2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 RPN support - Dirk Husemann <hud@zurich.ibm.com>
29 * Bluetooth RFCOMM core.
31 * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $
34 #include <linux/config.h>
35 #include <linux/module.h>
36 #include <linux/errno.h>
37 #include <linux/kernel.h>
38 #include <linux/sched.h>
39 #include <linux/signal.h>
40 #include <linux/init.h>
41 #include <linux/wait.h>
42 #include <linux/net.h>
43 #include <linux/proc_fs.h>
44 #include <linux/seq_file.h>
46 #include <asm/uaccess.h>
47 #include <asm/unaligned.h>
49 #include <net/bluetooth/bluetooth.h>
50 #include <net/bluetooth/hci_core.h>
51 #include <net/bluetooth/l2cap.h>
52 #include <net/bluetooth/rfcomm.h>
56 #ifndef CONFIG_BT_RFCOMM_DEBUG
62 struct proc_dir_entry *proc_bt_rfcomm;
65 static struct task_struct *rfcomm_thread;
67 static DECLARE_MUTEX(rfcomm_sem);
68 #define rfcomm_lock() down(&rfcomm_sem);
69 #define rfcomm_unlock() up(&rfcomm_sem);
71 static unsigned long rfcomm_event;
73 static LIST_HEAD(session_list);
74 static atomic_t terminate, running;
76 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
77 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
78 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
79 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
80 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
81 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
82 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
83 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
84 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
85 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
87 static void rfcomm_process_connect(struct rfcomm_session *s);
89 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
90 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
91 static void rfcomm_session_del(struct rfcomm_session *s);
93 /* ---- RFCOMM frame parsing macros ---- */
94 #define __get_dlci(b) ((b & 0xfc) >> 2)
95 #define __get_channel(b) ((b & 0xf8) >> 3)
96 #define __get_dir(b) ((b & 0x04) >> 2)
97 #define __get_type(b) ((b & 0xef))
99 #define __test_ea(b) ((b & 0x01))
100 #define __test_cr(b) ((b & 0x02))
101 #define __test_pf(b) ((b & 0x10))
103 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
104 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
105 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
106 #define __srv_channel(dlci) (dlci >> 1)
107 #define __dir(dlci) (dlci & 0x01)
109 #define __len8(len) (((len) << 1) | 1)
110 #define __len16(len) ((len) << 1)
113 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
114 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
115 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
118 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x3) << 3))
119 #define __get_rpn_data_bits(line) ((line) & 0x3)
120 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
121 #define __get_rpn_parity(line) (((line) >> 3) & 0x3)
123 static inline void rfcomm_schedule(uint event)
127 //set_bit(event, &rfcomm_event);
128 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
129 wake_up_process(rfcomm_thread);
132 static inline void rfcomm_session_put(struct rfcomm_session *s)
134 if (atomic_dec_and_test(&s->refcnt))
135 rfcomm_session_del(s);
138 /* ---- RFCOMM FCS computation ---- */
141 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
144 static inline u8 __fcs(u8 *data)
146 return (0xff - __crc(data));
150 static inline u8 __fcs2(u8 *data)
152 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
156 static inline int __check_fcs(u8 *data, int type, u8 fcs)
160 if (type != RFCOMM_UIH)
161 f = rfcomm_crc_table[f ^ data[2]];
163 return rfcomm_crc_table[f ^ fcs] != 0xcf;
166 /* ---- L2CAP callbacks ---- */
167 static void rfcomm_l2state_change(struct sock *sk)
169 BT_DBG("%p state %d", sk, sk->sk_state);
170 rfcomm_schedule(RFCOMM_SCHED_STATE);
173 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
175 BT_DBG("%p bytes %d", sk, bytes);
176 rfcomm_schedule(RFCOMM_SCHED_RX);
179 static int rfcomm_l2sock_create(struct socket **sock)
185 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
187 struct sock *sk = (*sock)->sk;
188 sk->sk_data_ready = rfcomm_l2data_ready;
189 sk->sk_state_change = rfcomm_l2state_change;
194 /* ---- RFCOMM DLCs ---- */
195 static void rfcomm_dlc_timeout(unsigned long arg)
197 struct rfcomm_dlc *d = (void *) arg;
199 BT_DBG("dlc %p state %ld", d, d->state);
201 set_bit(RFCOMM_TIMED_OUT, &d->flags);
203 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
206 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
208 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
210 if (!mod_timer(&d->timer, jiffies + timeout))
214 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
