2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
28 #include <linux/module.h>
29 #include <linux/debugfs.h>
30 #include <linux/kthread.h>
31 #include <asm/unaligned.h>
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35 #include <net/bluetooth/l2cap.h>
36 #include <net/bluetooth/rfcomm.h>
38 #define VERSION "1.11"
40 static bool disable_cfc;
41 static bool l2cap_ertm;
42 static int channel_mtu = -1;
44 static struct task_struct *rfcomm_thread;
46 static DEFINE_MUTEX(rfcomm_mutex);
47 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
48 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
51 static LIST_HEAD(session_list);
53 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
54 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
55 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
56 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
57 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
58 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
59 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
60 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
61 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
62 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
64 static void rfcomm_process_connect(struct rfcomm_session *s);
66 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
70 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
71 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s);
73 /* ---- RFCOMM frame parsing macros ---- */
74 #define __get_dlci(b) ((b & 0xfc) >> 2)
75 #define __get_type(b) ((b & 0xef))
77 #define __test_ea(b) ((b & 0x01))
78 #define __test_cr(b) (!!(b & 0x02))
79 #define __test_pf(b) (!!(b & 0x10))
81 #define __session_dir(s) ((s)->initiator ? 0x00 : 0x01)
83 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
84 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
85 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
86 #define __srv_channel(dlci) (dlci >> 1)
88 #define __len8(len) (((len) << 1) | 1)
89 #define __len16(len) ((len) << 1)
92 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
93 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
94 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
97 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
98 #define __get_rpn_data_bits(line) ((line) & 0x3)
99 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
100 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
102 static DECLARE_WAIT_QUEUE_HEAD(rfcomm_wq);
104 static void rfcomm_schedule(void)
106 wake_up_all(&rfcomm_wq);
109 /* ---- RFCOMM FCS computation ---- */
111 /* reversed, 8-bit, poly=0x07 */
112 static unsigned char rfcomm_crc_table[256] = {
113 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
114 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
115 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
116 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
118 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
119 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
120 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
121 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
123 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
124 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
125 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
126 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
128 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
129 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
130 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
131 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
133 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
134 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
135 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
136 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
138 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
139 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
140 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
141 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
143 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
144 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
145 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
146 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
148 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
149 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
150 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
151 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
155 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
158 static inline u8 __fcs(u8 *data)
160 return 0xff - __crc(data);
164 static inline u8 __fcs2(u8 *data)
166 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
170 static inline int __check_fcs(u8 *data, int type, u8 fcs)
174 if (type != RFCOMM_UIH)
175 f = rfcomm_crc_table[f ^ data[2]];
177 return rfcomm_crc_table[f ^ fcs] != 0xcf;
180 /* ---- L2CAP callbacks ---- */
181 static void rfcomm_l2state_change(struct sock *sk)
183 BT_DBG("%p state %d", sk, sk->sk_state);
187 static void rfcomm_l2data_ready(struct sock *sk)
193 static int rfcomm_l2sock_create(struct socket **sock)
199 err = sock_create_kern(&init_net, PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
201 struct sock *sk = (*sock)->sk;
202 sk->sk_data_ready = rfcomm_l2data_ready;
203 sk->sk_state_change = rfcomm_l2state_change;
208 static int rfcomm_check_security(struct rfcomm_dlc *d)
210 struct sock *sk = d->session->sock->sk;
211 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
215 switch (d->sec_level) {
216 case BT_SECURITY_HIGH:
217 case BT_SECURITY_FIPS:
218 auth_type = HCI_AT_GENERAL_BONDING_MITM;
220 case BT_SECURITY_MEDIUM:
221 auth_type = HCI_AT_GENERAL_BONDING;
224 auth_type = HCI_AT_NO_BONDING;
228 return hci_conn_security(conn->hcon, d->sec_level, auth_type,
232 static void rfcomm_session_timeout(struct timer_list *t)
234 struct rfcomm_session *s = from_timer(s, t, timer);
236 BT_DBG("session %p state %ld", s, s->state);
238 set_bit(RFCOMM_TIMED_OUT, &s->flags);
242 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
244 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
246 mod_timer(&s->timer, jiffies + timeout);
