2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
28 #include <linux/module.h>
29 #include <linux/debugfs.h>
30 #include <linux/kthread.h>
31 #include <asm/unaligned.h>
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35 #include <net/bluetooth/l2cap.h>
36 #include <net/bluetooth/rfcomm.h>
38 #define VERSION "1.11"
40 static bool disable_cfc;
41 static bool l2cap_ertm;
42 static int channel_mtu = -1;
43 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
45 static struct task_struct *rfcomm_thread;
47 static DEFINE_MUTEX(rfcomm_mutex);
48 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
49 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
52 static LIST_HEAD(session_list);
54 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
55 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
56 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
57 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
58 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
59 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
60 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
61 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
62 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
63 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
65 static void rfcomm_process_connect(struct rfcomm_session *s);
67 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
71 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
72 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s);
74 /* ---- RFCOMM frame parsing macros ---- */
75 #define __get_dlci(b) ((b & 0xfc) >> 2)
76 #define __get_channel(b) ((b & 0xf8) >> 3)
77 #define __get_dir(b) ((b & 0x04) >> 2)
78 #define __get_type(b) ((b & 0xef))
80 #define __test_ea(b) ((b & 0x01))
81 #define __test_cr(b) ((b & 0x02))
82 #define __test_pf(b) ((b & 0x10))
84 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
85 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
86 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
87 #define __srv_channel(dlci) (dlci >> 1)
88 #define __dir(dlci) (dlci & 0x01)
90 #define __len8(len) (((len) << 1) | 1)
91 #define __len16(len) ((len) << 1)
94 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
95 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
96 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
99 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
100 #define __get_rpn_data_bits(line) ((line) & 0x3)
101 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
102 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
104 static void rfcomm_schedule(void)
108 wake_up_process(rfcomm_thread);
111 /* ---- RFCOMM FCS computation ---- */
113 /* reversed, 8-bit, poly=0x07 */
114 static unsigned char rfcomm_crc_table[256] = {
115 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
116 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
117 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
118 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
120 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
121 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
122 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
123 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
125 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
126 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
127 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
128 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
130 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
131 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
132 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
133 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
135 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
136 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
137 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
138 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
140 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
141 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
142 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
143 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
145 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
146 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
147 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
148 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
150 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
151 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
152 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
153 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
157 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
160 static inline u8 __fcs(u8 *data)
162 return 0xff - __crc(data);
166 static inline u8 __fcs2(u8 *data)
168 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
172 static inline int __check_fcs(u8 *data, int type, u8 fcs)
176 if (type != RFCOMM_UIH)
177 f = rfcomm_crc_table[f ^ data[2]];
179 return rfcomm_crc_table[f ^ fcs] != 0xcf;
182 /* ---- L2CAP callbacks ---- */
183 static void rfcomm_l2state_change(struct sock *sk)
185 BT_DBG("%p state %d", sk, sk->sk_state);
189 static void rfcomm_l2data_ready(struct sock *sk)
195 static int rfcomm_l2sock_create(struct socket **sock)
201 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
203 struct sock *sk = (*sock)->sk;
204 sk->sk_data_ready = rfcomm_l2data_ready;
205 sk->sk_state_change = rfcomm_l2state_change;
210 static int rfcomm_check_security(struct rfcomm_dlc *d)
212 struct sock *sk = d->session->sock->sk;
213 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
217 switch (d->sec_level) {
218 case BT_SECURITY_HIGH:
219 case BT_SECURITY_FIPS:
220 auth_type = HCI_AT_GENERAL_BONDING_MITM;
222 case BT_SECURITY_MEDIUM:
223 auth_type = HCI_AT_GENERAL_BONDING;
226 auth_type = HCI_AT_NO_BONDING;
230 return hci_conn_security(conn->hcon, d->sec_level, auth_type,
234 static void rfcomm_session_timeout(unsigned long arg)
236 struct rfcomm_session *s = (void *) arg;
238 BT_DBG("session %p state %ld", s, s->state);
240 set_bit(RFCOMM_TIMED_OUT, &s->flags);
244 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
246 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
248 mod_timer(&s->timer, jiffies + timeout);
251 static void rfcomm_session_clear_timer(struct rfcomm_session *s)
253 BT_DBG("session %p state %ld", s, s->state);
255 del_timer_sync(&s->timer);
258 /* ---- RFCOMM DLCs ---- */
259 static void rfcomm_dlc_timeout(unsigned long arg)
