2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
28 #include <linux/module.h>
29 #include <linux/debugfs.h>
30 #include <linux/kthread.h>
31 #include <asm/unaligned.h>
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35 #include <net/bluetooth/l2cap.h>
36 #include <net/bluetooth/rfcomm.h>
38 #define VERSION "1.11"
40 static bool disable_cfc;
41 static bool l2cap_ertm;
42 static int channel_mtu = -1;
43 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
45 static struct task_struct *rfcomm_thread;
47 static DEFINE_MUTEX(rfcomm_mutex);
48 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
49 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
52 static LIST_HEAD(session_list);
54 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
55 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
56 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
57 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
58 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
59 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
60 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
61 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
62 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
63 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
65 static void rfcomm_process_connect(struct rfcomm_session *s);
67 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
71 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
72 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s);
74 /* ---- RFCOMM frame parsing macros ---- */
75 #define __get_dlci(b) ((b & 0xfc) >> 2)
76 #define __get_channel(b) ((b & 0xf8) >> 3)
77 #define __get_dir(b) ((b & 0x04) >> 2)
78 #define __get_type(b) ((b & 0xef))
80 #define __test_ea(b) ((b & 0x01))
81 #define __test_cr(b) (!!(b & 0x02))
82 #define __test_pf(b) (!!(b & 0x10))
84 #define __session_dir(s) ((s)->initiator ? 0x00 : 0x01)
86 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
87 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
88 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
89 #define __srv_channel(dlci) (dlci >> 1)
90 #define __dir(dlci) (dlci & 0x01)
92 #define __len8(len) (((len) << 1) | 1)
93 #define __len16(len) ((len) << 1)
96 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
97 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
98 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
101 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
102 #define __get_rpn_data_bits(line) ((line) & 0x3)
103 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
104 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
106 static DECLARE_WAIT_QUEUE_HEAD(rfcomm_wq);
108 static void rfcomm_schedule(void)
110 wake_up_all(&rfcomm_wq);
113 /* ---- RFCOMM FCS computation ---- */
115 /* reversed, 8-bit, poly=0x07 */
116 static unsigned char rfcomm_crc_table[256] = {
117 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
118 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
119 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
120 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
122 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
123 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
124 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
125 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
127 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
128 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
129 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
130 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
132 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
133 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
134 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
135 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
137 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
138 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
139 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
140 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
142 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
143 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
144 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
145 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
147 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
148 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
149 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
150 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
152 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
153 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
154 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
155 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
159 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
162 static inline u8 __fcs(u8 *data)
164 return 0xff - __crc(data);
168 static inline u8 __fcs2(u8 *data)
170 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
174 static inline int __check_fcs(u8 *data, int type, u8 fcs)
178 if (type != RFCOMM_UIH)
179 f = rfcomm_crc_table[f ^ data[2]];
181 return rfcomm_crc_table[f ^ fcs] != 0xcf;
184 /* ---- L2CAP callbacks ---- */
185 static void rfcomm_l2state_change(struct sock *sk)
187 BT_DBG("%p state %d", sk, sk->sk_state);
191 static void rfcomm_l2data_ready(struct sock *sk)
197 static int rfcomm_l2sock_create(struct socket **sock)
203 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
205 struct sock *sk = (*sock)->sk;
206 sk->sk_data_ready = rfcomm_l2data_ready;
207 sk->sk_state_change = rfcomm_l2state_change;
212 static int rfcomm_check_security(struct rfcomm_dlc *d)
214 struct sock *sk = d->session->sock->sk;
215 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
219 switch (d->sec_level) {
220 case BT_SECURITY_HIGH:
221 case BT_SECURITY_FIPS:
222 auth_type = HCI_AT_GENERAL_BONDING_MITM;
224 case BT_SECURITY_MEDIUM:
225 auth_type = HCI_AT_GENERAL_BONDING;
228 auth_type = HCI_AT_NO_BONDING;
232 return hci_conn_security(conn->hcon, d->sec_level, auth_type,
236 static void rfcomm_session_timeout(unsigned long arg)
238 struct rfcomm_session *s = (void *) arg;
240 BT_DBG("session %p state %ld", s, s->state);
242 set_bit(RFCOMM_TIMED_OUT, &s->flags);
246 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
248 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
250 mod_timer(&s->timer, jiffies + timeout);
253 static void rfcomm_session_clear_timer(struct rfcomm_session *s)
255 BT_DBG("session %p state %ld", s, s->state);
257 del_timer_sync(&s->timer);
260 /* ---- RFCOMM DLCs ---- */
