1 /* $DragonFly: src/sys/netbt/rfcomm_session.c,v 1.2 2008/03/18 13:41:42 hasso Exp $ */
2 /* $OpenBSD: src/sys/netbt/rfcomm_session.c,v 1.3 2008/02/24 21:34:48 uwe Exp $ */
3 /* $NetBSD: rfcomm_session.c,v 1.12 2008/01/31 19:30:23 plunky Exp $ */
6 * Copyright (c) 2006 Itronix Inc.
9 * Written by Iain Hibbert for Itronix Inc.
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. The name of Itronix Inc. may not be used to endorse
20 * or promote products derived from this software without specific
21 * prior written permission.
23 * THIS SOFTWARE IS PROVIDED BY ITRONIX INC. ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
25 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
26 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ITRONIX INC. BE LIABLE FOR ANY
27 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
28 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
29 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
30 * ON ANY THEORY OF LIABILITY, WHETHER IN
31 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
32 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGE.
36 #include <sys/param.h>
37 #include <sys/kernel.h>
40 #include <sys/systm.h>
41 #include <sys/types.h>
42 #include <sys/endian.h>
46 #include <netbt/bluetooth.h>
47 #include <netbt/hci.h>
48 #include <netbt/l2cap.h>
49 #include <netbt/rfcomm.h>
51 /******************************************************************************
53 * RFCOMM Multiplexer Sessions sit directly on L2CAP channels, and can
54 * multiplex up to 30 incoming and 30 outgoing connections.
55 * Only one Multiplexer is allowed between any two devices.
58 static void rfcomm_session_recv_sabm(struct rfcomm_session *, int);
59 static void rfcomm_session_recv_disc(struct rfcomm_session *, int);
60 static void rfcomm_session_recv_ua(struct rfcomm_session *, int);
61 static void rfcomm_session_recv_dm(struct rfcomm_session *, int);
62 static void rfcomm_session_recv_uih(struct rfcomm_session *, int, int, struct mbuf *, int);
63 static void rfcomm_session_recv_mcc(struct rfcomm_session *, struct mbuf *);
64 static void rfcomm_session_recv_mcc_test(struct rfcomm_session *, int, struct mbuf *);
65 static void rfcomm_session_recv_mcc_fcon(struct rfcomm_session *, int);
66 static void rfcomm_session_recv_mcc_fcoff(struct rfcomm_session *, int);
67 static void rfcomm_session_recv_mcc_msc(struct rfcomm_session *, int, struct mbuf *);
68 static void rfcomm_session_recv_mcc_rpn(struct rfcomm_session *, int, struct mbuf *);
69 static void rfcomm_session_recv_mcc_rls(struct rfcomm_session *, int, struct mbuf *);
70 static void rfcomm_session_recv_mcc_pn(struct rfcomm_session *, int, struct mbuf *);
71 static void rfcomm_session_recv_mcc_nsc(struct rfcomm_session *, int, struct mbuf *);
74 static void rfcomm_session_connecting(void *);
75 static void rfcomm_session_connected(void *);
76 static void rfcomm_session_disconnected(void *, int);
77 static void *rfcomm_session_newconn(void *, struct sockaddr_bt *, struct sockaddr_bt *);
78 static void rfcomm_session_complete(void *, int);
79 static void rfcomm_session_linkmode(void *, int);
80 static void rfcomm_session_input(void *, struct mbuf *);
82 static const struct btproto rfcomm_session_proto = {
83 rfcomm_session_connecting,
84 rfcomm_session_connected,
85 rfcomm_session_disconnected,
86 rfcomm_session_newconn,
87 rfcomm_session_complete,
88 rfcomm_session_linkmode,
92 struct rfcomm_session_list
93 rfcomm_session_active = LIST_HEAD_INITIALIZER(rfcomm_session_active);
95 struct rfcomm_session_list
96 rfcomm_session_listen = LIST_HEAD_INITIALIZER(rfcomm_session_listen);
98 vm_zone_t rfcomm_credit_pool;
101 * RFCOMM System Parameters (see section 5.3)
103 int rfcomm_mtu_default = 127; /* bytes */
104 int rfcomm_ack_timeout = 20; /* seconds */
105 int rfcomm_mcc_timeout = 20; /* seconds */
108 * Reversed CRC table as per TS 07.10 Annex B.3.5
110 static const uint8_t crctable[256] = { /* reversed, 8-bit, poly=0x07 */
111 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
112 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
113 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
114 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
116 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
117 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
118 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
119 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
121 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
122 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
123 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
124 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
126 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
127 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
128 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
129 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
131 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
132 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
133 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
134 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
136 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
137 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
138 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
139 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
141 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
142 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
143 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
144 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
146 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
147 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
148 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
149 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
152 #define FCS(f, d) crctable[(f) ^ (d)]
157 * initialize the "credit pool".
162 rfcomm_credit_pool = zinit("rfcomm_credit",
163 sizeof(struct rfcomm_credit), 0, 0, 0);
167 * rfcomm_session_alloc(list, sockaddr)
169 * allocate a new session and fill in the blanks, then
170 * attach session to front of specified list (active or listen)
172 struct rfcomm_session *
173 rfcomm_session_alloc(struct rfcomm_session_list *list,
174 struct sockaddr_bt *laddr)
176 struct rfcomm_session *rs;
179 rs = kmalloc(sizeof(*rs), M_BLUETOOTH, M_NOWAIT | M_ZERO);
183 rs->rs_state = RFCOMM_SESSION_CLOSED;
185 callout_init(&rs->rs_timeout);
187 STAILQ_INIT(&rs->rs_credits);
188 LIST_INIT(&rs->rs_dlcs);
190 err = l2cap_attach(&rs->rs_l2cap, &rfcomm_session_proto, rs);
192 kfree(rs, M_BLUETOOTH);
196 (void)l2cap_getopt(rs->rs_l2cap, SO_L2CAP_OMTU, &rs->rs_mtu);
198 if (laddr->bt_psm == L2CAP_PSM_ANY)
199 laddr->bt_psm = L2CAP_PSM_RFCOMM;
201 (void)l2cap_bind(rs->rs_l2cap, laddr);
203 LIST_INSERT_HEAD(list, rs, rs_next);
209 * rfcomm_session_free(rfcomm_session)
211 * release a session, including any cleanup
214 rfcomm_session_free(struct rfcomm_session *rs)
216 struct rfcomm_credit *credit;
218 KKASSERT(rs != NULL);
219 KKASSERT(LIST_EMPTY(&rs->rs_dlcs));
221 rs->rs_state = RFCOMM_SESSION_CLOSED;
224 * If the callout is already invoked we have no way to stop it,
225 * but it will call us back right away (there are no DLC's) so
228 callout_stop(&rs->rs_timeout);
229 if (callout_active(&rs->rs_timeout))
233 * Take care that rfcomm_session_disconnected() doesnt call
234 * us back either as it will do if the l2cap_channel has not
235 * been closed when we detach it..
