2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
27 * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $
30 #include <linux/config.h>
31 #include <linux/module.h>
32 #include <linux/errno.h>
33 #include <linux/kernel.h>
34 #include <linux/sched.h>
35 #include <linux/signal.h>
36 #include <linux/init.h>
37 #include <linux/wait.h>
38 #include <linux/device.h>
39 #include <linux/net.h>
41 #include <asm/uaccess.h>
42 #include <asm/unaligned.h>
44 #include <net/bluetooth/bluetooth.h>
45 #include <net/bluetooth/hci_core.h>
46 #include <net/bluetooth/l2cap.h>
47 #include <net/bluetooth/rfcomm.h>
49 #ifndef CONFIG_BT_RFCOMM_DEBUG
56 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
58 static struct task_struct *rfcomm_thread;
60 static DECLARE_MUTEX(rfcomm_sem);
61 #define rfcomm_lock() down(&rfcomm_sem);
62 #define rfcomm_unlock() up(&rfcomm_sem);
64 static unsigned long rfcomm_event;
66 static LIST_HEAD(session_list);
67 static atomic_t terminate, running;
69 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
70 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
71 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
72 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
73 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
74 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
75 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
76 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
77 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
78 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
80 static void rfcomm_process_connect(struct rfcomm_session *s);
82 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
83 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
84 static void rfcomm_session_del(struct rfcomm_session *s);
86 /* ---- RFCOMM frame parsing macros ---- */
87 #define __get_dlci(b) ((b & 0xfc) >> 2)
88 #define __get_channel(b) ((b & 0xf8) >> 3)
89 #define __get_dir(b) ((b & 0x04) >> 2)
90 #define __get_type(b) ((b & 0xef))
92 #define __test_ea(b) ((b & 0x01))
93 #define __test_cr(b) ((b & 0x02))
94 #define __test_pf(b) ((b & 0x10))
96 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
97 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
98 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
99 #define __srv_channel(dlci) (dlci >> 1)
100 #define __dir(dlci) (dlci & 0x01)
102 #define __len8(len) (((len) << 1) | 1)
103 #define __len16(len) ((len) << 1)
106 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
107 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
108 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
111 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
112 #define __get_rpn_data_bits(line) ((line) & 0x3)
113 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
114 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
116 static inline void rfcomm_schedule(uint event)
120 //set_bit(event, &rfcomm_event);
121 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
122 wake_up_process(rfcomm_thread);
125 static inline void rfcomm_session_put(struct rfcomm_session *s)
127 if (atomic_dec_and_test(&s->refcnt))
128 rfcomm_session_del(s);
131 /* ---- RFCOMM FCS computation ---- */
133 /* reversed, 8-bit, poly=0x07 */
134 static unsigned char rfcomm_crc_table[256] = {
135 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
136 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
137 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
138 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
140 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
141 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
142 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
143 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
145 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
146 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
147 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
148 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
150 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
151 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
152 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
153 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
155 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
156 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
157 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
158 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
160 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
161 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
162 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
163 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
165 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
166 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
167 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
168 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
170 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
171 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
172 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
173 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
177 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
180 static inline u8 __fcs(u8 *data)
182 return (0xff - __crc(data));
186 static inline u8 __fcs2(u8 *data)
188 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
192 static inline int __check_fcs(u8 *data, int type, u8 fcs)
196 if (type != RFCOMM_UIH)
197 f = rfcomm_crc_table[f ^ data[2]];
199 return rfcomm_crc_table[f ^ fcs] != 0xcf;
202 /* ---- L2CAP callbacks ---- */
203 static void rfcomm_l2state_change(struct sock *sk)
205 BT_DBG("%p state %d", sk, sk->sk_state);
