2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/kernel.h>
31 #include <linux/sched.h>
32 #include <linux/signal.h>
33 #include <linux/init.h>
34 #include <linux/wait.h>
35 #include <linux/device.h>
36 #include <linux/net.h>
37 #include <linux/mutex.h>
38 #include <linux/kthread.h>
41 #include <asm/uaccess.h>
42 #include <asm/unaligned.h>
44 #include <net/bluetooth/bluetooth.h>
45 #include <net/bluetooth/hci_core.h>
46 #include <net/bluetooth/l2cap.h>
47 #include <net/bluetooth/rfcomm.h>
49 #ifndef CONFIG_BT_RFCOMM_DEBUG
56 static int disable_cfc = 0;
57 static int channel_mtu = -1;
58 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
60 static struct task_struct *rfcomm_thread;
62 static DEFINE_MUTEX(rfcomm_mutex);
63 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
64 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
66 static unsigned long rfcomm_event;
68 static LIST_HEAD(session_list);
70 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
71 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
72 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
73 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
74 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
75 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
76 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
77 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
78 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
79 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
81 static void rfcomm_process_connect(struct rfcomm_session *s);
83 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
84 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
85 static void rfcomm_session_del(struct rfcomm_session *s);
87 /* ---- RFCOMM frame parsing macros ---- */
88 #define __get_dlci(b) ((b & 0xfc) >> 2)
89 #define __get_channel(b) ((b & 0xf8) >> 3)
90 #define __get_dir(b) ((b & 0x04) >> 2)
91 #define __get_type(b) ((b & 0xef))
93 #define __test_ea(b) ((b & 0x01))
94 #define __test_cr(b) ((b & 0x02))
95 #define __test_pf(b) ((b & 0x10))
97 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
98 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
99 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
100 #define __srv_channel(dlci) (dlci >> 1)
101 #define __dir(dlci) (dlci & 0x01)
103 #define __len8(len) (((len) << 1) | 1)
104 #define __len16(len) ((len) << 1)
107 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
108 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
109 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
112 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
113 #define __get_rpn_data_bits(line) ((line) & 0x3)
114 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
115 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
117 static inline void rfcomm_schedule(uint event)
121 //set_bit(event, &rfcomm_event);
122 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
123 wake_up_process(rfcomm_thread);
126 static inline void rfcomm_session_put(struct rfcomm_session *s)
128 if (atomic_dec_and_test(&s->refcnt))
129 rfcomm_session_del(s);
132 /* ---- RFCOMM FCS computation ---- */
134 /* reversed, 8-bit, poly=0x07 */
135 static unsigned char rfcomm_crc_table[256] = {
136 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
137 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
138 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
139 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
141 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
142 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
143 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
144 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
146 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
147 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
148 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
149 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
151 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
152 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
153 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
154 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
156 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
157 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
158 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
159 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
161 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
162 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
163 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
164 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
166 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
167 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
168 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
169 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
171 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
172 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
173 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
174 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
178 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
181 static inline u8 __fcs(u8 *data)
183 return (0xff - __crc(data));
187 static inline u8 __fcs2(u8 *data)
189 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
193 static inline int __check_fcs(u8 *data, int type, u8 fcs)
197 if (type != RFCOMM_UIH)
198 f = rfcomm_crc_table[f ^ data[2]];
200 return rfcomm_crc_table[f ^ fcs] != 0xcf;
203 /* ---- L2CAP callbacks ---- */
204 static void rfcomm_l2state_change(struct sock *sk)
