2
RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3
Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4
Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6
This program is free software; you can redistribute it and/or modify
7
it under the terms of the GNU General Public License version 2 as
8
published by the Free Software Foundation;
10
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13
IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14
CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20
COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21
SOFTWARE IS DISCLAIMED.
25
* Bluetooth RFCOMM core.
28
#include <linux/module.h>
29
#include <linux/errno.h>
30
#include <linux/kernel.h>
31
#include <linux/sched.h>
32
#include <linux/signal.h>
33
#include <linux/init.h>
34
#include <linux/wait.h>
35
#include <linux/device.h>
36
#include <linux/debugfs.h>
37
#include <linux/seq_file.h>
38
#include <linux/net.h>
39
#include <linux/mutex.h>
40
#include <linux/kthread.h>
41
#include <linux/slab.h>
44
#include <linux/uaccess.h>
45
#include <asm/unaligned.h>
47
#include <net/bluetooth/bluetooth.h>
48
#include <net/bluetooth/hci_core.h>
49
#include <net/bluetooth/l2cap.h>
50
#include <net/bluetooth/rfcomm.h>
52
#define VERSION "1.11"
54
static int disable_cfc;
55
static int l2cap_ertm;
56
static int channel_mtu = -1;
57
static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
59
static struct task_struct *rfcomm_thread;
61
static DEFINE_MUTEX(rfcomm_mutex);
62
#define rfcomm_lock() mutex_lock(&rfcomm_mutex)
63
#define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
66
static LIST_HEAD(session_list);
68
static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
69
static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
70
static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
71
static int rfcomm_queue_disc(struct rfcomm_dlc *d);
72
static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
73
static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
74
static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
75
static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
76
static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
77
static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
79
static void rfcomm_process_connect(struct rfcomm_session *s);
81
static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
85
static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
86
static void rfcomm_session_del(struct rfcomm_session *s);
88
/* ---- RFCOMM frame parsing macros ---- */
89
#define __get_dlci(b) ((b & 0xfc) >> 2)
90
#define __get_channel(b) ((b & 0xf8) >> 3)
91
#define __get_dir(b) ((b & 0x04) >> 2)
92
#define __get_type(b) ((b & 0xef))
94
#define __test_ea(b) ((b & 0x01))
95
#define __test_cr(b) ((b & 0x02))
96
#define __test_pf(b) ((b & 0x10))
98
#define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
99
#define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
100
#define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
101
#define __srv_channel(dlci) (dlci >> 1)
102
#define __dir(dlci) (dlci & 0x01)
104
#define __len8(len) (((len) << 1) | 1)
105
#define __len16(len) ((len) << 1)
108
#define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
109
#define __get_mcc_type(b) ((b & 0xfc) >> 2)
110
#define __get_mcc_len(b) ((b & 0xfe) >> 1)
113
#define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
114
#define __get_rpn_data_bits(line) ((line) & 0x3)
115
#define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
116
#define __get_rpn_parity(line) (((line) >> 3) & 0x7)
118
static inline void rfcomm_schedule(void)
122
wake_up_process(rfcomm_thread);
125
static inline void rfcomm_session_put(struct rfcomm_session *s)
127
if (atomic_dec_and_test(&s->refcnt))
128
rfcomm_session_del(s);
131
/* ---- RFCOMM FCS computation ---- */
133
/* reversed, 8-bit, poly=0x07 */
134
static unsigned char rfcomm_crc_table[256] = {
135
0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
136
0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
137
0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
138
0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
140
0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
141
0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
142
0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
143
0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
145
0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
146
0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
147
0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
148
0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
150
0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
151
0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
152
0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
153
0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
155
0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
156
0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
157
0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
158
0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
160
0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
161
0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
162
0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
163
0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
165
0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
166
0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
167
0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
168
0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
170
0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
171
0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
172
0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
173
0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
177
#define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
180
static inline u8 __fcs(u8 *data)
182
return 0xff - __crc(data);
186
static inline u8 __fcs2(u8 *data)
188
return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
192
static inline int __check_fcs(u8 *data, int type, u8 fcs)
196
if (type != RFCOMM_UIH)
197
f = rfcomm_crc_table[f ^ data[2]];
199
return rfcomm_crc_table[f ^ fcs] != 0xcf;
202
/* ---- L2CAP callbacks ---- */
203
static void rfcomm_l2state_change(struct sock *sk)
205
BT_DBG("%p state %d", sk, sk->sk_state);
209
static void rfcomm_l2data_ready(struct sock *sk, int bytes)
211
BT_DBG("%p bytes %d", sk, bytes);
215
static int rfcomm_l2sock_create(struct socket **sock)
221
err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
223
struct sock *sk = (*sock)->sk;
224
