projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / rfcomm / core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
8e87d142
YH		 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 21 SOFTWARE IS DISCLAIMED.
22*/
23
1da177e4
LT		 24/*
25 * Bluetooth RFCOMM core.
1da177e4
LT		 26 */
27
1da177e4
LT		 28#include <linux/module.h>
29#include <linux/errno.h>
30#include <linux/kernel.h>
31#include <linux/sched.h>
32#include <linux/signal.h>
33#include <linux/init.h>
34#include <linux/wait.h>
be9d1227 35#include <linux/device.h>
aef7d97c
MH		 36#include <linux/debugfs.h>
37#include <linux/seq_file.h>
1da177e4 38#include <linux/net.h>
4a3e2f71 39#include <linux/mutex.h>
a524eccc 40#include <linux/kthread.h>
5a0e3ad6 41#include <linux/slab.h>
4a3e2f71 42
1da177e4 43#include <net/sock.h>
285b4e90 44#include <linux/uaccess.h>
1da177e4
LT		 45#include <asm/unaligned.h>
46
47#include <net/bluetooth/bluetooth.h>
48#include <net/bluetooth/hci_core.h>
49#include <net/bluetooth/l2cap.h>
50#include <net/bluetooth/rfcomm.h>
51
5f9018af 52#define VERSION "1.11"
56f3a40a 53
eb939922
RR		 54static bool disable_cfc;
55static bool l2cap_ertm;
98bcd08b 56static int channel_mtu = -1;
56f3a40a
MH		 57static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
58
1da177e4
LT		 59static struct task_struct *rfcomm_thread;
60
4a3e2f71
AV		 61static DEFINE_MUTEX(rfcomm_mutex);
62#define rfcomm_lock() mutex_lock(&rfcomm_mutex)
63#define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
1da177e4 64
1da177e4
LT		 65
66static LIST_HEAD(session_list);
1da177e4 67
262038fc
LAD		 68static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len,
69 u32 priority);
1da177e4
LT		 70static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
71static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
72static int rfcomm_queue_disc(struct rfcomm_dlc *d);
73static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
74static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
75static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
76static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
77static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
78static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
79
80static void rfcomm_process_connect(struct rfcomm_session *s);
81
63ce0900
LAD		 82static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
83 bdaddr_t *dst,
84 u8 sec_level,
85 int *err);
1da177e4
LT		 86static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
87static void rfcomm_session_del(struct rfcomm_session *s);
88
89/* ---- RFCOMM frame parsing macros ---- */
90#define __get_dlci(b) ((b & 0xfc) >> 2)
91#define __get_channel(b) ((b & 0xf8) >> 3)
92#define __get_dir(b) ((b & 0x04) >> 2)
93#define __get_type(b) ((b & 0xef))
94
95#define __test_ea(b) ((b & 0x01))
96#define __test_cr(b) ((b & 0x02))
97#define __test_pf(b) ((b & 0x10))
98
99#define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
100#define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
101#define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
102#define __srv_channel(dlci) (dlci >> 1)
103#define __dir(dlci) (dlci & 0x01)
104
105#define __len8(len) (((len) << 1) | 1)
106#define __len16(len) ((len) << 1)
107
108/* MCC macros */
109#define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
110#define __get_mcc_type(b) ((b & 0xfc) >> 2)
111#define __get_mcc_len(b) ((b & 0xfe) >> 1)
112
113/* RPN macros */
3a5e903c 114#define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
1da177e4
LT		 115#define __get_rpn_data_bits(line) ((line) & 0x3)
116#define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
3a5e903c 117#define __get_rpn_parity(line) (((line) >> 3) & 0x7)
1da177e4 118
534c92fd 119static inline void rfcomm_schedule(void)
1da177e4
LT		 120{
121 if (!rfcomm_thread)
122 return;
1da177e4
LT		 123 wake_up_process(rfcomm_thread);
124}
125
126static inline void rfcomm_session_put(struct rfcomm_session *s)
127{
128 if (atomic_dec_and_test(&s->refcnt))
129 rfcomm_session_del(s);
130}
131
132/* ---- RFCOMM FCS computation ---- */
133
408c1ce2 134/* reversed, 8-bit, poly=0x07 */
8e87d142 135static unsigned char rfcomm_crc_table[256] = {
408c1ce2
MH		 136 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
137 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
138 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
139 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
140
141 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
142 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
143 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
144 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
145
146 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
147 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
148 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
149 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
150
151 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
152 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
153 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
154 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
155
156 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
157 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
158 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
159 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
160
161 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
162 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
163 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
164 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
165
166 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
167 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
168 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
169 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
170
171 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
172 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
173 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
174 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
175};
176
1da177e4
LT		 177/* CRC on 2 bytes */
178#define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
179
8e87d142 180/* FCS on 2 bytes */
1da177e4
LT		 181static inline u8 __fcs(u8 *data)
182{
a02cec21 183 return 0xff - __crc(data);
1da177e4
LT		 184}
185
8e87d142 186/* FCS on 3 bytes */
1da177e4
LT		 187static inline u8 __fcs2(u8 *data)
188{
a02cec21 189 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
1da177e4
LT		 190}
191
192/* Check FCS */
193static inline int __check_fcs(u8 *data, int type, u8 fcs)
194{
195 u8 f = __crc(data);
196
197 if (type != RFCOMM_UIH)
198 f = rfcomm_crc_table[f ^ data[2]];
199
200 return rfcomm_crc_table[f ^ fcs] != 0xcf;
201}
202
203/* ---- L2CAP callbacks ---- */
204static void rfcomm_l2state_change(struct sock *sk)
205{
206 BT_DBG("%p state %d", sk, sk->sk_state);
534c92fd 207 rfcomm_schedule();
1da177e4
LT		 208}
209
210static void rfcomm_l2data_ready(struct sock *sk, int bytes)
211{
212 BT_DBG("%p bytes %d", sk, bytes);
534c92fd 213 rfcomm_schedule();
1da177e4
LT		 214}
215
216static int rfcomm_l2sock_create(struct socket **sock)
217{
218 int err;
219
220 BT_DBG("");
221
222 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
223 if (!err) {
224 struct sock *sk = (*sock)->sk;
225 sk->sk_data_ready = rfcomm_l2data_ready;
226 sk->sk_state_change = rfcomm_l2state_change;
227 }
228 return err;
229}
230
9f2c8a03 231static inline int rfcomm_check_security(struct rfcomm_dlc *d)
77db1980
MH		 232{
233 struct sock *sk = d->session->sock->sk;
8c1d787b
GP		 234 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
235
0684e5f9
MH		 236 __u8 auth_type;
237
238 switch (d->sec_level) {
239 case BT_SECURITY_HIGH:
240 auth_type = HCI_AT_GENERAL_BONDING_MITM;
241 break;
242 case BT_SECURITY_MEDIUM:
243 auth_type = HCI_AT_GENERAL_BONDING;
244 break;
245 default:
246 auth_type = HCI_AT_NO_BONDING;
247 break;
248 }
77db1980 249
8c1d787b 250 return hci_conn_security(conn->hcon, d->sec_level, auth_type);
77db1980
MH		 251}
252
9e726b17
LAD		 253static void rfcomm_session_timeout(unsigned long arg)
254{
255 struct rfcomm_session *s = (void *) arg;
256
257 BT_DBG("session %p state %ld", s, s->state);
258
259 set_bit(RFCOMM_TIMED_OUT, &s->flags);
534c92fd 260 rfcomm_schedule();
9e726b17
LAD		 261}
262
263static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
264{
265 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
266
267 if (!mod_timer(&s->timer, jiffies + timeout))
268 rfcomm_session_hold(s);
269}
270
271static void rfcomm_session_clear_timer(struct rfcomm_session *s)
272{
273 BT_DBG("session %p state %ld", s, s->state);