261 struct rfcomm_dlc *d = (void *) arg;
263 BT_DBG("dlc %p state %ld", d, d->state);
265 set_bit(RFCOMM_TIMED_OUT, &d->flags);
270 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
272 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
274 if (!mod_timer(&d->timer, jiffies + timeout))
278 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
280 BT_DBG("dlc %p state %ld", d, d->state);
282 if (del_timer(&d->timer))
286 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
293 d->sec_level = BT_SECURITY_LOW;
294 d->mtu = RFCOMM_DEFAULT_MTU;
295 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
297 d->cfc = RFCOMM_CFC_DISABLED;
298 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
301 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
303 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
308 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
310 skb_queue_head_init(&d->tx_queue);
311 mutex_init(&d->lock);
312 atomic_set(&d->refcnt, 1);
314 rfcomm_dlc_clear_state(d);
321 void rfcomm_dlc_free(struct rfcomm_dlc *d)
325 skb_queue_purge(&d->tx_queue);
329 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
331 BT_DBG("dlc %p session %p", d, s);
333 rfcomm_session_clear_timer(s);
335 list_add(&d->list, &s->dlcs);
339 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
341 struct rfcomm_session *s = d->session;
343 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
349 if (list_empty(&s->dlcs))
350 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
353 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
355 struct rfcomm_dlc *d;
357 list_for_each_entry(d, &s->dlcs, list)
364 static int rfcomm_check_channel(u8 channel)
366 return channel < 1 || channel > 30;
369 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
371 struct rfcomm_session *s;
375 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d",
376 d, d->state, src, dst, channel);
378 if (rfcomm_check_channel(channel))
381 if (d->state != BT_OPEN && d->state != BT_CLOSED)
384 s = rfcomm_session_get(src, dst);
386 s = rfcomm_session_create(src, dst, d->sec_level, &err);
391 dlci = __dlci(!s->initiator, channel);
393 /* Check if DLCI already exists */
394 if (rfcomm_dlc_get(s, dlci))
397 rfcomm_dlc_clear_state(d);
400 d->addr = __addr(s->initiator, dlci);
403 d->state = BT_CONFIG;
404 rfcomm_dlc_link(s, d);
409 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
411 if (s->state == BT_CONNECTED) {
412 if (rfcomm_check_security(d))
413 rfcomm_send_pn(s, 1, d);
415 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
418 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
423 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
429 r = __rfcomm_dlc_open(d, src, dst, channel);
435 static void __rfcomm_dlc_disconn(struct rfcomm_dlc *d)
437 struct rfcomm_session *s = d->session;
439 d->state = BT_DISCONN;
440 if (skb_queue_empty(&d->tx_queue)) {
441 rfcomm_send_disc(s, d->dlci);
442 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
444 rfcomm_queue_disc(d);
445 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
449 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
451 struct rfcomm_session *s = d->session;
455 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
456 d, d->state, d->dlci, err, s);
463 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
464 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
473 __rfcomm_dlc_disconn(d);
477 if (s->state != BT_BOUND) {
478 __rfcomm_dlc_disconn(d);
481 /* if closing a dlc in a session that hasn't been started,
482 * just close and unlink the dlc
486 rfcomm_dlc_clear_timer(d);
489 d->state = BT_CLOSED;
490 d->state_change(d, err);
491 rfcomm_dlc_unlock(d);
493 skb_queue_purge(&d->tx_queue);
494 rfcomm_dlc_unlink(d);
500 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
503 struct rfcomm_dlc *d_list;
504 struct rfcomm_session *s, *s_list;
506 BT_DBG("dlc %p state %ld dlci %d err %d", d, d->state, d->dlci, err);
514 /* after waiting on the mutex check the session still exists
515 * then check the dlc still exists
517 list_for_each_entry(s_list, &session_list, list) {
519 list_for_each_entry(d_list, &s->dlcs, list) {
521 r = __rfcomm_dlc_close(d, err);
534 struct rfcomm_dlc *rfcomm_dlc_exists(bdaddr_t *src, bdaddr_t *dst, u8 channel)
536 struct rfcomm_session *s;
537 struct rfcomm_dlc *dlc = NULL;
540 if (rfcomm_check_channel(channel))
541 return ERR_PTR(-EINVAL);
544 s = rfcomm_session_get(src, dst);
546 dlci = __dlci(!s->initiator, channel);
547 dlc = rfcomm_dlc_get(s, dlci);
553 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
557 if (d->state != BT_CONNECTED)
560 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
565 rfcomm_make_uih(skb, d->addr);
566 skb_queue_tail(&d->tx_queue, skb);
568 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
573 void rfcomm_dlc_send_noerror(struct rfcomm_dlc *d, struct sk_buff *skb)
577 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
579 rfcomm_make_uih(skb, d->addr);
580 skb_queue_tail(&d->tx_queue, skb);
582 if (d->state == BT_CONNECTED &&
583 !test_bit(RFCOMM_TX_THROTTLED, &d->flags))
587 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
589 BT_DBG("dlc %p state %ld", d, d->state);
592 d->v24_sig |= RFCOMM_V24_FC;
593 set_bit(RFCOMM_MSC_PENDING, &d->flags);
598 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
600 BT_DBG("dlc %p state %ld", d, d->state);
603 d->v24_sig &= ~RFCOMM_V24_FC;
604 set_bit(RFCOMM_MSC_PENDING, &d->flags);
610 Set/get modem status functions use _local_ status i.e. what we report
612 Remote status is provided by dlc->modem_status() callback.
614 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
616 BT_DBG("dlc %p state %ld v24_sig 0x%x",
617 d, d->state, v24_sig);
619 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
620 v24_sig |= RFCOMM_V24_FC;
622 v24_sig &= ~RFCOMM_V24_FC;
624 d->v24_sig = v24_sig;
626 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
632 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
634 BT_DBG("dlc %p state %ld v24_sig 0x%x",
635 d, d->state, d->v24_sig);
637 *v24_sig = d->v24_sig;
641 /* ---- RFCOMM sessions ---- */
642 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
644 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
649 BT_DBG("session %p sock %p", s, sock);
651 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
653 INIT_LIST_HEAD(&s->dlcs);
657 s->mtu = RFCOMM_DEFAULT_MTU;
658 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
660 /* Do not increment module usage count for listening sessions.