249 static void rfcomm_session_clear_timer(struct rfcomm_session *s)
251 BT_DBG("session %p state %ld", s, s->state);
253 del_timer_sync(&s->timer);
256 /* ---- RFCOMM DLCs ---- */
257 static void rfcomm_dlc_timeout(struct timer_list *t)
259 struct rfcomm_dlc *d = from_timer(d, t, timer);
261 BT_DBG("dlc %p state %ld", d, d->state);
263 set_bit(RFCOMM_TIMED_OUT, &d->flags);
268 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
270 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
272 if (!mod_timer(&d->timer, jiffies + timeout))
276 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
278 BT_DBG("dlc %p state %ld", d, d->state);
280 if (del_timer(&d->timer))
284 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
291 d->sec_level = BT_SECURITY_LOW;
292 d->mtu = RFCOMM_DEFAULT_MTU;
293 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
295 d->cfc = RFCOMM_CFC_DISABLED;
296 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
299 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
301 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
306 timer_setup(&d->timer, rfcomm_dlc_timeout, 0);
308 skb_queue_head_init(&d->tx_queue);
309 mutex_init(&d->lock);
310 refcount_set(&d->refcnt, 1);
312 rfcomm_dlc_clear_state(d);
319 void rfcomm_dlc_free(struct rfcomm_dlc *d)
323 skb_queue_purge(&d->tx_queue);
327 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
329 BT_DBG("dlc %p session %p", d, s);
331 rfcomm_session_clear_timer(s);
333 list_add(&d->list, &s->dlcs);
337 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
339 struct rfcomm_session *s = d->session;
341 BT_DBG("dlc %p refcnt %d session %p", d, refcount_read(&d->refcnt), s);
347 if (list_empty(&s->dlcs))
348 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
351 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
353 struct rfcomm_dlc *d;
355 list_for_each_entry(d, &s->dlcs, list)
362 static int rfcomm_check_channel(u8 channel)
364 return channel < 1 || channel > 30;
367 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
369 struct rfcomm_session *s;
373 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d",
374 d, d->state, src, dst, channel);
376 if (rfcomm_check_channel(channel))
379 if (d->state != BT_OPEN && d->state != BT_CLOSED)
382 s = rfcomm_session_get(src, dst);
384 s = rfcomm_session_create(src, dst, d->sec_level, &err);
389 dlci = __dlci(__session_dir(s), channel);
391 /* Check if DLCI already exists */
392 if (rfcomm_dlc_get(s, dlci))
395 rfcomm_dlc_clear_state(d);
398 d->addr = __addr(s->initiator, dlci);
401 d->state = BT_CONFIG;
402 rfcomm_dlc_link(s, d);
407 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
409 if (s->state == BT_CONNECTED) {
410 if (rfcomm_check_security(d))
411 rfcomm_send_pn(s, 1, d);
413 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
416 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
421 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
427 r = __rfcomm_dlc_open(d, src, dst, channel);
433 static void __rfcomm_dlc_disconn(struct rfcomm_dlc *d)
435 struct rfcomm_session *s = d->session;
437 d->state = BT_DISCONN;
438 if (skb_queue_empty(&d->tx_queue)) {
439 rfcomm_send_disc(s, d->dlci);
440 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
442 rfcomm_queue_disc(d);
443 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
447 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
449 struct rfcomm_session *s = d->session;
453 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
454 d, d->state, d->dlci, err, s);
461 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
462 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
471 __rfcomm_dlc_disconn(d);
475 if (s->state != BT_BOUND) {
476 __rfcomm_dlc_disconn(d);
479 /* if closing a dlc in a session that hasn't been started,
480 * just close and unlink the dlc
485 rfcomm_dlc_clear_timer(d);
488 d->state = BT_CLOSED;
489 d->state_change(d, err);
490 rfcomm_dlc_unlock(d);
492 skb_queue_purge(&d->tx_queue);
493 rfcomm_dlc_unlink(d);
499 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
502 struct rfcomm_dlc *d_list;
503 struct rfcomm_session *s, *s_list;
505 BT_DBG("dlc %p state %ld dlci %d err %d", d, d->state, d->dlci, err);
513 /* after waiting on the mutex check the session still exists
514 * then check the dlc still exists
516 list_for_each_entry(s_list, &session_list, list) {
518 list_for_each_entry(d_list, &s->dlcs, list) {
520 r = __rfcomm_dlc_close(d, err);
533 struct rfcomm_dlc *rfcomm_dlc_exists(bdaddr_t *src, bdaddr_t *dst, u8 channel)
535 struct rfcomm_session *s;
536 struct rfcomm_dlc *dlc = NULL;
539 if (rfcomm_check_channel(channel))
540 return ERR_PTR(-EINVAL);
543 s = rfcomm_session_get(src, dst);
545 dlci = __dlci(__session_dir(s), channel);
546 dlc = rfcomm_dlc_get(s, dlci);
552 static int rfcomm_dlc_send_frag(struct rfcomm_dlc *d, struct sk_buff *frag)
556 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
561 rfcomm_make_uih(frag, d->addr);
562 __skb_queue_tail(&d->tx_queue, frag);
567 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
570 struct sk_buff *frag, *next;
573 if (d->state != BT_CONNECTED)
576 frag = skb_shinfo(skb)->frag_list;
577 skb_shinfo(skb)->frag_list = NULL;
579 /* Queue all fragments atomically. */
580 spin_lock_irqsave(&d->tx_queue.lock, flags);
582 len = rfcomm_dlc_send_frag(d, skb);
583 if (len < 0 || !frag)
586 for (; frag; frag = next) {
591 ret = rfcomm_dlc_send_frag(d, frag);
593 dev_kfree_skb_irq(frag);
601 spin_unlock_irqrestore(&d->tx_queue.lock, flags);
603 if (len > 0 && !test_bit(RFCOMM_TX_THROTTLED, &d->flags))
608 void rfcomm_dlc_send_noerror(struct rfcomm_dlc *d, struct sk_buff *skb)
612 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
614 rfcomm_make_uih(skb, d->addr);
615 skb_queue_tail(&d->tx_queue, skb);
617 if (d->state == BT_CONNECTED &&
618 !test_bit(RFCOMM_TX_THROTTLED, &d->flags))
622 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
624 BT_DBG("dlc %p state %ld", d, d->state);
627 d->v24_sig |= RFCOMM_V24_FC;
628 set_bit(RFCOMM_MSC_PENDING, &d->flags);
633 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
635 BT_DBG("dlc %p state %ld", d, d->state);
638 d->v24_sig &= ~RFCOMM_V24_FC;
639 set_bit(RFCOMM_MSC_PENDING, &d->flags);