206 rfcomm_schedule(RFCOMM_SCHED_STATE);
209 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
211 BT_DBG("%p bytes %d", sk, bytes);
212 rfcomm_schedule(RFCOMM_SCHED_RX);
215 static int rfcomm_l2sock_create(struct socket **sock)
221 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
223 struct sock *sk = (*sock)->sk;
224 sk->sk_data_ready = rfcomm_l2data_ready;
225 sk->sk_state_change = rfcomm_l2state_change;
230 /* ---- RFCOMM DLCs ---- */
231 static void rfcomm_dlc_timeout(unsigned long arg)
233 struct rfcomm_dlc *d = (void *) arg;
235 BT_DBG("dlc %p state %ld", d, d->state);
237 set_bit(RFCOMM_TIMED_OUT, &d->flags);
239 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
242 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
244 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
246 if (!mod_timer(&d->timer, jiffies + timeout))
250 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
252 BT_DBG("dlc %p state %ld", d, d->state);
254 if (timer_pending(&d->timer) && del_timer(&d->timer))
258 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
265 d->mtu = RFCOMM_DEFAULT_MTU;
266 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
268 d->cfc = RFCOMM_CFC_DISABLED;
269 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
272 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
274 struct rfcomm_dlc *d = kmalloc(sizeof(*d), prio);
277 memset(d, 0, sizeof(*d));
279 init_timer(&d->timer);
280 d->timer.function = rfcomm_dlc_timeout;
281 d->timer.data = (unsigned long) d;
283 skb_queue_head_init(&d->tx_queue);
284 spin_lock_init(&d->lock);
285 atomic_set(&d->refcnt, 1);
287 rfcomm_dlc_clear_state(d);
293 void rfcomm_dlc_free(struct rfcomm_dlc *d)
297 skb_queue_purge(&d->tx_queue);
301 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
303 BT_DBG("dlc %p session %p", d, s);
305 rfcomm_session_hold(s);
308 list_add(&d->list, &s->dlcs);
312 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
314 struct rfcomm_session *s = d->session;
316 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
322 rfcomm_session_put(s);
325 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
327 struct rfcomm_dlc *d;
330 list_for_each(p, &s->dlcs) {
331 d = list_entry(p, struct rfcomm_dlc, list);
338 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
340 struct rfcomm_session *s;
344 BT_DBG("dlc %p state %ld %s %s channel %d",
345 d, d->state, batostr(src), batostr(dst), channel);
347 if (channel < 1 || channel > 30)
350 if (d->state != BT_OPEN && d->state != BT_CLOSED)
353 s = rfcomm_session_get(src, dst);
355 s = rfcomm_session_create(src, dst, &err);
360 dlci = __dlci(!s->initiator, channel);
362 /* Check if DLCI already exists */
363 if (rfcomm_dlc_get(s, dlci))
366 rfcomm_dlc_clear_state(d);
369 d->addr = __addr(s->initiator, dlci);
372 d->state = BT_CONFIG;
373 rfcomm_dlc_link(s, d);
376 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
378 if (s->state == BT_CONNECTED)
379 rfcomm_send_pn(s, 1, d);
380 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
384 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
390 r = __rfcomm_dlc_open(d, src, dst, channel);
396 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
398 struct rfcomm_session *s = d->session;
402 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
403 d, d->state, d->dlci, err, s);
409 d->state = BT_DISCONN;
410 if (skb_queue_empty(&d->tx_queue)) {
411 rfcomm_send_disc(s, d->dlci);
412 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
414 rfcomm_queue_disc(d);
415 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
420 rfcomm_dlc_clear_timer(d);
423 d->state = BT_CLOSED;
424 d->state_change(d, err);
425 rfcomm_dlc_unlock(d);
427 skb_queue_purge(&d->tx_queue);
428 rfcomm_dlc_unlink(d);
434 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
440 r = __rfcomm_dlc_close(d, err);
446 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
450 if (d->state != BT_CONNECTED)
453 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
458 rfcomm_make_uih(skb, d->addr);
459 skb_queue_tail(&d->tx_queue, skb);
461 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
462 rfcomm_schedule(RFCOMM_SCHED_TX);
466 void fastcall __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
468 BT_DBG("dlc %p state %ld", d, d->state);
471 d->v24_sig |= RFCOMM_V24_FC;
472 set_bit(RFCOMM_MSC_PENDING, &d->flags);
474 rfcomm_schedule(RFCOMM_SCHED_TX);
477 void fastcall __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
479 BT_DBG("dlc %p state %ld", d, d->state);
482 d->v24_sig &= ~RFCOMM_V24_FC;
483 set_bit(RFCOMM_MSC_PENDING, &d->flags);
485 rfcomm_schedule(RFCOMM_SCHED_TX);
489 Set/get modem status functions use _local_ status i.e. what we report
491 Remote status is provided by dlc->modem_status() callback.
493 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
495 BT_DBG("dlc %p state %ld v24_sig 0x%x",
496 d, d->state, v24_sig);
498 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
499 v24_sig |= RFCOMM_V24_FC;
501 v24_sig &= ~RFCOMM_V24_FC;
503 d->v24_sig = v24_sig;
505 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
506 rfcomm_schedule(RFCOMM_SCHED_TX);
511 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
513 BT_DBG("dlc %p state %ld v24_sig 0x%x",
514 d, d->state, d->v24_sig);
516 *v24_sig = d->v24_sig;
520 /* ---- RFCOMM sessions ---- */
521 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
523 struct rfcomm_session *s = kmalloc(sizeof(*s), GFP_KERNEL);
526 memset(s, 0, sizeof(*s));
528 BT_DBG("session %p sock %p", s, sock);
530 INIT_LIST_HEAD(&s->dlcs);
534 s->mtu = RFCOMM_DEFAULT_MTU;
535 s->cfc = RFCOMM_CFC_UNKNOWN;
537 /* Do not increment module usage count for listening sessions.