237 if (rs->rs_flags & RFCOMM_SESSION_FREE)
240 rs->rs_flags |= RFCOMM_SESSION_FREE;
242 /* throw away any remaining credit notes */
243 while ((credit = STAILQ_FIRST(&rs->rs_credits)) != NULL) {
244 STAILQ_REMOVE_HEAD(&rs->rs_credits, rc_next);
245 zfree(rfcomm_credit_pool, credit);
248 KKASSERT(STAILQ_EMPTY(&rs->rs_credits));
251 LIST_REMOVE(rs, rs_next);
252 l2cap_detach(&rs->rs_l2cap);
253 kfree(rs, M_BLUETOOTH);
257 * rfcomm_session_lookup(sockaddr, sockaddr)
259 * Find active rfcomm session matching src and dest addresses
260 * when src is BDADDR_ANY match any local address
262 struct rfcomm_session *
263 rfcomm_session_lookup(struct sockaddr_bt *src, struct sockaddr_bt *dest)
265 struct rfcomm_session *rs;
266 struct sockaddr_bt addr;
268 LIST_FOREACH(rs, &rfcomm_session_active, rs_next) {
269 if (rs->rs_state == RFCOMM_SESSION_CLOSED)
272 l2cap_sockaddr(rs->rs_l2cap, &addr);
274 if (bdaddr_same(&src->bt_bdaddr, &addr.bt_bdaddr) == 0)
275 if (bdaddr_any(&src->bt_bdaddr) == 0)
278 l2cap_peeraddr(rs->rs_l2cap, &addr);
280 if (addr.bt_psm != dest->bt_psm)
283 if (bdaddr_same(&dest->bt_bdaddr, &addr.bt_bdaddr))
291 * rfcomm_session_timeout(rfcomm_session)
293 * Session timeouts are scheduled when a session is left or
294 * created with no DLCs, and when SABM(0) or DISC(0) are
297 * So, if it is in an open state with DLC's attached then
298 * we leave it alone, otherwise the session is lost.
301 rfcomm_session_timeout(void *arg)
303 struct rfcomm_session *rs = arg;
304 struct rfcomm_dlc *dlc;
306 KKASSERT(rs != NULL);
310 if (rs->rs_state != RFCOMM_SESSION_OPEN) {
311 DPRINTF("timeout\n");
312 rs->rs_state = RFCOMM_SESSION_CLOSED;
314 while (!LIST_EMPTY(&rs->rs_dlcs)) {
315 dlc = LIST_FIRST(&rs->rs_dlcs);
317 rfcomm_dlc_close(dlc, ETIMEDOUT);
321 if (LIST_EMPTY(&rs->rs_dlcs)) {
322 DPRINTF("expiring\n");
323 rfcomm_session_free(rs);
328 /***********************************************************************
330 * RFCOMM Session L2CAP protocol callbacks
335 rfcomm_session_connecting(void *arg)
337 /* struct rfcomm_session *rs = arg; */
339 DPRINTF("Connecting\n");
343 rfcomm_session_connected(void *arg)
345 struct rfcomm_session *rs = arg;
347 DPRINTF("Connected\n");
352 * If we are initiator, we can send our SABM(0)
353 * a timeout should be active?
355 * We must take note of the L2CAP MTU because currently
356 * the L2CAP implementation can only do Basic Mode.
358 l2cap_getopt(rs->rs_l2cap, SO_L2CAP_OMTU, &rs->rs_mtu);
360 rs->rs_mtu -= 6; /* (RFCOMM overhead could be this big) */
361 if (rs->rs_mtu < RFCOMM_MTU_MIN) {
362 rfcomm_session_disconnected(rs, EINVAL);
366 if (IS_INITIATOR(rs)) {
369 err = rfcomm_session_send_frame(rs, RFCOMM_FRAME_SABM, 0);
371 rfcomm_session_disconnected(rs, err);
373 callout_reset(&rs->rs_timeout, rfcomm_ack_timeout * hz,
374 rfcomm_session_timeout, rs);
379 rfcomm_session_disconnected(void *arg, int err)
381 struct rfcomm_session *rs = arg;
382 struct rfcomm_dlc *dlc;
384 DPRINTF("Disconnected\n");
386 rs->rs_state = RFCOMM_SESSION_CLOSED;
388 while (!LIST_EMPTY(&rs->rs_dlcs)) {
389 dlc = LIST_FIRST(&rs->rs_dlcs);
391 rfcomm_dlc_close(dlc, err);
394 rfcomm_session_free(rs);
398 rfcomm_session_newconn(void *arg, struct sockaddr_bt *laddr,
399 struct sockaddr_bt *raddr)
401 struct rfcomm_session *new, *rs = arg;
403 DPRINTF("New Connection\n");
406 * Incoming session connect request. We should return a new
407 * session pointer if this is acceptable. The L2CAP layer
408 * passes local and remote addresses, which we must check as
409 * only one RFCOMM session is allowed between any two devices
411 new = rfcomm_session_lookup(laddr, raddr);
415 new = rfcomm_session_alloc(&rfcomm_session_active, laddr);
419 new->rs_mtu = rs->rs_mtu;
420 new->rs_state = RFCOMM_SESSION_WAIT_CONNECT;
423 * schedule an expiry so that if nothing comes of it we
426 callout_reset(&rs->rs_timeout, rfcomm_mcc_timeout * hz,
427 rfcomm_session_timeout, rs);
429 return new->rs_l2cap;
433 rfcomm_session_complete(void *arg, int count)
435 struct rfcomm_session *rs = arg;
436 struct rfcomm_credit *credit;
437 struct rfcomm_dlc *dlc;
440 * count L2CAP packets are 'complete', meaning that they are cleared
441 * our buffers (for best effort) or arrived safe (for guaranteed) so
442 * we can take it off our list and pass the message on, so that
443 * eventually the data can be removed from the sockbuf
445 while (count-- > 0) {
446 credit = STAILQ_FIRST(&rs->rs_credits);
448 if (credit == NULL) {
449 kprintf("%s: too many packets completed!\n", __func__);
453 dlc = credit->rc_dlc;
456 (*dlc->rd_proto->complete)
457 (dlc->rd_upper, credit->rc_len);
460 * if not using credit flow control, we may push
463 if ((rs->rs_flags & RFCOMM_SESSION_CFC) == 0
464 && dlc->rd_state == RFCOMM_DLC_OPEN) {
465 rfcomm_dlc_start(dlc);
469 * When shutdown is indicated, we are just waiting to
470 * clear outgoing data.
