2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
28 #include <linux/module.h>
29 #include <linux/debugfs.h>
30 #include <linux/kthread.h>
31 #include <asm/unaligned.h>
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35 #include <net/bluetooth/l2cap.h>
36 #include <net/bluetooth/rfcomm.h>
38 #define VERSION "1.11"
40 static bool disable_cfc;
41 static bool l2cap_ertm;
42 static int channel_mtu = -1;
43 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
45 static struct task_struct *rfcomm_thread;
47 static DEFINE_MUTEX(rfcomm_mutex);
48 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
49 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
52 static LIST_HEAD(session_list);
54 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
55 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
56 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
57 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
58 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
59 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
60 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
61 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
62 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
63 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
65 static void rfcomm_process_connect(struct rfcomm_session *s);
67 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
71 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
72 static void rfcomm_session_del(struct rfcomm_session *s);
74 /* ---- RFCOMM frame parsing macros ---- */
75 #define __get_dlci(b) ((b & 0xfc) >> 2)
76 #define __get_channel(b) ((b & 0xf8) >> 3)
77 #define __get_dir(b) ((b & 0x04) >> 2)
78 #define __get_type(b) ((b & 0xef))
80 #define __test_ea(b) ((b & 0x01))
81 #define __test_cr(b) ((b & 0x02))
82 #define __test_pf(b) ((b & 0x10))
84 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
85 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
86 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
87 #define __srv_channel(dlci) (dlci >> 1)
88 #define __dir(dlci) (dlci & 0x01)
90 #define __len8(len) (((len) << 1) | 1)
91 #define __len16(len) ((len) << 1)
94 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
95 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
96 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
99 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
100 #define __get_rpn_data_bits(line) ((line) & 0x3)
101 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
102 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
104 static void rfcomm_schedule(void)
108 wake_up_process(rfcomm_thread);
111 static void rfcomm_session_put(struct rfcomm_session *s)
113 if (atomic_dec_and_test(&s->refcnt))
114 rfcomm_session_del(s);
117 /* ---- RFCOMM FCS computation ---- */
119 /* reversed, 8-bit, poly=0x07 */
120 static unsigned char rfcomm_crc_table[256] = {
121 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
122 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
123 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
124 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
126 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
127 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
128 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
129 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
131 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
132 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
133 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
134 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
136 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
137 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
138 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
139 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
141 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
142 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
143 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
144 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
146 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
147 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
148 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
149 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
151 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
152 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
153 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
154 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
156 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
157 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
158 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
159 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
163 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
166 static inline u8 __fcs(u8 *data)
168 return 0xff - __crc(data);
172 static inline u8 __fcs2(u8 *data)
174 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
178 static inline int __check_fcs(u8 *data, int type, u8 fcs)
182 if (type != RFCOMM_UIH)
183 f = rfcomm_crc_table[f ^ data[2]];
185 return rfcomm_crc_table[f ^ fcs] != 0xcf;
188 /* ---- L2CAP callbacks ---- */
189 static void rfcomm_l2state_change(struct sock *sk)
191 BT_DBG("%p state %d", sk, sk->sk_state);
195 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
197 BT_DBG("%p bytes %d", sk, bytes);
201 static int rfcomm_l2sock_create(struct socket **sock)
207 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
209 struct sock *sk = (*sock)->sk;
210 sk->sk_data_ready = rfcomm_l2data_ready;
211 sk->sk_state_change = rfcomm_l2state_change;
216 static int rfcomm_check_security(struct rfcomm_dlc *d)
218 struct sock *sk = d->session->sock->sk;
219 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
223 switch (d->sec_level) {
224 case BT_SECURITY_HIGH:
225 auth_type = HCI_AT_GENERAL_BONDING_MITM;
227 case BT_SECURITY_MEDIUM:
228 auth_type = HCI_AT_GENERAL_BONDING;
231 auth_type = HCI_AT_NO_BONDING;
235 return hci_conn_security(conn->hcon, d->sec_level, auth_type);
238 static void rfcomm_session_timeout(unsigned long arg)
240 struct rfcomm_session *s = (void *) arg;
242 BT_DBG("session %p state %ld", s, s->state);
