2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
28 #include <linux/module.h>
29 #include <linux/debugfs.h>
30 #include <linux/kthread.h>
31 #include <asm/unaligned.h>
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35 #include <net/bluetooth/l2cap.h>
36 #include <net/bluetooth/rfcomm.h>
38 #include <trace/events/sock.h>
40 #define VERSION "1.11"
42 static bool disable_cfc;
43 static bool l2cap_ertm;
44 static int channel_mtu = -1;
46 static struct task_struct *rfcomm_thread;
48 static DEFINE_MUTEX(rfcomm_mutex);
49 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
50 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
53 static LIST_HEAD(session_list);
55 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
56 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
57 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
58 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
59 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
60 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
61 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
62 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
63 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
64 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
66 static void rfcomm_process_connect(struct rfcomm_session *s);
68 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
72 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
73 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s);
75 /* ---- RFCOMM frame parsing macros ---- */
76 #define __get_dlci(b) ((b & 0xfc) >> 2)
77 #define __get_type(b) ((b & 0xef))
79 #define __test_ea(b) ((b & 0x01))
80 #define __test_cr(b) (!!(b & 0x02))
81 #define __test_pf(b) (!!(b & 0x10))
83 #define __session_dir(s) ((s)->initiator ? 0x00 : 0x01)
85 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
86 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
87 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
88 #define __srv_channel(dlci) (dlci >> 1)
90 #define __len8(len) (((len) << 1) | 1)
91 #define __len16(len) ((len) << 1)
94 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
95 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
96 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
99 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
100 #define __get_rpn_data_bits(line) ((line) & 0x3)
101 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
102 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
104 static DECLARE_WAIT_QUEUE_HEAD(rfcomm_wq);
106 static void rfcomm_schedule(void)
108 wake_up_all(&rfcomm_wq);
111 /* ---- RFCOMM FCS computation ---- */
113 /* reversed, 8-bit, poly=0x07 */
114 static unsigned char rfcomm_crc_table[256] = {
115 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
116 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
117 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
118 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
120 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
121 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
122 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
123 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
125 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
126 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
127 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
128 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
130 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
131 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
132 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
133 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
135 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
136 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
137 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
138 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
140 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
141 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
142 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
143 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
145 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
146 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
147 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
148 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
150 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
151 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
152 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
153 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
157 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
160 static inline u8 __fcs(u8 *data)
162 return 0xff - __crc(data);
166 static inline u8 __fcs2(u8 *data)
168 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
172 static inline int __check_fcs(u8 *data, int type, u8 fcs)
176 if (type != RFCOMM_UIH)
177 f = rfcomm_crc_table[f ^ data[2]];
179 return rfcomm_crc_table[f ^ fcs] != 0xcf;
182 /* ---- L2CAP callbacks ---- */
183 static void rfcomm_l2state_change(struct sock *sk)
185 BT_DBG("%p state %d", sk, sk->sk_state);
189 static void rfcomm_l2data_ready(struct sock *sk)
191 trace_sk_data_ready(sk);
197 static int rfcomm_l2sock_create(struct socket **sock)
203 err = sock_create_kern(&init_net, PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
205 struct sock *sk = (*sock)->sk;
206 sk->sk_data_ready = rfcomm_l2data_ready;
207 sk->sk_state_change = rfcomm_l2state_change;
212 static int rfcomm_check_security(struct rfcomm_dlc *d)
214 struct sock *sk = d->session->sock->sk;
215 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
219 switch (d->sec_level) {
220 case BT_SECURITY_HIGH:
221 case BT_SECURITY_FIPS:
222 auth_type = HCI_AT_GENERAL_BONDING_MITM;
224 case BT_SECURITY_MEDIUM:
225 auth_type = HCI_AT_GENERAL_BONDING;
228 auth_type = HCI_AT_NO_BONDING;
232 return hci_conn_security(conn->hcon, d->sec_level, auth_type,
236 static void rfcomm_session_timeout(struct timer_list *t)
238 struct rfcomm_session *s = from_timer(s, t, timer);
240 BT_DBG("session %p state %ld", s, s->state);
242 set_bit(RFCOMM_TIMED_OUT, &s->flags);
246 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
248 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
