2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
28 #include <linux/module.h>
29 #include <linux/debugfs.h>
30 #include <linux/kthread.h>
31 #include <asm/unaligned.h>
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35 #include <net/bluetooth/l2cap.h>
36 #include <net/bluetooth/rfcomm.h>
38 #define VERSION "1.11"
40 static bool disable_cfc;
41 static bool l2cap_ertm;
42 static int channel_mtu = -1;
43 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
45 static struct task_struct *rfcomm_thread;
47 static DEFINE_MUTEX(rfcomm_mutex);
48 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
49 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
52 static LIST_HEAD(session_list);
54 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
55 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
56 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
57 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
58 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
59 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
60 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
61 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
62 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
63 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
65 static void rfcomm_process_connect(struct rfcomm_session *s);
67 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
71 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
72 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s);
74 /* ---- RFCOMM frame parsing macros ---- */
75 #define __get_dlci(b) ((b & 0xfc) >> 2)
76 #define __get_channel(b) ((b & 0xf8) >> 3)
77 #define __get_dir(b) ((b & 0x04) >> 2)
78 #define __get_type(b) ((b & 0xef))
80 #define __test_ea(b) ((b & 0x01))
81 #define __test_cr(b) (!!(b & 0x02))
82 #define __test_pf(b) (!!(b & 0x10))
84 #define __session_dir(s) ((s)->initiator ? 0x00 : 0x01)
86 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
87 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
88 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
89 #define __srv_channel(dlci) (dlci >> 1)
90 #define __dir(dlci) (dlci & 0x01)
92 #define __len8(len) (((len) << 1) | 1)
93 #define __len16(len) ((len) << 1)
96 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
97 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
98 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
101 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
102 #define __get_rpn_data_bits(line) ((line) & 0x3)
103 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
104 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
106 static DECLARE_WAIT_QUEUE_HEAD(rfcomm_wq);
108 static void rfcomm_schedule(void)
110 wake_up_all(&rfcomm_wq);
113 /* ---- RFCOMM FCS computation ---- */
115 /* reversed, 8-bit, poly=0x07 */
116 static unsigned char rfcomm_crc_table[256] = {
117 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
118 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
119 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
120 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
122 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
123 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
124 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
125 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
127 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
128 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
129 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
130 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
132 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
133 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
134 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
135 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
137 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
138 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
139 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
140 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
142 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
143 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
144 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
145 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
147 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
148 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
149 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
150 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
152 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
153 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
154 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
155 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
159 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
162 static inline u8 __fcs(u8 *data)
164 return 0xff - __crc(data);
168 static inline u8 __fcs2(u8 *data)
170 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
174 static inline int __check_fcs(u8 *data, int type, u8 fcs)
178 if (type != RFCOMM_UIH)
179 f = rfcomm_crc_table[f ^ data[2]];
181 return rfcomm_crc_table[f ^ fcs] != 0xcf;
184 /* ---- L2CAP callbacks ---- */
185 static void rfcomm_l2state_change(struct sock *sk)
187 BT_DBG("%p state %d", sk, sk->sk_state);
191 static void rfcomm_l2data_ready(struct sock *sk)
197 static int rfcomm_l2sock_create(struct socket **sock)
203 err = sock_create_kern(&init_net, PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
205 struct sock *sk = (*sock)->sk;
206 sk->sk_data_ready = rfcomm_l2data_ready;
207 sk->sk_state_change = rfcomm_l2state_change;
212 static int rfcomm_check_security(struct rfcomm_dlc *d)
214 struct sock *sk = d->session->sock->sk;
215 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
219 switch (d->sec_level) {
220 case BT_SECURITY_HIGH:
221 case BT_SECURITY_FIPS:
222 auth_type = HCI_AT_GENERAL_BONDING_MITM;
224 case BT_SECURITY_MEDIUM:
225 auth_type = HCI_AT_GENERAL_BONDING;
228 auth_type = HCI_AT_NO_BONDING;
232 return hci_conn_security(conn->hcon, d->sec_level, auth_type,
236 static void rfcomm_session_timeout(unsigned long arg)
238 struct rfcomm_session *s = (void *) arg;
240 BT_DBG("session %p state %ld", s, s->state);
242 set_bit(RFCOMM_TIMED_OUT, &s->flags);
246 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