206 BT_DBG("%p state %d", sk, sk->sk_state);
207 rfcomm_schedule(RFCOMM_SCHED_STATE);
210 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
212 BT_DBG("%p bytes %d", sk, bytes);
213 rfcomm_schedule(RFCOMM_SCHED_RX);
216 static int rfcomm_l2sock_create(struct socket **sock)
222 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
224 struct sock *sk = (*sock)->sk;
225 sk->sk_data_ready = rfcomm_l2data_ready;
226 sk->sk_state_change = rfcomm_l2state_change;
231 /* ---- RFCOMM DLCs ---- */
232 static void rfcomm_dlc_timeout(unsigned long arg)
234 struct rfcomm_dlc *d = (void *) arg;
236 BT_DBG("dlc %p state %ld", d, d->state);
238 set_bit(RFCOMM_TIMED_OUT, &d->flags);
240 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
243 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
245 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
247 if (!mod_timer(&d->timer, jiffies + timeout))
251 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
253 BT_DBG("dlc %p state %ld", d, d->state);
255 if (timer_pending(&d->timer) && del_timer(&d->timer))
259 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
266 d->mtu = RFCOMM_DEFAULT_MTU;
267 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
269 d->cfc = RFCOMM_CFC_DISABLED;
270 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
273 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
275 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
280 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
282 skb_queue_head_init(&d->tx_queue);
283 spin_lock_init(&d->lock);
284 atomic_set(&d->refcnt, 1);
286 rfcomm_dlc_clear_state(d);
293 void rfcomm_dlc_free(struct rfcomm_dlc *d)
297 skb_queue_purge(&d->tx_queue);
301 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
303 BT_DBG("dlc %p session %p", d, s);
305 rfcomm_session_hold(s);
308 list_add(&d->list, &s->dlcs);
312 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
314 struct rfcomm_session *s = d->session;
316 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
322 rfcomm_session_put(s);
325 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
327 struct rfcomm_dlc *d;
330 list_for_each(p, &s->dlcs) {
331 d = list_entry(p, struct rfcomm_dlc, list);
338 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
340 struct rfcomm_session *s;
344 BT_DBG("dlc %p state %ld %s %s channel %d",
345 d, d->state, batostr(src), batostr(dst), channel);
347 if (channel < 1 || channel > 30)
350 if (d->state != BT_OPEN && d->state != BT_CLOSED)
353 s = rfcomm_session_get(src, dst);
355 s = rfcomm_session_create(src, dst, &err);
360 dlci = __dlci(!s->initiator, channel);
362 /* Check if DLCI already exists */
363 if (rfcomm_dlc_get(s, dlci))
366 rfcomm_dlc_clear_state(d);
369 d->addr = __addr(s->initiator, dlci);
372 d->state = BT_CONFIG;
373 rfcomm_dlc_link(s, d);
376 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
378 if (s->state == BT_CONNECTED)
379 rfcomm_send_pn(s, 1, d);
380 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
384 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
390 r = __rfcomm_dlc_open(d, src, dst, channel);
396 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
398 struct rfcomm_session *s = d->session;
402 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
403 d, d->state, d->dlci, err, s);
409 d->state = BT_DISCONN;
410 if (skb_queue_empty(&d->tx_queue)) {
411 rfcomm_send_disc(s, d->dlci);
412 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
414 rfcomm_queue_disc(d);
415 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
420 rfcomm_dlc_clear_timer(d);
423 d->state = BT_CLOSED;
424 d->state_change(d, err);
425 rfcomm_dlc_unlock(d);
427 skb_queue_purge(&d->tx_queue);
428 rfcomm_dlc_unlink(d);
434 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
440 r = __rfcomm_dlc_close(d, err);
446 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
450 if (d->state != BT_CONNECTED)
453 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
458 rfcomm_make_uih(skb, d->addr);
459 skb_queue_tail(&d->tx_queue, skb);
461 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
462 rfcomm_schedule(RFCOMM_SCHED_TX);
466 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
468 BT_DBG("dlc %p state %ld", d, d->state);
471 d->v24_sig |= RFCOMM_V24_FC;
472 set_bit(RFCOMM_MSC_PENDING, &d->flags);
474 rfcomm_schedule(RFCOMM_SCHED_TX);
477 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
479 BT_DBG("dlc %p state %ld", d, d->state);
482 d->v24_sig &= ~RFCOMM_V24_FC;
483 set_bit(RFCOMM_MSC_PENDING, &d->flags);
485 rfcomm_schedule(RFCOMM_SCHED_TX);
489 Set/get modem status functions use _local_ status i.e. what we report
491 Remote status is provided by dlc->modem_status() callback.
493 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
495 BT_DBG("dlc %p state %ld v24_sig 0x%x",
496 d, d->state, v24_sig);
498 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
499 v24_sig |= RFCOMM_V24_FC;
501 v24_sig &= ~RFCOMM_V24_FC;
503 d->v24_sig = v24_sig;
505 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
506 rfcomm_schedule(RFCOMM_SCHED_TX);
511 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
513 BT_DBG("dlc %p state %ld v24_sig 0x%x",
514 d, d->state, d->v24_sig);
516 *v24_sig = d->v24_sig;
520 /* ---- RFCOMM sessions ---- */
521 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
523 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
528 BT_DBG("session %p sock %p", s, sock);
530 INIT_LIST_HEAD(&s->dlcs);
534 s->mtu = RFCOMM_DEFAULT_MTU;
535 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
537 /* Do not increment module usage count for listening sessions.