274
275 if (timer_pending(&s->timer) && del_timer(&s->timer))
276 rfcomm_session_put(s);
277}
278
1da177e4
LT		 279/* ---- RFCOMM DLCs ---- */
280static void rfcomm_dlc_timeout(unsigned long arg)
281{
282 struct rfcomm_dlc *d = (void *) arg;
283
284 BT_DBG("dlc %p state %ld", d, d->state);
285
286 set_bit(RFCOMM_TIMED_OUT, &d->flags);
287 rfcomm_dlc_put(d);
534c92fd 288 rfcomm_schedule();
1da177e4
LT		 289}
290
291static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
292{
293 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
294
295 if (!mod_timer(&d->timer, jiffies + timeout))
296 rfcomm_dlc_hold(d);
297}
298
299static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
300{
301 BT_DBG("dlc %p state %ld", d, d->state);
302
303 if (timer_pending(&d->timer) && del_timer(&d->timer))
304 rfcomm_dlc_put(d);
305}
306
307static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
308{
309 BT_DBG("%p", d);
310
311 d->state = BT_OPEN;
312 d->flags = 0;
313 d->mscex = 0;
183f732c 314 d->sec_level = BT_SECURITY_LOW;
1da177e4
LT		 315 d->mtu = RFCOMM_DEFAULT_MTU;
316 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
317
318 d->cfc = RFCOMM_CFC_DISABLED;
319 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
320}
321
dd0fc66f 322struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
1da177e4 323{
25ea6db0
MH		 324 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
325
1da177e4
LT		 326 if (!d)
327 return NULL;
1da177e4 328
b24b8a24 329 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
1da177e4
LT		 330
331 skb_queue_head_init(&d->tx_queue);
332 spin_lock_init(&d->lock);
333 atomic_set(&d->refcnt, 1);
334
335 rfcomm_dlc_clear_state(d);
8e87d142 336
1da177e4 337 BT_DBG("%p", d);
25ea6db0 338
1da177e4
LT		 339 return d;
340}
341
342void rfcomm_dlc_free(struct rfcomm_dlc *d)
343{
344 BT_DBG("%p", d);
345
346 skb_queue_purge(&d->tx_queue);
347 kfree(d);
348}
349
350static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
351{
352 BT_DBG("dlc %p session %p", d, s);
353
354 rfcomm_session_hold(s);
355
9e726b17 356 rfcomm_session_clear_timer(s);
1da177e4
LT		 357 rfcomm_dlc_hold(d);
358 list_add(&d->list, &s->dlcs);
359 d->session = s;
360}
361
362static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
363{
364 struct rfcomm_session *s = d->session;
365
366 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
367
368 list_del(&d->list);
369 d->session = NULL;
370 rfcomm_dlc_put(d);
371
9e726b17
LAD		 372 if (list_empty(&s->dlcs))
373 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
374
1da177e4
LT		 375 rfcomm_session_put(s);
376}
377
378static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
379{
380 struct rfcomm_dlc *d;
1da177e4 381
8035ded4 382 list_for_each_entry(d, &s->dlcs, list)
1da177e4
LT		 383 if (d->dlci == dlci)
384 return d;
8035ded4 385
1da177e4
LT		 386 return NULL;
387}
388
389static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
390{
391 struct rfcomm_session *s;
392 int err = 0;
393 u8 dlci;
394
8e87d142 395 BT_DBG("dlc %p state %ld %s %s channel %d",
1da177e4
LT		 396 d, d->state, batostr(src), batostr(dst), channel);
397
398 if (channel < 1 || channel > 30)
399 return -EINVAL;
400
401 if (d->state != BT_OPEN && d->state != BT_CLOSED)
402 return 0;
403
404 s = rfcomm_session_get(src, dst);
405 if (!s) {
63ce0900 406 s = rfcomm_session_create(src, dst, d->sec_level, &err);
1da177e4
LT		 407 if (!s)
408 return err;
409 }
410
411 dlci = __dlci(!s->initiator, channel);
412
413 /* Check if DLCI already exists */
414 if (rfcomm_dlc_get(s, dlci))
415 return -EBUSY;
416
417 rfcomm_dlc_clear_state(d);
418
419 d->dlci = dlci;
420 d->addr = __addr(s->initiator, dlci);
421 d->priority = 7;
422
77db1980 423 d->state = BT_CONFIG;
1da177e4
LT		 424 rfcomm_dlc_link(s, d);
425
77db1980
MH		 426 d->out = 1;
427
1da177e4
LT		 428 d->mtu = s->mtu;
429 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
430
77db1980 431 if (s->state == BT_CONNECTED) {
9f2c8a03 432 if (rfcomm_check_security(d))
77db1980 433 rfcomm_send_pn(s, 1, d);
8c1b2355
MH		 434 else
435 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
77db1980
MH		 436 }
437
1da177e4 438 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
77db1980 439
1da177e4
LT		 440 return 0;
441}
442
443int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
444{
445 int r;
446
447 rfcomm_lock();
448
449 r = __rfcomm_dlc_open(d, src, dst, channel);
450
451 rfcomm_unlock();
452 return r;
453}
454
455static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
456{
457 struct rfcomm_session *s = d->session;
458 if (!s)
459 return 0;
460
461 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
462 d, d->state, d->dlci, err, s);
463
464 switch (d->state) {
1da177e4 465 case BT_CONNECT:
bb23c0ab
MH		 466 case BT_CONFIG:
467 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
468 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
534c92fd 469 rfcomm_schedule();
bb23c0ab
MH		 470 break;
471 }
472 /* Fall through */
473
474 case BT_CONNECTED:
1da177e4
LT		 475 d->state = BT_DISCONN;
476 if (skb_queue_empty(&d->tx_queue)) {
477 rfcomm_send_disc(s, d->dlci);
478 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
479 } else {
480 rfcomm_queue_disc(d);
481 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
482 }
483 break;
484
bb23c0ab 485 case BT_OPEN:
8bf47941 486 case BT_CONNECT2:
bb23c0ab
MH		 487 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
488 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
534c92fd 489 rfcomm_schedule();
bb23c0ab
MH		 490 break;
491 }
492 /* Fall through */
493
1da177e4
LT		 494 default:
495 rfcomm_dlc_clear_timer(d);
496
497 rfcomm_dlc_lock(d);
498 d->state = BT_CLOSED;
1905f6c7 499 d->state_change(d, err);
4c8411f8 500 rfcomm_dlc_unlock(d);
1da177e4
LT		 501
502 skb_queue_purge(&d->tx_queue);
1da177e4
LT		 503 rfcomm_dlc_unlink(d);
504 }
505
506 return 0;
507}
508
509int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
510{
511 int r;
512
513 rfcomm_lock();
514
515 r = __rfcomm_dlc_close(d, err);
516
517 rfcomm_unlock();
518 return r;
519}
520
521int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
522{
523 int len = skb->len;
524
525 if (d->state != BT_CONNECTED)
526 return -ENOTCONN;
527
528 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
529
530 if (len > d->mtu)
531 return -EINVAL;
532
533 rfcomm_make_uih(skb, d->addr);
534 skb_queue_tail(&d->tx_queue, skb);
535
536 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
534c92fd 537 rfcomm_schedule();
1da177e4
LT		 538 return len;
539}
540
b5606c2d 541void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
1da177e4
LT		 542{
543 BT_DBG("dlc %p state %ld", d, d->state);
544
545 if (!d->cfc) {
546 d->v24_sig |= RFCOMM_V24_FC;
547 set_bit(RFCOMM_MSC_PENDING, &d->flags);
548 }
534c92fd 549 rfcomm_schedule();
1da177e4
LT		 550}
551
b5606c2d 552void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
1da177e4
LT		 553{
554 BT_DBG("dlc %p state %ld", d, d->state);
555
556 if (!d->cfc) {
557 d->v24_sig &= ~RFCOMM_V24_FC;
558 set_bit(RFCOMM_MSC_PENDING, &d->flags);
559 }
534c92fd 560 rfcomm_schedule();
1da177e4
LT		 561}
562
8e87d142 563/*
1da177e4
LT		 564 Set/get modem status functions use _local_ status i.e. what we report
565 to the other side.
566 Remote status is provided by dlc->modem_status() callback.
567 */
568int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
569{
8e87d142 570 BT_DBG("dlc %p state %ld v24_sig 0x%x",
1da177e4
LT		 571 d, d->state, v24_sig);
572
573 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
574 v24_sig |= RFCOMM_V24_FC;
575 else
576 v24_sig &= ~RFCOMM_V24_FC;
8e87d142 577
1da177e4
LT		 578 d->v24_sig = v24_sig;
579
580 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
534c92fd 581 rfcomm_schedule();
1da177e4
LT		 582
583 return 0;
584}
585
586int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
587{
8e87d142 588 BT_DBG("dlc %p state %ld v24_sig 0x%x",
1da177e4
LT		 589 d, d->state, d->v24_sig);
590
591 *v24_sig = d->v24_sig;
592 return 0;
593}
594
595/* ---- RFCOMM sessions ---- */
596static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
597{
25ea6db0
MH		 598 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
599
1da177e4
LT		 600 if (!s)
601 return NULL;
1da177e4
LT		 602
603 BT_DBG("session %p sock %p", s, sock);
604
9e726b17
LAD		 605 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
606
1da177e4
LT		 607 INIT_LIST_HEAD(&s->dlcs);
608 s->state = state;
609 s->sock = sock;
610
611 s->mtu = RFCOMM_DEFAULT_MTU;
7c2660b0 612 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
1da177e4
LT		 613
614 /* Do not increment module usage count for listening sessions.
