[PATCH] libata: Prevent the interrupt handler from completing a command twice
[linux-2.6/verdex.git] / net / bluetooth / rfcomm / core.c
blobe9e6fda66f1a3e221013c628612808ea5529e2a1
1 /*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
24 /*
25 RPN support - Dirk Husemann <hud@zurich.ibm.com>
29 * Bluetooth RFCOMM core.
31 * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $
34 #include <linux/config.h>
35 #include <linux/module.h>
36 #include <linux/errno.h>
37 #include <linux/kernel.h>
38 #include <linux/sched.h>
39 #include <linux/signal.h>
40 #include <linux/init.h>
41 #include <linux/wait.h>
42 #include <linux/net.h>
43 #include <linux/proc_fs.h>
44 #include <linux/seq_file.h>
45 #include <net/sock.h>
46 #include <asm/uaccess.h>
47 #include <asm/unaligned.h>
49 #include <net/bluetooth/bluetooth.h>
50 #include <net/bluetooth/hci_core.h>
51 #include <net/bluetooth/l2cap.h>
52 #include <net/bluetooth/rfcomm.h>
54 #define VERSION "1.5"
56 #ifndef CONFIG_BT_RFCOMM_DEBUG
57 #undef BT_DBG
58 #define BT_DBG(D...)
59 #endif
61 #ifdef CONFIG_PROC_FS
62 struct proc_dir_entry *proc_bt_rfcomm;
63 #endif
65 static struct task_struct *rfcomm_thread;
67 static DECLARE_MUTEX(rfcomm_sem);
68 #define rfcomm_lock() down(&rfcomm_sem);
69 #define rfcomm_unlock() up(&rfcomm_sem);
71 static unsigned long rfcomm_event;
73 static LIST_HEAD(session_list);
74 static atomic_t terminate, running;
76 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
77 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
78 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
79 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
80 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
81 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
82 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
83 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
84 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
85 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
87 static void rfcomm_process_connect(struct rfcomm_session *s);
89 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
90 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
91 static void rfcomm_session_del(struct rfcomm_session *s);
93 /* ---- RFCOMM frame parsing macros ---- */
94 #define __get_dlci(b) ((b & 0xfc) >> 2)
95 #define __get_channel(b) ((b & 0xf8) >> 3)
96 #define __get_dir(b) ((b & 0x04) >> 2)
97 #define __get_type(b) ((b & 0xef))
99 #define __test_ea(b) ((b & 0x01))
100 #define __test_cr(b) ((b & 0x02))
101 #define __test_pf(b) ((b & 0x10))
103 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
104 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
105 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
106 #define __srv_channel(dlci) (dlci >> 1)
107 #define __dir(dlci) (dlci & 0x01)
109 #define __len8(len) (((len) << 1) | 1)
110 #define __len16(len) ((len) << 1)
112 /* MCC macros */
113 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
114 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
115 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
117 /* RPN macros */
118 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x3) << 3))
119 #define __get_rpn_data_bits(line) ((line) & 0x3)
120 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
121 #define __get_rpn_parity(line) (((line) >> 3) & 0x3)
123 static inline void rfcomm_schedule(uint event)
125 if (!rfcomm_thread)
126 return;
127 //set_bit(event, &rfcomm_event);
128 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
129 wake_up_process(rfcomm_thread);
132 static inline void rfcomm_session_put(struct rfcomm_session *s)
134 if (atomic_dec_and_test(&s->refcnt))
135 rfcomm_session_del(s);
138 /* ---- RFCOMM FCS computation ---- */
140 /* CRC on 2 bytes */
141 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
143 /* FCS on 2 bytes */
144 static inline u8 __fcs(u8 *data)
146 return (0xff - __crc(data));
149 /* FCS on 3 bytes */
150 static inline u8 __fcs2(u8 *data)
152 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
155 /* Check FCS */
156 static inline int __check_fcs(u8 *data, int type, u8 fcs)
158 u8 f = __crc(data);
160 if (type != RFCOMM_UIH)
161 f = rfcomm_crc_table[f ^ data[2]];
163 return rfcomm_crc_table[f ^ fcs] != 0xcf;
166 /* ---- L2CAP callbacks ---- */
167 static void rfcomm_l2state_change(struct sock *sk)
169 BT_DBG("%p state %d", sk, sk->sk_state);
170 rfcomm_schedule(RFCOMM_SCHED_STATE);
173 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
175 BT_DBG("%p bytes %d", sk, bytes);
176 rfcomm_schedule(RFCOMM_SCHED_RX);
179 static int rfcomm_l2sock_create(struct socket **sock)
181 int err;
183 BT_DBG("");
185 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
186 if (!err) {
187 struct sock *sk = (*sock)->sk;
188 sk->sk_data_ready = rfcomm_l2data_ready;
189 sk->sk_state_change = rfcomm_l2state_change;
191 return err;
194 /* ---- RFCOMM DLCs ---- */
195 static void rfcomm_dlc_timeout(unsigned long arg)
197 struct rfcomm_dlc *d = (void *) arg;
199 BT_DBG("dlc %p state %ld", d, d->state);
201 set_bit(RFCOMM_TIMED_OUT, &d->flags);
202 rfcomm_dlc_put(d);
203 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
206 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
208 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
210 if (!mod_timer(&d->timer, jiffies + timeout))
211 rfcomm_dlc_hold(d);
214 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
216 BT_DBG("dlc %p state %ld", d, d->state);
218 if (timer_pending(&d->timer) && del_timer(&d->timer))
219 rfcomm_dlc_put(d);
222 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
224 BT_DBG("%p", d);
226 d->state = BT_OPEN;
227 d->flags = 0;
228 d->mscex = 0;
229 d->mtu = RFCOMM_DEFAULT_MTU;