248 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
250 mod_timer(&s->timer, jiffies + timeout);
253 static void rfcomm_session_clear_timer(struct rfcomm_session *s)
255 BT_DBG("session %p state %ld", s, s->state);
257 del_timer_sync(&s->timer);
260 /* ---- RFCOMM DLCs ---- */
261 static void rfcomm_dlc_timeout(unsigned long arg)
263 struct rfcomm_dlc *d = (void *) arg;
265 BT_DBG("dlc %p state %ld", d, d->state);
267 set_bit(RFCOMM_TIMED_OUT, &d->flags);
272 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
274 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
276 if (!mod_timer(&d->timer, jiffies + timeout))
280 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
282 BT_DBG("dlc %p state %ld", d, d->state);
284 if (del_timer(&d->timer))
288 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
295 d->sec_level = BT_SECURITY_LOW;
296 d->mtu = RFCOMM_DEFAULT_MTU;
297 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
299 d->cfc = RFCOMM_CFC_DISABLED;
300 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
303 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
305 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
310 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
312 skb_queue_head_init(&d->tx_queue);
313 mutex_init(&d->lock);
314 refcount_set(&d->refcnt, 1);
316 rfcomm_dlc_clear_state(d);
323 void rfcomm_dlc_free(struct rfcomm_dlc *d)
327 skb_queue_purge(&d->tx_queue);
331 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
333 BT_DBG("dlc %p session %p", d, s);
335 rfcomm_session_clear_timer(s);
337 list_add(&d->list, &s->dlcs);
341 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
343 struct rfcomm_session *s = d->session;
345 BT_DBG("dlc %p refcnt %d session %p", d, refcount_read(&d->refcnt), s);
351 if (list_empty(&s->dlcs))
352 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
355 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
357 struct rfcomm_dlc *d;
359 list_for_each_entry(d, &s->dlcs, list)
366 static int rfcomm_check_channel(u8 channel)
368 return channel < 1 || channel > 30;
371 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
373 struct rfcomm_session *s;
377 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d",
378 d, d->state, src, dst, channel);
380 if (rfcomm_check_channel(channel))
383 if (d->state != BT_OPEN && d->state != BT_CLOSED)
386 s = rfcomm_session_get(src, dst);
388 s = rfcomm_session_create(src, dst, d->sec_level, &err);
393 dlci = __dlci(__session_dir(s), channel);
395 /* Check if DLCI already exists */
396 if (rfcomm_dlc_get(s, dlci))
399 rfcomm_dlc_clear_state(d);
402 d->addr = __addr(s->initiator, dlci);
405 d->state = BT_CONFIG;
406 rfcomm_dlc_link(s, d);
411 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
413 if (s->state == BT_CONNECTED) {
414 if (rfcomm_check_security(d))
415 rfcomm_send_pn(s, 1, d);
417 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
420 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
425 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
431 r = __rfcomm_dlc_open(d, src, dst, channel);
437 static void __rfcomm_dlc_disconn(struct rfcomm_dlc *d)
439 struct rfcomm_session *s = d->session;
441 d->state = BT_DISCONN;
442 if (skb_queue_empty(&d->tx_queue)) {
443 rfcomm_send_disc(s, d->dlci);
444 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
446 rfcomm_queue_disc(d);
447 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
451 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
453 struct rfcomm_session *s = d->session;
457 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
458 d, d->state, d->dlci, err, s);
465 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
466 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
475 __rfcomm_dlc_disconn(d);
479 if (s->state != BT_BOUND) {
480 __rfcomm_dlc_disconn(d);
483 /* if closing a dlc in a session that hasn't been started,
484 * just close and unlink the dlc
488 rfcomm_dlc_clear_timer(d);
491 d->state = BT_CLOSED;
492 d->state_change(d, err);
493 rfcomm_dlc_unlock(d);
495 skb_queue_purge(&d->tx_queue);
496 rfcomm_dlc_unlink(d);
502 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
505 struct rfcomm_dlc *d_list;
506 struct rfcomm_session *s, *s_list;
508 BT_DBG("dlc %p state %ld dlci %d err %d", d, d->state, d->dlci, err);
516 /* after waiting on the mutex check the session still exists
517 * then check the dlc still exists
519 list_for_each_entry(s_list, &session_list, list) {
521 list_for_each_entry(d_list, &s->dlcs, list) {
523 r = __rfcomm_dlc_close(d, err);
536 struct rfcomm_dlc *rfcomm_dlc_exists(bdaddr_t *src, bdaddr_t *dst, u8 channel)
538 struct rfcomm_session *s;
539 struct rfcomm_dlc *dlc = NULL;
542 if (rfcomm_check_channel(channel))
543 return ERR_PTR(-EINVAL);
546 s = rfcomm_session_get(src, dst);
548 dlci = __dlci(__session_dir(s), channel);
549 dlc = rfcomm_dlc_get(s, dlci);
555 static int rfcomm_dlc_send_frag(struct rfcomm_dlc *d, struct sk_buff *frag)
559 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
564 rfcomm_make_uih(frag, d->addr);
565 __skb_queue_tail(&d->tx_queue, frag);
570 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
573 struct sk_buff *frag, *next;
576 if (d->state != BT_CONNECTED)
579 frag = skb_shinfo(skb)->frag_list;
580 skb_shinfo(skb)->frag_list = NULL;
582 /* Queue all fragments atomically. */
583 spin_lock_irqsave(&d->tx_queue.lock, flags);
585 len = rfcomm_dlc_send_frag(d, skb);
586 if (len < 0 || !frag)
589 for (; frag; frag = next) {
594 ret = rfcomm_dlc_send_frag(d, frag);
596 dev_kfree_skb_irq(frag);
604 spin_unlock_irqrestore(&d->tx_queue.lock, flags);
606 if (len > 0 && !test_bit(RFCOMM_TX_THROTTLED, &d->flags))
611 void rfcomm_dlc_send_noerror(struct rfcomm_dlc *d, struct sk_buff *skb)
615 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
617 rfcomm_make_uih(skb, d->addr);
618 skb_queue_tail(&d->tx_queue, skb);
620 if (d->state == BT_CONNECTED &&
621 !test_bit(RFCOMM_TX_THROTTLED, &d->flags))
625 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
627 BT_DBG("dlc %p state %ld", d, d->state);
630 d->v24_sig |= RFCOMM_V24_FC;
631 set_bit(RFCOMM_MSC_PENDING, &d->flags);
636 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
638 BT_DBG("dlc %p state %ld", d, d->state);
641 d->v24_sig &= ~RFCOMM_V24_FC;
642 set_bit(RFCOMM_MSC_PENDING, &d->flags);