661 * Otherwise we won't be able to unload the module. */
662 if (state != BT_LISTEN)
663 if (!try_module_get(THIS_MODULE)) {
668 list_add(&s->list, &session_list);
673 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s)
675 int state = s->state;
677 BT_DBG("session %p state %ld", s, s->state);
681 rfcomm_session_clear_timer(s);
682 sock_release(s->sock);
685 if (state != BT_LISTEN)
686 module_put(THIS_MODULE);
691 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
693 struct rfcomm_session *s;
694 struct list_head *p, *n;
695 struct l2cap_chan *chan;
696 list_for_each_safe(p, n, &session_list) {
697 s = list_entry(p, struct rfcomm_session, list);
698 chan = l2cap_pi(s->sock->sk)->chan;
700 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&chan->src, src)) &&
701 !bacmp(&chan->dst, dst))
707 static struct rfcomm_session *rfcomm_session_close(struct rfcomm_session *s,
710 struct rfcomm_dlc *d;
711 struct list_head *p, *n;
713 s->state = BT_CLOSED;
715 BT_DBG("session %p state %ld err %d", s, s->state, err);
718 list_for_each_safe(p, n, &s->dlcs) {
719 d = list_entry(p, struct rfcomm_dlc, list);
720 d->state = BT_CLOSED;
721 __rfcomm_dlc_close(d, err);
724 rfcomm_session_clear_timer(s);
725 return rfcomm_session_del(s);
728 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
733 struct rfcomm_session *s = NULL;
734 struct sockaddr_l2 addr;
738 BT_DBG("%pMR -> %pMR", src, dst);
740 *err = rfcomm_l2sock_create(&sock);
744 bacpy(&addr.l2_bdaddr, src);
745 addr.l2_family = AF_BLUETOOTH;
748 addr.l2_bdaddr_type = BDADDR_BREDR;
749 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
753 /* Set L2CAP options */
756 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
757 l2cap_pi(sk)->chan->sec_level = sec_level;
759 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
762 s = rfcomm_session_add(sock, BT_BOUND);
770 bacpy(&addr.l2_bdaddr, dst);
771 addr.l2_family = AF_BLUETOOTH;
772 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
774 addr.l2_bdaddr_type = BDADDR_BREDR;
775 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
776 if (*err == 0 || *err == -EINPROGRESS)
779 return rfcomm_session_del(s);
786 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
788 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
790 bacpy(src, &chan->src);
792 bacpy(dst, &chan->dst);
795 /* ---- RFCOMM frame sending ---- */
796 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
798 struct kvec iv = { data, len };
801 BT_DBG("session %p len %d", s, len);
803 memset(&msg, 0, sizeof(msg));
805 return kernel_sendmsg(s->sock, &msg, &iv, 1, len);
808 static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd)
810 BT_DBG("%p cmd %u", s, cmd->ctrl);
812 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd));
815 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
817 struct rfcomm_cmd cmd;
819 BT_DBG("%p dlci %d", s, dlci);
821 cmd.addr = __addr(s->initiator, dlci);
822 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
824 cmd.fcs = __fcs2((u8 *) &cmd);
826 return rfcomm_send_cmd(s, &cmd);
829 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
831 struct rfcomm_cmd cmd;
833 BT_DBG("%p dlci %d", s, dlci);
835 cmd.addr = __addr(!s->initiator, dlci);
836 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
838 cmd.fcs = __fcs2((u8 *) &cmd);
840 return rfcomm_send_cmd(s, &cmd);
843 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
845 struct rfcomm_cmd cmd;
847 BT_DBG("%p dlci %d", s, dlci);
849 cmd.addr = __addr(s->initiator, dlci);
850 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
852 cmd.fcs = __fcs2((u8 *) &cmd);
854 return rfcomm_send_cmd(s, &cmd);
857 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
859 struct rfcomm_cmd *cmd;
862 BT_DBG("dlc %p dlci %d", d, d->dlci);
864 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
868 cmd = (void *) __skb_put(skb, sizeof(*cmd));
870 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
871 cmd->len = __len8(0);
872 cmd->fcs = __fcs2((u8 *) cmd);
874 skb_queue_tail(&d->tx_queue, skb);
879 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
881 struct rfcomm_cmd cmd;
883 BT_DBG("%p dlci %d", s, dlci);
885 cmd.addr = __addr(!s->initiator, dlci);
886 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
888 cmd.fcs = __fcs2((u8 *) &cmd);
890 return rfcomm_send_cmd(s, &cmd);
893 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
895 struct rfcomm_hdr *hdr;
896 struct rfcomm_mcc *mcc;
897 u8 buf[16], *ptr = buf;
899 BT_DBG("%p cr %d type %d", s, cr, type);
901 hdr = (void *) ptr; ptr += sizeof(*hdr);
902 hdr->addr = __addr(s->initiator, 0);
903 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
904 hdr->len = __len8(sizeof(*mcc) + 1);
906 mcc = (void *) ptr; ptr += sizeof(*mcc);
907 mcc->type = __mcc_type(cr, RFCOMM_NSC);
908 mcc->len = __len8(1);
910 /* Type that we didn't like */
911 *ptr = __mcc_type(cr, type); ptr++;
913 *ptr = __fcs(buf); ptr++;
915 return rfcomm_send_frame(s, buf, ptr - buf);
918 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
920 struct rfcomm_hdr *hdr;
921 struct rfcomm_mcc *mcc;
922 struct rfcomm_pn *pn;
923 u8 buf[16], *ptr = buf;
925 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