250 mod_timer(&s->timer, jiffies + timeout);
253 static void rfcomm_session_clear_timer(struct rfcomm_session *s)
255 BT_DBG("session %p state %ld", s, s->state);
257 del_timer_sync(&s->timer);
260 /* ---- RFCOMM DLCs ---- */
261 static void rfcomm_dlc_timeout(struct timer_list *t)
263 struct rfcomm_dlc *d = from_timer(d, t, timer);
265 BT_DBG("dlc %p state %ld", d, d->state);
267 set_bit(RFCOMM_TIMED_OUT, &d->flags);
272 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
274 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
276 if (!mod_timer(&d->timer, jiffies + timeout))
280 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
282 BT_DBG("dlc %p state %ld", d, d->state);
284 if (del_timer(&d->timer))
288 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
295 d->sec_level = BT_SECURITY_LOW;
296 d->mtu = RFCOMM_DEFAULT_MTU;
297 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
299 d->cfc = RFCOMM_CFC_DISABLED;
300 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
303 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
305 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
310 timer_setup(&d->timer, rfcomm_dlc_timeout, 0);
312 skb_queue_head_init(&d->tx_queue);
313 mutex_init(&d->lock);
314 refcount_set(&d->refcnt, 1);
316 rfcomm_dlc_clear_state(d);
323 void rfcomm_dlc_free(struct rfcomm_dlc *d)
327 skb_queue_purge(&d->tx_queue);
331 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
333 BT_DBG("dlc %p session %p", d, s);
335 rfcomm_session_clear_timer(s);
337 list_add(&d->list, &s->dlcs);
341 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
343 struct rfcomm_session *s = d->session;
345 BT_DBG("dlc %p refcnt %d session %p", d, refcount_read(&d->refcnt), s);
351 if (list_empty(&s->dlcs))
352 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
355 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
357 struct rfcomm_dlc *d;
359 list_for_each_entry(d, &s->dlcs, list)
366 static int rfcomm_check_channel(u8 channel)
368 return channel < 1 || channel > 30;
371 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
373 struct rfcomm_session *s;
377 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d",
378 d, d->state, src, dst, channel);
380 if (rfcomm_check_channel(channel))
383 if (d->state != BT_OPEN && d->state != BT_CLOSED)
386 s = rfcomm_session_get(src, dst);
388 s = rfcomm_session_create(src, dst, d->sec_level, &err);
393 dlci = __dlci(__session_dir(s), channel);
395 /* Check if DLCI already exists */
396 if (rfcomm_dlc_get(s, dlci))
399 rfcomm_dlc_clear_state(d);
402 d->addr = __addr(s->initiator, dlci);
405 d->state = BT_CONFIG;
406 rfcomm_dlc_link(s, d);
411 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
413 if (s->state == BT_CONNECTED) {
414 if (rfcomm_check_security(d))
415 rfcomm_send_pn(s, 1, d);
417 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
420 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
425 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
431 r = __rfcomm_dlc_open(d, src, dst, channel);
437 static void __rfcomm_dlc_disconn(struct rfcomm_dlc *d)
439 struct rfcomm_session *s = d->session;
441 d->state = BT_DISCONN;
442 if (skb_queue_empty(&d->tx_queue)) {
443 rfcomm_send_disc(s, d->dlci);
444 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
446 rfcomm_queue_disc(d);
447 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
451 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
453 struct rfcomm_session *s = d->session;
457 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
458 d, d->state, d->dlci, err, s);
465 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
466 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
475 __rfcomm_dlc_disconn(d);
479 if (s->state != BT_BOUND) {
480 __rfcomm_dlc_disconn(d);
483 /* if closing a dlc in a session that hasn't been started,
484 * just close and unlink the dlc
489 rfcomm_dlc_clear_timer(d);
492 d->state = BT_CLOSED;
493 d->state_change(d, err);
494 rfcomm_dlc_unlock(d);
496 skb_queue_purge(&d->tx_queue);
497 rfcomm_dlc_unlink(d);
503 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
506 struct rfcomm_dlc *d_list;
507 struct rfcomm_session *s, *s_list;
509 BT_DBG("dlc %p state %ld dlci %d err %d", d, d->state, d->dlci, err);
517 /* after waiting on the mutex check the session still exists
518 * then check the dlc still exists
520 list_for_each_entry(s_list, &session_list, list) {
522 list_for_each_entry(d_list, &s->dlcs, list) {
524 r = __rfcomm_dlc_close(d, err);
537 struct rfcomm_dlc *rfcomm_dlc_exists(bdaddr_t *src, bdaddr_t *dst, u8 channel)
539 struct rfcomm_session *s;
540 struct rfcomm_dlc *dlc = NULL;
543 if (rfcomm_check_channel(channel))
544 return ERR_PTR(-EINVAL);
547 s = rfcomm_session_get(src, dst);
549 dlci = __dlci(__session_dir(s), channel);
550 dlc = rfcomm_dlc_get(s, dlci);
556 static int rfcomm_dlc_send_frag(struct rfcomm_dlc *d, struct sk_buff *frag)
560 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
565 rfcomm_make_uih(frag, d->addr);
566 __skb_queue_tail(&d->tx_queue, frag);
571 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
574 struct sk_buff *frag, *next;
577 if (d->state != BT_CONNECTED)
580 frag = skb_shinfo(skb)->frag_list;
581 skb_shinfo(skb)->frag_list = NULL;
583 /* Queue all fragments atomically. */
584 spin_lock_irqsave(&d->tx_queue.lock, flags);
586 len = rfcomm_dlc_send_frag(d, skb);
587 if (len < 0 || !frag)
590 for (; frag; frag = next) {
595 ret = rfcomm_dlc_send_frag(d, frag);
597 dev_kfree_skb_irq(frag);
605 spin_unlock_irqrestore(&d->tx_queue.lock, flags);
607 if (len > 0 && !test_bit(RFCOMM_TX_THROTTLED, &d->flags))
612 void rfcomm_dlc_send_noerror(struct rfcomm_dlc *d, struct sk_buff *skb)
616 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
618 rfcomm_make_uih(skb, d->addr);
619 skb_queue_tail(&d->tx_queue, skb);
621 if (d->state == BT_CONNECTED &&
622 !test_bit(RFCOMM_TX_THROTTLED, &d->flags))
626 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
628 BT_DBG("dlc %p state %ld", d, d->state);
631 d->v24_sig |= RFCOMM_V24_FC;
632 set_bit(RFCOMM_MSC_PENDING, &d->flags);
637 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
639 BT_DBG("dlc %p state %ld", d, d->state);
642 d->v24_sig &= ~RFCOMM_V24_FC;
643 set_bit(RFCOMM_MSC_PENDING, &d->flags);