261 static void rfcomm_dlc_timeout(unsigned long arg)
263 struct rfcomm_dlc *d = (void *) arg;
265 BT_DBG("dlc %p state %ld", d, d->state);
267 set_bit(RFCOMM_TIMED_OUT, &d->flags);
272 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
274 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
276 if (!mod_timer(&d->timer, jiffies + timeout))
280 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
282 BT_DBG("dlc %p state %ld", d, d->state);
284 if (del_timer(&d->timer))
288 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
295 d->sec_level = BT_SECURITY_LOW;
296 d->mtu = RFCOMM_DEFAULT_MTU;
297 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
299 d->cfc = RFCOMM_CFC_DISABLED;
300 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
303 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
305 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
310 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
312 skb_queue_head_init(&d->tx_queue);
313 mutex_init(&d->lock);
314 atomic_set(&d->refcnt, 1);
316 rfcomm_dlc_clear_state(d);
323 void rfcomm_dlc_free(struct rfcomm_dlc *d)
327 skb_queue_purge(&d->tx_queue);
331 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
333 BT_DBG("dlc %p session %p", d, s);
335 rfcomm_session_clear_timer(s);
337 list_add(&d->list, &s->dlcs);
341 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
343 struct rfcomm_session *s = d->session;
345 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
351 if (list_empty(&s->dlcs))
352 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
355 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
357 struct rfcomm_dlc *d;
359 list_for_each_entry(d, &s->dlcs, list)
366 static int rfcomm_check_channel(u8 channel)
368 return channel < 1 || channel > 30;
371 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
373 struct rfcomm_session *s;
377 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d",
378 d, d->state, src, dst, channel);
380 if (rfcomm_check_channel(channel))
383 if (d->state != BT_OPEN && d->state != BT_CLOSED)
386 s = rfcomm_session_get(src, dst);
388 s = rfcomm_session_create(src, dst, d->sec_level, &err);
393 dlci = __dlci(__session_dir(s), channel);
395 /* Check if DLCI already exists */
396 if (rfcomm_dlc_get(s, dlci))
399 rfcomm_dlc_clear_state(d);
402 d->addr = __addr(s->initiator, dlci);
405 d->state = BT_CONFIG;
406 rfcomm_dlc_link(s, d);
411 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
413 if (s->state == BT_CONNECTED) {
414 if (rfcomm_check_security(d))
415 rfcomm_send_pn(s, 1, d);
417 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
420 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
425 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
431 r = __rfcomm_dlc_open(d, src, dst, channel);
437 static void __rfcomm_dlc_disconn(struct rfcomm_dlc *d)
439 struct rfcomm_session *s = d->session;
441 d->state = BT_DISCONN;
442 if (skb_queue_empty(&d->tx_queue)) {
443 rfcomm_send_disc(s, d->dlci);
444 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
446 rfcomm_queue_disc(d);
447 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
451 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
453 struct rfcomm_session *s = d->session;
457 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
458 d, d->state, d->dlci, err, s);
465 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
466 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
475 __rfcomm_dlc_disconn(d);
479 if (s->state != BT_BOUND) {
480 __rfcomm_dlc_disconn(d);
483 /* if closing a dlc in a session that hasn't been started,
484 * just close and unlink the dlc
488 rfcomm_dlc_clear_timer(d);
491 d->state = BT_CLOSED;
492 d->state_change(d, err);
493 rfcomm_dlc_unlock(d);
495 skb_queue_purge(&d->tx_queue);
496 rfcomm_dlc_unlink(d);
502 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
505 struct rfcomm_dlc *d_list;
506 struct rfcomm_session *s, *s_list;
508 BT_DBG("dlc %p state %ld dlci %d err %d", d, d->state, d->dlci, err);
516 /* after waiting on the mutex check the session still exists
517 * then check the dlc still exists
519 list_for_each_entry(s_list, &session_list, list) {
521 list_for_each_entry(d_list, &s->dlcs, list) {
523 r = __rfcomm_dlc_close(d, err);
536 struct rfcomm_dlc *rfcomm_dlc_exists(bdaddr_t *src, bdaddr_t *dst, u8 channel)
538 struct rfcomm_session *s;
539 struct rfcomm_dlc *dlc = NULL;
542 if (rfcomm_check_channel(channel))
543 return ERR_PTR(-EINVAL);
546 s = rfcomm_session_get(src, dst);
548 dlci = __dlci(__session_dir(s), channel);
549 dlc = rfcomm_dlc_get(s, dlci);
555 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
559 if (d->state != BT_CONNECTED)
562 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
567 rfcomm_make_uih(skb, d->addr);
568 skb_queue_tail(&d->tx_queue, skb);
570 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
575 void rfcomm_dlc_send_noerror(struct rfcomm_dlc *d, struct sk_buff *skb)
579 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
581 rfcomm_make_uih(skb, d->addr);
582 skb_queue_tail(&d->tx_queue, skb);
584 if (d->state == BT_CONNECTED &&
585 !test_bit(RFCOMM_TX_THROTTLED, &d->flags))
589 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
591 BT_DBG("dlc %p state %ld", d, d->state);
594 d->v24_sig |= RFCOMM_V24_FC;
595 set_bit(RFCOMM_MSC_PENDING, &d->flags);
600 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
602 BT_DBG("dlc %p state %ld", d, d->state);
605 d->v24_sig &= ~RFCOMM_V24_FC;
606 set_bit(RFCOMM_MSC_PENDING, &d->flags);
612 Set/get modem status functions use _local_ status i.e. what we report
614 Remote status is provided by dlc->modem_status() callback.
616 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
618 BT_DBG("dlc %p state %ld v24_sig 0x%x",
619 d, d->state, v24_sig);
621 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
622 v24_sig |= RFCOMM_V24_FC;
624 v24_sig &= ~RFCOMM_V24_FC;
626 d->v24_sig = v24_sig;
628 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
634 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
636 BT_DBG("dlc %p state %ld v24_sig 0x%x",
637 d, d->state, d->v24_sig);
639 *v24_sig = d->v24_sig;
643 /* ---- RFCOMM sessions ---- */
644 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
646 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
651 BT_DBG("session %p sock %p", s, sock);
653 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
655 INIT_LIST_HEAD(&s->dlcs);
659 s->mtu = RFCOMM_DEFAULT_MTU;
660 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
662 /* Do not increment module usage count for listening sessions.
