2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
28 #include <linux/module.h>
29 #include <linux/debugfs.h>
30 #include <linux/kthread.h>
31 #include <asm/unaligned.h>
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35 #include <net/bluetooth/l2cap.h>
36 #include <net/bluetooth/rfcomm.h>
38 #define VERSION "1.11"
40 static bool disable_cfc;
41 static bool l2cap_ertm;
42 static int channel_mtu = -1;
43 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
45 static struct task_struct *rfcomm_thread;
47 static DEFINE_MUTEX(rfcomm_mutex);
48 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
49 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
52 static LIST_HEAD(session_list);
54 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
55 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
56 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
57 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
58 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
59 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
60 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
61 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
62 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
63 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
65 static void rfcomm_process_connect(struct rfcomm_session *s);
67 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
71 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
72 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s);
74 /* ---- RFCOMM frame parsing macros ---- */
75 #define __get_dlci(b) ((b & 0xfc) >> 2)
76 #define __get_channel(b) ((b & 0xf8) >> 3)
77 #define __get_dir(b) ((b & 0x04) >> 2)
78 #define __get_type(b) ((b & 0xef))
80 #define __test_ea(b) ((b & 0x01))
81 #define __test_cr(b) ((b & 0x02))
82 #define __test_pf(b) ((b & 0x10))
84 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
85 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
86 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
87 #define __srv_channel(dlci) (dlci >> 1)
88 #define __dir(dlci) (dlci & 0x01)
90 #define __len8(len) (((len) << 1) | 1)
91 #define __len16(len) ((len) << 1)
94 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
95 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
96 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
99 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
100 #define __get_rpn_data_bits(line) ((line) & 0x3)
101 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
102 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
104 static void rfcomm_schedule(void)
108 wake_up_process(rfcomm_thread);
111 /* ---- RFCOMM FCS computation ---- */
113 /* reversed, 8-bit, poly=0x07 */
114 static unsigned char rfcomm_crc_table[256] = {
115 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
116 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
117 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
118 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
120 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
121 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
122 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
123 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
125 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
126 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
127 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
128 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
130 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
131 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
132 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
133 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
135 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
136 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
137 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
138 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
140 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
141 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
142 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
143 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
145 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
146 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
147 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
148 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
150 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
151 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
152 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
153 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
157 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
160 static inline u8 __fcs(u8 *data)
162 return 0xff - __crc(data);
166 static inline u8 __fcs2(u8 *data)
168 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
172 static inline int __check_fcs(u8 *data, int type, u8 fcs)
176 if (type != RFCOMM_UIH)
177 f = rfcomm_crc_table[f ^ data[2]];
179 return rfcomm_crc_table[f ^ fcs] != 0xcf;
182 /* ---- L2CAP callbacks ---- */
183 static void rfcomm_l2state_change(struct sock *sk)
185 BT_DBG("%p state %d", sk, sk->sk_state);
189 static void rfcomm_l2data_ready(struct sock *sk)
195 static int rfcomm_l2sock_create(struct socket **sock)
201 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
203 struct sock *sk = (*sock)->sk;
204 sk->sk_data_ready = rfcomm_l2data_ready;
205 sk->sk_state_change = rfcomm_l2state_change;
210 static int rfcomm_check_security(struct rfcomm_dlc *d)
212 struct sock *sk = d->session->sock->sk;
213 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
217 switch (d->sec_level) {
218 case BT_SECURITY_HIGH:
219 case BT_SECURITY_FIPS:
220 auth_type = HCI_AT_GENERAL_BONDING_MITM;
222 case BT_SECURITY_MEDIUM:
223 auth_type = HCI_AT_GENERAL_BONDING;
226 auth_type = HCI_AT_NO_BONDING;
230 return hci_conn_security(conn->hcon, d->sec_level, auth_type);
233 static void rfcomm_session_timeout(unsigned long arg)
235 struct rfcomm_session *s = (void *) arg;
237 BT_DBG("session %p state %ld", s, s->state);
239 set_bit(RFCOMM_TIMED_OUT, &s->flags);
243 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
245 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
247 mod_timer(&s->timer, jiffies + timeout);
250 static void rfcomm_session_clear_timer(struct rfcomm_session *s)
252 BT_DBG("session %p state %ld", s, s->state);
254 del_timer_sync(&s->timer);
257 /* ---- RFCOMM DLCs ---- */
258 static void rfcomm_dlc_timeout(unsigned long arg)
