2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/kernel.h>
31 #include <linux/sched.h>
32 #include <linux/signal.h>
33 #include <linux/init.h>
34 #include <linux/wait.h>
35 #include <linux/device.h>
36 #include <linux/debugfs.h>
37 #include <linux/seq_file.h>
38 #include <linux/net.h>
39 #include <linux/mutex.h>
40 #include <linux/kthread.h>
41 #include <linux/slab.h>
44 #include <linux/uaccess.h>
45 #include <asm/unaligned.h>
47 #include <net/bluetooth/bluetooth.h>
48 #include <net/bluetooth/hci_core.h>
49 #include <net/bluetooth/l2cap.h>
50 #include <net/bluetooth/rfcomm.h>
52 #define VERSION "1.11"
54 static int disable_cfc;
55 static int l2cap_ertm;
56 static int channel_mtu = -1;
57 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
59 static struct task_struct *rfcomm_thread;
61 static DEFINE_MUTEX(rfcomm_mutex);
62 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
63 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
66 static LIST_HEAD(session_list);
68 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
69 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
70 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
71 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
72 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
73 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
74 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
75 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
76 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
77 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
79 static void rfcomm_process_connect(struct rfcomm_session *s);
81 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
85 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
86 static void rfcomm_session_del(struct rfcomm_session *s);
88 /* ---- RFCOMM frame parsing macros ---- */
89 #define __get_dlci(b) ((b & 0xfc) >> 2)
90 #define __get_channel(b) ((b & 0xf8) >> 3)
91 #define __get_dir(b) ((b & 0x04) >> 2)
92 #define __get_type(b) ((b & 0xef))
94 #define __test_ea(b) ((b & 0x01))
95 #define __test_cr(b) ((b & 0x02))
96 #define __test_pf(b) ((b & 0x10))
98 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
99 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
100 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
101 #define __srv_channel(dlci) (dlci >> 1)
102 #define __dir(dlci) (dlci & 0x01)
104 #define __len8(len) (((len) << 1) | 1)
105 #define __len16(len) ((len) << 1)
108 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
109 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
110 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
113 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
114 #define __get_rpn_data_bits(line) ((line) & 0x3)
115 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
116 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
118 static inline void rfcomm_schedule(void)
122 wake_up_process(rfcomm_thread);
125 static inline void rfcomm_session_put(struct rfcomm_session *s)
127 if (atomic_dec_and_test(&s->refcnt))
128 rfcomm_session_del(s);
131 /* ---- RFCOMM FCS computation ---- */
133 /* reversed, 8-bit, poly=0x07 */
134 static unsigned char rfcomm_crc_table[256] = {
135 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
136 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
137 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
138 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
140 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
141 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
142 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
143 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
145 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
146 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
147 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
148 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
150 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
151 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
152 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
153 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
155 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
156 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
157 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
158 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
160 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
161 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
162 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
163 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
165 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
166 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
167 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
168 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
170 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
171 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
172 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
173 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
177 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
180 static inline u8 __fcs(u8 *data)
182 return 0xff - __crc(data);
186 static inline u8 __fcs2(u8 *data)
188 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
192 static inline int __check_fcs(u8 *data, int type, u8 fcs)
196 if (type != RFCOMM_UIH)
197 f = rfcomm_crc_table[f ^ data[2]];
199 return rfcomm_crc_table[f ^ fcs] != 0xcf;
202 /* ---- L2CAP callbacks ---- */
203 static void rfcomm_l2state_change(struct sock *sk)
205 BT_DBG("%p state %d", sk, sk->sk_state);
209 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
211 BT_DBG("%p bytes %d", sk, bytes);
215 static int rfcomm_l2sock_create(struct socket **sock)
221 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
223 struct sock *sk = (*sock)->sk;
224 sk->sk_data_ready = rfcomm_l2data_ready;
225 sk->sk_state_change = rfcomm_l2state_change;
230 static inline int rfcomm_check_security(struct rfcomm_dlc *d)
232 struct sock *sk = d->session->sock->sk;
233 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
237 switch (d->sec_level) {
238 case BT_SECURITY_HIGH:
239 auth_type = HCI_AT_GENERAL_BONDING_MITM;
241 case BT_SECURITY_MEDIUM:
242 auth_type = HCI_AT_GENERAL_BONDING;
245 auth_type = HCI_AT_NO_BONDING;
249 return hci_conn_security(conn->hcon, d->sec_level, auth_type);