230 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
232 d->cfc = RFCOMM_CFC_DISABLED;
233 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
236 struct rfcomm_dlc *rfcomm_dlc_alloc(int prio)
238 struct rfcomm_dlc *d = kmalloc(sizeof(*d), prio);
239 if (!d)
240 return NULL;
241 memset(d, 0, sizeof(*d));
243 init_timer(&d->timer);
244 d->timer.function = rfcomm_dlc_timeout;
245 d->timer.data = (unsigned long) d;
247 skb_queue_head_init(&d->tx_queue);
248 spin_lock_init(&d->lock);
249 atomic_set(&d->refcnt, 1);
251 rfcomm_dlc_clear_state(d);
253 BT_DBG("%p", d);
254 return d;
257 void rfcomm_dlc_free(struct rfcomm_dlc *d)
259 BT_DBG("%p", d);
261 skb_queue_purge(&d->tx_queue);
262 kfree(d);
265 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
267 BT_DBG("dlc %p session %p", d, s);
269 rfcomm_session_hold(s);
271 rfcomm_dlc_hold(d);
272 list_add(&d->list, &s->dlcs);
273 d->session = s;
276 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
278 struct rfcomm_session *s = d->session;
280 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
282 list_del(&d->list);
283 d->session = NULL;
284 rfcomm_dlc_put(d);
286 rfcomm_session_put(s);
289 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
291 struct rfcomm_dlc *d;
292 struct list_head *p;
294 list_for_each(p, &s->dlcs) {
295 d = list_entry(p, struct rfcomm_dlc, list);
296 if (d->dlci == dlci)
297 return d;
299 return NULL;
302 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
304 struct rfcomm_session *s;
305 int err = 0;
306 u8 dlci;
308 BT_DBG("dlc %p state %ld %s %s channel %d",
309 d, d->state, batostr(src), batostr(dst), channel);
311 if (channel < 1 || channel > 30)
312 return -EINVAL;
314 if (d->state != BT_OPEN && d->state != BT_CLOSED)
315 return 0;
317 s = rfcomm_session_get(src, dst);
318 if (!s) {
319 s = rfcomm_session_create(src, dst, &err);
320 if (!s)
321 return err;
324 dlci = __dlci(!s->initiator, channel);
326 /* Check if DLCI already exists */
327 if (rfcomm_dlc_get(s, dlci))
328 return -EBUSY;
330 rfcomm_dlc_clear_state(d);
332 d->dlci = dlci;
333 d->addr = __addr(s->initiator, dlci);
334 d->priority = 7;
336 d->state = BT_CONFIG;
337 rfcomm_dlc_link(s, d);
339 d->mtu = s->mtu;
340 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
342 if (s->state == BT_CONNECTED)
343 rfcomm_send_pn(s, 1, d);
344 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
345 return 0;
348 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
350 int r;
352 rfcomm_lock();
354 r = __rfcomm_dlc_open(d, src, dst, channel);
356 rfcomm_unlock();
357 return r;
360 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
362 struct rfcomm_session *s = d->session;
363 if (!s)
364 return 0;
366 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
367 d, d->state, d->dlci, err, s);
369 switch (d->state) {
370 case BT_CONNECTED:
371 case BT_CONFIG:
372 case BT_CONNECT:
373 d->state = BT_DISCONN;
374 if (skb_queue_empty(&d->tx_queue)) {
375 rfcomm_send_disc(s, d->dlci);
376 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
377 } else {
378 rfcomm_queue_disc(d);
379 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
381 break;
383 default:
384 rfcomm_dlc_clear_timer(d);
386 rfcomm_dlc_lock(d);
387 d->state = BT_CLOSED;
388 d->state_change(d, err);
389 rfcomm_dlc_unlock(d);
391 skb_queue_purge(&d->tx_queue);
392 rfcomm_session_put(s);
394 rfcomm_dlc_unlink(d);
397 return 0;
400 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
402 int r;
404 rfcomm_lock();
406 r = __rfcomm_dlc_close(d, err);
408 rfcomm_unlock();
409 return r;
412 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
414 int len = skb->len;
416 if (d->state != BT_CONNECTED)
417 return -ENOTCONN;
419 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
421 if (len > d->mtu)
422 return -EINVAL;
424 rfcomm_make_uih(skb, d->addr);
425 skb_queue_tail(&d->tx_queue, skb);
427 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
428 rfcomm_schedule(RFCOMM_SCHED_TX);
429 return len;
432 void fastcall __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
434 BT_DBG("dlc %p state %ld", d, d->state);
436 if (!d->cfc) {
437 d->v24_sig |= RFCOMM_V24_FC;
438 set_bit(RFCOMM_MSC_PENDING, &d->flags);
440 rfcomm_schedule(RFCOMM_SCHED_TX);
443 void fastcall __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
445 BT_DBG("dlc %p state %ld", d, d->state);
447 if (!d->cfc) {
448 d->v24_sig &= ~RFCOMM_V24_FC;
449 set_bit(RFCOMM_MSC_PENDING, &d->flags);
451 rfcomm_schedule(RFCOMM_SCHED_TX);
455 Set/get modem status functions use _local_ status i.e. what we report
456 to the other side.
457 Remote status is provided by dlc->modem_status() callback.
459 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
461 BT_DBG("dlc %p state %ld v24_sig 0x%x",
462 d, d->state, v24_sig);
464 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
465 v24_sig |= RFCOMM_V24_FC;
466 else
467 v24_sig &= ~RFCOMM_V24_FC;
469 d->v24_sig = v24_sig;
471 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
472 rfcomm_schedule(RFCOMM_SCHED_TX);
474 return 0;
477 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
479 BT_DBG("dlc %p state %ld v24_sig 0x%x",
480 d, d->state, d->v24_sig);
482 *v24_sig = d->v24_sig;
483 return 0;
486 /* ---- RFCOMM sessions ---- */
487 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
489 struct rfcomm_session *s = kmalloc(sizeof(*s), GFP_KERNEL);
490 if (!s)
491 return NULL;
492 memset(s, 0, sizeof(*s));
494 BT_DBG("session %p sock %p", s, sock);
496 INIT_LIST_HEAD(&s->dlcs);
497 s->state = state;
498 s->sock = sock;
500 s->mtu = RFCOMM_DEFAULT_MTU;
501 s->cfc = RFCOMM_CFC_UNKNOWN;
503 /* Do not increment module usage count for listening sessions.
