2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
28 #include <linux/module.h>
29 #include <linux/debugfs.h>
30 #include <linux/kthread.h>
31 #include <asm/unaligned.h>
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35 #include <net/bluetooth/l2cap.h>
36 #include <net/bluetooth/rfcomm.h>
38 #define VERSION "1.11"
40 static bool disable_cfc;
41 static bool l2cap_ertm;
42 static int channel_mtu = -1;
43 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
45 static struct task_struct *rfcomm_thread;
47 static DEFINE_MUTEX(rfcomm_mutex);
48 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
49 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
52 static LIST_HEAD(session_list);
54 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
55 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
56 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
57 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
58 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
59 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
60 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
61 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
62 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
63 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
65 static void rfcomm_process_connect(struct rfcomm_session *s);
67 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
71 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
72 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s);
74 /* ---- RFCOMM frame parsing macros ---- */
75 #define __get_dlci(b) ((b & 0xfc) >> 2)
76 #define __get_channel(b) ((b & 0xf8) >> 3)
77 #define __get_dir(b) ((b & 0x04) >> 2)
78 #define __get_type(b) ((b & 0xef))
80 #define __test_ea(b) ((b & 0x01))
81 #define __test_cr(b) (!!(b & 0x02))
82 #define __test_pf(b) (!!(b & 0x10))
84 #define __session_dir(s) ((s)->initiator ? 0x00 : 0x01)
86 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
87 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
88 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
89 #define __srv_channel(dlci) (dlci >> 1)
90 #define __dir(dlci) (dlci & 0x01)
92 #define __len8(len) (((len) << 1) | 1)
93 #define __len16(len) ((len) << 1)
96 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
97 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
98 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
101 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
102 #define __get_rpn_data_bits(line) ((line) & 0x3)
103 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
104 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
106 static DECLARE_WAIT_QUEUE_HEAD(rfcomm_wq);
108 static void rfcomm_schedule(void)
110 wake_up_all(&rfcomm_wq);
113 /* ---- RFCOMM FCS computation ---- */
115 /* reversed, 8-bit, poly=0x07 */
116 static unsigned char rfcomm_crc_table[256] = {
117 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
118 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
119 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
120 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
122 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
123 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
124 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
125 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
127 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
128 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
129 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
130 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
132 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
133 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
134 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
135 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
137 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
138 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
139 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
140 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
142 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
143 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
144 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
145 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
147 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
148 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
149 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
150 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
152 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
153 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
154 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
155 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
159 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
162 static inline u8 __fcs(u8 *data)
164 return 0xff - __crc(data);
168 static inline u8 __fcs2(u8 *data)
170 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
174 static inline int __check_fcs(u8 *data, int type, u8 fcs)
178 if (type != RFCOMM_UIH)
179 f = rfcomm_crc_table[f ^ data[2]];
181 return rfcomm_crc_table[f ^ fcs] != 0xcf;
184 /* ---- L2CAP callbacks ---- */
185 static void rfcomm_l2state_change(struct sock *sk)
187 BT_DBG("%p state %d", sk, sk->sk_state);
191 static void rfcomm_l2data_ready(struct sock *sk)
197 static int rfcomm_l2sock_create(struct socket **sock)
203 err = sock_create_kern(&init_net, PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
205 struct sock *sk = (*sock)->sk;
206 sk->sk_data_ready = rfcomm_l2data_ready;
207 sk->sk_state_change = rfcomm_l2state_change;
212 static int rfcomm_check_security(struct rfcomm_dlc *d)
214 struct sock *sk = d->session->sock->sk;
215 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
219 switch (d->sec_level) {
220 case BT_SECURITY_HIGH:
221 case BT_SECURITY_FIPS:
222 auth_type = HCI_AT_GENERAL_BONDING_MITM;
224 case BT_SECURITY_MEDIUM:
225 auth_type = HCI_AT_GENERAL_BONDING;
228 auth_type = HCI_AT_NO_BONDING;
232 return hci_conn_security(conn->hcon, d->sec_level, auth_type,
236 static void rfcomm_session_timeout(struct timer_list *t)
238 struct rfcomm_session *s = from_timer(s, t, timer);
240 BT_DBG("session %p state %ld", s, s->state);
242 set_bit(RFCOMM_TIMED_OUT, &s->flags);
246 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
248 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
250 mod_timer(&s->timer, jiffies + timeout);
253 static void rfcomm_session_clear_timer(struct rfcomm_session *s)
255 BT_DBG("session %p state %ld", s, s->state);
257 del_timer_sync(&s->timer);
260 /* ---- RFCOMM DLCs ---- */