216 BT_DBG("dlc %p state %ld", d, d->state);
218 if (timer_pending(&d->timer) && del_timer(&d->timer))
222 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
229 d->mtu = RFCOMM_DEFAULT_MTU;
230 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
232 d->cfc = RFCOMM_CFC_DISABLED;
233 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
236 struct rfcomm_dlc *rfcomm_dlc_alloc(int prio)
238 struct rfcomm_dlc *d = kmalloc(sizeof(*d), prio);
241 memset(d, 0, sizeof(*d));
243 init_timer(&d->timer);
244 d->timer.function = rfcomm_dlc_timeout;
245 d->timer.data = (unsigned long) d;
247 skb_queue_head_init(&d->tx_queue);
248 spin_lock_init(&d->lock);
249 atomic_set(&d->refcnt, 1);
251 rfcomm_dlc_clear_state(d);
257 void rfcomm_dlc_free(struct rfcomm_dlc *d)
261 skb_queue_purge(&d->tx_queue);
265 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
267 BT_DBG("dlc %p session %p", d, s);
269 rfcomm_session_hold(s);
272 list_add(&d->list, &s->dlcs);
276 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
278 struct rfcomm_session *s = d->session;
280 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
286 rfcomm_session_put(s);
289 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
291 struct rfcomm_dlc *d;
294 list_for_each(p, &s->dlcs) {
295 d = list_entry(p, struct rfcomm_dlc, list);
302 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
304 struct rfcomm_session *s;
308 BT_DBG("dlc %p state %ld %s %s channel %d",
309 d, d->state, batostr(src), batostr(dst), channel);
311 if (channel < 1 || channel > 30)
314 if (d->state != BT_OPEN && d->state != BT_CLOSED)
317 s = rfcomm_session_get(src, dst);
319 s = rfcomm_session_create(src, dst, &err);
324 dlci = __dlci(!s->initiator, channel);
326 /* Check if DLCI already exists */
327 if (rfcomm_dlc_get(s, dlci))
330 rfcomm_dlc_clear_state(d);
333 d->addr = __addr(s->initiator, dlci);
336 d->state = BT_CONFIG;
337 rfcomm_dlc_link(s, d);
340 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
342 if (s->state == BT_CONNECTED)
343 rfcomm_send_pn(s, 1, d);
344 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
348 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
354 r = __rfcomm_dlc_open(d, src, dst, channel);
360 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
362 struct rfcomm_session *s = d->session;
366 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
367 d, d->state, d->dlci, err, s);
373 d->state = BT_DISCONN;
374 if (skb_queue_empty(&d->tx_queue)) {
375 rfcomm_send_disc(s, d->dlci);
376 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
378 rfcomm_queue_disc(d);
379 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
384 rfcomm_dlc_clear_timer(d);
387 d->state = BT_CLOSED;
388 d->state_change(d, err);
389 rfcomm_dlc_unlock(d);
391 skb_queue_purge(&d->tx_queue);
392 rfcomm_dlc_unlink(d);
398 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
404 r = __rfcomm_dlc_close(d, err);
410 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
414 if (d->state != BT_CONNECTED)
417 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
422 rfcomm_make_uih(skb, d->addr);
423 skb_queue_tail(&d->tx_queue, skb);
425 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
426 rfcomm_schedule(RFCOMM_SCHED_TX);
430 void fastcall __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
432 BT_DBG("dlc %p state %ld", d, d->state);
435 d->v24_sig |= RFCOMM_V24_FC;
436 set_bit(RFCOMM_MSC_PENDING, &d->flags);
438 rfcomm_schedule(RFCOMM_SCHED_TX);
441 void fastcall __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
443 BT_DBG("dlc %p state %ld", d, d->state);
446 d->v24_sig &= ~RFCOMM_V24_FC;
447 set_bit(RFCOMM_MSC_PENDING, &d->flags);
449 rfcomm_schedule(RFCOMM_SCHED_TX);
453 Set/get modem status functions use _local_ status i.e. what we report
455 Remote status is provided by dlc->modem_status() callback.
457 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
459 BT_DBG("dlc %p state %ld v24_sig 0x%x",
460 d, d->state, v24_sig);
462 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
463 v24_sig |= RFCOMM_V24_FC;
465 v24_sig &= ~RFCOMM_V24_FC;
467 d->v24_sig = v24_sig;
469 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
470 rfcomm_schedule(RFCOMM_SCHED_TX);
475 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
477 BT_DBG("dlc %p state %ld v24_sig 0x%x",
478 d, d->state, d->v24_sig);
480 *v24_sig = d->v24_sig;
484 /* ---- RFCOMM sessions ---- */
485 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
487 struct rfcomm_session *s = kmalloc(sizeof(*s), GFP_KERNEL);
490 memset(s, 0, sizeof(*s));
492 BT_DBG("session %p sock %p", s, sock);
494 INIT_LIST_HEAD(&s->dlcs);
498 s->mtu = RFCOMM_DEFAULT_MTU;
499 s->cfc = RFCOMM_CFC_UNKNOWN;
501 /* Do not increment module usage count for listening sessions.
