2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 RPN support - Dirk Husemann <hud@zurich.ibm.com>
29 * Bluetooth RFCOMM core.
31 * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $
34 #include <linux/config.h>
35 #include <linux/module.h>
36 #include <linux/errno.h>
37 #include <linux/kernel.h>
38 #include <linux/sched.h>
39 #include <linux/signal.h>
40 #include <linux/init.h>
41 #include <linux/wait.h>
42 #include <linux/net.h>
43 #include <linux/proc_fs.h>
44 #include <linux/seq_file.h>
46 #include <asm/uaccess.h>
47 #include <asm/unaligned.h>
49 #include <net/bluetooth/bluetooth.h>
50 #include <net/bluetooth/l2cap.h>
51 #include <net/bluetooth/rfcomm.h>
55 #ifndef CONFIG_BT_RFCOMM_DEBUG
61 struct proc_dir_entry *proc_bt_rfcomm;
64 struct task_struct *rfcomm_thread;
65 DECLARE_MUTEX(rfcomm_sem);
66 unsigned long rfcomm_event;
68 static LIST_HEAD(session_list);
69 static atomic_t terminate, running;
71 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
72 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
73 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
74 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
75 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
76 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
77 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
78 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
79 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
80 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
82 static void rfcomm_process_connect(struct rfcomm_session *s);
84 /* ---- RFCOMM frame parsing macros ---- */
85 #define __get_dlci(b) ((b & 0xfc) >> 2)
86 #define __get_channel(b) ((b & 0xf8) >> 3)
87 #define __get_dir(b) ((b & 0x04) >> 2)
88 #define __get_type(b) ((b & 0xef))
90 #define __test_ea(b) ((b & 0x01))
91 #define __test_cr(b) ((b & 0x02))
92 #define __test_pf(b) ((b & 0x10))
94 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
95 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
96 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
97 #define __srv_channel(dlci) (dlci >> 1)
98 #define __dir(dlci) (dlci & 0x01)
100 #define __len8(len) (((len) << 1) | 1)
101 #define __len16(len) ((len) << 1)
104 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
105 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
106 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
109 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x3) << 3))
110 #define __get_rpn_data_bits(line) ((line) & 0x3)
111 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
112 #define __get_rpn_parity(line) (((line) >> 3) & 0x3)
114 /* ---- RFCOMM FCS computation ---- */
117 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
120 static inline u8 __fcs(u8 *data)
122 return (0xff - __crc(data));
126 static inline u8 __fcs2(u8 *data)
128 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
132 static inline int __check_fcs(u8 *data, int type, u8 fcs)
136 if (type != RFCOMM_UIH)
137 f = rfcomm_crc_table[f ^ data[2]];
139 return rfcomm_crc_table[f ^ fcs] != 0xcf;
142 /* ---- L2CAP callbacks ---- */
143 static void rfcomm_l2state_change(struct sock *sk)
145 BT_DBG("%p state %d", sk, sk->sk_state);
146 rfcomm_schedule(RFCOMM_SCHED_STATE);
149 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
151 BT_DBG("%p bytes %d", sk, bytes);
152 rfcomm_schedule(RFCOMM_SCHED_RX);
155 static int rfcomm_l2sock_create(struct socket **sock)
161 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET,
162 BTPROTO_L2CAP, sock);
164 struct sock *sk = (*sock)->sk;
165 sk->sk_data_ready = rfcomm_l2data_ready;
166 sk->sk_state_change = rfcomm_l2state_change;
171 /* ---- RFCOMM DLCs ---- */
172 static void rfcomm_dlc_timeout(unsigned long arg)
174 struct rfcomm_dlc *d = (void *) arg;
176 BT_DBG("dlc %p state %ld", d, d->state);
178 set_bit(RFCOMM_TIMED_OUT, &d->flags);
180 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
183 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
185 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
187 if (!mod_timer(&d->timer, jiffies + timeout))
191 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
193 BT_DBG("dlc %p state %ld", d, d->state);
195 if (timer_pending(&d->timer) && del_timer(&d->timer))
199 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
206 d->mtu = RFCOMM_DEFAULT_MTU;
207 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
209 d->cfc = RFCOMM_CFC_DISABLED;
210 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
213 struct rfcomm_dlc *rfcomm_dlc_alloc(int prio)
215 struct rfcomm_dlc *d = kmalloc(sizeof(*d), prio);