504 * Otherwise we won't be able to unload the module. */
505 if (state != BT_LISTEN)
506 if (!try_module_get(THIS_MODULE)) {
507 kfree(s);
508 return NULL;
511 list_add(&s->list, &session_list);
513 return s;
516 static void rfcomm_session_del(struct rfcomm_session *s)
518 int state = s->state;
520 BT_DBG("session %p state %ld", s, s->state);
522 list_del(&s->list);
524 if (state == BT_CONNECTED)
525 rfcomm_send_disc(s, 0);
527 sock_release(s->sock);
528 kfree(s);
530 if (state != BT_LISTEN)
531 module_put(THIS_MODULE);
534 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
536 struct rfcomm_session *s;
537 struct list_head *p, *n;
538 struct bt_sock *sk;
539 list_for_each_safe(p, n, &session_list) {
540 s = list_entry(p, struct rfcomm_session, list);
541 sk = bt_sk(s->sock->sk);
543 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
544 !bacmp(&sk->dst, dst))
545 return s;
547 return NULL;
550 static void rfcomm_session_close(struct rfcomm_session *s, int err)
552 struct rfcomm_dlc *d;
553 struct list_head *p, *n;
555 BT_DBG("session %p state %ld err %d", s, s->state, err);
557 rfcomm_session_hold(s);
559 s->state = BT_CLOSED;
561 /* Close all dlcs */
562 list_for_each_safe(p, n, &s->dlcs) {
563 d = list_entry(p, struct rfcomm_dlc, list);
564 d->state = BT_CLOSED;
565 __rfcomm_dlc_close(d, err);
568 rfcomm_session_put(s);
571 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
573 struct rfcomm_session *s = NULL;
574 struct sockaddr_l2 addr;
575 struct socket *sock;
576 struct sock *sk;
578 BT_DBG("%s %s", batostr(src), batostr(dst));
580 *err = rfcomm_l2sock_create(&sock);
581 if (*err < 0)
582 return NULL;
584 bacpy(&addr.l2_bdaddr, src);
585 addr.l2_family = AF_BLUETOOTH;
586 addr.l2_psm = 0;
587 *err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
588 if (*err < 0)
589 goto failed;
591 /* Set L2CAP options */
592 sk = sock->sk;
593 lock_sock(sk);
594 l2cap_pi(sk)->imtu = RFCOMM_MAX_L2CAP_MTU;
595 release_sock(sk);
597 s = rfcomm_session_add(sock, BT_BOUND);
598 if (!s) {
599 *err = -ENOMEM;
600 goto failed;
603 rfcomm_session_hold(s);
605 s->initiator = 1;
607 bacpy(&addr.l2_bdaddr, dst);
608 addr.l2_family = AF_BLUETOOTH;
609 addr.l2_psm = htobs(RFCOMM_PSM);
610 *err = sock->ops->connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
611 if (*err == 0 || *err == -EAGAIN)
612 return s;
614 rfcomm_session_del(s);
615 return NULL;
617 failed:
618 sock_release(sock);
619 return NULL;
622 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
624 struct sock *sk = s->sock->sk;
625 if (src)
626 bacpy(src, &bt_sk(sk)->src);
627 if (dst)
628 bacpy(dst, &bt_sk(sk)->dst);
631 /* ---- RFCOMM frame sending ---- */
632 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
634 struct socket *sock = s->sock;
635 struct kvec iv = { data, len };
636 struct msghdr msg;
638 BT_DBG("session %p len %d", s, len);
640 memset(&msg, 0, sizeof(msg));
642 return kernel_sendmsg(sock, &msg, &iv, 1, len);
645 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
647 struct rfcomm_cmd cmd;
649 BT_DBG("%p dlci %d", s, dlci);
651 cmd.addr = __addr(s->initiator, dlci);
652 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
653 cmd.len = __len8(0);
654 cmd.fcs = __fcs2((u8 *) &cmd);
656 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
659 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
661 struct rfcomm_cmd cmd;
663 BT_DBG("%p dlci %d", s, dlci);
665 cmd.addr = __addr(!s->initiator, dlci);
666 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
667 cmd.len = __len8(0);
668 cmd.fcs = __fcs2((u8 *) &cmd);
670 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
673 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
675 struct rfcomm_cmd cmd;
677 BT_DBG("%p dlci %d", s, dlci);
679 cmd.addr = __addr(s->initiator, dlci);
680 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
681 cmd.len = __len8(0);
682 cmd.fcs = __fcs2((u8 *) &cmd);
684 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
687 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
689 struct rfcomm_cmd *cmd;
690 struct sk_buff *skb;
692 BT_DBG("dlc %p dlci %d", d, d->dlci);
694 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
695 if (!skb)
696 return -ENOMEM;
698 cmd = (void *) __skb_put(skb, sizeof(*cmd));
699 cmd->addr = d->addr;
700 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
701 cmd->len = __len8(0);
702 cmd->fcs = __fcs2((u8 *) cmd);
704 skb_queue_tail(&d->tx_queue, skb);
705 rfcomm_schedule(RFCOMM_SCHED_TX);
706 return 0;
709 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
711 struct rfcomm_cmd cmd;
713 BT_DBG("%p dlci %d", s, dlci);
715 cmd.addr = __addr(!s->initiator, dlci);
716 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
717 cmd.len = __len8(0);
718 cmd.fcs = __fcs2((u8 *) &cmd);
720 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
723 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
725 struct rfcomm_hdr *hdr;
726 struct rfcomm_mcc *mcc;
727 u8 buf[16], *ptr = buf;
729 BT_DBG("%p cr %d type %d", s, cr, type);
731 hdr = (void *) ptr; ptr += sizeof(*hdr);
732 hdr->addr = __addr(s->initiator, 0);
733 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
734 hdr->len = __len8(sizeof(*mcc) + 1);
736 mcc = (void *) ptr; ptr += sizeof(*mcc);
737 mcc->type = __mcc_type(cr, RFCOMM_NSC);
738 mcc->len = __len8(1);
740 /* Type that we didn't like */
741 *ptr = __mcc_type(cr, type); ptr++;
743 *ptr = __fcs(buf); ptr++;
745 return rfcomm_send_frame(s, buf, ptr - buf);
748 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
750 struct rfcomm_hdr *hdr;
751 struct rfcomm_mcc *mcc;
752 struct rfcomm_pn *pn;
753 u8 buf[16], *ptr = buf;
755 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
757 hdr = (void *) ptr; ptr += sizeof(*hdr);
758 hdr->addr = __addr(s->initiator, 0);
759 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
760 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
762 mcc = (void *) ptr; ptr += sizeof(*mcc);
763 mcc->type = __mcc_type(cr, RFCOMM_PN);
764 mcc->len = __len8(sizeof(*pn));
766 pn = (void *) ptr; ptr += sizeof(*pn);
767 pn->dlci = d->dlci;
768 pn->priority = d->priority;
769 pn->ack_timer = 0;
770 pn->max_retrans = 0;
772 if (s->cfc) {
773 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
774 pn->credits = RFCOMM_DEFAULT_CREDITS;
775 } else {
776 pn->flow_ctrl = 0;
777 pn->credits = 0;