645 Set/get modem status functions use _local_ status i.e. what we report
647 Remote status is provided by dlc->modem_status() callback.
649 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
651 BT_DBG("dlc %p state %ld v24_sig 0x%x",
652 d, d->state, v24_sig);
654 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
655 v24_sig |= RFCOMM_V24_FC;
657 v24_sig &= ~RFCOMM_V24_FC;
659 d->v24_sig = v24_sig;
661 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
667 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
669 BT_DBG("dlc %p state %ld v24_sig 0x%x",
670 d, d->state, d->v24_sig);
672 *v24_sig = d->v24_sig;
676 /* ---- RFCOMM sessions ---- */
677 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
679 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
684 BT_DBG("session %p sock %p", s, sock);
686 timer_setup(&s->timer, rfcomm_session_timeout, 0);
688 INIT_LIST_HEAD(&s->dlcs);
692 s->mtu = RFCOMM_DEFAULT_MTU;
693 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
695 /* Do not increment module usage count for listening sessions.
696 * Otherwise we won't be able to unload the module. */
697 if (state != BT_LISTEN)
698 if (!try_module_get(THIS_MODULE)) {
703 list_add(&s->list, &session_list);
708 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s)
710 int state = s->state;
712 BT_DBG("session %p state %ld", s, s->state);
716 rfcomm_session_clear_timer(s);
717 sock_release(s->sock);
720 if (state != BT_LISTEN)
721 module_put(THIS_MODULE);
726 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
728 struct rfcomm_session *s, *n;
729 struct l2cap_chan *chan;
730 list_for_each_entry_safe(s, n, &session_list, list) {
731 chan = l2cap_pi(s->sock->sk)->chan;
733 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&chan->src, src)) &&
734 !bacmp(&chan->dst, dst))
740 static struct rfcomm_session *rfcomm_session_close(struct rfcomm_session *s,
743 struct rfcomm_dlc *d, *n;
745 s->state = BT_CLOSED;
747 BT_DBG("session %p state %ld err %d", s, s->state, err);
750 list_for_each_entry_safe(d, n, &s->dlcs, list) {
751 d->state = BT_CLOSED;
752 __rfcomm_dlc_close(d, err);
755 rfcomm_session_clear_timer(s);
756 return rfcomm_session_del(s);
759 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
764 struct rfcomm_session *s = NULL;
765 struct sockaddr_l2 addr;
769 BT_DBG("%pMR -> %pMR", src, dst);
771 *err = rfcomm_l2sock_create(&sock);
775 bacpy(&addr.l2_bdaddr, src);
776 addr.l2_family = AF_BLUETOOTH;
779 addr.l2_bdaddr_type = BDADDR_BREDR;
780 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
784 /* Set L2CAP options */
787 /* Set MTU to 0 so L2CAP can auto select the MTU */
788 l2cap_pi(sk)->chan->imtu = 0;
789 l2cap_pi(sk)->chan->sec_level = sec_level;
791 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
794 s = rfcomm_session_add(sock, BT_BOUND);
802 bacpy(&addr.l2_bdaddr, dst);
803 addr.l2_family = AF_BLUETOOTH;
804 addr.l2_psm = cpu_to_le16(L2CAP_PSM_RFCOMM);
806 addr.l2_bdaddr_type = BDADDR_BREDR;
807 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
808 if (*err == 0 || *err == -EINPROGRESS)
811 return rfcomm_session_del(s);
818 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
820 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
822 bacpy(src, &chan->src);
824 bacpy(dst, &chan->dst);
827 /* ---- RFCOMM frame sending ---- */
828 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
830 struct kvec iv = { data, len };
833 BT_DBG("session %p len %d", s, len);
835 memset(&msg, 0, sizeof(msg));
837 return kernel_sendmsg(s->sock, &msg, &iv, 1, len);
840 static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd)
842 BT_DBG("%p cmd %u", s, cmd->ctrl);
844 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd));
847 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
849 struct rfcomm_cmd cmd;
851 BT_DBG("%p dlci %d", s, dlci);
853 cmd.addr = __addr(s->initiator, dlci);
854 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
856 cmd.fcs = __fcs2((u8 *) &cmd);
858 return rfcomm_send_cmd(s, &cmd);
861 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
863 struct rfcomm_cmd cmd;
865 BT_DBG("%p dlci %d", s, dlci);
867 cmd.addr = __addr(!s->initiator, dlci);
868 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
870 cmd.fcs = __fcs2((u8 *) &cmd);
872 return rfcomm_send_cmd(s, &cmd);
875 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
877 struct rfcomm_cmd cmd;
879 BT_DBG("%p dlci %d", s, dlci);
881 cmd.addr = __addr(s->initiator, dlci);
882 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
884 cmd.fcs = __fcs2((u8 *) &cmd);
886 return rfcomm_send_cmd(s, &cmd);
889 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
891 struct rfcomm_cmd *cmd;
894 BT_DBG("dlc %p dlci %d", d, d->dlci);
896 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
900 cmd = __skb_put(skb, sizeof(*cmd));
902 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
903 cmd->len = __len8(0);
904 cmd->fcs = __fcs2((u8 *) cmd);
906 skb_queue_tail(&d->tx_queue, skb);
911 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
913 struct rfcomm_cmd cmd;
915 BT_DBG("%p dlci %d", s, dlci);
917 cmd.addr = __addr(!s->initiator, dlci);
918 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
920 cmd.fcs = __fcs2((u8 *) &cmd);
922 return rfcomm_send_cmd(s, &cmd);
925 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
927 struct rfcomm_hdr *hdr;
928 struct rfcomm_mcc *mcc;
929 u8 buf[16], *ptr = buf;
931 BT_DBG("%p cr %d type %d", s, cr, type);
933 hdr = (void *) ptr; ptr += sizeof(*hdr);