927 hdr = (void *) ptr; ptr += sizeof(*hdr);
928 hdr->addr = __addr(s->initiator, 0);
929 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
930 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
932 mcc = (void *) ptr; ptr += sizeof(*mcc);
933 mcc->type = __mcc_type(cr, RFCOMM_PN);
934 mcc->len = __len8(sizeof(*pn));
936 pn = (void *) ptr; ptr += sizeof(*pn);
938 pn->priority = d->priority;
943 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
944 pn->credits = RFCOMM_DEFAULT_CREDITS;
950 if (cr && channel_mtu >= 0)
951 pn->mtu = cpu_to_le16(channel_mtu);
953 pn->mtu = cpu_to_le16(d->mtu);
955 *ptr = __fcs(buf); ptr++;
957 return rfcomm_send_frame(s, buf, ptr - buf);
960 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
961 u8 bit_rate, u8 data_bits, u8 stop_bits,
962 u8 parity, u8 flow_ctrl_settings,
963 u8 xon_char, u8 xoff_char, u16 param_mask)
965 struct rfcomm_hdr *hdr;
966 struct rfcomm_mcc *mcc;
967 struct rfcomm_rpn *rpn;
968 u8 buf[16], *ptr = buf;
970 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
971 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
972 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
973 flow_ctrl_settings, xon_char, xoff_char, param_mask);
975 hdr = (void *) ptr; ptr += sizeof(*hdr);
976 hdr->addr = __addr(s->initiator, 0);
977 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
978 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
980 mcc = (void *) ptr; ptr += sizeof(*mcc);
981 mcc->type = __mcc_type(cr, RFCOMM_RPN);
982 mcc->len = __len8(sizeof(*rpn));
984 rpn = (void *) ptr; ptr += sizeof(*rpn);
985 rpn->dlci = __addr(1, dlci);
986 rpn->bit_rate = bit_rate;
987 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
988 rpn->flow_ctrl = flow_ctrl_settings;
989 rpn->xon_char = xon_char;
990 rpn->xoff_char = xoff_char;
991 rpn->param_mask = cpu_to_le16(param_mask);
993 *ptr = __fcs(buf); ptr++;
995 return rfcomm_send_frame(s, buf, ptr - buf);
998 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
1000 struct rfcomm_hdr *hdr;
1001 struct rfcomm_mcc *mcc;
1002 struct rfcomm_rls *rls;
1003 u8 buf[16], *ptr = buf;
1005 BT_DBG("%p cr %d status 0x%x", s, cr, status);
1007 hdr = (void *) ptr; ptr += sizeof(*hdr);
1008 hdr->addr = __addr(s->initiator, 0);
1009 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1010 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
1012 mcc = (void *) ptr; ptr += sizeof(*mcc);
1013 mcc->type = __mcc_type(cr, RFCOMM_RLS);
1014 mcc->len = __len8(sizeof(*rls));
1016 rls = (void *) ptr; ptr += sizeof(*rls);
1017 rls->dlci = __addr(1, dlci);
1018 rls->status = status;
1020 *ptr = __fcs(buf); ptr++;
1022 return rfcomm_send_frame(s, buf, ptr - buf);
1025 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
1027 struct rfcomm_hdr *hdr;
1028 struct rfcomm_mcc *mcc;
1029 struct rfcomm_msc *msc;
1030 u8 buf[16], *ptr = buf;
1032 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
1034 hdr = (void *) ptr; ptr += sizeof(*hdr);
1035 hdr->addr = __addr(s->initiator, 0);
1036 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1037 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
1039 mcc = (void *) ptr; ptr += sizeof(*mcc);
1040 mcc->type = __mcc_type(cr, RFCOMM_MSC);
1041 mcc->len = __len8(sizeof(*msc));
1043 msc = (void *) ptr; ptr += sizeof(*msc);
1044 msc->dlci = __addr(1, dlci);
1045 msc->v24_sig = v24_sig | 0x01;
1047 *ptr = __fcs(buf); ptr++;
1049 return rfcomm_send_frame(s, buf, ptr - buf);
1052 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
1054 struct rfcomm_hdr *hdr;
1055 struct rfcomm_mcc *mcc;
1056 u8 buf[16], *ptr = buf;
1058 BT_DBG("%p cr %d", s, cr);
1060 hdr = (void *) ptr; ptr += sizeof(*hdr);
1061 hdr->addr = __addr(s->initiator, 0);
1062 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1063 hdr->len = __len8(sizeof(*mcc));
1065 mcc = (void *) ptr; ptr += sizeof(*mcc);
1066 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1067 mcc->len = __len8(0);
1069 *ptr = __fcs(buf); ptr++;
1071 return rfcomm_send_frame(s, buf, ptr - buf);
1074 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1076 struct rfcomm_hdr *hdr;
1077 struct rfcomm_mcc *mcc;
1078 u8 buf[16], *ptr = buf;
1080 BT_DBG("%p cr %d", s, cr);
1082 hdr = (void *) ptr; ptr += sizeof(*hdr);
1083 hdr->addr = __addr(s->initiator, 0);
1084 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1085 hdr->len = __len8(sizeof(*mcc));
1087 mcc = (void *) ptr; ptr += sizeof(*mcc);
1088 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1089 mcc->len = __len8(0);
1091 *ptr = __fcs(buf); ptr++;
1093 return rfcomm_send_frame(s, buf, ptr - buf);
1096 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1098 struct socket *sock = s->sock;
1101 unsigned char hdr[5], crc[1];
1106 BT_DBG("%p cr %d", s, cr);
1108 hdr[0] = __addr(s->initiator, 0);
1109 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1110 hdr[2] = 0x01 | ((len + 2) << 1);
1111 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1112 hdr[4] = 0x01 | (len << 1);
1114 crc[0] = __fcs(hdr);
1116 iv[0].iov_base = hdr;
1118 iv[1].iov_base = pattern;
1119 iv[1].iov_len = len;
1120 iv[2].iov_base = crc;
1123 memset(&msg, 0, sizeof(msg));