260 struct rfcomm_dlc *d = (void *) arg;
262 BT_DBG("dlc %p state %ld", d, d->state);
264 set_bit(RFCOMM_TIMED_OUT, &d->flags);
269 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
271 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
273 if (!mod_timer(&d->timer, jiffies + timeout))
277 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
279 BT_DBG("dlc %p state %ld", d, d->state);
281 if (del_timer(&d->timer))
285 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
292 d->sec_level = BT_SECURITY_LOW;
293 d->mtu = RFCOMM_DEFAULT_MTU;
294 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
296 d->cfc = RFCOMM_CFC_DISABLED;
297 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
300 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
302 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
307 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
309 skb_queue_head_init(&d->tx_queue);
310 spin_lock_init(&d->lock);
311 atomic_set(&d->refcnt, 1);
313 rfcomm_dlc_clear_state(d);
320 void rfcomm_dlc_free(struct rfcomm_dlc *d)
324 skb_queue_purge(&d->tx_queue);
328 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
330 BT_DBG("dlc %p session %p", d, s);
332 rfcomm_session_clear_timer(s);
334 list_add(&d->list, &s->dlcs);
338 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
340 struct rfcomm_session *s = d->session;
342 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
348 if (list_empty(&s->dlcs))
349 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
352 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
354 struct rfcomm_dlc *d;
356 list_for_each_entry(d, &s->dlcs, list)
363 static int rfcomm_check_channel(u8 channel)
365 return channel < 1 || channel > 30;
368 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
370 struct rfcomm_session *s;
374 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d",
375 d, d->state, src, dst, channel);
377 if (rfcomm_check_channel(channel))
380 if (d->state != BT_OPEN && d->state != BT_CLOSED)
383 s = rfcomm_session_get(src, dst);
385 s = rfcomm_session_create(src, dst, d->sec_level, &err);
390 dlci = __dlci(!s->initiator, channel);
392 /* Check if DLCI already exists */
393 if (rfcomm_dlc_get(s, dlci))
396 rfcomm_dlc_clear_state(d);
399 d->addr = __addr(s->initiator, dlci);
402 d->state = BT_CONFIG;
403 rfcomm_dlc_link(s, d);
408 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
410 if (s->state == BT_CONNECTED) {
411 if (rfcomm_check_security(d))
412 rfcomm_send_pn(s, 1, d);
414 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
417 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
422 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
428 r = __rfcomm_dlc_open(d, src, dst, channel);
434 static void __rfcomm_dlc_disconn(struct rfcomm_dlc *d)
436 struct rfcomm_session *s = d->session;
438 d->state = BT_DISCONN;
439 if (skb_queue_empty(&d->tx_queue)) {
440 rfcomm_send_disc(s, d->dlci);
441 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
443 rfcomm_queue_disc(d);
444 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
448 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
450 struct rfcomm_session *s = d->session;
454 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
455 d, d->state, d->dlci, err, s);
462 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
463 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
472 __rfcomm_dlc_disconn(d);
476 if (s->state != BT_BOUND) {
477 __rfcomm_dlc_disconn(d);
480 /* if closing a dlc in a session that hasn't been started,
481 * just close and unlink the dlc
485 rfcomm_dlc_clear_timer(d);
488 d->state = BT_CLOSED;
489 d->state_change(d, err);
490 rfcomm_dlc_unlock(d);
492 skb_queue_purge(&d->tx_queue);
493 rfcomm_dlc_unlink(d);
499 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
502 struct rfcomm_dlc *d_list;
503 struct rfcomm_session *s, *s_list;
505 BT_DBG("dlc %p state %ld dlci %d err %d", d, d->state, d->dlci, err);
513 /* after waiting on the mutex check the session still exists
514 * then check the dlc still exists
516 list_for_each_entry(s_list, &session_list, list) {
518 list_for_each_entry(d_list, &s->dlcs, list) {
520 r = __rfcomm_dlc_close(d, err);
533 struct rfcomm_dlc *rfcomm_dlc_exists(bdaddr_t *src, bdaddr_t *dst, u8 channel)
535 struct rfcomm_session *s;
536 struct rfcomm_dlc *dlc = NULL;
539 if (rfcomm_check_channel(channel))
540 return ERR_PTR(-EINVAL);
543 s = rfcomm_session_get(src, dst);
545 dlci = __dlci(!s->initiator, channel);
546 dlc = rfcomm_dlc_get(s, dlci);
552 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
556 if (d->state != BT_CONNECTED)
559 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
564 rfcomm_make_uih(skb, d->addr);
565 skb_queue_tail(&d->tx_queue, skb);
567 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
572 void rfcomm_dlc_send_noerror(struct rfcomm_dlc *d, struct sk_buff *skb)
576 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
578 rfcomm_make_uih(skb, d->addr);
579 skb_queue_tail(&d->tx_queue, skb);
581 if (d->state == BT_CONNECTED &&
582 !test_bit(RFCOMM_TX_THROTTLED, &d->flags))
586 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
588 BT_DBG("dlc %p state %ld", d, d->state);
591 d->v24_sig |= RFCOMM_V24_FC;
592 set_bit(RFCOMM_MSC_PENDING, &d->flags);
597 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
599 BT_DBG("dlc %p state %ld", d, d->state);
602 d->v24_sig &= ~RFCOMM_V24_FC;
603 set_bit(RFCOMM_MSC_PENDING, &d->flags);
609 Set/get modem status functions use _local_ status i.e. what we report
611 Remote status is provided by dlc->modem_status() callback.
613 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
615 BT_DBG("dlc %p state %ld v24_sig 0x%x",
616 d, d->state, v24_sig);
618 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
619 v24_sig |= RFCOMM_V24_FC;
621 v24_sig &= ~RFCOMM_V24_FC;
623 d->v24_sig = v24_sig;
625 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
631 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
633 BT_DBG("dlc %p state %ld v24_sig 0x%x",
634 d, d->state, d->v24_sig);
636 *v24_sig = d->v24_sig;
640 /* ---- RFCOMM sessions ---- */
641 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
643 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
648 BT_DBG("session %p sock %p", s, sock);
650 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
652 INIT_LIST_HEAD(&s->dlcs);
656 s->mtu = RFCOMM_DEFAULT_MTU;
657 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
659 /* Do not increment module usage count for listening sessions.