538 * Otherwise we won't be able to unload the module. */
539 if (state != BT_LISTEN)
540 if (!try_module_get(THIS_MODULE)) {
545 list_add(&s->list, &session_list);
550 static void rfcomm_session_del(struct rfcomm_session *s)
552 int state = s->state;
554 BT_DBG("session %p state %ld", s, s->state);
558 if (state == BT_CONNECTED)
559 rfcomm_send_disc(s, 0);
561 sock_release(s->sock);
564 if (state != BT_LISTEN)
565 module_put(THIS_MODULE);
568 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
570 struct rfcomm_session *s;
571 struct list_head *p, *n;
573 list_for_each_safe(p, n, &session_list) {
574 s = list_entry(p, struct rfcomm_session, list);
575 sk = bt_sk(s->sock->sk);
577 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
578 !bacmp(&sk->dst, dst))
584 static void rfcomm_session_close(struct rfcomm_session *s, int err)
586 struct rfcomm_dlc *d;
587 struct list_head *p, *n;
589 BT_DBG("session %p state %ld err %d", s, s->state, err);
591 rfcomm_session_hold(s);
593 s->state = BT_CLOSED;
596 list_for_each_safe(p, n, &s->dlcs) {
597 d = list_entry(p, struct rfcomm_dlc, list);
598 d->state = BT_CLOSED;
599 __rfcomm_dlc_close(d, err);
602 rfcomm_session_put(s);
605 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
607 struct rfcomm_session *s = NULL;
608 struct sockaddr_l2 addr;
612 BT_DBG("%s %s", batostr(src), batostr(dst));
614 *err = rfcomm_l2sock_create(&sock);
618 bacpy(&addr.l2_bdaddr, src);
619 addr.l2_family = AF_BLUETOOTH;
621 *err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
625 /* Set L2CAP options */
628 l2cap_pi(sk)->imtu = l2cap_mtu;
631 s = rfcomm_session_add(sock, BT_BOUND);
639 bacpy(&addr.l2_bdaddr, dst);
640 addr.l2_family = AF_BLUETOOTH;
641 addr.l2_psm = htobs(RFCOMM_PSM);
642 *err = sock->ops->connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
643 if (*err == 0 || *err == -EAGAIN)
646 rfcomm_session_del(s);
654 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
656 struct sock *sk = s->sock->sk;
658 bacpy(src, &bt_sk(sk)->src);
660 bacpy(dst, &bt_sk(sk)->dst);
663 /* ---- RFCOMM frame sending ---- */
664 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
666 struct socket *sock = s->sock;
667 struct kvec iv = { data, len };
670 BT_DBG("session %p len %d", s, len);
672 memset(&msg, 0, sizeof(msg));
674 return kernel_sendmsg(sock, &msg, &iv, 1, len);
677 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
679 struct rfcomm_cmd cmd;
681 BT_DBG("%p dlci %d", s, dlci);
683 cmd.addr = __addr(s->initiator, dlci);
684 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
686 cmd.fcs = __fcs2((u8 *) &cmd);
688 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
691 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
693 struct rfcomm_cmd cmd;
695 BT_DBG("%p dlci %d", s, dlci);
697 cmd.addr = __addr(!s->initiator, dlci);
698 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
700 cmd.fcs = __fcs2((u8 *) &cmd);
702 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
705 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
707 struct rfcomm_cmd cmd;
709 BT_DBG("%p dlci %d", s, dlci);
711 cmd.addr = __addr(s->initiator, dlci);
712 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
714 cmd.fcs = __fcs2((u8 *) &cmd);
716 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
719 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
721 struct rfcomm_cmd *cmd;
724 BT_DBG("dlc %p dlci %d", d, d->dlci);
726 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
730 cmd = (void *) __skb_put(skb, sizeof(*cmd));
732 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
733 cmd->len = __len8(0);
734 cmd->fcs = __fcs2((u8 *) cmd);
736 skb_queue_tail(&d->tx_queue, skb);
737 rfcomm_schedule(RFCOMM_SCHED_TX);
741 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
743 struct rfcomm_cmd cmd;
745 BT_DBG("%p dlci %d", s, dlci);
747 cmd.addr = __addr(!s->initiator, dlci);
748 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
750 cmd.fcs = __fcs2((u8 *) &cmd);
752 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
755 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
757 struct rfcomm_hdr *hdr;
758 struct rfcomm_mcc *mcc;
759 u8 buf[16], *ptr = buf;
761 BT_DBG("%p cr %d type %d", s, cr, type);
763 hdr = (void *) ptr; ptr += sizeof(*hdr);
764 hdr->addr = __addr(s->initiator, 0);
765 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
766 hdr->len = __len8(sizeof(*mcc) + 1);
768 mcc = (void *) ptr; ptr += sizeof(*mcc);
769 mcc->type = __mcc_type(cr, RFCOMM_NSC);
770 mcc->len = __len8(1);
772 /* Type that we didn't like */
773 *ptr = __mcc_type(cr, type); ptr++;
775 *ptr = __fcs(buf); ptr++;
777 return rfcomm_send_frame(s, buf, ptr - buf);
780 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
782 struct rfcomm_hdr *hdr;
783 struct rfcomm_mcc *mcc;
784 struct rfcomm_pn *pn;
785 u8 buf[16], *ptr = buf;
787 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