538 * Otherwise we won't be able to unload the module. */
539 if (state != BT_LISTEN)
540 if (!try_module_get(THIS_MODULE)) {
545 list_add(&s->list, &session_list);
550 static void rfcomm_session_del(struct rfcomm_session *s)
552 int state = s->state;
554 BT_DBG("session %p state %ld", s, s->state);
558 if (state == BT_CONNECTED)
559 rfcomm_send_disc(s, 0);
561 sock_release(s->sock);
564 if (state != BT_LISTEN)
565 module_put(THIS_MODULE);
568 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
570 struct rfcomm_session *s;
571 struct list_head *p, *n;
573 list_for_each_safe(p, n, &session_list) {
574 s = list_entry(p, struct rfcomm_session, list);
575 sk = bt_sk(s->sock->sk);
577 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
578 !bacmp(&sk->dst, dst))
584 static void rfcomm_session_close(struct rfcomm_session *s, int err)
586 struct rfcomm_dlc *d;
587 struct list_head *p, *n;
589 BT_DBG("session %p state %ld err %d", s, s->state, err);
591 rfcomm_session_hold(s);
593 s->state = BT_CLOSED;
596 list_for_each_safe(p, n, &s->dlcs) {
597 d = list_entry(p, struct rfcomm_dlc, list);
598 d->state = BT_CLOSED;
599 __rfcomm_dlc_close(d, err);
602 rfcomm_session_put(s);
605 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
607 struct rfcomm_session *s = NULL;
608 struct sockaddr_l2 addr;
612 BT_DBG("%s %s", batostr(src), batostr(dst));
614 *err = rfcomm_l2sock_create(&sock);
618 bacpy(&addr.l2_bdaddr, src);
619 addr.l2_family = AF_BLUETOOTH;
621 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
625 /* Set L2CAP options */
628 l2cap_pi(sk)->imtu = l2cap_mtu;
631 s = rfcomm_session_add(sock, BT_BOUND);
639 bacpy(&addr.l2_bdaddr, dst);
640 addr.l2_family = AF_BLUETOOTH;
641 addr.l2_psm = htobs(RFCOMM_PSM);
642 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
643 if (*err == 0 || *err == -EINPROGRESS)
646 rfcomm_session_del(s);
654 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
656 struct sock *sk = s->sock->sk;
658 bacpy(src, &bt_sk(sk)->src);
660 bacpy(dst, &bt_sk(sk)->dst);
663 /* ---- RFCOMM frame sending ---- */
664 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
666 struct socket *sock = s->sock;
667 struct kvec iv = { data, len };
670 BT_DBG("session %p len %d", s, len);
672 memset(&msg, 0, sizeof(msg));
674 return kernel_sendmsg(sock, &msg, &iv, 1, len);
677 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
679 struct rfcomm_cmd cmd;
681 BT_DBG("%p dlci %d", s, dlci);
683 cmd.addr = __addr(s->initiator, dlci);
684 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
686 cmd.fcs = __fcs2((u8 *) &cmd);
688 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
691 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
693 struct rfcomm_cmd cmd;
695 BT_DBG("%p dlci %d", s, dlci);
697 cmd.addr = __addr(!s->initiator, dlci);
698 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
700 cmd.fcs = __fcs2((u8 *) &cmd);
702 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
705 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
707 struct rfcomm_cmd cmd;
709 BT_DBG("%p dlci %d", s, dlci);
711 cmd.addr = __addr(s->initiator, dlci);
712 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
714 cmd.fcs = __fcs2((u8 *) &cmd);
716 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
719 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
721 struct rfcomm_cmd *cmd;
724 BT_DBG("dlc %p dlci %d", d, d->dlci);
726 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
730 cmd = (void *) __skb_put(skb, sizeof(*cmd));
732 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
733 cmd->len = __len8(0);
734 cmd->fcs = __fcs2((u8 *) cmd);
736 skb_queue_tail(&d->tx_queue, skb);
737 rfcomm_schedule(RFCOMM_SCHED_TX);
741 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
743 struct rfcomm_cmd cmd;
745 BT_DBG("%p dlci %d", s, dlci);
747 cmd.addr = __addr(!s->initiator, dlci);
748 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
750 cmd.fcs = __fcs2((u8 *) &cmd);
752 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
755 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
757 struct rfcomm_hdr *hdr;
758 struct rfcomm_mcc *mcc;
759 u8 buf[16], *ptr = buf;
761 BT_DBG("%p cr %d type %d", s, cr, type);
763 hdr = (void *) ptr; ptr += sizeof(*hdr);
764 hdr->addr = __addr(s->initiator, 0);
765 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
766 hdr->len = __len8(sizeof(*mcc) + 1);
768 mcc = (void *) ptr; ptr += sizeof(*mcc);
769 mcc->type = __mcc_type(cr, RFCOMM_NSC);
770 mcc->len = __len8(1);
772 /* Type that we didn't like */
773 *ptr = __mcc_type(cr, type); ptr++;
775 *ptr = __fcs(buf); ptr++;
777 return rfcomm_send_frame(s, buf, ptr - buf);
780 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
782 struct rfcomm_hdr *hdr;
783 struct rfcomm_mcc *mcc;
784 struct rfcomm_pn *pn;
785 u8 buf[16], *ptr = buf;
787 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
789 hdr = (void *) ptr; ptr += sizeof(*hdr);
790 hdr->addr = __addr(s->initiator, 0);
791 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