660 * Otherwise we won't be able to unload the module. */
661 if (state != BT_LISTEN)
662 if (!try_module_get(THIS_MODULE)) {
667 list_add(&s->list, &session_list);
672 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s)
674 int state = s->state;
676 BT_DBG("session %p state %ld", s, s->state);
680 rfcomm_session_clear_timer(s);
681 sock_release(s->sock);
684 if (state != BT_LISTEN)
685 module_put(THIS_MODULE);
690 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
692 struct rfcomm_session *s;
693 struct list_head *p, *n;
694 struct l2cap_chan *chan;
695 list_for_each_safe(p, n, &session_list) {
696 s = list_entry(p, struct rfcomm_session, list);
697 chan = l2cap_pi(s->sock->sk)->chan;
699 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&chan->src, src)) &&
700 !bacmp(&chan->dst, dst))
706 static struct rfcomm_session *rfcomm_session_close(struct rfcomm_session *s,
709 struct rfcomm_dlc *d;
710 struct list_head *p, *n;
712 s->state = BT_CLOSED;
714 BT_DBG("session %p state %ld err %d", s, s->state, err);
717 list_for_each_safe(p, n, &s->dlcs) {
718 d = list_entry(p, struct rfcomm_dlc, list);
719 d->state = BT_CLOSED;
720 __rfcomm_dlc_close(d, err);
723 rfcomm_session_clear_timer(s);
724 return rfcomm_session_del(s);
727 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
732 struct rfcomm_session *s = NULL;
733 struct sockaddr_l2 addr;
737 BT_DBG("%pMR -> %pMR", src, dst);
739 *err = rfcomm_l2sock_create(&sock);
743 bacpy(&addr.l2_bdaddr, src);
744 addr.l2_family = AF_BLUETOOTH;
747 addr.l2_bdaddr_type = BDADDR_BREDR;
748 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
752 /* Set L2CAP options */
755 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
756 l2cap_pi(sk)->chan->sec_level = sec_level;
758 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
761 s = rfcomm_session_add(sock, BT_BOUND);
769 bacpy(&addr.l2_bdaddr, dst);
770 addr.l2_family = AF_BLUETOOTH;
771 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
773 addr.l2_bdaddr_type = BDADDR_BREDR;
774 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
775 if (*err == 0 || *err == -EINPROGRESS)
778 return rfcomm_session_del(s);
785 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
787 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
789 bacpy(src, &chan->src);
791 bacpy(dst, &chan->dst);
794 /* ---- RFCOMM frame sending ---- */
795 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
797 struct kvec iv = { data, len };
800 BT_DBG("session %p len %d", s, len);
802 memset(&msg, 0, sizeof(msg));
804 return kernel_sendmsg(s->sock, &msg, &iv, 1, len);
807 static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd)
809 BT_DBG("%p cmd %u", s, cmd->ctrl);
811 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd));
814 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
816 struct rfcomm_cmd cmd;
818 BT_DBG("%p dlci %d", s, dlci);
820 cmd.addr = __addr(s->initiator, dlci);
821 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
823 cmd.fcs = __fcs2((u8 *) &cmd);
825 return rfcomm_send_cmd(s, &cmd);
828 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
830 struct rfcomm_cmd cmd;
832 BT_DBG("%p dlci %d", s, dlci);
834 cmd.addr = __addr(!s->initiator, dlci);
835 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
837 cmd.fcs = __fcs2((u8 *) &cmd);
839 return rfcomm_send_cmd(s, &cmd);
842 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
844 struct rfcomm_cmd cmd;
846 BT_DBG("%p dlci %d", s, dlci);
848 cmd.addr = __addr(s->initiator, dlci);
849 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
851 cmd.fcs = __fcs2((u8 *) &cmd);
853 return rfcomm_send_cmd(s, &cmd);
856 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
858 struct rfcomm_cmd *cmd;
861 BT_DBG("dlc %p dlci %d", d, d->dlci);
863 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
867 cmd = (void *) __skb_put(skb, sizeof(*cmd));
869 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
870 cmd->len = __len8(0);
871 cmd->fcs = __fcs2((u8 *) cmd);
873 skb_queue_tail(&d->tx_queue, skb);
878 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
880 struct rfcomm_cmd cmd;
882 BT_DBG("%p dlci %d", s, dlci);
884 cmd.addr = __addr(!s->initiator, dlci);
885 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
887 cmd.fcs = __fcs2((u8 *) &cmd);
889 return rfcomm_send_cmd(s, &cmd);
892 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
894 struct rfcomm_hdr *hdr;
895 struct rfcomm_mcc *mcc;
896 u8 buf[16], *ptr = buf;
898 BT_DBG("%p cr %d type %d", s, cr, type);
900 hdr = (void *) ptr; ptr += sizeof(*hdr);
901 hdr->addr = __addr(s->initiator, 0);
902 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
903 hdr->len = __len8(sizeof(*mcc) + 1);
905 mcc = (void *) ptr; ptr += sizeof(*mcc);
906 mcc->type = __mcc_type(cr, RFCOMM_NSC);
907 mcc->len = __len8(1);
909 /* Type that we didn't like */
910 *ptr = __mcc_type(cr, type); ptr++;
912 *ptr = __fcs(buf); ptr++;
914 return rfcomm_send_frame(s, buf, ptr - buf);
917 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
919 struct rfcomm_hdr *hdr;
920 struct rfcomm_mcc *mcc;
921 struct rfcomm_pn *pn;
922 u8 buf[16], *ptr = buf;
924 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