780 pn->mtu = htobs(d->mtu);
782 *ptr = __fcs(buf); ptr++;
784 return rfcomm_send_frame(s, buf, ptr - buf);
787 static int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
788 u8 bit_rate, u8 data_bits, u8 stop_bits,
789 u8 parity, u8 flow_ctrl_settings,
790 u8 xon_char, u8 xoff_char, u16 param_mask)
792 struct rfcomm_hdr *hdr;
793 struct rfcomm_mcc *mcc;
794 struct rfcomm_rpn *rpn;
795 u8 buf[16], *ptr = buf;
797 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
798 "flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
799 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
800 flow_ctrl_settings, xon_char, xoff_char, param_mask);
802 hdr = (void *) ptr; ptr += sizeof(*hdr);
803 hdr->addr = __addr(s->initiator, 0);
804 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
805 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
807 mcc = (void *) ptr; ptr += sizeof(*mcc);
808 mcc->type = __mcc_type(cr, RFCOMM_RPN);
809 mcc->len = __len8(sizeof(*rpn));
811 rpn = (void *) ptr; ptr += sizeof(*rpn);
812 rpn->dlci = __addr(1, dlci);
813 rpn->bit_rate = bit_rate;
814 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
815 rpn->flow_ctrl = flow_ctrl_settings;
816 rpn->xon_char = xon_char;
817 rpn->xoff_char = xoff_char;
818 rpn->param_mask = param_mask;
820 *ptr = __fcs(buf); ptr++;
822 return rfcomm_send_frame(s, buf, ptr - buf);
825 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
827 struct rfcomm_hdr *hdr;
828 struct rfcomm_mcc *mcc;
829 struct rfcomm_rls *rls;
830 u8 buf[16], *ptr = buf;
832 BT_DBG("%p cr %d status 0x%x", s, cr, status);
834 hdr = (void *) ptr; ptr += sizeof(*hdr);
835 hdr->addr = __addr(s->initiator, 0);
836 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
837 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
839 mcc = (void *) ptr; ptr += sizeof(*mcc);
840 mcc->type = __mcc_type(cr, RFCOMM_RLS);
841 mcc->len = __len8(sizeof(*rls));
843 rls = (void *) ptr; ptr += sizeof(*rls);
844 rls->dlci = __addr(1, dlci);
845 rls->status = status;
847 *ptr = __fcs(buf); ptr++;
849 return rfcomm_send_frame(s, buf, ptr - buf);
852 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
854 struct rfcomm_hdr *hdr;
855 struct rfcomm_mcc *mcc;
856 struct rfcomm_msc *msc;
857 u8 buf[16], *ptr = buf;
859 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
861 hdr = (void *) ptr; ptr += sizeof(*hdr);
862 hdr->addr = __addr(s->initiator, 0);
863 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
864 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
866 mcc = (void *) ptr; ptr += sizeof(*mcc);
867 mcc->type = __mcc_type(cr, RFCOMM_MSC);
868 mcc->len = __len8(sizeof(*msc));
870 msc = (void *) ptr; ptr += sizeof(*msc);
871 msc->dlci = __addr(1, dlci);
872 msc->v24_sig = v24_sig | 0x01;
874 *ptr = __fcs(buf); ptr++;
876 return rfcomm_send_frame(s, buf, ptr - buf);
879 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
881 struct rfcomm_hdr *hdr;
882 struct rfcomm_mcc *mcc;
883 u8 buf[16], *ptr = buf;
885 BT_DBG("%p cr %d", s, cr);
887 hdr = (void *) ptr; ptr += sizeof(*hdr);
888 hdr->addr = __addr(s->initiator, 0);
889 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
890 hdr->len = __len8(sizeof(*mcc));
892 mcc = (void *) ptr; ptr += sizeof(*mcc);
893 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
894 mcc->len = __len8(0);
896 *ptr = __fcs(buf); ptr++;
898 return rfcomm_send_frame(s, buf, ptr - buf);
901 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
903 struct rfcomm_hdr *hdr;
904 struct rfcomm_mcc *mcc;
905 u8 buf[16], *ptr = buf;
907 BT_DBG("%p cr %d", s, cr);
909 hdr = (void *) ptr; ptr += sizeof(*hdr);
910 hdr->addr = __addr(s->initiator, 0);
911 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
912 hdr->len = __len8(sizeof(*mcc));
914 mcc = (void *) ptr; ptr += sizeof(*mcc);
915 mcc->type = __mcc_type(cr, RFCOMM_FCON);
916 mcc->len = __len8(0);
918 *ptr = __fcs(buf); ptr++;
920 return rfcomm_send_frame(s, buf, ptr - buf);
923 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
925 struct socket *sock = s->sock;
926 struct kvec iv[3];
927 struct msghdr msg;
928 unsigned char hdr[5], crc[1];
930 if (len > 125)
931 return -EINVAL;
933 BT_DBG("%p cr %d", s, cr);
935 hdr[0] = __addr(s->initiator, 0);
936 hdr[1] = __ctrl(RFCOMM_UIH, 0);
937 hdr[2] = 0x01 | ((len + 2) << 1);
938 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
939 hdr[4] = 0x01 | (len << 1);
941 crc[0] = __fcs(hdr);
943 iv[0].iov_base = hdr;
944 iv[0].iov_len = 5;
945 iv[1].iov_base = pattern;
946 iv[1].iov_len = len;
947 iv[2].iov_base = crc;
948 iv[2].iov_len = 1;
950 memset(&msg, 0, sizeof(msg));
952 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
955 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
957 struct rfcomm_hdr *hdr;
958 u8 buf[16], *ptr = buf;
960 BT_DBG("%p addr %d credits %d", s, addr, credits);
962 hdr = (void *) ptr; ptr += sizeof(*hdr);
963 hdr->addr = addr;
964 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
965 hdr->len = __len8(0);
967 *ptr = credits; ptr++;
969 *ptr = __fcs(buf); ptr++;
971 return rfcomm_send_frame(s, buf, ptr - buf);
974 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
976 struct rfcomm_hdr *hdr;
977 int len = skb->len;
978 u8 *crc;
980 if (len > 127) {
981 hdr = (void *) skb_push(skb, 4);
982 put_unaligned(htobs(__len16(len)), (u16 *) &hdr->len);
983 } else {
984 hdr = (void *) skb_push(skb, 3);
985 hdr->len = __len8(len);
987 hdr->addr = addr;
988 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
990 crc = skb_put(skb, 1);
991 *crc = __fcs((void *) hdr);
994 /* ---- RFCOMM frame reception ---- */
995 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
997 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
999 if (dlci) {
1000 /* Data channel */
1001 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1002 if (!d) {
1003 rfcomm_send_dm(s, dlci);
1004 return 0;
1007 switch (d->state) {
1008 case BT_CONNECT:
1009 rfcomm_dlc_clear_timer(d);
1011 rfcomm_dlc_lock(d);
1012 d->state = BT_CONNECTED;
1013 d->state_change(d, 0);
1014 rfcomm_dlc_unlock(d);
1016 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1017 break;
1019 case BT_DISCONN:
1020 d->state = BT_CLOSED;
1021 __rfcomm_dlc_close(d, 0);
1022 break;
1024 } else {
1025 /* Control channel */
1026 switch (s->state) {
1027 case BT_CONNECT:
1028 s->state = BT_CONNECTED;
