2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
27 * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $
30 #include <linux/config.h>
31 #include <linux/module.h>
32 #include <linux/errno.h>
33 #include <linux/kernel.h>
34 #include <linux/sched.h>
35 #include <linux/signal.h>
36 #include <linux/init.h>
37 #include <linux/wait.h>
38 #include <linux/net.h>
39 #include <linux/proc_fs.h>
40 #include <linux/seq_file.h>
42 #include <asm/uaccess.h>
43 #include <asm/unaligned.h>
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
47 #include <net/bluetooth/l2cap.h>
48 #include <net/bluetooth/rfcomm.h>
52 #ifndef CONFIG_BT_RFCOMM_DEBUG
58 struct proc_dir_entry *proc_bt_rfcomm;
61 static struct task_struct *rfcomm_thread;
63 static DECLARE_MUTEX(rfcomm_sem);
64 #define rfcomm_lock() down(&rfcomm_sem);
65 #define rfcomm_unlock() up(&rfcomm_sem);
67 static unsigned long rfcomm_event;
69 static LIST_HEAD(session_list);
70 static atomic_t terminate, running;
72 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
73 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
74 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
75 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
76 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
77 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
78 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
79 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
80 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
81 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
83 static void rfcomm_process_connect(struct rfcomm_session *s);
85 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
86 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
87 static void rfcomm_session_del(struct rfcomm_session *s);
89 /* ---- RFCOMM frame parsing macros ---- */
90 #define __get_dlci(b) ((b & 0xfc) >> 2)
91 #define __get_channel(b) ((b & 0xf8) >> 3)
92 #define __get_dir(b) ((b & 0x04) >> 2)
93 #define __get_type(b) ((b & 0xef))
95 #define __test_ea(b) ((b & 0x01))
96 #define __test_cr(b) ((b & 0x02))
97 #define __test_pf(b) ((b & 0x10))
99 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
100 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
101 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
102 #define __srv_channel(dlci) (dlci >> 1)
103 #define __dir(dlci) (dlci & 0x01)
105 #define __len8(len) (((len) << 1) | 1)
106 #define __len16(len) ((len) << 1)
109 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
110 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
111 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
114 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
115 #define __get_rpn_data_bits(line) ((line) & 0x3)
116 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
117 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
119 static inline void rfcomm_schedule(uint event)
123 //set_bit(event, &rfcomm_event);
124 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
125 wake_up_process(rfcomm_thread);
128 static inline void rfcomm_session_put(struct rfcomm_session *s)
130 if (atomic_dec_and_test(&s->refcnt))
131 rfcomm_session_del(s);
134 /* ---- RFCOMM FCS computation ---- */
137 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
140 static inline u8 __fcs(u8 *data)
142 return (0xff - __crc(data));
146 static inline u8 __fcs2(u8 *data)
148 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
152 static inline int __check_fcs(u8 *data, int type, u8 fcs)
156 if (type != RFCOMM_UIH)
157 f = rfcomm_crc_table[f ^ data[2]];
159 return rfcomm_crc_table[f ^ fcs] != 0xcf;
162 /* ---- L2CAP callbacks ---- */
163 static void rfcomm_l2state_change(struct sock *sk)
165 BT_DBG("%p state %d", sk, sk->sk_state);
166 rfcomm_schedule(RFCOMM_SCHED_STATE);
169 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
171 BT_DBG("%p bytes %d", sk, bytes);
172 rfcomm_schedule(RFCOMM_SCHED_RX);
175 static int rfcomm_l2sock_create(struct socket **sock)
181 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
183 struct sock *sk = (*sock)->sk;
184 sk->sk_data_ready = rfcomm_l2data_ready;
185 sk->sk_state_change = rfcomm_l2state_change;
190 /* ---- RFCOMM DLCs ---- */
191 static void rfcomm_dlc_timeout(unsigned long arg)
193 struct rfcomm_dlc *d = (void *) arg;
195 BT_DBG("dlc %p state %ld", d, d->state);
197 set_bit(RFCOMM_TIMED_OUT, &d->flags);
199 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
202 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
204 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
206 if (!mod_timer(&d->timer, jiffies + timeout))
210 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
212 BT_DBG("dlc %p state %ld", d, d->state);