261 static void rfcomm_dlc_timeout(struct timer_list *t)
263 struct rfcomm_dlc *d = from_timer(d, t, timer);
265 BT_DBG("dlc %p state %ld", d, d->state);
267 set_bit(RFCOMM_TIMED_OUT, &d->flags);
272 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
274 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
276 if (!mod_timer(&d->timer, jiffies + timeout))
280 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
282 BT_DBG("dlc %p state %ld", d, d->state);
284 if (del_timer(&d->timer))
288 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
295 d->sec_level = BT_SECURITY_LOW;
296 d->mtu = RFCOMM_DEFAULT_MTU;
297 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
299 d->cfc = RFCOMM_CFC_DISABLED;
300 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
303 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
305 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
310 timer_setup(&d->timer, rfcomm_dlc_timeout, 0);
312 skb_queue_head_init(&d->tx_queue);
313 mutex_init(&d->lock);
314 refcount_set(&d->refcnt, 1);
316 rfcomm_dlc_clear_state(d);
323 void rfcomm_dlc_free(struct rfcomm_dlc *d)
327 skb_queue_purge(&d->tx_queue);
331 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
333 BT_DBG("dlc %p session %p", d, s);
335 rfcomm_session_clear_timer(s);
337 list_add(&d->list, &s->dlcs);
341 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
343 struct rfcomm_session *s = d->session;
345 BT_DBG("dlc %p refcnt %d session %p", d, refcount_read(&d->refcnt), s);
351 if (list_empty(&s->dlcs))
352 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
355 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
357 struct rfcomm_dlc *d;
359 list_for_each_entry(d, &s->dlcs, list)
366 static int rfcomm_check_channel(u8 channel)
368 return channel < 1 || channel > 30;
371 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
373 struct rfcomm_session *s;
377 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d",
378 d, d->state, src, dst, channel);
380 if (rfcomm_check_channel(channel))
383 if (d->state != BT_OPEN && d->state != BT_CLOSED)
386 s = rfcomm_session_get(src, dst);
388 s = rfcomm_session_create(src, dst, d->sec_level, &err);
393 dlci = __dlci(__session_dir(s), channel);
395 /* Check if DLCI already exists */
396 if (rfcomm_dlc_get(s, dlci))
399 rfcomm_dlc_clear_state(d);
402 d->addr = __addr(s->initiator, dlci);
405 d->state = BT_CONFIG;
406 rfcomm_dlc_link(s, d);
411 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
413 if (s->state == BT_CONNECTED) {
414 if (rfcomm_check_security(d))
415 rfcomm_send_pn(s, 1, d);
417 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
420 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
425 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
431 r = __rfcomm_dlc_open(d, src, dst, channel);
437 static void __rfcomm_dlc_disconn(struct rfcomm_dlc *d)
439 struct rfcomm_session *s = d->session;
441 d->state = BT_DISCONN;
442 if (skb_queue_empty(&d->tx_queue)) {
443 rfcomm_send_disc(s, d->dlci);
444 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
446 rfcomm_queue_disc(d);
447 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
451 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
453 struct rfcomm_session *s = d->session;
457 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
458 d, d->state, d->dlci, err, s);
465 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
466 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
475 __rfcomm_dlc_disconn(d);
479 if (s->state != BT_BOUND) {
480 __rfcomm_dlc_disconn(d);
483 /* if closing a dlc in a session that hasn't been started,
484 * just close and unlink the dlc
489 rfcomm_dlc_clear_timer(d);
492 d->state = BT_CLOSED;
493 d->state_change(d, err);
494 rfcomm_dlc_unlock(d);
496 skb_queue_purge(&d->tx_queue);
497 rfcomm_dlc_unlink(d);
503 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
506 struct rfcomm_dlc *d_list;
507 struct rfcomm_session *s, *s_list;
509 BT_DBG("dlc %p state %ld dlci %d err %d", d, d->state, d->dlci, err);
517 /* after waiting on the mutex check the session still exists
518 * then check the dlc still exists
520 list_for_each_entry(s_list, &session_list, list) {
522 list_for_each_entry(d_list, &s->dlcs, list) {
524 r = __rfcomm_dlc_close(d, err);
537 struct rfcomm_dlc *rfcomm_dlc_exists(bdaddr_t *src, bdaddr_t *dst, u8 channel)
539 struct rfcomm_session *s;
540 struct rfcomm_dlc *dlc = NULL;
543 if (rfcomm_check_channel(channel))
544 return ERR_PTR(-EINVAL);
547 s = rfcomm_session_get(src, dst);
549 dlci = __dlci(__session_dir(s), channel);
550 dlc = rfcomm_dlc_get(s, dlci);
556 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
560 if (d->state != BT_CONNECTED)
563 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
568 rfcomm_make_uih(skb, d->addr);
569 skb_queue_tail(&d->tx_queue, skb);
571 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
576 void rfcomm_dlc_send_noerror(struct rfcomm_dlc *d, struct sk_buff *skb)
580 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
582 rfcomm_make_uih(skb, d->addr);
583 skb_queue_tail(&d->tx_queue, skb);
585 if (d->state == BT_CONNECTED &&
586 !test_bit(RFCOMM_TX_THROTTLED, &d->flags))
590 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
592 BT_DBG("dlc %p state %ld", d, d->state);
595 d->v24_sig |= RFCOMM_V24_FC;
596 set_bit(RFCOMM_MSC_PENDING, &d->flags);
601 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
603 BT_DBG("dlc %p state %ld", d, d->state);
606 d->v24_sig &= ~RFCOMM_V24_FC;
607 set_bit(RFCOMM_MSC_PENDING, &d->flags);
613 Set/get modem status functions use _local_ status i.e. what we report
615 Remote status is provided by dlc->modem_status() callback.
617 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
619 BT_DBG("dlc %p state %ld v24_sig 0x%x",
620 d, d->state, v24_sig);
622 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
623 v24_sig |= RFCOMM_V24_FC;
625 v24_sig &= ~RFCOMM_V24_FC;
627 d->v24_sig = v24_sig;
629 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
635 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
637 BT_DBG("dlc %p state %ld v24_sig 0x%x",
638 d, d->state, d->v24_sig);
640 *v24_sig = d->v24_sig;
644 /* ---- RFCOMM sessions ---- */
645 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
647 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
652 BT_DBG("session %p sock %p", s, sock);
654 timer_setup(&s->timer, rfcomm_session_timeout, 0);
656 INIT_LIST_HEAD(&s->dlcs);
660 s->mtu = RFCOMM_DEFAULT_MTU;
661 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
663 /* Do not increment module usage count for listening sessions.