1125 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1128 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1130 struct rfcomm_hdr *hdr;
1131 u8 buf[16], *ptr = buf;
1133 BT_DBG("%p addr %d credits %d", s, addr, credits);
1135 hdr = (void *) ptr; ptr += sizeof(*hdr);
1137 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1138 hdr->len = __len8(0);
1140 *ptr = credits; ptr++;
1142 *ptr = __fcs(buf); ptr++;
1144 return rfcomm_send_frame(s, buf, ptr - buf);
1147 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1149 struct rfcomm_hdr *hdr;
1154 hdr = (void *) skb_push(skb, 4);
1155 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1157 hdr = (void *) skb_push(skb, 3);
1158 hdr->len = __len8(len);
1161 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1163 crc = skb_put(skb, 1);
1164 *crc = __fcs((void *) hdr);
1167 /* ---- RFCOMM frame reception ---- */
1168 static struct rfcomm_session *rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1170 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1174 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1176 rfcomm_send_dm(s, dlci);
1182 rfcomm_dlc_clear_timer(d);
1185 d->state = BT_CONNECTED;
1186 d->state_change(d, 0);
1187 rfcomm_dlc_unlock(d);
1189 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1193 d->state = BT_CLOSED;
1194 __rfcomm_dlc_close(d, 0);
1196 if (list_empty(&s->dlcs)) {
1197 s->state = BT_DISCONN;
1198 rfcomm_send_disc(s, 0);
1199 rfcomm_session_clear_timer(s);
1205 /* Control channel */
1208 s->state = BT_CONNECTED;
1209 rfcomm_process_connect(s);
1213 s = rfcomm_session_close(s, ECONNRESET);
1220 static struct rfcomm_session *rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1224 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1228 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1230 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1235 d->state = BT_CLOSED;
1236 __rfcomm_dlc_close(d, err);
1239 if (s->state == BT_CONNECT)
1244 s = rfcomm_session_close(s, err);
1249 static struct rfcomm_session *rfcomm_recv_disc(struct rfcomm_session *s,
1254 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1257 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1259 rfcomm_send_ua(s, dlci);
1261 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1266 d->state = BT_CLOSED;
1267 __rfcomm_dlc_close(d, err);
1269 rfcomm_send_dm(s, dlci);
1272 rfcomm_send_ua(s, 0);
1274 if (s->state == BT_CONNECT)
1279 s = rfcomm_session_close(s, err);
1284 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1286 struct sock *sk = d->session->sock->sk;
1287 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1289 BT_DBG("dlc %p", d);
1291 rfcomm_send_ua(d->session, d->dlci);
1293 rfcomm_dlc_clear_timer(d);
1296 d->state = BT_CONNECTED;
1297 d->state_change(d, 0);
1298 rfcomm_dlc_unlock(d);
1301 hci_conn_switch_role(conn->hcon, 0x00);
1303 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1306 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1308 if (rfcomm_check_security(d)) {
1309 if (d->defer_setup) {
1310 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1311 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1314 d->state = BT_CONNECT2;
1315 d->state_change(d, 0);
1316 rfcomm_dlc_unlock(d);
1318 rfcomm_dlc_accept(d);
1320 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1321 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1325 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1327 struct rfcomm_dlc *d;
1330 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1333 rfcomm_send_ua(s, 0);
1335 if (s->state == BT_OPEN) {
1336 s->state = BT_CONNECTED;
1337 rfcomm_process_connect(s);
1342 /* Check if DLC exists */
1343 d = rfcomm_dlc_get(s, dlci);
1345 if (d->state == BT_OPEN) {
1346 /* DLC was previously opened by PN request */
1347 rfcomm_check_accept(d);
1352 /* Notify socket layer about incoming connection */
1353 channel = __srv_channel(dlci);
1354 if (rfcomm_connect_ind(s, channel, &d)) {
1356 d->addr = __addr(s->initiator, dlci);
1357 rfcomm_dlc_link(s, d);
1359 rfcomm_check_accept(d);
1361 rfcomm_send_dm(s, dlci);
1367 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1369 struct rfcomm_session *s = d->session;
1371 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1372 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1374 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1375 pn->flow_ctrl == 0xe0) {
1376 d->cfc = RFCOMM_CFC_ENABLED;
1377 d->tx_credits = pn->credits;
1379 d->cfc = RFCOMM_CFC_DISABLED;
1380 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1383 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1386 d->priority = pn->priority;
1388 d->mtu = __le16_to_cpu(pn->mtu);
1390 if (cr && d->mtu > s->mtu)
1396 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1398 struct rfcomm_pn *pn = (void *) skb->data;
1399 struct rfcomm_dlc *d;
1402 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1407 d = rfcomm_dlc_get(s, dlci);
1411 rfcomm_apply_pn(d, cr, pn);
1412 rfcomm_send_pn(s, 0, d);
1417 rfcomm_apply_pn(d, cr, pn);
1419 d->state = BT_CONNECT;
1420 rfcomm_send_sabm(s, d->dlci);
1425 u8 channel = __srv_channel(dlci);
1430 /* PN request for non existing DLC.