926 hdr = (void *) ptr; ptr += sizeof(*hdr);
927 hdr->addr = __addr(s->initiator, 0);
928 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
929 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
931 mcc = (void *) ptr; ptr += sizeof(*mcc);
932 mcc->type = __mcc_type(cr, RFCOMM_PN);
933 mcc->len = __len8(sizeof(*pn));
935 pn = (void *) ptr; ptr += sizeof(*pn);
937 pn->priority = d->priority;
942 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
943 pn->credits = RFCOMM_DEFAULT_CREDITS;
949 if (cr && channel_mtu >= 0)
950 pn->mtu = cpu_to_le16(channel_mtu);
952 pn->mtu = cpu_to_le16(d->mtu);
954 *ptr = __fcs(buf); ptr++;
956 return rfcomm_send_frame(s, buf, ptr - buf);
959 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
960 u8 bit_rate, u8 data_bits, u8 stop_bits,
961 u8 parity, u8 flow_ctrl_settings,
962 u8 xon_char, u8 xoff_char, u16 param_mask)
964 struct rfcomm_hdr *hdr;
965 struct rfcomm_mcc *mcc;
966 struct rfcomm_rpn *rpn;
967 u8 buf[16], *ptr = buf;
969 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
970 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
971 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
972 flow_ctrl_settings, xon_char, xoff_char, param_mask);
974 hdr = (void *) ptr; ptr += sizeof(*hdr);
975 hdr->addr = __addr(s->initiator, 0);
976 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
977 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
979 mcc = (void *) ptr; ptr += sizeof(*mcc);
980 mcc->type = __mcc_type(cr, RFCOMM_RPN);
981 mcc->len = __len8(sizeof(*rpn));
983 rpn = (void *) ptr; ptr += sizeof(*rpn);
984 rpn->dlci = __addr(1, dlci);
985 rpn->bit_rate = bit_rate;
986 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
987 rpn->flow_ctrl = flow_ctrl_settings;
988 rpn->xon_char = xon_char;
989 rpn->xoff_char = xoff_char;
990 rpn->param_mask = cpu_to_le16(param_mask);
992 *ptr = __fcs(buf); ptr++;
994 return rfcomm_send_frame(s, buf, ptr - buf);
997 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
999 struct rfcomm_hdr *hdr;
1000 struct rfcomm_mcc *mcc;
1001 struct rfcomm_rls *rls;
1002 u8 buf[16], *ptr = buf;
1004 BT_DBG("%p cr %d status 0x%x", s, cr, status);
1006 hdr = (void *) ptr; ptr += sizeof(*hdr);
1007 hdr->addr = __addr(s->initiator, 0);
1008 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1009 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
1011 mcc = (void *) ptr; ptr += sizeof(*mcc);
1012 mcc->type = __mcc_type(cr, RFCOMM_RLS);
1013 mcc->len = __len8(sizeof(*rls));
1015 rls = (void *) ptr; ptr += sizeof(*rls);
1016 rls->dlci = __addr(1, dlci);
1017 rls->status = status;
1019 *ptr = __fcs(buf); ptr++;
1021 return rfcomm_send_frame(s, buf, ptr - buf);
1024 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
1026 struct rfcomm_hdr *hdr;
1027 struct rfcomm_mcc *mcc;
1028 struct rfcomm_msc *msc;
1029 u8 buf[16], *ptr = buf;
1031 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
1033 hdr = (void *) ptr; ptr += sizeof(*hdr);
1034 hdr->addr = __addr(s->initiator, 0);
1035 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1036 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
1038 mcc = (void *) ptr; ptr += sizeof(*mcc);
1039 mcc->type = __mcc_type(cr, RFCOMM_MSC);
1040 mcc->len = __len8(sizeof(*msc));
1042 msc = (void *) ptr; ptr += sizeof(*msc);
1043 msc->dlci = __addr(1, dlci);
1044 msc->v24_sig = v24_sig | 0x01;
1046 *ptr = __fcs(buf); ptr++;
1048 return rfcomm_send_frame(s, buf, ptr - buf);
1051 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
1053 struct rfcomm_hdr *hdr;
1054 struct rfcomm_mcc *mcc;
1055 u8 buf[16], *ptr = buf;
1057 BT_DBG("%p cr %d", s, cr);
1059 hdr = (void *) ptr; ptr += sizeof(*hdr);
1060 hdr->addr = __addr(s->initiator, 0);
1061 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1062 hdr->len = __len8(sizeof(*mcc));
1064 mcc = (void *) ptr; ptr += sizeof(*mcc);
1065 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1066 mcc->len = __len8(0);
1068 *ptr = __fcs(buf); ptr++;
1070 return rfcomm_send_frame(s, buf, ptr - buf);
1073 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1075 struct rfcomm_hdr *hdr;
1076 struct rfcomm_mcc *mcc;
1077 u8 buf[16], *ptr = buf;
1079 BT_DBG("%p cr %d", s, cr);
1081 hdr = (void *) ptr; ptr += sizeof(*hdr);
1082 hdr->addr = __addr(s->initiator, 0);
1083 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1084 hdr->len = __len8(sizeof(*mcc));
1086 mcc = (void *) ptr; ptr += sizeof(*mcc);
1087 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1088 mcc->len = __len8(0);
1090 *ptr = __fcs(buf); ptr++;
1092 return rfcomm_send_frame(s, buf, ptr - buf);
1095 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1097 struct socket *sock = s->sock;
1100 unsigned char hdr[5], crc[1];
1105 BT_DBG("%p cr %d", s, cr);
1107 hdr[0] = __addr(s->initiator, 0);
1108 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1109 hdr[2] = 0x01 | ((len + 2) << 1);
1110 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1111 hdr[4] = 0x01 | (len << 1);
1113 crc[0] = __fcs(hdr);
1115 iv[0].iov_base = hdr;
1117 iv[1].iov_base = pattern;
1118 iv[1].iov_len = len;
1119 iv[2].iov_base = crc;
1122 memset(&msg, 0, sizeof(msg));