502 * Otherwise we won't be able to unload the module. */
503 if (state != BT_LISTEN)
504 if (!try_module_get(THIS_MODULE)) {
509 list_add(&s->list, &session_list);
514 static void rfcomm_session_del(struct rfcomm_session *s)
516 int state = s->state;
518 BT_DBG("session %p state %ld", s, s->state);
522 if (state == BT_CONNECTED)
523 rfcomm_send_disc(s, 0);
525 sock_release(s->sock);
528 if (state != BT_LISTEN)
529 module_put(THIS_MODULE);
532 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
534 struct rfcomm_session *s;
535 struct list_head *p, *n;
537 list_for_each_safe(p, n, &session_list) {
538 s = list_entry(p, struct rfcomm_session, list);
539 sk = bt_sk(s->sock->sk);
541 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
542 !bacmp(&sk->dst, dst))
548 static void rfcomm_session_close(struct rfcomm_session *s, int err)
550 struct rfcomm_dlc *d;
551 struct list_head *p, *n;
553 BT_DBG("session %p state %ld err %d", s, s->state, err);
555 rfcomm_session_hold(s);
557 s->state = BT_CLOSED;
560 list_for_each_safe(p, n, &s->dlcs) {
561 d = list_entry(p, struct rfcomm_dlc, list);
562 d->state = BT_CLOSED;
563 __rfcomm_dlc_close(d, err);
566 rfcomm_session_put(s);
569 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
571 struct rfcomm_session *s = NULL;
572 struct sockaddr_l2 addr;
576 BT_DBG("%s %s", batostr(src), batostr(dst));
578 *err = rfcomm_l2sock_create(&sock);
582 bacpy(&addr.l2_bdaddr, src);
583 addr.l2_family = AF_BLUETOOTH;
585 *err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
589 /* Set L2CAP options */
592 l2cap_pi(sk)->imtu = RFCOMM_MAX_L2CAP_MTU;
595 s = rfcomm_session_add(sock, BT_BOUND);
603 bacpy(&addr.l2_bdaddr, dst);
604 addr.l2_family = AF_BLUETOOTH;
605 addr.l2_psm = htobs(RFCOMM_PSM);
606 *err = sock->ops->connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
607 if (*err == 0 || *err == -EAGAIN)
610 rfcomm_session_del(s);
618 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
620 struct sock *sk = s->sock->sk;
622 bacpy(src, &bt_sk(sk)->src);
624 bacpy(dst, &bt_sk(sk)->dst);
627 /* ---- RFCOMM frame sending ---- */
628 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
630 struct socket *sock = s->sock;
631 struct kvec iv = { data, len };
634 BT_DBG("session %p len %d", s, len);
636 memset(&msg, 0, sizeof(msg));
638 return kernel_sendmsg(sock, &msg, &iv, 1, len);
641 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
643 struct rfcomm_cmd cmd;
645 BT_DBG("%p dlci %d", s, dlci);
647 cmd.addr = __addr(s->initiator, dlci);
648 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
650 cmd.fcs = __fcs2((u8 *) &cmd);
652 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
655 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
657 struct rfcomm_cmd cmd;
659 BT_DBG("%p dlci %d", s, dlci);
661 cmd.addr = __addr(!s->initiator, dlci);
662 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
664 cmd.fcs = __fcs2((u8 *) &cmd);
666 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
669 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
671 struct rfcomm_cmd cmd;
673 BT_DBG("%p dlci %d", s, dlci);
675 cmd.addr = __addr(s->initiator, dlci);
676 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
678 cmd.fcs = __fcs2((u8 *) &cmd);
680 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
683 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
685 struct rfcomm_cmd *cmd;
688 BT_DBG("dlc %p dlci %d", d, d->dlci);
690 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
694 cmd = (void *) __skb_put(skb, sizeof(*cmd));
696 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
697 cmd->len = __len8(0);
698 cmd->fcs = __fcs2((u8 *) cmd);
700 skb_queue_tail(&d->tx_queue, skb);
701 rfcomm_schedule(RFCOMM_SCHED_TX);
705 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
707 struct rfcomm_cmd cmd;
709 BT_DBG("%p dlci %d", s, dlci);
711 cmd.addr = __addr(!s->initiator, dlci);
712 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
714 cmd.fcs = __fcs2((u8 *) &cmd);
716 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
719 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
721 struct rfcomm_hdr *hdr;
722 struct rfcomm_mcc *mcc;
723 u8 buf[16], *ptr = buf;
725 BT_DBG("%p cr %d type %d", s, cr, type);
727 hdr = (void *) ptr; ptr += sizeof(*hdr);
728 hdr->addr = __addr(s->initiator, 0);
729 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
730 hdr->len = __len8(sizeof(*mcc) + 1);
732 mcc = (void *) ptr; ptr += sizeof(*mcc);
733 mcc->type = __mcc_type(cr, RFCOMM_NSC);
734 mcc->len = __len8(1);
736 /* Type that we didn't like */
737 *ptr = __mcc_type(cr, type); ptr++;
739 *ptr = __fcs(buf); ptr++;
741 return rfcomm_send_frame(s, buf, ptr - buf);
744 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
746 struct rfcomm_hdr *hdr;
747 struct rfcomm_mcc *mcc;
748 struct rfcomm_pn *pn;
749 u8 buf[16], *ptr = buf;
751 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
753 hdr = (void *) ptr; ptr += sizeof(*hdr);
754 hdr->addr = __addr(s->initiator, 0);
755 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
756 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
758 mcc = (void *) ptr; ptr += sizeof(*mcc);
759 mcc->type = __mcc_type(cr, RFCOMM_PN);
760 mcc->len = __len8(sizeof(*pn));
762 pn = (void *) ptr; ptr += sizeof(*pn);
764 pn->priority = d->priority;
769 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
770 pn->credits = RFCOMM_DEFAULT_CREDITS;
776 pn->mtu = htobs(d->mtu);
778 *ptr = __fcs(buf); ptr++;
780 return rfcomm_send_frame(s, buf, ptr - buf);
783 static int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