649 Set/get modem status functions use _local_ status i.e. what we report
651 Remote status is provided by dlc->modem_status() callback.
653 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
655 BT_DBG("dlc %p state %ld v24_sig 0x%x",
656 d, d->state, v24_sig);
658 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
659 v24_sig |= RFCOMM_V24_FC;
661 v24_sig &= ~RFCOMM_V24_FC;
663 d->v24_sig = v24_sig;
665 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
671 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
673 BT_DBG("dlc %p state %ld v24_sig 0x%x",
674 d, d->state, d->v24_sig);
676 *v24_sig = d->v24_sig;
680 /* ---- RFCOMM sessions ---- */
681 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
683 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
688 BT_DBG("session %p sock %p", s, sock);
690 timer_setup(&s->timer, rfcomm_session_timeout, 0);
692 INIT_LIST_HEAD(&s->dlcs);
696 s->mtu = RFCOMM_DEFAULT_MTU;
697 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
699 /* Do not increment module usage count for listening sessions.
700 * Otherwise we won't be able to unload the module. */
701 if (state != BT_LISTEN)
702 if (!try_module_get(THIS_MODULE)) {
707 list_add(&s->list, &session_list);
712 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s)
714 int state = s->state;
716 BT_DBG("session %p state %ld", s, s->state);
720 rfcomm_session_clear_timer(s);
721 sock_release(s->sock);
724 if (state != BT_LISTEN)
725 module_put(THIS_MODULE);
730 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
732 struct rfcomm_session *s, *n;
733 struct l2cap_chan *chan;
734 list_for_each_entry_safe(s, n, &session_list, list) {
735 chan = l2cap_pi(s->sock->sk)->chan;
737 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&chan->src, src)) &&
738 !bacmp(&chan->dst, dst))
744 static struct rfcomm_session *rfcomm_session_close(struct rfcomm_session *s,
747 struct rfcomm_dlc *d, *n;
749 s->state = BT_CLOSED;
751 BT_DBG("session %p state %ld err %d", s, s->state, err);
754 list_for_each_entry_safe(d, n, &s->dlcs, list) {
755 d->state = BT_CLOSED;
756 __rfcomm_dlc_close(d, err);
759 rfcomm_session_clear_timer(s);
760 return rfcomm_session_del(s);
763 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
768 struct rfcomm_session *s = NULL;
769 struct sockaddr_l2 addr;
773 BT_DBG("%pMR -> %pMR", src, dst);
775 *err = rfcomm_l2sock_create(&sock);
779 bacpy(&addr.l2_bdaddr, src);
780 addr.l2_family = AF_BLUETOOTH;
783 addr.l2_bdaddr_type = BDADDR_BREDR;
784 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
788 /* Set L2CAP options */
791 /* Set MTU to 0 so L2CAP can auto select the MTU */
792 l2cap_pi(sk)->chan->imtu = 0;
793 l2cap_pi(sk)->chan->sec_level = sec_level;
795 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
798 s = rfcomm_session_add(sock, BT_BOUND);
806 bacpy(&addr.l2_bdaddr, dst);
807 addr.l2_family = AF_BLUETOOTH;
808 addr.l2_psm = cpu_to_le16(L2CAP_PSM_RFCOMM);
810 addr.l2_bdaddr_type = BDADDR_BREDR;
811 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
812 if (*err == 0 || *err == -EINPROGRESS)
815 return rfcomm_session_del(s);
822 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
824 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
826 bacpy(src, &chan->src);
828 bacpy(dst, &chan->dst);
831 /* ---- RFCOMM frame sending ---- */
832 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
834 struct kvec iv = { data, len };
837 BT_DBG("session %p len %d", s, len);
839 memset(&msg, 0, sizeof(msg));
841 return kernel_sendmsg(s->sock, &msg, &iv, 1, len);
844 static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd)
846 BT_DBG("%p cmd %u", s, cmd->ctrl);
848 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd));
851 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
853 struct rfcomm_cmd cmd;
855 BT_DBG("%p dlci %d", s, dlci);
857 cmd.addr = __addr(s->initiator, dlci);
858 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
860 cmd.fcs = __fcs2((u8 *) &cmd);
862 return rfcomm_send_cmd(s, &cmd);
865 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
867 struct rfcomm_cmd cmd;
869 BT_DBG("%p dlci %d", s, dlci);
871 cmd.addr = __addr(!s->initiator, dlci);
872 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
874 cmd.fcs = __fcs2((u8 *) &cmd);
876 return rfcomm_send_cmd(s, &cmd);
879 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
881 struct rfcomm_cmd cmd;
883 BT_DBG("%p dlci %d", s, dlci);
885 cmd.addr = __addr(s->initiator, dlci);
886 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
888 cmd.fcs = __fcs2((u8 *) &cmd);
890 return rfcomm_send_cmd(s, &cmd);
893 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
895 struct rfcomm_cmd *cmd;
898 BT_DBG("dlc %p dlci %d", d, d->dlci);
900 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
904 cmd = __skb_put(skb, sizeof(*cmd));
906 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
907 cmd->len = __len8(0);
908 cmd->fcs = __fcs2((u8 *) cmd);
910 skb_queue_tail(&d->tx_queue, skb);
915 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
917 struct rfcomm_cmd cmd;
919 BT_DBG("%p dlci %d", s, dlci);
921 cmd.addr = __addr(!s->initiator, dlci);
922 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
924 cmd.fcs = __fcs2((u8 *) &cmd);
926 return rfcomm_send_cmd(s, &cmd);
929 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
931 struct rfcomm_hdr *hdr;
932 struct rfcomm_mcc *mcc;
933 u8 buf[16], *ptr = buf;
935 BT_DBG("%p cr %d type %d", s, cr, type);
937 hdr = (void *) ptr; ptr += sizeof(*hdr);