664 * Otherwise we won't be able to unload the module. */
665 if (state != BT_LISTEN)
666 if (!try_module_get(THIS_MODULE)) {
671 list_add(&s->list, &session_list);
676 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s)
678 int state = s->state;
680 BT_DBG("session %p state %ld", s, s->state);
684 rfcomm_session_clear_timer(s);
685 sock_release(s->sock);
688 if (state != BT_LISTEN)
689 module_put(THIS_MODULE);
694 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
696 struct rfcomm_session *s, *n;
697 struct l2cap_chan *chan;
698 list_for_each_entry_safe(s, n, &session_list, list) {
699 chan = l2cap_pi(s->sock->sk)->chan;
701 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&chan->src, src)) &&
702 !bacmp(&chan->dst, dst))
708 static struct rfcomm_session *rfcomm_session_close(struct rfcomm_session *s,
711 struct rfcomm_dlc *d, *n;
713 s->state = BT_CLOSED;
715 BT_DBG("session %p state %ld err %d", s, s->state, err);
718 list_for_each_entry_safe(d, n, &s->dlcs, list) {
719 d->state = BT_CLOSED;
720 __rfcomm_dlc_close(d, err);
723 rfcomm_session_clear_timer(s);
724 return rfcomm_session_del(s);
727 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
732 struct rfcomm_session *s = NULL;
733 struct sockaddr_l2 addr;
737 BT_DBG("%pMR -> %pMR", src, dst);
739 *err = rfcomm_l2sock_create(&sock);
743 bacpy(&addr.l2_bdaddr, src);
744 addr.l2_family = AF_BLUETOOTH;
747 addr.l2_bdaddr_type = BDADDR_BREDR;
748 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
752 /* Set L2CAP options */
755 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
756 l2cap_pi(sk)->chan->sec_level = sec_level;
758 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
761 s = rfcomm_session_add(sock, BT_BOUND);
769 bacpy(&addr.l2_bdaddr, dst);
770 addr.l2_family = AF_BLUETOOTH;
771 addr.l2_psm = cpu_to_le16(L2CAP_PSM_RFCOMM);
773 addr.l2_bdaddr_type = BDADDR_BREDR;
774 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
775 if (*err == 0 || *err == -EINPROGRESS)
778 return rfcomm_session_del(s);
785 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
787 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
789 bacpy(src, &chan->src);
791 bacpy(dst, &chan->dst);
794 /* ---- RFCOMM frame sending ---- */
795 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
797 struct kvec iv = { data, len };
800 BT_DBG("session %p len %d", s, len);
802 memset(&msg, 0, sizeof(msg));
804 return kernel_sendmsg(s->sock, &msg, &iv, 1, len);
807 static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd)
809 BT_DBG("%p cmd %u", s, cmd->ctrl);
811 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd));
814 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
816 struct rfcomm_cmd cmd;
818 BT_DBG("%p dlci %d", s, dlci);
820 cmd.addr = __addr(s->initiator, dlci);
821 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
823 cmd.fcs = __fcs2((u8 *) &cmd);
825 return rfcomm_send_cmd(s, &cmd);
828 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
830 struct rfcomm_cmd cmd;
832 BT_DBG("%p dlci %d", s, dlci);
834 cmd.addr = __addr(!s->initiator, dlci);
835 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
837 cmd.fcs = __fcs2((u8 *) &cmd);
839 return rfcomm_send_cmd(s, &cmd);
842 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
844 struct rfcomm_cmd cmd;
846 BT_DBG("%p dlci %d", s, dlci);
848 cmd.addr = __addr(s->initiator, dlci);
849 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
851 cmd.fcs = __fcs2((u8 *) &cmd);
853 return rfcomm_send_cmd(s, &cmd);
856 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
858 struct rfcomm_cmd *cmd;
861 BT_DBG("dlc %p dlci %d", d, d->dlci);
863 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
867 cmd = __skb_put(skb, sizeof(*cmd));
869 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
870 cmd->len = __len8(0);
871 cmd->fcs = __fcs2((u8 *) cmd);
873 skb_queue_tail(&d->tx_queue, skb);
878 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
880 struct rfcomm_cmd cmd;
882 BT_DBG("%p dlci %d", s, dlci);
884 cmd.addr = __addr(!s->initiator, dlci);
885 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
887 cmd.fcs = __fcs2((u8 *) &cmd);
889 return rfcomm_send_cmd(s, &cmd);
892 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
894 struct rfcomm_hdr *hdr;
895 struct rfcomm_mcc *mcc;
896 u8 buf[16], *ptr = buf;
898 BT_DBG("%p cr %d type %d", s, cr, type);
900 hdr = (void *) ptr; ptr += sizeof(*hdr);
901 hdr->addr = __addr(s->initiator, 0);
902 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
903 hdr->len = __len8(sizeof(*mcc) + 1);
905 mcc = (void *) ptr; ptr += sizeof(*mcc);
906 mcc->type = __mcc_type(0, RFCOMM_NSC);
907 mcc->len = __len8(1);
909 /* Type that we didn't like */
910 *ptr = __mcc_type(cr, type); ptr++;
912 *ptr = __fcs(buf); ptr++;
914 return rfcomm_send_frame(s, buf, ptr - buf);
917 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
919 struct rfcomm_hdr *hdr;
920 struct rfcomm_mcc *mcc;
921 struct rfcomm_pn *pn;
922 u8 buf[16], *ptr = buf;
924 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
926 hdr = (void *) ptr; ptr += sizeof(*hdr);
927 hdr->addr = __addr(s->initiator, 0);