789 hdr = (void *) ptr; ptr += sizeof(*hdr);
790 hdr->addr = __addr(s->initiator, 0);
791 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
792 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
794 mcc = (void *) ptr; ptr += sizeof(*mcc);
795 mcc->type = __mcc_type(cr, RFCOMM_PN);
796 mcc->len = __len8(sizeof(*pn));
798 pn = (void *) ptr; ptr += sizeof(*pn);
800 pn->priority = d->priority;
805 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
806 pn->credits = RFCOMM_DEFAULT_CREDITS;
812 pn->mtu = htobs(d->mtu);
814 *ptr = __fcs(buf); ptr++;
816 return rfcomm_send_frame(s, buf, ptr - buf);
819 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
820 u8 bit_rate, u8 data_bits, u8 stop_bits,
821 u8 parity, u8 flow_ctrl_settings,
822 u8 xon_char, u8 xoff_char, u16 param_mask)
824 struct rfcomm_hdr *hdr;
825 struct rfcomm_mcc *mcc;
826 struct rfcomm_rpn *rpn;
827 u8 buf[16], *ptr = buf;
829 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
830 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
831 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
832 flow_ctrl_settings, xon_char, xoff_char, param_mask);
834 hdr = (void *) ptr; ptr += sizeof(*hdr);
835 hdr->addr = __addr(s->initiator, 0);
836 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
837 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
839 mcc = (void *) ptr; ptr += sizeof(*mcc);
840 mcc->type = __mcc_type(cr, RFCOMM_RPN);
841 mcc->len = __len8(sizeof(*rpn));
843 rpn = (void *) ptr; ptr += sizeof(*rpn);
844 rpn->dlci = __addr(1, dlci);
845 rpn->bit_rate = bit_rate;
846 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
847 rpn->flow_ctrl = flow_ctrl_settings;
848 rpn->xon_char = xon_char;
849 rpn->xoff_char = xoff_char;
850 rpn->param_mask = param_mask;
852 *ptr = __fcs(buf); ptr++;
854 return rfcomm_send_frame(s, buf, ptr - buf);
857 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
859 struct rfcomm_hdr *hdr;
860 struct rfcomm_mcc *mcc;
861 struct rfcomm_rls *rls;
862 u8 buf[16], *ptr = buf;
864 BT_DBG("%p cr %d status 0x%x", s, cr, status);
866 hdr = (void *) ptr; ptr += sizeof(*hdr);
867 hdr->addr = __addr(s->initiator, 0);
868 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
869 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
871 mcc = (void *) ptr; ptr += sizeof(*mcc);
872 mcc->type = __mcc_type(cr, RFCOMM_RLS);
873 mcc->len = __len8(sizeof(*rls));
875 rls = (void *) ptr; ptr += sizeof(*rls);
876 rls->dlci = __addr(1, dlci);
877 rls->status = status;
879 *ptr = __fcs(buf); ptr++;
881 return rfcomm_send_frame(s, buf, ptr - buf);
884 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
886 struct rfcomm_hdr *hdr;
887 struct rfcomm_mcc *mcc;
888 struct rfcomm_msc *msc;
889 u8 buf[16], *ptr = buf;
891 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
893 hdr = (void *) ptr; ptr += sizeof(*hdr);
894 hdr->addr = __addr(s->initiator, 0);
895 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
896 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
898 mcc = (void *) ptr; ptr += sizeof(*mcc);
899 mcc->type = __mcc_type(cr, RFCOMM_MSC);
900 mcc->len = __len8(sizeof(*msc));
902 msc = (void *) ptr; ptr += sizeof(*msc);
903 msc->dlci = __addr(1, dlci);
904 msc->v24_sig = v24_sig | 0x01;
906 *ptr = __fcs(buf); ptr++;
908 return rfcomm_send_frame(s, buf, ptr - buf);
911 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
913 struct rfcomm_hdr *hdr;
914 struct rfcomm_mcc *mcc;
915 u8 buf[16], *ptr = buf;
917 BT_DBG("%p cr %d", s, cr);
919 hdr = (void *) ptr; ptr += sizeof(*hdr);
920 hdr->addr = __addr(s->initiator, 0);
921 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
922 hdr->len = __len8(sizeof(*mcc));
924 mcc = (void *) ptr; ptr += sizeof(*mcc);
925 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
926 mcc->len = __len8(0);
928 *ptr = __fcs(buf); ptr++;
930 return rfcomm_send_frame(s, buf, ptr - buf);
933 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
935 struct rfcomm_hdr *hdr;
936 struct rfcomm_mcc *mcc;
937 u8 buf[16], *ptr = buf;
939 BT_DBG("%p cr %d", s, cr);
941 hdr = (void *) ptr; ptr += sizeof(*hdr);
942 hdr->addr = __addr(s->initiator, 0);
943 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
944 hdr->len = __len8(sizeof(*mcc));
946 mcc = (void *) ptr; ptr += sizeof(*mcc);
947 mcc->type = __mcc_type(cr, RFCOMM_FCON);
948 mcc->len = __len8(0);
950 *ptr = __fcs(buf); ptr++;
952 return rfcomm_send_frame(s, buf, ptr - buf);
955 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
957 struct socket *sock = s->sock;
960 unsigned char hdr[5], crc[1];
965 BT_DBG("%p cr %d", s, cr);
967 hdr[0] = __addr(s->initiator, 0);
968 hdr[1] = __ctrl(RFCOMM_UIH, 0);
969 hdr[2] = 0x01 | ((len + 2) << 1);
970 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
971 hdr[4] = 0x01 | (len << 1);
975 iv[0].iov_base = hdr;
977 iv[1].iov_base = pattern;
979 iv[2].iov_base = crc;