218 memset(d, 0, sizeof(*d));
220 init_timer(&d->timer);
221 d->timer.function = rfcomm_dlc_timeout;
222 d->timer.data = (unsigned long) d;
224 skb_queue_head_init(&d->tx_queue);
225 spin_lock_init(&d->lock);
226 atomic_set(&d->refcnt, 1);
228 rfcomm_dlc_clear_state(d);
234 void rfcomm_dlc_free(struct rfcomm_dlc *d)
238 skb_queue_purge(&d->tx_queue);
242 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
244 BT_DBG("dlc %p session %p", d, s);
246 rfcomm_session_hold(s);
249 list_add(&d->list, &s->dlcs);
253 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
255 struct rfcomm_session *s = d->session;
257 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
263 rfcomm_session_put(s);
266 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
268 struct rfcomm_dlc *d;
271 list_for_each(p, &s->dlcs) {
272 d = list_entry(p, struct rfcomm_dlc, list);
279 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
281 struct rfcomm_session *s;
285 BT_DBG("dlc %p state %ld %s %s channel %d",
286 d, d->state, batostr(src), batostr(dst), channel);
288 if (channel < 1 || channel > 30)
291 if (d->state != BT_OPEN && d->state != BT_CLOSED)
294 s = rfcomm_session_get(src, dst);
296 s = rfcomm_session_create(src, dst, &err);
301 dlci = __dlci(!s->initiator, channel);
303 /* Check if DLCI already exists */
304 if (rfcomm_dlc_get(s, dlci))
307 rfcomm_dlc_clear_state(d);
310 d->addr = __addr(s->initiator, dlci);
313 d->state = BT_CONFIG;
314 rfcomm_dlc_link(s, d);
317 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
319 if (s->state == BT_CONNECTED)
320 rfcomm_send_pn(s, 1, d);
321 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
325 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
332 fs = get_fs(); set_fs(KERNEL_DS);
333 r = __rfcomm_dlc_open(d, src, dst, channel);
340 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
342 struct rfcomm_session *s = d->session;
346 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
347 d, d->state, d->dlci, err, s);
353 d->state = BT_DISCONN;
354 if (skb_queue_empty(&d->tx_queue)) {
355 rfcomm_send_disc(s, d->dlci);
356 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
358 rfcomm_queue_disc(d);
359 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
364 rfcomm_dlc_clear_timer(d);
367 d->state = BT_CLOSED;
368 d->state_change(d, err);
369 rfcomm_dlc_unlock(d);
371 skb_queue_purge(&d->tx_queue);
372 rfcomm_dlc_unlink(d);
378 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
385 fs = get_fs(); set_fs(KERNEL_DS);
386 r = __rfcomm_dlc_close(d, err);
393 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
397 if (d->state != BT_CONNECTED)
400 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
405 rfcomm_make_uih(skb, d->addr);
406 skb_queue_tail(&d->tx_queue, skb);
408 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
409 rfcomm_schedule(RFCOMM_SCHED_TX);
413 void fastcall __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
415 BT_DBG("dlc %p state %ld", d, d->state);
418 d->v24_sig |= RFCOMM_V24_FC;
419 set_bit(RFCOMM_MSC_PENDING, &d->flags);
421 rfcomm_schedule(RFCOMM_SCHED_TX);
424 void fastcall __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
426 BT_DBG("dlc %p state %ld", d, d->state);
429 d->v24_sig &= ~RFCOMM_V24_FC;
430 set_bit(RFCOMM_MSC_PENDING, &d->flags);
432 rfcomm_schedule(RFCOMM_SCHED_TX);
436 Set/get modem status functions use _local_ status i.e. what we report
438 Remote status is provided by dlc->modem_status() callback.
440 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
442 BT_DBG("dlc %p state %ld v24_sig 0x%x",
443 d, d->state, v24_sig);
445 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
446 v24_sig |= RFCOMM_V24_FC;
448 v24_sig &= ~RFCOMM_V24_FC;
450 d->v24_sig = v24_sig;
452 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
453 rfcomm_schedule(RFCOMM_SCHED_TX);
458 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
460 BT_DBG("dlc %p state %ld v24_sig 0x%x",
461 d, d->state, d->v24_sig);
463 *v24_sig = d->v24_sig;
467 /* ---- RFCOMM sessions ---- */
468 struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
470 struct rfcomm_session *s = kmalloc(sizeof(*s), GFP_KERNEL);
473 memset(s, 0, sizeof(*s));
475 BT_DBG("session %p sock %p", s, sock);
477 INIT_LIST_HEAD(&s->dlcs);
481 s->mtu = RFCOMM_DEFAULT_MTU;
482 s->cfc = RFCOMM_CFC_UNKNOWN;
484 list_add(&s->list, &session_list);
486 /* Do not increment module usage count for listeting sessions.
487 * Otherwise we won't be able to unload the module.
488 * Non listening session are added either by a socket or a TTYs
489 * which means that we already hold refcount to this module.