928 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
929 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
931 mcc = (void *) ptr; ptr += sizeof(*mcc);
932 mcc->type = __mcc_type(cr, RFCOMM_PN);
933 mcc->len = __len8(sizeof(*pn));
935 pn = (void *) ptr; ptr += sizeof(*pn);
937 pn->priority = d->priority;
942 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
943 pn->credits = RFCOMM_DEFAULT_CREDITS;
949 if (cr && channel_mtu >= 0)
950 pn->mtu = cpu_to_le16(channel_mtu);
952 pn->mtu = cpu_to_le16(d->mtu);
954 *ptr = __fcs(buf); ptr++;
956 return rfcomm_send_frame(s, buf, ptr - buf);
959 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
960 u8 bit_rate, u8 data_bits, u8 stop_bits,
961 u8 parity, u8 flow_ctrl_settings,
962 u8 xon_char, u8 xoff_char, u16 param_mask)
964 struct rfcomm_hdr *hdr;
965 struct rfcomm_mcc *mcc;
966 struct rfcomm_rpn *rpn;
967 u8 buf[16], *ptr = buf;
969 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
970 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
971 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
972 flow_ctrl_settings, xon_char, xoff_char, param_mask);
974 hdr = (void *) ptr; ptr += sizeof(*hdr);
975 hdr->addr = __addr(s->initiator, 0);
976 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
977 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
979 mcc = (void *) ptr; ptr += sizeof(*mcc);
980 mcc->type = __mcc_type(cr, RFCOMM_RPN);
981 mcc->len = __len8(sizeof(*rpn));
983 rpn = (void *) ptr; ptr += sizeof(*rpn);
984 rpn->dlci = __addr(1, dlci);
985 rpn->bit_rate = bit_rate;
986 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
987 rpn->flow_ctrl = flow_ctrl_settings;
988 rpn->xon_char = xon_char;
989 rpn->xoff_char = xoff_char;
990 rpn->param_mask = cpu_to_le16(param_mask);
992 *ptr = __fcs(buf); ptr++;
994 return rfcomm_send_frame(s, buf, ptr - buf);
997 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
999 struct rfcomm_hdr *hdr;
1000 struct rfcomm_mcc *mcc;
1001 struct rfcomm_rls *rls;
1002 u8 buf[16], *ptr = buf;
1004 BT_DBG("%p cr %d status 0x%x", s, cr, status);
1006 hdr = (void *) ptr; ptr += sizeof(*hdr);
1007 hdr->addr = __addr(s->initiator, 0);
1008 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1009 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
1011 mcc = (void *) ptr; ptr += sizeof(*mcc);
1012 mcc->type = __mcc_type(cr, RFCOMM_RLS);
1013 mcc->len = __len8(sizeof(*rls));
1015 rls = (void *) ptr; ptr += sizeof(*rls);
1016 rls->dlci = __addr(1, dlci);
1017 rls->status = status;
1019 *ptr = __fcs(buf); ptr++;
1021 return rfcomm_send_frame(s, buf, ptr - buf);
1024 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
1026 struct rfcomm_hdr *hdr;
1027 struct rfcomm_mcc *mcc;
1028 struct rfcomm_msc *msc;
1029 u8 buf[16], *ptr = buf;
1031 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
1033 hdr = (void *) ptr; ptr += sizeof(*hdr);
1034 hdr->addr = __addr(s->initiator, 0);
1035 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1036 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
1038 mcc = (void *) ptr; ptr += sizeof(*mcc);
1039 mcc->type = __mcc_type(cr, RFCOMM_MSC);
1040 mcc->len = __len8(sizeof(*msc));
1042 msc = (void *) ptr; ptr += sizeof(*msc);
1043 msc->dlci = __addr(1, dlci);
1044 msc->v24_sig = v24_sig | 0x01;
1046 *ptr = __fcs(buf); ptr++;
1048 return rfcomm_send_frame(s, buf, ptr - buf);
1051 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
1053 struct rfcomm_hdr *hdr;
1054 struct rfcomm_mcc *mcc;
1055 u8 buf[16], *ptr = buf;
1057 BT_DBG("%p cr %d", s, cr);
1059 hdr = (void *) ptr; ptr += sizeof(*hdr);
1060 hdr->addr = __addr(s->initiator, 0);
1061 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1062 hdr->len = __len8(sizeof(*mcc));
1064 mcc = (void *) ptr; ptr += sizeof(*mcc);
1065 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1066 mcc->len = __len8(0);
1068 *ptr = __fcs(buf); ptr++;
1070 return rfcomm_send_frame(s, buf, ptr - buf);
1073 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1075 struct rfcomm_hdr *hdr;
1076 struct rfcomm_mcc *mcc;
1077 u8 buf[16], *ptr = buf;
1079 BT_DBG("%p cr %d", s, cr);
1081 hdr = (void *) ptr; ptr += sizeof(*hdr);
1082 hdr->addr = __addr(s->initiator, 0);
1083 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1084 hdr->len = __len8(sizeof(*mcc));
1086 mcc = (void *) ptr; ptr += sizeof(*mcc);
1087 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1088 mcc->len = __len8(0);
1090 *ptr = __fcs(buf); ptr++;
1092 return rfcomm_send_frame(s, buf, ptr - buf);
1095 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1097 struct socket *sock = s->sock;
1100 unsigned char hdr[5], crc[1];
1105 BT_DBG("%p cr %d", s, cr);
1107 hdr[0] = __addr(s->initiator, 0);
1108 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1109 hdr[2] = 0x01 | ((len + 2) << 1);
1110 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1111 hdr[4] = 0x01 | (len << 1);
1113 crc[0] = __fcs(hdr);
1115 iv[0].iov_base = hdr;
1117 iv[1].iov_base = pattern;
1118 iv[1].iov_len = len;
1119 iv[2].iov_base = crc;
1122 memset(&msg, 0, sizeof(msg));