615 * Otherwise we won't be able to unload the module. */
616 if (state != BT_LISTEN)
617 if (!try_module_get(THIS_MODULE)) {
618 kfree(s);
619 return NULL;
620 }
621
622 list_add(&s->list, &session_list);
623
624 return s;
625}
626
627static void rfcomm_session_del(struct rfcomm_session *s)
628{
629 int state = s->state;
630
631 BT_DBG("session %p state %ld", s, s->state);
632
633 list_del(&s->list);
634
635 if (state == BT_CONNECTED)
636 rfcomm_send_disc(s, 0);
637
9e726b17 638 rfcomm_session_clear_timer(s);
1da177e4
LT		 639 sock_release(s->sock);
640 kfree(s);
641
642 if (state != BT_LISTEN)
643 module_put(THIS_MODULE);
644}
645
646static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
647{
648 struct rfcomm_session *s;
649 struct list_head *p, *n;
650 struct bt_sock *sk;
651 list_for_each_safe(p, n, &session_list) {
652 s = list_entry(p, struct rfcomm_session, list);
8e87d142 653 sk = bt_sk(s->sock->sk);
1da177e4
LT		 654
655 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
656 !bacmp(&sk->dst, dst))
657 return s;
658 }
659 return NULL;
660}
661
662static void rfcomm_session_close(struct rfcomm_session *s, int err)
663{
664 struct rfcomm_dlc *d;
665 struct list_head *p, *n;
666
667 BT_DBG("session %p state %ld err %d", s, s->state, err);
668
669 rfcomm_session_hold(s);
670
671 s->state = BT_CLOSED;
672
673 /* Close all dlcs */
674 list_for_each_safe(p, n, &s->dlcs) {
675 d = list_entry(p, struct rfcomm_dlc, list);
676 d->state = BT_CLOSED;
677 __rfcomm_dlc_close(d, err);
678 }
679
9e726b17 680 rfcomm_session_clear_timer(s);
1da177e4
LT		 681 rfcomm_session_put(s);
682}
683
63ce0900
LAD		 684static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
685 bdaddr_t *dst,
686 u8 sec_level,
687 int *err)
1da177e4
LT		 688{
689 struct rfcomm_session *s = NULL;
690 struct sockaddr_l2 addr;
691 struct socket *sock;
692 struct sock *sk;
693
694 BT_DBG("%s %s", batostr(src), batostr(dst));
695
696 *err = rfcomm_l2sock_create(&sock);
697 if (*err < 0)
698 return NULL;
699
700 bacpy(&addr.l2_bdaddr, src);
701 addr.l2_family = AF_BLUETOOTH;
702 addr.l2_psm = 0;
37e62f55 703 addr.l2_cid = 0;
48db9ca4 704 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1da177e4
LT		 705 if (*err < 0)
706 goto failed;
707
708 /* Set L2CAP options */
709 sk = sock->sk;
710 lock_sock(sk);
0c1bc5c6 711 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
47d1ec61 712 l2cap_pi(sk)->chan->sec_level = sec_level;
eae38eed 713 if (l2cap_ertm)
0c1bc5c6 714 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
1da177e4
LT		 715 release_sock(sk);
716
717 s = rfcomm_session_add(sock, BT_BOUND);
718 if (!s) {
719 *err = -ENOMEM;
720 goto failed;
721 }
722
1da177e4
LT		 723 s->initiator = 1;
724
725 bacpy(&addr.l2_bdaddr, dst);
726 addr.l2_family = AF_BLUETOOTH;
b4324b5d 727 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
37e62f55 728 addr.l2_cid = 0;
48db9ca4 729 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
b4c612a4 730 if (*err == 0 || *err == -EINPROGRESS)
1da177e4
LT		 731 return s;
732
733 rfcomm_session_del(s);
734 return NULL;
735
736failed:
737 sock_release(sock);
738 return NULL;
739}
740
741void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
742{
743 struct sock *sk = s->sock->sk;
744 if (src)
745 bacpy(src, &bt_sk(sk)->src);
746 if (dst)
747 bacpy(dst, &bt_sk(sk)->dst);
748}
749
750/* ---- RFCOMM frame sending ---- */
262038fc
LAD		 751static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len,
752 u32 priority)
1da177e4
LT		 753{
754 struct socket *sock = s->sock;
262038fc 755 struct sock *sk = sock->sk;
1da177e4
LT		 756 struct kvec iv = { data, len };
757 struct msghdr msg;
758
262038fc
LAD		 759 BT_DBG("session %p len %d priority %u", s, len, priority);
760
761 if (sk->sk_priority != priority) {
762 lock_sock(sk);
763 sk->sk_priority = priority;
764 release_sock(sk);
765 }
1da177e4
LT		 766
767 memset(&msg, 0, sizeof(msg));
768
769 return kernel_sendmsg(sock, &msg, &iv, 1, len);
770}
771
262038fc
LAD		 772static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd)
773{
774 BT_DBG("%p cmd %u", s, cmd->ctrl);
775
776 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd), HCI_PRIO_MAX);
777}
778
1da177e4
LT		 779static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
780{
781 struct rfcomm_cmd cmd;
782
783 BT_DBG("%p dlci %d", s, dlci);
784
785 cmd.addr = __addr(s->initiator, dlci);
786 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
787 cmd.len = __len8(0);
788 cmd.fcs = __fcs2((u8 *) &cmd);
789
262038fc 790 return rfcomm_send_cmd(s, &cmd);
1da177e4
LT		 791}
792
793static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
794{
795 struct rfcomm_cmd cmd;
796
797 BT_DBG("%p dlci %d", s, dlci);
798
799 cmd.addr = __addr(!s->initiator, dlci);
800 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
801 cmd.len = __len8(0);
802 cmd.fcs = __fcs2((u8 *) &cmd);
803
262038fc 804 return rfcomm_send_cmd(s, &cmd);
1da177e4
LT		 805}
806
807static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
808{
809 struct rfcomm_cmd cmd;
810
811 BT_DBG("%p dlci %d", s, dlci);
812
813 cmd.addr = __addr(s->initiator, dlci);
814 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
815 cmd.len = __len8(0);
816 cmd.fcs = __fcs2((u8 *) &cmd);
817
262038fc 818 return rfcomm_send_cmd(s, &cmd);
1da177e4
LT		 819}
820
821static int rfcomm_queue_disc(struct rfcomm_dlc *d)
822{
823 struct rfcomm_cmd *cmd;
824 struct sk_buff *skb;
825
826 BT_DBG("dlc %p dlci %d", d, d->dlci);
827
828 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
829 if (!skb)
830 return -ENOMEM;
831
262038fc
LAD		 832 skb->priority = HCI_PRIO_MAX;
833
1da177e4
LT		 834 cmd = (void *) __skb_put(skb, sizeof(*cmd));
835 cmd->addr = d->addr;
836 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
837 cmd->len = __len8(0);
838 cmd->fcs = __fcs2((u8 *) cmd);
839
840 skb_queue_tail(&d->tx_queue, skb);
534c92fd 841 rfcomm_schedule();
1da177e4
LT		 842 return 0;
843}
844
845static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
846{
847 struct rfcomm_cmd cmd;
848
849 BT_DBG("%p dlci %d", s, dlci);
850
851 cmd.addr = __addr(!s->initiator, dlci);
852 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
853 cmd.len = __len8(0);
854 cmd.fcs = __fcs2((u8 *) &cmd);
855
262038fc 856 return rfcomm_send_cmd(s, &cmd);
1da177e4
LT		 857}
858
859static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
860{
861 struct rfcomm_hdr *hdr;
862 struct rfcomm_mcc *mcc;
863 u8 buf[16], *ptr = buf;
864
865 BT_DBG("%p cr %d type %d", s, cr, type);
866
867 hdr = (void *) ptr; ptr += sizeof(*hdr);
868 hdr->addr = __addr(s->initiator, 0);
869 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
870 hdr->len = __len8(sizeof(*mcc) + 1);
871
872 mcc = (void *) ptr; ptr += sizeof(*mcc);
873 mcc->type = __mcc_type(cr, RFCOMM_NSC);
874 mcc->len = __len8(1);
875
876 /* Type that we didn't like */
877 *ptr = __mcc_type(cr, type); ptr++;
878
879 *ptr = __fcs(buf); ptr++;
880
262038fc 881 return rfcomm_send_frame(s, buf, ptr - buf, HCI_PRIO_MAX);
1da177e4
LT		 882}
883
884static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
885{
886 struct rfcomm_hdr *hdr;
