projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Remove RFCOMM session refcnt
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / rfcomm / core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
8e87d142
YH		 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 21 SOFTWARE IS DISCLAIMED.
22*/
23
1da177e4
LT		 24/*
25 * Bluetooth RFCOMM core.
1da177e4
LT		 26 */
27
1da177e4 28#include <linux/module.h>
aef7d97c 29#include <linux/debugfs.h>
a524eccc 30#include <linux/kthread.h>
1da177e4
LT		 31#include <asm/unaligned.h>
32
33#include <net/bluetooth/bluetooth.h>
34#include <net/bluetooth/hci_core.h>
35#include <net/bluetooth/l2cap.h>
36#include <net/bluetooth/rfcomm.h>
37
5f9018af 38#define VERSION "1.11"
56f3a40a 39
eb939922
RR		 40static bool disable_cfc;
41static bool l2cap_ertm;
98bcd08b 42static int channel_mtu = -1;
56f3a40a
MH		 43static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
44
1da177e4
LT		 45static struct task_struct *rfcomm_thread;
46
4a3e2f71
AV		 47static DEFINE_MUTEX(rfcomm_mutex);
48#define rfcomm_lock() mutex_lock(&rfcomm_mutex)
49#define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
1da177e4 50
1da177e4
LT		 51
52static LIST_HEAD(session_list);
1da177e4 53
5436538f 54static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
1da177e4
LT		 55static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
56static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
57static int rfcomm_queue_disc(struct rfcomm_dlc *d);
58static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
59static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
60static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
61static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
62static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
63static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
64
65static void rfcomm_process_connect(struct rfcomm_session *s);
66
63ce0900
LAD		 67static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
68 bdaddr_t *dst,
69 u8 sec_level,
70 int *err);
1da177e4 71static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
8ff52f7d 72static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s);
1da177e4
LT		 73
74/* ---- RFCOMM frame parsing macros ---- */
75#define __get_dlci(b) ((b & 0xfc) >> 2)
76#define __get_channel(b) ((b & 0xf8) >> 3)
77#define __get_dir(b) ((b & 0x04) >> 2)
78#define __get_type(b) ((b & 0xef))
79
80#define __test_ea(b) ((b & 0x01))
81#define __test_cr(b) ((b & 0x02))
82#define __test_pf(b) ((b & 0x10))
83
84#define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
85#define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
86#define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
87#define __srv_channel(dlci) (dlci >> 1)
88#define __dir(dlci) (dlci & 0x01)
89
90#define __len8(len) (((len) << 1) | 1)
91#define __len16(len) ((len) << 1)
92
93/* MCC macros */
94#define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
95#define __get_mcc_type(b) ((b & 0xfc) >> 2)
96#define __get_mcc_len(b) ((b & 0xfe) >> 1)
97
98/* RPN macros */
3a5e903c 99#define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
1da177e4
LT		 100#define __get_rpn_data_bits(line) ((line) & 0x3)
101#define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
3a5e903c 102#define __get_rpn_parity(line) (((line) >> 3) & 0x7)
1da177e4 103
6039aa73 104static void rfcomm_schedule(void)
1da177e4
LT		 105{
106 if (!rfcomm_thread)
107 return;
1da177e4
LT		 108 wake_up_process(rfcomm_thread);
109}
110
1da177e4
LT		 111/* ---- RFCOMM FCS computation ---- */
112
408c1ce2 113/* reversed, 8-bit, poly=0x07 */
8e87d142 114static unsigned char rfcomm_crc_table[256] = {
408c1ce2
MH		 115 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
116 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
117 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
118 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
119
120 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
121 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
122 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
123 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
124
125 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
126 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
127 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
128 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
129
130 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
131 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
132 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
133 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
134
135 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
136 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
137 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
138 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
139
140 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
141 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
142 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
143 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
144
145 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
146 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
147 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
148 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
149
150 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
151 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
152 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
153 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
154};
155
1da177e4
LT		 156/* CRC on 2 bytes */
157#define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
158
8e87d142 159/* FCS on 2 bytes */
1da177e4
LT		 160static inline u8 __fcs(u8 *data)
161{
a02cec21 162 return 0xff - __crc(data);
1da177e4
LT		 163}
164
8e87d142 165/* FCS on 3 bytes */
1da177e4
LT		 166static inline u8 __fcs2(u8 *data)
167{
a02cec21 168 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
1da177e4
LT		 169}
170
171/* Check FCS */
172static inline int __check_fcs(u8 *data, int type, u8 fcs)
173{
174 u8 f = __crc(data);
175
176 if (type != RFCOMM_UIH)
177 f = rfcomm_crc_table[f ^ data[2]];
178
179 return rfcomm_crc_table[f ^ fcs] != 0xcf;
180}
181
182/* ---- L2CAP callbacks ---- */
183static void rfcomm_l2state_change(struct sock *sk)
184{
185 BT_DBG("%p state %d", sk, sk->sk_state);
534c92fd 186 rfcomm_schedule();
1da177e4
LT		 187}
188
189static void rfcomm_l2data_ready(struct sock *sk, int bytes)
190{
191 BT_DBG("%p bytes %d", sk, bytes);
534c92fd 192 rfcomm_schedule();
1da177e4
LT		 193}
194
195static int rfcomm_l2sock_create(struct socket **sock)
196{
197 int err;
198
199 BT_DBG("");
200
201 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
202 if (!err) {
203 struct sock *sk = (*sock)->sk;
204 sk->sk_data_ready = rfcomm_l2data_ready;
205 sk->sk_state_change = rfcomm_l2state_change;
206 }
207 return err;
208}
209
6039aa73 210static int rfcomm_check_security(struct rfcomm_dlc *d)
77db1980
MH		 211{
212 struct sock *sk = d->session->sock->sk;
8c1d787b
GP		 213 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
214
0684e5f9
MH		 215 __u8 auth_type;
216
217 switch (d->sec_level) {
218 case BT_SECURITY_HIGH:
219 auth_type = HCI_AT_GENERAL_BONDING_MITM;
220 break;
221 case BT_SECURITY_MEDIUM:
222 auth_type = HCI_AT_GENERAL_BONDING;
223 break;
224 default:
225 auth_type = HCI_AT_NO_BONDING;
226 break;
227 }
77db1980 228
8c1d787b 229 return hci_conn_security(conn->hcon, d->sec_level, auth_type);
77db1980
MH		 230}
231
9e726b17
LAD		 232static void rfcomm_session_timeout(unsigned long arg)
233{
234 struct rfcomm_session *s = (void *) arg;
235
236 BT_DBG("session %p state %ld", s, s->state);
237
238 set_bit(RFCOMM_TIMED_OUT, &s->flags);
534c92fd 239 rfcomm_schedule();
9e726b17
LAD		 240}
241
242static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
243{
244 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
245
08c30aca 246 mod_timer(&s->timer, jiffies + timeout);
9e726b17
LAD		 247}
248
249static void rfcomm_session_clear_timer(struct rfcomm_session *s)
250{
251 BT_DBG("session %p state %ld", s, s->state);
252
08c30aca 253 del_timer_sync(&s->timer);
9e726b17
LAD		 254}
255
1da177e4
LT		 256/* ---- RFCOMM DLCs ---- */
257static void rfcomm_dlc_timeout(unsigned long arg)
258{
259 struct rfcomm_dlc *d = (void *) arg;
260
261 BT_DBG("dlc %p state %ld", d, d->state);
262
263 set_bit(RFCOMM_TIMED_OUT, &d->flags);
264 rfcomm_dlc_put(d);
534c92fd 265 rfcomm_schedule();
1da177e4
LT		 266}
267
268static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
269{
270 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