784 u8 bit_rate, u8 data_bits, u8 stop_bits,
785 u8 parity, u8 flow_ctrl_settings,
786 u8 xon_char, u8 xoff_char, u16 param_mask)
788 struct rfcomm_hdr *hdr;
789 struct rfcomm_mcc *mcc;
790 struct rfcomm_rpn *rpn;
791 u8 buf[16], *ptr = buf;
793 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
794 "flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
795 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
796 flow_ctrl_settings, xon_char, xoff_char, param_mask);
798 hdr = (void *) ptr; ptr += sizeof(*hdr);
799 hdr->addr = __addr(s->initiator, 0);
800 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
801 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
803 mcc = (void *) ptr; ptr += sizeof(*mcc);
804 mcc->type = __mcc_type(cr, RFCOMM_RPN);
805 mcc->len = __len8(sizeof(*rpn));
807 rpn = (void *) ptr; ptr += sizeof(*rpn);
808 rpn->dlci = __addr(1, dlci);
809 rpn->bit_rate = bit_rate;
810 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
811 rpn->flow_ctrl = flow_ctrl_settings;
812 rpn->xon_char = xon_char;
813 rpn->xoff_char = xoff_char;
814 rpn->param_mask = param_mask;
816 *ptr = __fcs(buf); ptr++;
818 return rfcomm_send_frame(s, buf, ptr - buf);
821 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
823 struct rfcomm_hdr *hdr;
824 struct rfcomm_mcc *mcc;
825 struct rfcomm_rls *rls;
826 u8 buf[16], *ptr = buf;
828 BT_DBG("%p cr %d status 0x%x", s, cr, status);
830 hdr = (void *) ptr; ptr += sizeof(*hdr);
831 hdr->addr = __addr(s->initiator, 0);
832 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
833 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
835 mcc = (void *) ptr; ptr += sizeof(*mcc);
836 mcc->type = __mcc_type(cr, RFCOMM_RLS);
837 mcc->len = __len8(sizeof(*rls));
839 rls = (void *) ptr; ptr += sizeof(*rls);
840 rls->dlci = __addr(1, dlci);
841 rls->status = status;
843 *ptr = __fcs(buf); ptr++;
845 return rfcomm_send_frame(s, buf, ptr - buf);
848 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
850 struct rfcomm_hdr *hdr;
851 struct rfcomm_mcc *mcc;
852 struct rfcomm_msc *msc;
853 u8 buf[16], *ptr = buf;
855 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
857 hdr = (void *) ptr; ptr += sizeof(*hdr);
858 hdr->addr = __addr(s->initiator, 0);
859 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
860 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
862 mcc = (void *) ptr; ptr += sizeof(*mcc);
863 mcc->type = __mcc_type(cr, RFCOMM_MSC);
864 mcc->len = __len8(sizeof(*msc));
866 msc = (void *) ptr; ptr += sizeof(*msc);
867 msc->dlci = __addr(1, dlci);
868 msc->v24_sig = v24_sig | 0x01;
870 *ptr = __fcs(buf); ptr++;
872 return rfcomm_send_frame(s, buf, ptr - buf);
875 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
877 struct rfcomm_hdr *hdr;
878 struct rfcomm_mcc *mcc;
879 u8 buf[16], *ptr = buf;
881 BT_DBG("%p cr %d", s, cr);
883 hdr = (void *) ptr; ptr += sizeof(*hdr);
884 hdr->addr = __addr(s->initiator, 0);
885 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
886 hdr->len = __len8(sizeof(*mcc));
888 mcc = (void *) ptr; ptr += sizeof(*mcc);
889 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
890 mcc->len = __len8(0);
892 *ptr = __fcs(buf); ptr++;
894 return rfcomm_send_frame(s, buf, ptr - buf);
897 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
899 struct rfcomm_hdr *hdr;
900 struct rfcomm_mcc *mcc;
901 u8 buf[16], *ptr = buf;
903 BT_DBG("%p cr %d", s, cr);
905 hdr = (void *) ptr; ptr += sizeof(*hdr);
906 hdr->addr = __addr(s->initiator, 0);
907 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
908 hdr->len = __len8(sizeof(*mcc));
910 mcc = (void *) ptr; ptr += sizeof(*mcc);
911 mcc->type = __mcc_type(cr, RFCOMM_FCON);
912 mcc->len = __len8(0);
914 *ptr = __fcs(buf); ptr++;
916 return rfcomm_send_frame(s, buf, ptr - buf);
919 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
921 struct socket *sock = s->sock;
924 unsigned char hdr[5], crc[1];
929 BT_DBG("%p cr %d", s, cr);
931 hdr[0] = __addr(s->initiator, 0);
932 hdr[1] = __ctrl(RFCOMM_UIH, 0);
933 hdr[2] = 0x01 | ((len + 2) << 1);
934 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
935 hdr[4] = 0x01 | (len << 1);
939 iv[0].iov_base = hdr;
941 iv[1].iov_base = pattern;
943 iv[2].iov_base = crc;
946 memset(&msg, 0, sizeof(msg));
948 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
951 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
953 struct rfcomm_hdr *hdr;
954 u8 buf[16], *ptr = buf;
956 BT_DBG("%p addr %d credits %d", s, addr, credits);
958 hdr = (void *) ptr; ptr += sizeof(*hdr);
960 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
961 hdr->len = __len8(0);
963 *ptr = credits; ptr++;
965 *ptr = __fcs(buf); ptr++;
967 return rfcomm_send_frame(s, buf, ptr - buf);
970 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
972 struct rfcomm_hdr *hdr;
977 hdr = (void *) skb_push(skb, 4);
978 put_unaligned(htobs(__len16(len)), (u16 *) &hdr->len);
980 hdr = (void *) skb_push(skb, 3);
981 hdr->len = __len8(len);
984 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
986 crc = skb_put(skb, 1);
987 *crc = __fcs((void *) hdr);
990 /* ---- RFCOMM frame reception ---- */
991 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
993 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
997 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
999 rfcomm_send_dm(s, dlci);
1005 rfcomm_dlc_clear_timer(d);
1008 d->state = BT_CONNECTED;
1009 d->state_change(d, 0);
1010 rfcomm_dlc_unlock(d);
1012 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1016 d->state = BT_CLOSED;
1017 __rfcomm_dlc_close(d, 0);
1021 /* Control channel */
1024 s->state = BT_CONNECTED;