663 * Otherwise we won't be able to unload the module. */
664 if (state != BT_LISTEN)
665 if (!try_module_get(THIS_MODULE)) {
670 list_add(&s->list, &session_list);
675 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s)
677 int state = s->state;
679 BT_DBG("session %p state %ld", s, s->state);
683 rfcomm_session_clear_timer(s);
684 sock_release(s->sock);
687 if (state != BT_LISTEN)
688 module_put(THIS_MODULE);
693 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
695 struct rfcomm_session *s;
696 struct list_head *p, *n;
697 struct l2cap_chan *chan;
698 list_for_each_safe(p, n, &session_list) {
699 s = list_entry(p, struct rfcomm_session, list);
700 chan = l2cap_pi(s->sock->sk)->chan;
702 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&chan->src, src)) &&
703 !bacmp(&chan->dst, dst))
709 static struct rfcomm_session *rfcomm_session_close(struct rfcomm_session *s,
712 struct rfcomm_dlc *d;
713 struct list_head *p, *n;
715 s->state = BT_CLOSED;
717 BT_DBG("session %p state %ld err %d", s, s->state, err);
720 list_for_each_safe(p, n, &s->dlcs) {
721 d = list_entry(p, struct rfcomm_dlc, list);
722 d->state = BT_CLOSED;
723 __rfcomm_dlc_close(d, err);
726 rfcomm_session_clear_timer(s);
727 return rfcomm_session_del(s);
730 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
735 struct rfcomm_session *s = NULL;
736 struct sockaddr_l2 addr;
740 BT_DBG("%pMR -> %pMR", src, dst);
742 *err = rfcomm_l2sock_create(&sock);
746 bacpy(&addr.l2_bdaddr, src);
747 addr.l2_family = AF_BLUETOOTH;
750 addr.l2_bdaddr_type = BDADDR_BREDR;
751 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
755 /* Set L2CAP options */
758 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
759 l2cap_pi(sk)->chan->sec_level = sec_level;
761 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
764 s = rfcomm_session_add(sock, BT_BOUND);
772 bacpy(&addr.l2_bdaddr, dst);
773 addr.l2_family = AF_BLUETOOTH;
774 addr.l2_psm = cpu_to_le16(L2CAP_PSM_RFCOMM);
776 addr.l2_bdaddr_type = BDADDR_BREDR;
777 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
778 if (*err == 0 || *err == -EINPROGRESS)
781 return rfcomm_session_del(s);
788 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
790 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
792 bacpy(src, &chan->src);
794 bacpy(dst, &chan->dst);
797 /* ---- RFCOMM frame sending ---- */
798 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
800 struct kvec iv = { data, len };
803 BT_DBG("session %p len %d", s, len);
805 memset(&msg, 0, sizeof(msg));
807 return kernel_sendmsg(s->sock, &msg, &iv, 1, len);
810 static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd)
812 BT_DBG("%p cmd %u", s, cmd->ctrl);
814 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd));
817 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
819 struct rfcomm_cmd cmd;
821 BT_DBG("%p dlci %d", s, dlci);
823 cmd.addr = __addr(s->initiator, dlci);
824 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
826 cmd.fcs = __fcs2((u8 *) &cmd);
828 return rfcomm_send_cmd(s, &cmd);
831 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
833 struct rfcomm_cmd cmd;
835 BT_DBG("%p dlci %d", s, dlci);
837 cmd.addr = __addr(!s->initiator, dlci);
838 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
840 cmd.fcs = __fcs2((u8 *) &cmd);
842 return rfcomm_send_cmd(s, &cmd);
845 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
847 struct rfcomm_cmd cmd;
849 BT_DBG("%p dlci %d", s, dlci);
851 cmd.addr = __addr(s->initiator, dlci);
852 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
854 cmd.fcs = __fcs2((u8 *) &cmd);
856 return rfcomm_send_cmd(s, &cmd);
859 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
861 struct rfcomm_cmd *cmd;
864 BT_DBG("dlc %p dlci %d", d, d->dlci);
866 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
870 cmd = (void *) __skb_put(skb, sizeof(*cmd));
872 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
873 cmd->len = __len8(0);
874 cmd->fcs = __fcs2((u8 *) cmd);
876 skb_queue_tail(&d->tx_queue, skb);
881 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
883 struct rfcomm_cmd cmd;
885 BT_DBG("%p dlci %d", s, dlci);
887 cmd.addr = __addr(!s->initiator, dlci);
888 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
890 cmd.fcs = __fcs2((u8 *) &cmd);
892 return rfcomm_send_cmd(s, &cmd);
895 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
897 struct rfcomm_hdr *hdr;
898 struct rfcomm_mcc *mcc;
899 u8 buf[16], *ptr = buf;
901 BT_DBG("%p cr %d type %d", s, cr, type);
903 hdr = (void *) ptr; ptr += sizeof(*hdr);
904 hdr->addr = __addr(s->initiator, 0);
905 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
906 hdr->len = __len8(sizeof(*mcc) + 1);
908 mcc = (void *) ptr; ptr += sizeof(*mcc);
909 mcc->type = __mcc_type(0, RFCOMM_NSC);
910 mcc->len = __len8(1);
912 /* Type that we didn't like */
913 *ptr = __mcc_type(cr, type); ptr++;
915 *ptr = __fcs(buf); ptr++;
917 return rfcomm_send_frame(s, buf, ptr - buf);
920 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
922 struct rfcomm_hdr *hdr;
923 struct rfcomm_mcc *mcc;
924 struct rfcomm_pn *pn;
925 u8 buf[16], *ptr = buf;
927 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