252 static void rfcomm_session_timeout(unsigned long arg)
254 struct rfcomm_session *s = (void *) arg;
256 BT_DBG("session %p state %ld", s, s->state);
258 set_bit(RFCOMM_TIMED_OUT, &s->flags);
262 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
264 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
266 if (!mod_timer(&s->timer, jiffies + timeout))
267 rfcomm_session_hold(s);
270 static void rfcomm_session_clear_timer(struct rfcomm_session *s)
272 BT_DBG("session %p state %ld", s, s->state);
274 if (timer_pending(&s->timer) && del_timer(&s->timer))
275 rfcomm_session_put(s);
278 /* ---- RFCOMM DLCs ---- */
279 static void rfcomm_dlc_timeout(unsigned long arg)
281 struct rfcomm_dlc *d = (void *) arg;
283 BT_DBG("dlc %p state %ld", d, d->state);
285 set_bit(RFCOMM_TIMED_OUT, &d->flags);
290 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
292 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
294 if (!mod_timer(&d->timer, jiffies + timeout))
298 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
300 BT_DBG("dlc %p state %ld", d, d->state);
302 if (timer_pending(&d->timer) && del_timer(&d->timer))
306 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
313 d->sec_level = BT_SECURITY_LOW;
314 d->mtu = RFCOMM_DEFAULT_MTU;
315 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
317 d->cfc = RFCOMM_CFC_DISABLED;
318 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
321 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
323 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
328 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
330 skb_queue_head_init(&d->tx_queue);
331 spin_lock_init(&d->lock);
332 atomic_set(&d->refcnt, 1);
334 rfcomm_dlc_clear_state(d);
341 void rfcomm_dlc_free(struct rfcomm_dlc *d)
345 skb_queue_purge(&d->tx_queue);
349 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
351 BT_DBG("dlc %p session %p", d, s);
353 rfcomm_session_hold(s);
355 rfcomm_session_clear_timer(s);
357 list_add(&d->list, &s->dlcs);
361 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
363 struct rfcomm_session *s = d->session;
365 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
371 if (list_empty(&s->dlcs))
372 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
374 rfcomm_session_put(s);
377 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
379 struct rfcomm_dlc *d;
382 list_for_each(p, &s->dlcs) {
383 d = list_entry(p, struct rfcomm_dlc, list);
390 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
392 struct rfcomm_session *s;
396 BT_DBG("dlc %p state %ld %s %s channel %d",
397 d, d->state, batostr(src), batostr(dst), channel);
399 if (channel < 1 || channel > 30)
402 if (d->state != BT_OPEN && d->state != BT_CLOSED)
405 s = rfcomm_session_get(src, dst);
407 s = rfcomm_session_create(src, dst, d->sec_level, &err);
412 /* After L2sock created, increase refcnt immediately
413 * It can make connection drop in rfcomm_security_cfm because of refcnt.
415 rfcomm_session_hold(s);
417 dlci = __dlci(!s->initiator, channel);
419 /* Check if DLCI already exists */
420 if (rfcomm_dlc_get(s, dlci)) {
421 /* decrement refcnt */
422 rfcomm_session_put(s);
426 rfcomm_dlc_clear_state(d);
429 d->addr = __addr(s->initiator, dlci);
432 d->state = BT_CONFIG;
433 rfcomm_dlc_link(s, d);
438 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
440 /* decrement refcnt */
441 rfcomm_session_put(s);
443 if (s->state == BT_CONNECTED) {
444 if (rfcomm_check_security(d))
445 rfcomm_send_pn(s, 1, d);
447 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
450 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
455 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
461 r = __rfcomm_dlc_open(d, src, dst, channel);
467 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
469 struct rfcomm_session *s = d->session;
473 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
474 d, d->state, d->dlci, err, s);
478 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
479 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
486 d->state = BT_DISCONN;
487 if (skb_queue_empty(&d->tx_queue)) {
488 rfcomm_send_disc(s, d->dlci);
489 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
491 rfcomm_queue_disc(d);
492 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
498 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
499 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
506 rfcomm_dlc_clear_timer(d);
509 d->state = BT_CLOSED;
510 d->state_change(d, err);
511 rfcomm_dlc_unlock(d);
513 skb_queue_purge(&d->tx_queue);
514 rfcomm_dlc_unlink(d);
520 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
526 r = __rfcomm_dlc_close(d, err);
532 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
536 if (d->state != BT_CONNECTED)
539 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
544 rfcomm_make_uih(skb, d->addr);
545 skb_queue_tail(&d->tx_queue, skb);
547 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
552 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
554 BT_DBG("dlc %p state %ld", d, d->state);
557 d->v24_sig |= RFCOMM_V24_FC;
558 set_bit(RFCOMM_MSC_PENDING, &d->flags);
563 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
565 BT_DBG("dlc %p state %ld", d, d->state);
568 d->v24_sig &= ~RFCOMM_V24_FC;
569 set_bit(RFCOMM_MSC_PENDING, &d->flags);
575 Set/get modem status functions use _local_ status i.e. what we report
577 Remote status is provided by dlc->modem_status() callback.
579 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
581 BT_DBG("dlc %p state %ld v24_sig 0x%x",
582 d, d->state, v24_sig);
584 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
585 v24_sig |= RFCOMM_V24_FC;
587 v24_sig &= ~RFCOMM_V24_FC;
589 d->v24_sig = v24_sig;
591 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
597 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
599 BT_DBG("dlc %p state %ld v24_sig 0x%x",
600 d, d->state, d->v24_sig);
602 *v24_sig = d->v24_sig;
606 /* ---- RFCOMM sessions ---- */
607 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
609 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
614 BT_DBG("session %p sock %p", s, sock);
616 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
618 INIT_LIST_HEAD(&s->dlcs);
622 s->mtu = RFCOMM_DEFAULT_MTU;
623 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
625 /* Do not increment module usage count for listening sessions.