1124 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1127 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1129 struct rfcomm_hdr *hdr;
1130 u8 buf[16], *ptr = buf;
1132 BT_DBG("%p addr %d credits %d", s, addr, credits);
1134 hdr = (void *) ptr; ptr += sizeof(*hdr);
1136 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1137 hdr->len = __len8(0);
1139 *ptr = credits; ptr++;
1141 *ptr = __fcs(buf); ptr++;
1143 return rfcomm_send_frame(s, buf, ptr - buf);
1146 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1148 struct rfcomm_hdr *hdr;
1153 hdr = (void *) skb_push(skb, 4);
1154 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1156 hdr = (void *) skb_push(skb, 3);
1157 hdr->len = __len8(len);
1160 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1162 crc = skb_put(skb, 1);
1163 *crc = __fcs((void *) hdr);
1166 /* ---- RFCOMM frame reception ---- */
1167 static struct rfcomm_session *rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1169 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1173 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1175 rfcomm_send_dm(s, dlci);
1181 rfcomm_dlc_clear_timer(d);
1184 d->state = BT_CONNECTED;
1185 d->state_change(d, 0);
1186 rfcomm_dlc_unlock(d);
1188 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1192 d->state = BT_CLOSED;
1193 __rfcomm_dlc_close(d, 0);
1195 if (list_empty(&s->dlcs)) {
1196 s->state = BT_DISCONN;
1197 rfcomm_send_disc(s, 0);
1198 rfcomm_session_clear_timer(s);
1204 /* Control channel */
1207 s->state = BT_CONNECTED;
1208 rfcomm_process_connect(s);
1212 s = rfcomm_session_close(s, ECONNRESET);
1219 static struct rfcomm_session *rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1223 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1227 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1229 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1234 d->state = BT_CLOSED;
1235 __rfcomm_dlc_close(d, err);
1238 if (s->state == BT_CONNECT)
1243 s = rfcomm_session_close(s, err);
1248 static struct rfcomm_session *rfcomm_recv_disc(struct rfcomm_session *s,
1253 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1256 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1258 rfcomm_send_ua(s, dlci);
1260 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1265 d->state = BT_CLOSED;
1266 __rfcomm_dlc_close(d, err);
1268 rfcomm_send_dm(s, dlci);
1271 rfcomm_send_ua(s, 0);
1273 if (s->state == BT_CONNECT)
1278 s = rfcomm_session_close(s, err);
1283 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1285 struct sock *sk = d->session->sock->sk;
1286 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1288 BT_DBG("dlc %p", d);
1290 rfcomm_send_ua(d->session, d->dlci);
1292 rfcomm_dlc_clear_timer(d);
1295 d->state = BT_CONNECTED;
1296 d->state_change(d, 0);
1297 rfcomm_dlc_unlock(d);
1300 hci_conn_switch_role(conn->hcon, 0x00);
1302 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1305 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1307 if (rfcomm_check_security(d)) {
1308 if (d->defer_setup) {
1309 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1310 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1313 d->state = BT_CONNECT2;
1314 d->state_change(d, 0);
1315 rfcomm_dlc_unlock(d);
1317 rfcomm_dlc_accept(d);
1319 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1320 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1324 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1326 struct rfcomm_dlc *d;
1329 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1332 rfcomm_send_ua(s, 0);
1334 if (s->state == BT_OPEN) {
1335 s->state = BT_CONNECTED;
1336 rfcomm_process_connect(s);
1341 /* Check if DLC exists */
1342 d = rfcomm_dlc_get(s, dlci);
1344 if (d->state == BT_OPEN) {
1345 /* DLC was previously opened by PN request */
1346 rfcomm_check_accept(d);
1351 /* Notify socket layer about incoming connection */
1352 channel = __srv_channel(dlci);
1353 if (rfcomm_connect_ind(s, channel, &d)) {
1355 d->addr = __addr(s->initiator, dlci);
1356 rfcomm_dlc_link(s, d);
1358 rfcomm_check_accept(d);
1360 rfcomm_send_dm(s, dlci);
1366 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1368 struct rfcomm_session *s = d->session;
1370 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1371 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1373 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1374 pn->flow_ctrl == 0xe0) {
1375 d->cfc = RFCOMM_CFC_ENABLED;
1376 d->tx_credits = pn->credits;
1378 d->cfc = RFCOMM_CFC_DISABLED;
1379 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1382 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1385 d->priority = pn->priority;
1387 d->mtu = __le16_to_cpu(pn->mtu);
1389 if (cr && d->mtu > s->mtu)
1395 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1397 struct rfcomm_pn *pn = (void *) skb->data;
1398 struct rfcomm_dlc *d;
1401 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1406 d = rfcomm_dlc_get(s, dlci);
1410 rfcomm_apply_pn(d, cr, pn);
1411 rfcomm_send_pn(s, 0, d);
1416 rfcomm_apply_pn(d, cr, pn);
1418 d->state = BT_CONNECT;
1419 rfcomm_send_sabm(s, d->dlci);
1424 u8 channel = __srv_channel(dlci);
1429 /* PN request for non existing DLC.