sk->sk_data_ready = rfcomm_l2data_ready;
225
sk->sk_state_change = rfcomm_l2state_change;
230
static inline int rfcomm_check_security(struct rfcomm_dlc *d)
232
struct sock *sk = d->session->sock->sk;
233
struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
237
switch (d->sec_level) {
238
case BT_SECURITY_HIGH:
239
auth_type = HCI_AT_GENERAL_BONDING_MITM;
241
case BT_SECURITY_MEDIUM:
242
auth_type = HCI_AT_GENERAL_BONDING;
245
auth_type = HCI_AT_NO_BONDING;
249
return hci_conn_security(conn->hcon, d->sec_level, auth_type);
252
static void rfcomm_session_timeout(unsigned long arg)
254
struct rfcomm_session *s = (void *) arg;
256
BT_DBG("session %p state %ld", s, s->state);
258
set_bit(RFCOMM_TIMED_OUT, &s->flags);
262
static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
264
BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
266
if (!mod_timer(&s->timer, jiffies + timeout))
267
rfcomm_session_hold(s);
270
static void rfcomm_session_clear_timer(struct rfcomm_session *s)
272
BT_DBG("session %p state %ld", s, s->state);
274
if (timer_pending(&s->timer) && del_timer(&s->timer))
275
rfcomm_session_put(s);
278
/* ---- RFCOMM DLCs ---- */
279
static void rfcomm_dlc_timeout(unsigned long arg)
281
struct rfcomm_dlc *d = (void *) arg;
283
BT_DBG("dlc %p state %ld", d, d->state);
285
set_bit(RFCOMM_TIMED_OUT, &d->flags);
290
static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
292
BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
294
if (!mod_timer(&d->timer, jiffies + timeout))
298
static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
300
BT_DBG("dlc %p state %ld", d, d->state);
302
if (timer_pending(&d->timer) && del_timer(&d->timer))
306
static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
313
d->sec_level = BT_SECURITY_LOW;
314
d->mtu = RFCOMM_DEFAULT_MTU;
315
d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
317
d->cfc = RFCOMM_CFC_DISABLED;
318
d->rx_credits = RFCOMM_DEFAULT_CREDITS;
321
struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
323
struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
328
setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
330
skb_queue_head_init(&d->tx_queue);
331
spin_lock_init(&d->lock);
332
atomic_set(&d->refcnt, 1);
334
rfcomm_dlc_clear_state(d);
341
void rfcomm_dlc_free(struct rfcomm_dlc *d)
345
skb_queue_purge(&d->tx_queue);
349
static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
351
BT_DBG("dlc %p session %p", d, s);
353
rfcomm_session_hold(s);
355
rfcomm_session_clear_timer(s);
357
list_add(&d->list, &s->dlcs);
361
static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
363
struct rfcomm_session *s = d->session;
365
BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
371
if (list_empty(&s->dlcs))
372
rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
374
rfcomm_session_put(s);
377
static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
379
struct rfcomm_dlc *d;
382
list_for_each(p, &s->dlcs) {
383
d = list_entry(p, struct rfcomm_dlc, list);
390
static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
392
struct rfcomm_session *s;
396
BT_DBG("dlc %p state %ld %s %s channel %d",
397
d, d->state, batostr(src), batostr(dst), channel);
399
if (channel < 1 || channel > 30)
402
if (d->state != BT_OPEN && d->state != BT_CLOSED)
405
s = rfcomm_session_get(src, dst);
407
s = rfcomm_session_create(src, dst, d->sec_level, &err);
412
dlci = __dlci(!s->initiator, channel);
414
/* Check if DLCI already exists */
415
if (rfcomm_dlc_get(s, dlci))
418
rfcomm_dlc_clear_state(d);
421
d->addr = __addr(s->initiator, dlci);
424
d->state = BT_CONFIG;
425
rfcomm_dlc_link(s, d);
430
d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
432
if (s->state == BT_CONNECTED) {
433
if (rfcomm_check_security(d))
434
rfcomm_send_pn(s, 1, d);
436
set_bit(RFCOMM_AUTH_PENDING, &d->flags);
439
rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
444
int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
450
r = __rfcomm_dlc_open(d, src, dst, channel);
456
static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
458
struct rfcomm_session *s = d->session;
462
BT_DBG("dlc %p state %ld dlci %d err %d session %p",
463
d, d->state, d->dlci, err, s);
468
if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
469
set_bit(RFCOMM_AUTH_REJECT, &d->flags);
476
d->state = BT_DISCONN;
477
if (skb_queue_empty(&d->tx_queue)) {
478
rfcomm_send_disc(s, d->dlci);
479
rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
481
rfcomm_queue_disc(d);
482
rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
488
if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
489
set_bit(RFCOMM_AUTH_REJECT, &d->flags);
496
rfcomm_dlc_clear_timer(d);
499
d->state = BT_CLOSED;
500
d->state_change(d, err);
501
rfcomm_dlc_unlock(d);
503
skb_queue_purge(&d->tx_queue);
504
rfcomm_dlc_unlink(d);
510
int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
516
r = __rfcomm_dlc_close(d, err);
522
int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
526
if (d->state != BT_CONNECTED)
529
BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
534
rfcomm_make_uih(skb, d->addr);
535
skb_queue_tail(&d->tx_queue, skb);
537
if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
542
void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
544
BT_DBG("dlc %p state %ld", d, d->state);
547
d->v24_sig |= RFCOMM_V24_FC;
548
set_bit(RFCOMM_MSC_PENDING, &d->flags);
553
void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
555
BT_DBG("dlc %p state %ld", d, d->state);
558
d->v24_sig &= ~RFCOMM_V24_FC;
559
set_bit(RFCOMM_MSC_PENDING, &d->flags);
565
Set/get modem status functions use _local_ status i.e. what we report
567
Remote status is provided by dlc->modem_status() callback.
569
int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
571
BT_DBG("dlc %p state %ld v24_sig 0x%x",
572
d, d->state, v24_sig);
574
if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
575
v24_sig |= RFCOMM_V24_FC;
577
v24_sig &= ~RFCOMM_V24_FC;
579
d->v24_sig = v24_sig;
581
if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
587
int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
589
BT_DBG("dlc %p state %ld v24_sig 0x%x",
590
d, d->state, d->v24_sig);
592
*v24_sig = d->v24_sig;
596
/* ---- RFCOMM sessions ---- */
597
static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
599
struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
604
BT_DBG("session %p sock %p", s, sock);
606
setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
608
INIT_LIST_HEAD(&s->dlcs);
612
s->mtu = RFCOMM_DEFAULT_MTU;
613
s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
615
/* Do not increment module usage count for listening sessions.