214 if (timer_pending(&d->timer) && del_timer(&d->timer))
218 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
225 d->mtu = RFCOMM_DEFAULT_MTU;
226 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
228 d->cfc = RFCOMM_CFC_DISABLED;
229 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
232 struct rfcomm_dlc *rfcomm_dlc_alloc(unsigned int __nocast prio)
234 struct rfcomm_dlc *d = kmalloc(sizeof(*d), prio);
237 memset(d, 0, sizeof(*d));
239 init_timer(&d->timer);
240 d->timer.function = rfcomm_dlc_timeout;
241 d->timer.data = (unsigned long) d;
243 skb_queue_head_init(&d->tx_queue);
244 spin_lock_init(&d->lock);
245 atomic_set(&d->refcnt, 1);
247 rfcomm_dlc_clear_state(d);
253 void rfcomm_dlc_free(struct rfcomm_dlc *d)
257 skb_queue_purge(&d->tx_queue);
261 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
263 BT_DBG("dlc %p session %p", d, s);
265 rfcomm_session_hold(s);
268 list_add(&d->list, &s->dlcs);
272 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
274 struct rfcomm_session *s = d->session;
276 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
282 rfcomm_session_put(s);
285 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
287 struct rfcomm_dlc *d;
290 list_for_each(p, &s->dlcs) {
291 d = list_entry(p, struct rfcomm_dlc, list);
298 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
300 struct rfcomm_session *s;
304 BT_DBG("dlc %p state %ld %s %s channel %d",
305 d, d->state, batostr(src), batostr(dst), channel);
307 if (channel < 1 || channel > 30)
310 if (d->state != BT_OPEN && d->state != BT_CLOSED)
313 s = rfcomm_session_get(src, dst);
315 s = rfcomm_session_create(src, dst, &err);
320 dlci = __dlci(!s->initiator, channel);
322 /* Check if DLCI already exists */
323 if (rfcomm_dlc_get(s, dlci))
326 rfcomm_dlc_clear_state(d);
329 d->addr = __addr(s->initiator, dlci);
332 d->state = BT_CONFIG;
333 rfcomm_dlc_link(s, d);
336 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
338 if (s->state == BT_CONNECTED)
339 rfcomm_send_pn(s, 1, d);
340 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
344 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
350 r = __rfcomm_dlc_open(d, src, dst, channel);
356 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
358 struct rfcomm_session *s = d->session;
362 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
363 d, d->state, d->dlci, err, s);
369 d->state = BT_DISCONN;
370 if (skb_queue_empty(&d->tx_queue)) {
371 rfcomm_send_disc(s, d->dlci);
372 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
374 rfcomm_queue_disc(d);
375 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
380 rfcomm_dlc_clear_timer(d);
383 d->state = BT_CLOSED;
384 d->state_change(d, err);
385 rfcomm_dlc_unlock(d);
387 skb_queue_purge(&d->tx_queue);
388 rfcomm_dlc_unlink(d);
394 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
400 r = __rfcomm_dlc_close(d, err);
406 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
410 if (d->state != BT_CONNECTED)
413 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
418 rfcomm_make_uih(skb, d->addr);
419 skb_queue_tail(&d->tx_queue, skb);
421 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
422 rfcomm_schedule(RFCOMM_SCHED_TX);
426 void fastcall __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
428 BT_DBG("dlc %p state %ld", d, d->state);
431 d->v24_sig |= RFCOMM_V24_FC;
432 set_bit(RFCOMM_MSC_PENDING, &d->flags);
434 rfcomm_schedule(RFCOMM_SCHED_TX);
437 void fastcall __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
439 BT_DBG("dlc %p state %ld", d, d->state);
442 d->v24_sig &= ~RFCOMM_V24_FC;
443 set_bit(RFCOMM_MSC_PENDING, &d->flags);
445 rfcomm_schedule(RFCOMM_SCHED_TX);
449 Set/get modem status functions use _local_ status i.e. what we report
451 Remote status is provided by dlc->modem_status() callback.
453 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
455 BT_DBG("dlc %p state %ld v24_sig 0x%x",
456 d, d->state, v24_sig);
458 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
459 v24_sig |= RFCOMM_V24_FC;
461 v24_sig &= ~RFCOMM_V24_FC;
463 d->v24_sig = v24_sig;
465 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
466 rfcomm_schedule(RFCOMM_SCHED_TX);
471 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
473 BT_DBG("dlc %p state %ld v24_sig 0x%x",
474 d, d->state, d->v24_sig);
476 *v24_sig = d->v24_sig;
480 /* ---- RFCOMM sessions ---- */
481 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
483 struct rfcomm_session *s = kmalloc(sizeof(*s), GFP_KERNEL);
486 memset(s, 0, sizeof(*s));
488 BT_DBG("session %p sock %p", s, sock);
490 INIT_LIST_HEAD(&s->dlcs);
494 s->mtu = RFCOMM_DEFAULT_MTU;
495 s->cfc = RFCOMM_CFC_UNKNOWN;
497 /* Do not increment module usage count for listening sessions.