938 hdr->addr = __addr(s->initiator, 0);
939 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
940 hdr->len = __len8(sizeof(*mcc) + 1);
942 mcc = (void *) ptr; ptr += sizeof(*mcc);
943 mcc->type = __mcc_type(0, RFCOMM_NSC);
944 mcc->len = __len8(1);
946 /* Type that we didn't like */
947 *ptr = __mcc_type(cr, type); ptr++;
949 *ptr = __fcs(buf); ptr++;
951 return rfcomm_send_frame(s, buf, ptr - buf);
954 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
956 struct rfcomm_hdr *hdr;
957 struct rfcomm_mcc *mcc;
958 struct rfcomm_pn *pn;
959 u8 buf[16], *ptr = buf;
961 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
963 hdr = (void *) ptr; ptr += sizeof(*hdr);
964 hdr->addr = __addr(s->initiator, 0);
965 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
966 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
968 mcc = (void *) ptr; ptr += sizeof(*mcc);
969 mcc->type = __mcc_type(cr, RFCOMM_PN);
970 mcc->len = __len8(sizeof(*pn));
972 pn = (void *) ptr; ptr += sizeof(*pn);
974 pn->priority = d->priority;
979 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
980 pn->credits = RFCOMM_DEFAULT_CREDITS;
986 if (cr && channel_mtu >= 0)
987 pn->mtu = cpu_to_le16(channel_mtu);
989 pn->mtu = cpu_to_le16(d->mtu);
991 *ptr = __fcs(buf); ptr++;
993 return rfcomm_send_frame(s, buf, ptr - buf);
996 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
997 u8 bit_rate, u8 data_bits, u8 stop_bits,
998 u8 parity, u8 flow_ctrl_settings,
999 u8 xon_char, u8 xoff_char, u16 param_mask)
1001 struct rfcomm_hdr *hdr;
1002 struct rfcomm_mcc *mcc;
1003 struct rfcomm_rpn *rpn;
1004 u8 buf[16], *ptr = buf;
1006 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
1007 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
1008 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
1009 flow_ctrl_settings, xon_char, xoff_char, param_mask);
1011 hdr = (void *) ptr; ptr += sizeof(*hdr);
1012 hdr->addr = __addr(s->initiator, 0);
1013 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1014 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
1016 mcc = (void *) ptr; ptr += sizeof(*mcc);
1017 mcc->type = __mcc_type(cr, RFCOMM_RPN);
1018 mcc->len = __len8(sizeof(*rpn));
1020 rpn = (void *) ptr; ptr += sizeof(*rpn);
1021 rpn->dlci = __addr(1, dlci);
1022 rpn->bit_rate = bit_rate;
1023 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
1024 rpn->flow_ctrl = flow_ctrl_settings;
1025 rpn->xon_char = xon_char;
1026 rpn->xoff_char = xoff_char;
1027 rpn->param_mask = cpu_to_le16(param_mask);
1029 *ptr = __fcs(buf); ptr++;
1031 return rfcomm_send_frame(s, buf, ptr - buf);
1034 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
1036 struct rfcomm_hdr *hdr;
1037 struct rfcomm_mcc *mcc;
1038 struct rfcomm_rls *rls;
1039 u8 buf[16], *ptr = buf;
1041 BT_DBG("%p cr %d status 0x%x", s, cr, status);
1043 hdr = (void *) ptr; ptr += sizeof(*hdr);
1044 hdr->addr = __addr(s->initiator, 0);
1045 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1046 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
1048 mcc = (void *) ptr; ptr += sizeof(*mcc);
1049 mcc->type = __mcc_type(cr, RFCOMM_RLS);
1050 mcc->len = __len8(sizeof(*rls));
1052 rls = (void *) ptr; ptr += sizeof(*rls);
1053 rls->dlci = __addr(1, dlci);
1054 rls->status = status;
1056 *ptr = __fcs(buf); ptr++;
1058 return rfcomm_send_frame(s, buf, ptr - buf);
1061 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
1063 struct rfcomm_hdr *hdr;
1064 struct rfcomm_mcc *mcc;
1065 struct rfcomm_msc *msc;
1066 u8 buf[16], *ptr = buf;
1068 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
1070 hdr = (void *) ptr; ptr += sizeof(*hdr);
1071 hdr->addr = __addr(s->initiator, 0);
1072 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1073 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
1075 mcc = (void *) ptr; ptr += sizeof(*mcc);
1076 mcc->type = __mcc_type(cr, RFCOMM_MSC);
1077 mcc->len = __len8(sizeof(*msc));
1079 msc = (void *) ptr; ptr += sizeof(*msc);
1080 msc->dlci = __addr(1, dlci);
1081 msc->v24_sig = v24_sig | 0x01;
1083 *ptr = __fcs(buf); ptr++;
1085 return rfcomm_send_frame(s, buf, ptr - buf);
1088 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
1090 struct rfcomm_hdr *hdr;
1091 struct rfcomm_mcc *mcc;
1092 u8 buf[16], *ptr = buf;
1094 BT_DBG("%p cr %d", s, cr);
1096 hdr = (void *) ptr; ptr += sizeof(*hdr);
1097 hdr->addr = __addr(s->initiator, 0);
1098 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1099 hdr->len = __len8(sizeof(*mcc));
1101 mcc = (void *) ptr; ptr += sizeof(*mcc);
1102 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1103 mcc->len = __len8(0);
1105 *ptr = __fcs(buf); ptr++;
1107 return rfcomm_send_frame(s, buf, ptr - buf);
1110 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1112 struct rfcomm_hdr *hdr;
1113 struct rfcomm_mcc *mcc;
1114 u8 buf[16], *ptr = buf;
1116 BT_DBG("%p cr %d", s, cr);
1118 hdr = (void *) ptr; ptr += sizeof(*hdr);
1119 hdr->addr = __addr(s->initiator, 0);
1120 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1121 hdr->len = __len8(sizeof(*mcc));
1123 mcc = (void *) ptr; ptr += sizeof(*mcc);
1124 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1125 mcc->len = __len8(0);
1127 *ptr = __fcs(buf); ptr++;
1129 return rfcomm_send_frame(s, buf, ptr - buf);
1132 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1134 struct socket *sock = s->sock;
1137 unsigned char hdr[5], crc[1];
1142 BT_DBG("%p cr %d", s, cr);
1144 hdr[0] = __addr(s->initiator, 0);