626 * Otherwise we won't be able to unload the module. */
627 if (state != BT_LISTEN)
628 if (!try_module_get(THIS_MODULE)) {
633 list_add(&s->list, &session_list);
638 static void rfcomm_session_del(struct rfcomm_session *s)
640 int state = s->state;
642 BT_DBG("session %p state %ld", s, s->state);
646 if (state == BT_CONNECTED)
647 rfcomm_send_disc(s, 0);
649 rfcomm_session_clear_timer(s);
650 sock_release(s->sock);
653 if (state != BT_LISTEN)
654 module_put(THIS_MODULE);
657 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
659 struct rfcomm_session *s;
660 struct list_head *p, *n;
662 list_for_each_safe(p, n, &session_list) {
663 s = list_entry(p, struct rfcomm_session, list);
664 sk = bt_sk(s->sock->sk);
666 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
667 !bacmp(&sk->dst, dst))
673 static void rfcomm_session_close(struct rfcomm_session *s, int err)
675 struct rfcomm_dlc *d;
676 struct list_head *p, *n;
678 BT_DBG("session %p state %ld err %d", s, s->state, err);
680 rfcomm_session_hold(s);
682 s->state = BT_CLOSED;
685 list_for_each_safe(p, n, &s->dlcs) {
686 d = list_entry(p, struct rfcomm_dlc, list);
687 d->state = BT_CLOSED;
688 __rfcomm_dlc_close(d, err);
691 rfcomm_session_clear_timer(s);
692 rfcomm_session_put(s);
695 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
700 struct rfcomm_session *s = NULL;
701 struct sockaddr_l2 addr;
705 BT_DBG("%s %s", batostr(src), batostr(dst));
707 *err = rfcomm_l2sock_create(&sock);
711 bacpy(&addr.l2_bdaddr, src);
712 addr.l2_family = AF_BLUETOOTH;
715 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
719 /* Set L2CAP options */
722 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
723 l2cap_pi(sk)->chan->sec_level = sec_level;
725 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
728 s = rfcomm_session_add(sock, BT_BOUND);
736 bacpy(&addr.l2_bdaddr, dst);
737 addr.l2_family = AF_BLUETOOTH;
738 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
740 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
741 if (*err == 0 || *err == -EINPROGRESS)
744 rfcomm_session_del(s);
752 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
754 struct sock *sk = s->sock->sk;
756 bacpy(src, &bt_sk(sk)->src);
758 bacpy(dst, &bt_sk(sk)->dst);
761 /* ---- RFCOMM frame sending ---- */
762 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
764 struct socket *sock = s->sock;
765 struct kvec iv = { data, len };
768 BT_DBG("session %p len %d", s, len);
770 memset(&msg, 0, sizeof(msg));
772 return kernel_sendmsg(sock, &msg, &iv, 1, len);
775 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
777 struct rfcomm_cmd cmd;
779 BT_DBG("%p dlci %d", s, dlci);
781 cmd.addr = __addr(s->initiator, dlci);
782 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
784 cmd.fcs = __fcs2((u8 *) &cmd);
786 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
789 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
791 struct rfcomm_cmd cmd;
793 BT_DBG("%p dlci %d", s, dlci);
795 cmd.addr = __addr(!s->initiator, dlci);
796 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
798 cmd.fcs = __fcs2((u8 *) &cmd);
800 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
803 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
805 struct rfcomm_cmd cmd;
807 BT_DBG("%p dlci %d", s, dlci);
809 cmd.addr = __addr(s->initiator, dlci);
810 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
812 cmd.fcs = __fcs2((u8 *) &cmd);
814 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
817 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
819 struct rfcomm_cmd *cmd;
822 BT_DBG("dlc %p dlci %d", d, d->dlci);
824 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
828 cmd = (void *) __skb_put(skb, sizeof(*cmd));
830 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
831 cmd->len = __len8(0);
832 cmd->fcs = __fcs2((u8 *) cmd);
834 skb_queue_tail(&d->tx_queue, skb);
839 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
841 struct rfcomm_cmd cmd;
843 BT_DBG("%p dlci %d", s, dlci);
845 cmd.addr = __addr(!s->initiator, dlci);
846 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
848 cmd.fcs = __fcs2((u8 *) &cmd);
850 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
853 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
855 struct rfcomm_hdr *hdr;
856 struct rfcomm_mcc *mcc;
857 u8 buf[16], *ptr = buf;
859 BT_DBG("%p cr %d type %d", s, cr, type);
861 hdr = (void *) ptr; ptr += sizeof(*hdr);
862 hdr->addr = __addr(s->initiator, 0);
863 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
864 hdr->len = __len8(sizeof(*mcc) + 1);
866 mcc = (void *) ptr; ptr += sizeof(*mcc);
867 mcc->type = __mcc_type(cr, RFCOMM_NSC);
868 mcc->len = __len8(1);
870 /* Type that we didn't like */
871 *ptr = __mcc_type(cr, type); ptr++;
873 *ptr = __fcs(buf); ptr++;
875 return rfcomm_send_frame(s, buf, ptr - buf);
878 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
880 struct rfcomm_hdr *hdr;
881 struct rfcomm_mcc *mcc;
882 struct rfcomm_pn *pn;
883 u8 buf[16], *ptr = buf;
885 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
887 hdr = (void *) ptr; ptr += sizeof(*hdr);
888 hdr->addr = __addr(s->initiator, 0);
889 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