1430 * Assume incoming connection. */
1431 if (rfcomm_connect_ind(s, channel, &d)) {
1433 d->addr = __addr(s->initiator, dlci);
1434 rfcomm_dlc_link(s, d);
1436 rfcomm_apply_pn(d, cr, pn);
1439 rfcomm_send_pn(s, 0, d);
1441 rfcomm_send_dm(s, dlci);
1447 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1449 struct rfcomm_rpn *rpn = (void *) skb->data;
1450 u8 dlci = __get_dlci(rpn->dlci);
1459 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1461 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1462 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1463 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1469 /* This is a request, return default (according to ETSI TS 07.10) settings */
1470 bit_rate = RFCOMM_RPN_BR_9600;
1471 data_bits = RFCOMM_RPN_DATA_8;
1472 stop_bits = RFCOMM_RPN_STOP_1;
1473 parity = RFCOMM_RPN_PARITY_NONE;
1474 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1475 xon_char = RFCOMM_RPN_XON_CHAR;
1476 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1480 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1481 * no parity, no flow control lines, normal XON/XOFF chars */
1483 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1484 bit_rate = rpn->bit_rate;
1485 if (bit_rate > RFCOMM_RPN_BR_230400) {
1486 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1487 bit_rate = RFCOMM_RPN_BR_9600;
1488 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1492 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1493 data_bits = __get_rpn_data_bits(rpn->line_settings);
1494 if (data_bits != RFCOMM_RPN_DATA_8) {
1495 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1496 data_bits = RFCOMM_RPN_DATA_8;
1497 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1501 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1502 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1503 if (stop_bits != RFCOMM_RPN_STOP_1) {
1504 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1505 stop_bits = RFCOMM_RPN_STOP_1;
1506 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1510 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1511 parity = __get_rpn_parity(rpn->line_settings);
1512 if (parity != RFCOMM_RPN_PARITY_NONE) {
1513 BT_DBG("RPN parity mismatch 0x%x", parity);
1514 parity = RFCOMM_RPN_PARITY_NONE;
1515 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1519 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1520 flow_ctrl = rpn->flow_ctrl;
1521 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1522 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1523 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1524 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1528 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1529 xon_char = rpn->xon_char;
1530 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1531 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1532 xon_char = RFCOMM_RPN_XON_CHAR;
1533 rpn_mask ^= RFCOMM_RPN_PM_XON;
1537 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1538 xoff_char = rpn->xoff_char;
1539 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1540 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1541 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1542 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1547 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1548 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1553 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1555 struct rfcomm_rls *rls = (void *) skb->data;
1556 u8 dlci = __get_dlci(rls->dlci);
1558 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1563 /* We should probably do something with this information here. But
1564 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1565 * mandatory to recognise and respond to RLS */
1567 rfcomm_send_rls(s, 0, dlci, rls->status);
1572 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1574 struct rfcomm_msc *msc = (void *) skb->data;
1575 struct rfcomm_dlc *d;
1576 u8 dlci = __get_dlci(msc->dlci);
1578 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1580 d = rfcomm_dlc_get(s, dlci);
1585 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1586 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1588 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1592 d->remote_v24_sig = msc->v24_sig;
1594 if (d->modem_status)
1595 d->modem_status(d, msc->v24_sig);
1597 rfcomm_dlc_unlock(d);
1599 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1601 d->mscex |= RFCOMM_MSCEX_RX;
1603 d->mscex |= RFCOMM_MSCEX_TX;
1608 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1610 struct rfcomm_mcc *mcc = (void *) skb->data;
1613 cr = __test_cr(mcc->type);
1614 type = __get_mcc_type(mcc->type);
1615 len = __get_mcc_len(mcc->len);
1617 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1623 rfcomm_recv_pn(s, cr, skb);
1627 rfcomm_recv_rpn(s, cr, len, skb);
1631 rfcomm_recv_rls(s, cr, skb);
1635 rfcomm_recv_msc(s, cr, skb);
1640 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1641 rfcomm_send_fcoff(s, 0);
1647 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1648 rfcomm_send_fcon(s, 0);
1654 rfcomm_send_test(s, 0, skb->data, skb->len);
1661 BT_ERR("Unknown control type 0x%02x", type);
1662 rfcomm_send_nsc(s, cr, type);
1668 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1670 struct rfcomm_dlc *d;
1672 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1674 d = rfcomm_dlc_get(s, dlci);
1676 rfcomm_send_dm(s, dlci);
1681 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1683 d->tx_credits += credits;
1685 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1688 if (skb->len && d->state == BT_CONNECTED) {
1691 d->data_ready(d, skb);
1692 rfcomm_dlc_unlock(d);
1701 static struct rfcomm_session *rfcomm_recv_frame(struct rfcomm_session *s,
1702 struct sk_buff *skb)
1704 struct rfcomm_hdr *hdr = (void *) skb->data;
1708 /* no session, so free socket data */
1713 dlci = __get_dlci(hdr->addr);
1714 type = __get_type(hdr->ctrl);
1717 skb->len--; skb->tail--;
1718 fcs = *(u8 *)skb_tail_pointer(skb);
1720 if (__check_fcs(skb->data, type, fcs)) {
1721 BT_ERR("bad checksum in packet");
1726 if (__test_ea(hdr->len))
1733 if (__test_pf(hdr->ctrl))
1734 rfcomm_recv_sabm(s, dlci);
1738 if (__test_pf(hdr->ctrl))
1739 s = rfcomm_recv_disc(s, dlci);
1743 if (__test_pf(hdr->ctrl))
1744 s = rfcomm_recv_ua(s, dlci);
1748 s = rfcomm_recv_dm(s, dlci);
1753 rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1756 rfcomm_recv_mcc(s, skb);
1760 BT_ERR("Unknown packet type 0x%02x", type);
1767 /* ---- Connection and data processing ---- */
1769 static void rfcomm_process_connect(struct rfcomm_session *s)
1771 struct rfcomm_dlc *d;
1772 struct list_head *p, *n;
1774 BT_DBG("session %p state %ld", s, s->state);
1776 list_for_each_safe(p, n, &s->dlcs) {
1777 d = list_entry(p, struct rfcomm_dlc, list);
1778 if (d->state == BT_CONFIG) {
1780 if (rfcomm_check_security(d)) {
1781 rfcomm_send_pn(s, 1, d);
1783 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1784 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1790 /* Send data queued for the DLC.