1145 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1146 hdr[2] = 0x01 | ((len + 2) << 1);
1147 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1148 hdr[4] = 0x01 | (len << 1);
1150 crc[0] = __fcs(hdr);
1152 iv[0].iov_base = hdr;
1154 iv[1].iov_base = pattern;
1155 iv[1].iov_len = len;
1156 iv[2].iov_base = crc;
1159 memset(&msg, 0, sizeof(msg));
1161 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1164 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1166 struct rfcomm_hdr *hdr;
1167 u8 buf[16], *ptr = buf;
1169 BT_DBG("%p addr %d credits %d", s, addr, credits);
1171 hdr = (void *) ptr; ptr += sizeof(*hdr);
1173 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1174 hdr->len = __len8(0);
1176 *ptr = credits; ptr++;
1178 *ptr = __fcs(buf); ptr++;
1180 return rfcomm_send_frame(s, buf, ptr - buf);
1183 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1185 struct rfcomm_hdr *hdr;
1190 hdr = skb_push(skb, 4);
1191 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1193 hdr = skb_push(skb, 3);
1194 hdr->len = __len8(len);
1197 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1199 crc = skb_put(skb, 1);
1200 *crc = __fcs((void *) hdr);
1203 /* ---- RFCOMM frame reception ---- */
1204 static struct rfcomm_session *rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1206 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1210 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1212 rfcomm_send_dm(s, dlci);
1218 rfcomm_dlc_clear_timer(d);
1221 d->state = BT_CONNECTED;
1222 d->state_change(d, 0);
1223 rfcomm_dlc_unlock(d);
1225 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1229 d->state = BT_CLOSED;
1230 __rfcomm_dlc_close(d, 0);
1232 if (list_empty(&s->dlcs)) {
1233 s->state = BT_DISCONN;
1234 rfcomm_send_disc(s, 0);
1235 rfcomm_session_clear_timer(s);
1241 /* Control channel */
1244 s->state = BT_CONNECTED;
1245 rfcomm_process_connect(s);
1249 s = rfcomm_session_close(s, ECONNRESET);
1256 static struct rfcomm_session *rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1260 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1264 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1266 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1271 d->state = BT_CLOSED;
1272 __rfcomm_dlc_close(d, err);
1275 if (s->state == BT_CONNECT)
1280 s = rfcomm_session_close(s, err);
1285 static struct rfcomm_session *rfcomm_recv_disc(struct rfcomm_session *s,
1290 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1293 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1295 rfcomm_send_ua(s, dlci);
1297 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1302 d->state = BT_CLOSED;
1303 __rfcomm_dlc_close(d, err);
1305 rfcomm_send_dm(s, dlci);
1308 rfcomm_send_ua(s, 0);
1310 if (s->state == BT_CONNECT)
1315 s = rfcomm_session_close(s, err);
1320 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1322 struct sock *sk = d->session->sock->sk;
1323 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1325 BT_DBG("dlc %p", d);
1327 rfcomm_send_ua(d->session, d->dlci);
1329 rfcomm_dlc_clear_timer(d);
1332 d->state = BT_CONNECTED;
1333 d->state_change(d, 0);
1334 rfcomm_dlc_unlock(d);
1337 hci_conn_switch_role(conn->hcon, 0x00);
1339 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1342 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1344 if (rfcomm_check_security(d)) {
1345 if (d->defer_setup) {
1346 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1347 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1350 d->state = BT_CONNECT2;
1351 d->state_change(d, 0);
1352 rfcomm_dlc_unlock(d);
1354 rfcomm_dlc_accept(d);
1356 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1357 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1361 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1363 struct rfcomm_dlc *d;
1366 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1369 rfcomm_send_ua(s, 0);
1371 if (s->state == BT_OPEN) {
1372 s->state = BT_CONNECTED;
1373 rfcomm_process_connect(s);
1378 /* Check if DLC exists */
1379 d = rfcomm_dlc_get(s, dlci);
1381 if (d->state == BT_OPEN) {
1382 /* DLC was previously opened by PN request */
1383 rfcomm_check_accept(d);
1388 /* Notify socket layer about incoming connection */
1389 channel = __srv_channel(dlci);
1390 if (rfcomm_connect_ind(s, channel, &d)) {
1392 d->addr = __addr(s->initiator, dlci);
1393 rfcomm_dlc_link(s, d);
1395 rfcomm_check_accept(d);
1397 rfcomm_send_dm(s, dlci);
1403 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1405 struct rfcomm_session *s = d->session;
1407 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1408 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1410 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1411 pn->flow_ctrl == 0xe0) {
1412 d->cfc = RFCOMM_CFC_ENABLED;
1413 d->tx_credits = pn->credits;
1415 d->cfc = RFCOMM_CFC_DISABLED;
1416 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1419 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1422 d->priority = pn->priority;
1424 d->mtu = __le16_to_cpu(pn->mtu);
1426 if (cr && d->mtu > s->mtu)
1432 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1434 struct rfcomm_pn *pn = (void *) skb->data;
1435 struct rfcomm_dlc *d;
1438 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1443 d = rfcomm_dlc_get(s, dlci);
1447 rfcomm_apply_pn(d, cr, pn);
1448 rfcomm_send_pn(s, 0, d);
1453 rfcomm_apply_pn(d, cr, pn);
1455 d->state = BT_CONNECT;
1456 rfcomm_send_sabm(s, d->dlci);
1461 u8 channel = __srv_channel(dlci);
1466 /* PN request for non existing DLC.