890 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
892 mcc = (void *) ptr; ptr += sizeof(*mcc);
893 mcc->type = __mcc_type(cr, RFCOMM_PN);
894 mcc->len = __len8(sizeof(*pn));
896 pn = (void *) ptr; ptr += sizeof(*pn);
898 pn->priority = d->priority;
903 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
904 pn->credits = RFCOMM_DEFAULT_CREDITS;
910 if (cr && channel_mtu >= 0)
911 pn->mtu = cpu_to_le16(channel_mtu);
913 pn->mtu = cpu_to_le16(d->mtu);
915 *ptr = __fcs(buf); ptr++;
917 return rfcomm_send_frame(s, buf, ptr - buf);
920 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
921 u8 bit_rate, u8 data_bits, u8 stop_bits,
922 u8 parity, u8 flow_ctrl_settings,
923 u8 xon_char, u8 xoff_char, u16 param_mask)
925 struct rfcomm_hdr *hdr;
926 struct rfcomm_mcc *mcc;
927 struct rfcomm_rpn *rpn;
928 u8 buf[16], *ptr = buf;
930 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
931 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
932 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
933 flow_ctrl_settings, xon_char, xoff_char, param_mask);
935 hdr = (void *) ptr; ptr += sizeof(*hdr);
936 hdr->addr = __addr(s->initiator, 0);
937 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
938 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
940 mcc = (void *) ptr; ptr += sizeof(*mcc);
941 mcc->type = __mcc_type(cr, RFCOMM_RPN);
942 mcc->len = __len8(sizeof(*rpn));
944 rpn = (void *) ptr; ptr += sizeof(*rpn);
945 rpn->dlci = __addr(1, dlci);
946 rpn->bit_rate = bit_rate;
947 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
948 rpn->flow_ctrl = flow_ctrl_settings;
949 rpn->xon_char = xon_char;
950 rpn->xoff_char = xoff_char;
951 rpn->param_mask = cpu_to_le16(param_mask);
953 *ptr = __fcs(buf); ptr++;
955 return rfcomm_send_frame(s, buf, ptr - buf);
958 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
960 struct rfcomm_hdr *hdr;
961 struct rfcomm_mcc *mcc;
962 struct rfcomm_rls *rls;
963 u8 buf[16], *ptr = buf;
965 BT_DBG("%p cr %d status 0x%x", s, cr, status);
967 hdr = (void *) ptr; ptr += sizeof(*hdr);
968 hdr->addr = __addr(s->initiator, 0);
969 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
970 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
972 mcc = (void *) ptr; ptr += sizeof(*mcc);
973 mcc->type = __mcc_type(cr, RFCOMM_RLS);
974 mcc->len = __len8(sizeof(*rls));
976 rls = (void *) ptr; ptr += sizeof(*rls);
977 rls->dlci = __addr(1, dlci);
978 rls->status = status;
980 *ptr = __fcs(buf); ptr++;
982 return rfcomm_send_frame(s, buf, ptr - buf);
985 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
987 struct rfcomm_hdr *hdr;
988 struct rfcomm_mcc *mcc;
989 struct rfcomm_msc *msc;
990 u8 buf[16], *ptr = buf;
992 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
994 hdr = (void *) ptr; ptr += sizeof(*hdr);
995 hdr->addr = __addr(s->initiator, 0);
996 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
997 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
999 mcc = (void *) ptr; ptr += sizeof(*mcc);
1000 mcc->type = __mcc_type(cr, RFCOMM_MSC);
1001 mcc->len = __len8(sizeof(*msc));
1003 msc = (void *) ptr; ptr += sizeof(*msc);
1004 msc->dlci = __addr(1, dlci);
1005 msc->v24_sig = v24_sig | 0x01;
1007 *ptr = __fcs(buf); ptr++;
1009 return rfcomm_send_frame(s, buf, ptr - buf);
1012 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
1014 struct rfcomm_hdr *hdr;
1015 struct rfcomm_mcc *mcc;
1016 u8 buf[16], *ptr = buf;
1018 BT_DBG("%p cr %d", s, cr);
1020 hdr = (void *) ptr; ptr += sizeof(*hdr);
1021 hdr->addr = __addr(s->initiator, 0);
1022 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1023 hdr->len = __len8(sizeof(*mcc));
1025 mcc = (void *) ptr; ptr += sizeof(*mcc);
1026 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1027 mcc->len = __len8(0);
1029 *ptr = __fcs(buf); ptr++;
1031 return rfcomm_send_frame(s, buf, ptr - buf);
1034 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1036 struct rfcomm_hdr *hdr;
1037 struct rfcomm_mcc *mcc;
1038 u8 buf[16], *ptr = buf;
1040 BT_DBG("%p cr %d", s, cr);
1042 hdr = (void *) ptr; ptr += sizeof(*hdr);
1043 hdr->addr = __addr(s->initiator, 0);
1044 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1045 hdr->len = __len8(sizeof(*mcc));
1047 mcc = (void *) ptr; ptr += sizeof(*mcc);
1048 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1049 mcc->len = __len8(0);
1051 *ptr = __fcs(buf); ptr++;
1053 return rfcomm_send_frame(s, buf, ptr - buf);
1056 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1058 struct socket *sock = s->sock;
1061 unsigned char hdr[5], crc[1];
1066 BT_DBG("%p cr %d", s, cr);
1068 hdr[0] = __addr(s->initiator, 0);
1069 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1070 hdr[2] = 0x01 | ((len + 2) << 1);
1071 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1072 hdr[4] = 0x01 | (len << 1);
1074 crc[0] = __fcs(hdr);
1076 iv[0].iov_base = hdr;
1078 iv[1].iov_base = pattern;
1079 iv[1].iov_len = len;
1080 iv[2].iov_base = crc;
1083 memset(&msg, 0, sizeof(msg));
1085 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1088 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1090 struct rfcomm_hdr *hdr;
1091 u8 buf[16], *ptr = buf;