498 * Otherwise we won't be able to unload the module. */
499 if (state != BT_LISTEN)
500 if (!try_module_get(THIS_MODULE)) {
505 list_add(&s->list, &session_list);
510 static void rfcomm_session_del(struct rfcomm_session *s)
512 int state = s->state;
514 BT_DBG("session %p state %ld", s, s->state);
518 if (state == BT_CONNECTED)
519 rfcomm_send_disc(s, 0);
521 sock_release(s->sock);
524 if (state != BT_LISTEN)
525 module_put(THIS_MODULE);
528 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
530 struct rfcomm_session *s;
531 struct list_head *p, *n;
533 list_for_each_safe(p, n, &session_list) {
534 s = list_entry(p, struct rfcomm_session, list);
535 sk = bt_sk(s->sock->sk);
537 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
538 !bacmp(&sk->dst, dst))
544 static void rfcomm_session_close(struct rfcomm_session *s, int err)
546 struct rfcomm_dlc *d;
547 struct list_head *p, *n;
549 BT_DBG("session %p state %ld err %d", s, s->state, err);
551 rfcomm_session_hold(s);
553 s->state = BT_CLOSED;
556 list_for_each_safe(p, n, &s->dlcs) {
557 d = list_entry(p, struct rfcomm_dlc, list);
558 d->state = BT_CLOSED;
559 __rfcomm_dlc_close(d, err);
562 rfcomm_session_put(s);
565 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
567 struct rfcomm_session *s = NULL;
568 struct sockaddr_l2 addr;
572 BT_DBG("%s %s", batostr(src), batostr(dst));
574 *err = rfcomm_l2sock_create(&sock);
578 bacpy(&addr.l2_bdaddr, src);
579 addr.l2_family = AF_BLUETOOTH;
581 *err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
585 /* Set L2CAP options */
588 l2cap_pi(sk)->imtu = RFCOMM_MAX_L2CAP_MTU;
591 s = rfcomm_session_add(sock, BT_BOUND);
599 bacpy(&addr.l2_bdaddr, dst);
600 addr.l2_family = AF_BLUETOOTH;
601 addr.l2_psm = htobs(RFCOMM_PSM);
602 *err = sock->ops->connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
603 if (*err == 0 || *err == -EAGAIN)
606 rfcomm_session_del(s);
614 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
616 struct sock *sk = s->sock->sk;
618 bacpy(src, &bt_sk(sk)->src);
620 bacpy(dst, &bt_sk(sk)->dst);
623 /* ---- RFCOMM frame sending ---- */
624 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
626 struct socket *sock = s->sock;
627 struct kvec iv = { data, len };
630 BT_DBG("session %p len %d", s, len);
632 memset(&msg, 0, sizeof(msg));
634 return kernel_sendmsg(sock, &msg, &iv, 1, len);
637 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
639 struct rfcomm_cmd cmd;
641 BT_DBG("%p dlci %d", s, dlci);
643 cmd.addr = __addr(s->initiator, dlci);
644 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
646 cmd.fcs = __fcs2((u8 *) &cmd);
648 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
651 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
653 struct rfcomm_cmd cmd;
655 BT_DBG("%p dlci %d", s, dlci);
657 cmd.addr = __addr(!s->initiator, dlci);
658 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
660 cmd.fcs = __fcs2((u8 *) &cmd);
662 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
665 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
667 struct rfcomm_cmd cmd;
669 BT_DBG("%p dlci %d", s, dlci);
671 cmd.addr = __addr(s->initiator, dlci);
672 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
674 cmd.fcs = __fcs2((u8 *) &cmd);
676 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
679 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
681 struct rfcomm_cmd *cmd;
684 BT_DBG("dlc %p dlci %d", d, d->dlci);
686 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
690 cmd = (void *) __skb_put(skb, sizeof(*cmd));
692 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
693 cmd->len = __len8(0);
694 cmd->fcs = __fcs2((u8 *) cmd);
696 skb_queue_tail(&d->tx_queue, skb);
697 rfcomm_schedule(RFCOMM_SCHED_TX);
701 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
703 struct rfcomm_cmd cmd;
705 BT_DBG("%p dlci %d", s, dlci);
707 cmd.addr = __addr(!s->initiator, dlci);
708 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
710 cmd.fcs = __fcs2((u8 *) &cmd);
712 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
715 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
717 struct rfcomm_hdr *hdr;
718 struct rfcomm_mcc *mcc;
719 u8 buf[16], *ptr = buf;
721 BT_DBG("%p cr %d type %d", s, cr, type);
723 hdr = (void *) ptr; ptr += sizeof(*hdr);
724 hdr->addr = __addr(s->initiator, 0);
725 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
726 hdr->len = __len8(sizeof(*mcc) + 1);
728 mcc = (void *) ptr; ptr += sizeof(*mcc);
729 mcc->type = __mcc_type(cr, RFCOMM_NSC);
730 mcc->len = __len8(1);
732 /* Type that we didn't like */
733 *ptr = __mcc_type(cr, type); ptr++;
735 *ptr = __fcs(buf); ptr++;
737 return rfcomm_send_frame(s, buf, ptr - buf);
740 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
742 struct rfcomm_hdr *hdr;
743 struct rfcomm_mcc *mcc;
744 struct rfcomm_pn *pn;
745 u8 buf[16], *ptr = buf;
747 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
749 hdr = (void *) ptr; ptr += sizeof(*hdr);
750 hdr->addr = __addr(s->initiator, 0);
751 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
752 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
754 mcc = (void *) ptr; ptr += sizeof(*mcc);
755 mcc->type = __mcc_type(cr, RFCOMM_PN);
756 mcc->len = __len8(sizeof(*pn));
758 pn = (void *) ptr; ptr += sizeof(*pn);
760 pn->priority = d->priority;
765 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
766 pn->credits = RFCOMM_DEFAULT_CREDITS;
772 pn->mtu = htobs(d->mtu);
774 *ptr = __fcs(buf); ptr++;
776 return rfcomm_send_frame(s, buf, ptr - buf);
779 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