472 if ((dlc->rd_flags & RFCOMM_DLC_SHUTDOWN)
473 && dlc->rd_txbuf == NULL && dlc->rd_pending == 0) {
474 dlc->rd_state = RFCOMM_DLC_WAIT_DISCONNECT;
475 rfcomm_session_send_frame(rs, RFCOMM_FRAME_DISC,
477 callout_reset(&dlc->rd_timeout,
478 rfcomm_ack_timeout * hz,
479 rfcomm_dlc_timeout, dlc);
483 STAILQ_REMOVE_HEAD(&rs->rs_credits, rc_next);
484 zfree(rfcomm_credit_pool, credit);
488 * If session is closed, we are just waiting to clear the queue
490 if (rs->rs_state == RFCOMM_SESSION_CLOSED) {
491 if (STAILQ_EMPTY(&rs->rs_credits))
492 l2cap_disconnect(rs->rs_l2cap, 0);
499 * This is called when a mode change is complete. Proceed with connections
500 * where appropriate, or pass the new mode to any active DLCs.
503 rfcomm_session_linkmode(void *arg, int new)
505 struct rfcomm_session *rs = arg;
506 struct rfcomm_dlc *dlc, *next;
509 DPRINTF("auth %s, encrypt %s, secure %s\n",
510 (new & L2CAP_LM_AUTH ? "on" : "off"),
511 (new & L2CAP_LM_ENCRYPT ? "on" : "off"),
512 (new & L2CAP_LM_SECURE ? "on" : "off"));
514 if (new & L2CAP_LM_AUTH)
515 mode |= RFCOMM_LM_AUTH;
517 if (new & L2CAP_LM_ENCRYPT)
518 mode |= RFCOMM_LM_ENCRYPT;
520 if (new & L2CAP_LM_SECURE)
521 mode |= RFCOMM_LM_SECURE;
523 next = LIST_FIRST(&rs->rs_dlcs);
524 while ((dlc = next) != NULL) {
525 next = LIST_NEXT(dlc, rd_next);
527 switch (dlc->rd_state) {
528 case RFCOMM_DLC_WAIT_SEND_SABM: /* we are connecting */
529 if ((mode & dlc->rd_mode) != dlc->rd_mode) {
530 rfcomm_dlc_close(dlc, ECONNABORTED);
532 err = rfcomm_session_send_frame(rs,
533 RFCOMM_FRAME_SABM, dlc->rd_dlci);
535 rfcomm_dlc_close(dlc, err);
537 dlc->rd_state = RFCOMM_DLC_WAIT_RECV_UA;
538 callout_reset(&dlc->rd_timeout,
539 rfcomm_ack_timeout * hz,
540 rfcomm_dlc_timeout, dlc);
547 * If we aborted the connection and there are no more DLCs
548 * on the session, it is our responsibility to disconnect.
550 if (!LIST_EMPTY(&rs->rs_dlcs))
553 rs->rs_state = RFCOMM_SESSION_WAIT_DISCONNECT;
554 rfcomm_session_send_frame(rs, RFCOMM_FRAME_DISC, 0);
555 callout_reset(&rs->rs_timeout, rfcomm_ack_timeout * hz,
556 rfcomm_session_timeout, rs);
559 case RFCOMM_DLC_WAIT_SEND_UA: /* they are connecting */
560 if ((mode & dlc->rd_mode) != dlc->rd_mode) {
561 rfcomm_session_send_frame(rs,
562 RFCOMM_FRAME_DM, dlc->rd_dlci);
563 rfcomm_dlc_close(dlc, ECONNABORTED);
567 err = rfcomm_session_send_frame(rs,
568 RFCOMM_FRAME_UA, dlc->rd_dlci);
570 rfcomm_session_send_frame(rs,
571 RFCOMM_FRAME_DM, dlc->rd_dlci);
572 rfcomm_dlc_close(dlc, err);
576 err = rfcomm_dlc_open(dlc);
578 rfcomm_session_send_frame(rs,
579 RFCOMM_FRAME_DM, dlc->rd_dlci);
580 rfcomm_dlc_close(dlc, err);
586 case RFCOMM_DLC_WAIT_RECV_UA:
587 case RFCOMM_DLC_OPEN: /* already established */
588 (*dlc->rd_proto->linkmode)(dlc->rd_upper, mode);
598 * Receive data from L2CAP layer for session. There is always exactly one
599 * RFCOMM frame contained in each L2CAP frame.
