1 /* $DragonFly: src/sys/netbt/rfcomm_session.c,v 1.2 2008/03/18 13:41:42 hasso Exp $ */
2 /* $OpenBSD: src/sys/netbt/rfcomm_session.c,v 1.3 2008/02/24 21:34:48 uwe Exp $ */
3 /* $NetBSD: rfcomm_session.c,v 1.12 2008/01/31 19:30:23 plunky Exp $ */
6 * Copyright (c) 2006 Itronix Inc.
9 * Written by Iain Hibbert for Itronix Inc.
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. The name of Itronix Inc. may not be used to endorse
20 * or promote products derived from this software without specific
21 * prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
25 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
26 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY
27 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
29 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
30 * ON ANY THEORY OF LIABILITY, WHETHER IN
31 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGE.
36 #include <sys/param.h>
37 #include <sys/kernel.h>
40 #include <sys/systm.h>
41 #include <sys/types.h>
42 #include <sys/endian.h>
45 #include <net/pf/pfvar.h>
47 #include <netbt/bluetooth.h>
48 #include <netbt/hci.h>
49 #include <netbt/l2cap.h>
50 #include <netbt/rfcomm.h>
52 /******************************************************************************
54 * RFCOMM Multiplexer Sessions sit directly on L2CAP channels, and can
55 * multiplex up to 30 incoming and 30 outgoing connections.
56 * Only one Multiplexer is allowed between any two devices.
59 static void rfcomm_session_recv_sabm(struct rfcomm_session *, int);
60 static void rfcomm_session_recv_disc(struct rfcomm_session *, int);
61 static void rfcomm_session_recv_ua(struct rfcomm_session *, int);
62 static void rfcomm_session_recv_dm(struct rfcomm_session *, int);
63 static void rfcomm_session_recv_uih(struct rfcomm_session *, int, int, struct mbuf *, int);
64 static void rfcomm_session_recv_mcc(struct rfcomm_session *, struct mbuf *);
65 static void rfcomm_session_recv_mcc_test(struct rfcomm_session *, int, struct mbuf *);
66 static void rfcomm_session_recv_mcc_fcon(struct rfcomm_session *, int);
67 static void rfcomm_session_recv_mcc_fcoff(struct rfcomm_session *, int);
68 static void rfcomm_session_recv_mcc_msc(struct rfcomm_session *, int, struct mbuf *);
69 static void rfcomm_session_recv_mcc_rpn(struct rfcomm_session *, int, struct mbuf *);
70 static void rfcomm_session_recv_mcc_rls(struct rfcomm_session *, int, struct mbuf *);
71 static void rfcomm_session_recv_mcc_pn(struct rfcomm_session *, int, struct mbuf *);
72 static void rfcomm_session_recv_mcc_nsc(struct rfcomm_session *, int, struct mbuf *);
75 static void rfcomm_session_connecting(void *);
76 static void rfcomm_session_connected(void *);
77 static void rfcomm_session_disconnected(void *, int);
78 static void *rfcomm_session_newconn(void *, struct sockaddr_bt *, struct sockaddr_bt *);
79 static void rfcomm_session_complete(void *, int);
80 static void rfcomm_session_linkmode(void *, int);
81 static void rfcomm_session_input(void *, struct mbuf *);
83 static const struct btproto rfcomm_session_proto = {
84 rfcomm_session_connecting,
85 rfcomm_session_connected,
86 rfcomm_session_disconnected,
87 rfcomm_session_newconn,
88 rfcomm_session_complete,
89 rfcomm_session_linkmode,
93 struct rfcomm_session_list
94 rfcomm_session_active = LIST_HEAD_INITIALIZER(rfcomm_session_active);
96 struct rfcomm_session_list
97 rfcomm_session_listen = LIST_HEAD_INITIALIZER(rfcomm_session_listen);
99 vm_zone_t rfcomm_credit_pool;
102 * RFCOMM System Parameters (see section 5.3)
104 int rfcomm_mtu_default = 127; /* bytes */
105 int rfcomm_ack_timeout = 20; /* seconds */
106 int rfcomm_mcc_timeout = 20; /* seconds */
109 * Reversed CRC table as per TS 07.10 Annex B.3.5
111 static const uint8_t crctable[256] = { /* reversed, 8-bit, poly=0x07 */
112 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
113 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
114 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
115 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
117 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
118 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
119 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
120 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
122 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
123 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
124 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
125 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
127 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
128 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
129 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
130 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
132 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
133 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
134 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
135 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
137 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
138 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
139 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
140 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
142 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
143 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
144 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
145 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
147 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
148 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
149 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
150 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
153 #define FCS(f, d) crctable[(f) ^ (d)]
158 * initialize the "credit pool".
163 rfcomm_credit_pool = zinit("rfcomm_credit",
164 sizeof(struct rfcomm_credit), 0, 0, 0);
168 * rfcomm_session_alloc(list, sockaddr)
170 * allocate a new session and fill in the blanks, then
171 * attach session to front of specified list (active or listen)
173 struct rfcomm_session *
174 rfcomm_session_alloc(struct rfcomm_session_list *list,
175 struct sockaddr_bt *laddr)
177 struct rfcomm_session *rs;
180 rs = kmalloc(sizeof(*rs), M_BLUETOOTH, M_NOWAIT | M_ZERO);
184 rs->rs_state = RFCOMM_SESSION_CLOSED;
186 callout_init(&rs->rs_timeout);
188 STAILQ_INIT(&rs->rs_credits);
189 LIST_INIT(&rs->rs_dlcs);
191 err = l2cap_attach(&rs->rs_l2cap, &rfcomm_session_proto, rs);
193 kfree(rs, M_BLUETOOTH);
197 (void)l2cap_getopt(rs->rs_l2cap, SO_L2CAP_OMTU, &rs->rs_mtu);
199 if (laddr->bt_psm == L2CAP_PSM_ANY)
200 laddr->bt_psm = L2CAP_PSM_RFCOMM;
202 (void)l2cap_bind(rs->rs_l2cap, laddr);
204 LIST_INSERT_HEAD(list, rs, rs_next);
210 * rfcomm_session_free(rfcomm_session)
212 * release a session, including any cleanup
215 rfcomm_session_free(struct rfcomm_session *rs)
217 struct rfcomm_credit *credit;
219 KKASSERT(rs != NULL);
220 KKASSERT(LIST_EMPTY(&rs->rs_dlcs));
222 rs->rs_state = RFCOMM_SESSION_CLOSED;
225 * If the callout is already invoked we have no way to stop it,
226 * but it will call us back right away (there are no DLC's) so
229 callout_stop(&rs->rs_timeout);
230 if (callout_active(&rs->rs_timeout))
234 * Take care that rfcomm_session_disconnected() doesnt call
235 * us back either as it will do if the l2cap_channel has not
236 * been closed when we detach it..