934 hdr->addr = __addr(s->initiator, 0);
935 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
936 hdr->len = __len8(sizeof(*mcc) + 1);
938 mcc = (void *) ptr; ptr += sizeof(*mcc);
939 mcc->type = __mcc_type(0, RFCOMM_NSC);
940 mcc->len = __len8(1);
942 /* Type that we didn't like */
943 *ptr = __mcc_type(cr, type); ptr++;
945 *ptr = __fcs(buf); ptr++;
947 return rfcomm_send_frame(s, buf, ptr - buf);
950 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
952 struct rfcomm_hdr *hdr;
953 struct rfcomm_mcc *mcc;
954 struct rfcomm_pn *pn;
955 u8 buf[16], *ptr = buf;
957 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
959 hdr = (void *) ptr; ptr += sizeof(*hdr);
960 hdr->addr = __addr(s->initiator, 0);
961 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
962 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
964 mcc = (void *) ptr; ptr += sizeof(*mcc);
965 mcc->type = __mcc_type(cr, RFCOMM_PN);
966 mcc->len = __len8(sizeof(*pn));
968 pn = (void *) ptr; ptr += sizeof(*pn);
970 pn->priority = d->priority;
975 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
976 pn->credits = RFCOMM_DEFAULT_CREDITS;
982 if (cr && channel_mtu >= 0)
983 pn->mtu = cpu_to_le16(channel_mtu);
985 pn->mtu = cpu_to_le16(d->mtu);
987 *ptr = __fcs(buf); ptr++;
989 return rfcomm_send_frame(s, buf, ptr - buf);
992 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
993 u8 bit_rate, u8 data_bits, u8 stop_bits,
994 u8 parity, u8 flow_ctrl_settings,
995 u8 xon_char, u8 xoff_char, u16 param_mask)
997 struct rfcomm_hdr *hdr;
998 struct rfcomm_mcc *mcc;
999 struct rfcomm_rpn *rpn;
1000 u8 buf[16], *ptr = buf;
1002 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
1003 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
1004 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
1005 flow_ctrl_settings, xon_char, xoff_char, param_mask);
1007 hdr = (void *) ptr; ptr += sizeof(*hdr);
1008 hdr->addr = __addr(s->initiator, 0);
1009 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1010 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
1012 mcc = (void *) ptr; ptr += sizeof(*mcc);
1013 mcc->type = __mcc_type(cr, RFCOMM_RPN);
1014 mcc->len = __len8(sizeof(*rpn));
1016 rpn = (void *) ptr; ptr += sizeof(*rpn);
1017 rpn->dlci = __addr(1, dlci);
1018 rpn->bit_rate = bit_rate;
1019 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
1020 rpn->flow_ctrl = flow_ctrl_settings;
1021 rpn->xon_char = xon_char;
1022 rpn->xoff_char = xoff_char;
1023 rpn->param_mask = cpu_to_le16(param_mask);
1025 *ptr = __fcs(buf); ptr++;
1027 return rfcomm_send_frame(s, buf, ptr - buf);
1030 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
1032 struct rfcomm_hdr *hdr;
1033 struct rfcomm_mcc *mcc;
1034 struct rfcomm_rls *rls;
1035 u8 buf[16], *ptr = buf;
1037 BT_DBG("%p cr %d status 0x%x", s, cr, status);
1039 hdr = (void *) ptr; ptr += sizeof(*hdr);
1040 hdr->addr = __addr(s->initiator, 0);
1041 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1042 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
1044 mcc = (void *) ptr; ptr += sizeof(*mcc);
1045 mcc->type = __mcc_type(cr, RFCOMM_RLS);
1046 mcc->len = __len8(sizeof(*rls));
1048 rls = (void *) ptr; ptr += sizeof(*rls);
1049 rls->dlci = __addr(1, dlci);
1050 rls->status = status;
1052 *ptr = __fcs(buf); ptr++;
1054 return rfcomm_send_frame(s, buf, ptr - buf);
1057 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
1059 struct rfcomm_hdr *hdr;
1060 struct rfcomm_mcc *mcc;
1061 struct rfcomm_msc *msc;
1062 u8 buf[16], *ptr = buf;
1064 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
1066 hdr = (void *) ptr; ptr += sizeof(*hdr);
1067 hdr->addr = __addr(s->initiator, 0);
1068 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1069 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
1071 mcc = (void *) ptr; ptr += sizeof(*mcc);
1072 mcc->type = __mcc_type(cr, RFCOMM_MSC);
1073 mcc->len = __len8(sizeof(*msc));
1075 msc = (void *) ptr; ptr += sizeof(*msc);
1076 msc->dlci = __addr(1, dlci);
1077 msc->v24_sig = v24_sig | 0x01;
1079 *ptr = __fcs(buf); ptr++;
1081 return rfcomm_send_frame(s, buf, ptr - buf);
1084 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
1086 struct rfcomm_hdr *hdr;
1087 struct rfcomm_mcc *mcc;
1088 u8 buf[16], *ptr = buf;
1090 BT_DBG("%p cr %d", s, cr);
1092 hdr = (void *) ptr; ptr += sizeof(*hdr);
1093 hdr->addr = __addr(s->initiator, 0);
1094 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1095 hdr->len = __len8(sizeof(*mcc));
1097 mcc = (void *) ptr; ptr += sizeof(*mcc);
1098 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1099 mcc->len = __len8(0);
1101 *ptr = __fcs(buf); ptr++;
1103 return rfcomm_send_frame(s, buf, ptr - buf);
1106 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1108 struct rfcomm_hdr *hdr;
1109 struct rfcomm_mcc *mcc;
1110 u8 buf[16], *ptr = buf;
1112 BT_DBG("%p cr %d", s, cr);
1114 hdr = (void *) ptr; ptr += sizeof(*hdr);
1115 hdr->addr = __addr(s->initiator, 0);
1116 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1117 hdr->len = __len8(sizeof(*mcc));
1119 mcc = (void *) ptr; ptr += sizeof(*mcc);
1120 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1121 mcc->len = __len8(0);
1123 *ptr = __fcs(buf); ptr++;
1125 return rfcomm_send_frame(s, buf, ptr - buf);
1128 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1130 struct socket *sock = s->sock;
1133 unsigned char hdr[5], crc[1];
1138 BT_DBG("%p cr %d", s, cr);
1140 hdr[0] = __addr(s->initiator, 0);