1025 rfcomm_process_connect(s);
1032 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1036 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1040 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1042 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1047 d->state = BT_CLOSED;
1048 __rfcomm_dlc_close(d, err);
1051 if (s->state == BT_CONNECT)
1056 s->state = BT_CLOSED;
1057 rfcomm_session_close(s, err);
1062 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1066 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1069 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1071 rfcomm_send_ua(s, dlci);
1073 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1078 d->state = BT_CLOSED;
1079 __rfcomm_dlc_close(d, err);
1081 rfcomm_send_dm(s, dlci);
1084 rfcomm_send_ua(s, 0);
1086 if (s->state == BT_CONNECT)
1091 s->state = BT_CLOSED;
1092 rfcomm_session_close(s, err);
1098 static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
1100 struct sock *sk = d->session->sock->sk;
1102 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
1103 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
1105 } else if (d->link_mode & RFCOMM_LM_AUTH) {
1106 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
1113 static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1115 BT_DBG("dlc %p", d);
1117 rfcomm_send_ua(d->session, d->dlci);
1120 d->state = BT_CONNECTED;
1121 d->state_change(d, 0);
1122 rfcomm_dlc_unlock(d);
1124 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1127 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1129 struct rfcomm_dlc *d;
1132 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1135 rfcomm_send_ua(s, 0);
1137 if (s->state == BT_OPEN) {
1138 s->state = BT_CONNECTED;
1139 rfcomm_process_connect(s);
1144 /* Check if DLC exists */
1145 d = rfcomm_dlc_get(s, dlci);
1147 if (d->state == BT_OPEN) {
1148 /* DLC was previously opened by PN request */
1149 if (rfcomm_check_link_mode(d)) {
1150 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1151 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1155 rfcomm_dlc_accept(d);
1160 /* Notify socket layer about incoming connection */
1161 channel = __srv_channel(dlci);
1162 if (rfcomm_connect_ind(s, channel, &d)) {
1164 d->addr = __addr(s->initiator, dlci);
1165 rfcomm_dlc_link(s, d);
1167 if (rfcomm_check_link_mode(d)) {
1168 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1169 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1173 rfcomm_dlc_accept(d);
1175 rfcomm_send_dm(s, dlci);
1181 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1183 struct rfcomm_session *s = d->session;
1185 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1186 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1188 if (pn->flow_ctrl == 0xf0 || pn->flow_ctrl == 0xe0) {
1189 d->cfc = s->cfc = RFCOMM_CFC_ENABLED;
1190 d->tx_credits = pn->credits;
1192 d->cfc = s->cfc = RFCOMM_CFC_DISABLED;
1193 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1196 d->priority = pn->priority;
1198 d->mtu = s->mtu = btohs(pn->mtu);
1203 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1205 struct rfcomm_pn *pn = (void *) skb->data;
1206 struct rfcomm_dlc *d;
1209 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1214 d = rfcomm_dlc_get(s, dlci);
1218 rfcomm_apply_pn(d, cr, pn);
1219 rfcomm_send_pn(s, 0, d);
1224 rfcomm_apply_pn(d, cr, pn);
1226 d->state = BT_CONNECT;
1227 rfcomm_send_sabm(s, d->dlci);
1232 u8 channel = __srv_channel(dlci);
1237 /* PN request for non existing DLC.
1238 * Assume incoming connection. */
1239 if (rfcomm_connect_ind(s, channel, &d)) {
1241 d->addr = __addr(s->initiator, dlci);
1242 rfcomm_dlc_link(s, d);
1244 rfcomm_apply_pn(d, cr, pn);
1247 rfcomm_send_pn(s, 0, d);
1249 rfcomm_send_dm(s, dlci);
1255 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1257 struct rfcomm_rpn *rpn = (void *) skb->data;
1258 u8 dlci = __get_dlci(rpn->dlci);
1267 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1269 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1270 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1271 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1277 /* request: return default setting */
1278 bit_rate = RFCOMM_RPN_BR_115200;
1279 data_bits = RFCOMM_RPN_DATA_8;
1280 stop_bits = RFCOMM_RPN_STOP_1;
1281 parity = RFCOMM_RPN_PARITY_NONE;
1282 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1283 xon_char = RFCOMM_RPN_XON_CHAR;
1284 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1288 /* check for sane values: ignore/accept bit_rate, 8 bits, 1 stop bit, no parity,
1289 no flow control lines, normal XON/XOFF chars */
1290 if (rpn->param_mask & RFCOMM_RPN_PM_BITRATE) {
1291 bit_rate = rpn->bit_rate;
1292 if (bit_rate != RFCOMM_RPN_BR_115200) {
1293 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1294 bit_rate = RFCOMM_RPN_BR_115200;
1295 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1298 if (rpn->param_mask & RFCOMM_RPN_PM_DATA) {
1299 data_bits = __get_rpn_data_bits(rpn->line_settings);
1300 if (data_bits != RFCOMM_RPN_DATA_8) {
1301 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1302 data_bits = RFCOMM_RPN_DATA_8;
1303 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1306 if (rpn->param_mask & RFCOMM_RPN_PM_STOP) {
1307 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1308 if (stop_bits != RFCOMM_RPN_STOP_1) {
1309 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1310 stop_bits = RFCOMM_RPN_STOP_1;
1311 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1314 if (rpn->param_mask & RFCOMM_RPN_PM_PARITY) {
1315 parity = __get_rpn_parity(rpn->line_settings);