648 Set/get modem status functions use _local_ status i.e. what we report
650 Remote status is provided by dlc->modem_status() callback.
652 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
654 BT_DBG("dlc %p state %ld v24_sig 0x%x",
655 d, d->state, v24_sig);
657 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
658 v24_sig |= RFCOMM_V24_FC;
660 v24_sig &= ~RFCOMM_V24_FC;
662 d->v24_sig = v24_sig;
664 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
670 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
672 BT_DBG("dlc %p state %ld v24_sig 0x%x",
673 d, d->state, d->v24_sig);
675 *v24_sig = d->v24_sig;
679 /* ---- RFCOMM sessions ---- */
680 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
682 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
687 BT_DBG("session %p sock %p", s, sock);
689 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
691 INIT_LIST_HEAD(&s->dlcs);
695 s->mtu = RFCOMM_DEFAULT_MTU;
696 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
698 /* Do not increment module usage count for listening sessions.
699 * Otherwise we won't be able to unload the module. */
700 if (state != BT_LISTEN)
701 if (!try_module_get(THIS_MODULE)) {
706 list_add(&s->list, &session_list);
711 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s)
713 int state = s->state;
715 BT_DBG("session %p state %ld", s, s->state);
719 rfcomm_session_clear_timer(s);
720 sock_release(s->sock);
723 if (state != BT_LISTEN)
724 module_put(THIS_MODULE);
729 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
731 struct rfcomm_session *s, *n;
732 struct l2cap_chan *chan;
733 list_for_each_entry_safe(s, n, &session_list, list) {
734 chan = l2cap_pi(s->sock->sk)->chan;
736 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&chan->src, src)) &&
737 !bacmp(&chan->dst, dst))
743 static struct rfcomm_session *rfcomm_session_close(struct rfcomm_session *s,
746 struct rfcomm_dlc *d, *n;
748 s->state = BT_CLOSED;
750 BT_DBG("session %p state %ld err %d", s, s->state, err);
753 list_for_each_entry_safe(d, n, &s->dlcs, list) {
754 d->state = BT_CLOSED;
755 __rfcomm_dlc_close(d, err);
758 rfcomm_session_clear_timer(s);
759 return rfcomm_session_del(s);
762 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
767 struct rfcomm_session *s = NULL;
768 struct sockaddr_l2 addr;
772 BT_DBG("%pMR -> %pMR", src, dst);
774 *err = rfcomm_l2sock_create(&sock);
778 bacpy(&addr.l2_bdaddr, src);
779 addr.l2_family = AF_BLUETOOTH;
782 addr.l2_bdaddr_type = BDADDR_BREDR;
783 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
787 /* Set L2CAP options */
790 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
791 l2cap_pi(sk)->chan->sec_level = sec_level;
793 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
796 s = rfcomm_session_add(sock, BT_BOUND);
804 bacpy(&addr.l2_bdaddr, dst);
805 addr.l2_family = AF_BLUETOOTH;
806 addr.l2_psm = cpu_to_le16(L2CAP_PSM_RFCOMM);
808 addr.l2_bdaddr_type = BDADDR_BREDR;
809 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
810 if (*err == 0 || *err == -EINPROGRESS)
813 return rfcomm_session_del(s);
820 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
822 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
824 bacpy(src, &chan->src);
826 bacpy(dst, &chan->dst);
829 /* ---- RFCOMM frame sending ---- */
830 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
832 struct kvec iv = { data, len };
835 BT_DBG("session %p len %d", s, len);
837 memset(&msg, 0, sizeof(msg));
839 return kernel_sendmsg(s->sock, &msg, &iv, 1, len);
842 static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd)
844 BT_DBG("%p cmd %u", s, cmd->ctrl);
846 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd));
849 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
851 struct rfcomm_cmd cmd;
853 BT_DBG("%p dlci %d", s, dlci);
855 cmd.addr = __addr(s->initiator, dlci);
856 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
858 cmd.fcs = __fcs2((u8 *) &cmd);
860 return rfcomm_send_cmd(s, &cmd);
863 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
865 struct rfcomm_cmd cmd;
867 BT_DBG("%p dlci %d", s, dlci);
869 cmd.addr = __addr(!s->initiator, dlci);
870 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
872 cmd.fcs = __fcs2((u8 *) &cmd);
874 return rfcomm_send_cmd(s, &cmd);
877 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
879 struct rfcomm_cmd cmd;
881 BT_DBG("%p dlci %d", s, dlci);
883 cmd.addr = __addr(s->initiator, dlci);
884 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
886 cmd.fcs = __fcs2((u8 *) &cmd);
888 return rfcomm_send_cmd(s, &cmd);
891 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
893 struct rfcomm_cmd *cmd;
896 BT_DBG("dlc %p dlci %d", d, d->dlci);
898 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
902 cmd = __skb_put(skb, sizeof(*cmd));
904 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
905 cmd->len = __len8(0);
906 cmd->fcs = __fcs2((u8 *) cmd);
908 skb_queue_tail(&d->tx_queue, skb);
913 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
915 struct rfcomm_cmd cmd;
917 BT_DBG("%p dlci %d", s, dlci);
919 cmd.addr = __addr(!s->initiator, dlci);
920 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
922 cmd.fcs = __fcs2((u8 *) &cmd);
924 return rfcomm_send_cmd(s, &cmd);
927 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
929 struct rfcomm_hdr *hdr;
930 struct rfcomm_mcc *mcc;
931 u8 buf[16], *ptr = buf;
933 BT_DBG("%p cr %d type %d", s, cr, type);
935 hdr = (void *) ptr; ptr += sizeof(*hdr);