244 set_bit(RFCOMM_TIMED_OUT, &s->flags);
248 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
250 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
252 if (!mod_timer(&s->timer, jiffies + timeout))
253 rfcomm_session_hold(s);
256 static void rfcomm_session_clear_timer(struct rfcomm_session *s)
258 BT_DBG("session %p state %ld", s, s->state);
260 if (del_timer_sync(&s->timer))
261 rfcomm_session_put(s);
264 /* ---- RFCOMM DLCs ---- */
265 static void rfcomm_dlc_timeout(unsigned long arg)
267 struct rfcomm_dlc *d = (void *) arg;
269 BT_DBG("dlc %p state %ld", d, d->state);
271 set_bit(RFCOMM_TIMED_OUT, &d->flags);
276 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
278 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
280 if (!mod_timer(&d->timer, jiffies + timeout))
284 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
286 BT_DBG("dlc %p state %ld", d, d->state);
288 if (del_timer(&d->timer))
292 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
299 d->sec_level = BT_SECURITY_LOW;
300 d->mtu = RFCOMM_DEFAULT_MTU;
301 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
303 d->cfc = RFCOMM_CFC_DISABLED;
304 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
307 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
309 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
314 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
316 skb_queue_head_init(&d->tx_queue);
317 spin_lock_init(&d->lock);
318 atomic_set(&d->refcnt, 1);
320 rfcomm_dlc_clear_state(d);
327 void rfcomm_dlc_free(struct rfcomm_dlc *d)
331 skb_queue_purge(&d->tx_queue);
335 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
337 BT_DBG("dlc %p session %p", d, s);
339 rfcomm_session_hold(s);
341 rfcomm_session_clear_timer(s);
343 list_add(&d->list, &s->dlcs);
347 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
349 struct rfcomm_session *s = d->session;
351 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
357 if (list_empty(&s->dlcs))
358 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
360 rfcomm_session_put(s);
363 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
365 struct rfcomm_dlc *d;
367 list_for_each_entry(d, &s->dlcs, list)
374 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
376 struct rfcomm_session *s;
380 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d",
381 d, d->state, src, dst, channel);
383 if (channel < 1 || channel > 30)
386 if (d->state != BT_OPEN && d->state != BT_CLOSED)
389 s = rfcomm_session_get(src, dst);
391 s = rfcomm_session_create(src, dst, d->sec_level, &err);
396 dlci = __dlci(!s->initiator, channel);
398 /* Check if DLCI already exists */
399 if (rfcomm_dlc_get(s, dlci))
402 rfcomm_dlc_clear_state(d);
405 d->addr = __addr(s->initiator, dlci);
408 d->state = BT_CONFIG;
409 rfcomm_dlc_link(s, d);
414 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
416 if (s->state == BT_CONNECTED) {
417 if (rfcomm_check_security(d))
418 rfcomm_send_pn(s, 1, d);
420 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
423 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
428 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
434 r = __rfcomm_dlc_open(d, src, dst, channel);
440 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
442 struct rfcomm_session *s = d->session;
446 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
447 d, d->state, d->dlci, err, s);
452 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
453 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
460 d->state = BT_DISCONN;
461 if (skb_queue_empty(&d->tx_queue)) {
462 rfcomm_send_disc(s, d->dlci);
463 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
465 rfcomm_queue_disc(d);
466 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
472 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
473 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
480 rfcomm_dlc_clear_timer(d);
483 d->state = BT_CLOSED;
484 d->state_change(d, err);
485 rfcomm_dlc_unlock(d);
487 skb_queue_purge(&d->tx_queue);
488 rfcomm_dlc_unlink(d);
494 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
497 struct rfcomm_dlc *d_list;
498 struct rfcomm_session *s, *s_list;
500 BT_DBG("dlc %p state %ld dlci %d err %d", d, d->state, d->dlci, err);
508 /* after waiting on the mutex check the session still exists
509 * then check the dlc still exists
511 list_for_each_entry(s_list, &session_list, list) {
513 list_for_each_entry(d_list, &s->dlcs, list) {
515 r = __rfcomm_dlc_close(d, err);
528 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
532 if (d->state != BT_CONNECTED)
535 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
540 rfcomm_make_uih(skb, d->addr);
541 skb_queue_tail(&d->tx_queue, skb);
543 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
548 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
550 BT_DBG("dlc %p state %ld", d, d->state);
553 d->v24_sig |= RFCOMM_V24_FC;
554 set_bit(RFCOMM_MSC_PENDING, &d->flags);
559 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
561 BT_DBG("dlc %p state %ld", d, d->state);
564 d->v24_sig &= ~RFCOMM_V24_FC;
565 set_bit(RFCOMM_MSC_PENDING, &d->flags);
571 Set/get modem status functions use _local_ status i.e. what we report
573 Remote status is provided by dlc->modem_status() callback.
575 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
577 BT_DBG("dlc %p state %ld v24_sig 0x%x",
578 d, d->state, v24_sig);
580 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
581 v24_sig |= RFCOMM_V24_FC;
583 v24_sig &= ~RFCOMM_V24_FC;
585 d->v24_sig = v24_sig;
587 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
593 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
595 BT_DBG("dlc %p state %ld v24_sig 0x%x",
596 d, d->state, d->v24_sig);
598 *v24_sig = d->v24_sig;
602 /* ---- RFCOMM sessions ---- */
603 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
605 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
610 BT_DBG("session %p sock %p", s, sock);
612 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
614 INIT_LIST_HEAD(&s->dlcs);
618 s->mtu = RFCOMM_DEFAULT_MTU;
619 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
621 /* Do not increment module usage count for listening sessions.