271
272 if (!mod_timer(&d->timer, jiffies + timeout))
273 rfcomm_dlc_hold(d);
274}
275
276static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
277{
278 BT_DBG("dlc %p state %ld", d, d->state);
279
25cc4ae9 280 if (del_timer(&d->timer))
1da177e4
LT		 281 rfcomm_dlc_put(d);
282}
283
284static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
285{
286 BT_DBG("%p", d);
287
288 d->state = BT_OPEN;
289 d->flags = 0;
290 d->mscex = 0;
183f732c 291 d->sec_level = BT_SECURITY_LOW;
1da177e4
LT		 292 d->mtu = RFCOMM_DEFAULT_MTU;
293 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
294
295 d->cfc = RFCOMM_CFC_DISABLED;
296 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
297}
298
dd0fc66f 299struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
1da177e4 300{
25ea6db0
MH		 301 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
302
1da177e4
LT		 303 if (!d)
304 return NULL;
1da177e4 305
b24b8a24 306 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
1da177e4
LT		 307
308 skb_queue_head_init(&d->tx_queue);
309 spin_lock_init(&d->lock);
310 atomic_set(&d->refcnt, 1);
311
312 rfcomm_dlc_clear_state(d);
8e87d142 313
1da177e4 314 BT_DBG("%p", d);
25ea6db0 315
1da177e4
LT		 316 return d;
317}
318
319void rfcomm_dlc_free(struct rfcomm_dlc *d)
320{
321 BT_DBG("%p", d);
322
323 skb_queue_purge(&d->tx_queue);
324 kfree(d);
325}
326
327static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
328{
329 BT_DBG("dlc %p session %p", d, s);
330
9e726b17 331 rfcomm_session_clear_timer(s);
1da177e4
LT		 332 rfcomm_dlc_hold(d);
333 list_add(&d->list, &s->dlcs);
334 d->session = s;
335}
336
337static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
338{
339 struct rfcomm_session *s = d->session;
340
341 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
342
343 list_del(&d->list);
344 d->session = NULL;
345 rfcomm_dlc_put(d);
346
9e726b17
LAD		 347 if (list_empty(&s->dlcs))
348 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
1da177e4
LT		 349}
350
351static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
352{
353 struct rfcomm_dlc *d;
1da177e4 354
8035ded4 355 list_for_each_entry(d, &s->dlcs, list)
1da177e4
LT		 356 if (d->dlci == dlci)
357 return d;
8035ded4 358
1da177e4
LT		 359 return NULL;
360}
361
362static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
363{
364 struct rfcomm_session *s;
365 int err = 0;
366 u8 dlci;
367
6ed93dc6
AE		 368 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d",
369 d, d->state, src, dst, channel);
1da177e4
LT		 370
371 if (channel < 1 || channel > 30)
372 return -EINVAL;
373
374 if (d->state != BT_OPEN && d->state != BT_CLOSED)
375 return 0;
376
377 s = rfcomm_session_get(src, dst);
378 if (!s) {
63ce0900 379 s = rfcomm_session_create(src, dst, d->sec_level, &err);
1da177e4
LT		 380 if (!s)
381 return err;
382 }
383
384 dlci = __dlci(!s->initiator, channel);
385
386 /* Check if DLCI already exists */
387 if (rfcomm_dlc_get(s, dlci))
388 return -EBUSY;
389
390 rfcomm_dlc_clear_state(d);
391
392 d->dlci = dlci;
393 d->addr = __addr(s->initiator, dlci);
394 d->priority = 7;
395
77db1980 396 d->state = BT_CONFIG;
1da177e4
LT		 397 rfcomm_dlc_link(s, d);
398
77db1980
MH		 399 d->out = 1;
400
1da177e4
LT		 401 d->mtu = s->mtu;
402 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
403
77db1980 404 if (s->state == BT_CONNECTED) {
9f2c8a03 405 if (rfcomm_check_security(d))
77db1980 406 rfcomm_send_pn(s, 1, d);
8c1b2355
MH		 407 else
408 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
77db1980
MH		 409 }
410
1da177e4 411 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
77db1980 412
1da177e4
LT		 413 return 0;
414}
415
416int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
417{
418 int r;
419
420 rfcomm_lock();
421
422 r = __rfcomm_dlc_open(d, src, dst, channel);
423
424 rfcomm_unlock();
425 return r;
426}
427
428static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
429{
430 struct rfcomm_session *s = d->session;
431 if (!s)
432 return 0;
433
434 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
435 d, d->state, d->dlci, err, s);
436
437 switch (d->state) {
1da177e4 438 case BT_CONNECT:
bb23c0ab
MH		 439 case BT_CONFIG:
440 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
441 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
534c92fd 442 rfcomm_schedule();
bb23c0ab
MH		 443 break;
444 }
445 /* Fall through */
446
447 case BT_CONNECTED:
1da177e4
LT		 448 d->state = BT_DISCONN;
449 if (skb_queue_empty(&d->tx_queue)) {
450 rfcomm_send_disc(s, d->dlci);
451 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
452 } else {
453 rfcomm_queue_disc(d);
454 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
455 }
456 break;
457
bb23c0ab 458 case BT_OPEN:
8bf47941 459 case BT_CONNECT2:
bb23c0ab
MH		 460 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
461 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
534c92fd 462 rfcomm_schedule();
bb23c0ab
MH		 463 break;
464 }
465 /* Fall through */
466
1da177e4
LT		 467 default:
468 rfcomm_dlc_clear_timer(d);
469
470 rfcomm_dlc_lock(d);
471 d->state = BT_CLOSED;
1905f6c7 472 d->state_change(d, err);
4c8411f8 473 rfcomm_dlc_unlock(d);
1da177e4
LT		 474
475 skb_queue_purge(&d->tx_queue);
1da177e4
LT		 476 rfcomm_dlc_unlink(d);
477 }
478
479 return 0;
480}
481
482int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
483{
c06f7d53
DJ		 484 int r = 0;
485 struct rfcomm_dlc *d_list;
486 struct rfcomm_session *s, *s_list;
487
488 BT_DBG("dlc %p state %ld dlci %d err %d", d, d->state, d->dlci, err);
1da177e4
LT		 489
490 rfcomm_lock();
491
c06f7d53
DJ		 492 s = d->session;
493 if (!s)
494 goto no_session;
495
496 /* after waiting on the mutex check the session still exists
497 * then check the dlc still exists
498 */
499 list_for_each_entry(s_list, &session_list, list) {
500 if (s_list == s) {
501 list_for_each_entry(d_list, &s->dlcs, list) {
502 if (d_list == d) {
503 r = __rfcomm_dlc_close(d, err);
504 break;
505 }
506 }
507 break;
508 }
509 }
1da177e4 510
c06f7d53 511no_session:
1da177e4
LT		 512 rfcomm_unlock();
513 return r;
514}
515
516int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
517{
518 int len = skb->len;
519
520 if (d->state != BT_CONNECTED)
521 return -ENOTCONN;
522
523 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
524
525 if (len > d->mtu)
526 return -EINVAL;
527
528 rfcomm_make_uih(skb, d->addr);
529 skb_queue_tail(&d->tx_queue, skb);
530
531 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
534c92fd 532 rfcomm_schedule();
1da177e4
LT		 533 return len;
534}
535
b5606c2d 536void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
1da177e4
LT		 537{
538 BT_DBG("dlc %p state %ld", d, d->state);
539
540 if (!d->cfc) {
541 d->v24_sig |= RFCOMM_V24_FC;
542 set_bit(RFCOMM_MSC_PENDING, &d->flags);
543 }
534c92fd 544 rfcomm_schedule();
1da177e4
LT		 545}
546
b5606c2d 547void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
1da177e4
LT		 548{
549 BT_DBG("dlc %p state %ld", d, d->state);
550
551 if (!d->cfc) {
552 d->v24_sig &= ~RFCOMM_V24_FC;
553 set_bit(RFCOMM_MSC_PENDING, &d->flags);
554 }
534c92fd 555 rfcomm_schedule();
1da177e4
LT		 556}
557
8e87d142 558/*
1da177e4
LT		 559 Set/get modem status functions use _local_ status i.e. what we report
560 to the other side.
561 Remote status is provided by dlc->modem_status() callback.
562 */
563int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
564{
8e87d142 565 BT_DBG("dlc %p state %ld v24_sig 0x%x",
1da177e4
LT		 566 d, d->state, v24_sig);
567
568 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
569 v24_sig |= RFCOMM_V24_FC;
570 else
571 v24_sig &= ~RFCOMM_V24_FC;
8e87d142 572
1da177e4
LT		 573 d->v24_sig = v24_sig;
574
575 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
534c92fd 576 rfcomm_schedule();
1da177e4
LT		 577
578 return 0;
579}
580
581int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
582{
8e87d142 583 BT_DBG("dlc %p state %ld v24_sig 0x%x",
1da177e4
LT		 584 d, d->state, d->v24_sig);
585
586 *v24_sig = d->v24_sig;
587 return 0;
588}
589
590/* ---- RFCOMM sessions ---- */
591static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
592{
25ea6db0
MH		 593 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
594
1da177e4
LT		 595 if (!s)
596 return NULL;
1da177e4
LT		 597
598 BT_DBG("session %p sock %p", s, sock);
599
9e726b17
LAD		 600 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
601
1da177e4
LT		 602 INIT_LIST_HEAD(&s->dlcs);
603 s->state = state;
604 s->sock = sock;
605
606 s->mtu = RFCOMM_DEFAULT_MTU;
7c2660b0 607 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
1da177e4
LT		 608
609 /* Do not increment module usage count for listening sessions.