491 if (state != BT_LISTEN)
492 __module_get(THIS_MODULE);
496 void rfcomm_session_del(struct rfcomm_session *s)
498 int state = s->state;
500 BT_DBG("session %p state %ld", s, s->state);
504 if (state == BT_CONNECTED)
505 rfcomm_send_disc(s, 0);
507 sock_release(s->sock);
510 if (state != BT_LISTEN)
511 module_put(THIS_MODULE);
514 struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
516 struct rfcomm_session *s;
517 struct list_head *p, *n;
519 list_for_each_safe(p, n, &session_list) {
520 s = list_entry(p, struct rfcomm_session, list);
521 sk = bt_sk(s->sock->sk);
523 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
524 !bacmp(&sk->dst, dst))
530 void rfcomm_session_close(struct rfcomm_session *s, int err)
532 struct rfcomm_dlc *d;
533 struct list_head *p, *n;
535 BT_DBG("session %p state %ld err %d", s, s->state, err);
537 rfcomm_session_hold(s);
539 s->state = BT_CLOSED;
542 list_for_each_safe(p, n, &s->dlcs) {
543 d = list_entry(p, struct rfcomm_dlc, list);
544 d->state = BT_CLOSED;
545 __rfcomm_dlc_close(d, err);
548 rfcomm_session_put(s);
551 struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
553 struct rfcomm_session *s = NULL;
554 struct sockaddr_l2 addr;
555 struct l2cap_options opts;
559 BT_DBG("%s %s", batostr(src), batostr(dst));
561 *err = rfcomm_l2sock_create(&sock);
565 bacpy(&addr.l2_bdaddr, src);
566 addr.l2_family = AF_BLUETOOTH;
568 *err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
572 /* Set L2CAP options */
574 sock->ops->getsockopt(sock, SOL_L2CAP, L2CAP_OPTIONS, (void *)&opts, &size);
576 opts.imtu = RFCOMM_MAX_L2CAP_MTU;
577 sock->ops->setsockopt(sock, SOL_L2CAP, L2CAP_OPTIONS, (void *)&opts, size);
579 s = rfcomm_session_add(sock, BT_BOUND);
587 bacpy(&addr.l2_bdaddr, dst);
588 addr.l2_family = AF_BLUETOOTH;
589 addr.l2_psm = htobs(RFCOMM_PSM);
590 *err = sock->ops->connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
591 if (*err == 0 || *err == -EAGAIN)
594 rfcomm_session_del(s);
602 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
604 struct sock *sk = s->sock->sk;
606 bacpy(src, &bt_sk(sk)->src);
608 bacpy(dst, &bt_sk(sk)->dst);
611 /* ---- RFCOMM frame sending ---- */
612 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
614 struct socket *sock = s->sock;
615 struct iovec iv = { data, len };
618 BT_DBG("session %p len %d", s, len);
620 memset(&msg, 0, sizeof(msg));
624 return sock_sendmsg(sock, &msg, len);
627 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
629 struct rfcomm_cmd cmd;
631 BT_DBG("%p dlci %d", s, dlci);
633 cmd.addr = __addr(s->initiator, dlci);
634 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
636 cmd.fcs = __fcs2((u8 *) &cmd);
638 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
641 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
643 struct rfcomm_cmd cmd;
645 BT_DBG("%p dlci %d", s, dlci);
647 cmd.addr = __addr(!s->initiator, dlci);
648 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
650 cmd.fcs = __fcs2((u8 *) &cmd);
652 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
655 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
657 struct rfcomm_cmd cmd;
659 BT_DBG("%p dlci %d", s, dlci);
661 cmd.addr = __addr(s->initiator, dlci);
662 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
664 cmd.fcs = __fcs2((u8 *) &cmd);
666 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
669 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
671 struct rfcomm_cmd *cmd;
674 BT_DBG("dlc %p dlci %d", d, d->dlci);
676 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
680 cmd = (void *) __skb_put(skb, sizeof(*cmd));
682 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
683 cmd->len = __len8(0);
684 cmd->fcs = __fcs2((u8 *) cmd);
686 skb_queue_tail(&d->tx_queue, skb);
687 rfcomm_schedule(RFCOMM_SCHED_TX);
691 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
693 struct rfcomm_cmd cmd;
695 BT_DBG("%p dlci %d", s, dlci);
697 cmd.addr = __addr(!s->initiator, dlci);
698 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
700 cmd.fcs = __fcs2((u8 *) &cmd);
702 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
705 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
707 struct rfcomm_hdr *hdr;
708 struct rfcomm_mcc *mcc;
709 u8 buf[16], *ptr = buf;
711 BT_DBG("%p cr %d type %d", s, cr, type);
713 hdr = (void *) ptr; ptr += sizeof(*hdr);
714 hdr->addr = __addr(s->initiator, 0);
715 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
716 hdr->len = __len8(sizeof(*mcc) + 1);
718 mcc = (void *) ptr; ptr += sizeof(*mcc);
719 mcc->type = __mcc_type(cr, RFCOMM_NSC);
720 mcc->len = __len8(1);
722 /* Type that we didn't like */
723 *ptr = __mcc_type(cr, type); ptr++;
725 *ptr = __fcs(buf); ptr++;