780 u8 bit_rate, u8 data_bits, u8 stop_bits,
781 u8 parity, u8 flow_ctrl_settings,
782 u8 xon_char, u8 xoff_char, u16 param_mask)
784 struct rfcomm_hdr *hdr;
785 struct rfcomm_mcc *mcc;
786 struct rfcomm_rpn *rpn;
787 u8 buf[16], *ptr = buf;
789 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
790 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
791 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
792 flow_ctrl_settings, xon_char, xoff_char, param_mask);
794 hdr = (void *) ptr; ptr += sizeof(*hdr);
795 hdr->addr = __addr(s->initiator, 0);
796 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
797 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
799 mcc = (void *) ptr; ptr += sizeof(*mcc);
800 mcc->type = __mcc_type(cr, RFCOMM_RPN);
801 mcc->len = __len8(sizeof(*rpn));
803 rpn = (void *) ptr; ptr += sizeof(*rpn);
804 rpn->dlci = __addr(1, dlci);
805 rpn->bit_rate = bit_rate;
806 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
807 rpn->flow_ctrl = flow_ctrl_settings;
808 rpn->xon_char = xon_char;
809 rpn->xoff_char = xoff_char;
810 rpn->param_mask = param_mask;
812 *ptr = __fcs(buf); ptr++;
814 return rfcomm_send_frame(s, buf, ptr - buf);
817 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
819 struct rfcomm_hdr *hdr;
820 struct rfcomm_mcc *mcc;
821 struct rfcomm_rls *rls;
822 u8 buf[16], *ptr = buf;
824 BT_DBG("%p cr %d status 0x%x", s, cr, status);
826 hdr = (void *) ptr; ptr += sizeof(*hdr);
827 hdr->addr = __addr(s->initiator, 0);
828 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
829 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
831 mcc = (void *) ptr; ptr += sizeof(*mcc);
832 mcc->type = __mcc_type(cr, RFCOMM_RLS);
833 mcc->len = __len8(sizeof(*rls));
835 rls = (void *) ptr; ptr += sizeof(*rls);
836 rls->dlci = __addr(1, dlci);
837 rls->status = status;
839 *ptr = __fcs(buf); ptr++;
841 return rfcomm_send_frame(s, buf, ptr - buf);
844 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
846 struct rfcomm_hdr *hdr;
847 struct rfcomm_mcc *mcc;
848 struct rfcomm_msc *msc;
849 u8 buf[16], *ptr = buf;
851 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
853 hdr = (void *) ptr; ptr += sizeof(*hdr);
854 hdr->addr = __addr(s->initiator, 0);
855 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
856 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
858 mcc = (void *) ptr; ptr += sizeof(*mcc);
859 mcc->type = __mcc_type(cr, RFCOMM_MSC);
860 mcc->len = __len8(sizeof(*msc));
862 msc = (void *) ptr; ptr += sizeof(*msc);
863 msc->dlci = __addr(1, dlci);
864 msc->v24_sig = v24_sig | 0x01;
866 *ptr = __fcs(buf); ptr++;
868 return rfcomm_send_frame(s, buf, ptr - buf);
871 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
873 struct rfcomm_hdr *hdr;
874 struct rfcomm_mcc *mcc;
875 u8 buf[16], *ptr = buf;
877 BT_DBG("%p cr %d", s, cr);
879 hdr = (void *) ptr; ptr += sizeof(*hdr);
880 hdr->addr = __addr(s->initiator, 0);
881 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
882 hdr->len = __len8(sizeof(*mcc));
884 mcc = (void *) ptr; ptr += sizeof(*mcc);
885 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
886 mcc->len = __len8(0);
888 *ptr = __fcs(buf); ptr++;
890 return rfcomm_send_frame(s, buf, ptr - buf);
893 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
895 struct rfcomm_hdr *hdr;
896 struct rfcomm_mcc *mcc;
897 u8 buf[16], *ptr = buf;
899 BT_DBG("%p cr %d", s, cr);
901 hdr = (void *) ptr; ptr += sizeof(*hdr);
902 hdr->addr = __addr(s->initiator, 0);
903 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
904 hdr->len = __len8(sizeof(*mcc));
906 mcc = (void *) ptr; ptr += sizeof(*mcc);
907 mcc->type = __mcc_type(cr, RFCOMM_FCON);
908 mcc->len = __len8(0);
910 *ptr = __fcs(buf); ptr++;
912 return rfcomm_send_frame(s, buf, ptr - buf);
915 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
917 struct socket *sock = s->sock;
920 unsigned char hdr[5], crc[1];
925 BT_DBG("%p cr %d", s, cr);
927 hdr[0] = __addr(s->initiator, 0);
928 hdr[1] = __ctrl(RFCOMM_UIH, 0);
929 hdr[2] = 0x01 | ((len + 2) << 1);
930 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
931 hdr[4] = 0x01 | (len << 1);
935 iv[0].iov_base = hdr;
937 iv[1].iov_base = pattern;
939 iv[2].iov_base = crc;
942 memset(&msg, 0, sizeof(msg));
944 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
947 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
949 struct rfcomm_hdr *hdr;
950 u8 buf[16], *ptr = buf;
952 BT_DBG("%p addr %d credits %d", s, addr, credits);
954 hdr = (void *) ptr; ptr += sizeof(*hdr);
956 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
957 hdr->len = __len8(0);
959 *ptr = credits; ptr++;
961 *ptr = __fcs(buf); ptr++;
963 return rfcomm_send_frame(s, buf, ptr - buf);
966 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
968 struct rfcomm_hdr *hdr;
973 hdr = (void *) skb_push(skb, 4);
974 put_unaligned(htobs(__len16(len)), (u16 *) &hdr->len);
976 hdr = (void *) skb_push(skb, 3);
977 hdr->len = __len8(len);
980 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
982 crc = skb_put(skb, 1);
983 *crc = __fcs((void *) hdr);
986 /* ---- RFCOMM frame reception ---- */
987 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
989 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
993 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
995 rfcomm_send_dm(s, dlci);
1001 rfcomm_dlc_clear_timer(d);
1004 d->state = BT_CONNECTED;
1005 d->state_change(d, 0);
1006 rfcomm_dlc_unlock(d);
1008 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1012 d->state = BT_CLOSED;
1013 __rfcomm_dlc_close(d, 0);
1017 /* Control channel */
1020 s->state = BT_CONNECTED;