1467 * Assume incoming connection. */
1468 if (rfcomm_connect_ind(s, channel, &d)) {
1470 d->addr = __addr(s->initiator, dlci);
1471 rfcomm_dlc_link(s, d);
1473 rfcomm_apply_pn(d, cr, pn);
1476 rfcomm_send_pn(s, 0, d);
1478 rfcomm_send_dm(s, dlci);
1484 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1486 struct rfcomm_rpn *rpn = (void *) skb->data;
1487 u8 dlci = __get_dlci(rpn->dlci);
1496 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1498 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1499 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1500 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1506 /* This is a request, return default (according to ETSI TS 07.10) settings */
1507 bit_rate = RFCOMM_RPN_BR_9600;
1508 data_bits = RFCOMM_RPN_DATA_8;
1509 stop_bits = RFCOMM_RPN_STOP_1;
1510 parity = RFCOMM_RPN_PARITY_NONE;
1511 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1512 xon_char = RFCOMM_RPN_XON_CHAR;
1513 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1517 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1518 * no parity, no flow control lines, normal XON/XOFF chars */
1520 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1521 bit_rate = rpn->bit_rate;
1522 if (bit_rate > RFCOMM_RPN_BR_230400) {
1523 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1524 bit_rate = RFCOMM_RPN_BR_9600;
1525 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1529 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1530 data_bits = __get_rpn_data_bits(rpn->line_settings);
1531 if (data_bits != RFCOMM_RPN_DATA_8) {
1532 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1533 data_bits = RFCOMM_RPN_DATA_8;
1534 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1538 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1539 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1540 if (stop_bits != RFCOMM_RPN_STOP_1) {
1541 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1542 stop_bits = RFCOMM_RPN_STOP_1;
1543 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1547 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1548 parity = __get_rpn_parity(rpn->line_settings);
1549 if (parity != RFCOMM_RPN_PARITY_NONE) {
1550 BT_DBG("RPN parity mismatch 0x%x", parity);
1551 parity = RFCOMM_RPN_PARITY_NONE;
1552 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1556 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1557 flow_ctrl = rpn->flow_ctrl;
1558 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1559 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1560 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1561 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1565 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1566 xon_char = rpn->xon_char;
1567 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1568 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1569 xon_char = RFCOMM_RPN_XON_CHAR;
1570 rpn_mask ^= RFCOMM_RPN_PM_XON;
1574 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1575 xoff_char = rpn->xoff_char;
1576 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1577 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1578 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1579 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1584 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1585 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1590 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1592 struct rfcomm_rls *rls = (void *) skb->data;
1593 u8 dlci = __get_dlci(rls->dlci);
1595 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1600 /* We should probably do something with this information here. But
1601 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1602 * mandatory to recognise and respond to RLS */
1604 rfcomm_send_rls(s, 0, dlci, rls->status);
1609 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1611 struct rfcomm_msc *msc = (void *) skb->data;
1612 struct rfcomm_dlc *d;
1613 u8 dlci = __get_dlci(msc->dlci);
1615 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1617 d = rfcomm_dlc_get(s, dlci);
1622 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1623 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1625 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1629 d->remote_v24_sig = msc->v24_sig;
1631 if (d->modem_status)
1632 d->modem_status(d, msc->v24_sig);
1634 rfcomm_dlc_unlock(d);
1636 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1638 d->mscex |= RFCOMM_MSCEX_RX;
1640 d->mscex |= RFCOMM_MSCEX_TX;
1645 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1647 struct rfcomm_mcc *mcc = (void *) skb->data;
1650 cr = __test_cr(mcc->type);
1651 type = __get_mcc_type(mcc->type);
1652 len = __get_mcc_len(mcc->len);
1654 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1660 rfcomm_recv_pn(s, cr, skb);
1664 rfcomm_recv_rpn(s, cr, len, skb);
1668 rfcomm_recv_rls(s, cr, skb);
1672 rfcomm_recv_msc(s, cr, skb);
1677 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1678 rfcomm_send_fcoff(s, 0);
1684 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1685 rfcomm_send_fcon(s, 0);
1691 rfcomm_send_test(s, 0, skb->data, skb->len);
1698 BT_ERR("Unknown control type 0x%02x", type);
1699 rfcomm_send_nsc(s, cr, type);
1705 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1707 struct rfcomm_dlc *d;
1709 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1711 d = rfcomm_dlc_get(s, dlci);
1713 rfcomm_send_dm(s, dlci);