610 * Otherwise we won't be able to unload the module. */
611 if (state != BT_LISTEN)
612 if (!try_module_get(THIS_MODULE)) {
613 kfree(s);
614 return NULL;
615 }
616
617 list_add(&s->list, &session_list);
618
619 return s;
620}
621
8ff52f7d 622static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s)
1da177e4
LT		 623{
624 int state = s->state;
625
626 BT_DBG("session %p state %ld", s, s->state);
627
628 list_del(&s->list);
629
630 if (state == BT_CONNECTED)
631 rfcomm_send_disc(s, 0);
632
9e726b17 633 rfcomm_session_clear_timer(s);
1da177e4
LT		 634 sock_release(s->sock);
635 kfree(s);
636
637 if (state != BT_LISTEN)
638 module_put(THIS_MODULE);
8ff52f7d
DJ		 639
640 return NULL;
1da177e4
LT		 641}
642
643static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
644{
645 struct rfcomm_session *s;
646 struct list_head *p, *n;
647 struct bt_sock *sk;
648 list_for_each_safe(p, n, &session_list) {
649 s = list_entry(p, struct rfcomm_session, list);
8e87d142 650 sk = bt_sk(s->sock->sk);
1da177e4
LT		 651
652 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
653 !bacmp(&sk->dst, dst))
654 return s;
655 }
656 return NULL;
657}
658
8ff52f7d
DJ		 659static struct rfcomm_session *rfcomm_session_close(struct rfcomm_session *s,
660 int err)
1da177e4
LT		 661{
662 struct rfcomm_dlc *d;
663 struct list_head *p, *n;
664
665 BT_DBG("session %p state %ld err %d", s, s->state, err);
666
1da177e4
LT		 667 s->state = BT_CLOSED;
668
669 /* Close all dlcs */
670 list_for_each_safe(p, n, &s->dlcs) {
671 d = list_entry(p, struct rfcomm_dlc, list);
672 d->state = BT_CLOSED;
673 __rfcomm_dlc_close(d, err);
674 }
675
9e726b17 676 rfcomm_session_clear_timer(s);
08c30aca 677 return rfcomm_session_del(s);
1da177e4
LT		 678}
679
63ce0900
LAD		 680static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
681 bdaddr_t *dst,
682 u8 sec_level,
683 int *err)
1da177e4
LT		 684{
685 struct rfcomm_session *s = NULL;
686 struct sockaddr_l2 addr;
687 struct socket *sock;
688 struct sock *sk;
689
6ed93dc6 690 BT_DBG("%pMR -> %pMR", src, dst);
1da177e4
LT		 691
692 *err = rfcomm_l2sock_create(&sock);
693 if (*err < 0)
694 return NULL;
695
696 bacpy(&addr.l2_bdaddr, src);
697 addr.l2_family = AF_BLUETOOTH;
698 addr.l2_psm = 0;
37e62f55 699 addr.l2_cid = 0;
48db9ca4 700 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1da177e4
LT		 701 if (*err < 0)
702 goto failed;
703
704 /* Set L2CAP options */
705 sk = sock->sk;
706 lock_sock(sk);
0c1bc5c6 707 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
47d1ec61 708 l2cap_pi(sk)->chan->sec_level = sec_level;
eae38eed 709 if (l2cap_ertm)
0c1bc5c6 710 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
1da177e4
LT		 711 release_sock(sk);
712
713 s = rfcomm_session_add(sock, BT_BOUND);
714 if (!s) {
715 *err = -ENOMEM;
716 goto failed;
717 }
718
1da177e4
LT		 719 s->initiator = 1;
720
721 bacpy(&addr.l2_bdaddr, dst);
722 addr.l2_family = AF_BLUETOOTH;
5bcb8094 723 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
37e62f55 724 addr.l2_cid = 0;
48db9ca4 725 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
b4c612a4 726 if (*err == 0 || *err == -EINPROGRESS)
1da177e4
LT		 727 return s;
728
8ff52f7d 729 return rfcomm_session_del(s);
1da177e4
LT		 730
731failed:
732 sock_release(sock);
733 return NULL;
734}
735
736void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
737{
738 struct sock *sk = s->sock->sk;
739 if (src)
740 bacpy(src, &bt_sk(sk)->src);
741 if (dst)
742 bacpy(dst, &bt_sk(sk)->dst);
743}
744
745/* ---- RFCOMM frame sending ---- */
5436538f 746static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
1da177e4 747{
1da177e4
LT		 748 struct kvec iv = { data, len };
749 struct msghdr msg;
750
5436538f 751 BT_DBG("session %p len %d", s, len);
1da177e4
LT		 752
753 memset(&msg, 0, sizeof(msg));
754
5436538f 755 return kernel_sendmsg(s->sock, &msg, &iv, 1, len);
1da177e4
LT		 756}
757
262038fc
LAD		 758static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd)
759{
760 BT_DBG("%p cmd %u", s, cmd->ctrl);
761
5436538f 762 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd));
262038fc
LAD		 763}
764
1da177e4
LT		 765static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
766{
767 struct rfcomm_cmd cmd;
768
769 BT_DBG("%p dlci %d", s, dlci);
770
771 cmd.addr = __addr(s->initiator, dlci);
772 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
773 cmd.len = __len8(0);
774 cmd.fcs = __fcs2((u8 *) &cmd);
775
262038fc 776 return rfcomm_send_cmd(s, &cmd);
1da177e4
LT		 777}
778
779static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
780{
781 struct rfcomm_cmd cmd;
782
783 BT_DBG("%p dlci %d", s, dlci);
784
785 cmd.addr = __addr(!s->initiator, dlci);
786 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
787 cmd.len = __len8(0);
788 cmd.fcs = __fcs2((u8 *) &cmd);
789
262038fc 790 return rfcomm_send_cmd(s, &cmd);
1da177e4
LT		 791}
792
793static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
794{
795 struct rfcomm_cmd cmd;
796
797 BT_DBG("%p dlci %d", s, dlci);
798
799 cmd.addr = __addr(s->initiator, dlci);
800 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
801 cmd.len = __len8(0);
802 cmd.fcs = __fcs2((u8 *) &cmd);
803
262038fc 804 return rfcomm_send_cmd(s, &cmd);
1da177e4
LT		 805}
806
807static int rfcomm_queue_disc(struct rfcomm_dlc *d)
808{
809 struct rfcomm_cmd *cmd;
810 struct sk_buff *skb;
811
812 BT_DBG("dlc %p dlci %d", d, d->dlci);
813
814 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
815 if (!skb)
816 return -ENOMEM;
817
818 cmd = (void *) __skb_put(skb, sizeof(*cmd));
819 cmd->addr = d->addr;
820 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
821 cmd->len = __len8(0);
822 cmd->fcs = __fcs2((u8 *) cmd);
823
824 skb_queue_tail(&d->tx_queue, skb);
534c92fd 825 rfcomm_schedule();
1da177e4
LT		 826 return 0;
827}
828
829static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
830{
831 struct rfcomm_cmd cmd;
832
833 BT_DBG("%p dlci %d", s, dlci);
834
835 cmd.addr = __addr(!s->initiator, dlci);
836 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
837 cmd.len = __len8(0);
838 cmd.fcs = __fcs2((u8 *) &cmd);
839
262038fc 840 return rfcomm_send_cmd(s, &cmd);
1da177e4
LT		 841}
842
843static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
844{
845 struct rfcomm_hdr *hdr;
846 struct rfcomm_mcc *mcc;
847 u8 buf[16], *ptr = buf;
848
849 BT_DBG("%p cr %d type %d", s, cr, type);
850
851 hdr = (void *) ptr; ptr += sizeof(*hdr);
852 hdr->addr = __addr(s->initiator, 0);
853 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
854 hdr->len = __len8(sizeof(*mcc) + 1);
855
856 mcc = (void *) ptr; ptr += sizeof(*mcc);
857 mcc->type = __mcc_type(cr, RFCOMM_NSC);
858 mcc->len = __len8(1);
859
860 /* Type that we didn't like */
861 *ptr = __mcc_type(cr, type); ptr++;
862
863 *ptr = __fcs(buf); ptr++;
864
5436538f 865 return rfcomm_send_frame(s, buf, ptr - buf);
1da177e4
LT		 866}
867
868static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
869{
870 struct rfcomm_hdr *hdr;
871 struct rfcomm_mcc *mcc;
872 struct rfcomm_pn *pn;
873 u8 buf[16], *ptr = buf;
874