1029 rfcomm_process_connect(s);
1030 break;
1033 return 0;
1036 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1038 int err = 0;
1040 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1042 if (dlci) {
1043 /* Data DLC */
1044 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1045 if (d) {
1046 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1047 err = ECONNREFUSED;
1048 else
1049 err = ECONNRESET;
1051 d->state = BT_CLOSED;
1052 __rfcomm_dlc_close(d, err);
1054 } else {
1055 if (s->state == BT_CONNECT)
1056 err = ECONNREFUSED;
1057 else
1058 err = ECONNRESET;
1060 s->state = BT_CLOSED;
1061 rfcomm_session_close(s, err);
1063 return 0;
1066 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1068 int err = 0;
1070 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1072 if (dlci) {
1073 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1074 if (d) {
1075 rfcomm_send_ua(s, dlci);
1077 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1078 err = ECONNREFUSED;
1079 else
1080 err = ECONNRESET;
1082 d->state = BT_CLOSED;
1083 __rfcomm_dlc_close(d, err);
1084 } else
1085 rfcomm_send_dm(s, dlci);
1087 } else {
1088 rfcomm_send_ua(s, 0);
1090 if (s->state == BT_CONNECT)
1091 err = ECONNREFUSED;
1092 else
1093 err = ECONNRESET;
1095 s->state = BT_CLOSED;
1096 rfcomm_session_close(s, err);
1099 return 0;
1102 static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
1104 struct sock *sk = d->session->sock->sk;
1106 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
1107 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
1108 return 1;
1109 } else if (d->link_mode & RFCOMM_LM_AUTH) {
1110 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
1111 return 1;
1114 return 0;
1117 static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1119 BT_DBG("dlc %p", d);
1121 rfcomm_send_ua(d->session, d->dlci);
1123 rfcomm_dlc_lock(d);
1124 d->state = BT_CONNECTED;
1125 d->state_change(d, 0);
1126 rfcomm_dlc_unlock(d);
1128 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1131 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1133 struct rfcomm_dlc *d;
1134 u8 channel;
1136 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1138 if (!dlci) {
1139 rfcomm_send_ua(s, 0);
1141 if (s->state == BT_OPEN) {
1142 s->state = BT_CONNECTED;
1143 rfcomm_process_connect(s);
1145 return 0;
1148 /* Check if DLC exists */
1149 d = rfcomm_dlc_get(s, dlci);
1150 if (d) {
1151 if (d->state == BT_OPEN) {
1152 /* DLC was previously opened by PN request */
1153 if (rfcomm_check_link_mode(d)) {
1154 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1155 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1156 return 0;
1159 rfcomm_dlc_accept(d);
1161 return 0;
1164 /* Notify socket layer about incoming connection */
1165 channel = __srv_channel(dlci);
1166 if (rfcomm_connect_ind(s, channel, &d)) {
1167 d->dlci = dlci;
1168 d->addr = __addr(s->initiator, dlci);
1169 rfcomm_dlc_link(s, d);
1171 if (rfcomm_check_link_mode(d)) {
1172 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1173 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1174 return 0;
1177 rfcomm_dlc_accept(d);
1178 } else {
1179 rfcomm_send_dm(s, dlci);
1182 return 0;
1185 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1187 struct rfcomm_session *s = d->session;
1189 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1190 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1192 if (pn->flow_ctrl == 0xf0 || pn->flow_ctrl == 0xe0) {
1193 d->cfc = s->cfc = RFCOMM_CFC_ENABLED;
1194 d->tx_credits = pn->credits;
1195 } else {
1196 d->cfc = s->cfc = RFCOMM_CFC_DISABLED;
1197 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1200 d->priority = pn->priority;
1202 d->mtu = s->mtu = btohs(pn->mtu);
1204 return 0;
1207 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1209 struct rfcomm_pn *pn = (void *) skb->data;
1210 struct rfcomm_dlc *d;
1211 u8 dlci = pn->dlci;
1213 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1215 if (!dlci)
1216 return 0;
1218 d = rfcomm_dlc_get(s, dlci);
1219 if (d) {
1220 if (cr) {
1221 /* PN request */
1222 rfcomm_apply_pn(d, cr, pn);
1223 rfcomm_send_pn(s, 0, d);
1224 } else {
1225 /* PN response */
1226 switch (d->state) {
1227 case BT_CONFIG:
1228 rfcomm_apply_pn(d, cr, pn);
1230 d->state = BT_CONNECT;
1231 rfcomm_send_sabm(s, d->dlci);
1232 break;
1235 } else {
1236 u8 channel = __srv_channel(dlci);
1238 if (!cr)
1239 return 0;
1241 /* PN request for non existing DLC.
1242 * Assume incoming connection. */
1243 if (rfcomm_connect_ind(s, channel, &d)) {
1244 d->dlci = dlci;
1245 d->addr = __addr(s->initiator, dlci);
1246 rfcomm_dlc_link(s, d);
1248 rfcomm_apply_pn(d, cr, pn);
1250 d->state = BT_OPEN;
1251 rfcomm_send_pn(s, 0, d);
1252 } else {
1253 rfcomm_send_dm(s, dlci);
1256 return 0;
1259 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1261 struct rfcomm_rpn *rpn = (void *) skb->data;
1262 u8 dlci = __get_dlci(rpn->dlci);
1264 u8 bit_rate = 0;
1265 u8 data_bits = 0;
1266 u8 stop_bits = 0;
1267 u8 parity = 0;
1268 u8 flow_ctrl = 0;
1269 u8 xon_char = 0;
1270 u8 xoff_char = 0;
1271 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1273 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1274 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1275 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1277 if (!cr)
1278 return 0;
1280 if (len == 1) {
1281 /* request: return default setting */
1282 bit_rate = RFCOMM_RPN_BR_115200;
1283 data_bits = RFCOMM_RPN_DATA_8;
1284 stop_bits = RFCOMM_RPN_STOP_1;
1285 parity = RFCOMM_RPN_PARITY_NONE;
1286 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1287 xon_char = RFCOMM_RPN_XON_CHAR;
1288 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1290 goto rpn_out;
1292 /* check for sane values: ignore/accept bit_rate, 8 bits, 1 stop bit, no parity,
1293 no flow control lines, normal XON/XOFF chars */
1294 if (rpn->param_mask & RFCOMM_RPN_PM_BITRATE) {
1295 bit_rate = rpn->bit_rate;
1296 if (bit_rate != RFCOMM_RPN_BR_115200) {
1297 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1298 bit_rate = RFCOMM_RPN_BR_115200;
1299 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1302 if (rpn->param_mask & RFCOMM_RPN_PM_DATA) {
1303 data_bits = __get_rpn_data_bits(rpn->line_settings);
1304 if (data_bits != RFCOMM_RPN_DATA_8) {
1305 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1306 data_bits = RFCOMM_RPN_DATA_8;