929 hdr = (void *) ptr; ptr += sizeof(*hdr);
930 hdr->addr = __addr(s->initiator, 0);
931 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
932 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
934 mcc = (void *) ptr; ptr += sizeof(*mcc);
935 mcc->type = __mcc_type(cr, RFCOMM_PN);
936 mcc->len = __len8(sizeof(*pn));
938 pn = (void *) ptr; ptr += sizeof(*pn);
940 pn->priority = d->priority;
945 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
946 pn->credits = RFCOMM_DEFAULT_CREDITS;
952 if (cr && channel_mtu >= 0)
953 pn->mtu = cpu_to_le16(channel_mtu);
955 pn->mtu = cpu_to_le16(d->mtu);
957 *ptr = __fcs(buf); ptr++;
959 return rfcomm_send_frame(s, buf, ptr - buf);
962 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
963 u8 bit_rate, u8 data_bits, u8 stop_bits,
964 u8 parity, u8 flow_ctrl_settings,
965 u8 xon_char, u8 xoff_char, u16 param_mask)
967 struct rfcomm_hdr *hdr;
968 struct rfcomm_mcc *mcc;
969 struct rfcomm_rpn *rpn;
970 u8 buf[16], *ptr = buf;
972 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
973 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
974 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
975 flow_ctrl_settings, xon_char, xoff_char, param_mask);
977 hdr = (void *) ptr; ptr += sizeof(*hdr);
978 hdr->addr = __addr(s->initiator, 0);
979 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
980 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
982 mcc = (void *) ptr; ptr += sizeof(*mcc);
983 mcc->type = __mcc_type(cr, RFCOMM_RPN);
984 mcc->len = __len8(sizeof(*rpn));
986 rpn = (void *) ptr; ptr += sizeof(*rpn);
987 rpn->dlci = __addr(1, dlci);
988 rpn->bit_rate = bit_rate;
989 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
990 rpn->flow_ctrl = flow_ctrl_settings;
991 rpn->xon_char = xon_char;
992 rpn->xoff_char = xoff_char;
993 rpn->param_mask = cpu_to_le16(param_mask);
995 *ptr = __fcs(buf); ptr++;
997 return rfcomm_send_frame(s, buf, ptr - buf);
1000 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
1002 struct rfcomm_hdr *hdr;
1003 struct rfcomm_mcc *mcc;
1004 struct rfcomm_rls *rls;
1005 u8 buf[16], *ptr = buf;
1007 BT_DBG("%p cr %d status 0x%x", s, cr, status);
1009 hdr = (void *) ptr; ptr += sizeof(*hdr);
1010 hdr->addr = __addr(s->initiator, 0);
1011 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1012 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
1014 mcc = (void *) ptr; ptr += sizeof(*mcc);
1015 mcc->type = __mcc_type(cr, RFCOMM_RLS);
1016 mcc->len = __len8(sizeof(*rls));
1018 rls = (void *) ptr; ptr += sizeof(*rls);
1019 rls->dlci = __addr(1, dlci);
1020 rls->status = status;
1022 *ptr = __fcs(buf); ptr++;
1024 return rfcomm_send_frame(s, buf, ptr - buf);
1027 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
1029 struct rfcomm_hdr *hdr;
1030 struct rfcomm_mcc *mcc;
1031 struct rfcomm_msc *msc;
1032 u8 buf[16], *ptr = buf;
1034 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
1036 hdr = (void *) ptr; ptr += sizeof(*hdr);
1037 hdr->addr = __addr(s->initiator, 0);
1038 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1039 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
1041 mcc = (void *) ptr; ptr += sizeof(*mcc);
1042 mcc->type = __mcc_type(cr, RFCOMM_MSC);
1043 mcc->len = __len8(sizeof(*msc));
1045 msc = (void *) ptr; ptr += sizeof(*msc);
1046 msc->dlci = __addr(1, dlci);
1047 msc->v24_sig = v24_sig | 0x01;
1049 *ptr = __fcs(buf); ptr++;
1051 return rfcomm_send_frame(s, buf, ptr - buf);
1054 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
1056 struct rfcomm_hdr *hdr;
1057 struct rfcomm_mcc *mcc;
1058 u8 buf[16], *ptr = buf;
1060 BT_DBG("%p cr %d", s, cr);
1062 hdr = (void *) ptr; ptr += sizeof(*hdr);
1063 hdr->addr = __addr(s->initiator, 0);
1064 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1065 hdr->len = __len8(sizeof(*mcc));
1067 mcc = (void *) ptr; ptr += sizeof(*mcc);
1068 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1069 mcc->len = __len8(0);
1071 *ptr = __fcs(buf); ptr++;
1073 return rfcomm_send_frame(s, buf, ptr - buf);
1076 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1078 struct rfcomm_hdr *hdr;
1079 struct rfcomm_mcc *mcc;
1080 u8 buf[16], *ptr = buf;
1082 BT_DBG("%p cr %d", s, cr);
1084 hdr = (void *) ptr; ptr += sizeof(*hdr);
1085 hdr->addr = __addr(s->initiator, 0);
1086 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1087 hdr->len = __len8(sizeof(*mcc));
1089 mcc = (void *) ptr; ptr += sizeof(*mcc);
1090 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1091 mcc->len = __len8(0);
1093 *ptr = __fcs(buf); ptr++;
1095 return rfcomm_send_frame(s, buf, ptr - buf);
1098 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1100 struct socket *sock = s->sock;
1103 unsigned char hdr[5], crc[1];
1108 BT_DBG("%p cr %d", s, cr);
1110 hdr[0] = __addr(s->initiator, 0);
1111 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1112 hdr[2] = 0x01 | ((len + 2) << 1);
1113 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1114 hdr[4] = 0x01 | (len << 1);
1116 crc[0] = __fcs(hdr);
1118 iv[0].iov_base = hdr;
1120 iv[1].iov_base = pattern;
1121 iv[1].iov_len = len;
1122 iv[2].iov_base = crc;
1125 memset(&msg, 0, sizeof(msg));