982 memset(&msg, 0, sizeof(msg));
984 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
987 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
989 struct rfcomm_hdr *hdr;
990 u8 buf[16], *ptr = buf;
992 BT_DBG("%p addr %d credits %d", s, addr, credits);
994 hdr = (void *) ptr; ptr += sizeof(*hdr);
996 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
997 hdr->len = __len8(0);
999 *ptr = credits; ptr++;
1001 *ptr = __fcs(buf); ptr++;
1003 return rfcomm_send_frame(s, buf, ptr - buf);
1006 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1008 struct rfcomm_hdr *hdr;
1013 hdr = (void *) skb_push(skb, 4);
1014 put_unaligned(htobs(__len16(len)), (u16 *) &hdr->len);
1016 hdr = (void *) skb_push(skb, 3);
1017 hdr->len = __len8(len);
1020 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1022 crc = skb_put(skb, 1);
1023 *crc = __fcs((void *) hdr);
1026 /* ---- RFCOMM frame reception ---- */
1027 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1029 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1033 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1035 rfcomm_send_dm(s, dlci);
1041 rfcomm_dlc_clear_timer(d);
1044 d->state = BT_CONNECTED;
1045 d->state_change(d, 0);
1046 rfcomm_dlc_unlock(d);
1048 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1052 d->state = BT_CLOSED;
1053 __rfcomm_dlc_close(d, 0);
1057 /* Control channel */
1060 s->state = BT_CONNECTED;
1061 rfcomm_process_connect(s);
1068 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1072 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1076 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1078 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1083 d->state = BT_CLOSED;
1084 __rfcomm_dlc_close(d, err);
1087 if (s->state == BT_CONNECT)
1092 s->state = BT_CLOSED;
1093 rfcomm_session_close(s, err);
1098 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1102 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1105 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1107 rfcomm_send_ua(s, dlci);
1109 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1114 d->state = BT_CLOSED;
1115 __rfcomm_dlc_close(d, err);
1117 rfcomm_send_dm(s, dlci);
1120 rfcomm_send_ua(s, 0);
1122 if (s->state == BT_CONNECT)
1127 s->state = BT_CLOSED;
1128 rfcomm_session_close(s, err);
1134 static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
1136 struct sock *sk = d->session->sock->sk;
1138 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
1139 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
1141 } else if (d->link_mode & RFCOMM_LM_AUTH) {
1142 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
1149 static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1151 BT_DBG("dlc %p", d);
1153 rfcomm_send_ua(d->session, d->dlci);
1156 d->state = BT_CONNECTED;
1157 d->state_change(d, 0);
1158 rfcomm_dlc_unlock(d);
1160 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1163 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1165 struct rfcomm_dlc *d;
1168 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1171 rfcomm_send_ua(s, 0);
1173 if (s->state == BT_OPEN) {
1174 s->state = BT_CONNECTED;
1175 rfcomm_process_connect(s);
1180 /* Check if DLC exists */
1181 d = rfcomm_dlc_get(s, dlci);
1183 if (d->state == BT_OPEN) {
1184 /* DLC was previously opened by PN request */
1185 if (rfcomm_check_link_mode(d)) {
1186 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1187 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1191 rfcomm_dlc_accept(d);
1196 /* Notify socket layer about incoming connection */
1197 channel = __srv_channel(dlci);
1198 if (rfcomm_connect_ind(s, channel, &d)) {
1200 d->addr = __addr(s->initiator, dlci);
1201 rfcomm_dlc_link(s, d);
1203 if (rfcomm_check_link_mode(d)) {
1204 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1205 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1209 rfcomm_dlc_accept(d);
1211 rfcomm_send_dm(s, dlci);
1217 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1219 struct rfcomm_session *s = d->session;
1221 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1222 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1224 if (pn->flow_ctrl == 0xf0 || pn->flow_ctrl == 0xe0) {
1225 d->cfc = s->cfc = RFCOMM_CFC_ENABLED;
1226 d->tx_credits = pn->credits;
1228 d->cfc = s->cfc = RFCOMM_CFC_DISABLED;
1229 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1232 d->priority = pn->priority;
1234 d->mtu = s->mtu = btohs(pn->mtu);
1239 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1241 struct rfcomm_pn *pn = (void *) skb->data;
1242 struct rfcomm_dlc *d;
1245 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1250 d = rfcomm_dlc_get(s, dlci);
1254 rfcomm_apply_pn(d, cr, pn);
1255 rfcomm_send_pn(s, 0, d);
1260 rfcomm_apply_pn(d, cr, pn);
1262 d->state = BT_CONNECT;
1263 rfcomm_send_sabm(s, d->dlci);
1268 u8 channel = __srv_channel(dlci);
1273 /* PN request for non existing DLC.