238 if (rs->rs_flags & RFCOMM_SESSION_FREE)
241 rs->rs_flags |= RFCOMM_SESSION_FREE;
243 /* throw away any remaining credit notes */
244 while ((credit = STAILQ_FIRST(&rs->rs_credits)) != NULL) {
245 STAILQ_REMOVE_HEAD(&rs->rs_credits, rc_next);
246 pool_put(&rfcomm_credit_pool, credit);
249 KKASSERT(STAILQ_EMPTY(&rs->rs_credits));
252 LIST_REMOVE(rs, rs_next);
253 l2cap_detach(&rs->rs_l2cap);
254 kfree(rs, M_BLUETOOTH);
258 * rfcomm_session_lookup(sockaddr, sockaddr)
260 * Find active rfcomm session matching src and dest addresses
261 * when src is BDADDR_ANY match any local address
263 struct rfcomm_session *
264 rfcomm_session_lookup(struct sockaddr_bt *src, struct sockaddr_bt *dest)
266 struct rfcomm_session *rs;
267 struct sockaddr_bt addr;
269 LIST_FOREACH(rs, &rfcomm_session_active, rs_next) {
270 if (rs->rs_state == RFCOMM_SESSION_CLOSED)
273 l2cap_sockaddr(rs->rs_l2cap, &addr);
275 if (bdaddr_same(&src->bt_bdaddr, &addr.bt_bdaddr) == 0)
276 if (bdaddr_any(&src->bt_bdaddr) == 0)
279 l2cap_peeraddr(rs->rs_l2cap, &addr);
281 if (addr.bt_psm != dest->bt_psm)
284 if (bdaddr_same(&dest->bt_bdaddr, &addr.bt_bdaddr))
292 * rfcomm_session_timeout(rfcomm_session)
294 * Session timeouts are scheduled when a session is left or
295 * created with no DLCs, and when SABM(0) or DISC(0) are
298 * So, if it is in an open state with DLC's attached then
299 * we leave it alone, otherwise the session is lost.
302 rfcomm_session_timeout(void *arg)
304 struct rfcomm_session *rs = arg;
305 struct rfcomm_dlc *dlc;
307 KKASSERT(rs != NULL);
311 if (rs->rs_state != RFCOMM_SESSION_OPEN) {
312 DPRINTF("timeout\n");
313 rs->rs_state = RFCOMM_SESSION_CLOSED;
315 while (!LIST_EMPTY(&rs->rs_dlcs)) {
316 dlc = LIST_FIRST(&rs->rs_dlcs);
318 rfcomm_dlc_close(dlc, ETIMEDOUT);
322 if (LIST_EMPTY(&rs->rs_dlcs)) {
323 DPRINTF("expiring\n");
324 rfcomm_session_free(rs);
329 /***********************************************************************
331 * RFCOMM Session L2CAP protocol callbacks
336 rfcomm_session_connecting(void *arg)
338 /* struct rfcomm_session *rs = arg; */
340 DPRINTF("Connecting\n");
344 rfcomm_session_connected(void *arg)
346 struct rfcomm_session *rs = arg;
348 DPRINTF("Connected\n");
353 * If we are initiator, we can send our SABM(0)
354 * a timeout should be active?
356 * We must take note of the L2CAP MTU because currently
357 * the L2CAP implementation can only do Basic Mode.
359 l2cap_getopt(rs->rs_l2cap, SO_L2CAP_OMTU, &rs->rs_mtu);
361 rs->rs_mtu -= 6; /* (RFCOMM overhead could be this big) */
362 if (rs->rs_mtu < RFCOMM_MTU_MIN) {
363 rfcomm_session_disconnected(rs, EINVAL);
367 if (IS_INITIATOR(rs)) {
370 err = rfcomm_session_send_frame(rs, RFCOMM_FRAME_SABM, 0);
372 rfcomm_session_disconnected(rs, err);
374 callout_reset(&rs->rs_timeout, rfcomm_ack_timeout * hz,
375 rfcomm_session_timeout, rs);
380 rfcomm_session_disconnected(void *arg, int err)
382 struct rfcomm_session *rs = arg;
383 struct rfcomm_dlc *dlc;
385 DPRINTF("Disconnected\n");
387 rs->rs_state = RFCOMM_SESSION_CLOSED;
389 while (!LIST_EMPTY(&rs->rs_dlcs)) {
390 dlc = LIST_FIRST(&rs->rs_dlcs);
392 rfcomm_dlc_close(dlc, err);
395 rfcomm_session_free(rs);
399 rfcomm_session_newconn(void *arg, struct sockaddr_bt *laddr,
400 struct sockaddr_bt *raddr)
402 struct rfcomm_session *new, *rs = arg;
404 DPRINTF("New Connection\n");
407 * Incoming session connect request. We should return a new
408 * session pointer if this is acceptable. The L2CAP layer
409 * passes local and remote addresses, which we must check as
410 * only one RFCOMM session is allowed between any two devices
412 new = rfcomm_session_lookup(laddr, raddr);
416 new = rfcomm_session_alloc(&rfcomm_session_active, laddr);
420 new->rs_mtu = rs->rs_mtu;
421 new->rs_state = RFCOMM_SESSION_WAIT_CONNECT;
424 * schedule an expiry so that if nothing comes of it we
427 callout_reset(&rs->rs_timeout, rfcomm_mcc_timeout * hz,
428 rfcomm_session_timeout, rs);
430 return new->rs_l2cap;
434 rfcomm_session_complete(void *arg, int count)
436 struct rfcomm_session *rs = arg;
437 struct rfcomm_credit *credit;
438 struct rfcomm_dlc *dlc;
441 * count L2CAP packets are 'complete', meaning that they are cleared
442 * our buffers (for best effort) or arrived safe (for guaranteed) so
443 * we can take it off our list and pass the message on, so that
444 * eventually the data can be removed from the sockbuf
446 while (count-- > 0) {
447 credit = STAILQ_FIRST(&rs->rs_credits);
449 if (credit == NULL) {
450 kprintf("%s: too many packets completed!\n", __func__);
454 dlc = credit->rc_dlc;
457 (*dlc->rd_proto->complete)
458 (dlc->rd_upper, credit->rc_len);
461 * if not using credit flow control, we may push
464 if ((rs->rs_flags & RFCOMM_SESSION_CFC) == 0
465 && dlc->rd_state == RFCOMM_DLC_OPEN) {
466 rfcomm_dlc_start(dlc);
470 * When shutdown is indicated, we are just waiting to
471 * clear outgoing data.