616
* Otherwise we won't be able to unload the module. */
617
if (state != BT_LISTEN)
618
if (!try_module_get(THIS_MODULE)) {
623
list_add(&s->list, &session_list);
628
static void rfcomm_session_del(struct rfcomm_session *s)
630
int state = s->state;
632
BT_DBG("session %p state %ld", s, s->state);
636
if (state == BT_CONNECTED)
637
rfcomm_send_disc(s, 0);
639
rfcomm_session_clear_timer(s);
640
sock_release(s->sock);
643
if (state != BT_LISTEN)
644
module_put(THIS_MODULE);
647
static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
649
struct rfcomm_session *s;
650
struct list_head *p, *n;
652
list_for_each_safe(p, n, &session_list) {
653
s = list_entry(p, struct rfcomm_session, list);
654
sk = bt_sk(s->sock->sk);
656
if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
657
!bacmp(&sk->dst, dst))
663
static void rfcomm_session_close(struct rfcomm_session *s, int err)
665
struct rfcomm_dlc *d;
666
struct list_head *p, *n;
668
BT_DBG("session %p state %ld err %d", s, s->state, err);
670
rfcomm_session_hold(s);
672
s->state = BT_CLOSED;
675
list_for_each_safe(p, n, &s->dlcs) {
676
d = list_entry(p, struct rfcomm_dlc, list);
677
d->state = BT_CLOSED;
678
__rfcomm_dlc_close(d, err);
681
rfcomm_session_clear_timer(s);
682
rfcomm_session_put(s);
685
static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
690
struct rfcomm_session *s = NULL;
691
struct sockaddr_l2 addr;
695
BT_DBG("%s %s", batostr(src), batostr(dst));
697
*err = rfcomm_l2sock_create(&sock);
701
bacpy(&addr.l2_bdaddr, src);
702
addr.l2_family = AF_BLUETOOTH;
705
*err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
709
/* Set L2CAP options */
712
l2cap_pi(sk)->chan->imtu = l2cap_mtu;
713
l2cap_pi(sk)->chan->sec_level = sec_level;
715
l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
718
s = rfcomm_session_add(sock, BT_BOUND);
726
bacpy(&addr.l2_bdaddr, dst);
727
addr.l2_family = AF_BLUETOOTH;
728
addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
730
*err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
731
if (*err == 0 || *err == -EINPROGRESS)
734
rfcomm_session_del(s);
742
void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
744
struct sock *sk = s->sock->sk;
746
bacpy(src, &bt_sk(sk)->src);
748
bacpy(dst, &bt_sk(sk)->dst);
751
/* ---- RFCOMM frame sending ---- */
752
static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
754
struct socket *sock = s->sock;
755
struct kvec iv = { data, len };
758
BT_DBG("session %p len %d", s, len);
760
memset(&msg, 0, sizeof(msg));
762
return kernel_sendmsg(sock, &msg, &iv, 1, len);
765
static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
767
struct rfcomm_cmd cmd;
769
BT_DBG("%p dlci %d", s, dlci);
771
cmd.addr = __addr(s->initiator, dlci);
772
cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
774
cmd.fcs = __fcs2((u8 *) &cmd);
776
return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
779
static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
781
struct rfcomm_cmd cmd;
783
BT_DBG("%p dlci %d", s, dlci);
785
cmd.addr = __addr(!s->initiator, dlci);
786
cmd.ctrl = __ctrl(RFCOMM_UA, 1);
788
cmd.fcs = __fcs2((u8 *) &cmd);
790
return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
793
static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
795
struct rfcomm_cmd cmd;
797
BT_DBG("%p dlci %d", s, dlci);
799
cmd.addr = __addr(s->initiator, dlci);
800
cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
802
cmd.fcs = __fcs2((u8 *) &cmd);
804
return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
807
static int rfcomm_queue_disc(struct rfcomm_dlc *d)
809
struct rfcomm_cmd *cmd;
812
BT_DBG("dlc %p dlci %d", d, d->dlci);
814
skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
818
cmd = (void *) __skb_put(skb, sizeof(*cmd));
820
cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
821
cmd->len = __len8(0);
822
cmd->fcs = __fcs2((u8 *) cmd);
824
skb_queue_tail(&d->tx_queue, skb);
829
static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
831
struct rfcomm_cmd cmd;
833
BT_DBG("%p dlci %d", s, dlci);
835
cmd.addr = __addr(!s->initiator, dlci);
836
cmd.ctrl = __ctrl(RFCOMM_DM, 1);
838
cmd.fcs = __fcs2((u8 *) &cmd);
840
return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
843
static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
845
struct rfcomm_hdr *hdr;
846
struct rfcomm_mcc *mcc;
847
u8 buf[16], *ptr = buf;
849
BT_DBG("%p cr %d type %d", s, cr, type);
851
hdr = (void *) ptr; ptr += sizeof(*hdr);
852
hdr->addr = __addr(s->initiator, 0);
853
hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
854
hdr->len = __len8(sizeof(*mcc) + 1);
856
mcc = (void *) ptr; ptr += sizeof(*mcc);
857
mcc->type = __mcc_type(cr, RFCOMM_NSC);
858
mcc->len = __len8(1);
860
/* Type that we didn't like */
861
*ptr = __mcc_type(cr, type); ptr++;
863
*ptr = __fcs(buf); ptr++;
865
return rfcomm_send_frame(s, buf, ptr - buf);
868
static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
870
struct rfcomm_hdr *hdr;
871
struct rfcomm_mcc *mcc;
872
struct rfcomm_pn *pn;
873
u8 buf[16], *ptr = buf;
875
BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
877
hdr = (void *) ptr; ptr += sizeof(*hdr);
878
hdr->addr = __addr(s->initiator, 0);
879
hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