1021 rfcomm_process_connect(s);
1028 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1032 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1036 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1038 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1043 d->state = BT_CLOSED;
1044 __rfcomm_dlc_close(d, err);
1047 if (s->state == BT_CONNECT)
1052 s->state = BT_CLOSED;
1053 rfcomm_session_close(s, err);
1058 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1062 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1065 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1067 rfcomm_send_ua(s, dlci);
1069 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1074 d->state = BT_CLOSED;
1075 __rfcomm_dlc_close(d, err);
1077 rfcomm_send_dm(s, dlci);
1080 rfcomm_send_ua(s, 0);
1082 if (s->state == BT_CONNECT)
1087 s->state = BT_CLOSED;
1088 rfcomm_session_close(s, err);
1094 static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
1096 struct sock *sk = d->session->sock->sk;
1098 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
1099 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
1101 } else if (d->link_mode & RFCOMM_LM_AUTH) {
1102 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
1109 static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1111 BT_DBG("dlc %p", d);
1113 rfcomm_send_ua(d->session, d->dlci);
1116 d->state = BT_CONNECTED;
1117 d->state_change(d, 0);
1118 rfcomm_dlc_unlock(d);
1120 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1123 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1125 struct rfcomm_dlc *d;
1128 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1131 rfcomm_send_ua(s, 0);
1133 if (s->state == BT_OPEN) {
1134 s->state = BT_CONNECTED;
1135 rfcomm_process_connect(s);
1140 /* Check if DLC exists */
1141 d = rfcomm_dlc_get(s, dlci);
1143 if (d->state == BT_OPEN) {
1144 /* DLC was previously opened by PN request */
1145 if (rfcomm_check_link_mode(d)) {
1146 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1147 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1151 rfcomm_dlc_accept(d);
1156 /* Notify socket layer about incoming connection */
1157 channel = __srv_channel(dlci);
1158 if (rfcomm_connect_ind(s, channel, &d)) {
1160 d->addr = __addr(s->initiator, dlci);
1161 rfcomm_dlc_link(s, d);
1163 if (rfcomm_check_link_mode(d)) {
1164 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1165 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1169 rfcomm_dlc_accept(d);
1171 rfcomm_send_dm(s, dlci);
1177 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1179 struct rfcomm_session *s = d->session;
1181 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1182 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1184 if (pn->flow_ctrl == 0xf0 || pn->flow_ctrl == 0xe0) {
1185 d->cfc = s->cfc = RFCOMM_CFC_ENABLED;
1186 d->tx_credits = pn->credits;
1188 d->cfc = s->cfc = RFCOMM_CFC_DISABLED;
1189 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1192 d->priority = pn->priority;
1194 d->mtu = s->mtu = btohs(pn->mtu);
1199 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1201 struct rfcomm_pn *pn = (void *) skb->data;
1202 struct rfcomm_dlc *d;
1205 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1210 d = rfcomm_dlc_get(s, dlci);
1214 rfcomm_apply_pn(d, cr, pn);
1215 rfcomm_send_pn(s, 0, d);
1220 rfcomm_apply_pn(d, cr, pn);
1222 d->state = BT_CONNECT;
1223 rfcomm_send_sabm(s, d->dlci);
1228 u8 channel = __srv_channel(dlci);
1233 /* PN request for non existing DLC.
1234 * Assume incoming connection. */
1235 if (rfcomm_connect_ind(s, channel, &d)) {
1237 d->addr = __addr(s->initiator, dlci);
1238 rfcomm_dlc_link(s, d);
1240 rfcomm_apply_pn(d, cr, pn);
1243 rfcomm_send_pn(s, 0, d);
1245 rfcomm_send_dm(s, dlci);
1251 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1253 struct rfcomm_rpn *rpn = (void *) skb->data;
1254 u8 dlci = __get_dlci(rpn->dlci);
1263 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1265 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1266 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1267 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1273 /* This is a request, return default settings */
1274 bit_rate = RFCOMM_RPN_BR_115200;
1275 data_bits = RFCOMM_RPN_DATA_8;
1276 stop_bits = RFCOMM_RPN_STOP_1;
1277 parity = RFCOMM_RPN_PARITY_NONE;
1278 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1279 xon_char = RFCOMM_RPN_XON_CHAR;
1280 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1284 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1285 * no parity, no flow control lines, normal XON/XOFF chars */
1287 if (rpn->param_mask & RFCOMM_RPN_PM_BITRATE) {
1288 bit_rate = rpn->bit_rate;
1289 if (bit_rate != RFCOMM_RPN_BR_115200) {
1290 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1291 bit_rate = RFCOMM_RPN_BR_115200;
1292 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1296 if (rpn->param_mask & RFCOMM_RPN_PM_DATA) {
1297 data_bits = __get_rpn_data_bits(rpn->line_settings);
1298 if (data_bits != RFCOMM_RPN_DATA_8) {
1299 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1300 data_bits = RFCOMM_RPN_DATA_8;
1301 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1305 if (rpn->param_mask & RFCOMM_RPN_PM_STOP) {
1306 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1307 if (stop_bits != RFCOMM_RPN_STOP_1) {
1308 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1309 stop_bits = RFCOMM_RPN_STOP_1;
1310 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1314 if (rpn->param_mask & RFCOMM_RPN_PM_PARITY) {
1315 parity = __get_rpn_parity(rpn->line_settings);