727 return rfcomm_send_frame(s, buf, ptr - buf);
730 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
732 struct rfcomm_hdr *hdr;
733 struct rfcomm_mcc *mcc;
734 struct rfcomm_pn *pn;
735 u8 buf[16], *ptr = buf;
737 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
739 hdr = (void *) ptr; ptr += sizeof(*hdr);
740 hdr->addr = __addr(s->initiator, 0);
741 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
742 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
744 mcc = (void *) ptr; ptr += sizeof(*mcc);
745 mcc->type = __mcc_type(cr, RFCOMM_PN);
746 mcc->len = __len8(sizeof(*pn));
748 pn = (void *) ptr; ptr += sizeof(*pn);
750 pn->priority = d->priority;
755 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
756 pn->credits = RFCOMM_DEFAULT_CREDITS;
762 pn->mtu = htobs(d->mtu);
764 *ptr = __fcs(buf); ptr++;
766 return rfcomm_send_frame(s, buf, ptr - buf);
769 static int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
770 u8 bit_rate, u8 data_bits, u8 stop_bits,
771 u8 parity, u8 flow_ctrl_settings,
772 u8 xon_char, u8 xoff_char, u16 param_mask)
774 struct rfcomm_hdr *hdr;
775 struct rfcomm_mcc *mcc;
776 struct rfcomm_rpn *rpn;
777 u8 buf[16], *ptr = buf;
779 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
780 "flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
781 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
782 flow_ctrl_settings, xon_char, xoff_char, param_mask);
784 hdr = (void *) ptr; ptr += sizeof(*hdr);
785 hdr->addr = __addr(s->initiator, 0);
786 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
787 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
789 mcc = (void *) ptr; ptr += sizeof(*mcc);
790 mcc->type = __mcc_type(cr, RFCOMM_RPN);
791 mcc->len = __len8(sizeof(*rpn));
793 rpn = (void *) ptr; ptr += sizeof(*rpn);
794 rpn->dlci = __addr(1, dlci);
795 rpn->bit_rate = bit_rate;
796 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
797 rpn->flow_ctrl = flow_ctrl_settings;
798 rpn->xon_char = xon_char;
799 rpn->xoff_char = xoff_char;
800 rpn->param_mask = param_mask;
802 *ptr = __fcs(buf); ptr++;
804 return rfcomm_send_frame(s, buf, ptr - buf);
807 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
809 struct rfcomm_hdr *hdr;
810 struct rfcomm_mcc *mcc;
811 struct rfcomm_rls *rls;
812 u8 buf[16], *ptr = buf;
814 BT_DBG("%p cr %d status 0x%x", s, cr, status);
816 hdr = (void *) ptr; ptr += sizeof(*hdr);
817 hdr->addr = __addr(s->initiator, 0);
818 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
819 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
821 mcc = (void *) ptr; ptr += sizeof(*mcc);
822 mcc->type = __mcc_type(cr, RFCOMM_RLS);
823 mcc->len = __len8(sizeof(*rls));
825 rls = (void *) ptr; ptr += sizeof(*rls);
826 rls->dlci = __addr(1, dlci);
827 rls->status = status;
829 *ptr = __fcs(buf); ptr++;
831 return rfcomm_send_frame(s, buf, ptr - buf);
834 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
836 struct rfcomm_hdr *hdr;
837 struct rfcomm_mcc *mcc;
838 struct rfcomm_msc *msc;
839 u8 buf[16], *ptr = buf;
841 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
843 hdr = (void *) ptr; ptr += sizeof(*hdr);
844 hdr->addr = __addr(s->initiator, 0);
845 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
846 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
848 mcc = (void *) ptr; ptr += sizeof(*mcc);
849 mcc->type = __mcc_type(cr, RFCOMM_MSC);
850 mcc->len = __len8(sizeof(*msc));
852 msc = (void *) ptr; ptr += sizeof(*msc);
853 msc->dlci = __addr(1, dlci);
854 msc->v24_sig = v24_sig | 0x01;
856 *ptr = __fcs(buf); ptr++;
858 return rfcomm_send_frame(s, buf, ptr - buf);
861 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
863 struct rfcomm_hdr *hdr;
864 struct rfcomm_mcc *mcc;
865 u8 buf[16], *ptr = buf;
867 BT_DBG("%p cr %d", s, cr);
869 hdr = (void *) ptr; ptr += sizeof(*hdr);
870 hdr->addr = __addr(s->initiator, 0);
871 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
872 hdr->len = __len8(sizeof(*mcc));
874 mcc = (void *) ptr; ptr += sizeof(*mcc);
875 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
876 mcc->len = __len8(0);
878 *ptr = __fcs(buf); ptr++;
880 return rfcomm_send_frame(s, buf, ptr - buf);
883 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
885 struct rfcomm_hdr *hdr;
886 struct rfcomm_mcc *mcc;
887 u8 buf[16], *ptr = buf;
889 BT_DBG("%p cr %d", s, cr);
891 hdr = (void *) ptr; ptr += sizeof(*hdr);
892 hdr->addr = __addr(s->initiator, 0);
893 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
894 hdr->len = __len8(sizeof(*mcc));
896 mcc = (void *) ptr; ptr += sizeof(*mcc);
897 mcc->type = __mcc_type(cr, RFCOMM_FCON);
898 mcc->len = __len8(0);
900 *ptr = __fcs(buf); ptr++;
902 return rfcomm_send_frame(s, buf, ptr - buf);