880
hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
882
mcc = (void *) ptr; ptr += sizeof(*mcc);
883
mcc->type = __mcc_type(cr, RFCOMM_PN);
884
mcc->len = __len8(sizeof(*pn));
886
pn = (void *) ptr; ptr += sizeof(*pn);
888
pn->priority = d->priority;
893
pn->flow_ctrl = cr ? 0xf0 : 0xe0;
894
pn->credits = RFCOMM_DEFAULT_CREDITS;
900
if (cr && channel_mtu >= 0)
901
pn->mtu = cpu_to_le16(channel_mtu);
903
pn->mtu = cpu_to_le16(d->mtu);
905
*ptr = __fcs(buf); ptr++;
907
return rfcomm_send_frame(s, buf, ptr - buf);
910
int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
911
u8 bit_rate, u8 data_bits, u8 stop_bits,
912
u8 parity, u8 flow_ctrl_settings,
913
u8 xon_char, u8 xoff_char, u16 param_mask)
915
struct rfcomm_hdr *hdr;
916
struct rfcomm_mcc *mcc;
917
struct rfcomm_rpn *rpn;
918
u8 buf[16], *ptr = buf;
920
BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
921
" flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
922
s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
923
flow_ctrl_settings, xon_char, xoff_char, param_mask);
925
hdr = (void *) ptr; ptr += sizeof(*hdr);
926
hdr->addr = __addr(s->initiator, 0);
927
hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
928
hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
930
mcc = (void *) ptr; ptr += sizeof(*mcc);
931
mcc->type = __mcc_type(cr, RFCOMM_RPN);
932
mcc->len = __len8(sizeof(*rpn));
934
rpn = (void *) ptr; ptr += sizeof(*rpn);
935
rpn->dlci = __addr(1, dlci);
936
rpn->bit_rate = bit_rate;
937
rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
938
rpn->flow_ctrl = flow_ctrl_settings;
939
rpn->xon_char = xon_char;
940
rpn->xoff_char = xoff_char;
941
rpn->param_mask = cpu_to_le16(param_mask);
943
*ptr = __fcs(buf); ptr++;
945
return rfcomm_send_frame(s, buf, ptr - buf);
948
static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
950
struct rfcomm_hdr *hdr;
951
struct rfcomm_mcc *mcc;
952
struct rfcomm_rls *rls;
953
u8 buf[16], *ptr = buf;
955
BT_DBG("%p cr %d status 0x%x", s, cr, status);
957
hdr = (void *) ptr; ptr += sizeof(*hdr);
958
hdr->addr = __addr(s->initiator, 0);
959
hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
960
hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
962
mcc = (void *) ptr; ptr += sizeof(*mcc);
963
mcc->type = __mcc_type(cr, RFCOMM_RLS);
964
mcc->len = __len8(sizeof(*rls));
966
rls = (void *) ptr; ptr += sizeof(*rls);
967
rls->dlci = __addr(1, dlci);
968
rls->status = status;
970
*ptr = __fcs(buf); ptr++;
972
return rfcomm_send_frame(s, buf, ptr - buf);
975
static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
977
struct rfcomm_hdr *hdr;
978
struct rfcomm_mcc *mcc;
979
struct rfcomm_msc *msc;
980
u8 buf[16], *ptr = buf;
982
BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
984
hdr = (void *) ptr; ptr += sizeof(*hdr);
985
hdr->addr = __addr(s->initiator, 0);
986
hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
987
hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
989
mcc = (void *) ptr; ptr += sizeof(*mcc);
990
mcc->type = __mcc_type(cr, RFCOMM_MSC);
991
mcc->len = __len8(sizeof(*msc));
993
msc = (void *) ptr; ptr += sizeof(*msc);
994
msc->dlci = __addr(1, dlci);
995
msc->v24_sig = v24_sig | 0x01;
997
*ptr = __fcs(buf); ptr++;
999
return rfcomm_send_frame(s, buf, ptr - buf);
1002
static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
1004
struct rfcomm_hdr *hdr;
1005
struct rfcomm_mcc *mcc;
1006
u8 buf[16], *ptr = buf;
1008
BT_DBG("%p cr %d", s, cr);
1010
hdr = (void *) ptr; ptr += sizeof(*hdr);
1011
hdr->addr = __addr(s->initiator, 0);
1012
hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1013
hdr->len = __len8(sizeof(*mcc));
1015
mcc = (void *) ptr; ptr += sizeof(*mcc);
1016
mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1017
mcc->len = __len8(0);
1019
*ptr = __fcs(buf); ptr++;
1021
return rfcomm_send_frame(s, buf, ptr - buf);
1024
static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1026
struct rfcomm_hdr *hdr;
1027
struct rfcomm_mcc *mcc;
1028
u8 buf[16], *ptr = buf;
1030
BT_DBG("%p cr %d", s, cr);
1032
hdr = (void *) ptr; ptr += sizeof(*hdr);
1033
hdr->addr = __addr(s->initiator, 0);
1034
hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1035
hdr->len = __len8(sizeof(*mcc));
1037
mcc = (void *) ptr; ptr += sizeof(*mcc);
1038
mcc->type = __mcc_type(cr, RFCOMM_FCON);
1039
mcc->len = __len8(0);
1041
*ptr = __fcs(buf); ptr++;
1043
return rfcomm_send_frame(s, buf, ptr - buf);
1046
static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1048
struct socket *sock = s->sock;
1051
unsigned char hdr[5], crc[1];
1056
BT_DBG("%p cr %d", s, cr);
1058
hdr[0] = __addr(s->initiator, 0);
1059
hdr[1] = __ctrl(RFCOMM_UIH, 0);
1060
hdr[2] = 0x01 | ((len + 2) << 1);
1061
hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1062
hdr[4] = 0x01 | (len << 1);
1064
crc[0] = __fcs(hdr);
1066
iv[0].iov_base = hdr;
1068
iv[1].iov_base = pattern;
1069
iv[1].iov_len = len;
1070
iv[2].iov_base = crc;
1073
memset(&msg, 0, sizeof(msg));
1075
return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1078
static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1080
struct rfcomm_hdr *hdr;
1081
u8 buf[16], *ptr = buf;
1083