1274 * Assume incoming connection. */
1275 if (rfcomm_connect_ind(s, channel, &d)) {
1277 d->addr = __addr(s->initiator, dlci);
1278 rfcomm_dlc_link(s, d);
1280 rfcomm_apply_pn(d, cr, pn);
1283 rfcomm_send_pn(s, 0, d);
1285 rfcomm_send_dm(s, dlci);
1291 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1293 struct rfcomm_rpn *rpn = (void *) skb->data;
1294 u8 dlci = __get_dlci(rpn->dlci);
1303 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1305 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1306 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1307 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1313 /* This is a request, return default settings */
1314 bit_rate = RFCOMM_RPN_BR_115200;
1315 data_bits = RFCOMM_RPN_DATA_8;
1316 stop_bits = RFCOMM_RPN_STOP_1;
1317 parity = RFCOMM_RPN_PARITY_NONE;
1318 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1319 xon_char = RFCOMM_RPN_XON_CHAR;
1320 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1324 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1325 * no parity, no flow control lines, normal XON/XOFF chars */
1327 if (rpn->param_mask & RFCOMM_RPN_PM_BITRATE) {
1328 bit_rate = rpn->bit_rate;
1329 if (bit_rate != RFCOMM_RPN_BR_115200) {
1330 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1331 bit_rate = RFCOMM_RPN_BR_115200;
1332 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1336 if (rpn->param_mask & RFCOMM_RPN_PM_DATA) {
1337 data_bits = __get_rpn_data_bits(rpn->line_settings);
1338 if (data_bits != RFCOMM_RPN_DATA_8) {
1339 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1340 data_bits = RFCOMM_RPN_DATA_8;
1341 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1345 if (rpn->param_mask & RFCOMM_RPN_PM_STOP) {
1346 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1347 if (stop_bits != RFCOMM_RPN_STOP_1) {
1348 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1349 stop_bits = RFCOMM_RPN_STOP_1;
1350 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1354 if (rpn->param_mask & RFCOMM_RPN_PM_PARITY) {
1355 parity = __get_rpn_parity(rpn->line_settings);
1356 if (parity != RFCOMM_RPN_PARITY_NONE) {
1357 BT_DBG("RPN parity mismatch 0x%x", parity);
1358 parity = RFCOMM_RPN_PARITY_NONE;
1359 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1363 if (rpn->param_mask & RFCOMM_RPN_PM_FLOW) {
1364 flow_ctrl = rpn->flow_ctrl;
1365 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1366 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1367 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1368 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1372 if (rpn->param_mask & RFCOMM_RPN_PM_XON) {
1373 xon_char = rpn->xon_char;
1374 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1375 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1376 xon_char = RFCOMM_RPN_XON_CHAR;
1377 rpn_mask ^= RFCOMM_RPN_PM_XON;
1381 if (rpn->param_mask & RFCOMM_RPN_PM_XOFF) {
1382 xoff_char = rpn->xoff_char;
1383 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1384 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1385 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1386 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1391 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1392 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1397 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1399 struct rfcomm_rls *rls = (void *) skb->data;
1400 u8 dlci = __get_dlci(rls->dlci);
1402 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1407 /* We should probably do something with this information here. But
1408 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1409 * mandatory to recognise and respond to RLS */
1411 rfcomm_send_rls(s, 0, dlci, rls->status);
1416 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1418 struct rfcomm_msc *msc = (void *) skb->data;
1419 struct rfcomm_dlc *d;
1420 u8 dlci = __get_dlci(msc->dlci);
1422 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1424 d = rfcomm_dlc_get(s, dlci);
1429 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1430 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1432 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1435 if (d->modem_status)
1436 d->modem_status(d, msc->v24_sig);
1437 rfcomm_dlc_unlock(d);
1439 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1441 d->mscex |= RFCOMM_MSCEX_RX;
1443 d->mscex |= RFCOMM_MSCEX_TX;
1448 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1450 struct rfcomm_mcc *mcc = (void *) skb->data;
1453 cr = __test_cr(mcc->type);
1454 type = __get_mcc_type(mcc->type);
1455 len = __get_mcc_len(mcc->len);
1457 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1463 rfcomm_recv_pn(s, cr, skb);
1467 rfcomm_recv_rpn(s, cr, len, skb);
1471 rfcomm_recv_rls(s, cr, skb);
1475 rfcomm_recv_msc(s, cr, skb);
1480 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1481 rfcomm_send_fcoff(s, 0);
1487 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1488 rfcomm_send_fcon(s, 0);
1494 rfcomm_send_test(s, 0, skb->data, skb->len);
1501 BT_ERR("Unknown control type 0x%02x", type);
1502 rfcomm_send_nsc(s, cr, type);
1508 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1510 struct rfcomm_dlc *d;
1512 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1514 d = rfcomm_dlc_get(s, dlci);
1516 rfcomm_send_dm(s, dlci);
1521 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1523 d->tx_credits += credits;
1525 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1528 if (skb->len && d->state == BT_CONNECTED) {
1531 d->data_ready(d, skb);
1532 rfcomm_dlc_unlock(d);
1541 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1543 struct rfcomm_hdr *hdr = (void *) skb->data;
1546 dlci = __get_dlci(hdr->addr);
1547 type = __get_type(hdr->ctrl);
1550 skb->len--; skb->tail--;
1551 fcs = *(u8 *) skb->tail;
1553 if (__check_fcs(skb->data, type, fcs)) {
1554 BT_ERR("bad checksum in packet");
1559 if (__test_ea(hdr->len))
1566 if (__test_pf(hdr->ctrl))
1567 rfcomm_recv_sabm(s, dlci);
1571 if (__test_pf(hdr->ctrl))
1572 rfcomm_recv_disc(s, dlci);
1576 if (__test_pf(hdr->ctrl))
1577 rfcomm_recv_ua(s, dlci);
1581 rfcomm_recv_dm(s, dlci);
1586 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1588 rfcomm_recv_mcc(s, skb);
1592 BT_ERR("Unknown packet type 0x%02x\n", type);
1599 /* ---- Connection and data processing ---- */
1601 static void rfcomm_process_connect(struct rfcomm_session *s)
1603 struct rfcomm_dlc *d;
1604 struct list_head *p, *n;
1606 BT_DBG("session %p state %ld", s, s->state);
1608 list_for_each_safe(p, n, &s->dlcs) {
1609 d = list_entry(p, struct rfcomm_dlc, list);
1610 if (d->state == BT_CONFIG) {
1612 rfcomm_send_pn(s, 1, d);
1617 /* Send data queued for the DLC.