1093 BT_DBG("%p addr %d credits %d", s, addr, credits);
1095 hdr = (void *) ptr; ptr += sizeof(*hdr);
1097 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1098 hdr->len = __len8(0);
1100 *ptr = credits; ptr++;
1102 *ptr = __fcs(buf); ptr++;
1104 return rfcomm_send_frame(s, buf, ptr - buf);
1107 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1109 struct rfcomm_hdr *hdr;
1114 hdr = (void *) skb_push(skb, 4);
1115 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1117 hdr = (void *) skb_push(skb, 3);
1118 hdr->len = __len8(len);
1121 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1123 crc = skb_put(skb, 1);
1124 *crc = __fcs((void *) hdr);
1127 /* ---- RFCOMM frame reception ---- */
1128 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1130 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1134 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1136 rfcomm_send_dm(s, dlci);
1142 rfcomm_dlc_clear_timer(d);
1145 d->state = BT_CONNECTED;
1146 d->state_change(d, 0);
1147 rfcomm_dlc_unlock(d);
1149 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1153 d->state = BT_CLOSED;
1154 __rfcomm_dlc_close(d, 0);
1156 if (list_empty(&s->dlcs)) {
1157 s->state = BT_DISCONN;
1158 rfcomm_send_disc(s, 0);
1159 rfcomm_session_clear_timer(s);
1165 /* Control channel */
1168 s->state = BT_CONNECTED;
1169 rfcomm_process_connect(s);
1173 /* When socket is closed and we are not RFCOMM
1174 * initiator rfcomm_process_rx already calls
1175 * rfcomm_session_put() */
1176 if (s->sock->sk->sk_state != BT_CLOSED && !s->initiator)
1177 if (list_empty(&s->dlcs))
1178 rfcomm_session_put(s);
1185 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1189 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1193 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1195 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1200 d->state = BT_CLOSED;
1201 __rfcomm_dlc_close(d, err);
1204 if (s->state == BT_CONNECT)
1209 s->state = BT_CLOSED;
1210 rfcomm_session_close(s, err);
1215 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1219 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1222 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1224 rfcomm_send_ua(s, dlci);
1226 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1231 d->state = BT_CLOSED;
1232 __rfcomm_dlc_close(d, err);
1234 rfcomm_send_dm(s, dlci);
1237 rfcomm_send_ua(s, 0);
1239 if (s->state == BT_CONNECT)
1244 s->state = BT_CLOSED;
1245 rfcomm_session_close(s, err);
1251 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1253 struct sock *sk = d->session->sock->sk;
1254 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1256 BT_DBG("dlc %p", d);
1258 rfcomm_send_ua(d->session, d->dlci);
1260 rfcomm_dlc_clear_timer(d);
1263 d->state = BT_CONNECTED;
1264 d->state_change(d, 0);
1265 rfcomm_dlc_unlock(d);
1268 hci_conn_switch_role(conn->hcon, 0x00);
1270 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1273 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1275 if (rfcomm_check_security(d)) {
1276 if (d->defer_setup) {
1277 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1278 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1281 d->state = BT_CONNECT2;
1282 d->state_change(d, 0);
1283 rfcomm_dlc_unlock(d);
1285 rfcomm_dlc_accept(d);
1287 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1288 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1292 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1294 struct rfcomm_dlc *d;
1297 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1300 rfcomm_send_ua(s, 0);
1302 if (s->state == BT_OPEN) {
1303 s->state = BT_CONNECTED;
1304 rfcomm_process_connect(s);
1309 /* Check if DLC exists */
1310 d = rfcomm_dlc_get(s, dlci);
1312 if (d->state == BT_OPEN) {
1313 /* DLC was previously opened by PN request */
1314 rfcomm_check_accept(d);
1319 /* Notify socket layer about incoming connection */
1320 channel = __srv_channel(dlci);
1321 if (rfcomm_connect_ind(s, channel, &d)) {
1323 d->addr = __addr(s->initiator, dlci);
1324 rfcomm_dlc_link(s, d);
1326 rfcomm_check_accept(d);
1328 rfcomm_send_dm(s, dlci);
1334 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1336 struct rfcomm_session *s = d->session;
1338 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1339 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1341 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1342 pn->flow_ctrl == 0xe0) {
1343 d->cfc = RFCOMM_CFC_ENABLED;
1344 d->tx_credits = pn->credits;
1346 d->cfc = RFCOMM_CFC_DISABLED;
1347 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1350 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1353 d->priority = pn->priority;
1355 d->mtu = __le16_to_cpu(pn->mtu);
1357 if (cr && d->mtu > s->mtu)
1363 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1365 struct rfcomm_pn *pn = (void *) skb->data;
1366 struct rfcomm_dlc *d;
1369 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1374 d = rfcomm_dlc_get(s, dlci);
1378 rfcomm_apply_pn(d, cr, pn);
1379 rfcomm_send_pn(s, 0, d);
1384 rfcomm_apply_pn(d, cr, pn);
1386 d->state = BT_CONNECT;
1387 rfcomm_send_sabm(s, d->dlci);
1392 u8 channel = __srv_channel(dlci);
1397 /* PN request for non existing DLC.