1124 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1127 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1129 struct rfcomm_hdr *hdr;
1130 u8 buf[16], *ptr = buf;
1132 BT_DBG("%p addr %d credits %d", s, addr, credits);
1134 hdr = (void *) ptr; ptr += sizeof(*hdr);
1136 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1137 hdr->len = __len8(0);
1139 *ptr = credits; ptr++;
1141 *ptr = __fcs(buf); ptr++;
1143 return rfcomm_send_frame(s, buf, ptr - buf);
1146 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1148 struct rfcomm_hdr *hdr;
1153 hdr = skb_push(skb, 4);
1154 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1156 hdr = skb_push(skb, 3);
1157 hdr->len = __len8(len);
1160 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1162 crc = skb_put(skb, 1);
1163 *crc = __fcs((void *) hdr);
1166 /* ---- RFCOMM frame reception ---- */
1167 static struct rfcomm_session *rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1169 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1173 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1175 rfcomm_send_dm(s, dlci);
1181 rfcomm_dlc_clear_timer(d);
1184 d->state = BT_CONNECTED;
1185 d->state_change(d, 0);
1186 rfcomm_dlc_unlock(d);
1188 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1192 d->state = BT_CLOSED;
1193 __rfcomm_dlc_close(d, 0);
1195 if (list_empty(&s->dlcs)) {
1196 s->state = BT_DISCONN;
1197 rfcomm_send_disc(s, 0);
1198 rfcomm_session_clear_timer(s);
1204 /* Control channel */
1207 s->state = BT_CONNECTED;
1208 rfcomm_process_connect(s);
1212 s = rfcomm_session_close(s, ECONNRESET);
1219 static struct rfcomm_session *rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1223 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1227 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1229 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1234 d->state = BT_CLOSED;
1235 __rfcomm_dlc_close(d, err);
1238 if (s->state == BT_CONNECT)
1243 s = rfcomm_session_close(s, err);
1248 static struct rfcomm_session *rfcomm_recv_disc(struct rfcomm_session *s,
1253 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1256 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1258 rfcomm_send_ua(s, dlci);
1260 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1265 d->state = BT_CLOSED;
1266 __rfcomm_dlc_close(d, err);
1268 rfcomm_send_dm(s, dlci);
1271 rfcomm_send_ua(s, 0);
1273 if (s->state == BT_CONNECT)
1278 s = rfcomm_session_close(s, err);
1283 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1285 struct sock *sk = d->session->sock->sk;
1286 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1288 BT_DBG("dlc %p", d);
1290 rfcomm_send_ua(d->session, d->dlci);
1292 rfcomm_dlc_clear_timer(d);
1295 d->state = BT_CONNECTED;
1296 d->state_change(d, 0);
1297 rfcomm_dlc_unlock(d);
1300 hci_conn_switch_role(conn->hcon, 0x00);
1302 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1305 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1307 if (rfcomm_check_security(d)) {
1308 if (d->defer_setup) {
1309 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1310 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1313 d->state = BT_CONNECT2;
1314 d->state_change(d, 0);
1315 rfcomm_dlc_unlock(d);
1317 rfcomm_dlc_accept(d);
1319 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1320 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1324 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1326 struct rfcomm_dlc *d;
1329 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1332 rfcomm_send_ua(s, 0);
1334 if (s->state == BT_OPEN) {
1335 s->state = BT_CONNECTED;
1336 rfcomm_process_connect(s);
1341 /* Check if DLC exists */
1342 d = rfcomm_dlc_get(s, dlci);
1344 if (d->state == BT_OPEN) {
1345 /* DLC was previously opened by PN request */
1346 rfcomm_check_accept(d);
1351 /* Notify socket layer about incoming connection */
1352 channel = __srv_channel(dlci);
1353 if (rfcomm_connect_ind(s, channel, &d)) {
1355 d->addr = __addr(s->initiator, dlci);
1356 rfcomm_dlc_link(s, d);
1358 rfcomm_check_accept(d);
1360 rfcomm_send_dm(s, dlci);
1366 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1368 struct rfcomm_session *s = d->session;
1370 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1371 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1373 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1374 pn->flow_ctrl == 0xe0) {
1375 d->cfc = RFCOMM_CFC_ENABLED;
1376 d->tx_credits = pn->credits;
1378 d->cfc = RFCOMM_CFC_DISABLED;
1379 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1382 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1385 d->priority = pn->priority;
1387 d->mtu = __le16_to_cpu(pn->mtu);
1389 if (cr && d->mtu > s->mtu)
1395 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1397 struct rfcomm_pn *pn = (void *) skb->data;
1398 struct rfcomm_dlc *d;
1401 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1406 d = rfcomm_dlc_get(s, dlci);
1410 rfcomm_apply_pn(d, cr, pn);
1411 rfcomm_send_pn(s, 0, d);
1416 rfcomm_apply_pn(d, cr, pn);
1418 d->state = BT_CONNECT;
1419 rfcomm_send_sabm(s, d->dlci);
1424 u8 channel = __srv_channel(dlci);
1429 /* PN request for non existing DLC.