1618 * Return number of frames left in the queue.
1620 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1622 struct sk_buff *skb;
1625 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1626 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1628 /* Send pending MSC */
1629 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1630 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1634 * Give them some credits */
1635 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1636 d->rx_credits <= (d->cfc >> 2)) {
1637 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1638 d->rx_credits = d->cfc;
1642 * Give ourselves some credits */
1646 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1647 return skb_queue_len(&d->tx_queue);
1649 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1650 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1652 skb_queue_head(&d->tx_queue, skb);
1659 if (d->cfc && !d->tx_credits) {
1660 /* We're out of TX credits.
1661 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1662 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1665 return skb_queue_len(&d->tx_queue);
1668 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1670 struct rfcomm_dlc *d;
1671 struct list_head *p, *n;
1673 BT_DBG("session %p state %ld", s, s->state);
1675 list_for_each_safe(p, n, &s->dlcs) {
1676 d = list_entry(p, struct rfcomm_dlc, list);
1678 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1679 __rfcomm_dlc_close(d, ETIMEDOUT);
1683 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1684 rfcomm_dlc_clear_timer(d);
1685 rfcomm_dlc_accept(d);
1686 if (d->link_mode & RFCOMM_LM_SECURE) {
1687 struct sock *sk = s->sock->sk;
1688 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
1691 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1692 rfcomm_dlc_clear_timer(d);
1693 rfcomm_send_dm(s, d->dlci);
1694 __rfcomm_dlc_close(d, ECONNREFUSED);
1698 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1701 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1702 d->mscex == RFCOMM_MSCEX_OK)
1703 rfcomm_process_tx(d);
1707 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1709 struct socket *sock = s->sock;
1710 struct sock *sk = sock->sk;
1711 struct sk_buff *skb;
1713 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1715 /* Get data directly from socket receive queue without copying it. */
1716 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1718 rfcomm_recv_frame(s, skb);
1721 if (sk->sk_state == BT_CLOSED) {
1723 rfcomm_session_put(s);
1725 rfcomm_session_close(s, sk->sk_err);
1729 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1731 struct socket *sock = s->sock, *nsock;
1734 /* Fast check for a new connection.
1735 * Avoids unnesesary socket allocations. */
1736 if (list_empty(&bt_sk(sock->sk)->accept_q))
1739 BT_DBG("session %p", s);
1741 if (sock_create_lite(PF_BLUETOOTH, sock->type, BTPROTO_L2CAP, &nsock))
1744 nsock->ops = sock->ops;
1746 __module_get(nsock->ops->owner);
1748 err = sock->ops->accept(sock, nsock, O_NONBLOCK);
1750 sock_release(nsock);
1754 /* Set our callbacks */
1755 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1756 nsock->sk->sk_state_change = rfcomm_l2state_change;
1758 s = rfcomm_session_add(nsock, BT_OPEN);
1760 rfcomm_session_hold(s);
1761 rfcomm_schedule(RFCOMM_SCHED_RX);
1763 sock_release(nsock);
1766 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1768 struct sock *sk = s->sock->sk;
1770 BT_DBG("%p state %ld", s, s->state);
1772 switch(sk->sk_state) {
1774 s->state = BT_CONNECT;
1776 /* We can adjust MTU on outgoing sessions.
1777 * L2CAP MTU minus UIH header and FCS. */
1778 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1780 rfcomm_send_sabm(s, 0);
1784 s->state = BT_CLOSED;
1785 rfcomm_session_close(s, sk->sk_err);
1790 static inline void rfcomm_process_sessions(void)
1792 struct list_head *p, *n;
1796 list_for_each_safe(p, n, &session_list) {
1797 struct rfcomm_session *s;
1798 s = list_entry(p, struct rfcomm_session, list);
1800 if (s->state == BT_LISTEN) {
1801 rfcomm_accept_connection(s);
1805 rfcomm_session_hold(s);
1809 rfcomm_check_connection(s);
1813 rfcomm_process_rx(s);
1817 rfcomm_process_dlcs(s);
1819 rfcomm_session_put(s);
1825 static void rfcomm_worker(void)
1829 while (!atomic_read(&terminate)) {
1830 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1831 /* No pending events. Let's sleep.