1141 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1142 hdr[2] = 0x01 | ((len + 2) << 1);
1143 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1144 hdr[4] = 0x01 | (len << 1);
1146 crc[0] = __fcs(hdr);
1148 iv[0].iov_base = hdr;
1150 iv[1].iov_base = pattern;
1151 iv[1].iov_len = len;
1152 iv[2].iov_base = crc;
1155 memset(&msg, 0, sizeof(msg));
1157 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1160 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1162 struct rfcomm_hdr *hdr;
1163 u8 buf[16], *ptr = buf;
1165 BT_DBG("%p addr %d credits %d", s, addr, credits);
1167 hdr = (void *) ptr; ptr += sizeof(*hdr);
1169 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1170 hdr->len = __len8(0);
1172 *ptr = credits; ptr++;
1174 *ptr = __fcs(buf); ptr++;
1176 return rfcomm_send_frame(s, buf, ptr - buf);
1179 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1181 struct rfcomm_hdr *hdr;
1186 hdr = skb_push(skb, 4);
1187 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1189 hdr = skb_push(skb, 3);
1190 hdr->len = __len8(len);
1193 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1195 crc = skb_put(skb, 1);
1196 *crc = __fcs((void *) hdr);
1199 /* ---- RFCOMM frame reception ---- */
1200 static struct rfcomm_session *rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1202 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1206 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1208 rfcomm_send_dm(s, dlci);
1214 rfcomm_dlc_clear_timer(d);
1217 d->state = BT_CONNECTED;
1218 d->state_change(d, 0);
1219 rfcomm_dlc_unlock(d);
1221 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1225 d->state = BT_CLOSED;
1226 __rfcomm_dlc_close(d, 0);
1228 if (list_empty(&s->dlcs)) {
1229 s->state = BT_DISCONN;
1230 rfcomm_send_disc(s, 0);
1231 rfcomm_session_clear_timer(s);
1237 /* Control channel */
1240 s->state = BT_CONNECTED;
1241 rfcomm_process_connect(s);
1245 s = rfcomm_session_close(s, ECONNRESET);
1252 static struct rfcomm_session *rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1256 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1260 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1262 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1267 d->state = BT_CLOSED;
1268 __rfcomm_dlc_close(d, err);
1271 if (s->state == BT_CONNECT)
1276 s = rfcomm_session_close(s, err);
1281 static struct rfcomm_session *rfcomm_recv_disc(struct rfcomm_session *s,
1286 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1289 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1291 rfcomm_send_ua(s, dlci);
1293 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1298 d->state = BT_CLOSED;
1299 __rfcomm_dlc_close(d, err);
1301 rfcomm_send_dm(s, dlci);
1304 rfcomm_send_ua(s, 0);
1306 if (s->state == BT_CONNECT)
1311 s = rfcomm_session_close(s, err);
1316 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1318 struct sock *sk = d->session->sock->sk;
1319 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1321 BT_DBG("dlc %p", d);
1323 rfcomm_send_ua(d->session, d->dlci);
1325 rfcomm_dlc_clear_timer(d);
1328 d->state = BT_CONNECTED;
1329 d->state_change(d, 0);
1330 rfcomm_dlc_unlock(d);
1333 hci_conn_switch_role(conn->hcon, 0x00);
1335 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1338 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1340 if (rfcomm_check_security(d)) {
1341 if (d->defer_setup) {
1342 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1343 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1346 d->state = BT_CONNECT2;
1347 d->state_change(d, 0);
1348 rfcomm_dlc_unlock(d);
1350 rfcomm_dlc_accept(d);
1352 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1353 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1357 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1359 struct rfcomm_dlc *d;
1362 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1365 rfcomm_send_ua(s, 0);
1367 if (s->state == BT_OPEN) {
1368 s->state = BT_CONNECTED;
1369 rfcomm_process_connect(s);
1374 /* Check if DLC exists */
1375 d = rfcomm_dlc_get(s, dlci);
1377 if (d->state == BT_OPEN) {
1378 /* DLC was previously opened by PN request */
1379 rfcomm_check_accept(d);
1384 /* Notify socket layer about incoming connection */
1385 channel = __srv_channel(dlci);
1386 if (rfcomm_connect_ind(s, channel, &d)) {
1388 d->addr = __addr(s->initiator, dlci);
1389 rfcomm_dlc_link(s, d);
1391 rfcomm_check_accept(d);
1393 rfcomm_send_dm(s, dlci);
1399 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1401 struct rfcomm_session *s = d->session;
1403 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1404 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1406 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1407 pn->flow_ctrl == 0xe0) {
1408 d->cfc = RFCOMM_CFC_ENABLED;
1409 d->tx_credits = pn->credits;
1411 d->cfc = RFCOMM_CFC_DISABLED;
1412 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1415 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1418 d->priority = pn->priority;
1420 d->mtu = __le16_to_cpu(pn->mtu);
1422 if (cr && d->mtu > s->mtu)
1428 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1430 struct rfcomm_pn *pn = (void *) skb->data;
1431 struct rfcomm_dlc *d;
1434 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1439 d = rfcomm_dlc_get(s, dlci);
1443 rfcomm_apply_pn(d, cr, pn);
1444 rfcomm_send_pn(s, 0, d);
1449 rfcomm_apply_pn(d, cr, pn);
1451 d->state = BT_CONNECT;
1452 rfcomm_send_sabm(s, d->dlci);
1457 u8 channel = __srv_channel(dlci);
1462 /* PN request for non existing DLC.