1431 * Assume incoming connection. */
1432 if (rfcomm_connect_ind(s, channel, &d)) {
1434 d->addr = __addr(s->initiator, dlci);
1435 rfcomm_dlc_link(s, d);
1437 rfcomm_apply_pn(d, cr, pn);
1440 rfcomm_send_pn(s, 0, d);
1442 rfcomm_send_dm(s, dlci);
1448 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1450 struct rfcomm_rpn *rpn = (void *) skb->data;
1451 u8 dlci = __get_dlci(rpn->dlci);
1460 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1462 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1463 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1464 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1470 /* This is a request, return default (according to ETSI TS 07.10) settings */
1471 bit_rate = RFCOMM_RPN_BR_9600;
1472 data_bits = RFCOMM_RPN_DATA_8;
1473 stop_bits = RFCOMM_RPN_STOP_1;
1474 parity = RFCOMM_RPN_PARITY_NONE;
1475 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1476 xon_char = RFCOMM_RPN_XON_CHAR;
1477 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1481 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1482 * no parity, no flow control lines, normal XON/XOFF chars */
1484 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1485 bit_rate = rpn->bit_rate;
1486 if (bit_rate > RFCOMM_RPN_BR_230400) {
1487 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1488 bit_rate = RFCOMM_RPN_BR_9600;
1489 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1493 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1494 data_bits = __get_rpn_data_bits(rpn->line_settings);
1495 if (data_bits != RFCOMM_RPN_DATA_8) {
1496 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1497 data_bits = RFCOMM_RPN_DATA_8;
1498 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1502 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1503 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1504 if (stop_bits != RFCOMM_RPN_STOP_1) {
1505 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1506 stop_bits = RFCOMM_RPN_STOP_1;
1507 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1511 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1512 parity = __get_rpn_parity(rpn->line_settings);
1513 if (parity != RFCOMM_RPN_PARITY_NONE) {
1514 BT_DBG("RPN parity mismatch 0x%x", parity);
1515 parity = RFCOMM_RPN_PARITY_NONE;
1516 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1520 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1521 flow_ctrl = rpn->flow_ctrl;
1522 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1523 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1524 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1525 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1529 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1530 xon_char = rpn->xon_char;
1531 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1532 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1533 xon_char = RFCOMM_RPN_XON_CHAR;
1534 rpn_mask ^= RFCOMM_RPN_PM_XON;
1538 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1539 xoff_char = rpn->xoff_char;
1540 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1541 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1542 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1543 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1548 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1549 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1554 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1556 struct rfcomm_rls *rls = (void *) skb->data;
1557 u8 dlci = __get_dlci(rls->dlci);
1559 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1564 /* We should probably do something with this information here. But
1565 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1566 * mandatory to recognise and respond to RLS */
1568 rfcomm_send_rls(s, 0, dlci, rls->status);
1573 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1575 struct rfcomm_msc *msc = (void *) skb->data;
1576 struct rfcomm_dlc *d;
1577 u8 dlci = __get_dlci(msc->dlci);
1579 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1581 d = rfcomm_dlc_get(s, dlci);
1586 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1587 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1589 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1593 d->remote_v24_sig = msc->v24_sig;
1595 if (d->modem_status)
1596 d->modem_status(d, msc->v24_sig);
1598 rfcomm_dlc_unlock(d);
1600 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1602 d->mscex |= RFCOMM_MSCEX_RX;
1604 d->mscex |= RFCOMM_MSCEX_TX;
1609 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1611 struct rfcomm_mcc *mcc = (void *) skb->data;
1614 cr = __test_cr(mcc->type);
1615 type = __get_mcc_type(mcc->type);
1616 len = __get_mcc_len(mcc->len);
1618 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1624 rfcomm_recv_pn(s, cr, skb);
1628 rfcomm_recv_rpn(s, cr, len, skb);
1632 rfcomm_recv_rls(s, cr, skb);
1636 rfcomm_recv_msc(s, cr, skb);
1641 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1642 rfcomm_send_fcoff(s, 0);
1648 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1649 rfcomm_send_fcon(s, 0);
1655 rfcomm_send_test(s, 0, skb->data, skb->len);
1662 BT_ERR("Unknown control type 0x%02x", type);
1663 rfcomm_send_nsc(s, cr, type);
1669 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1671 struct rfcomm_dlc *d;
1673 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1675 d = rfcomm_dlc_get(s, dlci);
1677 rfcomm_send_dm(s, dlci);
1682 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1684 d->tx_credits += credits;
1686 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1689 if (skb->len && d->state == BT_CONNECTED) {
1692 d->data_ready(d, skb);
1693 rfcomm_dlc_unlock(d);
1702 static struct rfcomm_session *rfcomm_recv_frame(struct rfcomm_session *s,
1703 struct sk_buff *skb)
1705 struct rfcomm_hdr *hdr = (void *) skb->data;
1709 /* no session, so free socket data */
1714 dlci = __get_dlci(hdr->addr);
1715 type = __get_type(hdr->ctrl);
1718 skb->len--; skb->tail--;
1719 fcs = *(u8 *)skb_tail_pointer(skb);
1721 if (__check_fcs(skb->data, type, fcs)) {
1722 BT_ERR("bad checksum in packet");
1727 if (__test_ea(hdr->len))
1734 if (__test_pf(hdr->ctrl))
1735 rfcomm_recv_sabm(s, dlci);
1739 if (__test_pf(hdr->ctrl))
1740 s = rfcomm_recv_disc(s, dlci);
1744 if (__test_pf(hdr->ctrl))
1745 s = rfcomm_recv_ua(s, dlci);
1749 s = rfcomm_recv_dm(s, dlci);
1754 rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1757 rfcomm_recv_mcc(s, skb);
1761 BT_ERR("Unknown packet type 0x%02x", type);
1768 /* ---- Connection and data processing ---- */
1770 static void rfcomm_process_connect(struct rfcomm_session *s)
1772 struct rfcomm_dlc *d;
1773 struct list_head *p, *n;
1775 BT_DBG("session %p state %ld", s, s->state);
1777 list_for_each_safe(p, n, &s->dlcs) {
1778 d = list_entry(p, struct rfcomm_dlc, list);
1779 if (d->state == BT_CONFIG) {
1781 if (rfcomm_check_security(d)) {
1782 rfcomm_send_pn(s, 1, d);
1784 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1785 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1791 /* Send data queued for the DLC.