1832 * Incoming connections and data will wake us up. */
1833 set_current_state(TASK_INTERRUPTIBLE);
1838 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1839 rfcomm_process_sessions();
1841 set_current_state(TASK_RUNNING);
1845 static int rfcomm_add_listener(bdaddr_t *ba)
1847 struct sockaddr_l2 addr;
1848 struct socket *sock;
1850 struct rfcomm_session *s;
1854 err = rfcomm_l2sock_create(&sock);
1856 BT_ERR("Create socket failed %d", err);
1861 bacpy(&addr.l2_bdaddr, ba);
1862 addr.l2_family = AF_BLUETOOTH;
1863 addr.l2_psm = htobs(RFCOMM_PSM);
1864 err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1866 BT_ERR("Bind failed %d", err);
1870 /* Set L2CAP options */
1873 l2cap_pi(sk)->imtu = l2cap_mtu;
1876 /* Start listening on the socket */
1877 err = sock->ops->listen(sock, 10);
1879 BT_ERR("Listen failed %d", err);
1883 /* Add listening session */
1884 s = rfcomm_session_add(sock, BT_LISTEN);
1888 rfcomm_session_hold(s);
1895 static void rfcomm_kill_listener(void)
1897 struct rfcomm_session *s;
1898 struct list_head *p, *n;
1902 list_for_each_safe(p, n, &session_list) {
1903 s = list_entry(p, struct rfcomm_session, list);
1904 rfcomm_session_del(s);
1908 static int rfcomm_run(void *unused)
1910 rfcomm_thread = current;
1912 atomic_inc(&running);
1914 daemonize("krfcommd");
1915 set_user_nice(current, -10);
1916 current->flags |= PF_NOFREEZE;
1920 rfcomm_add_listener(BDADDR_ANY);
1924 rfcomm_kill_listener();
1926 atomic_dec(&running);
1930 static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
1932 struct rfcomm_session *s;
1933 struct rfcomm_dlc *d;
1934 struct list_head *p, *n;
1936 BT_DBG("conn %p status 0x%02x", conn, status);
1938 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1942 rfcomm_session_hold(s);
1944 list_for_each_safe(p, n, &s->dlcs) {
1945 d = list_entry(p, struct rfcomm_dlc, list);
1947 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE))
1950 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1954 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1956 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1959 rfcomm_session_put(s);
1961 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1964 static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1966 struct rfcomm_session *s;
1967 struct rfcomm_dlc *d;
1968 struct list_head *p, *n;
1970 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
1972 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1976 rfcomm_session_hold(s);
1978 list_for_each_safe(p, n, &s->dlcs) {
1979 d = list_entry(p, struct rfcomm_dlc, list);
1981 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1984 if (!status && encrypt)
1985 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1987 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1990 rfcomm_session_put(s);
1992 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1995 static struct hci_cb rfcomm_cb = {
1997 .auth_cfm = rfcomm_auth_cfm,
1998 .encrypt_cfm = rfcomm_encrypt_cfm
2001 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
2003 struct rfcomm_session *s;
2004 struct list_head *pp, *p;
2009 list_for_each(p, &session_list) {
2010 s = list_entry(p, struct rfcomm_session, list);
2011 list_for_each(pp, &s->dlcs) {
2012 struct sock *sk = s->sock->sk;
2013 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
2015 str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2016 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2017 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
2026 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
2028 /* ---- Initialization ---- */
2029 static int __init rfcomm_init(void)
2033 hci_register_cb(&rfcomm_cb);
2035 kernel_thread(rfcomm_run, NULL, CLONE_KERNEL);
2037 class_create_file(&bt_class, &class_attr_rfcomm_dlc);
2039 rfcomm_init_sockets();
2041 #ifdef CONFIG_BT_RFCOMM_TTY
2045 BT_INFO("RFCOMM ver %s", VERSION);
2050 static void __exit rfcomm_exit(void)
2052 class_remove_file(&bt_class, &class_attr_rfcomm_dlc);
2054 hci_unregister_cb(&rfcomm_cb);
2056 /* Terminate working thread.
2057 * ie. Set terminate flag and wake it up */
2058 atomic_inc(&terminate);
2059 rfcomm_schedule(RFCOMM_SCHED_STATE);
2061 /* Wait until thread is running */
2062 while (atomic_read(&running))
2065 #ifdef CONFIG_BT_RFCOMM_TTY
2066 rfcomm_cleanup_ttys();
2069 rfcomm_cleanup_sockets();
2072 module_init(rfcomm_init);
2073 module_exit(rfcomm_exit);
2075 module_param(l2cap_mtu, uint, 0644);
2076 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2078 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
2079 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2080 MODULE_VERSION(VERSION);
2081 MODULE_LICENSE("GPL");
2082 MODULE_ALIAS("bt-proto-3");