1430 * Assume incoming connection. */
1431 if (rfcomm_connect_ind(s, channel, &d)) {
1433 d->addr = __addr(s->initiator, dlci);
1434 rfcomm_dlc_link(s, d);
1436 rfcomm_apply_pn(d, cr, pn);
1439 rfcomm_send_pn(s, 0, d);
1441 rfcomm_send_dm(s, dlci);
1447 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1449 struct rfcomm_rpn *rpn = (void *) skb->data;
1450 u8 dlci = __get_dlci(rpn->dlci);
1459 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1461 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1462 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1463 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1469 /* This is a request, return default (according to ETSI TS 07.10) settings */
1470 bit_rate = RFCOMM_RPN_BR_9600;
1471 data_bits = RFCOMM_RPN_DATA_8;
1472 stop_bits = RFCOMM_RPN_STOP_1;
1473 parity = RFCOMM_RPN_PARITY_NONE;
1474 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1475 xon_char = RFCOMM_RPN_XON_CHAR;
1476 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1480 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1481 * no parity, no flow control lines, normal XON/XOFF chars */
1483 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1484 bit_rate = rpn->bit_rate;
1485 if (bit_rate > RFCOMM_RPN_BR_230400) {
1486 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1487 bit_rate = RFCOMM_RPN_BR_9600;
1488 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1492 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1493 data_bits = __get_rpn_data_bits(rpn->line_settings);
1494 if (data_bits != RFCOMM_RPN_DATA_8) {
1495 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1496 data_bits = RFCOMM_RPN_DATA_8;
1497 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1501 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1502 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1503 if (stop_bits != RFCOMM_RPN_STOP_1) {
1504 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1505 stop_bits = RFCOMM_RPN_STOP_1;
1506 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1510 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1511 parity = __get_rpn_parity(rpn->line_settings);
1512 if (parity != RFCOMM_RPN_PARITY_NONE) {
1513 BT_DBG("RPN parity mismatch 0x%x", parity);
1514 parity = RFCOMM_RPN_PARITY_NONE;
1515 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1519 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1520 flow_ctrl = rpn->flow_ctrl;
1521 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1522 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1523 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1524 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1528 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1529 xon_char = rpn->xon_char;
1530 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1531 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1532 xon_char = RFCOMM_RPN_XON_CHAR;
1533 rpn_mask ^= RFCOMM_RPN_PM_XON;
1537 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1538 xoff_char = rpn->xoff_char;
1539 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1540 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1541 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1542 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1547 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1548 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1553 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1555 struct rfcomm_rls *rls = (void *) skb->data;
1556 u8 dlci = __get_dlci(rls->dlci);
1558 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1563 /* We should probably do something with this information here. But
1564 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1565 * mandatory to recognise and respond to RLS */
1567 rfcomm_send_rls(s, 0, dlci, rls->status);
1572 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1574 struct rfcomm_msc *msc = (void *) skb->data;
1575 struct rfcomm_dlc *d;
1576 u8 dlci = __get_dlci(msc->dlci);
1578 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1580 d = rfcomm_dlc_get(s, dlci);
1585 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1586 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1588 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1592 d->remote_v24_sig = msc->v24_sig;
1594 if (d->modem_status)
1595 d->modem_status(d, msc->v24_sig);
1597 rfcomm_dlc_unlock(d);
1599 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1601 d->mscex |= RFCOMM_MSCEX_RX;
1603 d->mscex |= RFCOMM_MSCEX_TX;
1608 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1610 struct rfcomm_mcc *mcc = (void *) skb->data;
1613 cr = __test_cr(mcc->type);
1614 type = __get_mcc_type(mcc->type);
1615 len = __get_mcc_len(mcc->len);
1617 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1623 rfcomm_recv_pn(s, cr, skb);
1627 rfcomm_recv_rpn(s, cr, len, skb);
1631 rfcomm_recv_rls(s, cr, skb);
1635 rfcomm_recv_msc(s, cr, skb);
1640 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1641 rfcomm_send_fcoff(s, 0);
1647 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1648 rfcomm_send_fcon(s, 0);
1654 rfcomm_send_test(s, 0, skb->data, skb->len);
1661 BT_ERR("Unknown control type 0x%02x", type);
1662 rfcomm_send_nsc(s, cr, type);
1668 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1670 struct rfcomm_dlc *d;
1672 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1674 d = rfcomm_dlc_get(s, dlci);
1676 rfcomm_send_dm(s, dlci);