1792 * Return number of frames left in the queue.
1794 static int rfcomm_process_tx(struct rfcomm_dlc *d)
1796 struct sk_buff *skb;
1799 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1800 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1802 /* Send pending MSC */
1803 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1804 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1808 * Give them some credits */
1809 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1810 d->rx_credits <= (d->cfc >> 2)) {
1811 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1812 d->rx_credits = d->cfc;
1816 * Give ourselves some credits */
1820 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1821 return skb_queue_len(&d->tx_queue);
1823 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1824 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1826 skb_queue_head(&d->tx_queue, skb);
1833 if (d->cfc && !d->tx_credits) {
1834 /* We're out of TX credits.
1835 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1836 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1839 return skb_queue_len(&d->tx_queue);
1842 static void rfcomm_process_dlcs(struct rfcomm_session *s)
1844 struct rfcomm_dlc *d;
1845 struct list_head *p, *n;
1847 BT_DBG("session %p state %ld", s, s->state);
1849 list_for_each_safe(p, n, &s->dlcs) {
1850 d = list_entry(p, struct rfcomm_dlc, list);
1852 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1853 __rfcomm_dlc_close(d, ETIMEDOUT);
1857 if (test_bit(RFCOMM_ENC_DROP, &d->flags)) {
1858 __rfcomm_dlc_close(d, ECONNREFUSED);
1862 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1863 rfcomm_dlc_clear_timer(d);
1865 rfcomm_send_pn(s, 1, d);
1866 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1868 if (d->defer_setup) {
1869 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1870 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1873 d->state = BT_CONNECT2;
1874 d->state_change(d, 0);
1875 rfcomm_dlc_unlock(d);
1877 rfcomm_dlc_accept(d);
1880 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1881 rfcomm_dlc_clear_timer(d);
1883 rfcomm_send_dm(s, d->dlci);
1885 d->state = BT_CLOSED;
1886 __rfcomm_dlc_close(d, ECONNREFUSED);
1890 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1893 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1896 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1897 d->mscex == RFCOMM_MSCEX_OK)
1898 rfcomm_process_tx(d);
1902 static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s)
1904 struct socket *sock = s->sock;
1905 struct sock *sk = sock->sk;
1906 struct sk_buff *skb;
1908 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1910 /* Get data directly from socket receive queue without copying it. */
1911 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1913 if (!skb_linearize(skb)) {
1914 s = rfcomm_recv_frame(s, skb);
1922 if (s && (sk->sk_state == BT_CLOSED))
1923 s = rfcomm_session_close(s, sk->sk_err);
1928 static void rfcomm_accept_connection(struct rfcomm_session *s)
1930 struct socket *sock = s->sock, *nsock;
1933 /* Fast check for a new connection.
1934 * Avoids unnesesary socket allocations. */
1935 if (list_empty(&bt_sk(sock->sk)->accept_q))
1938 BT_DBG("session %p", s);
1940 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1944 /* Set our callbacks */
1945 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1946 nsock->sk->sk_state_change = rfcomm_l2state_change;
1948 s = rfcomm_session_add(nsock, BT_OPEN);
1950 /* We should adjust MTU on incoming sessions.
1951 * L2CAP MTU minus UIH header and FCS. */
1952 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1953 l2cap_pi(nsock->sk)->chan->imtu) - 5;
1957 sock_release(nsock);
1960 static struct rfcomm_session *rfcomm_check_connection(struct rfcomm_session *s)
1962 struct sock *sk = s->sock->sk;
1964 BT_DBG("%p state %ld", s, s->state);
1966 switch (sk->sk_state) {
1968 s->state = BT_CONNECT;
1970 /* We can adjust MTU on outgoing sessions.