905 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
907 struct socket *sock = s->sock;
910 unsigned char hdr[5], crc[1];
915 BT_DBG("%p cr %d", s, cr);
917 hdr[0] = __addr(s->initiator, 0);
918 hdr[1] = __ctrl(RFCOMM_UIH, 0);
919 hdr[2] = 0x01 | ((len + 2) << 1);
920 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
921 hdr[4] = 0x01 | (len << 1);
925 iv[0].iov_base = hdr;
927 iv[1].iov_base = pattern;
929 iv[2].iov_base = crc;
932 memset(&msg, 0, sizeof(msg));
936 return sock_sendmsg(sock, &msg, 6 + len);
939 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
941 struct rfcomm_hdr *hdr;
942 u8 buf[16], *ptr = buf;
944 BT_DBG("%p addr %d credits %d", s, addr, credits);
946 hdr = (void *) ptr; ptr += sizeof(*hdr);
948 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
949 hdr->len = __len8(0);
951 *ptr = credits; ptr++;
953 *ptr = __fcs(buf); ptr++;
955 return rfcomm_send_frame(s, buf, ptr - buf);
958 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
960 struct rfcomm_hdr *hdr;
965 hdr = (void *) skb_push(skb, 4);
966 put_unaligned(htobs(__len16(len)), (u16 *) &hdr->len);
968 hdr = (void *) skb_push(skb, 3);
969 hdr->len = __len8(len);
972 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
974 crc = skb_put(skb, 1);
975 *crc = __fcs((void *) hdr);
978 /* ---- RFCOMM frame reception ---- */
979 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
981 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
985 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
987 rfcomm_send_dm(s, dlci);
993 rfcomm_dlc_clear_timer(d);
996 d->state = BT_CONNECTED;
997 d->state_change(d, 0);
998 rfcomm_dlc_unlock(d);
1000 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1004 d->state = BT_CLOSED;
1005 __rfcomm_dlc_close(d, 0);
1009 /* Control channel */
1012 s->state = BT_CONNECTED;
1013 rfcomm_process_connect(s);
1020 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1024 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1028 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1030 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1035 d->state = BT_CLOSED;
1036 __rfcomm_dlc_close(d, err);
1039 if (s->state == BT_CONNECT)
1044 s->state = BT_CLOSED;
1045 rfcomm_session_close(s, err);
1050 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1054 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1057 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1059 rfcomm_send_ua(s, dlci);
1061 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1066 d->state = BT_CLOSED;
1067 __rfcomm_dlc_close(d, err);
1069 rfcomm_send_dm(s, dlci);
1072 rfcomm_send_ua(s, 0);
1074 if (s->state == BT_CONNECT)
1079 s->state = BT_CLOSED;
1080 rfcomm_session_close(s, err);
1086 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1088 struct rfcomm_dlc *d;
1091 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1094 rfcomm_send_ua(s, 0);
1096 if (s->state == BT_OPEN) {
1097 s->state = BT_CONNECTED;
1098 rfcomm_process_connect(s);
1103 /* Check if DLC exists */
1104 d = rfcomm_dlc_get(s, dlci);
1106 if (d->state == BT_OPEN) {
1107 /* DLC was previously opened by PN request */
1108 rfcomm_send_ua(s, dlci);
1111 d->state = BT_CONNECTED;
1112 d->state_change(d, 0);
1113 rfcomm_dlc_unlock(d);
1115 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1120 /* Notify socket layer about incoming connection */
1121 channel = __srv_channel(dlci);
1122 if (rfcomm_connect_ind(s, channel, &d)) {
1124 d->addr = __addr(s->initiator, dlci);
1125 rfcomm_dlc_link(s, d);
1127 rfcomm_send_ua(s, dlci);
1130 d->state = BT_CONNECTED;
1131 d->state_change(d, 0);
1132 rfcomm_dlc_unlock(d);
1134 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1136 rfcomm_send_dm(s, dlci);
1142 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1144 struct rfcomm_session *s = d->session;
1146 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1147 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1149 if (pn->flow_ctrl == 0xf0 || pn->flow_ctrl == 0xe0) {
1150 d->cfc = s->cfc = RFCOMM_CFC_ENABLED;
1151 d->tx_credits = pn->credits;
1153 d->cfc = s->cfc = RFCOMM_CFC_DISABLED;
1154 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1157 d->priority = pn->priority;
1159 d->mtu = s->mtu = btohs(pn->mtu);
1164 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1166 struct rfcomm_pn *pn = (void *) skb->data;
1167 struct rfcomm_dlc *d;
1170 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1175 d = rfcomm_dlc_get(s, dlci);
1179 rfcomm_apply_pn(d, cr, pn);
1180 rfcomm_send_pn(s, 0, d);
1185 rfcomm_apply_pn(d, cr, pn);
1187 d->state = BT_CONNECT;
1188 rfcomm_send_sabm(s, d->dlci);
1193 u8 channel = __srv_channel(dlci);
1198 /* PN request for non existing DLC.