875 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
876
877 hdr = (void *) ptr; ptr += sizeof(*hdr);
878 hdr->addr = __addr(s->initiator, 0);
879 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
880 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
881
882 mcc = (void *) ptr; ptr += sizeof(*mcc);
883 mcc->type = __mcc_type(cr, RFCOMM_PN);
884 mcc->len = __len8(sizeof(*pn));
885
886 pn = (void *) ptr; ptr += sizeof(*pn);
887 pn->dlci = d->dlci;
888 pn->priority = d->priority;
889 pn->ack_timer = 0;
890 pn->max_retrans = 0;
891
892 if (s->cfc) {
893 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
894 pn->credits = RFCOMM_DEFAULT_CREDITS;
895 } else {
896 pn->flow_ctrl = 0;
897 pn->credits = 0;
898 }
899
98bcd08b 900 if (cr && channel_mtu >= 0)
b4324b5d 901 pn->mtu = cpu_to_le16(channel_mtu);
98bcd08b 902 else
b4324b5d 903 pn->mtu = cpu_to_le16(d->mtu);
1da177e4
LT		 904
905 *ptr = __fcs(buf); ptr++;
906
5436538f 907 return rfcomm_send_frame(s, buf, ptr - buf);
1da177e4
LT		 908}
909
3a5e903c
S		 910int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
911 u8 bit_rate, u8 data_bits, u8 stop_bits,
8e87d142 912 u8 parity, u8 flow_ctrl_settings,
3a5e903c 913 u8 xon_char, u8 xoff_char, u16 param_mask)
1da177e4
LT		 914{
915 struct rfcomm_hdr *hdr;
916 struct rfcomm_mcc *mcc;
917 struct rfcomm_rpn *rpn;
918 u8 buf[16], *ptr = buf;
919
920 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
8e87d142
YH		 921 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
922 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
3a5e903c 923 flow_ctrl_settings, xon_char, xoff_char, param_mask);
1da177e4
LT		 924
925 hdr = (void *) ptr; ptr += sizeof(*hdr);
926 hdr->addr = __addr(s->initiator, 0);
927 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
928 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
929
930 mcc = (void *) ptr; ptr += sizeof(*mcc);
931 mcc->type = __mcc_type(cr, RFCOMM_RPN);
932 mcc->len = __len8(sizeof(*rpn));
933
934 rpn = (void *) ptr; ptr += sizeof(*rpn);
935 rpn->dlci = __addr(1, dlci);
936 rpn->bit_rate = bit_rate;
937 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
938 rpn->flow_ctrl = flow_ctrl_settings;
939 rpn->xon_char = xon_char;
940 rpn->xoff_char = xoff_char;
e8db8c99 941 rpn->param_mask = cpu_to_le16(param_mask);
1da177e4
LT		 942
943 *ptr = __fcs(buf); ptr++;
944
5436538f 945 return rfcomm_send_frame(s, buf, ptr - buf);
1da177e4
LT		 946}
947
948static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
949{
950 struct rfcomm_hdr *hdr;
951 struct rfcomm_mcc *mcc;
952 struct rfcomm_rls *rls;
953 u8 buf[16], *ptr = buf;
954
955 BT_DBG("%p cr %d status 0x%x", s, cr, status);
956
957 hdr = (void *) ptr; ptr += sizeof(*hdr);
958 hdr->addr = __addr(s->initiator, 0);
959 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
960 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
961
962 mcc = (void *) ptr; ptr += sizeof(*mcc);
963 mcc->type = __mcc_type(cr, RFCOMM_RLS);
964 mcc->len = __len8(sizeof(*rls));
965
966 rls = (void *) ptr; ptr += sizeof(*rls);
967 rls->dlci = __addr(1, dlci);
968 rls->status = status;
969
970 *ptr = __fcs(buf); ptr++;
971
5436538f 972 return rfcomm_send_frame(s, buf, ptr - buf);
1da177e4
LT		 973}
974
975static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
976{
977 struct rfcomm_hdr *hdr;
978 struct rfcomm_mcc *mcc;
979 struct rfcomm_msc *msc;
980 u8 buf[16], *ptr = buf;
981
982 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
983
984 hdr = (void *) ptr; ptr += sizeof(*hdr);
985 hdr->addr = __addr(s->initiator, 0);
986 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
987 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
988
989 mcc = (void *) ptr; ptr += sizeof(*mcc);
990 mcc->type = __mcc_type(cr, RFCOMM_MSC);
991 mcc->len = __len8(sizeof(*msc));
992
993 msc = (void *) ptr; ptr += sizeof(*msc);
994 msc->dlci = __addr(1, dlci);
995 msc->v24_sig = v24_sig | 0x01;
996
997 *ptr = __fcs(buf); ptr++;
998
5436538f 999 return rfcomm_send_frame(s, buf, ptr - buf);
1da177e4
LT		 1000}
1001
1002static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
1003{
1004 struct rfcomm_hdr *hdr;
1005 struct rfcomm_mcc *mcc;
1006 u8 buf[16], *ptr = buf;
1007
1008 BT_DBG("%p cr %d", s, cr);
1009
1010 hdr = (void *) ptr; ptr += sizeof(*hdr);
1011 hdr->addr = __addr(s->initiator, 0);
1012 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1013 hdr->len = __len8(sizeof(*mcc));
1014
1015 mcc = (void *) ptr; ptr += sizeof(*mcc);
1016 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1017 mcc->len = __len8(0);
1018
1019 *ptr = __fcs(buf); ptr++;
1020
5436538f 1021 return rfcomm_send_frame(s, buf, ptr - buf);
1da177e4
LT		 1022}
1023
1024static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1025{
1026 struct rfcomm_hdr *hdr;
1027 struct rfcomm_mcc *mcc;
1028 u8 buf[16], *ptr = buf;
1029
1030 BT_DBG("%p cr %d", s, cr);
1031
1032 hdr = (void *) ptr; ptr += sizeof(*hdr);
1033 hdr->addr = __addr(s->initiator, 0);
1034 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1035 hdr->len = __len8(sizeof(*mcc));
1036
1037 mcc = (void *) ptr; ptr += sizeof(*mcc);
1038 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1039 mcc->len = __len8(0);
1040
1041 *ptr = __fcs(buf); ptr++;
1042
5436538f 1043 return rfcomm_send_frame(s, buf, ptr - buf);
1da177e4
LT		 1044}
1045
1046static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1047{
1048 struct socket *sock = s->sock;
1049 struct kvec iv[3];
1050 struct msghdr msg;
1051 unsigned char hdr[5], crc[1];
1052
1053 if (len > 125)
1054 return -EINVAL;
1055
1056 BT_DBG("%p cr %d", s, cr);
1057
1058 hdr[0] = __addr(s->initiator, 0);
1059 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1060 hdr[2] = 0x01 | ((len + 2) << 1);
1061 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1062 hdr[4] = 0x01 | (len << 1);
1063
1064 crc[0] = __fcs(hdr);
1065
1066 iv[0].iov_base = hdr;
1067 iv[0].iov_len = 5;
1068 iv[1].iov_base = pattern;
1069 iv[1].iov_len = len;
1070 iv[2].iov_base = crc;
1071 iv[2].iov_len = 1;
1072
1073 memset(&msg, 0, sizeof(msg));
1074
1075 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1076}
1077
1078static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1079{
1080 struct rfcomm_hdr *hdr;
1081 u8 buf[16], *ptr = buf;
1082
1083 BT_DBG("%p addr %d credits %d", s, addr, credits);
1084
1085 hdr = (void *) ptr; ptr += sizeof(*hdr);
1086 hdr->addr = addr;
1087 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1088 hdr->len = __len8(0);
1089
1090 *ptr = credits; ptr++;
1091
1092 *ptr = __fcs(buf); ptr++;
1093
5436538f 1094 return rfcomm_send_frame(s, buf, ptr - buf);
1da177e4
LT		 1095}
1096
1097static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1098{
1099 struct rfcomm_hdr *hdr;
1100 int len = skb->len;
1101 u8 *crc;
1102
1103 if (len > 127) {
1104 hdr = (void *) skb_push(skb, 4);
b4324b5d 1105 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1da177e4
LT		 1106 } else {
1107 hdr = (void *) skb_push(skb, 3);
1108 hdr->len = __len8(len);
1109 }
1110 hdr->addr = addr;