473 if ((dlc->rd_flags & RFCOMM_DLC_SHUTDOWN)
474 && dlc->rd_txbuf == NULL && dlc->rd_pending == 0) {
475 dlc->rd_state = RFCOMM_DLC_WAIT_DISCONNECT;
476 rfcomm_session_send_frame(rs, RFCOMM_FRAME_DISC,
478 callout_reset(&dlc->rd_timeout,
479 rfcomm_ack_timeout * hz,
480 rfcomm_dlc_timeout, dlc);
484 STAILQ_REMOVE_HEAD(&rs->rs_credits, rc_next);
485 pool_put(&rfcomm_credit_pool, credit);
489 * If session is closed, we are just waiting to clear the queue
491 if (rs->rs_state == RFCOMM_SESSION_CLOSED) {
492 if (STAILQ_EMPTY(&rs->rs_credits))
493 l2cap_disconnect(rs->rs_l2cap, 0);
500 * This is called when a mode change is complete. Proceed with connections
501 * where appropriate, or pass the new mode to any active DLCs.
504 rfcomm_session_linkmode(void *arg, int new)
506 struct rfcomm_session *rs = arg;
507 struct rfcomm_dlc *dlc, *next;
510 DPRINTF("auth %s, encrypt %s, secure %s\n",
511 (new & L2CAP_LM_AUTH ? "on" : "off"),
512 (new & L2CAP_LM_ENCRYPT ? "on" : "off"),
513 (new & L2CAP_LM_SECURE ? "on" : "off"));
515 if (new & L2CAP_LM_AUTH)
516 mode |= RFCOMM_LM_AUTH;
518 if (new & L2CAP_LM_ENCRYPT)
519 mode |= RFCOMM_LM_ENCRYPT;
521 if (new & L2CAP_LM_SECURE)
522 mode |= RFCOMM_LM_SECURE;
524 next = LIST_FIRST(&rs->rs_dlcs);
525 while ((dlc = next) != NULL) {
526 next = LIST_NEXT(dlc, rd_next);
528 switch (dlc->rd_state) {
529 case RFCOMM_DLC_WAIT_SEND_SABM: /* we are connecting */
530 if ((mode & dlc->rd_mode) != dlc->rd_mode) {
531 rfcomm_dlc_close(dlc, ECONNABORTED);
533 err = rfcomm_session_send_frame(rs,
534 RFCOMM_FRAME_SABM, dlc->rd_dlci);
536 rfcomm_dlc_close(dlc, err);
538 dlc->rd_state = RFCOMM_DLC_WAIT_RECV_UA;
539 callout_reset(&dlc->rd_timeout,
540 rfcomm_ack_timeout * hz,
541 rfcomm_dlc_timeout, dlc);
548 * If we aborted the connection and there are no more DLCs
549 * on the session, it is our responsibility to disconnect.
551 if (!LIST_EMPTY(&rs->rs_dlcs))
554 rs->rs_state = RFCOMM_SESSION_WAIT_DISCONNECT;
555 rfcomm_session_send_frame(rs, RFCOMM_FRAME_DISC, 0);
556 callout_reset(&rs->rs_timeout, rfcomm_ack_timeout * hz,
557 rfcomm_session_timeout, rs);
560 case RFCOMM_DLC_WAIT_SEND_UA: /* they are connecting */
561 if ((mode & dlc->rd_mode) != dlc->rd_mode) {
562 rfcomm_session_send_frame(rs,
563 RFCOMM_FRAME_DM, dlc->rd_dlci);
564 rfcomm_dlc_close(dlc, ECONNABORTED);
568 err = rfcomm_session_send_frame(rs,
569 RFCOMM_FRAME_UA, dlc->rd_dlci);
571 rfcomm_session_send_frame(rs,
572 RFCOMM_FRAME_DM, dlc->rd_dlci);
573 rfcomm_dlc_close(dlc, err);
577 err = rfcomm_dlc_open(dlc);
579 rfcomm_session_send_frame(rs,
580 RFCOMM_FRAME_DM, dlc->rd_dlci);
581 rfcomm_dlc_close(dlc, err);
587 case RFCOMM_DLC_WAIT_RECV_UA:
588 case RFCOMM_DLC_OPEN: /* already established */
589 (*dlc->rd_proto->linkmode)(dlc->rd_upper, mode);
599 * Receive data from L2CAP layer for session. There is always exactly one
600 * RFCOMM frame contained in each L2CAP frame.