602 rfcomm_session_input(void *arg, struct mbuf *m)
604 struct rfcomm_session *rs = arg;
605 int dlci, len, type, pf;
609 KKASSERT(rs != NULL);
612 * UIH frames: FCS is only calculated on address and control fields
613 * For other frames: FCS is calculated on address, control and length
614 * Length may extend to two octets
618 if (m->m_pkthdr.len < 4) {
619 DPRINTF("short frame (%d), discarded\n", m->m_pkthdr.len);
623 /* address - one octet */
624 m_copydata(m, 0, 1, &b);
627 dlci = RFCOMM_DLCI(b);
629 /* control - one octet */
630 m_copydata(m, 0, 1, &b);
633 type = RFCOMM_TYPE(b);
636 /* length - may be two octets */
637 m_copydata(m, 0, 1, &b);
639 if (type != RFCOMM_FRAME_UIH)
641 len = (b >> 1) & 0x7f;
643 if (RFCOMM_EA(b) == 0) {
644 if (m->m_pkthdr.len < 2) {
645 DPRINTF("short frame (%d, EA = 0), discarded\n",
650 m_copydata(m, 0, 1, &b);
652 if (type != RFCOMM_FRAME_UIH)
658 /* FCS byte is last octet in frame */
659 m_copydata(m, m->m_pkthdr.len - 1, 1, &b);
664 DPRINTF("Bad FCS value (%#2.2x), frame discarded\n", fcs);
668 DPRINTFN(10, "dlci %d, type %2.2x, len = %d\n", dlci, type, len);
671 case RFCOMM_FRAME_SABM:
673 rfcomm_session_recv_sabm(rs, dlci);
676 case RFCOMM_FRAME_DISC:
678 rfcomm_session_recv_disc(rs, dlci);
681 case RFCOMM_FRAME_UA:
683 rfcomm_session_recv_ua(rs, dlci);
686 case RFCOMM_FRAME_DM:
687 rfcomm_session_recv_dm(rs, dlci);
690 case RFCOMM_FRAME_UIH:
691 rfcomm_session_recv_uih(rs, dlci, pf, m, len);
692 return; /* (no release) */
703 /***********************************************************************
705 * RFCOMM Session receive processing
709 * rfcomm_session_recv_sabm(rfcomm_session, dlci)
711 * Set Asyncrhonous Balanced Mode - open the channel.
714 rfcomm_session_recv_sabm(struct rfcomm_session *rs, int dlci)
716 struct rfcomm_dlc *dlc;
719 DPRINTFN(5, "SABM(%d)\n", dlci);
721 if (dlci == 0) { /* Open Session */
722 rs->rs_state = RFCOMM_SESSION_OPEN;
723 rfcomm_session_send_frame(rs, RFCOMM_FRAME_UA, 0);
724 LIST_FOREACH(dlc, &rs->rs_dlcs, rd_next) {
725 if (dlc->rd_state == RFCOMM_DLC_WAIT_SESSION)
726 rfcomm_dlc_connect(dlc);
731 if (rs->rs_state != RFCOMM_SESSION_OPEN) {
732 DPRINTF("session was not even open!\n");
736 /* validate direction bit */
737 if ((IS_INITIATOR(rs) && !RFCOMM_DIRECTION(dlci))
738 || (!IS_INITIATOR(rs) && RFCOMM_DIRECTION(dlci))) {
739 DPRINTF("Invalid direction bit on DLCI\n");
744 * look for our DLC - this may exist if we received PN
745 * already, or we may have to fabricate a new one.
747 dlc = rfcomm_dlc_lookup(rs, dlci);
749 dlc = rfcomm_dlc_newconn(rs, dlci);
751 return; /* (DM is sent) */
755 * ..but if this DLC is not waiting to connect, they did
756 * something wrong, ignore it.
758 if (dlc->rd_state != RFCOMM_DLC_WAIT_CONNECT)
762 err = rfcomm_dlc_setmode(dlc);
763 if (err == EINPROGRESS) {
764 dlc->rd_state = RFCOMM_DLC_WAIT_SEND_UA;
765 (*dlc->rd_proto->connecting)(dlc->rd_upper);
771 err = rfcomm_session_send_frame(rs, RFCOMM_FRAME_UA, dlci);
775 /* and mark it open */
776 err = rfcomm_dlc_open(dlc);
783 rfcomm_dlc_close(dlc, err);
787 * Receive Disconnect Command
790 rfcomm_session_recv_disc(struct rfcomm_session *rs, int dlci)
792 struct rfcomm_dlc *dlc;
794 DPRINTFN(5, "DISC(%d)\n", dlci);
800 * We set the session state to CLOSED so that when
801 * the UA frame is clear the session will be closed
802 * automatically. We wont bother to close any DLC's
803 * just yet as there should be none. In the unlikely
804 * event that something is left, it will get flushed
805 * out as the session goes down.
807 rfcomm_session_send_frame(rs, RFCOMM_FRAME_UA, 0);
808 rs->rs_state = RFCOMM_SESSION_CLOSED;
812 dlc = rfcomm_dlc_lookup(rs, dlci);
814 rfcomm_session_send_frame(rs, RFCOMM_FRAME_DM, dlci);
818 rfcomm_dlc_close(dlc, ECONNRESET);
819 rfcomm_session_send_frame(rs, RFCOMM_FRAME_UA, dlci);
823 * Receive Unnumbered Acknowledgement Response
825 * This should be a response to a DISC or SABM frame that we
826 * have previously sent. If unexpected, ignore it.
829 rfcomm_session_recv_ua(struct rfcomm_session *rs, int dlci)
831 struct rfcomm_dlc *dlc;
833 DPRINTFN(5, "UA(%d)\n", dlci);
836 switch (rs->rs_state) {
837 case RFCOMM_SESSION_WAIT_CONNECT: /* We sent SABM */
838 callout_stop(&rs->rs_timeout);
839 rs->rs_state = RFCOMM_SESSION_OPEN;
840 LIST_FOREACH(dlc, &rs->rs_dlcs, rd_next) {
841 if (dlc->rd_state == RFCOMM_DLC_WAIT_SESSION)
842 rfcomm_dlc_connect(dlc);
846 case RFCOMM_SESSION_WAIT_DISCONNECT: /* We sent DISC */
847 callout_stop(&rs->rs_timeout);
848 rs->rs_state = RFCOMM_SESSION_CLOSED;
849 l2cap_disconnect(rs->rs_l2cap, 0);
853 DPRINTF("Received spurious UA(0)!\n");
861 * If we have no DLC on this dlci, we may have aborted
862 * without shutting down properly, so check if the session
863 * needs disconnecting.
865 dlc = rfcomm_dlc_lookup(rs, dlci);
869 switch (dlc->rd_state) {
870 case RFCOMM_DLC_WAIT_RECV_UA: /* We sent SABM */
871 rfcomm_dlc_open(dlc);
874 case RFCOMM_DLC_WAIT_DISCONNECT: /* We sent DISC */
875 rfcomm_dlc_close(dlc, 0);
879 DPRINTF("Received spurious UA(%d)!\n", dlci);
883 check: /* last one out turns out the light */
884 if (LIST_EMPTY(&rs->rs_dlcs)) {
885 rs->rs_state = RFCOMM_SESSION_WAIT_DISCONNECT;
886 rfcomm_session_send_frame(rs, RFCOMM_FRAME_DISC, 0);
887 callout_reset(&rs->rs_timeout, rfcomm_ack_timeout*hz,rfcomm_session_timeout,rs);
892 * Receive Disconnected Mode Response
894 * If this does not apply to a known DLC then we may ignore it.