BT_DBG("%p addr %d credits %d", s, addr, credits);
1085
hdr = (void *) ptr; ptr += sizeof(*hdr);
1087
hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1088
hdr->len = __len8(0);
1090
*ptr = credits; ptr++;
1092
*ptr = __fcs(buf); ptr++;
1094
return rfcomm_send_frame(s, buf, ptr - buf);
1097
static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1099
struct rfcomm_hdr *hdr;
1104
hdr = (void *) skb_push(skb, 4);
1105
put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1107
hdr = (void *) skb_push(skb, 3);
1108
hdr->len = __len8(len);
1111
hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1113
crc = skb_put(skb, 1);
1114
*crc = __fcs((void *) hdr);
1117
/* ---- RFCOMM frame reception ---- */
1118
static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1120
BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1124
struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1126
rfcomm_send_dm(s, dlci);
1132
rfcomm_dlc_clear_timer(d);
1135
d->state = BT_CONNECTED;
1136
d->state_change(d, 0);
1137
rfcomm_dlc_unlock(d);
1139
rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1143
d->state = BT_CLOSED;
1144
__rfcomm_dlc_close(d, 0);
1146
if (list_empty(&s->dlcs)) {
1147
s->state = BT_DISCONN;
1148
rfcomm_send_disc(s, 0);
1149
rfcomm_session_clear_timer(s);
1155
/* Control channel */
1158
s->state = BT_CONNECTED;
1159
rfcomm_process_connect(s);
1163
/* When socket is closed and we are not RFCOMM
1164
* initiator rfcomm_process_rx already calls
1165
* rfcomm_session_put() */
1166
if (s->sock->sk->sk_state != BT_CLOSED)
1167
if (list_empty(&s->dlcs))
1168
rfcomm_session_put(s);
1175
static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1179
BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1183
struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1185
if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1190
d->state = BT_CLOSED;
1191
__rfcomm_dlc_close(d, err);
1194
if (s->state == BT_CONNECT)
1199
s->state = BT_CLOSED;
1200
rfcomm_session_close(s, err);
1205
static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1209
BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1212
struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1214
rfcomm_send_ua(s, dlci);
1216
if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1221
d->state = BT_CLOSED;
1222
__rfcomm_dlc_close(d, err);
1224
rfcomm_send_dm(s, dlci);
1227
rfcomm_send_ua(s, 0);
1229
if (s->state == BT_CONNECT)
1234
s->state = BT_CLOSED;
1235
rfcomm_session_close(s, err);
1241
void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1243
struct sock *sk = d->session->sock->sk;
1244
struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1246
BT_DBG("dlc %p", d);
1248
rfcomm_send_ua(d->session, d->dlci);
1250
rfcomm_dlc_clear_timer(d);
1253
d->state = BT_CONNECTED;
1254
d->state_change(d, 0);
1255
rfcomm_dlc_unlock(d);
1258
hci_conn_switch_role(conn->hcon, 0x00);
1260
rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1263
static void rfcomm_check_accept(struct rfcomm_dlc *d)
1265
if (rfcomm_check_security(d)) {
1266
if (d->defer_setup) {
1267
set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1268
rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1271
d->state = BT_CONNECT2;
1272
d->state_change(d, 0);
1273
rfcomm_dlc_unlock(d);
1275
rfcomm_dlc_accept(d);
1277
set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1278
rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1282
static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1284
struct rfcomm_dlc *d;
1287
BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1290
rfcomm_send_ua(s, 0);
1292
if (s->state == BT_OPEN) {
1293
s->state = BT_CONNECTED;
1294
rfcomm_process_connect(s);
1299
/* Check if DLC exists */
1300
d = rfcomm_dlc_get(s, dlci);
1302
if (d->state == BT_OPEN) {
1303
/* DLC was previously opened by PN request */
1304
rfcomm_check_accept(d);
1309
/* Notify socket layer about incoming connection */
1310
channel = __srv_channel(dlci);
1311
if (rfcomm_connect_ind(s, channel, &d)) {
1313
d->addr = __addr(s->initiator, dlci);
1314
rfcomm_dlc_link(s, d);
1316
rfcomm_check_accept(d);
1318
rfcomm_send_dm(s, dlci);
1324
static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1326
struct rfcomm_session *s = d->session;
1328
BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1329
d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1331
if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1332
pn->flow_ctrl == 0xe0) {
1333
d->cfc = RFCOMM_CFC_ENABLED;
1334
d->tx_credits = pn->credits;
1336
d->cfc = RFCOMM_CFC_DISABLED;
1337
set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1340
if (s->cfc == RFCOMM_CFC_UNKNOWN)
1343
d->priority = pn->priority;
1345
d->mtu = __le16_to_cpu(pn->mtu);
1347
if (cr && d->mtu > s->mtu)
1353
static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1355
struct rfcomm_pn *pn = (void *) skb->data;
1356
struct rfcomm_dlc *d;
1359
BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1364
d = rfcomm_dlc_get(s, dlci);
1368
rfcomm_apply_pn(d, cr, pn);
1369
rfcomm_send_pn(s, 0, d);
1374
rfcomm_apply_pn(d, cr, pn);
1376
d->state = BT_CONNECT;
1377
rfcomm_send_sabm(s, d->dlci);
1382
u8 channel = __srv_channel(dlci);
1387
/* PN request for non existing DLC.