1398 * Assume incoming connection. */
1399 if (rfcomm_connect_ind(s, channel, &d)) {
1401 d->addr = __addr(s->initiator, dlci);
1402 rfcomm_dlc_link(s, d);
1404 rfcomm_apply_pn(d, cr, pn);
1407 rfcomm_send_pn(s, 0, d);
1409 rfcomm_send_dm(s, dlci);
1415 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1417 struct rfcomm_rpn *rpn = (void *) skb->data;
1418 u8 dlci = __get_dlci(rpn->dlci);
1427 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1429 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1430 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1431 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1437 /* This is a request, return default (according to ETSI TS 07.10) settings */
1438 bit_rate = RFCOMM_RPN_BR_9600;
1439 data_bits = RFCOMM_RPN_DATA_8;
1440 stop_bits = RFCOMM_RPN_STOP_1;
1441 parity = RFCOMM_RPN_PARITY_NONE;
1442 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1443 xon_char = RFCOMM_RPN_XON_CHAR;
1444 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1448 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1449 * no parity, no flow control lines, normal XON/XOFF chars */
1451 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1452 bit_rate = rpn->bit_rate;
1453 if (bit_rate > RFCOMM_RPN_BR_230400) {
1454 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1455 bit_rate = RFCOMM_RPN_BR_9600;
1456 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1460 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1461 data_bits = __get_rpn_data_bits(rpn->line_settings);
1462 if (data_bits != RFCOMM_RPN_DATA_8) {
1463 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1464 data_bits = RFCOMM_RPN_DATA_8;
1465 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1469 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1470 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1471 if (stop_bits != RFCOMM_RPN_STOP_1) {
1472 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1473 stop_bits = RFCOMM_RPN_STOP_1;
1474 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1478 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1479 parity = __get_rpn_parity(rpn->line_settings);
1480 if (parity != RFCOMM_RPN_PARITY_NONE) {
1481 BT_DBG("RPN parity mismatch 0x%x", parity);
1482 parity = RFCOMM_RPN_PARITY_NONE;
1483 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1487 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1488 flow_ctrl = rpn->flow_ctrl;
1489 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1490 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1491 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1492 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1496 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1497 xon_char = rpn->xon_char;
1498 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1499 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1500 xon_char = RFCOMM_RPN_XON_CHAR;
1501 rpn_mask ^= RFCOMM_RPN_PM_XON;
1505 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1506 xoff_char = rpn->xoff_char;
1507 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1508 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1509 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1510 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1515 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1516 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1521 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1523 struct rfcomm_rls *rls = (void *) skb->data;
1524 u8 dlci = __get_dlci(rls->dlci);
1526 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1531 /* We should probably do something with this information here. But
1532 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1533 * mandatory to recognise and respond to RLS */
1535 rfcomm_send_rls(s, 0, dlci, rls->status);
1540 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1542 struct rfcomm_msc *msc = (void *) skb->data;
1543 struct rfcomm_dlc *d;
1544 u8 dlci = __get_dlci(msc->dlci);
1546 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1548 d = rfcomm_dlc_get(s, dlci);
1553 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1554 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1556 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1560 d->remote_v24_sig = msc->v24_sig;
1562 if (d->modem_status)
1563 d->modem_status(d, msc->v24_sig);
1565 rfcomm_dlc_unlock(d);
1567 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1569 d->mscex |= RFCOMM_MSCEX_RX;
1571 d->mscex |= RFCOMM_MSCEX_TX;
1576 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1578 struct rfcomm_mcc *mcc = (void *) skb->data;
1581 cr = __test_cr(mcc->type);
1582 type = __get_mcc_type(mcc->type);
1583 len = __get_mcc_len(mcc->len);
1585 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1591 rfcomm_recv_pn(s, cr, skb);
1595 rfcomm_recv_rpn(s, cr, len, skb);
1599 rfcomm_recv_rls(s, cr, skb);
1603 rfcomm_recv_msc(s, cr, skb);
1608 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1609 rfcomm_send_fcoff(s, 0);
1615 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1616 rfcomm_send_fcon(s, 0);
1622 rfcomm_send_test(s, 0, skb->data, skb->len);
1629 BT_ERR("Unknown control type 0x%02x", type);
1630 rfcomm_send_nsc(s, cr, type);
1636 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1638 struct rfcomm_dlc *d;
1640 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1642 d = rfcomm_dlc_get(s, dlci);
1644 rfcomm_send_dm(s, dlci);
1649 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1651 d->tx_credits += credits;
1653 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1656 if (skb->len && d->state == BT_CONNECTED) {
1659 d->data_ready(d, skb);
1660 rfcomm_dlc_unlock(d);
1669 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1671 struct rfcomm_hdr *hdr = (void *) skb->data;
1674 dlci = __get_dlci(hdr->addr);
1675 type = __get_type(hdr->ctrl);
1678 skb->len--; skb->tail--;
1679 fcs = *(u8 *)skb_tail_pointer(skb);
1681 if (__check_fcs(skb->data, type, fcs)) {
1682 BT_ERR("bad checksum in packet");
1687 if (__test_ea(hdr->len))
1694 if (__test_pf(hdr->ctrl))
1695 rfcomm_recv_sabm(s, dlci);
1699 if (__test_pf(hdr->ctrl))
1700 rfcomm_recv_disc(s, dlci);
1704 if (__test_pf(hdr->ctrl))
1705 rfcomm_recv_ua(s, dlci);
1709 rfcomm_recv_dm(s, dlci);
1714 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1716 rfcomm_recv_mcc(s, skb);
1720 BT_ERR("Unknown packet type 0x%02x", type);
1727 /* ---- Connection and data processing ---- */
1729 static void rfcomm_process_connect(struct rfcomm_session *s)
1731 struct rfcomm_dlc *d;
1732 struct list_head *p, *n;
1734 BT_DBG("session %p state %ld", s, s->state);
1736 list_for_each_safe(p, n, &s->dlcs) {
1737 d = list_entry(p, struct rfcomm_dlc, list);
1738 if (d->state == BT_CONFIG) {
1740 if (rfcomm_check_security(d)) {
1741 rfcomm_send_pn(s, 1, d);
1743 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1744 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1750 /* Send data queued for the DLC.