1316 if (parity != RFCOMM_RPN_PARITY_NONE) {
1317 BT_DBG("RPN parity mismatch 0x%x", parity);
1318 parity = RFCOMM_RPN_PARITY_NONE;
1319 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1323 if (rpn->param_mask & RFCOMM_RPN_PM_FLOW) {
1324 flow_ctrl = rpn->flow_ctrl;
1325 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1326 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1327 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1328 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1332 if (rpn->param_mask & RFCOMM_RPN_PM_XON) {
1333 xon_char = rpn->xon_char;
1334 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1335 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1336 xon_char = RFCOMM_RPN_XON_CHAR;
1337 rpn_mask ^= RFCOMM_RPN_PM_XON;
1341 if (rpn->param_mask & RFCOMM_RPN_PM_XOFF) {
1342 xoff_char = rpn->xoff_char;
1343 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1344 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1345 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1346 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1351 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1352 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1357 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1359 struct rfcomm_rls *rls = (void *) skb->data;
1360 u8 dlci = __get_dlci(rls->dlci);
1362 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1367 /* We should probably do something with this information here. But
1368 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1369 * mandatory to recognise and respond to RLS */
1371 rfcomm_send_rls(s, 0, dlci, rls->status);
1376 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1378 struct rfcomm_msc *msc = (void *) skb->data;
1379 struct rfcomm_dlc *d;
1380 u8 dlci = __get_dlci(msc->dlci);
1382 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1384 d = rfcomm_dlc_get(s, dlci);
1389 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1390 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1392 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1395 if (d->modem_status)
1396 d->modem_status(d, msc->v24_sig);
1397 rfcomm_dlc_unlock(d);
1399 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1401 d->mscex |= RFCOMM_MSCEX_RX;
1403 d->mscex |= RFCOMM_MSCEX_TX;
1408 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1410 struct rfcomm_mcc *mcc = (void *) skb->data;
1413 cr = __test_cr(mcc->type);
1414 type = __get_mcc_type(mcc->type);
1415 len = __get_mcc_len(mcc->len);
1417 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1423 rfcomm_recv_pn(s, cr, skb);
1427 rfcomm_recv_rpn(s, cr, len, skb);
1431 rfcomm_recv_rls(s, cr, skb);
1435 rfcomm_recv_msc(s, cr, skb);
1440 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1441 rfcomm_send_fcoff(s, 0);
1447 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1448 rfcomm_send_fcon(s, 0);
1454 rfcomm_send_test(s, 0, skb->data, skb->len);
1461 BT_ERR("Unknown control type 0x%02x", type);
1462 rfcomm_send_nsc(s, cr, type);
1468 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1470 struct rfcomm_dlc *d;
1472 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1474 d = rfcomm_dlc_get(s, dlci);
1476 rfcomm_send_dm(s, dlci);
1481 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1483 d->tx_credits += credits;
1485 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1488 if (skb->len && d->state == BT_CONNECTED) {
1491 d->data_ready(d, skb);
1492 rfcomm_dlc_unlock(d);
1501 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1503 struct rfcomm_hdr *hdr = (void *) skb->data;
1506 dlci = __get_dlci(hdr->addr);
1507 type = __get_type(hdr->ctrl);
1510 skb->len--; skb->tail--;
1511 fcs = *(u8 *) skb->tail;
1513 if (__check_fcs(skb->data, type, fcs)) {
1514 BT_ERR("bad checksum in packet");
1519 if (__test_ea(hdr->len))
1526 if (__test_pf(hdr->ctrl))
1527 rfcomm_recv_sabm(s, dlci);
1531 if (__test_pf(hdr->ctrl))
1532 rfcomm_recv_disc(s, dlci);
1536 if (__test_pf(hdr->ctrl))
1537 rfcomm_recv_ua(s, dlci);
1541 rfcomm_recv_dm(s, dlci);
1546 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1548 rfcomm_recv_mcc(s, skb);
1552 BT_ERR("Unknown packet type 0x%02x\n", type);
1559 /* ---- Connection and data processing ---- */
1561 static void rfcomm_process_connect(struct rfcomm_session *s)
1563 struct rfcomm_dlc *d;
1564 struct list_head *p, *n;
1566 BT_DBG("session %p state %ld", s, s->state);
1568 list_for_each_safe(p, n, &s->dlcs) {
1569 d = list_entry(p, struct rfcomm_dlc, list);
1570 if (d->state == BT_CONFIG) {
1572 rfcomm_send_pn(s, 1, d);
1577 /* Send data queued for the DLC.
1578 * Return number of frames left in the queue.
1580 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1582 struct sk_buff *skb;
1585 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1586 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1588 /* Send pending MSC */
1589 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1590 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1594 * Give them some credits */
1595 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1596 d->rx_credits <= (d->cfc >> 2)) {
1597 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1598 d->rx_credits = d->cfc;
1602 * Give ourselves some credits */
1606 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1607 return skb_queue_len(&d->tx_queue);
1609 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1610 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1612 skb_queue_head(&d->tx_queue, skb);
1619 if (d->cfc && !d->tx_credits) {
1620 /* We're out of TX credits.