1718 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1720 d->tx_credits += credits;
1722 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1725 if (skb->len && d->state == BT_CONNECTED) {
1728 d->data_ready(d, skb);
1729 rfcomm_dlc_unlock(d);
1738 static struct rfcomm_session *rfcomm_recv_frame(struct rfcomm_session *s,
1739 struct sk_buff *skb)
1741 struct rfcomm_hdr *hdr = (void *) skb->data;
1745 /* no session, so free socket data */
1750 dlci = __get_dlci(hdr->addr);
1751 type = __get_type(hdr->ctrl);
1754 skb->len--; skb->tail--;
1755 fcs = *(u8 *)skb_tail_pointer(skb);
1757 if (__check_fcs(skb->data, type, fcs)) {
1758 BT_ERR("bad checksum in packet");
1763 if (__test_ea(hdr->len))
1770 if (__test_pf(hdr->ctrl))
1771 rfcomm_recv_sabm(s, dlci);
1775 if (__test_pf(hdr->ctrl))
1776 s = rfcomm_recv_disc(s, dlci);
1780 if (__test_pf(hdr->ctrl))
1781 s = rfcomm_recv_ua(s, dlci);
1785 s = rfcomm_recv_dm(s, dlci);
1790 rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1793 rfcomm_recv_mcc(s, skb);
1797 BT_ERR("Unknown packet type 0x%02x", type);
1804 /* ---- Connection and data processing ---- */
1806 static void rfcomm_process_connect(struct rfcomm_session *s)
1808 struct rfcomm_dlc *d, *n;
1810 BT_DBG("session %p state %ld", s, s->state);
1812 list_for_each_entry_safe(d, n, &s->dlcs, list) {
1813 if (d->state == BT_CONFIG) {
1815 if (rfcomm_check_security(d)) {
1816 rfcomm_send_pn(s, 1, d);
1818 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1819 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1825 /* Send data queued for the DLC.
1826 * Return number of frames left in the queue.
1828 static int rfcomm_process_tx(struct rfcomm_dlc *d)
1830 struct sk_buff *skb;
1833 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1834 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1836 /* Send pending MSC */
1837 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1838 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1842 * Give them some credits */
1843 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1844 d->rx_credits <= (d->cfc >> 2)) {
1845 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1846 d->rx_credits = d->cfc;
1850 * Give ourselves some credits */
1854 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1855 return skb_queue_len(&d->tx_queue);
1857 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1858 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1860 skb_queue_head(&d->tx_queue, skb);
1867 if (d->cfc && !d->tx_credits) {
1868 /* We're out of TX credits.
1869 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1870 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1873 return skb_queue_len(&d->tx_queue);
1876 static void rfcomm_process_dlcs(struct rfcomm_session *s)
1878 struct rfcomm_dlc *d, *n;
1880 BT_DBG("session %p state %ld", s, s->state);
1882 list_for_each_entry_safe(d, n, &s->dlcs, list) {
1883 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1884 __rfcomm_dlc_close(d, ETIMEDOUT);
1888 if (test_bit(RFCOMM_ENC_DROP, &d->flags)) {
1889 __rfcomm_dlc_close(d, ECONNREFUSED);
1893 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1894 rfcomm_dlc_clear_timer(d);
1896 rfcomm_send_pn(s, 1, d);
1897 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1899 if (d->defer_setup) {
1900 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1901 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1904 d->state = BT_CONNECT2;
1905 d->state_change(d, 0);
1906 rfcomm_dlc_unlock(d);
1908 rfcomm_dlc_accept(d);
1911 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1912 rfcomm_dlc_clear_timer(d);
1914 rfcomm_send_dm(s, d->dlci);
1916 d->state = BT_CLOSED;
1917 __rfcomm_dlc_close(d, ECONNREFUSED);
1921 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1924 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1927 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1928 d->mscex == RFCOMM_MSCEX_OK)
1929 rfcomm_process_tx(d);
1933 static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s)
1935 struct socket *sock = s->sock;
1936 struct sock *sk = sock->sk;
1937 struct sk_buff *skb;
1939 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1941 /* Get data directly from socket receive queue without copying it. */
1942 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1944 if (!skb_linearize(skb) && sk->sk_state != BT_CLOSED) {
1945 s = rfcomm_recv_frame(s, skb);
1953 if (s && (sk->sk_state == BT_CLOSED))
1954 s = rfcomm_session_close(s, sk->sk_err);
1959 static void rfcomm_accept_connection(struct rfcomm_session *s)
1961 struct socket *sock = s->sock, *nsock;
1964 /* Fast check for a new connection.
1965 * Avoids unnesesary socket allocations. */
1966 if (list_empty(&bt_sk(sock->sk)->accept_q))
1969 BT_DBG("session %p", s);
1971 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1975 /* Set our callbacks */
1976 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1977 nsock->sk->sk_state_change = rfcomm_l2state_change;
1979 s = rfcomm_session_add(nsock, BT_OPEN);
1981 /* We should adjust MTU on incoming sessions.
1982 * L2CAP MTU minus UIH header and FCS. */
1983 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1984 l2cap_pi(nsock->sk)->chan->imtu) - 5;
1988 sock_release(nsock);
1991 static struct rfcomm_session *rfcomm_check_connection(struct rfcomm_session *s)
1993 struct sock *sk = s->sock->sk;
1995 BT_DBG("%p state %ld", s, s->state);
1997 switch (sk->sk_state) {
1999 s->state = BT_CONNECT;
2001 /* We can adjust MTU on outgoing sessions.