1199 * Assume incoming connection. */
1200 if (rfcomm_connect_ind(s, channel, &d)) {
1202 d->addr = __addr(s->initiator, dlci);
1203 rfcomm_dlc_link(s, d);
1205 rfcomm_apply_pn(d, cr, pn);
1208 rfcomm_send_pn(s, 0, d);
1210 rfcomm_send_dm(s, dlci);
1216 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1218 struct rfcomm_rpn *rpn = (void *) skb->data;
1219 u8 dlci = __get_dlci(rpn->dlci);
1228 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1230 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1231 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1232 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1238 /* request: return default setting */
1239 bit_rate = RFCOMM_RPN_BR_115200;
1240 data_bits = RFCOMM_RPN_DATA_8;
1241 stop_bits = RFCOMM_RPN_STOP_1;
1242 parity = RFCOMM_RPN_PARITY_NONE;
1243 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1244 xon_char = RFCOMM_RPN_XON_CHAR;
1245 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1249 /* check for sane values: ignore/accept bit_rate, 8 bits, 1 stop bit, no parity,
1250 no flow control lines, normal XON/XOFF chars */
1251 if (rpn->param_mask & RFCOMM_RPN_PM_BITRATE) {
1252 bit_rate = rpn->bit_rate;
1253 if (bit_rate != RFCOMM_RPN_BR_115200) {
1254 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1255 bit_rate = RFCOMM_RPN_BR_115200;
1256 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1259 if (rpn->param_mask & RFCOMM_RPN_PM_DATA) {
1260 data_bits = __get_rpn_data_bits(rpn->line_settings);
1261 if (data_bits != RFCOMM_RPN_DATA_8) {
1262 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1263 data_bits = RFCOMM_RPN_DATA_8;
1264 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1267 if (rpn->param_mask & RFCOMM_RPN_PM_STOP) {
1268 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1269 if (stop_bits != RFCOMM_RPN_STOP_1) {
1270 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1271 stop_bits = RFCOMM_RPN_STOP_1;
1272 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1275 if (rpn->param_mask & RFCOMM_RPN_PM_PARITY) {
1276 parity = __get_rpn_parity(rpn->line_settings);
1277 if (parity != RFCOMM_RPN_PARITY_NONE) {
1278 BT_DBG("RPN parity mismatch 0x%x", parity);
1279 parity = RFCOMM_RPN_PARITY_NONE;
1280 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1283 if (rpn->param_mask & RFCOMM_RPN_PM_FLOW) {
1284 flow_ctrl = rpn->flow_ctrl;
1285 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1286 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1287 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1288 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1291 if (rpn->param_mask & RFCOMM_RPN_PM_XON) {
1292 xon_char = rpn->xon_char;
1293 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1294 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1295 xon_char = RFCOMM_RPN_XON_CHAR;
1296 rpn_mask ^= RFCOMM_RPN_PM_XON;
1299 if (rpn->param_mask & RFCOMM_RPN_PM_XOFF) {
1300 xoff_char = rpn->xoff_char;
1301 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1302 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1303 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1304 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1309 rfcomm_send_rpn(s, 0, dlci,
1310 bit_rate, data_bits, stop_bits, parity, flow_ctrl,
1311 xon_char, xoff_char, rpn_mask);
1316 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1318 struct rfcomm_rls *rls = (void *) skb->data;
1319 u8 dlci = __get_dlci(rls->dlci);
1321 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1326 /* FIXME: We should probably do something with this
1327 information here. But for now it's sufficient just
1328 to reply -- Bluetooth 1.1 says it's mandatory to
1329 recognise and respond to RLS */
1331 rfcomm_send_rls(s, 0, dlci, rls->status);
1336 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1338 struct rfcomm_msc *msc = (void *) skb->data;
1339 struct rfcomm_dlc *d;
1340 u8 dlci = __get_dlci(msc->dlci);
1342 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1344 d = rfcomm_dlc_get(s, dlci);
1349 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1350 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1352 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1355 if (d->modem_status)
1356 d->modem_status(d, msc->v24_sig);
1357 rfcomm_dlc_unlock(d);
1359 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1361 d->mscex |= RFCOMM_MSCEX_RX;
1363 d->mscex |= RFCOMM_MSCEX_TX;
1368 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1370 struct rfcomm_mcc *mcc = (void *) skb->data;
1373 cr = __test_cr(mcc->type);
1374 type = __get_mcc_type(mcc->type);
1375 len = __get_mcc_len(mcc->len);
1377 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1383 rfcomm_recv_pn(s, cr, skb);
1387 rfcomm_recv_rpn(s, cr, len, skb);
1391 rfcomm_recv_rls(s, cr, skb);
1395 rfcomm_recv_msc(s, cr, skb);
1400 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1401 rfcomm_send_fcoff(s, 0);
1407 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1408 rfcomm_send_fcon(s, 0);
1414 rfcomm_send_test(s, 0, skb->data, skb->len);
1421 BT_ERR("Unknown control type 0x%02x", type);
1422 rfcomm_send_nsc(s, cr, type);
1428 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1430 struct rfcomm_dlc *d;
1432 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1434 d = rfcomm_dlc_get(s, dlci);
1436 rfcomm_send_dm(s, dlci);
1441 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1443 d->tx_credits += credits;
1445 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1448 if (skb->len && d->state == BT_CONNECTED) {
1451 d->data_ready(d, skb);
1452 rfcomm_dlc_unlock(d);
1461 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1463 struct rfcomm_hdr *hdr = (void *) skb->data;
1466 dlci = __get_dlci(hdr->addr);
1467 type = __get_type(hdr->ctrl);
1470 skb->len--; skb->tail--;
1471 fcs = *(u8 *) skb->tail;
1473 if (__check_fcs(skb->data, type, fcs)) {
1474 BT_ERR("bad checksum in packet");
1479 if (__test_ea(hdr->len))
1486 if (__test_pf(hdr->ctrl))
1487 rfcomm_recv_sabm(s, dlci);
1491 if (__test_pf(hdr->ctrl))
1492 rfcomm_recv_disc(s, dlci);
1496 if (__test_pf(hdr->ctrl))
1497 rfcomm_recv_ua(s, dlci);
1501 rfcomm_recv_dm(s, dlci);
1506 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1508 rfcomm_recv_mcc(s, skb);
1512 BT_ERR("Unknown packet type 0x%02x\n", type);
1519 /* ---- Connection and data processing ---- */
1521 static void rfcomm_process_connect(struct rfcomm_session *s)
1523 struct rfcomm_dlc *d;
1524 struct list_head *p, *n;
1526 BT_DBG("session %p state %ld", s, s->state);
1528 list_for_each_safe(p, n, &s->dlcs) {
1529 d = list_entry(p, struct rfcomm_dlc, list);
1530 if (d->state == BT_CONFIG) {
1532 rfcomm_send_pn(s, 1, d);
1537 /* Send data queued for the DLC.