1751 * Return number of frames left in the queue.
1753 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1755 struct sk_buff *skb;
1758 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1759 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1761 /* Send pending MSC */
1762 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1763 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1767 * Give them some credits */
1768 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1769 d->rx_credits <= (d->cfc >> 2)) {
1770 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1771 d->rx_credits = d->cfc;
1775 * Give ourselves some credits */
1779 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1780 return skb_queue_len(&d->tx_queue);
1782 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1783 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1785 skb_queue_head(&d->tx_queue, skb);
1792 if (d->cfc && !d->tx_credits) {
1793 /* We're out of TX credits.
1794 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1795 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1798 return skb_queue_len(&d->tx_queue);
1801 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1803 struct rfcomm_dlc *d;
1804 struct list_head *p, *n;
1806 BT_DBG("session %p state %ld", s, s->state);
1808 list_for_each_safe(p, n, &s->dlcs) {
1809 d = list_entry(p, struct rfcomm_dlc, list);
1811 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1812 __rfcomm_dlc_close(d, ETIMEDOUT);
1816 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1817 rfcomm_dlc_clear_timer(d);
1819 rfcomm_send_pn(s, 1, d);
1820 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1822 if (d->defer_setup) {
1823 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1824 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1827 d->state = BT_CONNECT2;
1828 d->state_change(d, 0);
1829 rfcomm_dlc_unlock(d);
1831 rfcomm_dlc_accept(d);
1834 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1835 rfcomm_dlc_clear_timer(d);
1837 rfcomm_send_dm(s, d->dlci);
1839 d->state = BT_CLOSED;
1840 __rfcomm_dlc_close(d, ECONNREFUSED);
1844 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1847 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1850 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1851 d->mscex == RFCOMM_MSCEX_OK)
1852 rfcomm_process_tx(d);
1856 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1858 struct socket *sock = s->sock;
1859 struct sock *sk = sock->sk;
1860 struct sk_buff *skb;
1862 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1864 /* Get data directly from socket receive queue without copying it. */
1865 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1867 if (!skb_linearize(skb))
1868 rfcomm_recv_frame(s, skb);
1873 if (sk->sk_state == BT_CLOSED) {
1875 rfcomm_session_put(s);
1877 rfcomm_session_close(s, sk->sk_err);
1881 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1883 struct socket *sock = s->sock, *nsock;
1886 /* Fast check for a new connection.
1887 * Avoids unnesesary socket allocations. */
1888 if (list_empty(&bt_sk(sock->sk)->accept_q))
1891 BT_DBG("session %p", s);
1893 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1897 /* Set our callbacks */
1898 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1899 nsock->sk->sk_state_change = rfcomm_l2state_change;
1901 s = rfcomm_session_add(nsock, BT_OPEN);
1903 rfcomm_session_hold(s);
1905 /* We should adjust MTU on incoming sessions.
1906 * L2CAP MTU minus UIH header and FCS. */
1907 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1908 l2cap_pi(nsock->sk)->chan->imtu) - 5;
1912 sock_release(nsock);
1915 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1917 struct sock *sk = s->sock->sk;
1919 BT_DBG("%p state %ld", s, s->state);
1921 switch (sk->sk_state) {
1923 s->state = BT_CONNECT;
1925 /* We can adjust MTU on outgoing sessions.