887 struct rfcomm_mcc *mcc;
888 struct rfcomm_pn *pn;
889 u8 buf[16], *ptr = buf;
890
891 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
892
893 hdr = (void *) ptr; ptr += sizeof(*hdr);
894 hdr->addr = __addr(s->initiator, 0);
895 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
896 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
897
898 mcc = (void *) ptr; ptr += sizeof(*mcc);
899 mcc->type = __mcc_type(cr, RFCOMM_PN);
900 mcc->len = __len8(sizeof(*pn));
901
902 pn = (void *) ptr; ptr += sizeof(*pn);
903 pn->dlci = d->dlci;
904 pn->priority = d->priority;
905 pn->ack_timer = 0;
906 pn->max_retrans = 0;
907
908 if (s->cfc) {
909 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
910 pn->credits = RFCOMM_DEFAULT_CREDITS;
911 } else {
912 pn->flow_ctrl = 0;
913 pn->credits = 0;
914 }
915
98bcd08b 916 if (cr && channel_mtu >= 0)
b4324b5d 917 pn->mtu = cpu_to_le16(channel_mtu);
98bcd08b 918 else
b4324b5d 919 pn->mtu = cpu_to_le16(d->mtu);
1da177e4
LT		 920
921 *ptr = __fcs(buf); ptr++;
922
262038fc 923 return rfcomm_send_frame(s, buf, ptr - buf, HCI_PRIO_MAX);
1da177e4
LT		 924}
925
3a5e903c
S		 926int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
927 u8 bit_rate, u8 data_bits, u8 stop_bits,
8e87d142 928 u8 parity, u8 flow_ctrl_settings,
3a5e903c 929 u8 xon_char, u8 xoff_char, u16 param_mask)
1da177e4
LT		 930{
931 struct rfcomm_hdr *hdr;
932 struct rfcomm_mcc *mcc;
933 struct rfcomm_rpn *rpn;
934 u8 buf[16], *ptr = buf;
935
936 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
8e87d142
YH		 937 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
938 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
3a5e903c 939 flow_ctrl_settings, xon_char, xoff_char, param_mask);
1da177e4
LT		 940
941 hdr = (void *) ptr; ptr += sizeof(*hdr);
942 hdr->addr = __addr(s->initiator, 0);
943 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
944 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
945
946 mcc = (void *) ptr; ptr += sizeof(*mcc);
947 mcc->type = __mcc_type(cr, RFCOMM_RPN);
948 mcc->len = __len8(sizeof(*rpn));
949
950 rpn = (void *) ptr; ptr += sizeof(*rpn);
951 rpn->dlci = __addr(1, dlci);
952 rpn->bit_rate = bit_rate;
953 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
954 rpn->flow_ctrl = flow_ctrl_settings;
955 rpn->xon_char = xon_char;
956 rpn->xoff_char = xoff_char;
e8db8c99 957 rpn->param_mask = cpu_to_le16(param_mask);
1da177e4
LT		 958
959 *ptr = __fcs(buf); ptr++;
960
262038fc 961 return rfcomm_send_frame(s, buf, ptr - buf, HCI_PRIO_MAX);
1da177e4
LT		 962}
963
964static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
965{
966 struct rfcomm_hdr *hdr;
967 struct rfcomm_mcc *mcc;
968 struct rfcomm_rls *rls;
969 u8 buf[16], *ptr = buf;
970
971 BT_DBG("%p cr %d status 0x%x", s, cr, status);
972
973 hdr = (void *) ptr; ptr += sizeof(*hdr);
974 hdr->addr = __addr(s->initiator, 0);
975 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
976 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
977
978 mcc = (void *) ptr; ptr += sizeof(*mcc);
979 mcc->type = __mcc_type(cr, RFCOMM_RLS);
980 mcc->len = __len8(sizeof(*rls));
981
982 rls = (void *) ptr; ptr += sizeof(*rls);
983 rls->dlci = __addr(1, dlci);
984 rls->status = status;
985
986 *ptr = __fcs(buf); ptr++;
987
262038fc 988 return rfcomm_send_frame(s, buf, ptr - buf, HCI_PRIO_MAX);
1da177e4
LT		 989}
990
991static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
992{
993 struct rfcomm_hdr *hdr;
994 struct rfcomm_mcc *mcc;
995 struct rfcomm_msc *msc;
996 u8 buf[16], *ptr = buf;
997
998 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
999
1000 hdr = (void *) ptr; ptr += sizeof(*hdr);
1001 hdr->addr = __addr(s->initiator, 0);
1002 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1003 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
1004
1005 mcc = (void *) ptr; ptr += sizeof(*mcc);
1006 mcc->type = __mcc_type(cr, RFCOMM_MSC);
1007 mcc->len = __len8(sizeof(*msc));
1008
1009 msc = (void *) ptr; ptr += sizeof(*msc);
1010 msc->dlci = __addr(1, dlci);
1011 msc->v24_sig = v24_sig | 0x01;
1012
1013 *ptr = __fcs(buf); ptr++;
1014
262038fc 1015 return rfcomm_send_frame(s, buf, ptr - buf, HCI_PRIO_MAX);
1da177e4
LT		 1016}
1017
1018static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
1019{
1020 struct rfcomm_hdr *hdr;
1021 struct rfcomm_mcc *mcc;
1022 u8 buf[16], *ptr = buf;
1023
1024 BT_DBG("%p cr %d", s, cr);
1025
1026 hdr = (void *) ptr; ptr += sizeof(*hdr);
1027 hdr->addr = __addr(s->initiator, 0);
1028 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1029 hdr->len = __len8(sizeof(*mcc));
1030
1031 mcc = (void *) ptr; ptr += sizeof(*mcc);
1032 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1033 mcc->len = __len8(0);
1034
1035 *ptr = __fcs(buf); ptr++;
1036
262038fc 1037 return rfcomm_send_frame(s, buf, ptr - buf, HCI_PRIO_MAX);
1da177e4
LT		 1038}
1039
1040static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1041{
1042 struct rfcomm_hdr *hdr;
1043 struct rfcomm_mcc *mcc;
1044 u8 buf[16], *ptr = buf;
1045
1046 BT_DBG("%p cr %d", s, cr);
1047
1048 hdr = (void *) ptr; ptr += sizeof(*hdr);
1049 hdr->addr = __addr(s->initiator, 0);
1050 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1051 hdr->len = __len8(sizeof(*mcc));
1052
1053 mcc = (void *) ptr; ptr += sizeof(*mcc);
1054 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1055 mcc->len = __len8(0);
1056
1057 *ptr = __fcs(buf); ptr++;
1058
262038fc 1059 return rfcomm_send_frame(s, buf, ptr - buf, HCI_PRIO_MAX);
1da177e4
LT		 1060}
1061
1062static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1063{
1064 struct socket *sock = s->sock;
1065 struct kvec iv[3];
1066 struct msghdr msg;
1067 unsigned char hdr[5], crc[1];
1068
1069 if (len > 125)
1070 return -EINVAL;
1071
1072 BT_DBG("%p cr %d", s, cr);
1073
1074 hdr[0] = __addr(s->initiator, 0);
1075 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1076 hdr[2] = 0x01 | ((len + 2) << 1);
1077 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1078 hdr[4] = 0x01 | (len << 1);
1079
1080 crc[0] = __fcs(hdr);
1081
1082 iv[0].iov_base = hdr;
1083 iv[0].iov_len = 5;
1084 iv[1].iov_base = pattern;
1085 iv[1].iov_len = len;
1086 iv[2].iov_base = crc;
1087 iv[2].iov_len = 1;
1088
1089 memset(&msg, 0, sizeof(msg));
1090
1091 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1092}
1093
1094static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1095{
1096 struct rfcomm_hdr *hdr;
1097 u8 buf[16], *ptr = buf;
1098
1099 BT_DBG("%p addr %d credits %d", s, addr, credits);
1100
1101 hdr = (void *) ptr; ptr += sizeof(*hdr);
1102 hdr->addr = addr;
1103 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1104 hdr->len = __len8(0);
1105
1106 *ptr = credits; ptr++;
1107
1108 *ptr = __fcs(buf); ptr++;
1109
262038fc 1110 return rfcomm_send_frame(s, buf, ptr - buf, HCI_PRIO_MAX);
1da177e4
LT		 1111}
1112
1113static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1114{
1115 struct rfcomm_hdr *hdr;
1116 int len = skb->len;
1117 u8 *crc;
1118
1119 if (len > 127) {
1120 hdr = (void *) skb_push(skb, 4);
b4324b5d 1121 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1da177e4