1111 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1112
1113 crc = skb_put(skb, 1);
1114 *crc = __fcs((void *) hdr);
1115}
1116
1117/* ---- RFCOMM frame reception ---- */
8ff52f7d 1118static struct rfcomm_session *rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1da177e4
LT		 1119{
1120 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1121
1122 if (dlci) {
1123 /* Data channel */
1124 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1125 if (!d) {
1126 rfcomm_send_dm(s, dlci);
8ff52f7d 1127 return s;
1da177e4
LT		 1128 }
1129
1130 switch (d->state) {
1131 case BT_CONNECT:
1132 rfcomm_dlc_clear_timer(d);
1133
1134 rfcomm_dlc_lock(d);
1135 d->state = BT_CONNECTED;
1136 d->state_change(d, 0);
1137 rfcomm_dlc_unlock(d);
1138
1139 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1140 break;
1141
1142 case BT_DISCONN:
1143 d->state = BT_CLOSED;
1144 __rfcomm_dlc_close(d, 0);
9cf5b0ea
MH		 1145
1146 if (list_empty(&s->dlcs)) {
1147 s->state = BT_DISCONN;
1148 rfcomm_send_disc(s, 0);
79e65478 1149 rfcomm_session_clear_timer(s);
9cf5b0ea
MH		 1150 }
1151
1da177e4
LT		 1152 break;
1153 }
1154 } else {
1155 /* Control channel */
1156 switch (s->state) {
1157 case BT_CONNECT:
1158 s->state = BT_CONNECTED;
1159 rfcomm_process_connect(s);
1160 break;
9cf5b0ea
MH		 1161
1162 case BT_DISCONN:
8ff52f7d 1163 s = rfcomm_session_close(s, ECONNRESET);
9cf5b0ea 1164 break;
1da177e4
LT		 1165 }
1166 }
8ff52f7d 1167 return s;
1da177e4
LT		 1168}
1169
8ff52f7d 1170static struct rfcomm_session *rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1da177e4
LT		 1171{
1172 int err = 0;
1173
1174 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1175
1176 if (dlci) {
1177 /* Data DLC */
1178 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1179 if (d) {
1180 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1181 err = ECONNREFUSED;
1182 else
1183 err = ECONNRESET;
1184
1185 d->state = BT_CLOSED;
1186 __rfcomm_dlc_close(d, err);
1187 }
1188 } else {
1189 if (s->state == BT_CONNECT)
1190 err = ECONNREFUSED;
1191 else
1192 err = ECONNRESET;
1193
1194 s->state = BT_CLOSED;
8ff52f7d 1195 s = rfcomm_session_close(s, err);
1da177e4 1196 }
8ff52f7d 1197 return s;
1da177e4
LT		 1198}
1199
8ff52f7d
DJ		 1200static struct rfcomm_session *rfcomm_recv_disc(struct rfcomm_session *s,
1201 u8 dlci)
1da177e4
LT		 1202{
1203 int err = 0;
1204
1205 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1206
1207 if (dlci) {
1208 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1209 if (d) {
1210 rfcomm_send_ua(s, dlci);
1211
1212 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1213 err = ECONNREFUSED;
1214 else
1215 err = ECONNRESET;
1216
1217 d->state = BT_CLOSED;
1218 __rfcomm_dlc_close(d, err);
8e87d142 1219 } else
1da177e4 1220 rfcomm_send_dm(s, dlci);
8e87d142 1221
1da177e4
LT		 1222 } else {
1223 rfcomm_send_ua(s, 0);
1224
1225 if (s->state == BT_CONNECT)
1226 err = ECONNREFUSED;
1227 else
1228 err = ECONNRESET;
1229
1230 s->state = BT_CLOSED;
8ff52f7d 1231 s = rfcomm_session_close(s, err);
1da177e4 1232 }
8ff52f7d 1233 return s;
1da177e4
LT		 1234}
1235
bb23c0ab 1236void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1da177e4 1237{
300b9397 1238 struct sock *sk = d->session->sock->sk;
8c1d787b 1239 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
300b9397 1240
1da177e4
LT		 1241 BT_DBG("dlc %p", d);
1242
1243 rfcomm_send_ua(d->session, d->dlci);
1244
e2139b32
JH		 1245 rfcomm_dlc_clear_timer(d);
1246
1da177e4
LT		 1247 rfcomm_dlc_lock(d);
1248 d->state = BT_CONNECTED;
1249 d->state_change(d, 0);
1250 rfcomm_dlc_unlock(d);
1251
9f2c8a03 1252 if (d->role_switch)
8c1d787b 1253 hci_conn_switch_role(conn->hcon, 0x00);
300b9397 1254
1da177e4
LT		 1255 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1256}
1257
bb23c0ab
MH		 1258static void rfcomm_check_accept(struct rfcomm_dlc *d)
1259{
9f2c8a03 1260 if (rfcomm_check_security(d)) {
bb23c0ab
MH		 1261 if (d->defer_setup) {
1262 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1263 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
8bf47941
MH		 1264
1265 rfcomm_dlc_lock(d);
1266 d->state = BT_CONNECT2;
1267 d->state_change(d, 0);
1268 rfcomm_dlc_unlock(d);
bb23c0ab
MH		 1269 } else
1270 rfcomm_dlc_accept(d);
8c1b2355
MH		 1271 } else {
1272 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1273 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
bb23c0ab
MH		 1274 }
1275}
1276
1da177e4
LT		 1277static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1278{
1279 struct rfcomm_dlc *d;
1280 u8 channel;
1281
1282 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1283
1284 if (!dlci) {
1285 rfcomm_send_ua(s, 0);
1286
1287 if (s->state == BT_OPEN) {
1288 s->state = BT_CONNECTED;
1289 rfcomm_process_connect(s);
1290 }
1291 return 0;
1292 }
1293
1294 /* Check if DLC exists */
1295 d = rfcomm_dlc_get(s, dlci);
1296 if (d) {
1297 if (d->state == BT_OPEN) {
1298 /* DLC was previously opened by PN request */
bb23c0ab 1299 rfcomm_check_accept(d);
1da177e4
LT		 1300 }
1301 return 0;
1302 }
1303
1304 /* Notify socket layer about incoming connection */
1305 channel = __srv_channel(dlci);
1306 if (rfcomm_connect_ind(s, channel, &d)) {
1307 d->dlci = dlci;
1308 d->addr = __addr(s->initiator, dlci);
1309 rfcomm_dlc_link(s, d);
1310
bb23c0ab 1311 rfcomm_check_accept(d);
1da177e4
LT		 1312 } else {
1313 rfcomm_send_dm(s, dlci);
1314 }
1315
1316 return 0;
1317}
1318
1319static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1320{
1321 struct rfcomm_session *s = d->session;
1322
8e87d142 1323 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1da177e4
LT		 1324 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1325
7c2660b0
MH		 1326 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1327 pn->flow_ctrl == 0xe0) {
1328 d->cfc = RFCOMM_CFC_ENABLED;
1da177e4
LT		 1329 d->tx_credits = pn->credits;
1330 } else {
7c2660b0 1331 d->cfc = RFCOMM_CFC_DISABLED;
1da177e4
LT		 1332 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1333 }
1334
7c2660b0
MH		 1335 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1336 s->cfc = d->cfc;
1337
1da177e4
LT		 1338 d->priority = pn->priority;
1339
b4324b5d 1340 d->mtu = __le16_to_cpu(pn->mtu);
98bcd08b
MH		 1341
1342 if (cr && d->mtu > s->mtu)
1343 d->mtu = s->mtu;
1da177e4
LT		 1344
1345 return 0;
1346}
1347
1348static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1349{
1350 struct rfcomm_pn *pn = (void *) skb->data;
1351 struct rfcomm_dlc *d;
1352 u8 dlci = pn->dlci;
1353
1354 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1355
1356 if (!dlci)
1357 return 0;
1358
1359 d = rfcomm_dlc_get(s, dlci);
1360 if (d) {
1361 if (cr) {
1362 /* PN request */
1363 rfcomm_apply_pn(d, cr, pn);
1364 rfcomm_send_pn(s, 0, d);
1365 } else {
1366 /* PN response */
1367 switch (d->state) {
1368 case BT_CONFIG:
1369 rfcomm_apply_pn(d, cr, pn);
1370
1371 d->state = BT_CONNECT;
1372 rfcomm_send_sabm(s, d->dlci);
1373 break;
1374 }
1375 }
1376 } else {
1377 u8 channel = __srv_channel(dlci);
1378
1379 if (!cr)
1380 return 0;
1381
1382 /* PN request for non existing DLC.