622 * Otherwise we won't be able to unload the module. */
623 if (state != BT_LISTEN)
624 if (!try_module_get(THIS_MODULE)) {
629 list_add(&s->list, &session_list);
634 static void rfcomm_session_del(struct rfcomm_session *s)
636 int state = s->state;
638 BT_DBG("session %p state %ld", s, s->state);
642 if (state == BT_CONNECTED)
643 rfcomm_send_disc(s, 0);
645 rfcomm_session_clear_timer(s);
646 sock_release(s->sock);
649 if (state != BT_LISTEN)
650 module_put(THIS_MODULE);
653 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
655 struct rfcomm_session *s;
656 struct list_head *p, *n;
658 list_for_each_safe(p, n, &session_list) {
659 s = list_entry(p, struct rfcomm_session, list);
660 sk = bt_sk(s->sock->sk);
662 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
663 !bacmp(&sk->dst, dst))
669 static void rfcomm_session_close(struct rfcomm_session *s, int err)
671 struct rfcomm_dlc *d;
672 struct list_head *p, *n;
674 BT_DBG("session %p state %ld err %d", s, s->state, err);
676 rfcomm_session_hold(s);
678 s->state = BT_CLOSED;
681 list_for_each_safe(p, n, &s->dlcs) {
682 d = list_entry(p, struct rfcomm_dlc, list);
683 d->state = BT_CLOSED;
684 __rfcomm_dlc_close(d, err);
687 rfcomm_session_clear_timer(s);
688 rfcomm_session_put(s);
691 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
696 struct rfcomm_session *s = NULL;
697 struct sockaddr_l2 addr;
701 BT_DBG("%pMR -> %pMR", src, dst);
703 *err = rfcomm_l2sock_create(&sock);
707 bacpy(&addr.l2_bdaddr, src);
708 addr.l2_family = AF_BLUETOOTH;
711 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
715 /* Set L2CAP options */
718 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
719 l2cap_pi(sk)->chan->sec_level = sec_level;
721 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
724 s = rfcomm_session_add(sock, BT_BOUND);
732 bacpy(&addr.l2_bdaddr, dst);
733 addr.l2_family = AF_BLUETOOTH;
734 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
736 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
737 if (*err == 0 || *err == -EINPROGRESS)
740 rfcomm_session_del(s);
748 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
750 struct sock *sk = s->sock->sk;
752 bacpy(src, &bt_sk(sk)->src);
754 bacpy(dst, &bt_sk(sk)->dst);
757 /* ---- RFCOMM frame sending ---- */
758 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
760 struct kvec iv = { data, len };
763 BT_DBG("session %p len %d", s, len);
765 memset(&msg, 0, sizeof(msg));
767 return kernel_sendmsg(s->sock, &msg, &iv, 1, len);
770 static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd)
772 BT_DBG("%p cmd %u", s, cmd->ctrl);
774 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd));
777 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
779 struct rfcomm_cmd cmd;
781 BT_DBG("%p dlci %d", s, dlci);
783 cmd.addr = __addr(s->initiator, dlci);
784 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
786 cmd.fcs = __fcs2((u8 *) &cmd);
788 return rfcomm_send_cmd(s, &cmd);
791 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
793 struct rfcomm_cmd cmd;
795 BT_DBG("%p dlci %d", s, dlci);
797 cmd.addr = __addr(!s->initiator, dlci);
798 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
800 cmd.fcs = __fcs2((u8 *) &cmd);
802 return rfcomm_send_cmd(s, &cmd);
805 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
807 struct rfcomm_cmd cmd;
809 BT_DBG("%p dlci %d", s, dlci);
811 cmd.addr = __addr(s->initiator, dlci);
812 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
814 cmd.fcs = __fcs2((u8 *) &cmd);
816 return rfcomm_send_cmd(s, &cmd);
819 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
821 struct rfcomm_cmd *cmd;
824 BT_DBG("dlc %p dlci %d", d, d->dlci);
826 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
830 cmd = (void *) __skb_put(skb, sizeof(*cmd));
832 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
833 cmd->len = __len8(0);
834 cmd->fcs = __fcs2((u8 *) cmd);
836 skb_queue_tail(&d->tx_queue, skb);
841 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
843 struct rfcomm_cmd cmd;
845 BT_DBG("%p dlci %d", s, dlci);
847 cmd.addr = __addr(!s->initiator, dlci);
848 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
850 cmd.fcs = __fcs2((u8 *) &cmd);
852 return rfcomm_send_cmd(s, &cmd);
855 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
857 struct rfcomm_hdr *hdr;
858 struct rfcomm_mcc *mcc;
859 u8 buf[16], *ptr = buf;
861 BT_DBG("%p cr %d type %d", s, cr, type);
863 hdr = (void *) ptr; ptr += sizeof(*hdr);
864 hdr->addr = __addr(s->initiator, 0);
865 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
866 hdr->len = __len8(sizeof(*mcc) + 1);
868 mcc = (void *) ptr; ptr += sizeof(*mcc);
869 mcc->type = __mcc_type(cr, RFCOMM_NSC);
870 mcc->len = __len8(1);
872 /* Type that we didn't like */
873 *ptr = __mcc_type(cr, type); ptr++;
875 *ptr = __fcs(buf); ptr++;
877 return rfcomm_send_frame(s, buf, ptr - buf);
880 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
882 struct rfcomm_hdr *hdr;
883 struct rfcomm_mcc *mcc;
884 struct rfcomm_pn *pn;
885 u8 buf[16], *ptr = buf;
887 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
889 hdr = (void *) ptr; ptr += sizeof(*hdr);
890 hdr->addr = __addr(s->initiator, 0);
891 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