603 rfcomm_session_input(void *arg, struct mbuf *m)
605 struct rfcomm_session *rs = arg;
606 int dlci, len, type, pf;
610 KKASSERT(rs != NULL);
613 * UIH frames: FCS is only calculated on address and control fields
614 * For other frames: FCS is calculated on address, control and length
615 * Length may extend to two octets
619 if (m->m_pkthdr.len < 4) {
620 DPRINTF("short frame (%d), discarded\n", m->m_pkthdr.len);
624 /* address - one octet */
625 m_copydata(m, 0, 1, &b);
628 dlci = RFCOMM_DLCI(b);
630 /* control - one octet */
631 m_copydata(m, 0, 1, &b);
634 type = RFCOMM_TYPE(b);
637 /* length - may be two octets */
638 m_copydata(m, 0, 1, &b);
640 if (type != RFCOMM_FRAME_UIH)
642 len = (b >> 1) & 0x7f;
644 if (RFCOMM_EA(b) == 0) {
645 if (m->m_pkthdr.len < 2) {
646 DPRINTF("short frame (%d, EA = 0), discarded\n",
651 m_copydata(m, 0, 1, &b);
653 if (type != RFCOMM_FRAME_UIH)
659 /* FCS byte is last octet in frame */
660 m_copydata(m, m->m_pkthdr.len - 1, 1, &b);
665 DPRINTF("Bad FCS value (%#2.2x), frame discarded\n", fcs);
669 DPRINTFN(10, "dlci %d, type %2.2x, len = %d\n", dlci, type, len);
672 case RFCOMM_FRAME_SABM:
674 rfcomm_session_recv_sabm(rs, dlci);
677 case RFCOMM_FRAME_DISC:
679 rfcomm_session_recv_disc(rs, dlci);
682 case RFCOMM_FRAME_UA:
684 rfcomm_session_recv_ua(rs, dlci);
687 case RFCOMM_FRAME_DM:
688 rfcomm_session_recv_dm(rs, dlci);
691 case RFCOMM_FRAME_UIH:
692 rfcomm_session_recv_uih(rs, dlci, pf, m, len);
693 return; /* (no release) */
704 /***********************************************************************
706 * RFCOMM Session receive processing
710 * rfcomm_session_recv_sabm(rfcomm_session, dlci)
712 * Set Asyncrhonous Balanced Mode - open the channel.
715 rfcomm_session_recv_sabm(struct rfcomm_session *rs, int dlci)
717 struct rfcomm_dlc *dlc;
720 DPRINTFN(5, "SABM(%d)\n", dlci);
722 if (dlci == 0) { /* Open Session */
723 rs->rs_state = RFCOMM_SESSION_OPEN;
724 rfcomm_session_send_frame(rs, RFCOMM_FRAME_UA, 0);
725 LIST_FOREACH(dlc, &rs->rs_dlcs, rd_next) {
726 if (dlc->rd_state == RFCOMM_DLC_WAIT_SESSION)
727 rfcomm_dlc_connect(dlc);
732 if (rs->rs_state != RFCOMM_SESSION_OPEN) {
733 DPRINTF("session was not even open!\n");
737 /* validate direction bit */
738 if ((IS_INITIATOR(rs) && !RFCOMM_DIRECTION(dlci))
739 || (!IS_INITIATOR(rs) && RFCOMM_DIRECTION(dlci))) {
740 DPRINTF("Invalid direction bit on DLCI\n");
745 * look for our DLC - this may exist if we received PN
746 * already, or we may have to fabricate a new one.
748 dlc = rfcomm_dlc_lookup(rs, dlci);
750 dlc = rfcomm_dlc_newconn(rs, dlci);
752 return; /* (DM is sent) */
756 * ..but if this DLC is not waiting to connect, they did
757 * something wrong, ignore it.
759 if (dlc->rd_state != RFCOMM_DLC_WAIT_CONNECT)
763 err = rfcomm_dlc_setmode(dlc);
764 if (err == EINPROGRESS) {
765 dlc->rd_state = RFCOMM_DLC_WAIT_SEND_UA;
766 (*dlc->rd_proto->connecting)(dlc->rd_upper);
772 err = rfcomm_session_send_frame(rs, RFCOMM_FRAME_UA, dlci);
776 /* and mark it open */
777 err = rfcomm_dlc_open(dlc);
784 rfcomm_dlc_close(dlc, err);
788 * Receive Disconnect Command
791 rfcomm_session_recv_disc(struct rfcomm_session *rs, int dlci)
793 struct rfcomm_dlc *dlc;
795 DPRINTFN(5, "DISC(%d)\n", dlci);
801 * We set the session state to CLOSED so that when
802 * the UA frame is clear the session will be closed
803 * automatically. We wont bother to close any DLC's
804 * just yet as there should be none. In the unlikely
805 * event that something is left, it will get flushed
806 * out as the session goes down.
808 rfcomm_session_send_frame(rs, RFCOMM_FRAME_UA, 0);
809 rs->rs_state = RFCOMM_SESSION_CLOSED;
813 dlc = rfcomm_dlc_lookup(rs, dlci);
815 rfcomm_session_send_frame(rs, RFCOMM_FRAME_DM, dlci);
819 rfcomm_dlc_close(dlc, ECONNRESET);
820 rfcomm_session_send_frame(rs, RFCOMM_FRAME_UA, dlci);
824 * Receive Unnumbered Acknowledgement Response
826 * This should be a response to a DISC or SABM frame that we
827 * have previously sent. If unexpected, ignore it.
830 rfcomm_session_recv_ua(struct rfcomm_session *rs, int dlci)
832 struct rfcomm_dlc *dlc;
834 DPRINTFN(5, "UA(%d)\n", dlci);
837 switch (rs->rs_state) {
838 case RFCOMM_SESSION_WAIT_CONNECT: /* We sent SABM */
839 callout_stop(&rs->rs_timeout);
840 rs->rs_state = RFCOMM_SESSION_OPEN;
841 LIST_FOREACH(dlc, &rs->rs_dlcs, rd_next) {
842 if (dlc->rd_state == RFCOMM_DLC_WAIT_SESSION)
843 rfcomm_dlc_connect(dlc);
847 case RFCOMM_SESSION_WAIT_DISCONNECT: /* We sent DISC */
848 callout_stop(&rs->rs_timeout);
849 rs->rs_state = RFCOMM_SESSION_CLOSED;
850 l2cap_disconnect(rs->rs_l2cap, 0);
854 DPRINTF("Received spurious UA(0)!\n");
862 * If we have no DLC on this dlci, we may have aborted
863 * without shutting down properly, so check if the session
864 * needs disconnecting.
866 dlc = rfcomm_dlc_lookup(rs, dlci);
870 switch (dlc->rd_state) {
871 case RFCOMM_DLC_WAIT_RECV_UA: /* We sent SABM */
872 rfcomm_dlc_open(dlc);
875 case RFCOMM_DLC_WAIT_DISCONNECT: /* We sent DISC */
876 rfcomm_dlc_close(dlc, 0);
880 DPRINTF("Received spurious UA(%d)!\n", dlci);
884 check: /* last one out turns out the light */
885 if (LIST_EMPTY(&rs->rs_dlcs)) {
886 rs->rs_state = RFCOMM_SESSION_WAIT_DISCONNECT;
887 rfcomm_session_send_frame(rs, RFCOMM_FRAME_DISC, 0);
888 callout_reset(&rs->rs_timeout, rfcomm_ack_timeout*hz,rfcomm_session_timeout,rs);
893 * Receive Disconnected Mode Response
895 * If this does not apply to a known DLC then we may ignore it.