1383 * Assume incoming connection. */
1384 if (rfcomm_connect_ind(s, channel, &d)) {
1385 d->dlci = dlci;
1386 d->addr = __addr(s->initiator, dlci);
1387 rfcomm_dlc_link(s, d);
1388
1389 rfcomm_apply_pn(d, cr, pn);
1390
1391 d->state = BT_OPEN;
1392 rfcomm_send_pn(s, 0, d);
1393 } else {
1394 rfcomm_send_dm(s, dlci);
1395 }
1396 }
1397 return 0;
1398}
1399
1400static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1401{
1402 struct rfcomm_rpn *rpn = (void *) skb->data;
1403 u8 dlci = __get_dlci(rpn->dlci);
1404
1405 u8 bit_rate = 0;
1406 u8 data_bits = 0;
1407 u8 stop_bits = 0;
1408 u8 parity = 0;
1409 u8 flow_ctrl = 0;
1410 u8 xon_char = 0;
1411 u8 xoff_char = 0;
1412 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
3a5e903c
S		 1413
1414 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1415 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1416 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1417
1418 if (!cr)
1da177e4 1419 return 0;
3a5e903c 1420
1da177e4 1421 if (len == 1) {
08601469
YK		 1422 /* This is a request, return default (according to ETSI TS 07.10) settings */
1423 bit_rate = RFCOMM_RPN_BR_9600;
1da177e4
LT		 1424 data_bits = RFCOMM_RPN_DATA_8;
1425 stop_bits = RFCOMM_RPN_STOP_1;
1426 parity = RFCOMM_RPN_PARITY_NONE;
1427 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1428 xon_char = RFCOMM_RPN_XON_CHAR;
1429 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1da177e4
LT		 1430 goto rpn_out;
1431 }
3a5e903c
S		 1432
1433 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1434 * no parity, no flow control lines, normal XON/XOFF chars */
1435
e8db8c99 1436 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1da177e4 1437 bit_rate = rpn->bit_rate;
08601469 1438 if (bit_rate > RFCOMM_RPN_BR_230400) {
1da177e4 1439 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
08601469 1440 bit_rate = RFCOMM_RPN_BR_9600;
1da177e4
LT		 1441 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1442 }
1443 }
3a5e903c 1444
e8db8c99 1445 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1da177e4
LT		 1446 data_bits = __get_rpn_data_bits(rpn->line_settings);
1447 if (data_bits != RFCOMM_RPN_DATA_8) {
1448 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1449 data_bits = RFCOMM_RPN_DATA_8;
1450 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1451 }
1452 }
3a5e903c 1453
e8db8c99 1454 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1da177e4
LT		 1455 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1456 if (stop_bits != RFCOMM_RPN_STOP_1) {
1457 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1458 stop_bits = RFCOMM_RPN_STOP_1;
1459 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1460 }
1461 }
3a5e903c 1462
e8db8c99 1463 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1da177e4
LT		 1464 parity = __get_rpn_parity(rpn->line_settings);
1465 if (parity != RFCOMM_RPN_PARITY_NONE) {
1466 BT_DBG("RPN parity mismatch 0x%x", parity);
1467 parity = RFCOMM_RPN_PARITY_NONE;
1468 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1469 }
1470 }
3a5e903c 1471
e8db8c99 1472 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1da177e4
LT		 1473 flow_ctrl = rpn->flow_ctrl;
1474 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1475 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1476 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1477 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1478 }
1479 }
3a5e903c 1480
e8db8c99 1481 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1da177e4
LT		 1482 xon_char = rpn->xon_char;
1483 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1484 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1485 xon_char = RFCOMM_RPN_XON_CHAR;
1486 rpn_mask ^= RFCOMM_RPN_PM_XON;
1487 }
1488 }
3a5e903c 1489
e8db8c99 1490 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1da177e4
LT		 1491 xoff_char = rpn->xoff_char;
1492 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1493 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1494 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1495 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1496 }
1497 }
1498
1499rpn_out:
3a5e903c
S		 1500 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1501 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1da177e4
LT		 1502
1503 return 0;
1504}
1505
1506static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1507{
1508 struct rfcomm_rls *rls = (void *) skb->data;
1509 u8 dlci = __get_dlci(rls->dlci);
1510
1511 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
3a5e903c 1512
1da177e4
LT		 1513 if (!cr)
1514 return 0;
1515
3a5e903c
S		 1516 /* We should probably do something with this information here. But
1517 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1518 * mandatory to recognise and respond to RLS */
1da177e4
LT		 1519
1520 rfcomm_send_rls(s, 0, dlci, rls->status);
1521
1522 return 0;
1523}
1524
1525static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1526{
1527 struct rfcomm_msc *msc = (void *) skb->data;
1528 struct rfcomm_dlc *d;
1529 u8 dlci = __get_dlci(msc->dlci);
1530
1531 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1532
1533 d = rfcomm_dlc_get(s, dlci);
3a5e903c 1534 if (!d)
1da177e4
LT		 1535 return 0;
1536
1537 if (cr) {
1538 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1539 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1540 else
1541 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
3a5e903c 1542
1da177e4 1543 rfcomm_dlc_lock(d);
8b6b3da7
MH		 1544
1545 d->remote_v24_sig = msc->v24_sig;
1546
1da177e4
LT		 1547 if (d->modem_status)
1548 d->modem_status(d, msc->v24_sig);
8b6b3da7 1549
1da177e4 1550 rfcomm_dlc_unlock(d);
8e87d142 1551
1da177e4
LT		 1552 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1553
1554 d->mscex |= RFCOMM_MSCEX_RX;
3a5e903c 1555 } else
1da177e4
LT		 1556 d->mscex |= RFCOMM_MSCEX_TX;
1557
1558 return 0;
1559}
1560
1561static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1562{
1563 struct rfcomm_mcc *mcc = (void *) skb->data;
1564 u8 type, cr, len;
1565
1566 cr = __test_cr(mcc->type);
1567 type = __get_mcc_type(mcc->type);
1568 len = __get_mcc_len(mcc->len);
1569
1570 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1571
1572 skb_pull(skb, 2);
1573
1574 switch (type) {
1575 case RFCOMM_PN:
1576 rfcomm_recv_pn(s, cr, skb);
1577 break;
1578
1579 case RFCOMM_RPN:
1580 rfcomm_recv_rpn(s, cr, len, skb);
1581 break;
1582
1583 case RFCOMM_RLS:
1584 rfcomm_recv_rls(s, cr, skb);
1585 break;
1586
1587 case RFCOMM_MSC:
1588 rfcomm_recv_msc(s, cr, skb);
1589 break;
1590
1591 case RFCOMM_FCOFF:
1592 if (cr) {
1593 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1594 rfcomm_send_fcoff(s, 0);
1595 }
1596 break;
1597
1598 case RFCOMM_FCON:
1599 if (cr) {
1600 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1601 rfcomm_send_fcon(s, 0);
1602 }
1603 break;
1604
1605 case RFCOMM_TEST:
1606 if (cr)
1607 rfcomm_send_test(s, 0, skb->data, skb->len);
1608 break;
1609
1610 case RFCOMM_NSC:
1611 break;
1612
1613 default:
1614 BT_ERR("Unknown control type 0x%02x", type);
1615 rfcomm_send_nsc(s, cr, type);
1616 break;
1617 }
1618 return 0;
1619}
1620
1621static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1622{
1623 struct rfcomm_dlc *d;
1624
1625 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1626
1627 d = rfcomm_dlc_get(s, dlci);
1628 if (!d) {
1629 rfcomm_send_dm(s, dlci);
1630 goto drop;
1631 }
1632
1633 if (pf && d->cfc) {
1634 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1635
1636 d->tx_credits += credits;
1637 if (d->tx_credits)
1638 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1639 }
1640
1641 if (skb->len && d->state == BT_CONNECTED) {
1642 rfcomm_dlc_lock(d);
1643 d->rx_credits--;
1644 d->data_ready(d, skb);
1645 rfcomm_dlc_unlock(d);
1646 return 0;
1647 }
1648
1649drop:
1650 kfree_skb(skb);
1651 return 0;
1652}
1653
8ff52f7d
DJ		 1654static struct rfcomm_session *rfcomm_recv_frame(struct rfcomm_session *s,
1655 struct sk_buff *skb)
1da177e4
LT		 1656{
1657 struct rfcomm_hdr *hdr = (void *) skb->data;
1658 u8 type, dlci, fcs;
1659
8ff52f7d
DJ		 1660 if (!s) {
1661 /* no session, so free socket data */
1662 kfree_skb(skb);
1663 return s;
1664 }
1665
1da177e4
LT		 1666 dlci = __get_dlci(hdr->addr);
1667 type = __get_type(hdr->ctrl);
1668
1669 /* Trim FCS */
1670 skb->len--; skb->tail--;
27a884dc 1671 fcs = *(u8 *)skb_tail_pointer(skb);
1da177e4
LT		 1672
1673 if (__check_fcs(skb->data, type, fcs)) {
1674 BT_ERR("bad checksum in packet");
1675 kfree_skb(skb);
8ff52f7d 1676 return s;
1da177e4
LT		 1677 }
1678
1679 if (__test_ea(hdr->len))
1680 skb_pull(skb, 3);
1681 else
1682 skb_pull(skb, 4);
1683
1684 switch (type) {
1685 case RFCOMM_SABM:
1686 if (__test_pf(hdr->ctrl))
1687 rfcomm_recv_sabm(s, dlci);
1688 break;
1689
1690 case RFCOMM_DISC:
1691 if (__test_pf(hdr->ctrl))
8ff52f7d 1692 s = rfcomm_recv_disc(s, dlci);
1da177e4
LT		 1693 break;
1694
1695 case RFCOMM_UA:
1696 if (__test_pf(hdr->ctrl))
8ff52f7d 1697 s = rfcomm_recv_ua(s, dlci);
1da177e4
LT		 1698 break;
1699
1700 case RFCOMM_DM:
8ff52f7d 1701 s = rfcomm_recv_dm(s, dlci);
1da177e4
LT		 1702 break;
1703
1704 case RFCOMM_UIH:
8ff52f7d
DJ		 1705 if (dlci) {
1706 rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1707 return s;
1708 }
1da177e4
LT		 1709 rfcomm_recv_mcc(s, skb);
1710 break;
1711
1712 default:
5017d8dd 1713 BT_ERR("Unknown packet type 0x%02x", type);
1da177e4
LT		 1714 break;
1715 }
1716 kfree_skb(skb);
8ff52f7d 1717 return s;
1da177e4
LT		 1718}
1719
1720/* ---- Connection and data processing ---- */
1721
1722static void rfcomm_process_connect(struct rfcomm_session *s)
1723{
1724 struct rfcomm_dlc *d;
1725 struct list_head *p, *n;
1726
1727 BT_DBG("session %p state %ld", s, s->state);
1728
1729 list_for_each_safe(p, n, &s->dlcs) {
1730 d = list_entry(p, struct rfcomm_dlc, list);
1731 if (d->state == BT_CONFIG) {
1732 d->mtu = s->mtu;
9f2c8a03 1733 if (rfcomm_check_security(d)) {
8c1b2355
MH		 1734 rfcomm_send_pn(s, 1, d);
1735 } else {
77db1980
MH		 1736 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1737 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
8c1b2355 1738 }
1da177e4
LT		 1739 }
1740 }
1741}
1742
1743/* Send data queued for the DLC.