1127 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1130 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1132 struct rfcomm_hdr *hdr;
1133 u8 buf[16], *ptr = buf;
1135 BT_DBG("%p addr %d credits %d", s, addr, credits);
1137 hdr = (void *) ptr; ptr += sizeof(*hdr);
1139 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1140 hdr->len = __len8(0);
1142 *ptr = credits; ptr++;
1144 *ptr = __fcs(buf); ptr++;
1146 return rfcomm_send_frame(s, buf, ptr - buf);
1149 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1151 struct rfcomm_hdr *hdr;
1156 hdr = (void *) skb_push(skb, 4);
1157 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1159 hdr = (void *) skb_push(skb, 3);
1160 hdr->len = __len8(len);
1163 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1165 crc = skb_put(skb, 1);
1166 *crc = __fcs((void *) hdr);
1169 /* ---- RFCOMM frame reception ---- */
1170 static struct rfcomm_session *rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1172 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1176 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1178 rfcomm_send_dm(s, dlci);
1184 rfcomm_dlc_clear_timer(d);
1187 d->state = BT_CONNECTED;
1188 d->state_change(d, 0);
1189 rfcomm_dlc_unlock(d);
1191 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1195 d->state = BT_CLOSED;
1196 __rfcomm_dlc_close(d, 0);
1198 if (list_empty(&s->dlcs)) {
1199 s->state = BT_DISCONN;
1200 rfcomm_send_disc(s, 0);
1201 rfcomm_session_clear_timer(s);
1207 /* Control channel */
1210 s->state = BT_CONNECTED;
1211 rfcomm_process_connect(s);
1215 s = rfcomm_session_close(s, ECONNRESET);
1222 static struct rfcomm_session *rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1226 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1230 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1232 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1237 d->state = BT_CLOSED;
1238 __rfcomm_dlc_close(d, err);
1241 if (s->state == BT_CONNECT)
1246 s = rfcomm_session_close(s, err);
1251 static struct rfcomm_session *rfcomm_recv_disc(struct rfcomm_session *s,
1256 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1259 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1261 rfcomm_send_ua(s, dlci);
1263 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1268 d->state = BT_CLOSED;
1269 __rfcomm_dlc_close(d, err);
1271 rfcomm_send_dm(s, dlci);
1274 rfcomm_send_ua(s, 0);
1276 if (s->state == BT_CONNECT)
1281 s = rfcomm_session_close(s, err);
1286 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1288 struct sock *sk = d->session->sock->sk;
1289 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1291 BT_DBG("dlc %p", d);
1293 rfcomm_send_ua(d->session, d->dlci);
1295 rfcomm_dlc_clear_timer(d);
1298 d->state = BT_CONNECTED;
1299 d->state_change(d, 0);
1300 rfcomm_dlc_unlock(d);
1303 hci_conn_switch_role(conn->hcon, 0x00);
1305 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1308 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1310 if (rfcomm_check_security(d)) {
1311 if (d->defer_setup) {
1312 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1313 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1316 d->state = BT_CONNECT2;
1317 d->state_change(d, 0);
1318 rfcomm_dlc_unlock(d);
1320 rfcomm_dlc_accept(d);
1322 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1323 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1327 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1329 struct rfcomm_dlc *d;
1332 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1335 rfcomm_send_ua(s, 0);
1337 if (s->state == BT_OPEN) {
1338 s->state = BT_CONNECTED;
1339 rfcomm_process_connect(s);
1344 /* Check if DLC exists */
1345 d = rfcomm_dlc_get(s, dlci);
1347 if (d->state == BT_OPEN) {
1348 /* DLC was previously opened by PN request */
1349 rfcomm_check_accept(d);
1354 /* Notify socket layer about incoming connection */
1355 channel = __srv_channel(dlci);
1356 if (rfcomm_connect_ind(s, channel, &d)) {
1358 d->addr = __addr(s->initiator, dlci);
1359 rfcomm_dlc_link(s, d);
1361 rfcomm_check_accept(d);
1363 rfcomm_send_dm(s, dlci);
1369 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1371 struct rfcomm_session *s = d->session;
1373 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1374 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1376 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1377 pn->flow_ctrl == 0xe0) {
1378 d->cfc = RFCOMM_CFC_ENABLED;
1379 d->tx_credits = pn->credits;
1381 d->cfc = RFCOMM_CFC_DISABLED;
1382 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1385 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1388 d->priority = pn->priority;
1390 d->mtu = __le16_to_cpu(pn->mtu);
1392 if (cr && d->mtu > s->mtu)
1398 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1400 struct rfcomm_pn *pn = (void *) skb->data;
1401 struct rfcomm_dlc *d;
1404 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1409 d = rfcomm_dlc_get(s, dlci);
1413 rfcomm_apply_pn(d, cr, pn);
1414 rfcomm_send_pn(s, 0, d);
1419 rfcomm_apply_pn(d, cr, pn);
1421 d->state = BT_CONNECT;
1422 rfcomm_send_sabm(s, d->dlci);
1427 u8 channel = __srv_channel(dlci);
1432 /* PN request for non existing DLC.