1307 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1310 if (rpn->param_mask & RFCOMM_RPN_PM_STOP) {
1311 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1312 if (stop_bits != RFCOMM_RPN_STOP_1) {
1313 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1314 stop_bits = RFCOMM_RPN_STOP_1;
1315 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1318 if (rpn->param_mask & RFCOMM_RPN_PM_PARITY) {
1319 parity = __get_rpn_parity(rpn->line_settings);
1320 if (parity != RFCOMM_RPN_PARITY_NONE) {
1321 BT_DBG("RPN parity mismatch 0x%x", parity);
1322 parity = RFCOMM_RPN_PARITY_NONE;
1323 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1326 if (rpn->param_mask & RFCOMM_RPN_PM_FLOW) {
1327 flow_ctrl = rpn->flow_ctrl;
1328 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1329 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1330 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1331 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1334 if (rpn->param_mask & RFCOMM_RPN_PM_XON) {
1335 xon_char = rpn->xon_char;
1336 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1337 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1338 xon_char = RFCOMM_RPN_XON_CHAR;
1339 rpn_mask ^= RFCOMM_RPN_PM_XON;
1342 if (rpn->param_mask & RFCOMM_RPN_PM_XOFF) {
1343 xoff_char = rpn->xoff_char;
1344 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1345 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1346 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1347 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1351 rpn_out:
1352 rfcomm_send_rpn(s, 0, dlci,
1353 bit_rate, data_bits, stop_bits, parity, flow_ctrl,
1354 xon_char, xoff_char, rpn_mask);
1356 return 0;
1359 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1361 struct rfcomm_rls *rls = (void *) skb->data;
1362 u8 dlci = __get_dlci(rls->dlci);
1364 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1366 if (!cr)
1367 return 0;
1369 /* FIXME: We should probably do something with this
1370 information here. But for now it's sufficient just
1371 to reply -- Bluetooth 1.1 says it's mandatory to
1372 recognise and respond to RLS */
1374 rfcomm_send_rls(s, 0, dlci, rls->status);
1376 return 0;
1379 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1381 struct rfcomm_msc *msc = (void *) skb->data;
1382 struct rfcomm_dlc *d;
1383 u8 dlci = __get_dlci(msc->dlci);
1385 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1387 d = rfcomm_dlc_get(s, dlci);
1388 if (!d)
1389 return 0;
1391 if (cr) {
1392 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1393 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1394 else
1395 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1397 rfcomm_dlc_lock(d);
1398 if (d->modem_status)
1399 d->modem_status(d, msc->v24_sig);
1400 rfcomm_dlc_unlock(d);
1402 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1404 d->mscex |= RFCOMM_MSCEX_RX;
1405 } else
1406 d->mscex |= RFCOMM_MSCEX_TX;
1408 return 0;
1411 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1413 struct rfcomm_mcc *mcc = (void *) skb->data;
1414 u8 type, cr, len;
1416 cr = __test_cr(mcc->type);
1417 type = __get_mcc_type(mcc->type);
1418 len = __get_mcc_len(mcc->len);
1420 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1422 skb_pull(skb, 2);
1424 switch (type) {
1425 case RFCOMM_PN:
1426 rfcomm_recv_pn(s, cr, skb);
1427 break;
1429 case RFCOMM_RPN:
1430 rfcomm_recv_rpn(s, cr, len, skb);
1431 break;
1433 case RFCOMM_RLS:
1434 rfcomm_recv_rls(s, cr, skb);
1435 break;
1437 case RFCOMM_MSC:
1438 rfcomm_recv_msc(s, cr, skb);
1439 break;
1441 case RFCOMM_FCOFF:
1442 if (cr) {
1443 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1444 rfcomm_send_fcoff(s, 0);
1446 break;
1448 case RFCOMM_FCON:
1449 if (cr) {
1450 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1451 rfcomm_send_fcon(s, 0);
1453 break;
1455 case RFCOMM_TEST:
1456 if (cr)
1457 rfcomm_send_test(s, 0, skb->data, skb->len);
1458 break;
1460 case RFCOMM_NSC:
1461 break;
1463 default:
1464 BT_ERR("Unknown control type 0x%02x", type);
1465 rfcomm_send_nsc(s, cr, type);
1466 break;
1468 return 0;
1471 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1473 struct rfcomm_dlc *d;
1475 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1477 d = rfcomm_dlc_get(s, dlci);
1478 if (!d) {
1479 rfcomm_send_dm(s, dlci);
1480 goto drop;
1483 if (pf && d->cfc) {
1484 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1486 d->tx_credits += credits;
1487 if (d->tx_credits)
1488 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1491 if (skb->len && d->state == BT_CONNECTED) {
1492 rfcomm_dlc_lock(d);
1493 d->rx_credits--;
1494 d->data_ready(d, skb);
1495 rfcomm_dlc_unlock(d);
1496 return 0;
1499 drop:
1500 kfree_skb(skb);
1501 return 0;
1504 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1506 struct rfcomm_hdr *hdr = (void *) skb->data;
1507 u8 type, dlci, fcs;
1509 dlci = __get_dlci(hdr->addr);
1510 type = __get_type(hdr->ctrl);
1512 /* Trim FCS */
1513 skb->len--; skb->tail--;
1514 fcs = *(u8 *) skb->tail;
1516 if (__check_fcs(skb->data, type, fcs)) {
1517 BT_ERR("bad checksum in packet");
1518 kfree_skb(skb);
1519 return -EILSEQ;
1522 if (__test_ea(hdr->len))
1523 skb_pull(skb, 3);
1524 else
1525 skb_pull(skb, 4);
1527 switch (type) {
1528 case RFCOMM_SABM:
1529 if (__test_pf(hdr->ctrl))
1530 rfcomm_recv_sabm(s, dlci);
1531 break;
1533 case RFCOMM_DISC:
1534 if (__test_pf(hdr->ctrl))
1535 rfcomm_recv_disc(s, dlci);
1536 break;
1538 case RFCOMM_UA:
1539 if (__test_pf(hdr->ctrl))
1540 rfcomm_recv_ua(s, dlci);
1541 break;
1543 case RFCOMM_DM:
1544 rfcomm_recv_dm(s, dlci);
1545 break;
1547 case RFCOMM_UIH:
1548 if (dlci)
1549 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1551 rfcomm_recv_mcc(s, skb);
1552 break;
1554 default:
1555 BT_ERR("Unknown packet type 0x%02x\n", type);
1556 break;
1558 kfree_skb(skb);
1559 return 0;
1562 /* ---- Connection and data processing ---- */
1564 static void rfcomm_process_connect(struct rfcomm_session *s)
1566 struct rfcomm_dlc *d;
1567 struct list_head *p, *n;
1569 BT_DBG("session %p state %ld", s, s->state);
1571 list_for_each_safe(p, n, &s->dlcs) {
1572 d = list_entry(p, struct rfcomm_dlc, list);
1573 if (d->state == BT_CONFIG) {
1574 d->mtu = s->mtu;
1575 rfcomm_send_pn(s, 1, d);
1580 /* Send data queued for the DLC.