892 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
894 mcc = (void *) ptr; ptr += sizeof(*mcc);
895 mcc->type = __mcc_type(cr, RFCOMM_PN);
896 mcc->len = __len8(sizeof(*pn));
898 pn = (void *) ptr; ptr += sizeof(*pn);
900 pn->priority = d->priority;
905 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
906 pn->credits = RFCOMM_DEFAULT_CREDITS;
912 if (cr && channel_mtu >= 0)
913 pn->mtu = cpu_to_le16(channel_mtu);
915 pn->mtu = cpu_to_le16(d->mtu);
917 *ptr = __fcs(buf); ptr++;
919 return rfcomm_send_frame(s, buf, ptr - buf);
922 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
923 u8 bit_rate, u8 data_bits, u8 stop_bits,
924 u8 parity, u8 flow_ctrl_settings,
925 u8 xon_char, u8 xoff_char, u16 param_mask)
927 struct rfcomm_hdr *hdr;
928 struct rfcomm_mcc *mcc;
929 struct rfcomm_rpn *rpn;
930 u8 buf[16], *ptr = buf;
932 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
933 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
934 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
935 flow_ctrl_settings, xon_char, xoff_char, param_mask);
937 hdr = (void *) ptr; ptr += sizeof(*hdr);
938 hdr->addr = __addr(s->initiator, 0);
939 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
940 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
942 mcc = (void *) ptr; ptr += sizeof(*mcc);
943 mcc->type = __mcc_type(cr, RFCOMM_RPN);
944 mcc->len = __len8(sizeof(*rpn));
946 rpn = (void *) ptr; ptr += sizeof(*rpn);
947 rpn->dlci = __addr(1, dlci);
948 rpn->bit_rate = bit_rate;
949 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
950 rpn->flow_ctrl = flow_ctrl_settings;
951 rpn->xon_char = xon_char;
952 rpn->xoff_char = xoff_char;
953 rpn->param_mask = cpu_to_le16(param_mask);
955 *ptr = __fcs(buf); ptr++;
957 return rfcomm_send_frame(s, buf, ptr - buf);
960 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
962 struct rfcomm_hdr *hdr;
963 struct rfcomm_mcc *mcc;
964 struct rfcomm_rls *rls;
965 u8 buf[16], *ptr = buf;
967 BT_DBG("%p cr %d status 0x%x", s, cr, status);
969 hdr = (void *) ptr; ptr += sizeof(*hdr);
970 hdr->addr = __addr(s->initiator, 0);
971 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
972 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
974 mcc = (void *) ptr; ptr += sizeof(*mcc);
975 mcc->type = __mcc_type(cr, RFCOMM_RLS);
976 mcc->len = __len8(sizeof(*rls));
978 rls = (void *) ptr; ptr += sizeof(*rls);
979 rls->dlci = __addr(1, dlci);
980 rls->status = status;
982 *ptr = __fcs(buf); ptr++;
984 return rfcomm_send_frame(s, buf, ptr - buf);
987 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
989 struct rfcomm_hdr *hdr;
990 struct rfcomm_mcc *mcc;
991 struct rfcomm_msc *msc;
992 u8 buf[16], *ptr = buf;
994 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
996 hdr = (void *) ptr; ptr += sizeof(*hdr);
997 hdr->addr = __addr(s->initiator, 0);
998 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
999 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
1001 mcc = (void *) ptr; ptr += sizeof(*mcc);
1002 mcc->type = __mcc_type(cr, RFCOMM_MSC);
1003 mcc->len = __len8(sizeof(*msc));
1005 msc = (void *) ptr; ptr += sizeof(*msc);
1006 msc->dlci = __addr(1, dlci);
1007 msc->v24_sig = v24_sig | 0x01;
1009 *ptr = __fcs(buf); ptr++;
1011 return rfcomm_send_frame(s, buf, ptr - buf);
1014 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
1016 struct rfcomm_hdr *hdr;
1017 struct rfcomm_mcc *mcc;
1018 u8 buf[16], *ptr = buf;
1020 BT_DBG("%p cr %d", s, cr);
1022 hdr = (void *) ptr; ptr += sizeof(*hdr);
1023 hdr->addr = __addr(s->initiator, 0);
1024 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1025 hdr->len = __len8(sizeof(*mcc));
1027 mcc = (void *) ptr; ptr += sizeof(*mcc);
1028 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1029 mcc->len = __len8(0);
1031 *ptr = __fcs(buf); ptr++;
1033 return rfcomm_send_frame(s, buf, ptr - buf);
1036 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1038 struct rfcomm_hdr *hdr;
1039 struct rfcomm_mcc *mcc;
1040 u8 buf[16], *ptr = buf;
1042 BT_DBG("%p cr %d", s, cr);
1044 hdr = (void *) ptr; ptr += sizeof(*hdr);
1045 hdr->addr = __addr(s->initiator, 0);
1046 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1047 hdr->len = __len8(sizeof(*mcc));
1049 mcc = (void *) ptr; ptr += sizeof(*mcc);
1050 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1051 mcc->len = __len8(0);
1053 *ptr = __fcs(buf); ptr++;
1055 return rfcomm_send_frame(s, buf, ptr - buf);
1058 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1060 struct socket *sock = s->sock;
1063 unsigned char hdr[5], crc[1];
1068 BT_DBG("%p cr %d", s, cr);
1070 hdr[0] = __addr(s->initiator, 0);
1071 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1072 hdr[2] = 0x01 | ((len + 2) << 1);
1073 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1074 hdr[4] = 0x01 | (len << 1);
1076 crc[0] = __fcs(hdr);
1078 iv[0].iov_base = hdr;
1080 iv[1].iov_base = pattern;
1081 iv[1].iov_len = len;
1082 iv[2].iov_base = crc;
1085 memset(&msg, 0, sizeof(msg));
1087 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1090 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1092 struct rfcomm_hdr *hdr;
1093 u8 buf[16], *ptr = buf;
1095 BT_DBG("%p addr %d credits %d", s, addr, credits);
1097 hdr = (void *) ptr; ptr += sizeof(*hdr);