792 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
794 mcc = (void *) ptr; ptr += sizeof(*mcc);
795 mcc->type = __mcc_type(cr, RFCOMM_PN);
796 mcc->len = __len8(sizeof(*pn));
798 pn = (void *) ptr; ptr += sizeof(*pn);
800 pn->priority = d->priority;
805 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
806 pn->credits = RFCOMM_DEFAULT_CREDITS;
812 if (cr && channel_mtu >= 0)
813 pn->mtu = htobs(channel_mtu);
815 pn->mtu = htobs(d->mtu);
817 *ptr = __fcs(buf); ptr++;
819 return rfcomm_send_frame(s, buf, ptr - buf);
822 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
823 u8 bit_rate, u8 data_bits, u8 stop_bits,
824 u8 parity, u8 flow_ctrl_settings,
825 u8 xon_char, u8 xoff_char, u16 param_mask)
827 struct rfcomm_hdr *hdr;
828 struct rfcomm_mcc *mcc;
829 struct rfcomm_rpn *rpn;
830 u8 buf[16], *ptr = buf;
832 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
833 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
834 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
835 flow_ctrl_settings, xon_char, xoff_char, param_mask);
837 hdr = (void *) ptr; ptr += sizeof(*hdr);
838 hdr->addr = __addr(s->initiator, 0);
839 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
840 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
842 mcc = (void *) ptr; ptr += sizeof(*mcc);
843 mcc->type = __mcc_type(cr, RFCOMM_RPN);
844 mcc->len = __len8(sizeof(*rpn));
846 rpn = (void *) ptr; ptr += sizeof(*rpn);
847 rpn->dlci = __addr(1, dlci);
848 rpn->bit_rate = bit_rate;
849 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
850 rpn->flow_ctrl = flow_ctrl_settings;
851 rpn->xon_char = xon_char;
852 rpn->xoff_char = xoff_char;
853 rpn->param_mask = cpu_to_le16(param_mask);
855 *ptr = __fcs(buf); ptr++;
857 return rfcomm_send_frame(s, buf, ptr - buf);
860 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
862 struct rfcomm_hdr *hdr;
863 struct rfcomm_mcc *mcc;
864 struct rfcomm_rls *rls;
865 u8 buf[16], *ptr = buf;
867 BT_DBG("%p cr %d status 0x%x", s, cr, status);
869 hdr = (void *) ptr; ptr += sizeof(*hdr);
870 hdr->addr = __addr(s->initiator, 0);
871 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
872 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
874 mcc = (void *) ptr; ptr += sizeof(*mcc);
875 mcc->type = __mcc_type(cr, RFCOMM_RLS);
876 mcc->len = __len8(sizeof(*rls));
878 rls = (void *) ptr; ptr += sizeof(*rls);
879 rls->dlci = __addr(1, dlci);
880 rls->status = status;
882 *ptr = __fcs(buf); ptr++;
884 return rfcomm_send_frame(s, buf, ptr - buf);
887 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
889 struct rfcomm_hdr *hdr;
890 struct rfcomm_mcc *mcc;
891 struct rfcomm_msc *msc;
892 u8 buf[16], *ptr = buf;
894 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
896 hdr = (void *) ptr; ptr += sizeof(*hdr);
897 hdr->addr = __addr(s->initiator, 0);
898 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
899 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
901 mcc = (void *) ptr; ptr += sizeof(*mcc);
902 mcc->type = __mcc_type(cr, RFCOMM_MSC);
903 mcc->len = __len8(sizeof(*msc));
905 msc = (void *) ptr; ptr += sizeof(*msc);
906 msc->dlci = __addr(1, dlci);
907 msc->v24_sig = v24_sig | 0x01;
909 *ptr = __fcs(buf); ptr++;
911 return rfcomm_send_frame(s, buf, ptr - buf);
914 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
916 struct rfcomm_hdr *hdr;
917 struct rfcomm_mcc *mcc;
918 u8 buf[16], *ptr = buf;
920 BT_DBG("%p cr %d", s, cr);
922 hdr = (void *) ptr; ptr += sizeof(*hdr);
923 hdr->addr = __addr(s->initiator, 0);
924 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
925 hdr->len = __len8(sizeof(*mcc));
927 mcc = (void *) ptr; ptr += sizeof(*mcc);
928 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
929 mcc->len = __len8(0);
931 *ptr = __fcs(buf); ptr++;
933 return rfcomm_send_frame(s, buf, ptr - buf);
936 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
938 struct rfcomm_hdr *hdr;
939 struct rfcomm_mcc *mcc;
940 u8 buf[16], *ptr = buf;
942 BT_DBG("%p cr %d", s, cr);
944 hdr = (void *) ptr; ptr += sizeof(*hdr);
945 hdr->addr = __addr(s->initiator, 0);
946 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
947 hdr->len = __len8(sizeof(*mcc));
949 mcc = (void *) ptr; ptr += sizeof(*mcc);
950 mcc->type = __mcc_type(cr, RFCOMM_FCON);
951 mcc->len = __len8(0);
953 *ptr = __fcs(buf); ptr++;
955 return rfcomm_send_frame(s, buf, ptr - buf);
958 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
960 struct socket *sock = s->sock;
963 unsigned char hdr[5], crc[1];
968 BT_DBG("%p cr %d", s, cr);
970 hdr[0] = __addr(s->initiator, 0);
971 hdr[1] = __ctrl(RFCOMM_UIH, 0);
972 hdr[2] = 0x01 | ((len + 2) << 1);
973 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
974 hdr[4] = 0x01 | (len << 1);
978 iv[0].iov_base = hdr;
980 iv[1].iov_base = pattern;
982 iv[2].iov_base = crc;
985 memset(&msg, 0, sizeof(msg));
987 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
990 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
992 struct rfcomm_hdr *hdr;
993 u8 buf[16], *ptr = buf;
995 BT_DBG("%p addr %d credits %d", s, addr, credits);