1538 * Return number of frames left in the queue.
1540 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1542 struct sk_buff *skb;
1545 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1546 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1548 /* Send pending MSC */
1549 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1550 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1554 * Give them some credits */
1555 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1556 d->rx_credits <= (d->cfc >> 2)) {
1557 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1558 d->rx_credits = d->cfc;
1562 * Give ourselves some credits */
1566 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1567 return skb_queue_len(&d->tx_queue);
1569 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1570 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1572 skb_queue_head(&d->tx_queue, skb);
1579 if (d->cfc && !d->tx_credits) {
1580 /* We're out of TX credits.
1581 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1582 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1585 return skb_queue_len(&d->tx_queue);
1588 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1590 struct rfcomm_dlc *d;
1591 struct list_head *p, *n;
1593 BT_DBG("session %p state %ld", s, s->state);
1595 list_for_each_safe(p, n, &s->dlcs) {
1596 d = list_entry(p, struct rfcomm_dlc, list);
1597 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1598 __rfcomm_dlc_close(d, ETIMEDOUT);
1602 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1605 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1606 d->mscex == RFCOMM_MSCEX_OK)
1607 rfcomm_process_tx(d);
1611 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1613 struct socket *sock = s->sock;
1614 struct sock *sk = sock->sk;
1615 struct sk_buff *skb;
1617 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1619 /* Get data directly from socket receive queue without copying it. */
1620 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1622 rfcomm_recv_frame(s, skb);
1625 if (sk->sk_state == BT_CLOSED) {
1627 rfcomm_session_put(s);
1629 rfcomm_session_close(s, sk->sk_err);
1633 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1635 struct socket *sock = s->sock, *nsock;
1638 /* Fast check for a new connection.
1639 * Avoids unnesesary socket allocations. */
1640 if (list_empty(&bt_sk(sock->sk)->accept_q))
1643 BT_DBG("session %p", s);
1645 if (sock_create_lite(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, &nsock))
1648 nsock->ops = sock->ops;
1650 __module_get(nsock->ops->owner);
1652 err = sock->ops->accept(sock, nsock, O_NONBLOCK);
1654 sock_release(nsock);
1658 /* Set our callbacks */
1659 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1660 nsock->sk->sk_state_change = rfcomm_l2state_change;
1662 s = rfcomm_session_add(nsock, BT_OPEN);
1664 rfcomm_session_hold(s);
1665 rfcomm_schedule(RFCOMM_SCHED_RX);
1667 sock_release(nsock);
1670 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1672 struct sock *sk = s->sock->sk;
1674 BT_DBG("%p state %ld", s, s->state);
1676 switch(sk->sk_state) {
1678 s->state = BT_CONNECT;
1680 /* We can adjust MTU on outgoing sessions.
1681 * L2CAP MTU minus UIH header and FCS. */
1682 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1684 rfcomm_send_sabm(s, 0);
1688 s->state = BT_CLOSED;
1689 rfcomm_session_close(s, sk->sk_err);
1694 static inline void rfcomm_process_sessions(void)
1696 struct list_head *p, *n;
1700 list_for_each_safe(p, n, &session_list) {
1701 struct rfcomm_session *s;
1702 s = list_entry(p, struct rfcomm_session, list);
1704 if (s->state == BT_LISTEN) {
1705 rfcomm_accept_connection(s);
1709 rfcomm_session_hold(s);
1713 rfcomm_check_connection(s);
1717 rfcomm_process_rx(s);
1721 rfcomm_process_dlcs(s);
1723 rfcomm_session_put(s);
1729 static void rfcomm_worker(void)
1733 while (!atomic_read(&terminate)) {
1734 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1735 /* No pending events. Let's sleep.