2002 * L2CAP MTU minus UIH header and FCS. */
2003 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
2005 rfcomm_send_sabm(s, 0);
2009 s = rfcomm_session_close(s, sk->sk_err);
2015 static void rfcomm_process_sessions(void)
2017 struct rfcomm_session *s, *n;
2021 list_for_each_entry_safe(s, n, &session_list, list) {
2022 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
2023 s->state = BT_DISCONN;
2024 rfcomm_send_disc(s, 0);
2030 rfcomm_accept_connection(s);
2034 s = rfcomm_check_connection(s);
2038 s = rfcomm_process_rx(s);
2043 rfcomm_process_dlcs(s);
2049 static int rfcomm_add_listener(bdaddr_t *ba)
2051 struct sockaddr_l2 addr;
2052 struct socket *sock;
2054 struct rfcomm_session *s;
2058 err = rfcomm_l2sock_create(&sock);
2060 BT_ERR("Create socket failed %d", err);
2065 bacpy(&addr.l2_bdaddr, ba);
2066 addr.l2_family = AF_BLUETOOTH;
2067 addr.l2_psm = cpu_to_le16(L2CAP_PSM_RFCOMM);
2069 addr.l2_bdaddr_type = BDADDR_BREDR;
2070 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
2072 BT_ERR("Bind failed %d", err);
2076 /* Set L2CAP options */
2079 /* Set MTU to 0 so L2CAP can auto select the MTU */
2080 l2cap_pi(sk)->chan->imtu = 0;
2083 /* Start listening on the socket */
2084 err = kernel_listen(sock, 10);
2086 BT_ERR("Listen failed %d", err);
2090 /* Add listening session */
2091 s = rfcomm_session_add(sock, BT_LISTEN);
2103 static void rfcomm_kill_listener(void)
2105 struct rfcomm_session *s, *n;
2109 list_for_each_entry_safe(s, n, &session_list, list)
2110 rfcomm_session_del(s);
2113 static int rfcomm_run(void *unused)
2115 DEFINE_WAIT_FUNC(wait, woken_wake_function);
2118 set_user_nice(current, -10);
2120 rfcomm_add_listener(BDADDR_ANY);
2122 add_wait_queue(&rfcomm_wq, &wait);
2123 while (!kthread_should_stop()) {
2126 rfcomm_process_sessions();
2128 wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
2130 remove_wait_queue(&rfcomm_wq, &wait);
2132 rfcomm_kill_listener();
2137 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2139 struct rfcomm_session *s;
2140 struct rfcomm_dlc *d, *n;
2142 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2144 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2148 list_for_each_entry_safe(d, n, &s->dlcs, list) {
2149 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2150 rfcomm_dlc_clear_timer(d);
2151 if (status || encrypt == 0x00) {
2152 set_bit(RFCOMM_ENC_DROP, &d->flags);
2157 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2158 if (d->sec_level == BT_SECURITY_MEDIUM) {
2159 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2160 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2162 } else if (d->sec_level == BT_SECURITY_HIGH ||
2163 d->sec_level == BT_SECURITY_FIPS) {
2164 set_bit(RFCOMM_ENC_DROP, &d->flags);
2169 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2172 if (!status && hci_conn_check_secure(conn, d->sec_level))
2173 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2175 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2181 static struct hci_cb rfcomm_cb = {
2183 .security_cfm = rfcomm_security_cfm
2186 static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2188 struct rfcomm_session *s;
2192 list_for_each_entry(s, &session_list, list) {
2193 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
2194 struct rfcomm_dlc *d;
2195 list_for_each_entry(d, &s->dlcs, list) {
2196 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n",
2197 &chan->src, &chan->dst,
2198 d->state, d->dlci, d->mtu,
2199 d->rx_credits, d->tx_credits);
2208 DEFINE_SHOW_ATTRIBUTE(rfcomm_dlc_debugfs);
2210 static struct dentry *rfcomm_dlc_debugfs;
2212 /* ---- Initialization ---- */
2213 static int __init rfcomm_init(void)
2217 hci_register_cb(&rfcomm_cb);
2219 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2220 if (IS_ERR(rfcomm_thread)) {
2221 err = PTR_ERR(rfcomm_thread);
2225 err = rfcomm_init_ttys();
2229 err = rfcomm_init_sockets();
2233 BT_INFO("RFCOMM ver %s", VERSION);
2235 if (IS_ERR_OR_NULL(bt_debugfs))
2238 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2240 &rfcomm_dlc_debugfs_fops);
2245 rfcomm_cleanup_ttys();
2248 kthread_stop(rfcomm_thread);
2251 hci_unregister_cb(&rfcomm_cb);
2256 static void __exit rfcomm_exit(void)
2258 debugfs_remove(rfcomm_dlc_debugfs);
2260 hci_unregister_cb(&rfcomm_cb);
2262 kthread_stop(rfcomm_thread);
2264 rfcomm_cleanup_ttys();
2266 rfcomm_cleanup_sockets();
2269 module_init(rfcomm_init);
2270 module_exit(rfcomm_exit);
2272 module_param(disable_cfc, bool, 0644);
2273 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2275 module_param(channel_mtu, int, 0644);
2276 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2278 module_param(l2cap_ertm, bool, 0644);
2279 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2281 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2282 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2283 MODULE_VERSION(VERSION);
2284 MODULE_LICENSE("GPL");
2285 MODULE_ALIAS("bt-proto-3");
git.samba.org / sfrench / cifs-2.6.git / blob