1316 if (parity != RFCOMM_RPN_PARITY_NONE) {
1317 BT_DBG("RPN parity mismatch 0x%x", parity);
1318 parity = RFCOMM_RPN_PARITY_NONE;
1319 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1322 if (rpn->param_mask & RFCOMM_RPN_PM_FLOW) {
1323 flow_ctrl = rpn->flow_ctrl;
1324 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1325 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1326 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1327 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1330 if (rpn->param_mask & RFCOMM_RPN_PM_XON) {
1331 xon_char = rpn->xon_char;
1332 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1333 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1334 xon_char = RFCOMM_RPN_XON_CHAR;
1335 rpn_mask ^= RFCOMM_RPN_PM_XON;
1338 if (rpn->param_mask & RFCOMM_RPN_PM_XOFF) {
1339 xoff_char = rpn->xoff_char;
1340 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1341 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1342 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1343 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1348 rfcomm_send_rpn(s, 0, dlci,
1349 bit_rate, data_bits, stop_bits, parity, flow_ctrl,
1350 xon_char, xoff_char, rpn_mask);
1355 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1357 struct rfcomm_rls *rls = (void *) skb->data;
1358 u8 dlci = __get_dlci(rls->dlci);
1360 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1365 /* FIXME: We should probably do something with this
1366 information here. But for now it's sufficient just
1367 to reply -- Bluetooth 1.1 says it's mandatory to
1368 recognise and respond to RLS */
1370 rfcomm_send_rls(s, 0, dlci, rls->status);
1375 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1377 struct rfcomm_msc *msc = (void *) skb->data;
1378 struct rfcomm_dlc *d;
1379 u8 dlci = __get_dlci(msc->dlci);
1381 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1383 d = rfcomm_dlc_get(s, dlci);
1388 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1389 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1391 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1394 if (d->modem_status)
1395 d->modem_status(d, msc->v24_sig);
1396 rfcomm_dlc_unlock(d);
1398 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1400 d->mscex |= RFCOMM_MSCEX_RX;
1402 d->mscex |= RFCOMM_MSCEX_TX;
1407 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1409 struct rfcomm_mcc *mcc = (void *) skb->data;
1412 cr = __test_cr(mcc->type);
1413 type = __get_mcc_type(mcc->type);
1414 len = __get_mcc_len(mcc->len);
1416 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1422 rfcomm_recv_pn(s, cr, skb);
1426 rfcomm_recv_rpn(s, cr, len, skb);
1430 rfcomm_recv_rls(s, cr, skb);
1434 rfcomm_recv_msc(s, cr, skb);
1439 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1440 rfcomm_send_fcoff(s, 0);
1446 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1447 rfcomm_send_fcon(s, 0);
1453 rfcomm_send_test(s, 0, skb->data, skb->len);
1460 BT_ERR("Unknown control type 0x%02x", type);
1461 rfcomm_send_nsc(s, cr, type);
1467 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1469 struct rfcomm_dlc *d;
1471 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1473 d = rfcomm_dlc_get(s, dlci);
1475 rfcomm_send_dm(s, dlci);
1480 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1482 d->tx_credits += credits;
1484 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1487 if (skb->len && d->state == BT_CONNECTED) {
1490 d->data_ready(d, skb);
1491 rfcomm_dlc_unlock(d);
1500 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1502 struct rfcomm_hdr *hdr = (void *) skb->data;
1505 dlci = __get_dlci(hdr->addr);
1506 type = __get_type(hdr->ctrl);
1509 skb->len--; skb->tail--;
1510 fcs = *(u8 *) skb->tail;
1512 if (__check_fcs(skb->data, type, fcs)) {
1513 BT_ERR("bad checksum in packet");
1518 if (__test_ea(hdr->len))
1525 if (__test_pf(hdr->ctrl))
1526 rfcomm_recv_sabm(s, dlci);
1530 if (__test_pf(hdr->ctrl))
1531 rfcomm_recv_disc(s, dlci);
1535 if (__test_pf(hdr->ctrl))
1536 rfcomm_recv_ua(s, dlci);
1540 rfcomm_recv_dm(s, dlci);
1545 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1547 rfcomm_recv_mcc(s, skb);
1551 BT_ERR("Unknown packet type 0x%02x\n", type);
1558 /* ---- Connection and data processing ---- */
1560 static void rfcomm_process_connect(struct rfcomm_session *s)
1562 struct rfcomm_dlc *d;
1563 struct list_head *p, *n;
1565 BT_DBG("session %p state %ld", s, s->state);
1567 list_for_each_safe(p, n, &s->dlcs) {
1568 d = list_entry(p, struct rfcomm_dlc, list);
1569 if (d->state == BT_CONFIG) {
1571 rfcomm_send_pn(s, 1, d);
1576 /* Send data queued for the DLC.
1577 * Return number of frames left in the queue.
1579 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1581 struct sk_buff *skb;
1584 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1585 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1587 /* Send pending MSC */
1588 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1589 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1593 * Give them some credits */
1594 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1595 d->rx_credits <= (d->cfc >> 2)) {
1596 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1597 d->rx_credits = d->cfc;
1601 * Give ourselves some credits */
1605 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1606 return skb_queue_len(&d->tx_queue);
1608 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1609 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1611 skb_queue_head(&d->tx_queue, skb);
1618 if (d->cfc && !d->tx_credits) {
1619 /* We're out of TX credits.