1744 * Return number of frames left in the queue.
1745 */
6039aa73 1746static int rfcomm_process_tx(struct rfcomm_dlc *d)
1da177e4
LT		 1747{
1748 struct sk_buff *skb;
1749 int err;
1750
8e87d142 1751 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1da177e4
LT		 1752 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1753
1754 /* Send pending MSC */
1755 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
8e87d142 1756 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1da177e4
LT		 1757
1758 if (d->cfc) {
8e87d142 1759 /* CFC enabled.
1da177e4
LT		 1760 * Give them some credits */
1761 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
8e87d142 1762 d->rx_credits <= (d->cfc >> 2)) {
1da177e4
LT		 1763 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1764 d->rx_credits = d->cfc;
1765 }
1766 } else {
1767 /* CFC disabled.
1768 * Give ourselves some credits */
1769 d->tx_credits = 5;
1770 }
1771
1772 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1773 return skb_queue_len(&d->tx_queue);
1774
1775 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
5436538f 1776 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1da177e4
LT		 1777 if (err < 0) {
1778 skb_queue_head(&d->tx_queue, skb);
1779 break;
1780 }
1781 kfree_skb(skb);
1782 d->tx_credits--;
1783 }
1784
1785 if (d->cfc && !d->tx_credits) {
1786 /* We're out of TX credits.
1787 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1788 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1789 }
1790
1791 return skb_queue_len(&d->tx_queue);
1792}
1793
6039aa73 1794static void rfcomm_process_dlcs(struct rfcomm_session *s)
1da177e4
LT		 1795{
1796 struct rfcomm_dlc *d;
1797 struct list_head *p, *n;
1798
1799 BT_DBG("session %p state %ld", s, s->state);
1800
1801 list_for_each_safe(p, n, &s->dlcs) {
1802 d = list_entry(p, struct rfcomm_dlc, list);
1803
1804 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1805 __rfcomm_dlc_close(d, ETIMEDOUT);
1806 continue;
1807 }
1808
db54467a
SJ		 1809 if (test_bit(RFCOMM_ENC_DROP, &d->flags)) {
1810 __rfcomm_dlc_close(d, ECONNREFUSED);
1811 continue;
1812 }
1813
1da177e4
LT		 1814 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1815 rfcomm_dlc_clear_timer(d);
77db1980
MH		 1816 if (d->out) {
1817 rfcomm_send_pn(s, 1, d);
1818 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
bb23c0ab
MH		 1819 } else {
1820 if (d->defer_setup) {
1821 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1822 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
8bf47941
MH		 1823
1824 rfcomm_dlc_lock(d);
1825 d->state = BT_CONNECT2;
1826 d->state_change(d, 0);
1827 rfcomm_dlc_unlock(d);
bb23c0ab
MH		 1828 } else
1829 rfcomm_dlc_accept(d);
1830 }
1da177e4
LT		 1831 continue;
1832 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1833 rfcomm_dlc_clear_timer(d);
77db1980
MH		 1834 if (!d->out)
1835 rfcomm_send_dm(s, d->dlci);
1836 else
1837 d->state = BT_CLOSED;
1da177e4
LT		 1838 __rfcomm_dlc_close(d, ECONNREFUSED);
1839 continue;
1840 }
1841
6e1031a4
JG		 1842 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1843 continue;
1844
1da177e4
LT		 1845 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1846 continue;
1847
1848 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
77db1980 1849 d->mscex == RFCOMM_MSCEX_OK)
1da177e4
LT		 1850 rfcomm_process_tx(d);
1851 }
1852}
1853
8ff52f7d 1854static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s)
1da177e4
LT		 1855{
1856 struct socket *sock = s->sock;
1857 struct sock *sk = sock->sk;
1858 struct sk_buff *skb;
1859
1860 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1861
1862 /* Get data directly from socket receive queue without copying it. */
1863 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1864 skb_orphan(skb);
44935720 1865 if (!skb_linearize(skb))
8ff52f7d 1866 s = rfcomm_recv_frame(s, skb);
44935720
MM		 1867 else
1868 kfree_skb(skb);
1da177e4
LT		 1869 }
1870
08c30aca
DJ		 1871 if (s && (sk->sk_state == BT_CLOSED))
1872 s = rfcomm_session_close(s, sk->sk_err);
8ff52f7d
DJ		 1873
1874 return s;
1da177e4
LT		 1875}
1876
6039aa73 1877static void rfcomm_accept_connection(struct rfcomm_session *s)
1da177e4
LT		 1878{
1879 struct socket *sock = s->sock, *nsock;
1880 int err;
1881
1882 /* Fast check for a new connection.
1883 * Avoids unnesesary socket allocations. */
1884 if (list_empty(&bt_sk(sock->sk)->accept_q))
1885 return;
1886
1887 BT_DBG("session %p", s);
1888
48db9ca4
MH		 1889 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1890 if (err < 0)
1da177e4
LT		 1891 return;
1892
1da177e4
LT		 1893 /* Set our callbacks */
1894 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1895 nsock->sk->sk_state_change = rfcomm_l2state_change;
1896
1897 s = rfcomm_session_add(nsock, BT_OPEN);
1898 if (s) {
98bcd08b
MH		 1899 /* We should adjust MTU on incoming sessions.
1900 * L2CAP MTU minus UIH header and FCS. */
0c1bc5c6
GP		 1901 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1902 l2cap_pi(nsock->sk)->chan->imtu) - 5;
98bcd08b 1903
534c92fd 1904 rfcomm_schedule();
1da177e4
LT		 1905 } else
1906 sock_release(nsock);
1907}
1908
8ff52f7d 1909static struct rfcomm_session *rfcomm_check_connection(struct rfcomm_session *s)
1da177e4
LT		 1910{
1911 struct sock *sk = s->sock->sk;
1912
1913 BT_DBG("%p state %ld", s, s->state);
1914
285b4e90 1915 switch (sk->sk_state) {
1da177e4
LT		 1916 case BT_CONNECTED:
1917 s->state = BT_CONNECT;
1918
1919 /* We can adjust MTU on outgoing sessions.