1433 * Assume incoming connection. */
1434 if (rfcomm_connect_ind(s, channel, &d)) {
1436 d->addr = __addr(s->initiator, dlci);
1437 rfcomm_dlc_link(s, d);
1439 rfcomm_apply_pn(d, cr, pn);
1442 rfcomm_send_pn(s, 0, d);
1444 rfcomm_send_dm(s, dlci);
1450 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1452 struct rfcomm_rpn *rpn = (void *) skb->data;
1453 u8 dlci = __get_dlci(rpn->dlci);
1462 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1464 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1465 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1466 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1472 /* This is a request, return default (according to ETSI TS 07.10) settings */
1473 bit_rate = RFCOMM_RPN_BR_9600;
1474 data_bits = RFCOMM_RPN_DATA_8;
1475 stop_bits = RFCOMM_RPN_STOP_1;
1476 parity = RFCOMM_RPN_PARITY_NONE;
1477 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1478 xon_char = RFCOMM_RPN_XON_CHAR;
1479 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1483 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1484 * no parity, no flow control lines, normal XON/XOFF chars */
1486 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1487 bit_rate = rpn->bit_rate;
1488 if (bit_rate > RFCOMM_RPN_BR_230400) {
1489 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1490 bit_rate = RFCOMM_RPN_BR_9600;
1491 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1495 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1496 data_bits = __get_rpn_data_bits(rpn->line_settings);
1497 if (data_bits != RFCOMM_RPN_DATA_8) {
1498 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1499 data_bits = RFCOMM_RPN_DATA_8;
1500 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1504 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1505 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1506 if (stop_bits != RFCOMM_RPN_STOP_1) {
1507 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1508 stop_bits = RFCOMM_RPN_STOP_1;
1509 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1513 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1514 parity = __get_rpn_parity(rpn->line_settings);
1515 if (parity != RFCOMM_RPN_PARITY_NONE) {
1516 BT_DBG("RPN parity mismatch 0x%x", parity);
1517 parity = RFCOMM_RPN_PARITY_NONE;
1518 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1522 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1523 flow_ctrl = rpn->flow_ctrl;
1524 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1525 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1526 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1527 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1531 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1532 xon_char = rpn->xon_char;
1533 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1534 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1535 xon_char = RFCOMM_RPN_XON_CHAR;
1536 rpn_mask ^= RFCOMM_RPN_PM_XON;
1540 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1541 xoff_char = rpn->xoff_char;
1542 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1543 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1544 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1545 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1550 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1551 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1556 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1558 struct rfcomm_rls *rls = (void *) skb->data;
1559 u8 dlci = __get_dlci(rls->dlci);
1561 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1566 /* We should probably do something with this information here. But
1567 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1568 * mandatory to recognise and respond to RLS */
1570 rfcomm_send_rls(s, 0, dlci, rls->status);
1575 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1577 struct rfcomm_msc *msc = (void *) skb->data;
1578 struct rfcomm_dlc *d;
1579 u8 dlci = __get_dlci(msc->dlci);
1581 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1583 d = rfcomm_dlc_get(s, dlci);
1588 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1589 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1591 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1595 d->remote_v24_sig = msc->v24_sig;
1597 if (d->modem_status)
1598 d->modem_status(d, msc->v24_sig);
1600 rfcomm_dlc_unlock(d);
1602 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1604 d->mscex |= RFCOMM_MSCEX_RX;
1606 d->mscex |= RFCOMM_MSCEX_TX;
1611 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1613 struct rfcomm_mcc *mcc = (void *) skb->data;
1616 cr = __test_cr(mcc->type);
1617 type = __get_mcc_type(mcc->type);
1618 len = __get_mcc_len(mcc->len);
1620 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1626 rfcomm_recv_pn(s, cr, skb);
1630 rfcomm_recv_rpn(s, cr, len, skb);
1634 rfcomm_recv_rls(s, cr, skb);
1638 rfcomm_recv_msc(s, cr, skb);
1643 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1644 rfcomm_send_fcoff(s, 0);
1650 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1651 rfcomm_send_fcon(s, 0);
1657 rfcomm_send_test(s, 0, skb->data, skb->len);
1664 BT_ERR("Unknown control type 0x%02x", type);
1665 rfcomm_send_nsc(s, cr, type);
1671 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1673 struct rfcomm_dlc *d;
1675 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1677 d = rfcomm_dlc_get(s, dlci);
1679 rfcomm_send_dm(s, dlci);
1684 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1686 d->tx_credits += credits;
1688 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1691 if (skb->len && d->state == BT_CONNECTED) {
1694 d->data_ready(d, skb);
1695 rfcomm_dlc_unlock(d);
1704 static struct rfcomm_session *rfcomm_recv_frame(struct rfcomm_session *s,
1705 struct sk_buff *skb)
1707 struct rfcomm_hdr *hdr = (void *) skb->data;
1711 /* no session, so free socket data */
1716 dlci = __get_dlci(hdr->addr);
1717 type = __get_type(hdr->ctrl);
1720 skb->len--; skb->tail--;
1721 fcs = *(u8 *)skb_tail_pointer(skb);
1723 if (__check_fcs(skb->data, type, fcs)) {
1724 BT_ERR("bad checksum in packet");
1729 if (__test_ea(hdr->len))
1736 if (__test_pf(hdr->ctrl))
1737 rfcomm_recv_sabm(s, dlci);
1741 if (__test_pf(hdr->ctrl))
1742 s = rfcomm_recv_disc(s, dlci);
1746 if (__test_pf(hdr->ctrl))
1747 s = rfcomm_recv_ua(s, dlci);
1751 s = rfcomm_recv_dm(s, dlci);
1756 rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1759 rfcomm_recv_mcc(s, skb);
1763 BT_ERR("Unknown packet type 0x%02x", type);
1770 /* ---- Connection and data processing ---- */
1772 static void rfcomm_process_connect(struct rfcomm_session *s)
1774 struct rfcomm_dlc *d;
1775 struct list_head *p, *n;
1777 BT_DBG("session %p state %ld", s, s->state);
1779 list_for_each_safe(p, n, &s->dlcs) {
1780 d = list_entry(p, struct rfcomm_dlc, list);
1781 if (d->state == BT_CONFIG) {
1783 if (rfcomm_check_security(d)) {
1784 rfcomm_send_pn(s, 1, d);
1786 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1787 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1793 /* Send data queued for the DLC.