897 rfcomm_session_recv_dm(struct rfcomm_session *rs, int dlci)
899 struct rfcomm_dlc *dlc;
901 DPRINTFN(5, "DM(%d)\n", dlci);
903 dlc = rfcomm_dlc_lookup(rs, dlci);
907 if (dlc->rd_state == RFCOMM_DLC_WAIT_CONNECT)
908 rfcomm_dlc_close(dlc, ECONNREFUSED);
910 rfcomm_dlc_close(dlc, ECONNRESET);
914 * Receive Unnumbered Information with Header check (MCC or data packet)
917 rfcomm_session_recv_uih(struct rfcomm_session *rs, int dlci,
918 int pf, struct mbuf *m, int len)
920 struct rfcomm_dlc *dlc;
923 DPRINTFN(10, "UIH(%d)\n", dlci);
926 rfcomm_session_recv_mcc(rs, m);
930 if (m->m_pkthdr.len != len + pf) {
931 DPRINTF("Bad Frame Length (%d), frame discarded\n",
937 dlc = rfcomm_dlc_lookup(rs, dlci);
939 DPRINTF("UIH received for non existent DLC, discarded\n");
940 rfcomm_session_send_frame(rs, RFCOMM_FRAME_DM, dlci);
944 if (dlc->rd_state != RFCOMM_DLC_OPEN) {
945 DPRINTF("non-open DLC (state = %d), discarded\n",
950 /* if PF is set, credits were included */
951 if (rs->rs_flags & RFCOMM_SESSION_CFC) {
953 if (m->m_pkthdr.len < sizeof(credits)) {
954 DPRINTF("Bad PF value, UIH discarded\n");
958 m_copydata(m, 0, sizeof(credits), &credits);
959 m_adj(m, sizeof(credits));
961 dlc->rd_txcred += credits;
963 if (credits > 0 && dlc->rd_txbuf != NULL)
964 rfcomm_dlc_start(dlc);
970 if (dlc->rd_rxcred == 0) {
971 DPRINTF("Credit limit reached, UIH discarded\n");
975 if (len > dlc->rd_rxsize) {
976 DPRINTF("UIH frame exceeds rxsize, discarded\n");
981 dlc->rd_rxsize -= len;
984 (*dlc->rd_proto->input)(dlc->rd_upper, m);
992 * Receive Multiplexer Control Command
995 rfcomm_session_recv_mcc(struct rfcomm_session *rs, struct mbuf *m)
1001 * Extract MCC header.
1003 * Fields are variable length using extension bit = 1 to signify the
1004 * last octet in the sequence.
1006 * Only single octet types are defined in TS 07.10/RFCOMM spec
1008 * Length can realistically only use 15 bits (max RFCOMM MTU)
1010 if (m->m_pkthdr.len < sizeof(b)) {
1011 DPRINTF("Short MCC header, discarded\n");
1015 m_copydata(m, 0, sizeof(b), &b);
1016 m_adj(m, sizeof(b));
1018 if (RFCOMM_EA(b) == 0) { /* verify no extensions */
1019 DPRINTF("MCC type EA = 0, discarded\n");
1023 type = RFCOMM_MCC_TYPE(b);
1028 if (m->m_pkthdr.len < sizeof(b)) {
1029 DPRINTF("Short MCC header, discarded\n");
1033 m_copydata(m, 0, sizeof(b), &b);
1034 m_adj(m, sizeof(b));
1036 len = (len << 7) | (b >> 1);
1037 len = min(len, RFCOMM_MTU_MAX);
1038 } while (RFCOMM_EA(b) == 0);
1040 if (len != m->m_pkthdr.len) {
1041 DPRINTF("Incorrect MCC length, discarded\n");
1045 DPRINTFN(2, "MCC %s type %2.2x (%d bytes)\n",
1046 (cr ? "command" : "response"), type, len);
1049 * pass to command handler
1052 case RFCOMM_MCC_TEST: /* Test */
1053 rfcomm_session_recv_mcc_test(rs, cr, m);
1056 case RFCOMM_MCC_FCON: /* Flow Control On */
1057 rfcomm_session_recv_mcc_fcon(rs, cr);
1060 case RFCOMM_MCC_FCOFF: /* Flow Control Off */
1061 rfcomm_session_recv_mcc_fcoff(rs, cr);
1064 case RFCOMM_MCC_MSC: /* Modem Status Command */
1065 rfcomm_session_recv_mcc_msc(rs, cr, m);
1068 case RFCOMM_MCC_RPN: /* Remote Port Negotiation */
1069 rfcomm_session_recv_mcc_rpn(rs, cr, m);
1072 case RFCOMM_MCC_RLS: /* Remote Line Status */
1073 rfcomm_session_recv_mcc_rls(rs, cr, m);
1076 case RFCOMM_MCC_PN: /* Parameter Negotiation */
1077 rfcomm_session_recv_mcc_pn(rs, cr, m);
1080 case RFCOMM_MCC_NSC: /* Non Supported Command */
1081 rfcomm_session_recv_mcc_nsc(rs, cr, m);
1085 b = RFCOMM_MKMCC_TYPE(cr, type);
1086 rfcomm_session_send_mcc(rs, 0, RFCOMM_MCC_NSC, &b, sizeof(b));
1094 * process TEST command/response
1097 rfcomm_session_recv_mcc_test(struct rfcomm_session *rs, int cr, struct mbuf *m)
1102 if (cr == 0) /* ignore ack */
1106 * we must send all the data they included back as is
1109 len = m->m_pkthdr.len;
1110 if (len > RFCOMM_MTU_MAX)
1113 data = kmalloc(len, M_BLUETOOTH, M_NOWAIT);
1117 m_copydata(m, 0, len, data);
1118 rfcomm_session_send_mcc(rs, 0, RFCOMM_MCC_TEST, data, len);