1681 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1683 d->tx_credits += credits;
1685 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1688 if (skb->len && d->state == BT_CONNECTED) {
1691 d->data_ready(d, skb);
1692 rfcomm_dlc_unlock(d);
1701 static struct rfcomm_session *rfcomm_recv_frame(struct rfcomm_session *s,
1702 struct sk_buff *skb)
1704 struct rfcomm_hdr *hdr = (void *) skb->data;
1708 /* no session, so free socket data */
1713 dlci = __get_dlci(hdr->addr);
1714 type = __get_type(hdr->ctrl);
1717 skb->len--; skb->tail--;
1718 fcs = *(u8 *)skb_tail_pointer(skb);
1720 if (__check_fcs(skb->data, type, fcs)) {
1721 BT_ERR("bad checksum in packet");
1726 if (__test_ea(hdr->len))
1733 if (__test_pf(hdr->ctrl))
1734 rfcomm_recv_sabm(s, dlci);
1738 if (__test_pf(hdr->ctrl))
1739 s = rfcomm_recv_disc(s, dlci);
1743 if (__test_pf(hdr->ctrl))
1744 s = rfcomm_recv_ua(s, dlci);
1748 s = rfcomm_recv_dm(s, dlci);
1753 rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1756 rfcomm_recv_mcc(s, skb);
1760 BT_ERR("Unknown packet type 0x%02x", type);
1767 /* ---- Connection and data processing ---- */
1769 static void rfcomm_process_connect(struct rfcomm_session *s)
1771 struct rfcomm_dlc *d, *n;
1773 BT_DBG("session %p state %ld", s, s->state);
1775 list_for_each_entry_safe(d, n, &s->dlcs, list) {
1776 if (d->state == BT_CONFIG) {
1778 if (rfcomm_check_security(d)) {
1779 rfcomm_send_pn(s, 1, d);
1781 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1782 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1788 /* Send data queued for the DLC.
1789 * Return number of frames left in the queue.
1791 static int rfcomm_process_tx(struct rfcomm_dlc *d)
1793 struct sk_buff *skb;
1796 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1797 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1799 /* Send pending MSC */
1800 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1801 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1805 * Give them some credits */
1806 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1807 d->rx_credits <= (d->cfc >> 2)) {
1808 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1809 d->rx_credits = d->cfc;
1813 * Give ourselves some credits */
1817 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1818 return skb_queue_len(&d->tx_queue);
1820 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1821 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1823 skb_queue_head(&d->tx_queue, skb);
1830 if (d->cfc && !d->tx_credits) {
1831 /* We're out of TX credits.
1832 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1833 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1836 return skb_queue_len(&d->tx_queue);
1839 static void rfcomm_process_dlcs(struct rfcomm_session *s)
1841 struct rfcomm_dlc *d, *n;
1843 BT_DBG("session %p state %ld", s, s->state);
1845 list_for_each_entry_safe(d, n, &s->dlcs, list) {
1846 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1847 __rfcomm_dlc_close(d, ETIMEDOUT);
1851 if (test_bit(RFCOMM_ENC_DROP, &d->flags)) {
1852 __rfcomm_dlc_close(d, ECONNREFUSED);
1856 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1857 rfcomm_dlc_clear_timer(d);
1859 rfcomm_send_pn(s, 1, d);
1860 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1862 if (d->defer_setup) {
1863 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1864 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1867 d->state = BT_CONNECT2;
1868 d->state_change(d, 0);
1869 rfcomm_dlc_unlock(d);
1871 rfcomm_dlc_accept(d);
1874 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1875 rfcomm_dlc_clear_timer(d);
1877 rfcomm_send_dm(s, d->dlci);
1879 d->state = BT_CLOSED;
1880 __rfcomm_dlc_close(d, ECONNREFUSED);
1884 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1887 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1890 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1891 d->mscex == RFCOMM_MSCEX_OK)
1892 rfcomm_process_tx(d);
1896 static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s)
1898 struct socket *sock = s->sock;
1899 struct sock *sk = sock->sk;
1900 struct sk_buff *skb;
1902 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1904 /* Get data directly from socket receive queue without copying it. */
1905 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1907 if (!skb_linearize(skb)) {
1908 s = rfcomm_recv_frame(s, skb);
1916 if (s && (sk->sk_state == BT_CLOSED))
1917 s = rfcomm_session_close(s, sk->sk_err);
1922 static void rfcomm_accept_connection(struct rfcomm_session *s)
1924 struct socket *sock = s->sock, *nsock;
1927 /* Fast check for a new connection.
1928 * Avoids unnesesary socket allocations. */
1929 if (list_empty(&bt_sk(sock->sk)->accept_q))
1932 BT_DBG("session %p", s);
1934 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1938 /* Set our callbacks */
1939 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1940 nsock->sk->sk_state_change = rfcomm_l2state_change;
1942 s = rfcomm_session_add(nsock, BT_OPEN);
1944 /* We should adjust MTU on incoming sessions.
1945 * L2CAP MTU minus UIH header and FCS. */
1946 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1947 l2cap_pi(nsock->sk)->chan->imtu) - 5;
1951 sock_release(nsock);
1954 static struct rfcomm_session *rfcomm_check_connection(struct rfcomm_session *s)
1956 struct sock *sk = s->sock->sk;
1958 BT_DBG("%p state %ld", s, s->state);
1960 switch (sk->sk_state) {
1962 s->state = BT_CONNECT;
1964 /* We can adjust MTU on outgoing sessions.