1581 * Return number of frames left in the queue.
1583 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1585 struct sk_buff *skb;
1586 int err;
1588 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1589 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1591 /* Send pending MSC */
1592 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1593 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1595 if (d->cfc) {
1596 /* CFC enabled.
1597 * Give them some credits */
1598 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1599 d->rx_credits <= (d->cfc >> 2)) {
1600 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1601 d->rx_credits = d->cfc;
1603 } else {
1604 /* CFC disabled.
1605 * Give ourselves some credits */
1606 d->tx_credits = 5;
1609 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1610 return skb_queue_len(&d->tx_queue);
1612 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1613 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1614 if (err < 0) {
1615 skb_queue_head(&d->tx_queue, skb);
1616 break;
1618 kfree_skb(skb);
1619 d->tx_credits--;
1622 if (d->cfc && !d->tx_credits) {
1623 /* We're out of TX credits.
1624 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1625 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1628 return skb_queue_len(&d->tx_queue);
1631 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1633 struct rfcomm_dlc *d;
1634 struct list_head *p, *n;
1636 BT_DBG("session %p state %ld", s, s->state);
1638 list_for_each_safe(p, n, &s->dlcs) {
1639 d = list_entry(p, struct rfcomm_dlc, list);
1641 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1642 __rfcomm_dlc_close(d, ETIMEDOUT);
1643 continue;
1646 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1647 rfcomm_dlc_clear_timer(d);
1648 rfcomm_dlc_accept(d);
1649 if (d->link_mode & RFCOMM_LM_SECURE) {
1650 struct sock *sk = s->sock->sk;
1651 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
1653 continue;
1654 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1655 rfcomm_dlc_clear_timer(d);
1656 rfcomm_send_dm(s, d->dlci);
1657 __rfcomm_dlc_close(d, ECONNREFUSED);
1658 continue;
1661 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1662 continue;
1664 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1665 d->mscex == RFCOMM_MSCEX_OK)
1666 rfcomm_process_tx(d);
1670 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1672 struct socket *sock = s->sock;
1673 struct sock *sk = sock->sk;
1674 struct sk_buff *skb;
1676 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1678 /* Get data directly from socket receive queue without copying it. */
1679 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1680 skb_orphan(skb);
1681 rfcomm_recv_frame(s, skb);
1684 if (sk->sk_state == BT_CLOSED) {
1685 if (!s->initiator)
1686 rfcomm_session_put(s);
1688 rfcomm_session_close(s, sk->sk_err);
1692 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1694 struct socket *sock = s->sock, *nsock;
1695 int err;
1697 /* Fast check for a new connection.
1698 * Avoids unnesesary socket allocations. */
1699 if (list_empty(&bt_sk(sock->sk)->accept_q))
1700 return;
1702 BT_DBG("session %p", s);
1704 if (sock_create_lite(PF_BLUETOOTH, sock->type, BTPROTO_L2CAP, &nsock))
1705 return;
1707 nsock->ops = sock->ops;
1709 __module_get(nsock->ops->owner);
1711 err = sock->ops->accept(sock, nsock, O_NONBLOCK);
1712 if (err < 0) {
1713 sock_release(nsock);
1714 return;
1717 /* Set our callbacks */
1718 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1719 nsock->sk->sk_state_change = rfcomm_l2state_change;
1721 s = rfcomm_session_add(nsock, BT_OPEN);
1722 if (s) {
1723 rfcomm_session_hold(s);
1724 rfcomm_schedule(RFCOMM_SCHED_RX);
1725 } else
1726 sock_release(nsock);
1729 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1731 struct sock *sk = s->sock->sk;
1733 BT_DBG("%p state %ld", s, s->state);
1735 switch(sk->sk_state) {
1736 case BT_CONNECTED:
1737 s->state = BT_CONNECT;
1739 /* We can adjust MTU on outgoing sessions.
1740 * L2CAP MTU minus UIH header and FCS. */
1741 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1743 rfcomm_send_sabm(s, 0);
1744 break;
1746 case BT_CLOSED:
1747 s->state = BT_CLOSED;
1748 rfcomm_session_close(s, sk->sk_err);
1749 break;
1753 static inline void rfcomm_process_sessions(void)
1755 struct list_head *p, *n;
1757 rfcomm_lock();
1759 list_for_each_safe(p, n, &session_list) {
1760 struct rfcomm_session *s;
1761 s = list_entry(p, struct rfcomm_session, list);
1763 if (s->state == BT_LISTEN) {
1764 rfcomm_accept_connection(s);
1765 continue;
1768 rfcomm_session_hold(s);
1770 switch (s->state) {
1771 case BT_BOUND:
1772 rfcomm_check_connection(s);
1773 break;
1775 default:
1776 rfcomm_process_rx(s);
1777 break;
1780 rfcomm_process_dlcs(s);
1782 rfcomm_session_put(s);
1785 rfcomm_unlock();
1788 static void rfcomm_worker(void)
1790 BT_DBG("");
1792 while (!atomic_read(&terminate)) {
1793 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1794 /* No pending events. Let's sleep.