1794 * Return number of frames left in the queue.
1796 static int rfcomm_process_tx(struct rfcomm_dlc *d)
1798 struct sk_buff *skb;
1801 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1802 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1804 /* Send pending MSC */
1805 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1806 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1810 * Give them some credits */
1811 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1812 d->rx_credits <= (d->cfc >> 2)) {
1813 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1814 d->rx_credits = d->cfc;
1818 * Give ourselves some credits */
1822 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1823 return skb_queue_len(&d->tx_queue);
1825 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1826 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1828 skb_queue_head(&d->tx_queue, skb);
1835 if (d->cfc && !d->tx_credits) {
1836 /* We're out of TX credits.
1837 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1838 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1841 return skb_queue_len(&d->tx_queue);
1844 static void rfcomm_process_dlcs(struct rfcomm_session *s)
1846 struct rfcomm_dlc *d;
1847 struct list_head *p, *n;
1849 BT_DBG("session %p state %ld", s, s->state);
1851 list_for_each_safe(p, n, &s->dlcs) {
1852 d = list_entry(p, struct rfcomm_dlc, list);
1854 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1855 __rfcomm_dlc_close(d, ETIMEDOUT);
1859 if (test_bit(RFCOMM_ENC_DROP, &d->flags)) {
1860 __rfcomm_dlc_close(d, ECONNREFUSED);
1864 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1865 rfcomm_dlc_clear_timer(d);
1867 rfcomm_send_pn(s, 1, d);
1868 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1870 if (d->defer_setup) {
1871 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1872 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1875 d->state = BT_CONNECT2;
1876 d->state_change(d, 0);
1877 rfcomm_dlc_unlock(d);
1879 rfcomm_dlc_accept(d);
1882 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1883 rfcomm_dlc_clear_timer(d);
1885 rfcomm_send_dm(s, d->dlci);
1887 d->state = BT_CLOSED;
1888 __rfcomm_dlc_close(d, ECONNREFUSED);
1892 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1895 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1898 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1899 d->mscex == RFCOMM_MSCEX_OK)
1900 rfcomm_process_tx(d);
1904 static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s)
1906 struct socket *sock = s->sock;
1907 struct sock *sk = sock->sk;
1908 struct sk_buff *skb;
1910 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1912 /* Get data directly from socket receive queue without copying it. */
1913 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1915 if (!skb_linearize(skb)) {
1916 s = rfcomm_recv_frame(s, skb);
1924 if (s && (sk->sk_state == BT_CLOSED))
1925 s = rfcomm_session_close(s, sk->sk_err);
1930 static void rfcomm_accept_connection(struct rfcomm_session *s)
1932 struct socket *sock = s->sock, *nsock;
1935 /* Fast check for a new connection.
1936 * Avoids unnesesary socket allocations. */
1937 if (list_empty(&bt_sk(sock->sk)->accept_q))
1940 BT_DBG("session %p", s);
1942 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1946 /* Set our callbacks */
1947 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1948 nsock->sk->sk_state_change = rfcomm_l2state_change;
1950 s = rfcomm_session_add(nsock, BT_OPEN);
1952 /* We should adjust MTU on incoming sessions.
1953 * L2CAP MTU minus UIH header and FCS. */
1954 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1955 l2cap_pi(nsock->sk)->chan->imtu) - 5;
1959 sock_release(nsock);
1962 static struct rfcomm_session *rfcomm_check_connection(struct rfcomm_session *s)
1964 struct sock *sk = s->sock->sk;
1966 BT_DBG("%p state %ld", s, s->state);
1968 switch (sk->sk_state) {
1970 s->state = BT_CONNECT;
1972 /* We can adjust MTU on outgoing sessions.