1620 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1621 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1624 return skb_queue_len(&d->tx_queue);
1627 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1629 struct rfcomm_dlc *d;
1630 struct list_head *p, *n;
1632 BT_DBG("session %p state %ld", s, s->state);
1634 list_for_each_safe(p, n, &s->dlcs) {
1635 d = list_entry(p, struct rfcomm_dlc, list);
1637 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1638 __rfcomm_dlc_close(d, ETIMEDOUT);
1642 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1643 rfcomm_dlc_clear_timer(d);
1644 rfcomm_dlc_accept(d);
1645 if (d->link_mode & RFCOMM_LM_SECURE) {
1646 struct sock *sk = s->sock->sk;
1647 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
1650 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1651 rfcomm_dlc_clear_timer(d);
1652 rfcomm_send_dm(s, d->dlci);
1653 __rfcomm_dlc_close(d, ECONNREFUSED);
1657 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1660 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1661 d->mscex == RFCOMM_MSCEX_OK)
1662 rfcomm_process_tx(d);
1666 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1668 struct socket *sock = s->sock;
1669 struct sock *sk = sock->sk;
1670 struct sk_buff *skb;
1672 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1674 /* Get data directly from socket receive queue without copying it. */
1675 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1677 rfcomm_recv_frame(s, skb);
1680 if (sk->sk_state == BT_CLOSED) {
1682 rfcomm_session_put(s);
1684 rfcomm_session_close(s, sk->sk_err);
1688 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1690 struct socket *sock = s->sock, *nsock;
1693 /* Fast check for a new connection.
1694 * Avoids unnesesary socket allocations. */
1695 if (list_empty(&bt_sk(sock->sk)->accept_q))
1698 BT_DBG("session %p", s);
1700 if (sock_create_lite(PF_BLUETOOTH, sock->type, BTPROTO_L2CAP, &nsock))
1703 nsock->ops = sock->ops;
1705 __module_get(nsock->ops->owner);
1707 err = sock->ops->accept(sock, nsock, O_NONBLOCK);
1709 sock_release(nsock);
1713 /* Set our callbacks */
1714 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1715 nsock->sk->sk_state_change = rfcomm_l2state_change;
1717 s = rfcomm_session_add(nsock, BT_OPEN);
1719 rfcomm_session_hold(s);
1720 rfcomm_schedule(RFCOMM_SCHED_RX);
1722 sock_release(nsock);
1725 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1727 struct sock *sk = s->sock->sk;
1729 BT_DBG("%p state %ld", s, s->state);
1731 switch(sk->sk_state) {
1733 s->state = BT_CONNECT;
1735 /* We can adjust MTU on outgoing sessions.
1736 * L2CAP MTU minus UIH header and FCS. */
1737 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1739 rfcomm_send_sabm(s, 0);
1743 s->state = BT_CLOSED;
1744 rfcomm_session_close(s, sk->sk_err);
1749 static inline void rfcomm_process_sessions(void)
1751 struct list_head *p, *n;
1755 list_for_each_safe(p, n, &session_list) {
1756 struct rfcomm_session *s;
1757 s = list_entry(p, struct rfcomm_session, list);
1759 if (s->state == BT_LISTEN) {
1760 rfcomm_accept_connection(s);
1764 rfcomm_session_hold(s);
1768 rfcomm_check_connection(s);
1772 rfcomm_process_rx(s);
1776 rfcomm_process_dlcs(s);
1778 rfcomm_session_put(s);
1784 static void rfcomm_worker(void)
1788 while (!atomic_read(&terminate)) {
1789 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1790 /* No pending events. Let's sleep.