997 hdr = (void *) ptr; ptr += sizeof(*hdr);
999 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1000 hdr->len = __len8(0);
1002 *ptr = credits; ptr++;
1004 *ptr = __fcs(buf); ptr++;
1006 return rfcomm_send_frame(s, buf, ptr - buf);
1009 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1011 struct rfcomm_hdr *hdr;
1016 hdr = (void *) skb_push(skb, 4);
1017 put_unaligned(htobs(__len16(len)), (__le16 *) &hdr->len);
1019 hdr = (void *) skb_push(skb, 3);
1020 hdr->len = __len8(len);
1023 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1025 crc = skb_put(skb, 1);
1026 *crc = __fcs((void *) hdr);
1029 /* ---- RFCOMM frame reception ---- */
1030 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1032 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1036 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1038 rfcomm_send_dm(s, dlci);
1044 rfcomm_dlc_clear_timer(d);
1047 d->state = BT_CONNECTED;
1048 d->state_change(d, 0);
1049 rfcomm_dlc_unlock(d);
1051 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1055 d->state = BT_CLOSED;
1056 __rfcomm_dlc_close(d, 0);
1058 if (list_empty(&s->dlcs)) {
1059 s->state = BT_DISCONN;
1060 rfcomm_send_disc(s, 0);
1066 /* Control channel */
1069 s->state = BT_CONNECTED;
1070 rfcomm_process_connect(s);
1074 rfcomm_session_put(s);
1081 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1085 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1089 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1091 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1096 d->state = BT_CLOSED;
1097 __rfcomm_dlc_close(d, err);
1100 if (s->state == BT_CONNECT)
1105 s->state = BT_CLOSED;
1106 rfcomm_session_close(s, err);
1111 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1115 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1118 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1120 rfcomm_send_ua(s, dlci);
1122 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1127 d->state = BT_CLOSED;
1128 __rfcomm_dlc_close(d, err);
1130 rfcomm_send_dm(s, dlci);
1133 rfcomm_send_ua(s, 0);
1135 if (s->state == BT_CONNECT)
1140 s->state = BT_CLOSED;
1141 rfcomm_session_close(s, err);
1147 static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
1149 struct sock *sk = d->session->sock->sk;
1151 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
1152 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
1154 } else if (d->link_mode & RFCOMM_LM_AUTH) {
1155 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
1162 static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1164 struct sock *sk = d->session->sock->sk;
1166 BT_DBG("dlc %p", d);
1168 rfcomm_send_ua(d->session, d->dlci);
1171 d->state = BT_CONNECTED;
1172 d->state_change(d, 0);
1173 rfcomm_dlc_unlock(d);
1175 if (d->link_mode & RFCOMM_LM_MASTER)
1176 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);
1178 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1181 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1183 struct rfcomm_dlc *d;
1186 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1189 rfcomm_send_ua(s, 0);
1191 if (s->state == BT_OPEN) {
1192 s->state = BT_CONNECTED;
1193 rfcomm_process_connect(s);
1198 /* Check if DLC exists */
1199 d = rfcomm_dlc_get(s, dlci);
1201 if (d->state == BT_OPEN) {
1202 /* DLC was previously opened by PN request */
1203 if (rfcomm_check_link_mode(d)) {
1204 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1205 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1209 rfcomm_dlc_accept(d);
1214 /* Notify socket layer about incoming connection */
1215 channel = __srv_channel(dlci);
1216 if (rfcomm_connect_ind(s, channel, &d)) {
1218 d->addr = __addr(s->initiator, dlci);
1219 rfcomm_dlc_link(s, d);
1221 if (rfcomm_check_link_mode(d)) {
1222 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1223 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1227 rfcomm_dlc_accept(d);
1229 rfcomm_send_dm(s, dlci);
1235 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1237 struct rfcomm_session *s = d->session;
1239 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1240 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1242 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1243 pn->flow_ctrl == 0xe0) {
1244 d->cfc = RFCOMM_CFC_ENABLED;
1245 d->tx_credits = pn->credits;
1247 d->cfc = RFCOMM_CFC_DISABLED;
1248 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1251 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1254 d->priority = pn->priority;
1256 d->mtu = btohs(pn->mtu);
1258 if (cr && d->mtu > s->mtu)
1264 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1266 struct rfcomm_pn *pn = (void *) skb->data;
1267 struct rfcomm_dlc *d;
1270 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1275 d = rfcomm_dlc_get(s, dlci);
1279 rfcomm_apply_pn(d, cr, pn);
1280 rfcomm_send_pn(s, 0, d);
1285 rfcomm_apply_pn(d, cr, pn);
1287 d->state = BT_CONNECT;
1288 rfcomm_send_sabm(s, d->dlci);
1293 u8 channel = __srv_channel(dlci);
1298 /* PN request for non existing DLC.