1463 * Assume incoming connection. */
1464 if (rfcomm_connect_ind(s, channel, &d)) {
1466 d->addr = __addr(s->initiator, dlci);
1467 rfcomm_dlc_link(s, d);
1469 rfcomm_apply_pn(d, cr, pn);
1472 rfcomm_send_pn(s, 0, d);
1474 rfcomm_send_dm(s, dlci);
1480 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1482 struct rfcomm_rpn *rpn = (void *) skb->data;
1483 u8 dlci = __get_dlci(rpn->dlci);
1492 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1494 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1495 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1496 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1502 /* This is a request, return default (according to ETSI TS 07.10) settings */
1503 bit_rate = RFCOMM_RPN_BR_9600;
1504 data_bits = RFCOMM_RPN_DATA_8;
1505 stop_bits = RFCOMM_RPN_STOP_1;
1506 parity = RFCOMM_RPN_PARITY_NONE;
1507 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1508 xon_char = RFCOMM_RPN_XON_CHAR;
1509 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1513 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1514 * no parity, no flow control lines, normal XON/XOFF chars */
1516 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1517 bit_rate = rpn->bit_rate;
1518 if (bit_rate > RFCOMM_RPN_BR_230400) {
1519 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1520 bit_rate = RFCOMM_RPN_BR_9600;
1521 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1525 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1526 data_bits = __get_rpn_data_bits(rpn->line_settings);
1527 if (data_bits != RFCOMM_RPN_DATA_8) {
1528 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1529 data_bits = RFCOMM_RPN_DATA_8;
1530 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1534 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1535 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1536 if (stop_bits != RFCOMM_RPN_STOP_1) {
1537 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1538 stop_bits = RFCOMM_RPN_STOP_1;
1539 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1543 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1544 parity = __get_rpn_parity(rpn->line_settings);
1545 if (parity != RFCOMM_RPN_PARITY_NONE) {
1546 BT_DBG("RPN parity mismatch 0x%x", parity);
1547 parity = RFCOMM_RPN_PARITY_NONE;
1548 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1552 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1553 flow_ctrl = rpn->flow_ctrl;
1554 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1555 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1556 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1557 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1561 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1562 xon_char = rpn->xon_char;
1563 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1564 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1565 xon_char = RFCOMM_RPN_XON_CHAR;
1566 rpn_mask ^= RFCOMM_RPN_PM_XON;
1570 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1571 xoff_char = rpn->xoff_char;
1572 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1573 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1574 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1575 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1580 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1581 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1586 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1588 struct rfcomm_rls *rls = (void *) skb->data;
1589 u8 dlci = __get_dlci(rls->dlci);
1591 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1596 /* We should probably do something with this information here. But
1597 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1598 * mandatory to recognise and respond to RLS */
1600 rfcomm_send_rls(s, 0, dlci, rls->status);
1605 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1607 struct rfcomm_msc *msc = (void *) skb->data;
1608 struct rfcomm_dlc *d;
1609 u8 dlci = __get_dlci(msc->dlci);
1611 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1613 d = rfcomm_dlc_get(s, dlci);
1618 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1619 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1621 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1625 d->remote_v24_sig = msc->v24_sig;
1627 if (d->modem_status)
1628 d->modem_status(d, msc->v24_sig);
1630 rfcomm_dlc_unlock(d);
1632 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1634 d->mscex |= RFCOMM_MSCEX_RX;
1636 d->mscex |= RFCOMM_MSCEX_TX;
1641 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1643 struct rfcomm_mcc *mcc = (void *) skb->data;
1646 cr = __test_cr(mcc->type);
1647 type = __get_mcc_type(mcc->type);
1648 len = __get_mcc_len(mcc->len);
1650 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1656 rfcomm_recv_pn(s, cr, skb);
1660 rfcomm_recv_rpn(s, cr, len, skb);
1664 rfcomm_recv_rls(s, cr, skb);
1668 rfcomm_recv_msc(s, cr, skb);
1673 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1674 rfcomm_send_fcoff(s, 0);
1680 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1681 rfcomm_send_fcon(s, 0);
1687 rfcomm_send_test(s, 0, skb->data, skb->len);
1694 BT_ERR("Unknown control type 0x%02x", type);
1695 rfcomm_send_nsc(s, cr, type);
1701 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1703 struct rfcomm_dlc *d;
1705 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1707 d = rfcomm_dlc_get(s, dlci);
1709 rfcomm_send_dm(s, dlci);