LT		 1122 } else {
1123 hdr = (void *) skb_push(skb, 3);
1124 hdr->len = __len8(len);
1125 }
1126 hdr->addr = addr;
1127 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1128
1129 crc = skb_put(skb, 1);
1130 *crc = __fcs((void *) hdr);
1131}
1132
1133/* ---- RFCOMM frame reception ---- */
1134static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1135{
1136 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1137
1138 if (dlci) {
1139 /* Data channel */
1140 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1141 if (!d) {
1142 rfcomm_send_dm(s, dlci);
1143 return 0;
1144 }
1145
1146 switch (d->state) {
1147 case BT_CONNECT:
1148 rfcomm_dlc_clear_timer(d);
1149
1150 rfcomm_dlc_lock(d);
1151 d->state = BT_CONNECTED;
1152 d->state_change(d, 0);
1153 rfcomm_dlc_unlock(d);
1154
1155 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1156 break;
1157
1158 case BT_DISCONN:
1159 d->state = BT_CLOSED;
1160 __rfcomm_dlc_close(d, 0);
9cf5b0ea
MH		 1161
1162 if (list_empty(&s->dlcs)) {
1163 s->state = BT_DISCONN;
1164 rfcomm_send_disc(s, 0);
79e65478 1165 rfcomm_session_clear_timer(s);
9cf5b0ea
MH		 1166 }
1167
1da177e4
LT		 1168 break;
1169 }
1170 } else {
1171 /* Control channel */
1172 switch (s->state) {
1173 case BT_CONNECT:
1174 s->state = BT_CONNECTED;
1175 rfcomm_process_connect(s);
1176 break;
9cf5b0ea
MH		 1177
1178 case BT_DISCONN:
6c2718da
NP		 1179 /* When socket is closed and we are not RFCOMM
1180 * initiator rfcomm_process_rx already calls
1181 * rfcomm_session_put() */
1182 if (s->sock->sk->sk_state != BT_CLOSED)
683d949a
LT		 1183 if (list_empty(&s->dlcs))
1184 rfcomm_session_put(s);
9cf5b0ea 1185 break;
1da177e4
LT		 1186 }
1187 }
1188 return 0;
1189}
1190
1191static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1192{
1193 int err = 0;
1194
1195 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1196
1197 if (dlci) {
1198 /* Data DLC */
1199 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1200 if (d) {
1201 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1202 err = ECONNREFUSED;
1203 else
1204 err = ECONNRESET;
1205
1206 d->state = BT_CLOSED;
1207 __rfcomm_dlc_close(d, err);
1208 }
1209 } else {
1210 if (s->state == BT_CONNECT)
1211 err = ECONNREFUSED;
1212 else
1213 err = ECONNRESET;
1214
1215 s->state = BT_CLOSED;
1216 rfcomm_session_close(s, err);
1217 }
1218 return 0;
1219}
1220
1221static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1222{
1223 int err = 0;
1224
1225 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1226
1227 if (dlci) {
1228 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1229 if (d) {
1230 rfcomm_send_ua(s, dlci);
1231
1232 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1233 err = ECONNREFUSED;
1234 else
1235 err = ECONNRESET;
1236
1237 d->state = BT_CLOSED;
1238 __rfcomm_dlc_close(d, err);
8e87d142 1239 } else
1da177e4 1240 rfcomm_send_dm(s, dlci);
8e87d142 1241
1da177e4
LT		 1242 } else {
1243 rfcomm_send_ua(s, 0);
1244
1245 if (s->state == BT_CONNECT)
1246 err = ECONNREFUSED;
1247 else
1248 err = ECONNRESET;
1249
1250 s->state = BT_CLOSED;
1251 rfcomm_session_close(s, err);
1252 }
1253
1254 return 0;
1255}
1256
bb23c0ab 1257void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1da177e4 1258{
300b9397 1259 struct sock *sk = d->session->sock->sk;
8c1d787b 1260 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
300b9397 1261
1da177e4
LT		 1262 BT_DBG("dlc %p", d);
1263
1264 rfcomm_send_ua(d->session, d->dlci);
1265
e2139b32
JH		 1266 rfcomm_dlc_clear_timer(d);
1267
1da177e4
LT		 1268 rfcomm_dlc_lock(d);
1269 d->state = BT_CONNECTED;
1270 d->state_change(d, 0);
1271 rfcomm_dlc_unlock(d);
1272
9f2c8a03 1273 if (d->role_switch)
8c1d787b 1274 hci_conn_switch_role(conn->hcon, 0x00);
300b9397 1275
1da177e4
LT		 1276 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1277}
1278
bb23c0ab
MH		 1279static void rfcomm_check_accept(struct rfcomm_dlc *d)
1280{
9f2c8a03 1281 if (rfcomm_check_security(d)) {
bb23c0ab
MH		 1282 if (d->defer_setup) {
1283 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1284 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
8bf47941
MH		 1285
1286 rfcomm_dlc_lock(d);
1287 d->state = BT_CONNECT2;
1288 d->state_change(d, 0);
1289 rfcomm_dlc_unlock(d);
bb23c0ab
MH		 1290 } else
1291 rfcomm_dlc_accept(d);
8c1b2355
MH		 1292 } else {
1293 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1294 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
bb23c0ab
MH		 1295 }
1296}
1297
1da177e4
LT		 1298static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1299{
1300 struct rfcomm_dlc *d;
1301 u8 channel;
1302
1303 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1304
1305 if (!dlci) {
1306 rfcomm_send_ua(s, 0);
1307
1308 if (s->state == BT_OPEN) {
1309 s->state = BT_CONNECTED;
1310 rfcomm_process_connect(s);
1311 }
1312 return 0;
1313 }
1314
1315 /* Check if DLC exists */
1316 d = rfcomm_dlc_get(s, dlci);
1317 if (d) {
1318 if (d->state == BT_OPEN) {
1319 /* DLC was previously opened by PN request */
bb23c0ab 1320 rfcomm_check_accept(d);
1da177e4
LT		 1321 }
1322 return 0;
1323 }
1324
1325 /* Notify socket layer about incoming connection */
1326 channel = __srv_channel(dlci);
1327 if (rfcomm_connect_ind(s, channel, &d)) {
1328 d->dlci = dlci;
1329 d->addr = __addr(s->initiator, dlci);
1330 rfcomm_dlc_link(s, d);
1331
bb23c0ab 1332 rfcomm_check_accept(d);
1da177e4
LT		 1333 } else {
1334 rfcomm_send_dm(s, dlci);
1335 }
1336
1337 return 0;
1338}
1339
1340static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1341{
1342 struct rfcomm_session *s = d->session;
1343
8e87d142 1344 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1da177e4
LT		 1345 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1346
7c2660b0
MH		 1347 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1348 pn->flow_ctrl == 0xe0) {
1349 d->cfc = RFCOMM_CFC_ENABLED;
1da177e4
LT		 1350 d->tx_credits = pn->credits;
1351 } else {
7c2660b0 1352 d->cfc = RFCOMM_CFC_DISABLED;
1da177e4
LT		 1353 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1354 }
1355
7c2660b0
MH		 1356 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1357 s->cfc = d->cfc;
1358
1da177e4
LT		 1359 d->priority = pn->priority;
1360
b4324b5d 1361 d->mtu = __le16_to_cpu(pn->mtu);
98bcd08b
MH		 1362
1363 if (cr && d->mtu > s->mtu)
1364 d->mtu = s->mtu;
1da177e4
LT		 1365
1366 return 0;
1367}
1368
1369static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1370{
1371 struct rfcomm_pn *pn = (void *) skb->data;
1372 struct rfcomm_dlc *d;
1373 u8 dlci = pn->dlci;
1374
1375 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1376
1377 if (!dlci)
1378 return 0;
1379
1380 d = rfcomm_dlc_get(s, dlci);
1381 if (d) {
1382 if (cr) {
1383 /* PN request */
1384 rfcomm_apply_pn(d, cr, pn);
1385 rfcomm_send_pn(s, 0, d);
1386 } else {
1387 /* PN response */
1388 switch (d->state) {
1389 case BT_CONFIG:
1390 rfcomm_apply_pn(d, cr, pn);
1391
1392 d->state = BT_CONNECT;
1393 rfcomm_send_sabm(s, d->dlci);
1394 break;
1395 }
1396 }
1397 } else {
1398 u8 channel = __srv_channel(dlci);
1399
1400 if (!cr)
1401 return 0;
1402
1403 /* PN request for non existing DLC.