1736 * Incoming connections and data will wake us up. */
1737 set_current_state(TASK_INTERRUPTIBLE);
1742 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1743 rfcomm_process_sessions();
1745 set_current_state(TASK_RUNNING);
1749 static int rfcomm_add_listener(bdaddr_t *ba)
1751 struct sockaddr_l2 addr;
1752 struct l2cap_options opts;
1753 struct socket *sock;
1754 struct rfcomm_session *s;
1758 err = rfcomm_l2sock_create(&sock);
1760 BT_ERR("Create socket failed %d", err);
1765 bacpy(&addr.l2_bdaddr, ba);
1766 addr.l2_family = AF_BLUETOOTH;
1767 addr.l2_psm = htobs(RFCOMM_PSM);
1768 err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1770 BT_ERR("Bind failed %d", err);
1774 /* Set L2CAP options */
1775 size = sizeof(opts);
1776 sock->ops->getsockopt(sock, SOL_L2CAP, L2CAP_OPTIONS, (void *)&opts, &size);
1778 opts.imtu = RFCOMM_MAX_L2CAP_MTU;
1779 sock->ops->setsockopt(sock, SOL_L2CAP, L2CAP_OPTIONS, (void *)&opts, size);
1781 /* Start listening on the socket */
1782 err = sock->ops->listen(sock, 10);
1784 BT_ERR("Listen failed %d", err);
1788 /* Add listening session */
1789 s = rfcomm_session_add(sock, BT_LISTEN);
1793 rfcomm_session_hold(s);
1800 static void rfcomm_kill_listener(void)
1802 struct rfcomm_session *s;
1803 struct list_head *p, *n;
1807 list_for_each_safe(p, n, &session_list) {
1808 s = list_entry(p, struct rfcomm_session, list);
1809 rfcomm_session_del(s);
1813 static int rfcomm_run(void *unused)
1815 rfcomm_thread = current;
1817 atomic_inc(&running);
1819 daemonize("krfcommd");
1820 set_user_nice(current, -10);
1821 current->flags |= PF_NOFREEZE;
1827 rfcomm_add_listener(BDADDR_ANY);
1831 rfcomm_kill_listener();
1833 atomic_dec(&running);
1837 /* ---- Proc fs support ---- */
1838 #ifdef CONFIG_PROC_FS
1839 static void *rfcomm_seq_start(struct seq_file *seq, loff_t *pos)
1841 struct rfcomm_session *s;
1842 struct list_head *pp, *p;
1847 list_for_each(p, &session_list) {
1848 s = list_entry(p, struct rfcomm_session, list);
1849 list_for_each(pp, &s->dlcs)
1858 static void *rfcomm_seq_next(struct seq_file *seq, void *e, loff_t *pos)
1860 struct rfcomm_session *s = seq->private;
1861 struct list_head *pp, *p = e;
1864 if (p->next != &s->dlcs)
1867 list_for_each(p, &session_list) {
1868 s = list_entry(p, struct rfcomm_session, list);
1869 __list_for_each(pp, &s->dlcs) {
1877 static void rfcomm_seq_stop(struct seq_file *seq, void *e)
1882 static int rfcomm_seq_show(struct seq_file *seq, void *e)
1884 struct rfcomm_session *s = seq->private;
1885 struct sock *sk = s->sock->sk;
1886 struct rfcomm_dlc *d = list_entry(e, struct rfcomm_dlc, list);
1888 seq_printf(seq, "%s %s %ld %d %d %d %d\n",
1889 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
1890 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
1894 static struct seq_operations rfcomm_seq_ops = {
1895 .start = rfcomm_seq_start,
1896 .next = rfcomm_seq_next,
1897 .stop = rfcomm_seq_stop,
1898 .show = rfcomm_seq_show
1901 static int rfcomm_seq_open(struct inode *inode, struct file *file)
1903 return seq_open(file, &rfcomm_seq_ops);
1906 static struct file_operations rfcomm_seq_fops = {
1907 .owner = THIS_MODULE,
1908 .open = rfcomm_seq_open,
1910 .llseek = seq_lseek,
1911 .release = seq_release,
1914 static int __init rfcomm_proc_init(void)
1916 struct proc_dir_entry *p;
1918 proc_bt_rfcomm = proc_mkdir("rfcomm", proc_bt);
1919 if (proc_bt_rfcomm) {
1920 proc_bt_rfcomm->owner = THIS_MODULE;
1922 p = create_proc_entry("dlc", S_IRUGO, proc_bt_rfcomm);
1924 p->proc_fops = &rfcomm_seq_fops;
1929 static void __exit rfcomm_proc_cleanup(void)
1931 remove_proc_entry("dlc", proc_bt_rfcomm);
1933 remove_proc_entry("rfcomm", proc_bt);
1936 #else /* CONFIG_PROC_FS */
1938 static int __init rfcomm_proc_init(void)
1943 static void __exit rfcomm_proc_cleanup(void)
1947 #endif /* CONFIG_PROC_FS */
1949 /* ---- Initialization ---- */
1950 static int __init rfcomm_init(void)
1954 kernel_thread(rfcomm_run, NULL, CLONE_KERNEL);
1956 BT_INFO("RFCOMM ver %s", VERSION);
1960 rfcomm_init_sockets();
1962 #ifdef CONFIG_BT_RFCOMM_TTY
1969 static void __exit rfcomm_exit(void)
1971 /* Terminate working thread.
1972 * ie. Set terminate flag and wake it up */
1973 atomic_inc(&terminate);
1974 rfcomm_schedule(RFCOMM_SCHED_STATE);
1976 /* Wait until thread is running */
1977 while (atomic_read(&running))
1980 #ifdef CONFIG_BT_RFCOMM_TTY
1981 rfcomm_cleanup_ttys();
1984 rfcomm_cleanup_sockets();
1986 rfcomm_proc_cleanup();
1989 module_init(rfcomm_init);
1990 module_exit(rfcomm_exit);
1992 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
1993 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
1994 MODULE_VERSION(VERSION);
1995 MODULE_LICENSE("GPL");
1996 MODULE_ALIAS("bt-proto-3");