898 rfcomm_session_recv_dm(struct rfcomm_session *rs, int dlci)
900 struct rfcomm_dlc *dlc;
902 DPRINTFN(5, "DM(%d)\n", dlci);
904 dlc = rfcomm_dlc_lookup(rs, dlci);
908 if (dlc->rd_state == RFCOMM_DLC_WAIT_CONNECT)
909 rfcomm_dlc_close(dlc, ECONNREFUSED);
911 rfcomm_dlc_close(dlc, ECONNRESET);
915 * Receive Unnumbered Information with Header check (MCC or data packet)
918 rfcomm_session_recv_uih(struct rfcomm_session *rs, int dlci,
919 int pf, struct mbuf *m, int len)
921 struct rfcomm_dlc *dlc;
924 DPRINTFN(10, "UIH(%d)\n", dlci);
927 rfcomm_session_recv_mcc(rs, m);
931 if (m->m_pkthdr.len != len + pf) {
932 DPRINTF("Bad Frame Length (%d), frame discarded\n",
938 dlc = rfcomm_dlc_lookup(rs, dlci);
940 DPRINTF("UIH received for non existent DLC, discarded\n");
941 rfcomm_session_send_frame(rs, RFCOMM_FRAME_DM, dlci);
945 if (dlc->rd_state != RFCOMM_DLC_OPEN) {
946 DPRINTF("non-open DLC (state = %d), discarded\n",
951 /* if PF is set, credits were included */
952 if (rs->rs_flags & RFCOMM_SESSION_CFC) {
954 if (m->m_pkthdr.len < sizeof(credits)) {
955 DPRINTF("Bad PF value, UIH discarded\n");
959 m_copydata(m, 0, sizeof(credits), &credits);
960 m_adj(m, sizeof(credits));
962 dlc->rd_txcred += credits;
964 if (credits > 0 && dlc->rd_txbuf != NULL)
965 rfcomm_dlc_start(dlc);
971 if (dlc->rd_rxcred == 0) {
972 DPRINTF("Credit limit reached, UIH discarded\n");
976 if (len > dlc->rd_rxsize) {
977 DPRINTF("UIH frame exceeds rxsize, discarded\n");
982 dlc->rd_rxsize -= len;
985 (*dlc->rd_proto->input)(dlc->rd_upper, m);
993 * Receive Multiplexer Control Command
996 rfcomm_session_recv_mcc(struct rfcomm_session *rs, struct mbuf *m)
1002 * Extract MCC header.
1004 * Fields are variable length using extension bit = 1 to signify the
1005 * last octet in the sequence.
1007 * Only single octet types are defined in TS 07.10/RFCOMM spec
1009 * Length can realistically only use 15 bits (max RFCOMM MTU)
1011 if (m->m_pkthdr.len < sizeof(b)) {
1012 DPRINTF("Short MCC header, discarded\n");
1016 m_copydata(m, 0, sizeof(b), &b);
1017 m_adj(m, sizeof(b));
1019 if (RFCOMM_EA(b) == 0) { /* verify no extensions */
1020 DPRINTF("MCC type EA = 0, discarded\n");
1024 type = RFCOMM_MCC_TYPE(b);
1029 if (m->m_pkthdr.len < sizeof(b)) {
1030 DPRINTF("Short MCC header, discarded\n");
1034 m_copydata(m, 0, sizeof(b), &b);
1035 m_adj(m, sizeof(b));
1037 len = (len << 7) | (b >> 1);
1038 len = min(len, RFCOMM_MTU_MAX);
1039 } while (RFCOMM_EA(b) == 0);
1041 if (len != m->m_pkthdr.len) {
1042 DPRINTF("Incorrect MCC length, discarded\n");
1046 DPRINTFN(2, "MCC %s type %2.2x (%d bytes)\n",
1047 (cr ? "command" : "response"), type, len);
1050 * pass to command handler
1053 case RFCOMM_MCC_TEST: /* Test */
1054 rfcomm_session_recv_mcc_test(rs, cr, m);
1057 case RFCOMM_MCC_FCON: /* Flow Control On */
1058 rfcomm_session_recv_mcc_fcon(rs, cr);
1061 case RFCOMM_MCC_FCOFF: /* Flow Control Off */
1062 rfcomm_session_recv_mcc_fcoff(rs, cr);
1065 case RFCOMM_MCC_MSC: /* Modem Status Command */
1066 rfcomm_session_recv_mcc_msc(rs, cr, m);
1069 case RFCOMM_MCC_RPN: /* Remote Port Negotiation */
1070 rfcomm_session_recv_mcc_rpn(rs, cr, m);
1073 case RFCOMM_MCC_RLS: /* Remote Line Status */
1074 rfcomm_session_recv_mcc_rls(rs, cr, m);
1077 case RFCOMM_MCC_PN: /* Parameter Negotiation */
1078 rfcomm_session_recv_mcc_pn(rs, cr, m);
1081 case RFCOMM_MCC_NSC: /* Non Supported Command */
1082 rfcomm_session_recv_mcc_nsc(rs, cr, m);
1086 b = RFCOMM_MKMCC_TYPE(cr, type);
1087 rfcomm_session_send_mcc(rs, 0, RFCOMM_MCC_NSC, &b, sizeof(b));
1095 * process TEST command/response
1098 rfcomm_session_recv_mcc_test(struct rfcomm_session *rs, int cr, struct mbuf *m)
1103 if (cr == 0) /* ignore ack */
1107 * we must send all the data they included back as is
1110 len = m->m_pkthdr.len;
1111 if (len > RFCOMM_MTU_MAX)
1114 data = kmalloc(len, M_BLUETOOTH, M_NOWAIT);
1118 m_copydata(m, 0, len, data);
1119 rfcomm_session_send_mcc(rs, 0, RFCOMM_MCC_TEST, data, len);