1299 * Assume incoming connection. */
1300 if (rfcomm_connect_ind(s, channel, &d)) {
1302 d->addr = __addr(s->initiator, dlci);
1303 rfcomm_dlc_link(s, d);
1305 rfcomm_apply_pn(d, cr, pn);
1308 rfcomm_send_pn(s, 0, d);
1310 rfcomm_send_dm(s, dlci);
1316 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1318 struct rfcomm_rpn *rpn = (void *) skb->data;
1319 u8 dlci = __get_dlci(rpn->dlci);
1328 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1330 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1331 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1332 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1338 /* This is a request, return default settings */
1339 bit_rate = RFCOMM_RPN_BR_115200;
1340 data_bits = RFCOMM_RPN_DATA_8;
1341 stop_bits = RFCOMM_RPN_STOP_1;
1342 parity = RFCOMM_RPN_PARITY_NONE;
1343 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1344 xon_char = RFCOMM_RPN_XON_CHAR;
1345 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1349 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1350 * no parity, no flow control lines, normal XON/XOFF chars */
1352 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1353 bit_rate = rpn->bit_rate;
1354 if (bit_rate != RFCOMM_RPN_BR_115200) {
1355 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1356 bit_rate = RFCOMM_RPN_BR_115200;
1357 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1361 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1362 data_bits = __get_rpn_data_bits(rpn->line_settings);
1363 if (data_bits != RFCOMM_RPN_DATA_8) {
1364 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1365 data_bits = RFCOMM_RPN_DATA_8;
1366 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1370 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1371 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1372 if (stop_bits != RFCOMM_RPN_STOP_1) {
1373 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1374 stop_bits = RFCOMM_RPN_STOP_1;
1375 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1379 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1380 parity = __get_rpn_parity(rpn->line_settings);
1381 if (parity != RFCOMM_RPN_PARITY_NONE) {
1382 BT_DBG("RPN parity mismatch 0x%x", parity);
1383 parity = RFCOMM_RPN_PARITY_NONE;
1384 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1388 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1389 flow_ctrl = rpn->flow_ctrl;
1390 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1391 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1392 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1393 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1397 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1398 xon_char = rpn->xon_char;
1399 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1400 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1401 xon_char = RFCOMM_RPN_XON_CHAR;
1402 rpn_mask ^= RFCOMM_RPN_PM_XON;
1406 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1407 xoff_char = rpn->xoff_char;
1408 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1409 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1410 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1411 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1416 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1417 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1422 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1424 struct rfcomm_rls *rls = (void *) skb->data;
1425 u8 dlci = __get_dlci(rls->dlci);
1427 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1432 /* We should probably do something with this information here. But
1433 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1434 * mandatory to recognise and respond to RLS */
1436 rfcomm_send_rls(s, 0, dlci, rls->status);
1441 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1443 struct rfcomm_msc *msc = (void *) skb->data;
1444 struct rfcomm_dlc *d;
1445 u8 dlci = __get_dlci(msc->dlci);
1447 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1449 d = rfcomm_dlc_get(s, dlci);
1454 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1455 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1457 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1460 if (d->modem_status)
1461 d->modem_status(d, msc->v24_sig);
1462 rfcomm_dlc_unlock(d);
1464 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1466 d->mscex |= RFCOMM_MSCEX_RX;
1468 d->mscex |= RFCOMM_MSCEX_TX;
1473 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1475 struct rfcomm_mcc *mcc = (void *) skb->data;
1478 cr = __test_cr(mcc->type);
1479 type = __get_mcc_type(mcc->type);
1480 len = __get_mcc_len(mcc->len);
1482 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1488 rfcomm_recv_pn(s, cr, skb);
1492 rfcomm_recv_rpn(s, cr, len, skb);
1496 rfcomm_recv_rls(s, cr, skb);
1500 rfcomm_recv_msc(s, cr, skb);
1505 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1506 rfcomm_send_fcoff(s, 0);
1512 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1513 rfcomm_send_fcon(s, 0);
1519 rfcomm_send_test(s, 0, skb->data, skb->len);
1526 BT_ERR("Unknown control type 0x%02x", type);
1527 rfcomm_send_nsc(s, cr, type);
1533 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1535 struct rfcomm_dlc *d;
1537 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1539 d = rfcomm_dlc_get(s, dlci);
1541 rfcomm_send_dm(s, dlci);
1546 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1548 d->tx_credits += credits;
1550 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1553 if (skb->len && d->state == BT_CONNECTED) {
1556 d->data_ready(d, skb);
1557 rfcomm_dlc_unlock(d);
1566 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1568 struct rfcomm_hdr *hdr = (void *) skb->data;
1571 dlci = __get_dlci(hdr->addr);
1572 type = __get_type(hdr->ctrl);
1575 skb->len--; skb->tail--;
1576 fcs = *(u8 *)skb_tail_pointer(skb);
1578 if (__check_fcs(skb->data, type, fcs)) {
1579 BT_ERR("bad checksum in packet");
1584 if (__test_ea(hdr->len))
1591 if (__test_pf(hdr->ctrl))
1592 rfcomm_recv_sabm(s, dlci);
1596 if (__test_pf(hdr->ctrl))
1597 rfcomm_recv_disc(s, dlci);
1601 if (__test_pf(hdr->ctrl))
1602 rfcomm_recv_ua(s, dlci);
1606 rfcomm_recv_dm(s, dlci);
1611 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1613 rfcomm_recv_mcc(s, skb);
1617 BT_ERR("Unknown packet type 0x%02x\n", type);
1624 /* ---- Connection and data processing ---- */
1626 static void rfcomm_process_connect(struct rfcomm_session *s)
1628 struct rfcomm_dlc *d;
1629 struct list_head *p, *n;
1631 BT_DBG("session %p state %ld", s, s->state);
1633 list_for_each_safe(p, n, &s->dlcs) {
1634 d = list_entry(p, struct rfcomm_dlc, list);
1635 if (d->state == BT_CONFIG) {
1637 rfcomm_send_pn(s, 1, d);
1642 /* Send data queued for the DLC.