1099 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1100 hdr->len = __len8(0);
1102 *ptr = credits; ptr++;
1104 *ptr = __fcs(buf); ptr++;
1106 return rfcomm_send_frame(s, buf, ptr - buf);
1109 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1111 struct rfcomm_hdr *hdr;
1116 hdr = (void *) skb_push(skb, 4);
1117 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1119 hdr = (void *) skb_push(skb, 3);
1120 hdr->len = __len8(len);
1123 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1125 crc = skb_put(skb, 1);
1126 *crc = __fcs((void *) hdr);
1129 /* ---- RFCOMM frame reception ---- */
1130 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1132 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1136 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1138 rfcomm_send_dm(s, dlci);
1144 rfcomm_dlc_clear_timer(d);
1147 d->state = BT_CONNECTED;
1148 d->state_change(d, 0);
1149 rfcomm_dlc_unlock(d);
1151 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1155 d->state = BT_CLOSED;
1156 __rfcomm_dlc_close(d, 0);
1158 if (list_empty(&s->dlcs)) {
1159 s->state = BT_DISCONN;
1160 rfcomm_send_disc(s, 0);
1161 rfcomm_session_clear_timer(s);
1167 /* Control channel */
1170 s->state = BT_CONNECTED;
1171 rfcomm_process_connect(s);
1175 /* rfcomm_session_put is called later so don't do
1176 * anything here otherwise we will mess up the session
1177 * reference counter:
1179 * (a) when we are the initiator dlc_unlink will drive
1180 * the reference counter to 0 (there is no initial put
1181 * after session_add)
1183 * (b) when we are not the initiator rfcomm_rx_process
1184 * will explicitly call put to balance the initial hold
1185 * done after session add.
1193 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1197 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1201 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1203 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1208 d->state = BT_CLOSED;
1209 __rfcomm_dlc_close(d, err);
1212 if (s->state == BT_CONNECT)
1217 s->state = BT_CLOSED;
1218 rfcomm_session_close(s, err);
1223 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1227 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1230 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1232 rfcomm_send_ua(s, dlci);
1234 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1239 d->state = BT_CLOSED;
1240 __rfcomm_dlc_close(d, err);
1242 rfcomm_send_dm(s, dlci);
1245 rfcomm_send_ua(s, 0);
1247 if (s->state == BT_CONNECT)
1252 s->state = BT_CLOSED;
1253 rfcomm_session_close(s, err);
1259 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1261 struct sock *sk = d->session->sock->sk;
1262 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1264 BT_DBG("dlc %p", d);
1266 rfcomm_send_ua(d->session, d->dlci);
1268 rfcomm_dlc_clear_timer(d);
1271 d->state = BT_CONNECTED;
1272 d->state_change(d, 0);
1273 rfcomm_dlc_unlock(d);
1276 hci_conn_switch_role(conn->hcon, 0x00);
1278 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1281 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1283 if (rfcomm_check_security(d)) {
1284 if (d->defer_setup) {
1285 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1286 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1289 d->state = BT_CONNECT2;
1290 d->state_change(d, 0);
1291 rfcomm_dlc_unlock(d);
1293 rfcomm_dlc_accept(d);
1295 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1296 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1300 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1302 struct rfcomm_dlc *d;
1305 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1308 rfcomm_send_ua(s, 0);
1310 if (s->state == BT_OPEN) {
1311 s->state = BT_CONNECTED;
1312 rfcomm_process_connect(s);
1317 /* Check if DLC exists */
1318 d = rfcomm_dlc_get(s, dlci);
1320 if (d->state == BT_OPEN) {
1321 /* DLC was previously opened by PN request */
1322 rfcomm_check_accept(d);
1327 /* Notify socket layer about incoming connection */
1328 channel = __srv_channel(dlci);
1329 if (rfcomm_connect_ind(s, channel, &d)) {
1331 d->addr = __addr(s->initiator, dlci);
1332 rfcomm_dlc_link(s, d);
1334 rfcomm_check_accept(d);
1336 rfcomm_send_dm(s, dlci);
1342 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1344 struct rfcomm_session *s = d->session;
1346 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1347 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1349 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1350 pn->flow_ctrl == 0xe0) {
1351 d->cfc = RFCOMM_CFC_ENABLED;
1352 d->tx_credits = pn->credits;
1354 d->cfc = RFCOMM_CFC_DISABLED;
1355 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1358 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1361 d->priority = pn->priority;
1363 d->mtu = __le16_to_cpu(pn->mtu);
1365 if (cr && d->mtu > s->mtu)
1371 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1373 struct rfcomm_pn *pn = (void *) skb->data;
1374 struct rfcomm_dlc *d;
1377 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1382 d = rfcomm_dlc_get(s, dlci);
1386 rfcomm_apply_pn(d, cr, pn);
1387 rfcomm_send_pn(s, 0, d);
1392 rfcomm_apply_pn(d, cr, pn);
1394 d->state = BT_CONNECT;
1395 rfcomm_send_sabm(s, d->dlci);
1400 u8 channel = __srv_channel(dlci);
1405 /* PN request for non existing DLC.