1120 kfree(data, M_BLUETOOTH);
1124 * process Flow Control ON command/response
1127 rfcomm_session_recv_mcc_fcon(struct rfcomm_session *rs, int cr)
1130 if (cr == 0) /* ignore ack */
1133 rs->rs_flags |= RFCOMM_SESSION_RFC;
1134 rfcomm_session_send_mcc(rs, 0, RFCOMM_MCC_FCON, NULL, 0);
1138 * process Flow Control OFF command/response
1141 rfcomm_session_recv_mcc_fcoff(struct rfcomm_session *rs, int cr)
1143 if (cr == 0) /* ignore ack */
1146 rs->rs_flags &= ~RFCOMM_SESSION_RFC;
1147 rfcomm_session_send_mcc(rs, 0, RFCOMM_MCC_FCOFF, NULL, 0);
1151 * process Modem Status Command command/response
1154 rfcomm_session_recv_mcc_msc(struct rfcomm_session *rs, int cr, struct mbuf *m)
1156 struct rfcomm_mcc_msc msc; /* (3 octets) */
1157 struct rfcomm_dlc *dlc;
1161 if (m->m_pkthdr.len < sizeof(msc.address))
1164 m_copydata(m, 0, sizeof(msc.address), &msc.address);
1165 m_adj(m, sizeof(msc.address));
1166 len += sizeof(msc.address);
1168 dlc = rfcomm_dlc_lookup(rs, RFCOMM_DLCI(msc.address));
1170 if (cr == 0) { /* ignore acks */
1172 callout_stop(&dlc->rd_timeout);
1178 rfcomm_session_send_frame(rs, RFCOMM_FRAME_DM,
1179 RFCOMM_DLCI(msc.address));
1184 if (m->m_pkthdr.len < sizeof(msc.modem))
1187 m_copydata(m, 0, sizeof(msc.modem), &msc.modem);
1188 m_adj(m, sizeof(msc.modem));
1189 len += sizeof(msc.modem);
1191 dlc->rd_rmodem = msc.modem;
1192 /* XXX how do we signal this upstream? */
1194 if (RFCOMM_EA(msc.modem) == 0) {
1195 if (m->m_pkthdr.len < sizeof(msc.brk))
1198 m_copydata(m, 0, sizeof(msc.brk), &msc.brk);
1199 m_adj(m, sizeof(msc.brk));
1200 len += sizeof(msc.brk);
1202 /* XXX how do we signal this upstream? */
1205 rfcomm_session_send_mcc(rs, 0, RFCOMM_MCC_MSC, &msc, len);
1209 * process Remote Port Negotiation command/response
1212 rfcomm_session_recv_mcc_rpn(struct rfcomm_session *rs, int cr, struct mbuf *m)
1214 struct rfcomm_mcc_rpn rpn;
1217 if (cr == 0) /* ignore ack */
1220 /* default values */
1221 rpn.bit_rate = RFCOMM_RPN_BR_9600;
1222 rpn.line_settings = RFCOMM_RPN_8_N_1;
1223 rpn.flow_control = RFCOMM_RPN_FLOW_NONE;
1224 rpn.xon_char = RFCOMM_RPN_XON_CHAR;
1225 rpn.xoff_char = RFCOMM_RPN_XOFF_CHAR;
1227 if (m->m_pkthdr.len == sizeof(rpn)) {
1228 m_copydata(m, 0, sizeof(rpn), (caddr_t)&rpn);
1229 rpn.param_mask = RFCOMM_RPN_PM_ALL;
1230 } else if (m->m_pkthdr.len == 1) {
1231 m_copydata(m, 0, 1, (caddr_t)&rpn);
1232 rpn.param_mask = letoh16(rpn.param_mask);
1234 DPRINTF("Bad RPN length (%d)\n", m->m_pkthdr.len);
1240 if (rpn.param_mask & RFCOMM_RPN_PM_RATE)
1241 mask |= RFCOMM_RPN_PM_RATE;
1243 if (rpn.param_mask & RFCOMM_RPN_PM_DATA
1244 && RFCOMM_RPN_DATA_BITS(rpn.line_settings) == RFCOMM_RPN_DATA_8)
1245 mask |= RFCOMM_RPN_PM_DATA;
1247 if (rpn.param_mask & RFCOMM_RPN_PM_STOP
1248 && RFCOMM_RPN_STOP_BITS(rpn.line_settings) == RFCOMM_RPN_STOP_1)
1249 mask |= RFCOMM_RPN_PM_STOP;
1251 if (rpn.param_mask & RFCOMM_RPN_PM_PARITY
1252 && RFCOMM_RPN_PARITY(rpn.line_settings) == RFCOMM_RPN_PARITY_NONE)
1253 mask |= RFCOMM_RPN_PM_PARITY;
1255 if (rpn.param_mask & RFCOMM_RPN_PM_XON
1256 && rpn.xon_char == RFCOMM_RPN_XON_CHAR)
1257 mask |= RFCOMM_RPN_PM_XON;
1259 if (rpn.param_mask & RFCOMM_RPN_PM_XOFF
1260 && rpn.xoff_char == RFCOMM_RPN_XOFF_CHAR)
1261 mask |= RFCOMM_RPN_PM_XOFF;
1263 if (rpn.param_mask & RFCOMM_RPN_PM_FLOW
1264 && rpn.flow_control == RFCOMM_RPN_FLOW_NONE)
1265 mask |= RFCOMM_RPN_PM_FLOW;
1267 rpn.param_mask = htole16(mask);
1269 rfcomm_session_send_mcc(rs, 0, RFCOMM_MCC_RPN, &rpn, sizeof(rpn));
1273 * process Remote Line Status command/response
1276 rfcomm_session_recv_mcc_rls(struct rfcomm_session *rs, int cr, struct mbuf *m)
1278 struct rfcomm_mcc_rls rls;
1280 if (cr == 0) /* ignore ack */
1283 if (m->m_pkthdr.len != sizeof(rls)) {
1284 DPRINTF("Bad RLS length %d\n", m->m_pkthdr.len);
1288 m_copydata(m, 0, sizeof(rls), (caddr_t)&rls);
1291 * So far as I can tell, we just send back what
1292 * they sent us. This signifies errors that seem
1293 * irrelevent for RFCOMM over L2CAP.