1643 * Return number of frames left in the queue.
1645 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1647 struct sk_buff *skb;
1650 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1651 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1653 /* Send pending MSC */
1654 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1655 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1659 * Give them some credits */
1660 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1661 d->rx_credits <= (d->cfc >> 2)) {
1662 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1663 d->rx_credits = d->cfc;
1667 * Give ourselves some credits */
1671 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1672 return skb_queue_len(&d->tx_queue);
1674 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1675 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1677 skb_queue_head(&d->tx_queue, skb);
1684 if (d->cfc && !d->tx_credits) {
1685 /* We're out of TX credits.
1686 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1687 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1690 return skb_queue_len(&d->tx_queue);
1693 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1695 struct rfcomm_dlc *d;
1696 struct list_head *p, *n;
1698 BT_DBG("session %p state %ld", s, s->state);
1700 list_for_each_safe(p, n, &s->dlcs) {
1701 d = list_entry(p, struct rfcomm_dlc, list);
1703 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1704 __rfcomm_dlc_close(d, ETIMEDOUT);
1708 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1709 rfcomm_dlc_clear_timer(d);
1710 rfcomm_dlc_accept(d);
1711 if (d->link_mode & RFCOMM_LM_SECURE) {
1712 struct sock *sk = s->sock->sk;
1713 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
1716 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1717 rfcomm_dlc_clear_timer(d);
1718 rfcomm_send_dm(s, d->dlci);
1719 __rfcomm_dlc_close(d, ECONNREFUSED);
1723 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1726 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1727 d->mscex == RFCOMM_MSCEX_OK)
1728 rfcomm_process_tx(d);
1732 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1734 struct socket *sock = s->sock;
1735 struct sock *sk = sock->sk;
1736 struct sk_buff *skb;
1738 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1740 /* Get data directly from socket receive queue without copying it. */
1741 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1743 rfcomm_recv_frame(s, skb);
1746 if (sk->sk_state == BT_CLOSED) {
1748 rfcomm_session_put(s);
1750 rfcomm_session_close(s, sk->sk_err);
1754 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1756 struct socket *sock = s->sock, *nsock;
1759 /* Fast check for a new connection.
1760 * Avoids unnesesary socket allocations. */
1761 if (list_empty(&bt_sk(sock->sk)->accept_q))
1764 BT_DBG("session %p", s);
1766 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1770 __module_get(nsock->ops->owner);
1772 /* Set our callbacks */
1773 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1774 nsock->sk->sk_state_change = rfcomm_l2state_change;
1776 s = rfcomm_session_add(nsock, BT_OPEN);
1778 rfcomm_session_hold(s);
1780 /* We should adjust MTU on incoming sessions.
1781 * L2CAP MTU minus UIH header and FCS. */
1782 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5;
1784 rfcomm_schedule(RFCOMM_SCHED_RX);
1786 sock_release(nsock);
1789 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1791 struct sock *sk = s->sock->sk;
1793 BT_DBG("%p state %ld", s, s->state);
1795 switch(sk->sk_state) {
1797 s->state = BT_CONNECT;
1799 /* We can adjust MTU on outgoing sessions.