1406 * Assume incoming connection. */
1407 if (rfcomm_connect_ind(s, channel, &d)) {
1409 d->addr = __addr(s->initiator, dlci);
1410 rfcomm_dlc_link(s, d);
1412 rfcomm_apply_pn(d, cr, pn);
1415 rfcomm_send_pn(s, 0, d);
1417 rfcomm_send_dm(s, dlci);
1423 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1425 struct rfcomm_rpn *rpn = (void *) skb->data;
1426 u8 dlci = __get_dlci(rpn->dlci);
1435 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1437 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1438 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1439 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1445 /* This is a request, return default (according to ETSI TS 07.10) settings */
1446 bit_rate = RFCOMM_RPN_BR_9600;
1447 data_bits = RFCOMM_RPN_DATA_8;
1448 stop_bits = RFCOMM_RPN_STOP_1;
1449 parity = RFCOMM_RPN_PARITY_NONE;
1450 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1451 xon_char = RFCOMM_RPN_XON_CHAR;
1452 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1456 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1457 * no parity, no flow control lines, normal XON/XOFF chars */
1459 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1460 bit_rate = rpn->bit_rate;
1461 if (bit_rate > RFCOMM_RPN_BR_230400) {
1462 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1463 bit_rate = RFCOMM_RPN_BR_9600;
1464 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1468 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1469 data_bits = __get_rpn_data_bits(rpn->line_settings);
1470 if (data_bits != RFCOMM_RPN_DATA_8) {
1471 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1472 data_bits = RFCOMM_RPN_DATA_8;
1473 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1477 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1478 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1479 if (stop_bits != RFCOMM_RPN_STOP_1) {
1480 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1481 stop_bits = RFCOMM_RPN_STOP_1;
1482 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1486 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1487 parity = __get_rpn_parity(rpn->line_settings);
1488 if (parity != RFCOMM_RPN_PARITY_NONE) {
1489 BT_DBG("RPN parity mismatch 0x%x", parity);
1490 parity = RFCOMM_RPN_PARITY_NONE;
1491 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1495 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1496 flow_ctrl = rpn->flow_ctrl;
1497 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1498 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1499 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1500 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1504 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1505 xon_char = rpn->xon_char;
1506 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1507 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1508 xon_char = RFCOMM_RPN_XON_CHAR;
1509 rpn_mask ^= RFCOMM_RPN_PM_XON;
1513 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1514 xoff_char = rpn->xoff_char;
1515 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1516 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1517 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1518 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1523 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1524 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1529 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1531 struct rfcomm_rls *rls = (void *) skb->data;
1532 u8 dlci = __get_dlci(rls->dlci);
1534 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1539 /* We should probably do something with this information here. But
1540 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1541 * mandatory to recognise and respond to RLS */
1543 rfcomm_send_rls(s, 0, dlci, rls->status);
1548 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1550 struct rfcomm_msc *msc = (void *) skb->data;
1551 struct rfcomm_dlc *d;
1552 u8 dlci = __get_dlci(msc->dlci);
1554 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1556 d = rfcomm_dlc_get(s, dlci);
1561 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1562 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1564 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1568 d->remote_v24_sig = msc->v24_sig;
1570 if (d->modem_status)
1571 d->modem_status(d, msc->v24_sig);
1573 rfcomm_dlc_unlock(d);
1575 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1577 d->mscex |= RFCOMM_MSCEX_RX;
1579 d->mscex |= RFCOMM_MSCEX_TX;
1584 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1586 struct rfcomm_mcc *mcc = (void *) skb->data;
1589 cr = __test_cr(mcc->type);
1590 type = __get_mcc_type(mcc->type);
1591 len = __get_mcc_len(mcc->len);
1593 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1599 rfcomm_recv_pn(s, cr, skb);
1603 rfcomm_recv_rpn(s, cr, len, skb);
1607 rfcomm_recv_rls(s, cr, skb);
1611 rfcomm_recv_msc(s, cr, skb);
1616 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1617 rfcomm_send_fcoff(s, 0);
1623 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1624 rfcomm_send_fcon(s, 0);
1630 rfcomm_send_test(s, 0, skb->data, skb->len);
1637 BT_ERR("Unknown control type 0x%02x", type);
1638 rfcomm_send_nsc(s, cr, type);
1644 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1646 struct rfcomm_dlc *d;
1648 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1650 d = rfcomm_dlc_get(s, dlci);
1652 rfcomm_send_dm(s, dlci);
1657 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1659 d->tx_credits += credits;
1661 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1664 if (skb->len && d->state == BT_CONNECTED) {
1667 d->data_ready(d, skb);
1668 rfcomm_dlc_unlock(d);
1677 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1679 struct rfcomm_hdr *hdr = (void *) skb->data;
1682 dlci = __get_dlci(hdr->addr);
1683 type = __get_type(hdr->ctrl);
1686 skb->len--; skb->tail--;
1687 fcs = *(u8 *)skb_tail_pointer(skb);
1689 if (__check_fcs(skb->data, type, fcs)) {
1690 BT_ERR("bad checksum in packet");
1695 if (__test_ea(hdr->len))
1702 if (__test_pf(hdr->ctrl))
1703 rfcomm_recv_sabm(s, dlci);
1707 if (__test_pf(hdr->ctrl))
1708 rfcomm_recv_disc(s, dlci);
1712 if (__test_pf(hdr->ctrl))
1713 rfcomm_recv_ua(s, dlci);
1717 rfcomm_recv_dm(s, dlci);
1722 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1724 rfcomm_recv_mcc(s, skb);
1728 BT_ERR("Unknown packet type 0x%02x", type);
1735 /* ---- Connection and data processing ---- */
1737 static void rfcomm_process_connect(struct rfcomm_session *s)
1739 struct rfcomm_dlc *d;
1740 struct list_head *p, *n;
1742 BT_DBG("session %p state %ld", s, s->state);
1744 list_for_each_safe(p, n, &s->dlcs) {
1745 d = list_entry(p, struct rfcomm_dlc, list);
1746 if (d->state == BT_CONFIG) {
1748 if (rfcomm_check_security(d)) {
1749 rfcomm_send_pn(s, 1, d);
1751 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1752 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1758 /* Send data queued for the DLC.
