1955 BT_DBG("%p state %ld", s, s->state);
1957 switch (sk->sk_state) {
1959 s->state = BT_CONNECT;
1961 /* We can adjust MTU on outgoing sessions.
1962 * L2CAP MTU minus UIH header and FCS. */
1963 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
1965 rfcomm_send_sabm(s, 0);
1969 s = rfcomm_session_close(s, sk->sk_err);
1975 static void rfcomm_process_sessions(void)
1977 struct rfcomm_session *s, *n;
1981 list_for_each_entry_safe(s, n, &session_list, list) {
1982 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1983 s->state = BT_DISCONN;
1984 rfcomm_send_disc(s, 0);
1990 rfcomm_accept_connection(s);
1994 s = rfcomm_check_connection(s);
1998 s = rfcomm_process_rx(s);
2003 rfcomm_process_dlcs(s);
2009 static int rfcomm_add_listener(bdaddr_t *ba)
2011 struct sockaddr_l2 addr;
2012 struct socket *sock;
2014 struct rfcomm_session *s;
2018 err = rfcomm_l2sock_create(&sock);
2020 BT_ERR("Create socket failed %d", err);
2025 bacpy(&addr.l2_bdaddr, ba);
2026 addr.l2_family = AF_BLUETOOTH;
2027 addr.l2_psm = cpu_to_le16(L2CAP_PSM_RFCOMM);
2029 addr.l2_bdaddr_type = BDADDR_BREDR;
2030 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
2032 BT_ERR("Bind failed %d", err);
2036 /* Set L2CAP options */
2039 /* Set MTU to 0 so L2CAP can auto select the MTU */
2040 l2cap_pi(sk)->chan->imtu = 0;
2043 /* Start listening on the socket */
2044 err = kernel_listen(sock, 10);
2046 BT_ERR("Listen failed %d", err);
2050 /* Add listening session */
2051 s = rfcomm_session_add(sock, BT_LISTEN);
2063 static void rfcomm_kill_listener(void)
2065 struct rfcomm_session *s, *n;
2069 list_for_each_entry_safe(s, n, &session_list, list)
2070 rfcomm_session_del(s);
2073 static int rfcomm_run(void *unused)
2075 DEFINE_WAIT_FUNC(wait, woken_wake_function);
2078 set_user_nice(current, -10);
2080 rfcomm_add_listener(BDADDR_ANY);
2082 add_wait_queue(&rfcomm_wq, &wait);
2083 while (!kthread_should_stop()) {
2086 rfcomm_process_sessions();
2088 wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
2090 remove_wait_queue(&rfcomm_wq, &wait);
2092 rfcomm_kill_listener();
2097 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2099 struct rfcomm_session *s;
2100 struct rfcomm_dlc *d, *n;
2102 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2104 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2108 list_for_each_entry_safe(d, n, &s->dlcs, list) {
2109 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2110 rfcomm_dlc_clear_timer(d);
2111 if (status || encrypt == 0x00) {
2112 set_bit(RFCOMM_ENC_DROP, &d->flags);
2117 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2118 if (d->sec_level == BT_SECURITY_MEDIUM) {
2119 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2120 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2122 } else if (d->sec_level == BT_SECURITY_HIGH ||
2123 d->sec_level == BT_SECURITY_FIPS) {
2124 set_bit(RFCOMM_ENC_DROP, &d->flags);
2129 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2132 if (!status && hci_conn_check_secure(conn, d->sec_level))
2133 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2135 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2141 static struct hci_cb rfcomm_cb = {
2143 .security_cfm = rfcomm_security_cfm
2146 static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2148 struct rfcomm_session *s;
2152 list_for_each_entry(s, &session_list, list) {
2153 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
2154 struct rfcomm_dlc *d;
2155 list_for_each_entry(d, &s->dlcs, list) {
2156 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n",
2157 &chan->src, &chan->dst,
2158 d->state, d->dlci, d->mtu,
2159 d->rx_credits, d->tx_credits);
2168 DEFINE_SHOW_ATTRIBUTE(rfcomm_dlc_debugfs);
2170 static struct dentry *rfcomm_dlc_debugfs;
2172 /* ---- Initialization ---- */
2173 static int __init rfcomm_init(void)
2177 hci_register_cb(&rfcomm_cb);
2179 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2180 if (IS_ERR(rfcomm_thread)) {
2181 err = PTR_ERR(rfcomm_thread);
2185 err = rfcomm_init_ttys();
2189 err = rfcomm_init_sockets();
2193 BT_INFO("RFCOMM ver %s", VERSION);
2195 if (IS_ERR_OR_NULL(bt_debugfs))
2198 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2200 &rfcomm_dlc_debugfs_fops);
2205 rfcomm_cleanup_ttys();
2208 kthread_stop(rfcomm_thread);
2211 hci_unregister_cb(&rfcomm_cb);
2216 static void __exit rfcomm_exit(void)
2218 debugfs_remove(rfcomm_dlc_debugfs);
2220 hci_unregister_cb(&rfcomm_cb);
2222 kthread_stop(rfcomm_thread);
2224 rfcomm_cleanup_ttys();
2226 rfcomm_cleanup_sockets();
2229 module_init(rfcomm_init);
2230 module_exit(rfcomm_exit);
2232 module_param(disable_cfc, bool, 0644);
2233 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2235 module_param(channel_mtu, int, 0644);
2236 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2238 module_param(l2cap_ertm, bool, 0644);
2239 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2241 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2242 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2243 MODULE_VERSION(VERSION);
2244 MODULE_LICENSE("GPL");
2245 MODULE_ALIAS("bt-proto-3");
projects / linux-2.6-microblaze.git / blob