936 hdr->addr = __addr(s->initiator, 0);
937 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
938 hdr->len = __len8(sizeof(*mcc) + 1);
940 mcc = (void *) ptr; ptr += sizeof(*mcc);
941 mcc->type = __mcc_type(0, RFCOMM_NSC);
942 mcc->len = __len8(1);
944 /* Type that we didn't like */
945 *ptr = __mcc_type(cr, type); ptr++;
947 *ptr = __fcs(buf); ptr++;
949 return rfcomm_send_frame(s, buf, ptr - buf);
952 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
954 struct rfcomm_hdr *hdr;
955 struct rfcomm_mcc *mcc;
956 struct rfcomm_pn *pn;
957 u8 buf[16], *ptr = buf;
959 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
961 hdr = (void *) ptr; ptr += sizeof(*hdr);
962 hdr->addr = __addr(s->initiator, 0);
963 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
964 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
966 mcc = (void *) ptr; ptr += sizeof(*mcc);
967 mcc->type = __mcc_type(cr, RFCOMM_PN);
968 mcc->len = __len8(sizeof(*pn));
970 pn = (void *) ptr; ptr += sizeof(*pn);
972 pn->priority = d->priority;
977 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
978 pn->credits = RFCOMM_DEFAULT_CREDITS;
984 if (cr && channel_mtu >= 0)
985 pn->mtu = cpu_to_le16(channel_mtu);
987 pn->mtu = cpu_to_le16(d->mtu);
989 *ptr = __fcs(buf); ptr++;
991 return rfcomm_send_frame(s, buf, ptr - buf);
994 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
995 u8 bit_rate, u8 data_bits, u8 stop_bits,
996 u8 parity, u8 flow_ctrl_settings,
997 u8 xon_char, u8 xoff_char, u16 param_mask)
999 struct rfcomm_hdr *hdr;
1000 struct rfcomm_mcc *mcc;
1001 struct rfcomm_rpn *rpn;
1002 u8 buf[16], *ptr = buf;
1004 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
1005 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
1006 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
1007 flow_ctrl_settings, xon_char, xoff_char, param_mask);
1009 hdr = (void *) ptr; ptr += sizeof(*hdr);
1010 hdr->addr = __addr(s->initiator, 0);
1011 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1012 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
1014 mcc = (void *) ptr; ptr += sizeof(*mcc);
1015 mcc->type = __mcc_type(cr, RFCOMM_RPN);
1016 mcc->len = __len8(sizeof(*rpn));
1018 rpn = (void *) ptr; ptr += sizeof(*rpn);
1019 rpn->dlci = __addr(1, dlci);
1020 rpn->bit_rate = bit_rate;
1021 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
1022 rpn->flow_ctrl = flow_ctrl_settings;
1023 rpn->xon_char = xon_char;
1024 rpn->xoff_char = xoff_char;
1025 rpn->param_mask = cpu_to_le16(param_mask);
1027 *ptr = __fcs(buf); ptr++;
1029 return rfcomm_send_frame(s, buf, ptr - buf);
1032 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
1034 struct rfcomm_hdr *hdr;
1035 struct rfcomm_mcc *mcc;
1036 struct rfcomm_rls *rls;
1037 u8 buf[16], *ptr = buf;
1039 BT_DBG("%p cr %d status 0x%x", s, cr, status);
1041 hdr = (void *) ptr; ptr += sizeof(*hdr);
1042 hdr->addr = __addr(s->initiator, 0);
1043 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1044 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
1046 mcc = (void *) ptr; ptr += sizeof(*mcc);
1047 mcc->type = __mcc_type(cr, RFCOMM_RLS);
1048 mcc->len = __len8(sizeof(*rls));
1050 rls = (void *) ptr; ptr += sizeof(*rls);
1051 rls->dlci = __addr(1, dlci);
1052 rls->status = status;
1054 *ptr = __fcs(buf); ptr++;
1056 return rfcomm_send_frame(s, buf, ptr - buf);
1059 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
1061 struct rfcomm_hdr *hdr;
1062 struct rfcomm_mcc *mcc;
1063 struct rfcomm_msc *msc;
1064 u8 buf[16], *ptr = buf;
1066 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
1068 hdr = (void *) ptr; ptr += sizeof(*hdr);
1069 hdr->addr = __addr(s->initiator, 0);
1070 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1071 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
1073 mcc = (void *) ptr; ptr += sizeof(*mcc);
1074 mcc->type = __mcc_type(cr, RFCOMM_MSC);
1075 mcc->len = __len8(sizeof(*msc));
1077 msc = (void *) ptr; ptr += sizeof(*msc);
1078 msc->dlci = __addr(1, dlci);
1079 msc->v24_sig = v24_sig | 0x01;
1081 *ptr = __fcs(buf); ptr++;
1083 return rfcomm_send_frame(s, buf, ptr - buf);
1086 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
1088 struct rfcomm_hdr *hdr;
1089 struct rfcomm_mcc *mcc;
1090 u8 buf[16], *ptr = buf;
1092 BT_DBG("%p cr %d", s, cr);
1094 hdr = (void *) ptr; ptr += sizeof(*hdr);
1095 hdr->addr = __addr(s->initiator, 0);
1096 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1097 hdr->len = __len8(sizeof(*mcc));
1099 mcc = (void *) ptr; ptr += sizeof(*mcc);
1100 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1101 mcc->len = __len8(0);
1103 *ptr = __fcs(buf); ptr++;
1105 return rfcomm_send_frame(s, buf, ptr - buf);
1108 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1110 struct rfcomm_hdr *hdr;
1111 struct rfcomm_mcc *mcc;
1112 u8 buf[16], *ptr = buf;
1114 BT_DBG("%p cr %d", s, cr);
1116 hdr = (void *) ptr; ptr += sizeof(*hdr);
1117 hdr->addr = __addr(s->initiator, 0);
1118 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1119 hdr->len = __len8(sizeof(*mcc));
1121 mcc = (void *) ptr; ptr += sizeof(*mcc);
1122 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1123 mcc->len = __len8(0);
1125 *ptr = __fcs(buf); ptr++;
1127 return rfcomm_send_frame(s, buf, ptr - buf);
1130 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1132 struct socket *sock = s->sock;
1135 unsigned char hdr[5], crc[1];
1140 BT_DBG("%p cr %d", s, cr);
1142 hdr[0] = __addr(s->initiator, 0);