1759 * Return number of frames left in the queue.
1761 static int rfcomm_process_tx(struct rfcomm_dlc *d)
1763 struct sk_buff *skb;
1766 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1767 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1769 /* Send pending MSC */
1770 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1771 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1775 * Give them some credits */
1776 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1777 d->rx_credits <= (d->cfc >> 2)) {
1778 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1779 d->rx_credits = d->cfc;
1783 * Give ourselves some credits */
1787 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1788 return skb_queue_len(&d->tx_queue);
1790 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1791 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1793 skb_queue_head(&d->tx_queue, skb);
1800 if (d->cfc && !d->tx_credits) {
1801 /* We're out of TX credits.
1802 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1803 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1806 return skb_queue_len(&d->tx_queue);
1809 static void rfcomm_process_dlcs(struct rfcomm_session *s)
1811 struct rfcomm_dlc *d;
1812 struct list_head *p, *n;
1814 BT_DBG("session %p state %ld", s, s->state);
1816 list_for_each_safe(p, n, &s->dlcs) {
1817 d = list_entry(p, struct rfcomm_dlc, list);
1819 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1820 __rfcomm_dlc_close(d, ETIMEDOUT);
1824 if (test_bit(RFCOMM_ENC_DROP, &d->flags)) {
1825 __rfcomm_dlc_close(d, ECONNREFUSED);
1829 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1830 rfcomm_dlc_clear_timer(d);
1832 rfcomm_send_pn(s, 1, d);
1833 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1835 if (d->defer_setup) {
1836 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1837 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1840 d->state = BT_CONNECT2;
1841 d->state_change(d, 0);
1842 rfcomm_dlc_unlock(d);
1844 rfcomm_dlc_accept(d);
1847 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1848 rfcomm_dlc_clear_timer(d);
1850 rfcomm_send_dm(s, d->dlci);
1852 d->state = BT_CLOSED;
1853 __rfcomm_dlc_close(d, ECONNREFUSED);
1857 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1860 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1863 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1864 d->mscex == RFCOMM_MSCEX_OK)
1865 rfcomm_process_tx(d);
1869 static void rfcomm_process_rx(struct rfcomm_session *s)
1871 struct socket *sock = s->sock;
1872 struct sock *sk = sock->sk;
1873 struct sk_buff *skb;
1875 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1877 /* Get data directly from socket receive queue without copying it. */
1878 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1880 if (!skb_linearize(skb))
1881 rfcomm_recv_frame(s, skb);
1886 if (sk->sk_state == BT_CLOSED) {
1888 rfcomm_session_put(s);
1890 rfcomm_session_close(s, sk->sk_err);
1894 static void rfcomm_accept_connection(struct rfcomm_session *s)
1896 struct socket *sock = s->sock, *nsock;
1899 /* Fast check for a new connection.
1900 * Avoids unnesesary socket allocations. */
1901 if (list_empty(&bt_sk(sock->sk)->accept_q))
1904 BT_DBG("session %p", s);
1906 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1910 /* Set our callbacks */
1911 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1912 nsock->sk->sk_state_change = rfcomm_l2state_change;
1914 s = rfcomm_session_add(nsock, BT_OPEN);
1916 rfcomm_session_hold(s);
1918 /* We should adjust MTU on incoming sessions.
1919 * L2CAP MTU minus UIH header and FCS. */
1920 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1921 l2cap_pi(nsock->sk)->chan->imtu) - 5;
1925 sock_release(nsock);
1928 static void rfcomm_check_connection(struct rfcomm_session *s)
1930 struct sock *sk = s->sock->sk;
1932 BT_DBG("%p state %ld", s, s->state);
1934 switch (sk->sk_state) {
1936 s->state = BT_CONNECT;
1938 /* We can adjust MTU on outgoing sessions.