1621 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1622 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1625 return skb_queue_len(&d->tx_queue);
1628 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1630 struct rfcomm_dlc *d;
1631 struct list_head *p, *n;
1633 BT_DBG("session %p state %ld", s, s->state);
1635 list_for_each_safe(p, n, &s->dlcs) {
1636 d = list_entry(p, struct rfcomm_dlc, list);
1638 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1639 __rfcomm_dlc_close(d, ETIMEDOUT);
1643 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1644 rfcomm_dlc_clear_timer(d);
1645 rfcomm_dlc_accept(d);
1646 if (d->link_mode & RFCOMM_LM_SECURE) {
1647 struct sock *sk = s->sock->sk;
1648 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
1651 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1652 rfcomm_dlc_clear_timer(d);
1653 rfcomm_send_dm(s, d->dlci);
1654 __rfcomm_dlc_close(d, ECONNREFUSED);
1658 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1661 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1662 d->mscex == RFCOMM_MSCEX_OK)
1663 rfcomm_process_tx(d);
1667 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1669 struct socket *sock = s->sock;
1670 struct sock *sk = sock->sk;
1671 struct sk_buff *skb;
1673 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1675 /* Get data directly from socket receive queue without copying it. */
1676 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1678 rfcomm_recv_frame(s, skb);
1681 if (sk->sk_state == BT_CLOSED) {
1683 rfcomm_session_put(s);
1685 rfcomm_session_close(s, sk->sk_err);
1689 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1691 struct socket *sock = s->sock, *nsock;
1694 /* Fast check for a new connection.
1695 * Avoids unnesesary socket allocations. */
1696 if (list_empty(&bt_sk(sock->sk)->accept_q))
1699 BT_DBG("session %p", s);
1701 if (sock_create_lite(PF_BLUETOOTH, sock->type, BTPROTO_L2CAP, &nsock))
1704 nsock->ops = sock->ops;
1706 __module_get(nsock->ops->owner);
1708 err = sock->ops->accept(sock, nsock, O_NONBLOCK);
1710 sock_release(nsock);
1714 /* Set our callbacks */
1715 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1716 nsock->sk->sk_state_change = rfcomm_l2state_change;
1718 s = rfcomm_session_add(nsock, BT_OPEN);
1720 rfcomm_session_hold(s);
1721 rfcomm_schedule(RFCOMM_SCHED_RX);
1723 sock_release(nsock);
1726 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1728 struct sock *sk = s->sock->sk;
1730 BT_DBG("%p state %ld", s, s->state);
1732 switch(sk->sk_state) {
1734 s->state = BT_CONNECT;
1736 /* We can adjust MTU on outgoing sessions.
1737 * L2CAP MTU minus UIH header and FCS. */
1738 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1740 rfcomm_send_sabm(s, 0);
1744 s->state = BT_CLOSED;
1745 rfcomm_session_close(s, sk->sk_err);
1750 static inline void rfcomm_process_sessions(void)
1752 struct list_head *p, *n;
1756 list_for_each_safe(p, n, &session_list) {
1757 struct rfcomm_session *s;
1758 s = list_entry(p, struct rfcomm_session, list);
1760 if (s->state == BT_LISTEN) {
1761 rfcomm_accept_connection(s);
1765 rfcomm_session_hold(s);
1769 rfcomm_check_connection(s);
1773 rfcomm_process_rx(s);
1777 rfcomm_process_dlcs(s);
1779 rfcomm_session_put(s);
1785 static void rfcomm_worker(void)
1789 while (!atomic_read(&terminate)) {
1790 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1791 /* No pending events. Let's sleep.
1792 * Incoming connections and data will wake us up. */
1793 set_current_state(TASK_INTERRUPTIBLE);
1798 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1799 rfcomm_process_sessions();
1801 set_current_state(TASK_RUNNING);
1805 static int rfcomm_add_listener(bdaddr_t *ba)
1807 struct sockaddr_l2 addr;
1808 struct socket *sock;
1810 struct rfcomm_session *s;
1814 err = rfcomm_l2sock_create(&sock);
1816 BT_ERR("Create socket failed %d", err);
1821 bacpy(&addr.l2_bdaddr, ba);
1822 addr.l2_family = AF_BLUETOOTH;
1823 addr.l2_psm = htobs(RFCOMM_PSM);
1824 err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1826 BT_ERR("Bind failed %d", err);
1830 /* Set L2CAP options */
1833 l2cap_pi(sk)->imtu = RFCOMM_MAX_L2CAP_MTU;
1836 /* Start listening on the socket */
1837 err = sock->ops->listen(sock, 10);
1839 BT_ERR("Listen failed %d", err);
1843 /* Add listening session */
1844 s = rfcomm_session_add(sock, BT_LISTEN);
1848 rfcomm_session_hold(s);
1855 static void rfcomm_kill_listener(void)
1857 struct rfcomm_session *s;
1858 struct list_head *p, *n;
1862 list_for_each_safe(p, n, &session_list) {
1863 s = list_entry(p, struct rfcomm_session, list);
1864 rfcomm_session_del(s);
1868 static int rfcomm_run(void *unused)
1870 rfcomm_thread = current;
1872 atomic_inc(&running);
1874 daemonize("krfcommd");
1875 set_user_nice(current, -10);