1973 * L2CAP MTU minus UIH header and FCS. */
1974 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
1976 rfcomm_send_sabm(s, 0);
1980 s = rfcomm_session_close(s, sk->sk_err);
1986 static void rfcomm_process_sessions(void)
1988 struct list_head *p, *n;
1992 list_for_each_safe(p, n, &session_list) {
1993 struct rfcomm_session *s;
1994 s = list_entry(p, struct rfcomm_session, list);
1996 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1997 s->state = BT_DISCONN;
1998 rfcomm_send_disc(s, 0);
2004 rfcomm_accept_connection(s);
2008 s = rfcomm_check_connection(s);
2012 s = rfcomm_process_rx(s);
2017 rfcomm_process_dlcs(s);
2023 static int rfcomm_add_listener(bdaddr_t *ba)
2025 struct sockaddr_l2 addr;
2026 struct socket *sock;
2028 struct rfcomm_session *s;
2032 err = rfcomm_l2sock_create(&sock);
2034 BT_ERR("Create socket failed %d", err);
2039 bacpy(&addr.l2_bdaddr, ba);
2040 addr.l2_family = AF_BLUETOOTH;
2041 addr.l2_psm = cpu_to_le16(L2CAP_PSM_RFCOMM);
2043 addr.l2_bdaddr_type = BDADDR_BREDR;
2044 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
2046 BT_ERR("Bind failed %d", err);
2050 /* Set L2CAP options */
2053 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
2056 /* Start listening on the socket */
2057 err = kernel_listen(sock, 10);
2059 BT_ERR("Listen failed %d", err);
2063 /* Add listening session */
2064 s = rfcomm_session_add(sock, BT_LISTEN);
2076 static void rfcomm_kill_listener(void)
2078 struct rfcomm_session *s;
2079 struct list_head *p, *n;
2083 list_for_each_safe(p, n, &session_list) {
2084 s = list_entry(p, struct rfcomm_session, list);
2085 rfcomm_session_del(s);
2089 static int rfcomm_run(void *unused)
2091 DEFINE_WAIT_FUNC(wait, woken_wake_function);
2094 set_user_nice(current, -10);
2096 rfcomm_add_listener(BDADDR_ANY);
2098 add_wait_queue(&rfcomm_wq, &wait);
2099 while (!kthread_should_stop()) {
2102 rfcomm_process_sessions();
2104 wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
2106 remove_wait_queue(&rfcomm_wq, &wait);
2108 rfcomm_kill_listener();
2113 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2115 struct rfcomm_session *s;
2116 struct rfcomm_dlc *d;
2117 struct list_head *p, *n;
2119 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2121 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2125 list_for_each_safe(p, n, &s->dlcs) {
2126 d = list_entry(p, struct rfcomm_dlc, list);
2128 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2129 rfcomm_dlc_clear_timer(d);
2130 if (status || encrypt == 0x00) {
2131 set_bit(RFCOMM_ENC_DROP, &d->flags);
2136 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2137 if (d->sec_level == BT_SECURITY_MEDIUM) {
2138 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2139 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2141 } else if (d->sec_level == BT_SECURITY_HIGH ||
2142 d->sec_level == BT_SECURITY_FIPS) {
2143 set_bit(RFCOMM_ENC_DROP, &d->flags);
2148 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2151 if (!status && hci_conn_check_secure(conn, d->sec_level))
2152 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2154 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2160 static struct hci_cb rfcomm_cb = {
2162 .security_cfm = rfcomm_security_cfm
2165 static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2167 struct rfcomm_session *s;
2171 list_for_each_entry(s, &session_list, list) {
2172 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
2173 struct rfcomm_dlc *d;
2174 list_for_each_entry(d, &s->dlcs, list) {
2175 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n",
2176 &chan->src, &chan->dst,
2177 d->state, d->dlci, d->mtu,
2178 d->rx_credits, d->tx_credits);
2187 static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file)
2189 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private);
2192 static const struct file_operations rfcomm_dlc_debugfs_fops = {
2193 .open = rfcomm_dlc_debugfs_open,
2195 .llseek = seq_lseek,
2196 .release = single_release,
2199 static struct dentry *rfcomm_dlc_debugfs;
2201 /* ---- Initialization ---- */
2202 static int __init rfcomm_init(void)
2206 hci_register_cb(&rfcomm_cb);
2208 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2209 if (IS_ERR(rfcomm_thread)) {
2210 err = PTR_ERR(rfcomm_thread);
2214 err = rfcomm_init_ttys();
2218 err = rfcomm_init_sockets();
2222 BT_INFO("RFCOMM ver %s", VERSION);
2224 if (IS_ERR_OR_NULL(bt_debugfs))
2227 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2229 &rfcomm_dlc_debugfs_fops);
2234 rfcomm_cleanup_ttys();
2237 kthread_stop(rfcomm_thread);
2240 hci_unregister_cb(&rfcomm_cb);
2245 static void __exit rfcomm_exit(void)
2247 debugfs_remove(rfcomm_dlc_debugfs);
2249 hci_unregister_cb(&rfcomm_cb);
2251 kthread_stop(rfcomm_thread);
2253 rfcomm_cleanup_ttys();
2255 rfcomm_cleanup_sockets();
2258 module_init(rfcomm_init);
2259 module_exit(rfcomm_exit);
2261 module_param(disable_cfc, bool, 0644);
2262 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2264 module_param(channel_mtu, int, 0644);
2265 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2267 module_param(l2cap_mtu, uint, 0644);
2268 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2270 module_param(l2cap_ertm, bool, 0644);
2271 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2273 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2274 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2275 MODULE_VERSION(VERSION);
2276 MODULE_LICENSE("GPL");
2277 MODULE_ALIAS("bt-proto-3");
Code Review / kvmfornfv.git / blob