1119 kfree(data, M_BLUETOOTH);
1123 * process Flow Control ON command/response
1126 rfcomm_session_recv_mcc_fcon(struct rfcomm_session *rs, int cr)
1129 if (cr == 0) /* ignore ack */
1132 rs->rs_flags |= RFCOMM_SESSION_RFC;
1133 rfcomm_session_send_mcc(rs, 0, RFCOMM_MCC_FCON, NULL, 0);
1137 * process Flow Control OFF command/response
1140 rfcomm_session_recv_mcc_fcoff(struct rfcomm_session *rs, int cr)
1142 if (cr == 0) /* ignore ack */
1145 rs->rs_flags &= ~RFCOMM_SESSION_RFC;
1146 rfcomm_session_send_mcc(rs, 0, RFCOMM_MCC_FCOFF, NULL, 0);
1150 * process Modem Status Command command/response
1153 rfcomm_session_recv_mcc_msc(struct rfcomm_session *rs, int cr, struct mbuf *m)
1155 struct rfcomm_mcc_msc msc; /* (3 octets) */
1156 struct rfcomm_dlc *dlc;
1160 if (m->m_pkthdr.len < sizeof(msc.address))
1163 m_copydata(m, 0, sizeof(msc.address), &msc.address);
1164 m_adj(m, sizeof(msc.address));
1165 len += sizeof(msc.address);
1167 dlc = rfcomm_dlc_lookup(rs, RFCOMM_DLCI(msc.address));
1169 if (cr == 0) { /* ignore acks */
1171 callout_stop(&dlc->rd_timeout);
1177 rfcomm_session_send_frame(rs, RFCOMM_FRAME_DM,
1178 RFCOMM_DLCI(msc.address));
1183 if (m->m_pkthdr.len < sizeof(msc.modem))
1186 m_copydata(m, 0, sizeof(msc.modem), &msc.modem);
1187 m_adj(m, sizeof(msc.modem));
1188 len += sizeof(msc.modem);
1190 dlc->rd_rmodem = msc.modem;
1191 /* XXX how do we signal this upstream? */
1193 if (RFCOMM_EA(msc.modem) == 0) {
1194 if (m->m_pkthdr.len < sizeof(msc.brk))
1197 m_copydata(m, 0, sizeof(msc.brk), &msc.brk);
1198 m_adj(m, sizeof(msc.brk));
1199 len += sizeof(msc.brk);
1201 /* XXX how do we signal this upstream? */
1204 rfcomm_session_send_mcc(rs, 0, RFCOMM_MCC_MSC, &msc, len);
1208 * process Remote Port Negotiation command/response
1211 rfcomm_session_recv_mcc_rpn(struct rfcomm_session *rs, int cr, struct mbuf *m)
1213 struct rfcomm_mcc_rpn rpn;
1216 if (cr == 0) /* ignore ack */
1219 /* default values */
1220 rpn.bit_rate = RFCOMM_RPN_BR_9600;
1221 rpn.line_settings = RFCOMM_RPN_8_N_1;
1222 rpn.flow_control = RFCOMM_RPN_FLOW_NONE;
1223 rpn.xon_char = RFCOMM_RPN_XON_CHAR;
1224 rpn.xoff_char = RFCOMM_RPN_XOFF_CHAR;
1226 if (m->m_pkthdr.len == sizeof(rpn)) {
1227 m_copydata(m, 0, sizeof(rpn), (caddr_t)&rpn);
1228 rpn.param_mask = RFCOMM_RPN_PM_ALL;
1229 } else if (m->m_pkthdr.len == 1) {
1230 m_copydata(m, 0, 1, (caddr_t)&rpn);
1231 rpn.param_mask = letoh16(rpn.param_mask);
1233 DPRINTF("Bad RPN length (%d)\n", m->m_pkthdr.len);
1239 if (rpn.param_mask & RFCOMM_RPN_PM_RATE)
1240 mask |= RFCOMM_RPN_PM_RATE;
1242 if (rpn.param_mask & RFCOMM_RPN_PM_DATA
1243 && RFCOMM_RPN_DATA_BITS(rpn.line_settings) == RFCOMM_RPN_DATA_8)
1244 mask |= RFCOMM_RPN_PM_DATA;
1246 if (rpn.param_mask & RFCOMM_RPN_PM_STOP
1247 && RFCOMM_RPN_STOP_BITS(rpn.line_settings) == RFCOMM_RPN_STOP_1)
1248 mask |= RFCOMM_RPN_PM_STOP;
1250 if (rpn.param_mask & RFCOMM_RPN_PM_PARITY
1251 && RFCOMM_RPN_PARITY(rpn.line_settings) == RFCOMM_RPN_PARITY_NONE)
1252 mask |= RFCOMM_RPN_PM_PARITY;
1254 if (rpn.param_mask & RFCOMM_RPN_PM_XON
1255 && rpn.xon_char == RFCOMM_RPN_XON_CHAR)
1256 mask |= RFCOMM_RPN_PM_XON;
1258 if (rpn.param_mask & RFCOMM_RPN_PM_XOFF
1259 && rpn.xoff_char == RFCOMM_RPN_XOFF_CHAR)
1260 mask |= RFCOMM_RPN_PM_XOFF;
1262 if (rpn.param_mask & RFCOMM_RPN_PM_FLOW
1263 && rpn.flow_control == RFCOMM_RPN_FLOW_NONE)
1264 mask |= RFCOMM_RPN_PM_FLOW;
1266 rpn.param_mask = htole16(mask);
1268 rfcomm_session_send_mcc(rs, 0, RFCOMM_MCC_RPN, &rpn, sizeof(rpn));
1272 * process Remote Line Status command/response
1275 rfcomm_session_recv_mcc_rls(struct rfcomm_session *rs, int cr, struct mbuf *m)
1277 struct rfcomm_mcc_rls rls;
1279 if (cr == 0) /* ignore ack */
1282 if (m->m_pkthdr.len != sizeof(rls)) {
1283 DPRINTF("Bad RLS length %d\n", m->m_pkthdr.len);
1287 m_copydata(m, 0, sizeof(rls), (caddr_t)&rls);
1290 * So far as I can tell, we just send back what
1291 * they sent us. This signifies errors that seem
1292 * irrelevent for RFCOMM over L2CAP.