1714 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1716 d->tx_credits += credits;
1718 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1721 if (skb->len && d->state == BT_CONNECTED) {
1724 d->data_ready(d, skb);
1725 rfcomm_dlc_unlock(d);
1734 static struct rfcomm_session *rfcomm_recv_frame(struct rfcomm_session *s,
1735 struct sk_buff *skb)
1737 struct rfcomm_hdr *hdr = (void *) skb->data;
1741 /* no session, so free socket data */
1746 dlci = __get_dlci(hdr->addr);
1747 type = __get_type(hdr->ctrl);
1750 skb->len--; skb->tail--;
1751 fcs = *(u8 *)skb_tail_pointer(skb);
1753 if (__check_fcs(skb->data, type, fcs)) {
1754 BT_ERR("bad checksum in packet");
1759 if (__test_ea(hdr->len))
1766 if (__test_pf(hdr->ctrl))
1767 rfcomm_recv_sabm(s, dlci);
1771 if (__test_pf(hdr->ctrl))
1772 s = rfcomm_recv_disc(s, dlci);
1776 if (__test_pf(hdr->ctrl))
1777 s = rfcomm_recv_ua(s, dlci);
1781 s = rfcomm_recv_dm(s, dlci);
1786 rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1789 rfcomm_recv_mcc(s, skb);
1793 BT_ERR("Unknown packet type 0x%02x", type);
1800 /* ---- Connection and data processing ---- */
1802 static void rfcomm_process_connect(struct rfcomm_session *s)
1804 struct rfcomm_dlc *d, *n;
1806 BT_DBG("session %p state %ld", s, s->state);
1808 list_for_each_entry_safe(d, n, &s->dlcs, list) {
1809 if (d->state == BT_CONFIG) {
1811 if (rfcomm_check_security(d)) {
1812 rfcomm_send_pn(s, 1, d);
1814 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1815 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1821 /* Send data queued for the DLC.
1822 * Return number of frames left in the queue.
1824 static int rfcomm_process_tx(struct rfcomm_dlc *d)
1826 struct sk_buff *skb;
1829 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1830 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1832 /* Send pending MSC */
1833 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1834 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1838 * Give them some credits */
1839 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1840 d->rx_credits <= (d->cfc >> 2)) {
1841 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1842 d->rx_credits = d->cfc;
1846 * Give ourselves some credits */
1850 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1851 return skb_queue_len(&d->tx_queue);
1853 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1854 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1856 skb_queue_head(&d->tx_queue, skb);
1863 if (d->cfc && !d->tx_credits) {
1864 /* We're out of TX credits.
1865 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1866 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1869 return skb_queue_len(&d->tx_queue);
1872 static void rfcomm_process_dlcs(struct rfcomm_session *s)
1874 struct rfcomm_dlc *d, *n;
1876 BT_DBG("session %p state %ld", s, s->state);
1878 list_for_each_entry_safe(d, n, &s->dlcs, list) {
1879 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1880 __rfcomm_dlc_close(d, ETIMEDOUT);
1884 if (test_bit(RFCOMM_ENC_DROP, &d->flags)) {
1885 __rfcomm_dlc_close(d, ECONNREFUSED);
1889 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1890 rfcomm_dlc_clear_timer(d);
1892 rfcomm_send_pn(s, 1, d);
1893 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1895 if (d->defer_setup) {
1896 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1897 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1900 d->state = BT_CONNECT2;
1901 d->state_change(d, 0);
1902 rfcomm_dlc_unlock(d);
1904 rfcomm_dlc_accept(d);
1907 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1908 rfcomm_dlc_clear_timer(d);
1910 rfcomm_send_dm(s, d->dlci);
1912 d->state = BT_CLOSED;
1913 __rfcomm_dlc_close(d, ECONNREFUSED);
1917 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1920 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1923 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1924 d->mscex == RFCOMM_MSCEX_OK)
1925 rfcomm_process_tx(d);
1929 static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s)
1931 struct socket *sock = s->sock;
1932 struct sock *sk = sock->sk;
1933 struct sk_buff *skb;
1935 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1937 /* Get data directly from socket receive queue without copying it. */
1938 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1940 if (!skb_linearize(skb) && sk->sk_state != BT_CLOSED) {
1941 s = rfcomm_recv_frame(s, skb);
1949 if (s && (sk->sk_state == BT_CLOSED))
1950 s = rfcomm_session_close(s, sk->sk_err);
1955 static void rfcomm_accept_connection(struct rfcomm_session *s)
1957 struct socket *sock = s->sock, *nsock;
1960 /* Fast check for a new connection.
1961 * Avoids unnesesary socket allocations. */
1962 if (list_empty(&bt_sk(sock->sk)->accept_q))
1965 BT_DBG("session %p", s);
1967 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1971 /* Set our callbacks */
1972 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1973 nsock->sk->sk_state_change = rfcomm_l2state_change;
1975 s = rfcomm_session_add(nsock, BT_OPEN);
1977 /* We should adjust MTU on incoming sessions.
1978 * L2CAP MTU minus UIH header and FCS. */
1979 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1980 l2cap_pi(nsock->sk)->chan->imtu) - 5;
1984 sock_release(nsock);
1987 static struct rfcomm_session *rfcomm_check_connection(struct rfcomm_session *s)
1989 struct sock *sk = s->sock->sk;
1991 BT_DBG("%p state %ld", s, s->state);
1993 switch (sk->sk_state) {
1995 s->state = BT_CONNECT;
1997 /* We can adjust MTU on outgoing sessions.