1388
* Assume incoming connection. */
1389
if (rfcomm_connect_ind(s, channel, &d)) {
1391
d->addr = __addr(s->initiator, dlci);
1392
rfcomm_dlc_link(s, d);
1394
rfcomm_apply_pn(d, cr, pn);
1397
rfcomm_send_pn(s, 0, d);
1399
rfcomm_send_dm(s, dlci);
1405
static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1407
struct rfcomm_rpn *rpn = (void *) skb->data;
1408
u8 dlci = __get_dlci(rpn->dlci);
1417
u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1419
BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1420
dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1421
rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1427
/* This is a request, return default (according to ETSI TS 07.10) settings */
1428
bit_rate = RFCOMM_RPN_BR_9600;
1429
data_bits = RFCOMM_RPN_DATA_8;
1430
stop_bits = RFCOMM_RPN_STOP_1;
1431
parity = RFCOMM_RPN_PARITY_NONE;
1432
flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1433
xon_char = RFCOMM_RPN_XON_CHAR;
1434
xoff_char = RFCOMM_RPN_XOFF_CHAR;
1438
/* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1439
* no parity, no flow control lines, normal XON/XOFF chars */
1441
if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1442
bit_rate = rpn->bit_rate;
1443
if (bit_rate > RFCOMM_RPN_BR_230400) {
1444
BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1445
bit_rate = RFCOMM_RPN_BR_9600;
1446
rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1450
if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1451
data_bits = __get_rpn_data_bits(rpn->line_settings);
1452
if (data_bits != RFCOMM_RPN_DATA_8) {
1453
BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1454
data_bits = RFCOMM_RPN_DATA_8;
1455
rpn_mask ^= RFCOMM_RPN_PM_DATA;
1459
if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1460
stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1461
if (stop_bits != RFCOMM_RPN_STOP_1) {
1462
BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1463
stop_bits = RFCOMM_RPN_STOP_1;
1464
rpn_mask ^= RFCOMM_RPN_PM_STOP;
1468
if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1469
parity = __get_rpn_parity(rpn->line_settings);
1470
if (parity != RFCOMM_RPN_PARITY_NONE) {
1471
BT_DBG("RPN parity mismatch 0x%x", parity);
1472
parity = RFCOMM_RPN_PARITY_NONE;
1473
rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1477
if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1478
flow_ctrl = rpn->flow_ctrl;
1479
if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1480
BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1481
flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1482
rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1486
if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1487
xon_char = rpn->xon_char;
1488
if (xon_char != RFCOMM_RPN_XON_CHAR) {
1489
BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1490
xon_char = RFCOMM_RPN_XON_CHAR;
1491
rpn_mask ^= RFCOMM_RPN_PM_XON;
1495
if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1496
xoff_char = rpn->xoff_char;
1497
if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1498
BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1499
xoff_char = RFCOMM_RPN_XOFF_CHAR;
1500
rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1505
rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1506
parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1511
static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1513
struct rfcomm_rls *rls = (void *) skb->data;
1514
u8 dlci = __get_dlci(rls->dlci);
1516
BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1521
/* We should probably do something with this information here. But
1522
* for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1523
* mandatory to recognise and respond to RLS */
1525
rfcomm_send_rls(s, 0, dlci, rls->status);
1530
static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1532
struct rfcomm_msc *msc = (void *) skb->data;
1533
struct rfcomm_dlc *d;
1534
u8 dlci = __get_dlci(msc->dlci);
1536
BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1538
d = rfcomm_dlc_get(s, dlci);
1543
if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1544
set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1546
clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1550
d->remote_v24_sig = msc->v24_sig;
1552
if (d->modem_status)
1553
d->modem_status(d, msc->v24_sig);
1555
rfcomm_dlc_unlock(d);
1557
rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1559
d->mscex |= RFCOMM_MSCEX_RX;
1561
d->mscex |= RFCOMM_MSCEX_TX;
1566
static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1568
struct rfcomm_mcc *mcc = (void *) skb->data;
1571
cr = __test_cr(mcc->type);
1572
type = __get_mcc_type(mcc->type);
1573
len = __get_mcc_len(mcc->len);
1575
BT_DBG("%p type 0x%x cr %d", s, type, cr);
1581
rfcomm_recv_pn(s, cr, skb);
1585
rfcomm_recv_rpn(s, cr, len, skb);
1589
rfcomm_recv_rls(s, cr, skb);
1593
rfcomm_recv_msc(s, cr, skb);
1598
set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1599
rfcomm_send_fcoff(s, 0);
1605
clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1606
rfcomm_send_fcon(s, 0);
1612
rfcomm_send_test(s, 0, skb->data, skb->len);
1619
BT_ERR("Unknown control type 0x%02x", type);
1620
rfcomm_send_nsc(s, cr, type);
1626
static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1628
struct rfcomm_dlc *d;
1630
BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1632
d = rfcomm_dlc_get(s, dlci);
1634
rfcomm_send_dm(s, dlci);
1639
u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1641
d->tx_credits += credits;
1643
clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1646
if (skb->len && d->state == BT_CONNECTED) {
1649
d->data_ready(d, skb);
1650
rfcomm_dlc_unlock(d);
1659
static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1661
struct rfcomm_hdr *hdr = (void *) skb->data;
1664
dlci = __get_dlci(hdr->addr);
1665
type = __get_type(hdr->ctrl);
1668
skb->len--; skb->tail--;
1669
fcs = *(u8 *)skb_tail_pointer(skb);
1671
if (__check_fcs(skb->data, type, fcs)) {
1672
BT_ERR("bad checksum in packet");
1677
if (__test_ea(hdr->len))
1684
if (__test_pf(hdr->ctrl))
1685
rfcomm_recv_sabm(s, dlci);
1689
if (__test_pf(hdr->ctrl))
1690
rfcomm_recv_disc(s, dlci);
1694
if (__test_pf(hdr->ctrl))
1695
rfcomm_recv_ua(s, dlci);
1699
rfcomm_recv_dm(s, dlci);
1704
return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1706
rfcomm_recv_mcc(s, skb);
1710
BT_ERR("Unknown packet type 0x%02x", type);
1717
/* ---- Connection and data processing ---- */
1719
static void rfcomm_process_connect(struct rfcomm_session *s)
1721
struct rfcomm_dlc *d;
1722
struct list_head *p, *n;
1724
BT_DBG("session %p state %ld", s, s->state);
1726
list_for_each_safe(p, n, &s->dlcs) {
1727
d = list_entry(p, struct rfcomm_dlc, list);
1728
if (d->state == BT_CONFIG) {
1730
if (rfcomm_check_security(d)) {
1731
rfcomm_send_pn(s, 1, d);
1733
set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1734
rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1740
/* Send data queued for the DLC.