1939 * L2CAP MTU minus UIH header and FCS. */
1940 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
1942 rfcomm_send_sabm(s, 0);
1946 s->state = BT_CLOSED;
1947 rfcomm_session_close(s, sk->sk_err);
1952 static void rfcomm_process_sessions(void)
1954 struct list_head *p, *n;
1958 list_for_each_safe(p, n, &session_list) {
1959 struct rfcomm_session *s;
1960 s = list_entry(p, struct rfcomm_session, list);
1962 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1963 s->state = BT_DISCONN;
1964 rfcomm_send_disc(s, 0);
1965 rfcomm_session_put(s);
1969 if (s->state == BT_LISTEN) {
1970 rfcomm_accept_connection(s);
1974 rfcomm_session_hold(s);
1978 rfcomm_check_connection(s);
1982 rfcomm_process_rx(s);
1986 rfcomm_process_dlcs(s);
1988 rfcomm_session_put(s);
1994 static int rfcomm_add_listener(bdaddr_t *ba)
1996 struct sockaddr_l2 addr;
1997 struct socket *sock;
1999 struct rfcomm_session *s;
2003 err = rfcomm_l2sock_create(&sock);
2005 BT_ERR("Create socket failed %d", err);
2010 bacpy(&addr.l2_bdaddr, ba);
2011 addr.l2_family = AF_BLUETOOTH;
2012 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
2014 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
2016 BT_ERR("Bind failed %d", err);
2020 /* Set L2CAP options */
2023 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
2026 /* Start listening on the socket */
2027 err = kernel_listen(sock, 10);
2029 BT_ERR("Listen failed %d", err);
2033 /* Add listening session */
2034 s = rfcomm_session_add(sock, BT_LISTEN);
2038 rfcomm_session_hold(s);
2045 static void rfcomm_kill_listener(void)
2047 struct rfcomm_session *s;
2048 struct list_head *p, *n;
2052 list_for_each_safe(p, n, &session_list) {
2053 s = list_entry(p, struct rfcomm_session, list);
2054 rfcomm_session_del(s);
2058 static int rfcomm_run(void *unused)
2062 set_user_nice(current, -10);
2064 rfcomm_add_listener(BDADDR_ANY);
2067 set_current_state(TASK_INTERRUPTIBLE);
2069 if (kthread_should_stop())
2073 rfcomm_process_sessions();
2077 __set_current_state(TASK_RUNNING);
2079 rfcomm_kill_listener();
2084 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2086 struct rfcomm_session *s;
2087 struct rfcomm_dlc *d;
2088 struct list_head *p, *n;
2090 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2092 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2096 rfcomm_session_hold(s);
2098 list_for_each_safe(p, n, &s->dlcs) {
2099 d = list_entry(p, struct rfcomm_dlc, list);
2101 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2102 rfcomm_dlc_clear_timer(d);
2103 if (status || encrypt == 0x00) {
2104 set_bit(RFCOMM_ENC_DROP, &d->flags);
2109 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2110 if (d->sec_level == BT_SECURITY_MEDIUM) {
2111 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2112 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2114 } else if (d->sec_level == BT_SECURITY_HIGH) {
2115 set_bit(RFCOMM_ENC_DROP, &d->flags);
2120 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2123 if (!status && hci_conn_check_secure(conn, d->sec_level))
2124 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2126 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2129 rfcomm_session_put(s);
2134 static struct hci_cb rfcomm_cb = {
2136 .security_cfm = rfcomm_security_cfm
2139 static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2141 struct rfcomm_session *s;
2145 list_for_each_entry(s, &session_list, list) {
2146 struct rfcomm_dlc *d;
2147 list_for_each_entry(d, &s->dlcs, list) {
2148 struct sock *sk = s->sock->sk;
2150 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n",
2151 &bt_sk(sk)->src, &bt_sk(sk)->dst,
2152 d->state, d->dlci, d->mtu,
2153 d->rx_credits, d->tx_credits);
2162 static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file)
2164 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private);
2167 static const struct file_operations rfcomm_dlc_debugfs_fops = {
2168 .open = rfcomm_dlc_debugfs_open,
2170 .llseek = seq_lseek,
2171 .release = single_release,
2174 static struct dentry *rfcomm_dlc_debugfs;
2176 /* ---- Initialization ---- */
2177 static int __init rfcomm_init(void)
2181 hci_register_cb(&rfcomm_cb);
2183 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2184 if (IS_ERR(rfcomm_thread)) {
2185 err = PTR_ERR(rfcomm_thread);
2190 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2191 bt_debugfs, NULL, &rfcomm_dlc_debugfs_fops);
2192 if (!rfcomm_dlc_debugfs)
2193 BT_ERR("Failed to create RFCOMM debug file");
2196 err = rfcomm_init_ttys();
2200 err = rfcomm_init_sockets();
2204 BT_INFO("RFCOMM ver %s", VERSION);
2209 rfcomm_cleanup_ttys();
2212 kthread_stop(rfcomm_thread);
2215 hci_unregister_cb(&rfcomm_cb);
2220 static void __exit rfcomm_exit(void)
2222 debugfs_remove(rfcomm_dlc_debugfs);
2224 hci_unregister_cb(&rfcomm_cb);
2226 kthread_stop(rfcomm_thread);
2228 rfcomm_cleanup_ttys();
2230 rfcomm_cleanup_sockets();
2233 module_init(rfcomm_init);
2234 module_exit(rfcomm_exit);
2236 module_param(disable_cfc, bool, 0644);
2237 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2239 module_param(channel_mtu, int, 0644);
2240 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2242 module_param(l2cap_mtu, uint, 0644);
2243 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2245 module_param(l2cap_ertm, bool, 0644);
2246 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2248 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2249 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2250 MODULE_VERSION(VERSION);
2251 MODULE_LICENSE("GPL");
2252 MODULE_ALIAS("bt-proto-3");