1920 * L2CAP MTU minus UIH header and FCS. */
0c1bc5c6 1921 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
1da177e4
LT		 1922
1923 rfcomm_send_sabm(s, 0);
1924 break;
1925
1926 case BT_CLOSED:
1927 s->state = BT_CLOSED;
8ff52f7d 1928 s = rfcomm_session_close(s, sk->sk_err);
1da177e4
LT		 1929 break;
1930 }
8ff52f7d 1931 return s;
1da177e4
LT		 1932}
1933
6039aa73 1934static void rfcomm_process_sessions(void)
1da177e4
LT		 1935{
1936 struct list_head *p, *n;
1937
1938 rfcomm_lock();
1939
1940 list_for_each_safe(p, n, &session_list) {
1941 struct rfcomm_session *s;
1942 s = list_entry(p, struct rfcomm_session, list);
1943
9e726b17
LAD		 1944 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1945 s->state = BT_DISCONN;
1946 rfcomm_send_disc(s, 0);
1947 continue;
1948 }
1949
1da177e4
LT		 1950 if (s->state == BT_LISTEN) {
1951 rfcomm_accept_connection(s);
1952 continue;
1953 }
1954
1da177e4
LT		 1955 switch (s->state) {
1956 case BT_BOUND:
8ff52f7d 1957 s = rfcomm_check_connection(s);
1da177e4
LT		 1958 break;
1959
1960 default:
8ff52f7d 1961 s = rfcomm_process_rx(s);
1da177e4
LT		 1962 break;
1963 }
1964
8ff52f7d
DJ		 1965 if (s)
1966 rfcomm_process_dlcs(s);
1da177e4
LT		 1967 }
1968
1969 rfcomm_unlock();
1970}
1971
1da177e4
LT		 1972static int rfcomm_add_listener(bdaddr_t *ba)
1973{
1974 struct sockaddr_l2 addr;
1975 struct socket *sock;
1976 struct sock *sk;
1977 struct rfcomm_session *s;
1978 int err = 0;
1979
1980 /* Create socket */
1981 err = rfcomm_l2sock_create(&sock);
8e87d142 1982 if (err < 0) {
1da177e4
LT		 1983 BT_ERR("Create socket failed %d", err);
1984 return err;
1985 }
1986
1987 /* Bind socket */
1988 bacpy(&addr.l2_bdaddr, ba);
1989 addr.l2_family = AF_BLUETOOTH;
5bcb8094 1990 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
37e62f55 1991 addr.l2_cid = 0;
48db9ca4 1992 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1da177e4
LT		 1993 if (err < 0) {
1994 BT_ERR("Bind failed %d", err);
1995 goto failed;
1996 }
1997
1998 /* Set L2CAP options */
1999 sk = sock->sk;
2000 lock_sock(sk);
0c1bc5c6 2001 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
1da177e4
LT		 2002 release_sock(sk);
2003
2004 /* Start listening on the socket */
48db9ca4 2005 err = kernel_listen(sock, 10);
1da177e4
LT		 2006 if (err) {
2007 BT_ERR("Listen failed %d", err);
2008 goto failed;
2009 }
2010
2011 /* Add listening session */
2012 s = rfcomm_session_add(sock, BT_LISTEN);
2013 if (!s)
2014 goto failed;
2015
1da177e4
LT		 2016 return 0;
2017failed:
2018 sock_release(sock);
2019 return err;
2020}
2021
2022static void rfcomm_kill_listener(void)
2023{
2024 struct rfcomm_session *s;
2025 struct list_head *p, *n;
2026
2027 BT_DBG("");
2028
2029 list_for_each_safe(p, n, &session_list) {
2030 s = list_entry(p, struct rfcomm_session, list);
2031 rfcomm_session_del(s);
2032 }
2033}
2034
2035static int rfcomm_run(void *unused)
2036{
a524eccc 2037 BT_DBG("");
1da177e4 2038
1da177e4 2039 set_user_nice(current, -10);
1da177e4 2040
1da177e4
LT		 2041 rfcomm_add_listener(BDADDR_ANY);
2042
e5842cdb 2043 while (1) {
a524eccc 2044 set_current_state(TASK_INTERRUPTIBLE);
e5842cdb
PH		 2045
2046 if (kthread_should_stop())
2047 break;
a524eccc
MH		 2048
2049 /* Process stuff */
a524eccc 2050 rfcomm_process_sessions();
e5842cdb
PH		 2051
2052 schedule();
a524eccc 2053 }
e5842cdb 2054 __set_current_state(TASK_RUNNING);
1da177e4
LT		 2055
2056 rfcomm_kill_listener();
2057
1da177e4
LT		 2058 return 0;
2059}
2060
8c1b2355 2061static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1da177e4
LT		 2062{
2063 struct rfcomm_session *s;
2064 struct rfcomm_dlc *d;
2065 struct list_head *p, *n;
2066
2067 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2068
2069 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2070 if (!s)
2071 return;
2072
1da177e4
LT		 2073 list_for_each_safe(p, n, &s->dlcs) {
2074 d = list_entry(p, struct rfcomm_dlc, list);
2075
8c84b830
MH		 2076 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2077 rfcomm_dlc_clear_timer(d);
2078 if (status || encrypt == 0x00) {
db54467a 2079 set_bit(RFCOMM_ENC_DROP, &d->flags);
8c84b830
MH		 2080 continue;
2081 }
2082 }
2083
2084 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2085 if (d->sec_level == BT_SECURITY_MEDIUM) {
2086 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2087 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2088 continue;
2089 } else if (d->sec_level == BT_SECURITY_HIGH) {
db54467a 2090 set_bit(RFCOMM_ENC_DROP, &d->flags);
8c84b830
MH		 2091 continue;
2092 }
9719f8af
MH		 2093 }
2094
1da177e4
LT		 2095 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2096 continue;
2097
b3b1b061 2098 if (!status && hci_conn_check_secure(conn, d->sec_level))
1da177e4
LT		 2099 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2100 else
2101 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2102 }
2103
534c92fd 2104 rfcomm_schedule();
1da177e4
LT		 2105}
2106
2107static struct hci_cb rfcomm_cb = {
2108 .name = "RFCOMM",
8c1b2355 2109 .security_cfm = rfcomm_security_cfm
1da177e4
LT		 2110};
2111
aef7d97c 2112static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
1da177e4
LT		 2113{
2114 struct rfcomm_session *s;
1da177e4
LT		 2115
2116 rfcomm_lock();
2117
8035ded4
LAD		 2118 list_for_each_entry(s, &session_list, list) {
2119 struct rfcomm_dlc *d;
2120 list_for_each_entry(d, &s->dlcs, list) {
be9d1227 2121 struct sock *sk = s->sock->sk;
1da177e4 2122
fcb73338
AE		 2123 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n",
2124 &bt_sk(sk)->src, &bt_sk(sk)->dst,
2125 d->state, d->dlci, d->mtu,
2126 d->rx_credits, d->tx_credits);
1da177e4
LT		 2127 }
2128 }
1da177e4 2129
1da177e4 2130 rfcomm_unlock();
1da177e4 2131
aef7d97c
MH		 2132 return 0;
2133}
2134
2135static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file)
2136{
2137 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private);
1da177e4
LT		 2138}
2139
aef7d97c
MH		 2140static const struct file_operations rfcomm_dlc_debugfs_fops = {
2141 .open = rfcomm_dlc_debugfs_open,
2142 .read = seq_read,
2143 .llseek = seq_lseek,
2144 .release = single_release,
2145};
2146
2147static struct dentry *rfcomm_dlc_debugfs;
1da177e4
LT		 2148
2149/* ---- Initialization ---- */
2150static int __init rfcomm_init(void)
2151{
52d18347 2152 int err;
af0d3b10 2153
1da177e4
LT		 2154 hci_register_cb(&rfcomm_cb);
2155
a524eccc
MH		 2156 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2157 if (IS_ERR(rfcomm_thread)) {
52d18347
MH		 2158 err = PTR_ERR(rfcomm_thread);
2159 goto unregister;
a524eccc 2160 }
1da177e4 2161
aef7d97c
MH		 2162 if (bt_debugfs) {
2163 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2164 bt_debugfs, NULL, &rfcomm_dlc_debugfs_fops);
2165 if (!rfcomm_dlc_debugfs)
2166 BT_ERR("Failed to create RFCOMM debug file");
2167 }
1da177e4 2168
52d18347
MH		 2169 err = rfcomm_init_ttys();
2170 if (err < 0)
2171 goto stop;
1da177e4 2172
52d18347
MH		 2173 err = rfcomm_init_sockets();
2174 if (err < 0)
2175 goto cleanup;
1da177e4 2176
be9d1227
MH		 2177 BT_INFO("RFCOMM ver %s", VERSION);
2178
1da177e4 2179 return 0;
af0d3b10 2180
52d18347 2181cleanup:
af0d3b10 2182 rfcomm_cleanup_ttys();
52d18347
MH		 2183
2184stop:
af0d3b10 2185 kthread_stop(rfcomm_thread);
52d18347
MH		 2186
2187unregister:
af0d3b10
DY		 2188 hci_unregister_cb(&rfcomm_cb);
2189
52d18347 2190 return err;
1da177e4
LT		 2191}
2192
2193static void __exit rfcomm_exit(void)
2194{
aef7d97c 2195 debugfs_remove(rfcomm_dlc_debugfs);
be9d1227 2196
1da177e4
LT		 2197 hci_unregister_cb(&rfcomm_cb);
2198
a524eccc 2199 kthread_stop(rfcomm_thread);
1da177e4 2200
1da177e4 2201 rfcomm_cleanup_ttys();
1da177e4
LT		 2202
2203 rfcomm_cleanup_sockets();
1da177e4
LT		 2204}
2205
2206module_init(rfcomm_init);
2207module_exit(rfcomm_exit);
2208
7c2660b0
MH		 2209module_param(disable_cfc, bool, 0644);
2210MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2211
98bcd08b
MH		 2212module_param(channel_mtu, int, 0644);
2213MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2214
56f3a40a
MH		 2215module_param(l2cap_mtu, uint, 0644);
2216MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2217
eae38eed
MH		 2218module_param(l2cap_ertm, bool, 0644);
2219MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2220
63fbd24e 2221MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1da177e4
LT		 2222MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2223MODULE_VERSION(VERSION);
2224MODULE_LICENSE("GPL");
2225MODULE_ALIAS("bt-proto-3");
kernel source for telekom puls (alcatel/mediatek)