1741
* Return number of frames left in the queue.
1743
static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1745
struct sk_buff *skb;
1748
BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1749
d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1751
/* Send pending MSC */
1752
if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1753
rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1757
* Give them some credits */
1758
if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1759
d->rx_credits <= (d->cfc >> 2)) {
1760
rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1761
d->rx_credits = d->cfc;
1765
* Give ourselves some credits */
1769
if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1770
return skb_queue_len(&d->tx_queue);
1772
while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1773
err = rfcomm_send_frame(d->session, skb->data, skb->len);
1775
skb_queue_head(&d->tx_queue, skb);
1782
if (d->cfc && !d->tx_credits) {
1783
/* We're out of TX credits.
1784
* Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1785
set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1788
return skb_queue_len(&d->tx_queue);
1791
static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1793
struct rfcomm_dlc *d;
1794
struct list_head *p, *n;
1796
BT_DBG("session %p state %ld", s, s->state);
1798
list_for_each_safe(p, n, &s->dlcs) {
1799
d = list_entry(p, struct rfcomm_dlc, list);
1801
if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1802
__rfcomm_dlc_close(d, ETIMEDOUT);
1806
if (test_bit(RFCOMM_ENC_DROP, &d->flags)) {
1807
__rfcomm_dlc_close(d, ECONNREFUSED);
1811
if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1812
rfcomm_dlc_clear_timer(d);
1814
rfcomm_send_pn(s, 1, d);
1815
rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1817
if (d->defer_setup) {
1818
set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1819
rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1822
d->state = BT_CONNECT2;
1823
d->state_change(d, 0);
1824
rfcomm_dlc_unlock(d);
1826
rfcomm_dlc_accept(d);
1829
} else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1830
rfcomm_dlc_clear_timer(d);
1832
rfcomm_send_dm(s, d->dlci);
1834
d->state = BT_CLOSED;
1835
__rfcomm_dlc_close(d, ECONNREFUSED);
1839
if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1842
if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1845
if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1846
d->mscex == RFCOMM_MSCEX_OK)
1847
rfcomm_process_tx(d);
1851
static inline void rfcomm_process_rx(struct rfcomm_session *s)
1853
struct socket *sock = s->sock;
1854
struct sock *sk = sock->sk;
1855
struct sk_buff *skb;
1857
BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1859
/* Get data directly from socket receive queue without copying it. */
1860
while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1862
if (!skb_linearize(skb))
1863
rfcomm_recv_frame(s, skb);
1868
if (sk->sk_state == BT_CLOSED) {
1870
rfcomm_session_put(s);
1872
rfcomm_session_close(s, sk->sk_err);
1876
static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1878
struct socket *sock = s->sock, *nsock;
1881
/* Fast check for a new connection.
1882
* Avoids unnesesary socket allocations. */
1883
if (list_empty(&bt_sk(sock->sk)->accept_q))
1886
BT_DBG("session %p", s);
1888
err = kernel_accept(sock, &nsock, O_NONBLOCK);
1892
/* Set our callbacks */
1893
nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1894
nsock->sk->sk_state_change = rfcomm_l2state_change;
1896
s = rfcomm_session_add(nsock, BT_OPEN);
1898
rfcomm_session_hold(s);
1900
/* We should adjust MTU on incoming sessions.
1901
* L2CAP MTU minus UIH header and FCS. */
1902
s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1903
l2cap_pi(nsock->sk)->chan->imtu) - 5;
1907
sock_release(nsock);
1910
static inline void rfcomm_check_connection(struct rfcomm_session *s)
1912
struct sock *sk = s->sock->sk;
1914
BT_DBG("%p state %ld", s, s->state);
1916
switch (sk->sk_state) {
1918
s->state = BT_CONNECT;
1920
/* We can adjust MTU on outgoing sessions.