1876 current->flags |= PF_NOFREEZE;
1880 rfcomm_add_listener(BDADDR_ANY);
1884 rfcomm_kill_listener();
1886 atomic_dec(&running);
1890 static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
1892 struct rfcomm_session *s;
1893 struct rfcomm_dlc *d;
1894 struct list_head *p, *n;
1896 BT_DBG("conn %p status 0x%02x", conn, status);
1898 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1902 rfcomm_session_hold(s);
1904 list_for_each_safe(p, n, &s->dlcs) {
1905 d = list_entry(p, struct rfcomm_dlc, list);
1907 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE))
1910 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1914 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1916 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1919 rfcomm_session_put(s);
1921 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1924 static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1926 struct rfcomm_session *s;
1927 struct rfcomm_dlc *d;
1928 struct list_head *p, *n;
1930 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
1932 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1936 rfcomm_session_hold(s);
1938 list_for_each_safe(p, n, &s->dlcs) {
1939 d = list_entry(p, struct rfcomm_dlc, list);
1941 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1944 if (!status && encrypt)
1945 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1947 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1950 rfcomm_session_put(s);
1952 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1955 static struct hci_cb rfcomm_cb = {
1957 .auth_cfm = rfcomm_auth_cfm,
1958 .encrypt_cfm = rfcomm_encrypt_cfm
1961 /* ---- Proc fs support ---- */
1962 #ifdef CONFIG_PROC_FS
1963 static void *rfcomm_seq_start(struct seq_file *seq, loff_t *pos)
1965 struct rfcomm_session *s;
1966 struct list_head *pp, *p;
1971 list_for_each(p, &session_list) {
1972 s = list_entry(p, struct rfcomm_session, list);
1973 list_for_each(pp, &s->dlcs)
1982 static void *rfcomm_seq_next(struct seq_file *seq, void *e, loff_t *pos)
1984 struct rfcomm_session *s = seq->private;
1985 struct list_head *pp, *p = e;
1988 if (p->next != &s->dlcs)
1991 list_for_each(p, &session_list) {
1992 s = list_entry(p, struct rfcomm_session, list);
1993 __list_for_each(pp, &s->dlcs) {
2001 static void rfcomm_seq_stop(struct seq_file *seq, void *e)
2006 static int rfcomm_seq_show(struct seq_file *seq, void *e)
2008 struct rfcomm_session *s = seq->private;
2009 struct sock *sk = s->sock->sk;
2010 struct rfcomm_dlc *d = list_entry(e, struct rfcomm_dlc, list);
2012 seq_printf(seq, "%s %s %ld %d %d %d %d\n",
2013 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2014 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
2018 static struct seq_operations rfcomm_seq_ops = {
2019 .start = rfcomm_seq_start,
2020 .next = rfcomm_seq_next,
2021 .stop = rfcomm_seq_stop,
2022 .show = rfcomm_seq_show
2025 static int rfcomm_seq_open(struct inode *inode, struct file *file)
2027 return seq_open(file, &rfcomm_seq_ops);
2030 static struct file_operations rfcomm_seq_fops = {
2031 .owner = THIS_MODULE,
2032 .open = rfcomm_seq_open,
2034 .llseek = seq_lseek,
2035 .release = seq_release,
2038 static int __init rfcomm_proc_init(void)
2040 struct proc_dir_entry *p;
2042 proc_bt_rfcomm = proc_mkdir("rfcomm", proc_bt);
2043 if (proc_bt_rfcomm) {
2044 proc_bt_rfcomm->owner = THIS_MODULE;
2046 p = create_proc_entry("dlc", S_IRUGO, proc_bt_rfcomm);
2048 p->proc_fops = &rfcomm_seq_fops;
2053 static void __exit rfcomm_proc_cleanup(void)
2055 remove_proc_entry("dlc", proc_bt_rfcomm);
2057 remove_proc_entry("rfcomm", proc_bt);
2060 #else /* CONFIG_PROC_FS */
2062 static int __init rfcomm_proc_init(void)
2067 static void __exit rfcomm_proc_cleanup(void)
2071 #endif /* CONFIG_PROC_FS */
2073 /* ---- Initialization ---- */
2074 static int __init rfcomm_init(void)
2078 hci_register_cb(&rfcomm_cb);
2080 kernel_thread(rfcomm_run, NULL, CLONE_KERNEL);
2082 BT_INFO("RFCOMM ver %s", VERSION);
2086 rfcomm_init_sockets();
2088 #ifdef CONFIG_BT_RFCOMM_TTY
2095 static void __exit rfcomm_exit(void)
2097 hci_unregister_cb(&rfcomm_cb);
2099 /* Terminate working thread.
2100 * ie. Set terminate flag and wake it up */
2101 atomic_inc(&terminate);
2102 rfcomm_schedule(RFCOMM_SCHED_STATE);
2104 /* Wait until thread is running */
2105 while (atomic_read(&running))
2108 #ifdef CONFIG_BT_RFCOMM_TTY
2109 rfcomm_cleanup_ttys();
2112 rfcomm_cleanup_sockets();
2114 rfcomm_proc_cleanup();
2117 module_init(rfcomm_init);
2118 module_exit(rfcomm_exit);
2120 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
2121 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2122 MODULE_VERSION(VERSION);
2123 MODULE_LICENSE("GPL");
2124 MODULE_ALIAS("bt-proto-3");
Code Review / linux-2.6.git / blob