1404 * Assume incoming connection. */
1405 if (rfcomm_connect_ind(s, channel, &d)) {
1406 d->dlci = dlci;
1407 d->addr = __addr(s->initiator, dlci);
1408 rfcomm_dlc_link(s, d);
1409
1410 rfcomm_apply_pn(d, cr, pn);
1411
1412 d->state = BT_OPEN;
1413 rfcomm_send_pn(s, 0, d);
1414 } else {
1415 rfcomm_send_dm(s, dlci);
1416 }
1417 }
1418 return 0;
1419}
1420
1421static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1422{
1423 struct rfcomm_rpn *rpn = (void *) skb->data;
1424 u8 dlci = __get_dlci(rpn->dlci);
1425
1426 u8 bit_rate = 0;
1427 u8 data_bits = 0;
1428 u8 stop_bits = 0;
1429 u8 parity = 0;
1430 u8 flow_ctrl = 0;
1431 u8 xon_char = 0;
1432 u8 xoff_char = 0;
1433 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
3a5e903c
S		 1434
1435 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1436 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1437 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1438
1439 if (!cr)
1da177e4 1440 return 0;
3a5e903c 1441
1da177e4 1442 if (len == 1) {
08601469
YK		 1443 /* This is a request, return default (according to ETSI TS 07.10) settings */
1444 bit_rate = RFCOMM_RPN_BR_9600;
1da177e4
LT		 1445 data_bits = RFCOMM_RPN_DATA_8;
1446 stop_bits = RFCOMM_RPN_STOP_1;
1447 parity = RFCOMM_RPN_PARITY_NONE;
1448 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1449 xon_char = RFCOMM_RPN_XON_CHAR;
1450 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1da177e4
LT		 1451 goto rpn_out;
1452 }
3a5e903c
S		 1453
1454 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1455 * no parity, no flow control lines, normal XON/XOFF chars */
1456
e8db8c99 1457 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1da177e4 1458 bit_rate = rpn->bit_rate;
08601469 1459 if (bit_rate > RFCOMM_RPN_BR_230400) {
1da177e4 1460 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
08601469 1461 bit_rate = RFCOMM_RPN_BR_9600;
1da177e4
LT		 1462 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1463 }
1464 }
3a5e903c 1465
e8db8c99 1466 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1da177e4
LT		 1467 data_bits = __get_rpn_data_bits(rpn->line_settings);
1468 if (data_bits != RFCOMM_RPN_DATA_8) {
1469 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1470 data_bits = RFCOMM_RPN_DATA_8;
1471 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1472 }
1473 }
3a5e903c 1474
e8db8c99 1475 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1da177e4
LT		 1476 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1477 if (stop_bits != RFCOMM_RPN_STOP_1) {
1478 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1479 stop_bits = RFCOMM_RPN_STOP_1;
1480 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1481 }
1482 }
3a5e903c 1483
e8db8c99 1484 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1da177e4
LT		 1485 parity = __get_rpn_parity(rpn->line_settings);
1486 if (parity != RFCOMM_RPN_PARITY_NONE) {
1487 BT_DBG("RPN parity mismatch 0x%x", parity);
1488 parity = RFCOMM_RPN_PARITY_NONE;
1489 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1490 }
1491 }
3a5e903c 1492
e8db8c99 1493 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1da177e4
LT		 1494 flow_ctrl = rpn->flow_ctrl;
1495 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1496 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1497 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1498 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1499 }
1500 }
3a5e903c 1501
e8db8c99 1502 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1da177e4
LT		 1503 xon_char = rpn->xon_char;
1504 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1505 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1506 xon_char = RFCOMM_RPN_XON_CHAR;
1507 rpn_mask ^= RFCOMM_RPN_PM_XON;
1508 }
1509 }
3a5e903c 1510
e8db8c99 1511 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1da177e4
LT		 1512 xoff_char = rpn->xoff_char;
1513 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1514 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1515 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1516 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1517 }
1518 }
1519
1520rpn_out:
3a5e903c
S		 1521 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1522 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1da177e4
LT		 1523
1524 return 0;
1525}
1526
1527static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1528{
1529 struct rfcomm_rls *rls = (void *) skb->data;
1530 u8 dlci = __get_dlci(rls->dlci);
1531
1532 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
3a5e903c 1533
1da177e4
LT		 1534 if (!cr)
1535 return 0;
1536
3a5e903c
S		 1537 /* We should probably do something with this information here. But
1538 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1539 * mandatory to recognise and respond to RLS */
1da177e4
LT		 1540
1541 rfcomm_send_rls(s, 0, dlci, rls->status);
1542
1543 return 0;
1544}
1545
1546static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1547{
1548 struct rfcomm_msc *msc = (void *) skb->data;
1549 struct rfcomm_dlc *d;
1550 u8 dlci = __get_dlci(msc->dlci);
1551
1552 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1553
1554 d = rfcomm_dlc_get(s, dlci);
3a5e903c 1555 if (!d)
1da177e4
LT		 1556 return 0;
1557
1558 if (cr) {
1559 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1560 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1561 else
1562 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
3a5e903c 1563
1da177e4 1564 rfcomm_dlc_lock(d);
8b6b3da7
MH		 1565
1566 d->remote_v24_sig = msc->v24_sig;
1567
1da177e4
LT		 1568 if (d->modem_status)
1569 d->modem_status(d, msc->v24_sig);
8b6b3da7 1570
1da177e4 1571 rfcomm_dlc_unlock(d);
8e87d142 1572
1da177e4
LT		 1573 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1574
1575 d->mscex |= RFCOMM_MSCEX_RX;
3a5e903c 1576 } else
1da177e4
LT		 1577 d->mscex |= RFCOMM_MSCEX_TX;
1578
1579 return 0;
1580}
1581
1582static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1583{
1584 struct rfcomm_mcc *mcc = (void *) skb->data;
1585 u8 type, cr, len;
1586
1587 cr = __test_cr(mcc->type);
1588 type = __get_mcc_type(mcc->type);
1589 len = __get_mcc_len(mcc->len);
1590
1591 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1592
1593 skb_pull(skb, 2);
1594
1595 switch (type) {
1596 case RFCOMM_PN:
1597 rfcomm_recv_pn(s, cr, skb);
1598 break;
1599
1600 case RFCOMM_RPN:
1601 rfcomm_recv_rpn(s, cr, len, skb);
1602 break;
1603
1604 case RFCOMM_RLS:
1605 rfcomm_recv_rls(s, cr, skb);
1606 break;
1607
1608 case RFCOMM_MSC:
1609 rfcomm_recv_msc(s, cr, skb);
1610 break;
1611
1612 case RFCOMM_FCOFF:
1613 if (cr) {
1614 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1615 rfcomm_send_fcoff(s, 0);
1616 }
1617 break;
1618
1619 case RFCOMM_FCON:
1620 if (cr) {
1621 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1622 rfcomm_send_fcon(s, 0);
1623 }
1624 break;
1625
1626 case RFCOMM_TEST:
1627 if (cr)
1628 rfcomm_send_test(s, 0, skb->data, skb->len);
1629 break;
1630
1631 case RFCOMM_NSC:
1632 break;
1633
1634 default:
1635 BT_ERR("Unknown control type 0x%02x", type);
1636 rfcomm_send_nsc(s, cr, type);
1637 break;
1638 }
1639 return 0;
1640}
1641
1642static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1643{
1644 struct rfcomm_dlc *d;
1645
1646 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1647
1648 d = rfcomm_dlc_get(s, dlci);
1649 if (!d) {
1650 rfcomm_send_dm(s, dlci);
1651 goto drop;
1652 }
1653
1654 if (pf && d->cfc) {
1655 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1656
1657 d->tx_credits += credits;
1658 if (d->tx_credits)
1659 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1660 }
1661
1662 if (skb->len && d->state == BT_CONNECTED) {
1663 rfcomm_dlc_lock(d);
1664 d->rx_credits--;
1665 d->data_ready(d, skb);
1666 rfcomm_dlc_unlock(d);
1667 return 0;
1668 }
1669
1670drop:
1671 kfree_skb(skb);
1672 return 0;
1673}
1674
1675static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1676{
1677 struct rfcomm_hdr *hdr = (void *) skb->data;
1678 u8 type, dlci, fcs;
1679
1680 dlci = __get_dlci(hdr->addr);
1681 type = __get_type(hdr->ctrl);
1682
1683 /* Trim FCS */
1684 skb->len--; skb->tail--;
27a884dc 1685 fcs = *(u8 *)skb_tail_pointer(skb);
1da177e4
LT		 1686
1687 if (__check_fcs(skb->data, type, fcs)) {
1688 BT_ERR("bad checksum in packet");
1689 kfree_skb(skb);
1690 return -EILSEQ;
1691 }
1692
1693 if (__test_ea(hdr->len))
1694 skb_pull(skb, 3);
1695 else
1696 skb_pull(skb, 4);
1697
1698 switch (type) {
1699 case RFCOMM_SABM:
1700 if (__test_pf(hdr->ctrl))
1701 rfcomm_recv_sabm(s, dlci);
1702 break;
1703
1704 case RFCOMM_DISC:
1705 if (__test_pf(hdr->ctrl))
1706 rfcomm_recv_disc(s, dlci);
1707 break;
1708
1709 case RFCOMM_UA:
1710 if (__test_pf(hdr->ctrl))
1711 rfcomm_recv_ua(s, dlci);
1712 break;
1713
1714 case RFCOMM_DM:
1715 rfcomm_recv_dm(s, dlci);
1716 break;
1717
1718 case RFCOMM_UIH:
1719 if (dlci)
1720 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1721
1722 rfcomm_recv_mcc(s, skb);
1723 break;
1724
1725 default:
5017d8dd 1726 BT_ERR("Unknown packet type 0x%02x", type);
1da177e4
LT		 1727 break;
1728 }
1729 kfree_skb(skb);
1730 return 0;
1731}
1732
1733/* ---- Connection and data processing ---- */
1734
1735static void rfcomm_process_connect(struct rfcomm_session *s)
1736{
1737 struct rfcomm_dlc *d;
1738 struct list_head *p, *n;
1739
1740 BT_DBG("session %p state %ld", s, s->state);
1741
1742 list_for_each_safe(p, n, &s->dlcs) {
1743 d = list_entry(p, struct rfcomm_dlc, list);
1744 if (d->state == BT_CONFIG) {
1745 d->mtu = s->mtu;
9f2c8a03 1746 if (rfcomm_check_security(d)) {
8c1b2355
MH		 1747 rfcomm_send_pn(s, 1, d);
1748 } else {
77db1980
MH		 1749 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1750 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
8c1b2355 1751 }
1da177e4
LT		 1752 }
1753 }
1754}
1755
1756/* Send data queued for the DLC.