1791 * Incoming connections and data will wake us up. */
1792 set_current_state(TASK_INTERRUPTIBLE);
1797 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1798 rfcomm_process_sessions();
1800 set_current_state(TASK_RUNNING);
1804 static int rfcomm_add_listener(bdaddr_t *ba)
1806 struct sockaddr_l2 addr;
1807 struct socket *sock;
1809 struct rfcomm_session *s;
1813 err = rfcomm_l2sock_create(&sock);
1815 BT_ERR("Create socket failed %d", err);
1820 bacpy(&addr.l2_bdaddr, ba);
1821 addr.l2_family = AF_BLUETOOTH;
1822 addr.l2_psm = htobs(RFCOMM_PSM);
1823 err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1825 BT_ERR("Bind failed %d", err);
1829 /* Set L2CAP options */
1832 l2cap_pi(sk)->imtu = RFCOMM_MAX_L2CAP_MTU;
1835 /* Start listening on the socket */
1836 err = sock->ops->listen(sock, 10);
1838 BT_ERR("Listen failed %d", err);
1842 /* Add listening session */
1843 s = rfcomm_session_add(sock, BT_LISTEN);
1847 rfcomm_session_hold(s);
1854 static void rfcomm_kill_listener(void)
1856 struct rfcomm_session *s;
1857 struct list_head *p, *n;
1861 list_for_each_safe(p, n, &session_list) {
1862 s = list_entry(p, struct rfcomm_session, list);
1863 rfcomm_session_del(s);
1867 static int rfcomm_run(void *unused)
1869 rfcomm_thread = current;
1871 atomic_inc(&running);
1873 daemonize("krfcommd");
1874 set_user_nice(current, -10);
1875 current->flags |= PF_NOFREEZE;
1879 rfcomm_add_listener(BDADDR_ANY);
1883 rfcomm_kill_listener();
1885 atomic_dec(&running);
1889 static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
1891 struct rfcomm_session *s;
1892 struct rfcomm_dlc *d;
1893 struct list_head *p, *n;
1895 BT_DBG("conn %p status 0x%02x", conn, status);
1897 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1901 rfcomm_session_hold(s);
1903 list_for_each_safe(p, n, &s->dlcs) {
1904 d = list_entry(p, struct rfcomm_dlc, list);
1906 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE))
1909 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1913 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1915 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1918 rfcomm_session_put(s);
1920 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1923 static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1925 struct rfcomm_session *s;
1926 struct rfcomm_dlc *d;
1927 struct list_head *p, *n;
1929 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
1931 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1935 rfcomm_session_hold(s);
1937 list_for_each_safe(p, n, &s->dlcs) {
1938 d = list_entry(p, struct rfcomm_dlc, list);
1940 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1943 if (!status && encrypt)
1944 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1946 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1949 rfcomm_session_put(s);
1951 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1954 static struct hci_cb rfcomm_cb = {
1956 .auth_cfm = rfcomm_auth_cfm,
1957 .encrypt_cfm = rfcomm_encrypt_cfm
1960 /* ---- Proc fs support ---- */
1961 #ifdef CONFIG_PROC_FS
1962 static void *rfcomm_seq_start(struct seq_file *seq, loff_t *pos)
1964 struct rfcomm_session *s;
1965 struct list_head *pp, *p;
1970 list_for_each(p, &session_list) {
1971 s = list_entry(p, struct rfcomm_session, list);
1972 list_for_each(pp, &s->dlcs)
1981 static void *rfcomm_seq_next(struct seq_file *seq, void *e, loff_t *pos)
1983 struct rfcomm_session *s = seq->private;
1984 struct list_head *pp, *p = e;
1987 if (p->next != &s->dlcs)
1990 list_for_each(p, &session_list) {
1991 s = list_entry(p, struct rfcomm_session, list);
1992 __list_for_each(pp, &s->dlcs) {
2000 static void rfcomm_seq_stop(struct seq_file *seq, void *e)
2005 static int rfcomm_seq_show(struct seq_file *seq, void *e)
2007 struct rfcomm_session *s = seq->private;
2008 struct sock *sk = s->sock->sk;
2009 struct rfcomm_dlc *d = list_entry(e, struct rfcomm_dlc, list);
2011 seq_printf(seq, "%s %s %ld %d %d %d %d\n",
2012 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2013 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
2017 static struct seq_operations rfcomm_seq_ops = {
2018 .start = rfcomm_seq_start,
2019 .next = rfcomm_seq_next,
2020 .stop = rfcomm_seq_stop,
2021 .show = rfcomm_seq_show
2024 static int rfcomm_seq_open(struct inode *inode, struct file *file)
2026 return seq_open(file, &rfcomm_seq_ops);
2029 static struct file_operations rfcomm_seq_fops = {
2030 .owner = THIS_MODULE,
2031 .open = rfcomm_seq_open,
2033 .llseek = seq_lseek,
2034 .release = seq_release,
2037 static int __init rfcomm_proc_init(void)
2039 struct proc_dir_entry *p;
2041 proc_bt_rfcomm = proc_mkdir("rfcomm", proc_bt);
2042 if (proc_bt_rfcomm) {
2043 proc_bt_rfcomm->owner = THIS_MODULE;
2045 p = create_proc_entry("dlc", S_IRUGO, proc_bt_rfcomm);
2047 p->proc_fops = &rfcomm_seq_fops;
2052 static void __exit rfcomm_proc_cleanup(void)
2054 remove_proc_entry("dlc", proc_bt_rfcomm);
2056 remove_proc_entry("rfcomm", proc_bt);
2059 #else /* CONFIG_PROC_FS */
2061 static int __init rfcomm_proc_init(void)
2066 static void __exit rfcomm_proc_cleanup(void)
2070 #endif /* CONFIG_PROC_FS */
2072 /* ---- Initialization ---- */
2073 static int __init rfcomm_init(void)
2077 hci_register_cb(&rfcomm_cb);
2079 kernel_thread(rfcomm_run, NULL, CLONE_KERNEL);
2081 BT_INFO("RFCOMM ver %s", VERSION);
2085 rfcomm_init_sockets();
2087 #ifdef CONFIG_BT_RFCOMM_TTY
2094 static void __exit rfcomm_exit(void)
2096 hci_unregister_cb(&rfcomm_cb);
2098 /* Terminate working thread.
2099 * ie. Set terminate flag and wake it up */
2100 atomic_inc(&terminate);
2101 rfcomm_schedule(RFCOMM_SCHED_STATE);
2103 /* Wait until thread is running */
2104 while (atomic_read(&running))
2107 #ifdef CONFIG_BT_RFCOMM_TTY
2108 rfcomm_cleanup_ttys();
2111 rfcomm_cleanup_sockets();
2113 rfcomm_proc_cleanup();
2116 module_init(rfcomm_init);
2117 module_exit(rfcomm_exit);
2119 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
2120 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2121 MODULE_VERSION(VERSION);
2122 MODULE_LICENSE("GPL");
2123 MODULE_ALIAS("bt-proto-3");