1295 rls.address |= 0x03; /* EA = 1, CR = 1 */
1296 rls.status &= 0x0f; /* only 4 bits valid */
1298 rfcomm_session_send_mcc(rs, 0, RFCOMM_MCC_RLS, &rls, sizeof(rls));
1302 * process Parameter Negotiation command/response
1305 rfcomm_session_recv_mcc_pn(struct rfcomm_session *rs, int cr, struct mbuf *m)
1307 struct rfcomm_dlc *dlc;
1308 struct rfcomm_mcc_pn pn;
1311 if (m->m_pkthdr.len != sizeof(pn)) {
1312 DPRINTF("Bad PN length %d\n", m->m_pkthdr.len);
1316 m_copydata(m, 0, sizeof(pn), (caddr_t)&pn);
1319 pn.mtu = letoh16(pn.mtu);
1321 dlc = rfcomm_dlc_lookup(rs, pn.dlci);
1322 if (cr) { /* Command */
1324 * If there is no DLC present, this is a new
1325 * connection so attempt to make one
1328 dlc = rfcomm_dlc_newconn(rs, pn.dlci);
1330 return; /* (DM is sent) */
1333 /* accept any valid MTU, and offer it back */
1334 pn.mtu = min(pn.mtu, RFCOMM_MTU_MAX);
1335 pn.mtu = min(pn.mtu, rs->rs_mtu);
1336 pn.mtu = max(pn.mtu, RFCOMM_MTU_MIN);
1337 dlc->rd_mtu = pn.mtu;
1338 pn.mtu = htole16(pn.mtu);
1340 /* credits are only set before DLC is open */
1341 if (dlc->rd_state == RFCOMM_DLC_WAIT_CONNECT
1342 && (pn.flow_control & 0xf0) == 0xf0) {
1343 rs->rs_flags |= RFCOMM_SESSION_CFC;
1344 dlc->rd_txcred = pn.credits & 0x07;
1346 dlc->rd_rxcred = (dlc->rd_rxsize / dlc->rd_mtu);
1347 dlc->rd_rxcred = min(dlc->rd_rxcred,
1348 RFCOMM_CREDITS_DEFAULT);
1350 pn.flow_control = 0xe0;
1351 pn.credits = dlc->rd_rxcred;
1353 pn.flow_control = 0x00;
1357 /* unused fields must be ignored and set to zero */
1361 /* send our response */
1362 err = rfcomm_session_send_mcc(rs, 0,
1363 RFCOMM_MCC_PN, &pn, sizeof(pn));
1367 } else { /* Response */
1368 /* ignore responses with no matching DLC */
1372 callout_stop(&dlc->rd_timeout);
1374 if (pn.mtu > RFCOMM_MTU_MAX || pn.mtu > dlc->rd_mtu) {
1375 dlc->rd_state = RFCOMM_DLC_WAIT_DISCONNECT;
1376 err = rfcomm_session_send_frame(rs, RFCOMM_FRAME_DISC,
1381 callout_reset(&dlc->rd_timeout, rfcomm_ack_timeout * hz,
1382 rfcomm_dlc_timeout, dlc);
1385 dlc->rd_mtu = pn.mtu;
1387 /* if DLC is not waiting to connect, we are done */
1388 if (dlc->rd_state != RFCOMM_DLC_WAIT_CONNECT)
1391 /* set initial credits according to RFCOMM spec */
1392 if ((pn.flow_control & 0xf0) == 0xe0) {
1393 rs->rs_flags |= RFCOMM_SESSION_CFC;
1394 dlc->rd_txcred = (pn.credits & 0x07);
1397 callout_reset(&dlc->rd_timeout, rfcomm_ack_timeout * hz,
1398 rfcomm_dlc_timeout, dlc);
1401 err = rfcomm_dlc_setmode(dlc);
1402 if (err == EINPROGRESS) {
1403 dlc->rd_state = RFCOMM_DLC_WAIT_SEND_SABM;
1404 (*dlc->rd_proto->connecting)(dlc->rd_upper);
1410 /* we can proceed now */
1411 err = rfcomm_session_send_frame(rs, RFCOMM_FRAME_SABM, pn.dlci);
1415 dlc->rd_state = RFCOMM_DLC_WAIT_RECV_UA;
1420 rfcomm_dlc_close(dlc, err);
1424 * process Non Supported Command command/response
1427 rfcomm_session_recv_mcc_nsc(struct rfcomm_session *rs,
1428 int cr, struct mbuf *m)
1430 struct rfcomm_dlc *dlc, *next;
1433 * Since we did nothing that is not mandatory,
1434 * we just abort the whole session..
1437 next = LIST_FIRST(&rs->rs_dlcs);
1438 while ((dlc = next) != NULL) {
1439 next = LIST_NEXT(dlc, rd_next);
1440 rfcomm_dlc_close(dlc, ECONNABORTED);
1443 rfcomm_session_free(rs);
1446 /***********************************************************************
1448 * RFCOMM Session outward frame/uih/mcc building
1452 * SABM/DISC/DM/UA frames are all minimal and mostly identical.
1455 rfcomm_session_send_frame(struct rfcomm_session *rs, int type, int dlci)
1457 struct rfcomm_cmd_hdr *hdr;
1458 struct rfcomm_credit *credit;
1462 credit = pool_get(&rfcomm_credit_pool, PR_NOWAIT);
1466 m = m_gethdr(MB_DONTWAIT, MT_DATA);
1468 pool_put(&rfcomm_credit_pool, credit);
1473 * The CR (command/response) bit identifies the frame either as a
1474 * commmand or a response and is used along with the DLCI to form
1475 * the address. Commands contain the non-initiator address, whereas
1476 * responses contain the initiator address, so the CR value is
1477 * also dependent on the session direction.