1971 * L2CAP MTU minus UIH header and FCS. */
1972 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
1974 rfcomm_send_sabm(s, 0);
1978 s = rfcomm_session_close(s, sk->sk_err);
1984 static void rfcomm_process_sessions(void)
1986 struct list_head *p, *n;
1990 list_for_each_safe(p, n, &session_list) {
1991 struct rfcomm_session *s;
1992 s = list_entry(p, struct rfcomm_session, list);
1994 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1995 s->state = BT_DISCONN;
1996 rfcomm_send_disc(s, 0);
2002 rfcomm_accept_connection(s);
2006 s = rfcomm_check_connection(s);
2010 s = rfcomm_process_rx(s);
2015 rfcomm_process_dlcs(s);
2021 static int rfcomm_add_listener(bdaddr_t *ba)
2023 struct sockaddr_l2 addr;
2024 struct socket *sock;
2026 struct rfcomm_session *s;
2030 err = rfcomm_l2sock_create(&sock);
2032 BT_ERR("Create socket failed %d", err);
2037 bacpy(&addr.l2_bdaddr, ba);
2038 addr.l2_family = AF_BLUETOOTH;
2039 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
2041 addr.l2_bdaddr_type = BDADDR_BREDR;
2042 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
2044 BT_ERR("Bind failed %d", err);
2048 /* Set L2CAP options */
2051 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
2054 /* Start listening on the socket */
2055 err = kernel_listen(sock, 10);
2057 BT_ERR("Listen failed %d", err);
2061 /* Add listening session */
2062 s = rfcomm_session_add(sock, BT_LISTEN);
2074 static void rfcomm_kill_listener(void)
2076 struct rfcomm_session *s;
2077 struct list_head *p, *n;
2081 list_for_each_safe(p, n, &session_list) {
2082 s = list_entry(p, struct rfcomm_session, list);
2083 rfcomm_session_del(s);
2087 static int rfcomm_run(void *unused)
2091 set_user_nice(current, -10);
2093 rfcomm_add_listener(BDADDR_ANY);
2096 set_current_state(TASK_INTERRUPTIBLE);
2098 if (kthread_should_stop())
2102 rfcomm_process_sessions();
2106 __set_current_state(TASK_RUNNING);
2108 rfcomm_kill_listener();
2113 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2115 struct rfcomm_session *s;
2116 struct rfcomm_dlc *d;
2117 struct list_head *p, *n;
2119 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2121 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2125 list_for_each_safe(p, n, &s->dlcs) {
2126 d = list_entry(p, struct rfcomm_dlc, list);
2128 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2129 rfcomm_dlc_clear_timer(d);
2130 if (status || encrypt == 0x00) {
2131 set_bit(RFCOMM_ENC_DROP, &d->flags);
2136 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2137 if (d->sec_level == BT_SECURITY_MEDIUM) {
2138 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2139 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2141 } else if (d->sec_level == BT_SECURITY_HIGH ||
2142 d->sec_level == BT_SECURITY_FIPS) {
2143 set_bit(RFCOMM_ENC_DROP, &d->flags);
2148 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2151 if (!status && hci_conn_check_secure(conn, d->sec_level))
2152 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2154 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2160 static struct hci_cb rfcomm_cb = {
2162 .security_cfm = rfcomm_security_cfm
2165 static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2167 struct rfcomm_session *s;
2171 list_for_each_entry(s, &session_list, list) {
2172 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
2173 struct rfcomm_dlc *d;
2174 list_for_each_entry(d, &s->dlcs, list) {
2175 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n",
2176 &chan->src, &chan->dst,
2177 d->state, d->dlci, d->mtu,
2178 d->rx_credits, d->tx_credits);
2187 static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file)
2189 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private);
2192 static const struct file_operations rfcomm_dlc_debugfs_fops = {
2193 .open = rfcomm_dlc_debugfs_open,
2195 .llseek = seq_lseek,
2196 .release = single_release,
2199 static struct dentry *rfcomm_dlc_debugfs;
2201 /* ---- Initialization ---- */
2202 static int __init rfcomm_init(void)
2206 hci_register_cb(&rfcomm_cb);
2208 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2209 if (IS_ERR(rfcomm_thread)) {
2210 err = PTR_ERR(rfcomm_thread);
2214 err = rfcomm_init_ttys();
2218 err = rfcomm_init_sockets();
2222 BT_INFO("RFCOMM ver %s", VERSION);
2224 if (IS_ERR_OR_NULL(bt_debugfs))
2227 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2229 &rfcomm_dlc_debugfs_fops);
2234 rfcomm_cleanup_ttys();
2237 kthread_stop(rfcomm_thread);
2240 hci_unregister_cb(&rfcomm_cb);
2245 static void __exit rfcomm_exit(void)
2247 debugfs_remove(rfcomm_dlc_debugfs);
2249 hci_unregister_cb(&rfcomm_cb);
2251 kthread_stop(rfcomm_thread);
2253 rfcomm_cleanup_ttys();
2255 rfcomm_cleanup_sockets();
2258 module_init(rfcomm_init);
2259 module_exit(rfcomm_exit);
2261 module_param(disable_cfc, bool, 0644);
2262 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2264 module_param(channel_mtu, int, 0644);
2265 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2267 module_param(l2cap_mtu, uint, 0644);
2268 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2270 module_param(l2cap_ertm, bool, 0644);
2271 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2273 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2274 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2275 MODULE_VERSION(VERSION);
2276 MODULE_LICENSE("GPL");
2277 MODULE_ALIAS("bt-proto-3");