1795 * Incoming connections and data will wake us up. */
1796 set_current_state(TASK_INTERRUPTIBLE);
1797 schedule();
1800 /* Process stuff */
1801 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1802 rfcomm_process_sessions();
1804 set_current_state(TASK_RUNNING);
1805 return;
1808 static int rfcomm_add_listener(bdaddr_t *ba)
1810 struct sockaddr_l2 addr;
1811 struct socket *sock;
1812 struct sock *sk;
1813 struct rfcomm_session *s;
1814 int err = 0;
1816 /* Create socket */
1817 err = rfcomm_l2sock_create(&sock);
1818 if (err < 0) {
1819 BT_ERR("Create socket failed %d", err);
1820 return err;
1823 /* Bind socket */
1824 bacpy(&addr.l2_bdaddr, ba);
1825 addr.l2_family = AF_BLUETOOTH;
1826 addr.l2_psm = htobs(RFCOMM_PSM);
1827 err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1828 if (err < 0) {
1829 BT_ERR("Bind failed %d", err);
1830 goto failed;
1833 /* Set L2CAP options */
1834 sk = sock->sk;
1835 lock_sock(sk);
1836 l2cap_pi(sk)->imtu = RFCOMM_MAX_L2CAP_MTU;
1837 release_sock(sk);
1839 /* Start listening on the socket */
1840 err = sock->ops->listen(sock, 10);
1841 if (err) {
1842 BT_ERR("Listen failed %d", err);
1843 goto failed;
1846 /* Add listening session */
1847 s = rfcomm_session_add(sock, BT_LISTEN);
1848 if (!s)
1849 goto failed;
1851 rfcomm_session_hold(s);
1852 return 0;
1853 failed:
1854 sock_release(sock);
1855 return err;
1858 static void rfcomm_kill_listener(void)
1860 struct rfcomm_session *s;
1861 struct list_head *p, *n;
1863 BT_DBG("");
1865 list_for_each_safe(p, n, &session_list) {
1866 s = list_entry(p, struct rfcomm_session, list);
1867 rfcomm_session_del(s);
1871 static int rfcomm_run(void *unused)
1873 rfcomm_thread = current;
1875 atomic_inc(&running);
1877 daemonize("krfcommd");
1878 set_user_nice(current, -10);
1879 current->flags |= PF_NOFREEZE;
1881 BT_DBG("");
1883 rfcomm_add_listener(BDADDR_ANY);
1885 rfcomm_worker();
1887 rfcomm_kill_listener();
1889 atomic_dec(&running);
1890 return 0;
1893 static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
1895 struct rfcomm_session *s;
1896 struct rfcomm_dlc *d;
1897 struct list_head *p, *n;
1899 BT_DBG("conn %p status 0x%02x", conn, status);
1901 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1902 if (!s)
1903 return;
1905 rfcomm_session_hold(s);
1907 list_for_each_safe(p, n, &s->dlcs) {
1908 d = list_entry(p, struct rfcomm_dlc, list);
1910 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE))
1911 continue;
1913 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1914 continue;
1916 if (!status)
1917 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1918 else
1919 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1922 rfcomm_session_put(s);
1924 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1927 static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1929 struct rfcomm_session *s;
1930 struct rfcomm_dlc *d;
1931 struct list_head *p, *n;
1933 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
1935 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1936 if (!s)
1937 return;
1939 rfcomm_session_hold(s);
1941 list_for_each_safe(p, n, &s->dlcs) {
1942 d = list_entry(p, struct rfcomm_dlc, list);
1944 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1945 continue;
1947 if (!status && encrypt)
1948 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1949 else
1950 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1953 rfcomm_session_put(s);
1955 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1958 static struct hci_cb rfcomm_cb = {
1959 .name = "RFCOMM",
1960 .auth_cfm = rfcomm_auth_cfm,
1961 .encrypt_cfm = rfcomm_encrypt_cfm
1964 /* ---- Proc fs support ---- */
1965 #ifdef CONFIG_PROC_FS
1966 static void *rfcomm_seq_start(struct seq_file *seq, loff_t *pos)
1968 struct rfcomm_session *s;
1969 struct list_head *pp, *p;
1970 loff_t l = *pos;
1972 rfcomm_lock();
1974 list_for_each(p, &session_list) {
1975 s = list_entry(p, struct rfcomm_session, list);
1976 list_for_each(pp, &s->dlcs)
1977 if (!l--) {
1978 seq->private = s;
1979 return pp;
1982 return NULL;
1985 static void *rfcomm_seq_next(struct seq_file *seq, void *e, loff_t *pos)
1987 struct rfcomm_session *s = seq->private;
1988 struct list_head *pp, *p = e;
1989 (*pos)++;
1991 if (p->next != &s->dlcs)
1992 return p->next;
1994 list_for_each(p, &session_list) {
1995 s = list_entry(p, struct rfcomm_session, list);
1996 __list_for_each(pp, &s->dlcs) {
1997 seq->private = s;
1998 return pp;
2001 return NULL;
2004 static void rfcomm_seq_stop(struct seq_file *seq, void *e)
2006 rfcomm_unlock();
2009 static int rfcomm_seq_show(struct seq_file *seq, void *e)
2011 struct rfcomm_session *s = seq->private;
2012 struct sock *sk = s->sock->sk;
2013 struct rfcomm_dlc *d = list_entry(e, struct rfcomm_dlc, list);
2015 seq_printf(seq, "%s %s %ld %d %d %d %d\n",
2016 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2017 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
2018 return 0;
2021 static struct seq_operations rfcomm_seq_ops = {
2022 .start = rfcomm_seq_start,
2023 .next = rfcomm_seq_next,
2024 .stop = rfcomm_seq_stop,
2025 .show = rfcomm_seq_show
2028 static int rfcomm_seq_open(struct inode *inode, struct file *file)
2030 return seq_open(file, &rfcomm_seq_ops);
2033 static struct file_operations rfcomm_seq_fops = {
2034 .owner = THIS_MODULE,
2035 .open = rfcomm_seq_open,
2036 .read = seq_read,
2037 .llseek = seq_lseek,
2038 .release = seq_release,
2041 static int __init rfcomm_proc_init(void)
2043 struct proc_dir_entry *p;
2045 proc_bt_rfcomm = proc_mkdir("rfcomm", proc_bt);
2046 if (proc_bt_rfcomm) {
2047 proc_bt_rfcomm->owner = THIS_MODULE;
2049 p = create_proc_entry("dlc", S_IRUGO, proc_bt_rfcomm);
2050 if (p)
2051 p->proc_fops = &rfcomm_seq_fops;
2053 return 0;
2056 static void __exit rfcomm_proc_cleanup(void)
2058 remove_proc_entry("dlc", proc_bt_rfcomm);
2060 remove_proc_entry("rfcomm", proc_bt);
2063 #else /* CONFIG_PROC_FS */
2065 static int __init rfcomm_proc_init(void)
2067 return 0;
2070 static void __exit rfcomm_proc_cleanup(void)
2072 return;
2074 #endif /* CONFIG_PROC_FS */
2076 /* ---- Initialization ---- */
2077 static int __init rfcomm_init(void)
2079 l2cap_load();
2081 hci_register_cb(&rfcomm_cb);
2083 kernel_thread(rfcomm_run, NULL, CLONE_KERNEL);
2085 BT_INFO("RFCOMM ver %s", VERSION);
2087 rfcomm_proc_init();
2089 rfcomm_init_sockets();
2091 #ifdef CONFIG_BT_RFCOMM_TTY
2092 rfcomm_init_ttys();
2093 #endif
2095 return 0;
2098 static void __exit rfcomm_exit(void)
2100 hci_unregister_cb(&rfcomm_cb);
2102 /* Terminate working thread.
2103 * ie. Set terminate flag and wake it up */
2104 atomic_inc(&terminate);
2105 rfcomm_schedule(RFCOMM_SCHED_STATE);
2107 /* Wait until thread is running */
2108 while (atomic_read(&running))
2109 schedule();
2111 #ifdef CONFIG_BT_RFCOMM_TTY
2112 rfcomm_cleanup_ttys();
2113 #endif
2115 rfcomm_cleanup_sockets();
2117 rfcomm_proc_cleanup();
2120 module_init(rfcomm_init);
2121 module_exit(rfcomm_exit);
2123 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
2124 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2125 MODULE_VERSION(VERSION);
2126 MODULE_LICENSE("GPL");
2127 MODULE_ALIAS("bt-proto-3");