1294 rls.address |= 0x03; /* EA = 1, CR = 1 */
1295 rls.status &= 0x0f; /* only 4 bits valid */
1297 rfcomm_session_send_mcc(rs, 0, RFCOMM_MCC_RLS, &rls, sizeof(rls));
1301 * process Parameter Negotiation command/response
1304 rfcomm_session_recv_mcc_pn(struct rfcomm_session *rs, int cr, struct mbuf *m)
1306 struct rfcomm_dlc *dlc;
1307 struct rfcomm_mcc_pn pn;
1310 if (m->m_pkthdr.len != sizeof(pn)) {
1311 DPRINTF("Bad PN length %d\n", m->m_pkthdr.len);
1315 m_copydata(m, 0, sizeof(pn), (caddr_t)&pn);
1318 pn.mtu = letoh16(pn.mtu);
1320 dlc = rfcomm_dlc_lookup(rs, pn.dlci);
1321 if (cr) { /* Command */
1323 * If there is no DLC present, this is a new
1324 * connection so attempt to make one
1327 dlc = rfcomm_dlc_newconn(rs, pn.dlci);
1329 return; /* (DM is sent) */
1332 /* accept any valid MTU, and offer it back */
1333 pn.mtu = min(pn.mtu, RFCOMM_MTU_MAX);
1334 pn.mtu = min(pn.mtu, rs->rs_mtu);
1335 pn.mtu = max(pn.mtu, RFCOMM_MTU_MIN);
1336 dlc->rd_mtu = pn.mtu;
1337 pn.mtu = htole16(pn.mtu);
1339 /* credits are only set before DLC is open */
1340 if (dlc->rd_state == RFCOMM_DLC_WAIT_CONNECT
1341 && (pn.flow_control & 0xf0) == 0xf0) {
1342 rs->rs_flags |= RFCOMM_SESSION_CFC;
1343 dlc->rd_txcred = pn.credits & 0x07;
1345 dlc->rd_rxcred = (dlc->rd_rxsize / dlc->rd_mtu);
1346 dlc->rd_rxcred = min(dlc->rd_rxcred,
1347 RFCOMM_CREDITS_DEFAULT);
1349 pn.flow_control = 0xe0;
1350 pn.credits = dlc->rd_rxcred;
1352 pn.flow_control = 0x00;
1356 /* unused fields must be ignored and set to zero */
1360 /* send our response */
1361 err = rfcomm_session_send_mcc(rs, 0,
1362 RFCOMM_MCC_PN, &pn, sizeof(pn));
1366 } else { /* Response */
1367 /* ignore responses with no matching DLC */
1371 callout_stop(&dlc->rd_timeout);
1373 if (pn.mtu > RFCOMM_MTU_MAX || pn.mtu > dlc->rd_mtu) {
1374 dlc->rd_state = RFCOMM_DLC_WAIT_DISCONNECT;
1375 err = rfcomm_session_send_frame(rs, RFCOMM_FRAME_DISC,
1380 callout_reset(&dlc->rd_timeout, rfcomm_ack_timeout * hz,
1381 rfcomm_dlc_timeout, dlc);
1384 dlc->rd_mtu = pn.mtu;
1386 /* if DLC is not waiting to connect, we are done */
1387 if (dlc->rd_state != RFCOMM_DLC_WAIT_CONNECT)
1390 /* set initial credits according to RFCOMM spec */
1391 if ((pn.flow_control & 0xf0) == 0xe0) {
1392 rs->rs_flags |= RFCOMM_SESSION_CFC;
1393 dlc->rd_txcred = (pn.credits & 0x07);
1396 callout_reset(&dlc->rd_timeout, rfcomm_ack_timeout * hz,
1397 rfcomm_dlc_timeout, dlc);
1400 err = rfcomm_dlc_setmode(dlc);
1401 if (err == EINPROGRESS) {
1402 dlc->rd_state = RFCOMM_DLC_WAIT_SEND_SABM;
1403 (*dlc->rd_proto->connecting)(dlc->rd_upper);
1409 /* we can proceed now */
1410 err = rfcomm_session_send_frame(rs, RFCOMM_FRAME_SABM, pn.dlci);
1414 dlc->rd_state = RFCOMM_DLC_WAIT_RECV_UA;
1419 rfcomm_dlc_close(dlc, err);
1423 * process Non Supported Command command/response
1426 rfcomm_session_recv_mcc_nsc(struct rfcomm_session *rs,
1427 int cr, struct mbuf *m)
1429 struct rfcomm_dlc *dlc, *next;
1432 * Since we did nothing that is not mandatory,
1433 * we just abort the whole session..
1436 next = LIST_FIRST(&rs->rs_dlcs);
1437 while ((dlc = next) != NULL) {
1438 next = LIST_NEXT(dlc, rd_next);
1439 rfcomm_dlc_close(dlc, ECONNABORTED);
1442 rfcomm_session_free(rs);
1445 /***********************************************************************
1447 * RFCOMM Session outward frame/uih/mcc building
1451 * SABM/DISC/DM/UA frames are all minimal and mostly identical.
1454 rfcomm_session_send_frame(struct rfcomm_session *rs, int type, int dlci)
1456 struct rfcomm_cmd_hdr *hdr;
1457 struct rfcomm_credit *credit;
1461 credit = zalloc(rfcomm_credit_pool);
1465 m = m_gethdr(MB_DONTWAIT, MT_DATA);
1467 zfree(rfcomm_credit_pool, credit);
1472 * The CR (command/response) bit identifies the frame either as a
1473 * commmand or a response and is used along with the DLCI to form
1474 * the address. Commands contain the non-initiator address, whereas
1475 * responses contain the initiator address, so the CR value is
1476 * also dependent on the session direction.