1791 * Return number of frames left in the queue.
1793 static int rfcomm_process_tx(struct rfcomm_dlc *d)
1795 struct sk_buff *skb;
1798 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1799 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1801 /* Send pending MSC */
1802 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1803 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1807 * Give them some credits */
1808 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1809 d->rx_credits <= (d->cfc >> 2)) {
1810 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1811 d->rx_credits = d->cfc;
1815 * Give ourselves some credits */
1819 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1820 return skb_queue_len(&d->tx_queue);
1822 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1823 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1825 skb_queue_head(&d->tx_queue, skb);
1832 if (d->cfc && !d->tx_credits) {
1833 /* We're out of TX credits.
1834 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1835 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1838 return skb_queue_len(&d->tx_queue);
1841 static void rfcomm_process_dlcs(struct rfcomm_session *s)
1843 struct rfcomm_dlc *d;
1844 struct list_head *p, *n;
1846 BT_DBG("session %p state %ld", s, s->state);
1848 list_for_each_safe(p, n, &s->dlcs) {
1849 d = list_entry(p, struct rfcomm_dlc, list);
1851 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1852 __rfcomm_dlc_close(d, ETIMEDOUT);
1856 if (test_bit(RFCOMM_ENC_DROP, &d->flags)) {
1857 __rfcomm_dlc_close(d, ECONNREFUSED);
1861 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1862 rfcomm_dlc_clear_timer(d);
1864 rfcomm_send_pn(s, 1, d);
1865 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1867 if (d->defer_setup) {
1868 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1869 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1872 d->state = BT_CONNECT2;
1873 d->state_change(d, 0);
1874 rfcomm_dlc_unlock(d);
1876 rfcomm_dlc_accept(d);
1879 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1880 rfcomm_dlc_clear_timer(d);
1882 rfcomm_send_dm(s, d->dlci);
1884 d->state = BT_CLOSED;
1885 __rfcomm_dlc_close(d, ECONNREFUSED);
1889 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1892 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1895 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1896 d->mscex == RFCOMM_MSCEX_OK)
1897 rfcomm_process_tx(d);
1901 static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s)
1903 struct socket *sock = s->sock;
1904 struct sock *sk = sock->sk;
1905 struct sk_buff *skb;
1907 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1909 /* Get data directly from socket receive queue without copying it. */
1910 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1912 if (!skb_linearize(skb))
1913 s = rfcomm_recv_frame(s, skb);
1918 if (s && (sk->sk_state == BT_CLOSED))
1919 s = rfcomm_session_close(s, sk->sk_err);
1924 static void rfcomm_accept_connection(struct rfcomm_session *s)
1926 struct socket *sock = s->sock, *nsock;
1929 /* Fast check for a new connection.
1930 * Avoids unnesesary socket allocations. */
1931 if (list_empty(&bt_sk(sock->sk)->accept_q))
1934 BT_DBG("session %p", s);
1936 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1940 /* Set our callbacks */
1941 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1942 nsock->sk->sk_state_change = rfcomm_l2state_change;
1944 s = rfcomm_session_add(nsock, BT_OPEN);
1946 /* We should adjust MTU on incoming sessions.
1947 * L2CAP MTU minus UIH header and FCS. */
1948 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1949 l2cap_pi(nsock->sk)->chan->imtu) - 5;
1953 sock_release(nsock);
1956 static struct rfcomm_session *rfcomm_check_connection(struct rfcomm_session *s)
1958 struct sock *sk = s->sock->sk;
1960 BT_DBG("%p state %ld", s, s->state);
1962 switch (sk->sk_state) {
1964 s->state = BT_CONNECT;
1966 /* We can adjust MTU on outgoing sessions.