1143 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1144 hdr[2] = 0x01 | ((len + 2) << 1);
1145 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1146 hdr[4] = 0x01 | (len << 1);
1148 crc[0] = __fcs(hdr);
1150 iv[0].iov_base = hdr;
1152 iv[1].iov_base = pattern;
1153 iv[1].iov_len = len;
1154 iv[2].iov_base = crc;
1157 memset(&msg, 0, sizeof(msg));
1159 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1162 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1164 struct rfcomm_hdr *hdr;
1165 u8 buf[16], *ptr = buf;
1167 BT_DBG("%p addr %d credits %d", s, addr, credits);
1169 hdr = (void *) ptr; ptr += sizeof(*hdr);
1171 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1172 hdr->len = __len8(0);
1174 *ptr = credits; ptr++;
1176 *ptr = __fcs(buf); ptr++;
1178 return rfcomm_send_frame(s, buf, ptr - buf);
1181 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1183 struct rfcomm_hdr *hdr;
1188 hdr = skb_push(skb, 4);
1189 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1191 hdr = skb_push(skb, 3);
1192 hdr->len = __len8(len);
1195 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1197 crc = skb_put(skb, 1);
1198 *crc = __fcs((void *) hdr);
1201 /* ---- RFCOMM frame reception ---- */
1202 static struct rfcomm_session *rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1204 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1208 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1210 rfcomm_send_dm(s, dlci);
1216 rfcomm_dlc_clear_timer(d);
1219 d->state = BT_CONNECTED;
1220 d->state_change(d, 0);
1221 rfcomm_dlc_unlock(d);
1223 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1227 d->state = BT_CLOSED;
1228 __rfcomm_dlc_close(d, 0);
1230 if (list_empty(&s->dlcs)) {
1231 s->state = BT_DISCONN;
1232 rfcomm_send_disc(s, 0);
1233 rfcomm_session_clear_timer(s);
1239 /* Control channel */
1242 s->state = BT_CONNECTED;
1243 rfcomm_process_connect(s);
1247 s = rfcomm_session_close(s, ECONNRESET);
1254 static struct rfcomm_session *rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1258 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1262 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1264 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1269 d->state = BT_CLOSED;
1270 __rfcomm_dlc_close(d, err);
1273 if (s->state == BT_CONNECT)
1278 s = rfcomm_session_close(s, err);
1283 static struct rfcomm_session *rfcomm_recv_disc(struct rfcomm_session *s,
1288 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1291 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1293 rfcomm_send_ua(s, dlci);
1295 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1300 d->state = BT_CLOSED;
1301 __rfcomm_dlc_close(d, err);
1303 rfcomm_send_dm(s, dlci);
1306 rfcomm_send_ua(s, 0);
1308 if (s->state == BT_CONNECT)
1313 s = rfcomm_session_close(s, err);
1318 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1320 struct sock *sk = d->session->sock->sk;
1321 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1323 BT_DBG("dlc %p", d);
1325 rfcomm_send_ua(d->session, d->dlci);
1327 rfcomm_dlc_clear_timer(d);
1330 d->state = BT_CONNECTED;
1331 d->state_change(d, 0);
1332 rfcomm_dlc_unlock(d);
1335 hci_conn_switch_role(conn->hcon, 0x00);
1337 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1340 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1342 if (rfcomm_check_security(d)) {
1343 if (d->defer_setup) {
1344 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1345 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1348 d->state = BT_CONNECT2;
1349 d->state_change(d, 0);
1350 rfcomm_dlc_unlock(d);
1352 rfcomm_dlc_accept(d);
1354 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1355 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1359 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1361 struct rfcomm_dlc *d;
1364 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1367 rfcomm_send_ua(s, 0);
1369 if (s->state == BT_OPEN) {
1370 s->state = BT_CONNECTED;
1371 rfcomm_process_connect(s);
1376 /* Check if DLC exists */
1377 d = rfcomm_dlc_get(s, dlci);
1379 if (d->state == BT_OPEN) {
1380 /* DLC was previously opened by PN request */
1381 rfcomm_check_accept(d);
1386 /* Notify socket layer about incoming connection */
1387 channel = __srv_channel(dlci);
1388 if (rfcomm_connect_ind(s, channel, &d)) {
1390 d->addr = __addr(s->initiator, dlci);
1391 rfcomm_dlc_link(s, d);
1393 rfcomm_check_accept(d);
1395 rfcomm_send_dm(s, dlci);
1401 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1403 struct rfcomm_session *s = d->session;
1405 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1406 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1408 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1409 pn->flow_ctrl == 0xe0) {
1410 d->cfc = RFCOMM_CFC_ENABLED;
1411 d->tx_credits = pn->credits;
1413 d->cfc = RFCOMM_CFC_DISABLED;
1414 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1417 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1420 d->priority = pn->priority;
1422 d->mtu = __le16_to_cpu(pn->mtu);
1424 if (cr && d->mtu > s->mtu)
1430 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1432 struct rfcomm_pn *pn = (void *) skb->data;
1433 struct rfcomm_dlc *d;
1436 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1441 d = rfcomm_dlc_get(s, dlci);
1445 rfcomm_apply_pn(d, cr, pn);
1446 rfcomm_send_pn(s, 0, d);
1451 rfcomm_apply_pn(d, cr, pn);
1453 d->state = BT_CONNECT;
1454 rfcomm_send_sabm(s, d->dlci);
1459 u8 channel = __srv_channel(dlci);
1464 /* PN request for non existing DLC.