1757 * Return number of frames left in the queue.
1758 */
1759static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1760{
1761 struct sk_buff *skb;
1762 int err;
1763
8e87d142 1764 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1da177e4
LT		 1765 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1766
1767 /* Send pending MSC */
1768 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
8e87d142 1769 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1da177e4
LT		 1770
1771 if (d->cfc) {
8e87d142 1772 /* CFC enabled.
1da177e4
LT		 1773 * Give them some credits */
1774 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
8e87d142 1775 d->rx_credits <= (d->cfc >> 2)) {
1da177e4
LT		 1776 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1777 d->rx_credits = d->cfc;
1778 }
1779 } else {
1780 /* CFC disabled.
1781 * Give ourselves some credits */
1782 d->tx_credits = 5;
1783 }
1784
1785 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1786 return skb_queue_len(&d->tx_queue);
1787
1788 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
262038fc
LAD		 1789 err = rfcomm_send_frame(d->session, skb->data, skb->len,
1790 skb->priority);
1da177e4
LT		 1791 if (err < 0) {
1792 skb_queue_head(&d->tx_queue, skb);
1793 break;
1794 }
1795 kfree_skb(skb);
1796 d->tx_credits--;
1797 }
1798
1799 if (d->cfc && !d->tx_credits) {
1800 /* We're out of TX credits.
1801 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1802 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1803 }
1804
1805 return skb_queue_len(&d->tx_queue);
1806}
1807
1808static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1809{
1810 struct rfcomm_dlc *d;
1811 struct list_head *p, *n;
1812
1813 BT_DBG("session %p state %ld", s, s->state);
1814
1815 list_for_each_safe(p, n, &s->dlcs) {
1816 d = list_entry(p, struct rfcomm_dlc, list);
1817
1818 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1819 __rfcomm_dlc_close(d, ETIMEDOUT);
1820 continue;
1821 }
1822
db54467a
SJ		 1823 if (test_bit(RFCOMM_ENC_DROP, &d->flags)) {
1824 __rfcomm_dlc_close(d, ECONNREFUSED);
1825 continue;
1826 }
1827
1da177e4
LT		 1828 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1829 rfcomm_dlc_clear_timer(d);
77db1980
MH		 1830 if (d->out) {
1831 rfcomm_send_pn(s, 1, d);
1832 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
bb23c0ab
MH		 1833 } else {
1834 if (d->defer_setup) {
1835 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1836 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
8bf47941
MH		 1837
1838 rfcomm_dlc_lock(d);
1839 d->state = BT_CONNECT2;
1840 d->state_change(d, 0);
1841 rfcomm_dlc_unlock(d);
bb23c0ab
MH		 1842 } else
1843 rfcomm_dlc_accept(d);
1844 }
1da177e4
LT		 1845 continue;
1846 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1847 rfcomm_dlc_clear_timer(d);
77db1980
MH		 1848 if (!d->out)
1849 rfcomm_send_dm(s, d->dlci);
1850 else
1851 d->state = BT_CLOSED;
1da177e4
LT		 1852 __rfcomm_dlc_close(d, ECONNREFUSED);
1853 continue;
1854 }
1855
6e1031a4
JG		 1856 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1857 continue;
1858
1da177e4
LT		 1859 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1860 continue;
1861
1862 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
77db1980 1863 d->mscex == RFCOMM_MSCEX_OK)
1da177e4
LT		 1864 rfcomm_process_tx(d);
1865 }
1866}
1867
1868static inline void rfcomm_process_rx(struct rfcomm_session *s)
1869{
1870 struct socket *sock = s->sock;
1871 struct sock *sk = sock->sk;
1872 struct sk_buff *skb;
1873
1874 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1875
1876 /* Get data directly from socket receive queue without copying it. */
1877 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1878 skb_orphan(skb);
44935720
MM		 1879 if (!skb_linearize(skb))
1880 rfcomm_recv_frame(s, skb);
1881 else
1882 kfree_skb(skb);
1da177e4
LT		 1883 }
1884
1885 if (sk->sk_state == BT_CLOSED) {
1886 if (!s->initiator)
1887 rfcomm_session_put(s);
1888
1889 rfcomm_session_close(s, sk->sk_err);
1890 }
1891}
1892
1893static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1894{
1895 struct socket *sock = s->sock, *nsock;
1896 int err;
1897
1898 /* Fast check for a new connection.
1899 * Avoids unnesesary socket allocations. */
1900 if (list_empty(&bt_sk(sock->sk)->accept_q))
1901 return;
1902
1903 BT_DBG("session %p", s);
1904
48db9ca4
MH		 1905 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1906 if (err < 0)
1da177e4
LT		 1907 return;
1908
1da177e4
LT		 1909 /* Set our callbacks */
1910 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1911 nsock->sk->sk_state_change = rfcomm_l2state_change;
1912
1913 s = rfcomm_session_add(nsock, BT_OPEN);
1914 if (s) {
1915 rfcomm_session_hold(s);
98bcd08b
MH		 1916
1917 /* We should adjust MTU on incoming sessions.
1918 * L2CAP MTU minus UIH header and FCS. */
0c1bc5c6
GP		 1919 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1920 l2cap_pi(nsock->sk)->chan->imtu) - 5;
98bcd08b 1921
534c92fd 1922 rfcomm_schedule();
1da177e4
LT		 1923 } else
1924 sock_release(nsock);
1925}
1926
1927static inline void rfcomm_check_connection(struct rfcomm_session *s)
1928{
1929 struct sock *sk = s->sock->sk;
1930
1931 BT_DBG("%p state %ld", s, s->state);
1932
285b4e90 1933 switch (sk->sk_state) {
1da177e4
LT		 1934 case BT_CONNECTED:
1935 s->state = BT_CONNECT;
1936
1937 /* We can adjust MTU on outgoing sessions.