1479 if (type == RFCOMM_FRAME_UA || type == RFCOMM_FRAME_DM)
1480 cr = IS_INITIATOR(rs) ? 0 : 1;
1482 cr = IS_INITIATOR(rs) ? 1 : 0;
1484 hdr = mtod(m, struct rfcomm_cmd_hdr *);
1485 hdr->address = RFCOMM_MKADDRESS(cr, dlci);
1486 hdr->control = RFCOMM_MKCONTROL(type, 1); /* PF = 1 */
1487 hdr->length = (0x00 << 1) | 0x01; /* len = 0x00, EA = 1 */
1490 fcs = FCS(fcs, hdr->address);
1491 fcs = FCS(fcs, hdr->control);
1492 fcs = FCS(fcs, hdr->length);
1493 fcs = 0xff - fcs; /* ones complement */
1496 m->m_pkthdr.len = m->m_len = sizeof(struct rfcomm_cmd_hdr);
1498 /* empty credit note */
1499 credit->rc_dlc = NULL;
1500 credit->rc_len = m->m_pkthdr.len;
1501 STAILQ_INSERT_TAIL(&rs->rs_credits, credit, rc_next);
1503 DPRINTFN(5, "dlci %d type %2.2x (%d bytes, fcs=%#2.2x)\n",
1504 dlci, type, m->m_pkthdr.len, fcs);
1506 return l2cap_send(rs->rs_l2cap, m);
1510 * rfcomm_session_send_uih(rfcomm_session, rfcomm_dlc, credits, mbuf)
1512 * UIH frame is per DLC data or Multiplexer Control Commands
1513 * when no DLC is given. Data mbuf is optional (just credits
1514 * will be sent in that case)
1517 rfcomm_session_send_uih(struct rfcomm_session *rs, struct rfcomm_dlc *dlc,
1518 int credits, struct mbuf *m)
1520 struct rfcomm_credit *credit;
1521 struct mbuf *m0 = NULL;
1525 KKASSERT(rs != NULL);
1527 len = (m == NULL) ? 0 : m->m_pkthdr.len;
1528 KKASSERT(!(credits == 0 && len == 0));
1531 * Make a credit note for the completion notification
1533 credit = pool_get(&rfcomm_credit_pool, PR_NOWAIT);
1537 credit->rc_len = len;
1538 credit->rc_dlc = dlc;
1541 * Wrap UIH frame information around payload.
1543 * [ADDRESS] [CONTROL] [LENGTH] [CREDITS] [...] [FCS]
1545 * Address is one octet.
1546 * Control is one octet.
1547 * Length is one or two octets.
1548 * Credits may be one octet.
1550 * FCS is one octet and calculated on address and
1551 * control octets only.
1553 * If there are credits to be sent, we will set the PF
1554 * flag and include them in the frame.
1556 m0 = m_gethdr(MB_DONTWAIT, MT_DATA);
1560 MH_ALIGN(m0, 5); /* (max 5 header octets) */
1561 hdr = mtod(m0, uint8_t *);
1563 /* CR bit is set according to the initiator of the session */
1564 *hdr = RFCOMM_MKADDRESS((IS_INITIATOR(rs) ? 1 : 0),
1565 (dlc ? dlc->rd_dlci : 0));
1566 fcs = FCS(0xff, *hdr);
1569 /* PF bit is set if credits are being sent */
1570 *hdr = RFCOMM_MKCONTROL(RFCOMM_FRAME_UIH, (credits > 0 ? 1 : 0));
1571 fcs = FCS(fcs, *hdr);
1574 if (len < (1 << 7)) {
1575 *hdr++ = ((len << 1) & 0xfe) | 0x01; /* 7 bits, EA = 1 */
1577 *hdr++ = ((len << 1) & 0xfe); /* 7 bits, EA = 0 */
1578 *hdr++ = ((len >> 7) & 0xff); /* 8 bits, no EA */
1582 *hdr++ = (uint8_t)credits;
1584 m0->m_len = hdr - mtod(m0, uint8_t *);
1586 /* Append payload */
1590 m0->m_pkthdr.len = m0->m_len + len;
1593 fcs = 0xff - fcs; /* ones complement */
1594 len = m0->m_pkthdr.len;
1595 m_copyback(m0, len, sizeof(fcs), &fcs);
1596 if (m0->m_pkthdr.len != len + sizeof(fcs))
1599 DPRINTFN(10, "dlci %d, pktlen %d (%d data, %d credits), fcs=%#2.2x\n",
1600 dlc ? dlc->rd_dlci : 0, m0->m_pkthdr.len, credit->rc_len,
1604 * UIH frame ready to go..
1606 err = l2cap_send(rs->rs_l2cap, m0);
1610 STAILQ_INSERT_TAIL(&rs->rs_credits, credit, rc_next);
1624 pool_put(&rfcomm_credit_pool, credit);
1630 * send Multiplexer Control Command (or Response) on session
1633 rfcomm_session_send_mcc(struct rfcomm_session *rs, int cr,
1634 uint8_t type, void *data, int len)
1640 m = m_gethdr(MB_DONTWAIT, MT_DATA);
1644 hdr = mtod(m, uint8_t *);
1647 * Technically the type field can extend past one octet, but none
1648 * currently defined will do that.
1650 *hdr++ = RFCOMM_MKMCC_TYPE(cr, type);
1653 * In the frame, the max length size is 2 octets (15 bits) whereas
1654 * no max length size is specified for MCC commands. We must allow
1655 * for 3 octets since for MCC frames we use 7 bits + EA in each.
1657 * Only test data can possibly be that big.
1659 * XXX Should we check this against the MTU?
1661 if (len < (1 << 7)) {
1662 *hdr++ = ((len << 1) & 0xfe) | 0x01; /* 7 bits, EA = 1 */
1663 } else if (len < (1 << 14)) {
1664 *hdr++ = ((len << 1) & 0xfe); /* 7 bits, EA = 0 */
1665 *hdr++ = ((len >> 6) & 0xfe) | 0x01; /* 7 bits, EA = 1 */
1666 } else if (len < (1 << 15)) {
1667 *hdr++ = ((len << 1) & 0xfe); /* 7 bits, EA = 0 */
1668 *hdr++ = ((len >> 6) & 0xfe); /* 7 bits, EA = 0 */
1669 *hdr++ = ((len >> 13) & 0x02) | 0x01; /* 1 bit, EA = 1 */
1671 DPRINTF("incredible length! (%d)\n", len);
1677 * add command data (to same mbuf if possible)
1679 hlen = hdr - mtod(m, uint8_t *);
1682 m->m_pkthdr.len = m->m_len = MHLEN;
1683 m_copyback(m, hlen, len, data);
1684 if (m->m_pkthdr.len != max(MHLEN, hlen + len)) {
1690 m->m_pkthdr.len = hlen + len;
1691 m->m_len = min(MHLEN, m->m_pkthdr.len);
1693 DPRINTFN(5, "%s type %2.2x len %d\n",
1694 (cr ? "command" : "response"), type, m->m_pkthdr.len);
1696 return rfcomm_session_send_uih(rs, NULL, 0, m);
projects / dragonfly.git / blob