1921
* L2CAP MTU minus UIH header and FCS. */
1922
s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
1924
rfcomm_send_sabm(s, 0);
1928
s->state = BT_CLOSED;
1929
rfcomm_session_close(s, sk->sk_err);
1934
static inline void rfcomm_process_sessions(void)
1936
struct list_head *p, *n;
1940
list_for_each_safe(p, n, &session_list) {
1941
struct rfcomm_session *s;
1942
s = list_entry(p, struct rfcomm_session, list);
1944
if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1945
s->state = BT_DISCONN;
1946
rfcomm_send_disc(s, 0);
1947
rfcomm_session_put(s);
1951
if (s->state == BT_LISTEN) {
1952
rfcomm_accept_connection(s);
1956
rfcomm_session_hold(s);
1960
rfcomm_check_connection(s);
1964
rfcomm_process_rx(s);
1968
rfcomm_process_dlcs(s);
1970
rfcomm_session_put(s);
1976
static int rfcomm_add_listener(bdaddr_t *ba)
1978
struct sockaddr_l2 addr;
1979
struct socket *sock;
1981
struct rfcomm_session *s;
1985
err = rfcomm_l2sock_create(&sock);
1987
BT_ERR("Create socket failed %d", err);
1992
bacpy(&addr.l2_bdaddr, ba);
1993
addr.l2_family = AF_BLUETOOTH;
1994
addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
1996
err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1998
BT_ERR("Bind failed %d", err);
2002
/* Set L2CAP options */
2005
l2cap_pi(sk)->chan->imtu = l2cap_mtu;
2008
/* Start listening on the socket */
2009
err = kernel_listen(sock, 10);
2011
BT_ERR("Listen failed %d", err);
2015
/* Add listening session */
2016
s = rfcomm_session_add(sock, BT_LISTEN);
2020
rfcomm_session_hold(s);
2027
static void rfcomm_kill_listener(void)
2029
struct rfcomm_session *s;
2030
struct list_head *p, *n;
2034
list_for_each_safe(p, n, &session_list) {
2035
s = list_entry(p, struct rfcomm_session, list);
2036
rfcomm_session_del(s);
2040
static int rfcomm_run(void *unused)
2044
set_user_nice(current, -10);
2046
rfcomm_add_listener(BDADDR_ANY);
2049
set_current_state(TASK_INTERRUPTIBLE);
2051
if (kthread_should_stop())
2055
rfcomm_process_sessions();
2059
__set_current_state(TASK_RUNNING);
2061
rfcomm_kill_listener();
2066
static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2068
struct rfcomm_session *s;
2069
struct rfcomm_dlc *d;
2070
struct list_head *p, *n;
2072
BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2074
s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2078
rfcomm_session_hold(s);
2080
list_for_each_safe(p, n, &s->dlcs) {
2081
d = list_entry(p, struct rfcomm_dlc, list);
2083
if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2084
rfcomm_dlc_clear_timer(d);
2085
if (status || encrypt == 0x00) {
2086
set_bit(RFCOMM_ENC_DROP, &d->flags);
2091
if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2092
if (d->sec_level == BT_SECURITY_MEDIUM) {
2093
set_bit(RFCOMM_SEC_PENDING, &d->flags);
2094
rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2096
} else if (d->sec_level == BT_SECURITY_HIGH) {
2097
set_bit(RFCOMM_ENC_DROP, &d->flags);
2102
if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2105
if (!status && hci_conn_check_secure(conn, d->sec_level))
2106
set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2108
set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2111
rfcomm_session_put(s);
2116
static struct hci_cb rfcomm_cb = {
2118
.security_cfm = rfcomm_security_cfm
2121
static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2123
struct rfcomm_session *s;
2124
struct list_head *pp, *p;
2128
list_for_each(p, &session_list) {
2129
s = list_entry(p, struct rfcomm_session, list);
2130
list_for_each(pp, &s->dlcs) {
2131
struct sock *sk = s->sock->sk;
2132
struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
2134
seq_printf(f, "%s %s %ld %d %d %d %d\n",
2135
batostr(&bt_sk(sk)->src),
2136
batostr(&bt_sk(sk)->dst),
2137
d->state, d->dlci, d->mtu,
2138
d->rx_credits, d->tx_credits);
2147
static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file)
2149
return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private);
2152
static const struct file_operations rfcomm_dlc_debugfs_fops = {
2153
.open = rfcomm_dlc_debugfs_open,
2155
.llseek = seq_lseek,
2156
.release = single_release,
2159
static struct dentry *rfcomm_dlc_debugfs;
2161
/* ---- Initialization ---- */
2162
static int __init rfcomm_init(void)
2166
hci_register_cb(&rfcomm_cb);
2168
rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2169
if (IS_ERR(rfcomm_thread)) {
2170
err = PTR_ERR(rfcomm_thread);
2175
rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2176
bt_debugfs, NULL, &rfcomm_dlc_debugfs_fops);
2177
if (!rfcomm_dlc_debugfs)
2178
BT_ERR("Failed to create RFCOMM debug file");
2181
err = rfcomm_init_ttys();
2185
err = rfcomm_init_sockets();
2189
BT_INFO("RFCOMM ver %s", VERSION);
2194
rfcomm_cleanup_ttys();
2197
kthread_stop(rfcomm_thread);
2200
hci_unregister_cb(&rfcomm_cb);
2205
static void __exit rfcomm_exit(void)
2207
debugfs_remove(rfcomm_dlc_debugfs);
2209
hci_unregister_cb(&rfcomm_cb);
2211
kthread_stop(rfcomm_thread);
2213
rfcomm_cleanup_ttys();
2215
rfcomm_cleanup_sockets();
2218
module_init(rfcomm_init);
2219
module_exit(rfcomm_exit);
2221
module_param(disable_cfc, bool, 0644);
2222
MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2224
module_param(channel_mtu, int, 0644);
2225
MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2227
module_param(l2cap_mtu, uint, 0644);
2228
MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2230
module_param(l2cap_ertm, bool, 0644);
2231
MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2233
MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2234
MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2235
MODULE_VERSION(VERSION);
2236
MODULE_LICENSE("GPL");
2237
MODULE_ALIAS("bt-proto-3");