1926 * L2CAP MTU minus UIH header and FCS. */
1927 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
1929 rfcomm_send_sabm(s, 0);
1933 s->state = BT_CLOSED;
1934 rfcomm_session_close(s, sk->sk_err);
1939 static inline void rfcomm_process_sessions(void)
1941 struct list_head *p, *n;
1945 list_for_each_safe(p, n, &session_list) {
1946 struct rfcomm_session *s;
1947 s = list_entry(p, struct rfcomm_session, list);
1949 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1950 s->state = BT_DISCONN;
1951 rfcomm_send_disc(s, 0);
1952 rfcomm_session_put(s);
1956 if (s->state == BT_LISTEN) {
1957 rfcomm_accept_connection(s);
1961 rfcomm_session_hold(s);
1965 rfcomm_check_connection(s);
1969 rfcomm_process_rx(s);
1973 rfcomm_process_dlcs(s);
1975 rfcomm_session_put(s);
1981 static int rfcomm_add_listener(bdaddr_t *ba)
1983 struct sockaddr_l2 addr;
1984 struct socket *sock;
1986 struct rfcomm_session *s;
1990 err = rfcomm_l2sock_create(&sock);
1992 BT_ERR("Create socket failed %d", err);
1997 bacpy(&addr.l2_bdaddr, ba);
1998 addr.l2_family = AF_BLUETOOTH;
1999 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
2001 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
2003 BT_ERR("Bind failed %d", err);
2007 /* Set L2CAP options */
2010 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
2013 /* Start listening on the socket */
2014 err = kernel_listen(sock, 10);
2016 BT_ERR("Listen failed %d", err);
2020 /* Add listening session */
2021 s = rfcomm_session_add(sock, BT_LISTEN);
2025 rfcomm_session_hold(s);
2032 static void rfcomm_kill_listener(void)
2034 struct rfcomm_session *s;
2035 struct list_head *p, *n;
2039 list_for_each_safe(p, n, &session_list) {
2040 s = list_entry(p, struct rfcomm_session, list);
2041 rfcomm_session_del(s);
2045 static int rfcomm_run(void *unused)
2049 set_user_nice(current, -10);
2051 rfcomm_add_listener(BDADDR_ANY);
2054 set_current_state(TASK_INTERRUPTIBLE);
2056 if (kthread_should_stop())
2060 rfcomm_process_sessions();
2064 __set_current_state(TASK_RUNNING);
2066 rfcomm_kill_listener();
2071 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2073 struct rfcomm_session *s;
2074 struct rfcomm_dlc *d;
2075 struct list_head *p, *n;
2077 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2079 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2083 rfcomm_session_hold(s);
2085 list_for_each_safe(p, n, &s->dlcs) {
2086 d = list_entry(p, struct rfcomm_dlc, list);
2088 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2089 rfcomm_dlc_clear_timer(d);
2090 if (status || encrypt == 0x00) {
2091 __rfcomm_dlc_close(d, ECONNREFUSED);
2096 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2097 if (d->sec_level == BT_SECURITY_MEDIUM) {
2098 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2099 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2101 } else if (d->sec_level == BT_SECURITY_HIGH) {
2102 __rfcomm_dlc_close(d, ECONNREFUSED);
2107 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2110 if (!status && hci_conn_check_secure(conn, d->sec_level))
2111 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2113 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2116 rfcomm_session_put(s);
2121 static struct hci_cb rfcomm_cb = {
2123 .security_cfm = rfcomm_security_cfm
2126 static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2128 struct rfcomm_session *s;
2129 struct list_head *pp, *p;
2133 list_for_each(p, &session_list) {
2134 s = list_entry(p, struct rfcomm_session, list);
2135 list_for_each(pp, &s->dlcs) {
2136 struct sock *sk = s->sock->sk;
2137 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
2139 seq_printf(f, "%s %s %ld %d %d %d %d\n",
2140 batostr(&bt_sk(sk)->src),
2141 batostr(&bt_sk(sk)->dst),
2142 d->state, d->dlci, d->mtu,
2143 d->rx_credits, d->tx_credits);
2152 static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file)
2154 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private);
2157 static const struct file_operations rfcomm_dlc_debugfs_fops = {
2158 .open = rfcomm_dlc_debugfs_open,
2160 .llseek = seq_lseek,
2161 .release = single_release,
2164 static struct dentry *rfcomm_dlc_debugfs;
2166 /* ---- Initialization ---- */
2167 static int __init rfcomm_init(void)
2171 hci_register_cb(&rfcomm_cb);
2173 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2174 if (IS_ERR(rfcomm_thread)) {
2175 err = PTR_ERR(rfcomm_thread);
2180 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2181 bt_debugfs, NULL, &rfcomm_dlc_debugfs_fops);
2182 if (!rfcomm_dlc_debugfs)
2183 BT_ERR("Failed to create RFCOMM debug file");
2186 err = rfcomm_init_ttys();
2190 err = rfcomm_init_sockets();
2194 BT_INFO("RFCOMM ver %s", VERSION);
2199 rfcomm_cleanup_ttys();
2202 kthread_stop(rfcomm_thread);
2205 hci_unregister_cb(&rfcomm_cb);
2210 static void __exit rfcomm_exit(void)
2212 debugfs_remove(rfcomm_dlc_debugfs);
2214 hci_unregister_cb(&rfcomm_cb);
2216 kthread_stop(rfcomm_thread);
2218 rfcomm_cleanup_ttys();
2220 rfcomm_cleanup_sockets();
2223 module_init(rfcomm_init);
2224 module_exit(rfcomm_exit);
2226 module_param(disable_cfc, bool, 0644);
2227 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2229 module_param(channel_mtu, int, 0644);
2230 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2232 module_param(l2cap_mtu, uint, 0644);
2233 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2235 module_param(l2cap_ertm, bool, 0644);
2236 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2238 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2239 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2240 MODULE_VERSION(VERSION);
2241 MODULE_LICENSE("GPL");
2242 MODULE_ALIAS("bt-proto-3");