1965 * L2CAP MTU minus UIH header and FCS. */
1966 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
1968 rfcomm_send_sabm(s, 0);
1972 s = rfcomm_session_close(s, sk->sk_err);
1978 static void rfcomm_process_sessions(void)
1980 struct rfcomm_session *s, *n;
1984 list_for_each_entry_safe(s, n, &session_list, list) {
1985 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1986 s->state = BT_DISCONN;
1987 rfcomm_send_disc(s, 0);
1993 rfcomm_accept_connection(s);
1997 s = rfcomm_check_connection(s);
2001 s = rfcomm_process_rx(s);
2006 rfcomm_process_dlcs(s);
2012 static int rfcomm_add_listener(bdaddr_t *ba)
2014 struct sockaddr_l2 addr;
2015 struct socket *sock;
2017 struct rfcomm_session *s;
2021 err = rfcomm_l2sock_create(&sock);
2023 BT_ERR("Create socket failed %d", err);
2028 bacpy(&addr.l2_bdaddr, ba);
2029 addr.l2_family = AF_BLUETOOTH;
2030 addr.l2_psm = cpu_to_le16(L2CAP_PSM_RFCOMM);
2032 addr.l2_bdaddr_type = BDADDR_BREDR;
2033 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
2035 BT_ERR("Bind failed %d", err);
2039 /* Set L2CAP options */
2042 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
2045 /* Start listening on the socket */
2046 err = kernel_listen(sock, 10);
2048 BT_ERR("Listen failed %d", err);
2052 /* Add listening session */
2053 s = rfcomm_session_add(sock, BT_LISTEN);
2065 static void rfcomm_kill_listener(void)
2067 struct rfcomm_session *s, *n;
2071 list_for_each_entry_safe(s, n, &session_list, list)
2072 rfcomm_session_del(s);
2075 static int rfcomm_run(void *unused)
2077 DEFINE_WAIT_FUNC(wait, woken_wake_function);
2080 set_user_nice(current, -10);
2082 rfcomm_add_listener(BDADDR_ANY);
2084 add_wait_queue(&rfcomm_wq, &wait);
2085 while (!kthread_should_stop()) {
2088 rfcomm_process_sessions();
2090 wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
2092 remove_wait_queue(&rfcomm_wq, &wait);
2094 rfcomm_kill_listener();
2099 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2101 struct rfcomm_session *s;
2102 struct rfcomm_dlc *d, *n;
2104 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2106 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2110 list_for_each_entry_safe(d, n, &s->dlcs, list) {
2111 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2112 rfcomm_dlc_clear_timer(d);
2113 if (status || encrypt == 0x00) {
2114 set_bit(RFCOMM_ENC_DROP, &d->flags);
2119 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2120 if (d->sec_level == BT_SECURITY_MEDIUM) {
2121 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2122 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2124 } else if (d->sec_level == BT_SECURITY_HIGH ||
2125 d->sec_level == BT_SECURITY_FIPS) {
2126 set_bit(RFCOMM_ENC_DROP, &d->flags);
2131 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2134 if (!status && hci_conn_check_secure(conn, d->sec_level))
2135 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2137 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2143 static struct hci_cb rfcomm_cb = {
2145 .security_cfm = rfcomm_security_cfm
2148 static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2150 struct rfcomm_session *s;
2154 list_for_each_entry(s, &session_list, list) {
2155 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
2156 struct rfcomm_dlc *d;
2157 list_for_each_entry(d, &s->dlcs, list) {
2158 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n",
2159 &chan->src, &chan->dst,
2160 d->state, d->dlci, d->mtu,
2161 d->rx_credits, d->tx_credits);
2170 DEFINE_SHOW_ATTRIBUTE(rfcomm_dlc_debugfs);
2172 static struct dentry *rfcomm_dlc_debugfs;
2174 /* ---- Initialization ---- */
2175 static int __init rfcomm_init(void)
2179 hci_register_cb(&rfcomm_cb);
2181 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2182 if (IS_ERR(rfcomm_thread)) {
2183 err = PTR_ERR(rfcomm_thread);
2187 err = rfcomm_init_ttys();
2191 err = rfcomm_init_sockets();
2195 BT_INFO("RFCOMM ver %s", VERSION);
2197 if (IS_ERR_OR_NULL(bt_debugfs))
2200 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2202 &rfcomm_dlc_debugfs_fops);
2207 rfcomm_cleanup_ttys();
2210 kthread_stop(rfcomm_thread);
2213 hci_unregister_cb(&rfcomm_cb);
2218 static void __exit rfcomm_exit(void)
2220 debugfs_remove(rfcomm_dlc_debugfs);
2222 hci_unregister_cb(&rfcomm_cb);
2224 kthread_stop(rfcomm_thread);
2226 rfcomm_cleanup_ttys();
2228 rfcomm_cleanup_sockets();
2231 module_init(rfcomm_init);
2232 module_exit(rfcomm_exit);
2234 module_param(disable_cfc, bool, 0644);
2235 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2237 module_param(channel_mtu, int, 0644);
2238 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2240 module_param(l2cap_mtu, uint, 0644);
2241 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2243 module_param(l2cap_ertm, bool, 0644);
2244 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2246 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2247 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2248 MODULE_VERSION(VERSION);
2249 MODULE_LICENSE("GPL");
2250 MODULE_ALIAS("bt-proto-3");
projects / linux.git / blob