1465 * Assume incoming connection. */
1466 if (rfcomm_connect_ind(s, channel, &d)) {
1468 d->addr = __addr(s->initiator, dlci);
1469 rfcomm_dlc_link(s, d);
1471 rfcomm_apply_pn(d, cr, pn);
1474 rfcomm_send_pn(s, 0, d);
1476 rfcomm_send_dm(s, dlci);
1482 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1484 struct rfcomm_rpn *rpn = (void *) skb->data;
1485 u8 dlci = __get_dlci(rpn->dlci);
1494 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1496 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1497 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1498 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1504 /* This is a request, return default (according to ETSI TS 07.10) settings */
1505 bit_rate = RFCOMM_RPN_BR_9600;
1506 data_bits = RFCOMM_RPN_DATA_8;
1507 stop_bits = RFCOMM_RPN_STOP_1;
1508 parity = RFCOMM_RPN_PARITY_NONE;
1509 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1510 xon_char = RFCOMM_RPN_XON_CHAR;
1511 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1515 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1516 * no parity, no flow control lines, normal XON/XOFF chars */
1518 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1519 bit_rate = rpn->bit_rate;
1520 if (bit_rate > RFCOMM_RPN_BR_230400) {
1521 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1522 bit_rate = RFCOMM_RPN_BR_9600;
1523 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1527 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1528 data_bits = __get_rpn_data_bits(rpn->line_settings);
1529 if (data_bits != RFCOMM_RPN_DATA_8) {
1530 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1531 data_bits = RFCOMM_RPN_DATA_8;
1532 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1536 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1537 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1538 if (stop_bits != RFCOMM_RPN_STOP_1) {
1539 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1540 stop_bits = RFCOMM_RPN_STOP_1;
1541 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1545 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1546 parity = __get_rpn_parity(rpn->line_settings);
1547 if (parity != RFCOMM_RPN_PARITY_NONE) {
1548 BT_DBG("RPN parity mismatch 0x%x", parity);
1549 parity = RFCOMM_RPN_PARITY_NONE;
1550 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1554 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1555 flow_ctrl = rpn->flow_ctrl;
1556 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1557 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1558 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1559 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1563 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1564 xon_char = rpn->xon_char;
1565 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1566 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1567 xon_char = RFCOMM_RPN_XON_CHAR;
1568 rpn_mask ^= RFCOMM_RPN_PM_XON;
1572 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1573 xoff_char = rpn->xoff_char;
1574 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1575 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1576 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1577 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1582 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1583 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1588 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1590 struct rfcomm_rls *rls = (void *) skb->data;
1591 u8 dlci = __get_dlci(rls->dlci);
1593 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1598 /* We should probably do something with this information here. But
1599 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1600 * mandatory to recognise and respond to RLS */
1602 rfcomm_send_rls(s, 0, dlci, rls->status);
1607 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1609 struct rfcomm_msc *msc = (void *) skb->data;
1610 struct rfcomm_dlc *d;
1611 u8 dlci = __get_dlci(msc->dlci);
1613 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1615 d = rfcomm_dlc_get(s, dlci);
1620 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1621 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1623 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1627 d->remote_v24_sig = msc->v24_sig;
1629 if (d->modem_status)
1630 d->modem_status(d, msc->v24_sig);
1632 rfcomm_dlc_unlock(d);
1634 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1636 d->mscex |= RFCOMM_MSCEX_RX;
1638 d->mscex |= RFCOMM_MSCEX_TX;
1643 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1645 struct rfcomm_mcc *mcc = (void *) skb->data;
1648 cr = __test_cr(mcc->type);
1649 type = __get_mcc_type(mcc->type);
1650 len = __get_mcc_len(mcc->len);
1652 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1658 rfcomm_recv_pn(s, cr, skb);
1662 rfcomm_recv_rpn(s, cr, len, skb);
1666 rfcomm_recv_rls(s, cr, skb);
1670 rfcomm_recv_msc(s, cr, skb);
1675 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1676 rfcomm_send_fcoff(s, 0);
1682 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1683 rfcomm_send_fcon(s, 0);
1689 rfcomm_send_test(s, 0, skb->data, skb->len);
1696 BT_ERR("Unknown control type 0x%02x", type);
1697 rfcomm_send_nsc(s, cr, type);
1703 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1705 struct rfcomm_dlc *d;
1707 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1709 d = rfcomm_dlc_get(s, dlci);
1711 rfcomm_send_dm(s, dlci);