1478 if (type == RFCOMM_FRAME_UA || type == RFCOMM_FRAME_DM)
1479 cr = IS_INITIATOR(rs) ? 0 : 1;
1481 cr = IS_INITIATOR(rs) ? 1 : 0;
1483 hdr = mtod(m, struct rfcomm_cmd_hdr *);
1484 hdr->address = RFCOMM_MKADDRESS(cr, dlci);
1485 hdr->control = RFCOMM_MKCONTROL(type, 1); /* PF = 1 */
1486 hdr->length = (0x00 << 1) | 0x01; /* len = 0x00, EA = 1 */
1489 fcs = FCS(fcs, hdr->address);
1490 fcs = FCS(fcs, hdr->control);
1491 fcs = FCS(fcs, hdr->length);
1492 fcs = 0xff - fcs; /* ones complement */
1495 m->m_pkthdr.len = m->m_len = sizeof(struct rfcomm_cmd_hdr);
1497 /* empty credit note */
1498 credit->rc_dlc = NULL;
1499 credit->rc_len = m->m_pkthdr.len;
1500 STAILQ_INSERT_TAIL(&rs->rs_credits, credit, rc_next);
1502 DPRINTFN(5, "dlci %d type %2.2x (%d bytes, fcs=%#2.2x)\n",
1503 dlci, type, m->m_pkthdr.len, fcs);
1505 return l2cap_send(rs->rs_l2cap, m);
1509 * rfcomm_session_send_uih(rfcomm_session, rfcomm_dlc, credits, mbuf)
1511 * UIH frame is per DLC data or Multiplexer Control Commands
1512 * when no DLC is given. Data mbuf is optional (just credits
1513 * will be sent in that case)
1516 rfcomm_session_send_uih(struct rfcomm_session *rs, struct rfcomm_dlc *dlc,
1517 int credits, struct mbuf *m)
1519 struct rfcomm_credit *credit;
1520 struct mbuf *m0 = NULL;
1524 KKASSERT(rs != NULL);
1526 len = (m == NULL) ? 0 : m->m_pkthdr.len;
1527 KKASSERT(!(credits == 0 && len == 0));
1530 * Make a credit note for the completion notification
1532 credit = zalloc(rfcomm_credit_pool);
1536 credit->rc_len = len;
1537 credit->rc_dlc = dlc;
1540 * Wrap UIH frame information around payload.
1542 * [ADDRESS] [CONTROL] [LENGTH] [CREDITS] [...] [FCS]
1544 * Address is one octet.
1545 * Control is one octet.
1546 * Length is one or two octets.
1547 * Credits may be one octet.
1549 * FCS is one octet and calculated on address and
1550 * control octets only.
1552 * If there are credits to be sent, we will set the PF
1553 * flag and include them in the frame.
1555 m0 = m_gethdr(MB_DONTWAIT, MT_DATA);
1559 MH_ALIGN(m0, 5); /* (max 5 header octets) */
1560 hdr = mtod(m0, uint8_t *);
1562 /* CR bit is set according to the initiator of the session */
1563 *hdr = RFCOMM_MKADDRESS((IS_INITIATOR(rs) ? 1 : 0),
1564 (dlc ? dlc->rd_dlci : 0));
1565 fcs = FCS(0xff, *hdr);
1568 /* PF bit is set if credits are being sent */
1569 *hdr = RFCOMM_MKCONTROL(RFCOMM_FRAME_UIH, (credits > 0 ? 1 : 0));
1570 fcs = FCS(fcs, *hdr);
1573 if (len < (1 << 7)) {
1574 *hdr++ = ((len << 1) & 0xfe) | 0x01; /* 7 bits, EA = 1 */
1576 *hdr++ = ((len << 1) & 0xfe); /* 7 bits, EA = 0 */
1577 *hdr++ = ((len >> 7) & 0xff); /* 8 bits, no EA */
1581 *hdr++ = (uint8_t)credits;
1583 m0->m_len = hdr - mtod(m0, uint8_t *);
1585 /* Append payload */
1589 m0->m_pkthdr.len = m0->m_len + len;
1592 fcs = 0xff - fcs; /* ones complement */
1593 len = m0->m_pkthdr.len;
1594 m_copyback(m0, len, sizeof(fcs), &fcs);
1595 if (m0->m_pkthdr.len != len + sizeof(fcs))
1598 DPRINTFN(10, "dlci %d, pktlen %d (%d data, %d credits), fcs=%#2.2x\n",
1599 dlc ? dlc->rd_dlci : 0, m0->m_pkthdr.len, credit->rc_len,
1603 * UIH frame ready to go..
1605 err = l2cap_send(rs->rs_l2cap, m0);
1609 STAILQ_INSERT_TAIL(&rs->rs_credits, credit, rc_next);
1623 zfree(rfcomm_credit_pool, credit);
1629 * send Multiplexer Control Command (or Response) on session
1632 rfcomm_session_send_mcc(struct rfcomm_session *rs, int cr,
1633 uint8_t type, void *data, int len)
1639 m = m_gethdr(MB_DONTWAIT, MT_DATA);
1643 hdr = mtod(m, uint8_t *);
1646 * Technically the type field can extend past one octet, but none
1647 * currently defined will do that.
1649 *hdr++ = RFCOMM_MKMCC_TYPE(cr, type);
1652 * In the frame, the max length size is 2 octets (15 bits) whereas
1653 * no max length size is specified for MCC commands. We must allow
1654 * for 3 octets since for MCC frames we use 7 bits + EA in each.
1656 * Only test data can possibly be that big.
1658 * XXX Should we check this against the MTU?
1660 if (len < (1 << 7)) {
1661 *hdr++ = ((len << 1) & 0xfe) | 0x01; /* 7 bits, EA = 1 */
1662 } else if (len < (1 << 14)) {
1663 *hdr++ = ((len << 1) & 0xfe); /* 7 bits, EA = 0 */
1664 *hdr++ = ((len >> 6) & 0xfe) | 0x01; /* 7 bits, EA = 1 */
1665 } else if (len < (1 << 15)) {
1666 *hdr++ = ((len << 1) & 0xfe); /* 7 bits, EA = 0 */
1667 *hdr++ = ((len >> 6) & 0xfe); /* 7 bits, EA = 0 */
1668 *hdr++ = ((len >> 13) & 0x02) | 0x01; /* 1 bit, EA = 1 */
1670 DPRINTF("incredible length! (%d)\n", len);
1676 * add command data (to same mbuf if possible)
1678 hlen = hdr - mtod(m, uint8_t *);
1681 m->m_pkthdr.len = m->m_len = MHLEN;
1682 m_copyback(m, hlen, len, data);
1683 if (m->m_pkthdr.len != max(MHLEN, hlen + len)) {
1689 m->m_pkthdr.len = hlen + len;
1690 m->m_len = min(MHLEN, m->m_pkthdr.len);
1692 DPRINTFN(5, "%s type %2.2x len %d\n",
1693 (cr ? "command" : "response"), type, m->m_pkthdr.len);
1695 return rfcomm_session_send_uih(rs, NULL, 0, m);
projects / dragonfly.git / blob