1998 * L2CAP MTU minus UIH header and FCS. */
1999 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
2001 rfcomm_send_sabm(s, 0);
2005 s = rfcomm_session_close(s, sk->sk_err);
2011 static void rfcomm_process_sessions(void)
2013 struct rfcomm_session *s, *n;
2017 list_for_each_entry_safe(s, n, &session_list, list) {
2018 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
2019 s->state = BT_DISCONN;
2020 rfcomm_send_disc(s, 0);
2026 rfcomm_accept_connection(s);
2030 s = rfcomm_check_connection(s);
2034 s = rfcomm_process_rx(s);
2039 rfcomm_process_dlcs(s);
2045 static int rfcomm_add_listener(bdaddr_t *ba)
2047 struct sockaddr_l2 addr;
2048 struct socket *sock;
2050 struct rfcomm_session *s;
2054 err = rfcomm_l2sock_create(&sock);
2056 BT_ERR("Create socket failed %d", err);
2061 bacpy(&addr.l2_bdaddr, ba);
2062 addr.l2_family = AF_BLUETOOTH;
2063 addr.l2_psm = cpu_to_le16(L2CAP_PSM_RFCOMM);
2065 addr.l2_bdaddr_type = BDADDR_BREDR;
2066 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
2068 BT_ERR("Bind failed %d", err);
2072 /* Set L2CAP options */
2075 /* Set MTU to 0 so L2CAP can auto select the MTU */
2076 l2cap_pi(sk)->chan->imtu = 0;
2079 /* Start listening on the socket */
2080 err = kernel_listen(sock, 10);
2082 BT_ERR("Listen failed %d", err);
2086 /* Add listening session */
2087 s = rfcomm_session_add(sock, BT_LISTEN);
2099 static void rfcomm_kill_listener(void)
2101 struct rfcomm_session *s, *n;
2105 list_for_each_entry_safe(s, n, &session_list, list)
2106 rfcomm_session_del(s);
2109 static int rfcomm_run(void *unused)
2111 DEFINE_WAIT_FUNC(wait, woken_wake_function);
2114 set_user_nice(current, -10);
2116 rfcomm_add_listener(BDADDR_ANY);
2118 add_wait_queue(&rfcomm_wq, &wait);
2119 while (!kthread_should_stop()) {
2122 rfcomm_process_sessions();
2124 wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
2126 remove_wait_queue(&rfcomm_wq, &wait);
2128 rfcomm_kill_listener();
2133 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2135 struct rfcomm_session *s;
2136 struct rfcomm_dlc *d, *n;
2138 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2140 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2144 list_for_each_entry_safe(d, n, &s->dlcs, list) {
2145 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2146 rfcomm_dlc_clear_timer(d);
2147 if (status || encrypt == 0x00) {
2148 set_bit(RFCOMM_ENC_DROP, &d->flags);
2153 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2154 if (d->sec_level == BT_SECURITY_MEDIUM) {
2155 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2156 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2158 } else if (d->sec_level == BT_SECURITY_HIGH ||
2159 d->sec_level == BT_SECURITY_FIPS) {
2160 set_bit(RFCOMM_ENC_DROP, &d->flags);
2165 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2168 if (!status && hci_conn_check_secure(conn, d->sec_level))
2169 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2171 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2177 static struct hci_cb rfcomm_cb = {
2179 .security_cfm = rfcomm_security_cfm
2182 static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2184 struct rfcomm_session *s;
2188 list_for_each_entry(s, &session_list, list) {
2189 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
2190 struct rfcomm_dlc *d;
2191 list_for_each_entry(d, &s->dlcs, list) {
2192 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n",
2193 &chan->src, &chan->dst,
2194 d->state, d->dlci, d->mtu,
2195 d->rx_credits, d->tx_credits);
2204 DEFINE_SHOW_ATTRIBUTE(rfcomm_dlc_debugfs);
2206 static struct dentry *rfcomm_dlc_debugfs;
2208 /* ---- Initialization ---- */
2209 static int __init rfcomm_init(void)
2213 hci_register_cb(&rfcomm_cb);
2215 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2216 if (IS_ERR(rfcomm_thread)) {
2217 err = PTR_ERR(rfcomm_thread);
2221 err = rfcomm_init_ttys();
2225 err = rfcomm_init_sockets();
2229 BT_INFO("RFCOMM ver %s", VERSION);
2231 if (IS_ERR_OR_NULL(bt_debugfs))
2234 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2236 &rfcomm_dlc_debugfs_fops);
2241 rfcomm_cleanup_ttys();
2244 kthread_stop(rfcomm_thread);
2247 hci_unregister_cb(&rfcomm_cb);
2252 static void __exit rfcomm_exit(void)
2254 debugfs_remove(rfcomm_dlc_debugfs);
2256 hci_unregister_cb(&rfcomm_cb);
2258 kthread_stop(rfcomm_thread);
2260 rfcomm_cleanup_ttys();
2262 rfcomm_cleanup_sockets();
2265 module_init(rfcomm_init);
2266 module_exit(rfcomm_exit);
2268 module_param(disable_cfc, bool, 0644);
2269 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2271 module_param(channel_mtu, int, 0644);
2272 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2274 module_param(l2cap_ertm, bool, 0644);
2275 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2277 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2278 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2279 MODULE_VERSION(VERSION);
2280 MODULE_LICENSE("GPL");
2281 MODULE_ALIAS("bt-proto-3");
projects / releases.git / blob