1716 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1718 d->tx_credits += credits;
1720 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1723 if (skb->len && d->state == BT_CONNECTED) {
1726 d->data_ready(d, skb);
1727 rfcomm_dlc_unlock(d);
1736 static struct rfcomm_session *rfcomm_recv_frame(struct rfcomm_session *s,
1737 struct sk_buff *skb)
1739 struct rfcomm_hdr *hdr = (void *) skb->data;
1743 /* no session, so free socket data */
1748 dlci = __get_dlci(hdr->addr);
1749 type = __get_type(hdr->ctrl);
1752 skb->len--; skb->tail--;
1753 fcs = *(u8 *)skb_tail_pointer(skb);
1755 if (__check_fcs(skb->data, type, fcs)) {
1756 BT_ERR("bad checksum in packet");
1761 if (__test_ea(hdr->len))
1768 if (__test_pf(hdr->ctrl))
1769 rfcomm_recv_sabm(s, dlci);
1773 if (__test_pf(hdr->ctrl))
1774 s = rfcomm_recv_disc(s, dlci);
1778 if (__test_pf(hdr->ctrl))
1779 s = rfcomm_recv_ua(s, dlci);
1783 s = rfcomm_recv_dm(s, dlci);
1788 rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1791 rfcomm_recv_mcc(s, skb);
1795 BT_ERR("Unknown packet type 0x%02x", type);
1802 /* ---- Connection and data processing ---- */
1804 static void rfcomm_process_connect(struct rfcomm_session *s)
1806 struct rfcomm_dlc *d, *n;
1808 BT_DBG("session %p state %ld", s, s->state);
1810 list_for_each_entry_safe(d, n, &s->dlcs, list) {
1811 if (d->state == BT_CONFIG) {
1813 if (rfcomm_check_security(d)) {
1814 rfcomm_send_pn(s, 1, d);
1816 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1817 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1823 /* Send data queued for the DLC.
1824 * Return number of frames left in the queue.
1826 static int rfcomm_process_tx(struct rfcomm_dlc *d)
1828 struct sk_buff *skb;
1831 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1832 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1834 /* Send pending MSC */
1835 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1836 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1840 * Give them some credits */
1841 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1842 d->rx_credits <= (d->cfc >> 2)) {
1843 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1844 d->rx_credits = d->cfc;
1848 * Give ourselves some credits */
1852 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1853 return skb_queue_len(&d->tx_queue);
1855 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1856 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1858 skb_queue_head(&d->tx_queue, skb);
1865 if (d->cfc && !d->tx_credits) {
1866 /* We're out of TX credits.
1867 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1868 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1871 return skb_queue_len(&d->tx_queue);
1874 static void rfcomm_process_dlcs(struct rfcomm_session *s)
1876 struct rfcomm_dlc *d, *n;
1878 BT_DBG("session %p state %ld", s, s->state);
1880 list_for_each_entry_safe(d, n, &s->dlcs, list) {
1881 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1882 __rfcomm_dlc_close(d, ETIMEDOUT);
1886 if (test_bit(RFCOMM_ENC_DROP, &d->flags)) {
1887 __rfcomm_dlc_close(d, ECONNREFUSED);
1891 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1892 rfcomm_dlc_clear_timer(d);
1894 rfcomm_send_pn(s, 1, d);
1895 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1897 if (d->defer_setup) {
1898 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1899 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1902 d->state = BT_CONNECT2;
1903 d->state_change(d, 0);
1904 rfcomm_dlc_unlock(d);
1906 rfcomm_dlc_accept(d);
1909 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1910 rfcomm_dlc_clear_timer(d);
1912 rfcomm_send_dm(s, d->dlci);
1914 d->state = BT_CLOSED;
1915 __rfcomm_dlc_close(d, ECONNREFUSED);
1919 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1922 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1925 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1926 d->mscex == RFCOMM_MSCEX_OK)
1927 rfcomm_process_tx(d);
1931 static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s)
1933 struct socket *sock = s->sock;
1934 struct sock *sk = sock->sk;
1935 struct sk_buff *skb;
1937 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1939 /* Get data directly from socket receive queue without copying it. */
1940 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1942 if (!skb_linearize(skb)) {
1943 s = rfcomm_recv_frame(s, skb);
1951 if (s && (sk->sk_state == BT_CLOSED))
1952 s = rfcomm_session_close(s, sk->sk_err);
1957 static void rfcomm_accept_connection(struct rfcomm_session *s)
1959 struct socket *sock = s->sock, *nsock;
1962 /* Fast check for a new connection.
1963 * Avoids unnesesary socket allocations. */
1964 if (list_empty(&bt_sk(sock->sk)->accept_q))
1967 BT_DBG("session %p", s);
1969 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1973 /* Set our callbacks */
1974 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1975 nsock->sk->sk_state_change = rfcomm_l2state_change;
1977 s = rfcomm_session_add(nsock, BT_OPEN);
1979 /* We should adjust MTU on incoming sessions.
1980 * L2CAP MTU minus UIH header and FCS. */
1981 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1982 l2cap_pi(nsock->sk)->chan->imtu) - 5;
1986 sock_release(nsock);
1989 static struct rfcomm_session *rfcomm_check_connection(struct rfcomm_session *s)
1991 struct sock *sk = s->sock->sk;
1993 BT_DBG("%p state %ld", s, s->state);
1995 switch (sk->sk_state) {
1997 s->state = BT_CONNECT;
1999 /* We can adjust MTU on outgoing sessions.