1938 * L2CAP MTU minus UIH header and FCS. */
0c1bc5c6 1939 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
1da177e4
LT		 1940
1941 rfcomm_send_sabm(s, 0);
1942 break;
1943
1944 case BT_CLOSED:
1945 s->state = BT_CLOSED;
1946 rfcomm_session_close(s, sk->sk_err);
1947 break;
1948 }
1949}
1950
1951static inline void rfcomm_process_sessions(void)
1952{
1953 struct list_head *p, *n;
1954
1955 rfcomm_lock();
1956
1957 list_for_each_safe(p, n, &session_list) {
1958 struct rfcomm_session *s;
1959 s = list_entry(p, struct rfcomm_session, list);
1960
9e726b17
LAD		 1961 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1962 s->state = BT_DISCONN;
1963 rfcomm_send_disc(s, 0);
485f1eff 1964 rfcomm_session_put(s);
9e726b17
LAD		 1965 continue;
1966 }
1967
1da177e4
LT		 1968 if (s->state == BT_LISTEN) {
1969 rfcomm_accept_connection(s);
1970 continue;
1971 }
1972
1973 rfcomm_session_hold(s);
1974
1975 switch (s->state) {
1976 case BT_BOUND:
1977 rfcomm_check_connection(s);
1978 break;
1979
1980 default:
1981 rfcomm_process_rx(s);
1982 break;
1983 }
1984
1985 rfcomm_process_dlcs(s);
1986
1987 rfcomm_session_put(s);
1988 }
1989
1990 rfcomm_unlock();
1991}
1992
1da177e4
LT		 1993static int rfcomm_add_listener(bdaddr_t *ba)
1994{
1995 struct sockaddr_l2 addr;
1996 struct socket *sock;
1997 struct sock *sk;
1998 struct rfcomm_session *s;
1999 int err = 0;
2000
2001 /* Create socket */
2002 err = rfcomm_l2sock_create(&sock);
8e87d142 2003 if (err < 0) {
1da177e4
LT		 2004 BT_ERR("Create socket failed %d", err);
2005 return err;
2006 }
2007
2008 /* Bind socket */
2009 bacpy(&addr.l2_bdaddr, ba);
2010 addr.l2_family = AF_BLUETOOTH;
b4324b5d 2011 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
37e62f55 2012 addr.l2_cid = 0;
48db9ca4 2013 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1da177e4
LT		 2014 if (err < 0) {
2015 BT_ERR("Bind failed %d", err);
2016 goto failed;
2017 }
2018
2019 /* Set L2CAP options */
2020 sk = sock->sk;
2021 lock_sock(sk);
0c1bc5c6 2022 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
1da177e4
LT		 2023 release_sock(sk);
2024
2025 /* Start listening on the socket */
48db9ca4 2026 err = kernel_listen(sock, 10);
1da177e4
LT		 2027 if (err) {
2028 BT_ERR("Listen failed %d", err);
2029 goto failed;
2030 }
2031
2032 /* Add listening session */
2033 s = rfcomm_session_add(sock, BT_LISTEN);
2034 if (!s)
2035 goto failed;
2036
2037 rfcomm_session_hold(s);
2038 return 0;
2039failed:
2040 sock_release(sock);
2041 return err;
2042}
2043
2044static void rfcomm_kill_listener(void)
2045{
2046 struct rfcomm_session *s;
2047 struct list_head *p, *n;
2048
2049 BT_DBG("");
2050
2051 list_for_each_safe(p, n, &session_list) {
2052 s = list_entry(p, struct rfcomm_session, list);
2053 rfcomm_session_del(s);
2054 }
2055}
2056
2057static int rfcomm_run(void *unused)
2058{
a524eccc 2059 BT_DBG("");
1da177e4 2060
1da177e4 2061 set_user_nice(current, -10);
1da177e4 2062
1da177e4
LT		 2063 rfcomm_add_listener(BDADDR_ANY);
2064
e5842cdb 2065 while (1) {
a524eccc 2066 set_current_state(TASK_INTERRUPTIBLE);
e5842cdb
PH		 2067
2068 if (kthread_should_stop())
2069 break;
a524eccc
MH		 2070
2071 /* Process stuff */
a524eccc 2072 rfcomm_process_sessions();
e5842cdb
PH		 2073
2074 schedule();
a524eccc 2075 }
e5842cdb 2076 __set_current_state(TASK_RUNNING);
1da177e4
LT		 2077
2078 rfcomm_kill_listener();
2079
1da177e4
LT		 2080 return 0;
2081}
2082
8c1b2355 2083static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1da177e4
LT		 2084{
2085 struct rfcomm_session *s;
2086 struct rfcomm_dlc *d;
2087 struct list_head *p, *n;
2088
2089 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2090
2091 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2092 if (!s)
2093 return;
2094
2095 rfcomm_session_hold(s);
2096
2097 list_for_each_safe(p, n, &s->dlcs) {
2098 d = list_entry(p, struct rfcomm_dlc, list);
2099
8c84b830
MH		 2100 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2101 rfcomm_dlc_clear_timer(d);
2102 if (status || encrypt == 0x00) {
db54467a 2103 set_bit(RFCOMM_ENC_DROP, &d->flags);
8c84b830
MH		 2104 continue;
2105 }
2106 }
2107
2108 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2109 if (d->sec_level == BT_SECURITY_MEDIUM) {
2110 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2111 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2112 continue;
2113 } else if (d->sec_level == BT_SECURITY_HIGH) {
db54467a 2114 set_bit(RFCOMM_ENC_DROP, &d->flags);
8c84b830
MH		 2115 continue;
2116 }
9719f8af
MH		 2117 }
2118
1da177e4
LT		 2119 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2120 continue;
2121
b3b1b061 2122 if (!status && hci_conn_check_secure(conn, d->sec_level))
1da177e4
LT		 2123 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2124 else
2125 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2126 }
2127
2128 rfcomm_session_put(s);
2129
534c92fd 2130 rfcomm_schedule();
1da177e4
LT		 2131}
2132
2133static struct hci_cb rfcomm_cb = {
2134 .name = "RFCOMM",
8c1b2355 2135 .security_cfm = rfcomm_security_cfm
1da177e4
LT		 2136};
2137
aef7d97c 2138static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
1da177e4
LT		 2139{
2140 struct rfcomm_session *s;
1da177e4
LT		 2141
2142 rfcomm_lock();
2143
8035ded4
LAD		 2144 list_for_each_entry(s, &session_list, list) {
2145 struct rfcomm_dlc *d;
2146 list_for_each_entry(d, &s->dlcs, list) {
be9d1227 2147 struct sock *sk = s->sock->sk;
1da177e4 2148
aef7d97c
MH		 2149 seq_printf(f, "%s %s %ld %d %d %d %d\n",
2150 batostr(&bt_sk(sk)->src),
2151 batostr(&bt_sk(sk)->dst),
2152 d->state, d->dlci, d->mtu,
2153 d->rx_credits, d->tx_credits);
1da177e4
LT		 2154 }
2155 }
1da177e4 2156
1da177e4 2157 rfcomm_unlock();
1da177e4 2158
aef7d97c
MH		 2159 return 0;
2160}
2161
2162static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file)
2163{
2164 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private);
1da177e4
LT		 2165}
2166
aef7d97c
MH		 2167static const struct file_operations rfcomm_dlc_debugfs_fops = {
2168 .open = rfcomm_dlc_debugfs_open,
2169 .read = seq_read,
2170 .llseek = seq_lseek,
2171 .release = single_release,
2172};
2173
2174static struct dentry *rfcomm_dlc_debugfs;
1da177e4
LT		 2175
2176/* ---- Initialization ---- */
2177static int __init rfcomm_init(void)
2178{
52d18347 2179 int err;
af0d3b10 2180
1da177e4
LT		 2181 hci_register_cb(&rfcomm_cb);
2182
a524eccc
MH		 2183 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2184 if (IS_ERR(rfcomm_thread)) {
52d18347
MH		 2185 err = PTR_ERR(rfcomm_thread);
2186 goto unregister;
a524eccc 2187 }
1da177e4 2188
aef7d97c
MH		 2189 if (bt_debugfs) {
2190 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2191 bt_debugfs, NULL, &rfcomm_dlc_debugfs_fops);
2192 if (!rfcomm_dlc_debugfs)
2193 BT_ERR("Failed to create RFCOMM debug file");
2194 }
1da177e4 2195
52d18347
MH		 2196 err = rfcomm_init_ttys();
2197 if (err < 0)
2198 goto stop;
1da177e4 2199
52d18347
MH		 2200 err = rfcomm_init_sockets();
2201 if (err < 0)
2202 goto cleanup;
1da177e4 2203
be9d1227
MH		 2204 BT_INFO("RFCOMM ver %s", VERSION);
2205
1da177e4 2206 return 0;
af0d3b10 2207
52d18347 2208cleanup:
af0d3b10 2209 rfcomm_cleanup_ttys();
52d18347
MH		 2210
2211stop:
af0d3b10 2212 kthread_stop(rfcomm_thread);
52d18347
MH		 2213
2214unregister:
af0d3b10
DY		 2215 hci_unregister_cb(&rfcomm_cb);
2216
52d18347 2217 return err;
1da177e4
LT		 2218}
2219
2220static void __exit rfcomm_exit(void)
2221{
aef7d97c 2222 debugfs_remove(rfcomm_dlc_debugfs);
be9d1227 2223
1da177e4
LT		 2224 hci_unregister_cb(&rfcomm_cb);
2225
a524eccc 2226 kthread_stop(rfcomm_thread);
1da177e4 2227
1da177e4 2228 rfcomm_cleanup_ttys();
1da177e4
LT		 2229
2230 rfcomm_cleanup_sockets();
1da177e4
LT		 2231}
2232
2233module_init(rfcomm_init);
2234module_exit(rfcomm_exit);
2235
7c2660b0
MH		 2236module_param(disable_cfc, bool, 0644);
2237MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2238
98bcd08b
MH		 2239module_param(channel_mtu, int, 0644);
2240MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2241
56f3a40a
MH		 2242module_param(l2cap_mtu, uint, 0644);
2243MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2244
eae38eed
MH		 2245module_param(l2cap_ertm, bool, 0644);
2246MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2247
63fbd24e 2248MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1da177e4
LT		 2249MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2250MODULE_VERSION(VERSION);
2251MODULE_LICENSE("GPL");
2252MODULE_ALIAS("bt-proto-3");
kernel source for telekom puls (alcatel/mediatek)