1800 * L2CAP MTU minus UIH header and FCS. */
1801 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1803 rfcomm_send_sabm(s, 0);
1807 s->state = BT_CLOSED;
1808 rfcomm_session_close(s, sk->sk_err);
1813 static inline void rfcomm_process_sessions(void)
1815 struct list_head *p, *n;
1819 list_for_each_safe(p, n, &session_list) {
1820 struct rfcomm_session *s;
1821 s = list_entry(p, struct rfcomm_session, list);
1823 if (s->state == BT_LISTEN) {
1824 rfcomm_accept_connection(s);
1828 rfcomm_session_hold(s);
1832 rfcomm_check_connection(s);
1836 rfcomm_process_rx(s);
1840 rfcomm_process_dlcs(s);
1842 rfcomm_session_put(s);
1848 static int rfcomm_add_listener(bdaddr_t *ba)
1850 struct sockaddr_l2 addr;
1851 struct socket *sock;
1853 struct rfcomm_session *s;
1857 err = rfcomm_l2sock_create(&sock);
1859 BT_ERR("Create socket failed %d", err);
1864 bacpy(&addr.l2_bdaddr, ba);
1865 addr.l2_family = AF_BLUETOOTH;
1866 addr.l2_psm = htobs(RFCOMM_PSM);
1867 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1869 BT_ERR("Bind failed %d", err);
1873 /* Set L2CAP options */
1876 l2cap_pi(sk)->imtu = l2cap_mtu;
1879 /* Start listening on the socket */
1880 err = kernel_listen(sock, 10);
1882 BT_ERR("Listen failed %d", err);
1886 /* Add listening session */
1887 s = rfcomm_session_add(sock, BT_LISTEN);
1891 rfcomm_session_hold(s);
1898 static void rfcomm_kill_listener(void)
1900 struct rfcomm_session *s;
1901 struct list_head *p, *n;
1905 list_for_each_safe(p, n, &session_list) {
1906 s = list_entry(p, struct rfcomm_session, list);
1907 rfcomm_session_del(s);
1911 static int rfcomm_run(void *unused)
1915 set_user_nice(current, -10);
1917 rfcomm_add_listener(BDADDR_ANY);
1919 while (!kthread_should_stop()) {
1920 set_current_state(TASK_INTERRUPTIBLE);
1921 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1922 /* No pending events. Let's sleep.
1923 * Incoming connections and data will wake us up. */
1926 set_current_state(TASK_RUNNING);
1929 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1930 rfcomm_process_sessions();
1933 rfcomm_kill_listener();
1938 static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
1940 struct rfcomm_session *s;
1941 struct rfcomm_dlc *d;
1942 struct list_head *p, *n;
1944 BT_DBG("conn %p status 0x%02x", conn, status);
1946 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1950 rfcomm_session_hold(s);
1952 list_for_each_safe(p, n, &s->dlcs) {
1953 d = list_entry(p, struct rfcomm_dlc, list);
1955 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE))
1958 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1962 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1964 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1967 rfcomm_session_put(s);
1969 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1972 static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1974 struct rfcomm_session *s;
1975 struct rfcomm_dlc *d;
1976 struct list_head *p, *n;
1978 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
1980 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1984 rfcomm_session_hold(s);
1986 list_for_each_safe(p, n, &s->dlcs) {
1987 d = list_entry(p, struct rfcomm_dlc, list);
1989 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1992 if (!status && encrypt)
1993 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1995 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1998 rfcomm_session_put(s);
2000 rfcomm_schedule(RFCOMM_SCHED_AUTH);
2003 static struct hci_cb rfcomm_cb = {
2005 .auth_cfm = rfcomm_auth_cfm,
2006 .encrypt_cfm = rfcomm_encrypt_cfm
2009 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
2011 struct rfcomm_session *s;
2012 struct list_head *pp, *p;
2017 list_for_each(p, &session_list) {
2018 s = list_entry(p, struct rfcomm_session, list);
2019 list_for_each(pp, &s->dlcs) {
2020 struct sock *sk = s->sock->sk;
2021 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
2023 str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2024 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2025 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
2034 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
2036 /* ---- Initialization ---- */
2037 static int __init rfcomm_init(void)
2041 hci_register_cb(&rfcomm_cb);
2043 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2044 if (IS_ERR(rfcomm_thread)) {
2045 hci_unregister_cb(&rfcomm_cb);
2046 return PTR_ERR(rfcomm_thread);
2049 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0)
2050 BT_ERR("Failed to create RFCOMM info file");
2052 rfcomm_init_sockets();
2054 #ifdef CONFIG_BT_RFCOMM_TTY
2058 BT_INFO("RFCOMM ver %s", VERSION);
2063 static void __exit rfcomm_exit(void)
2065 class_remove_file(bt_class, &class_attr_rfcomm_dlc);
2067 hci_unregister_cb(&rfcomm_cb);
2069 kthread_stop(rfcomm_thread);
2071 #ifdef CONFIG_BT_RFCOMM_TTY
2072 rfcomm_cleanup_ttys();
2075 rfcomm_cleanup_sockets();
2078 module_init(rfcomm_init);
2079 module_exit(rfcomm_exit);
2081 module_param(disable_cfc, bool, 0644);
2082 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2084 module_param(channel_mtu, int, 0644);
2085 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2087 module_param(l2cap_mtu, uint, 0644);
2088 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2090 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
2091 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2092 MODULE_VERSION(VERSION);
2093 MODULE_LICENSE("GPL");
2094 MODULE_ALIAS("bt-proto-3");