2000 * L2CAP MTU minus UIH header and FCS. */
2001 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
2003 rfcomm_send_sabm(s, 0);
2007 s = rfcomm_session_close(s, sk->sk_err);
2013 static void rfcomm_process_sessions(void)
2015 struct rfcomm_session *s, *n;
2019 list_for_each_entry_safe(s, n, &session_list, list) {
2020 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
2021 s->state = BT_DISCONN;
2022 rfcomm_send_disc(s, 0);
2028 rfcomm_accept_connection(s);
2032 s = rfcomm_check_connection(s);
2036 s = rfcomm_process_rx(s);
2041 rfcomm_process_dlcs(s);
2047 static int rfcomm_add_listener(bdaddr_t *ba)
2049 struct sockaddr_l2 addr;
2050 struct socket *sock;
2052 struct rfcomm_session *s;
2056 err = rfcomm_l2sock_create(&sock);
2058 BT_ERR("Create socket failed %d", err);
2063 bacpy(&addr.l2_bdaddr, ba);
2064 addr.l2_family = AF_BLUETOOTH;
2065 addr.l2_psm = cpu_to_le16(L2CAP_PSM_RFCOMM);
2067 addr.l2_bdaddr_type = BDADDR_BREDR;
2068 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
2070 BT_ERR("Bind failed %d", err);
2074 /* Set L2CAP options */
2077 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
2080 /* Start listening on the socket */
2081 err = kernel_listen(sock, 10);
2083 BT_ERR("Listen failed %d", err);
2087 /* Add listening session */
2088 s = rfcomm_session_add(sock, BT_LISTEN);
2100 static void rfcomm_kill_listener(void)
2102 struct rfcomm_session *s, *n;
2106 list_for_each_entry_safe(s, n, &session_list, list)
2107 rfcomm_session_del(s);
2110 static int rfcomm_run(void *unused)
2112 DEFINE_WAIT_FUNC(wait, woken_wake_function);
2115 set_user_nice(current, -10);
2117 rfcomm_add_listener(BDADDR_ANY);
2119 add_wait_queue(&rfcomm_wq, &wait);
2120 while (!kthread_should_stop()) {
2123 rfcomm_process_sessions();
2125 wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
2127 remove_wait_queue(&rfcomm_wq, &wait);
2129 rfcomm_kill_listener();
2134 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2136 struct rfcomm_session *s;
2137 struct rfcomm_dlc *d, *n;
2139 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2141 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2145 list_for_each_entry_safe(d, n, &s->dlcs, list) {
2146 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2147 rfcomm_dlc_clear_timer(d);
2148 if (status || encrypt == 0x00) {
2149 set_bit(RFCOMM_ENC_DROP, &d->flags);
2154 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2155 if (d->sec_level == BT_SECURITY_MEDIUM) {
2156 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2157 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2159 } else if (d->sec_level == BT_SECURITY_HIGH ||
2160 d->sec_level == BT_SECURITY_FIPS) {
2161 set_bit(RFCOMM_ENC_DROP, &d->flags);
2166 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2169 if (!status && hci_conn_check_secure(conn, d->sec_level))
2170 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2172 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2178 static struct hci_cb rfcomm_cb = {
2180 .security_cfm = rfcomm_security_cfm
2183 static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2185 struct rfcomm_session *s;
2189 list_for_each_entry(s, &session_list, list) {
2190 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
2191 struct rfcomm_dlc *d;
2192 list_for_each_entry(d, &s->dlcs, list) {
2193 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n",
2194 &chan->src, &chan->dst,
2195 d->state, d->dlci, d->mtu,
2196 d->rx_credits, d->tx_credits);
2205 static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file)
2207 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private);
2210 static const struct file_operations rfcomm_dlc_debugfs_fops = {
2211 .open = rfcomm_dlc_debugfs_open,
2213 .llseek = seq_lseek,
2214 .release = single_release,
2217 static struct dentry *rfcomm_dlc_debugfs;
2219 /* ---- Initialization ---- */
2220 static int __init rfcomm_init(void)
2224 hci_register_cb(&rfcomm_cb);
2226 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2227 if (IS_ERR(rfcomm_thread)) {
2228 err = PTR_ERR(rfcomm_thread);
2232 err = rfcomm_init_ttys();
2236 err = rfcomm_init_sockets();
2240 BT_INFO("RFCOMM ver %s", VERSION);
2242 if (IS_ERR_OR_NULL(bt_debugfs))
2245 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2247 &rfcomm_dlc_debugfs_fops);
2252 rfcomm_cleanup_ttys();
2255 kthread_stop(rfcomm_thread);
2258 hci_unregister_cb(&rfcomm_cb);
2263 static void __exit rfcomm_exit(void)
2265 debugfs_remove(rfcomm_dlc_debugfs);
2267 hci_unregister_cb(&rfcomm_cb);
2269 kthread_stop(rfcomm_thread);
2271 rfcomm_cleanup_ttys();
2273 rfcomm_cleanup_sockets();
2276 module_init(rfcomm_init);
2277 module_exit(rfcomm_exit);
2279 module_param(disable_cfc, bool, 0644);
2280 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2282 module_param(channel_mtu, int, 0644);
2283 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2285 module_param(l2cap_mtu, uint, 0644);
2286 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2288 module_param(l2cap_ertm, bool, 0644);
2289 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2291 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2292 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2293 MODULE_VERSION(VERSION);
2294 MODULE_LICENSE("GPL");
2295 MODULE_ALIAS("bt-proto-3");