1967 * L2CAP MTU minus UIH header and FCS. */
1968 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
1970 rfcomm_send_sabm(s, 0);
1974 s = rfcomm_session_close(s, sk->sk_err);
1980 static void rfcomm_process_sessions(void)
1982 struct list_head *p, *n;
1986 list_for_each_safe(p, n, &session_list) {
1987 struct rfcomm_session *s;
1988 s = list_entry(p, struct rfcomm_session, list);
1990 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1991 s->state = BT_DISCONN;
1992 rfcomm_send_disc(s, 0);
1998 rfcomm_accept_connection(s);
2002 s = rfcomm_check_connection(s);
2006 s = rfcomm_process_rx(s);
2011 rfcomm_process_dlcs(s);
2017 static int rfcomm_add_listener(bdaddr_t *ba)
2019 struct sockaddr_l2 addr;
2020 struct socket *sock;
2022 struct rfcomm_session *s;
2026 err = rfcomm_l2sock_create(&sock);
2028 BT_ERR("Create socket failed %d", err);
2033 bacpy(&addr.l2_bdaddr, ba);
2034 addr.l2_family = AF_BLUETOOTH;
2035 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
2037 addr.l2_bdaddr_type = BDADDR_BREDR;
2038 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
2040 BT_ERR("Bind failed %d", err);
2044 /* Set L2CAP options */
2047 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
2050 /* Start listening on the socket */
2051 err = kernel_listen(sock, 10);
2053 BT_ERR("Listen failed %d", err);
2057 /* Add listening session */
2058 s = rfcomm_session_add(sock, BT_LISTEN);
2070 static void rfcomm_kill_listener(void)
2072 struct rfcomm_session *s;
2073 struct list_head *p, *n;
2077 list_for_each_safe(p, n, &session_list) {
2078 s = list_entry(p, struct rfcomm_session, list);
2079 rfcomm_session_del(s);
2083 static int rfcomm_run(void *unused)
2087 set_user_nice(current, -10);
2089 rfcomm_add_listener(BDADDR_ANY);
2092 set_current_state(TASK_INTERRUPTIBLE);
2094 if (kthread_should_stop())
2098 rfcomm_process_sessions();
2102 __set_current_state(TASK_RUNNING);
2104 rfcomm_kill_listener();
2109 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2111 struct rfcomm_session *s;
2112 struct rfcomm_dlc *d;
2113 struct list_head *p, *n;
2115 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2117 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2121 list_for_each_safe(p, n, &s->dlcs) {
2122 d = list_entry(p, struct rfcomm_dlc, list);
2124 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2125 rfcomm_dlc_clear_timer(d);
2126 if (status || encrypt == 0x00) {
2127 set_bit(RFCOMM_ENC_DROP, &d->flags);
2132 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2133 if (d->sec_level == BT_SECURITY_MEDIUM) {
2134 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2135 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2137 } else if (d->sec_level == BT_SECURITY_HIGH ||
2138 d->sec_level == BT_SECURITY_FIPS) {
2139 set_bit(RFCOMM_ENC_DROP, &d->flags);
2144 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2147 if (!status && hci_conn_check_secure(conn, d->sec_level))
2148 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2150 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2156 static struct hci_cb rfcomm_cb = {
2158 .security_cfm = rfcomm_security_cfm
2161 static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2163 struct rfcomm_session *s;
2167 list_for_each_entry(s, &session_list, list) {
2168 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
2169 struct rfcomm_dlc *d;
2170 list_for_each_entry(d, &s->dlcs, list) {
2171 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n",
2172 &chan->src, &chan->dst,
2173 d->state, d->dlci, d->mtu,
2174 d->rx_credits, d->tx_credits);
2183 static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file)
2185 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private);
2188 static const struct file_operations rfcomm_dlc_debugfs_fops = {
2189 .open = rfcomm_dlc_debugfs_open,
2191 .llseek = seq_lseek,
2192 .release = single_release,
2195 static struct dentry *rfcomm_dlc_debugfs;
2197 /* ---- Initialization ---- */
2198 static int __init rfcomm_init(void)
2202 hci_register_cb(&rfcomm_cb);
2204 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2205 if (IS_ERR(rfcomm_thread)) {
2206 err = PTR_ERR(rfcomm_thread);
2210 err = rfcomm_init_ttys();
2214 err = rfcomm_init_sockets();
2218 BT_INFO("RFCOMM ver %s", VERSION);
2220 if (IS_ERR_OR_NULL(bt_debugfs))
2223 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2225 &rfcomm_dlc_debugfs_fops);
2230 rfcomm_cleanup_ttys();
2233 kthread_stop(rfcomm_thread);
2236 hci_unregister_cb(&rfcomm_cb);
2241 static void __exit rfcomm_exit(void)
2243 debugfs_remove(rfcomm_dlc_debugfs);
2245 hci_unregister_cb(&rfcomm_cb);
2247 kthread_stop(rfcomm_thread);
2249 rfcomm_cleanup_ttys();
2251 rfcomm_cleanup_sockets();
2254 module_init(rfcomm_init);
2255 module_exit(rfcomm_exit);
2257 module_param(disable_cfc, bool, 0644);
2258 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2260 module_param(channel_mtu, int, 0644);
2261 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2263 module_param(l2cap_mtu, uint, 0644);
2264 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2266 module_param(l2cap_ertm, bool, 0644);
2267 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2269 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2270 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2271 MODULE_VERSION(VERSION);
2272 MODULE_LICENSE("GPL");
2273 MODULE_ALIAS("bt-proto-3");
git.samba.org / sfrench / cifs-2.6.git / blob