projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge tag 'v3.10.55' into update
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / rfcomm / core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
8e87d142
YH		 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 21 SOFTWARE IS DISCLAIMED.
22*/
23
1da177e4
LT		 24/*
25 * Bluetooth RFCOMM core.
1da177e4
LT		 26 */
27
1da177e4 28#include <linux/module.h>
aef7d97c 29#include <linux/debugfs.h>
a524eccc 30#include <linux/kthread.h>
1da177e4
LT		 31#include <asm/unaligned.h>
32
33#include <net/bluetooth/bluetooth.h>
34#include <net/bluetooth/hci_core.h>
35#include <net/bluetooth/l2cap.h>
36#include <net/bluetooth/rfcomm.h>
37
5f9018af 38#define VERSION "1.11"
56f3a40a 39
eb939922
RR		 40static bool disable_cfc;
41static bool l2cap_ertm;
98bcd08b 42static int channel_mtu = -1;
56f3a40a
MH		 43static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
44
1da177e4
LT		 45static struct task_struct *rfcomm_thread;
46
4a3e2f71
AV		 47static DEFINE_MUTEX(rfcomm_mutex);
48#define rfcomm_lock() mutex_lock(&rfcomm_mutex)
49#define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
1da177e4 50
1da177e4
LT		 51
52static LIST_HEAD(session_list);
1da177e4 53
5436538f 54static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
1da177e4
LT		 55static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
56static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
57static int rfcomm_queue_disc(struct rfcomm_dlc *d);
58static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
59static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
60static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
61static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
62static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
63static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
64
65static void rfcomm_process_connect(struct rfcomm_session *s);
66
63ce0900
LAD		 67static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
68 bdaddr_t *dst,
69 u8 sec_level,
70 int *err);
1da177e4 71static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
8ff52f7d 72static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s);
1da177e4
LT		 73
74/* ---- RFCOMM frame parsing macros ---- */
75#define __get_dlci(b) ((b & 0xfc) >> 2)
76#define __get_channel(b) ((b & 0xf8) >> 3)
77#define __get_dir(b) ((b & 0x04) >> 2)
78#define __get_type(b) ((b & 0xef))
79
80#define __test_ea(b) ((b & 0x01))
81#define __test_cr(b) ((b & 0x02))
82#define __test_pf(b) ((b & 0x10))
83
84#define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
85#define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
86#define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
87#define __srv_channel(dlci) (dlci >> 1)
88#define __dir(dlci) (dlci & 0x01)
89
90#define __len8(len) (((len) << 1) | 1)
91#define __len16(len) ((len) << 1)
92
93/* MCC macros */
94#define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
95#define __get_mcc_type(b) ((b & 0xfc) >> 2)
96#define __get_mcc_len(b) ((b & 0xfe) >> 1)
97
98/* RPN macros */
3a5e903c 99#define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
1da177e4
LT		 100#define __get_rpn_data_bits(line) ((line) & 0x3)
101#define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
3a5e903c 102#define __get_rpn_parity(line) (((line) >> 3) & 0x7)
1da177e4 103
6039aa73 104static void rfcomm_schedule(void)
1da177e4
LT		 105{
106 if (!rfcomm_thread)
107 return;
1da177e4
LT		 108 wake_up_process(rfcomm_thread);
109}
110
1da177e4
LT		 111/* ---- RFCOMM FCS computation ---- */
112
408c1ce2 113/* reversed, 8-bit, poly=0x07 */
8e87d142 114static unsigned char rfcomm_crc_table[256] = {
408c1ce2
MH		 115 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
116 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
117 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
118 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
119
120 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
121 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
122 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
123 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
124
125 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
126 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
127 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
128 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
129
130 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
131 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
132 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
133 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
134
135 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
136 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
137 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
138 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
139
140 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
141 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
142 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
143 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
144
145 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
146 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
147 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
148 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
149
150 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
151 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
152 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
153 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
154};
155
1da177e4
LT		 156/* CRC on 2 bytes */
157#define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
158
8e87d142 159/* FCS on 2 bytes */
1da177e4
LT		 160static inline u8 __fcs(u8 *data)
161{
a02cec21 162 return 0xff - __crc(data);
1da177e4
LT		 163}
164
8e87d142 165/* FCS on 3 bytes */
1da177e4
LT		 166static inline u8 __fcs2(u8 *data)
167{
a02cec21 168 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
1da177e4
LT		 169}
170
171/* Check FCS */
172static inline int __check_fcs(u8 *data, int type, u8 fcs)
173{
174 u8 f = __crc(data);
175
176 if (type != RFCOMM_UIH)
177 f = rfcomm_crc_table[f ^ data[2]];
178
179 return rfcomm_crc_table[f ^ fcs] != 0xcf;
180}
181
182/* ---- L2CAP callbacks ---- */
183static void rfcomm_l2state_change(struct sock *sk)
184{
185 BT_DBG("%p state %d", sk, sk->sk_state);
534c92fd 186 rfcomm_schedule();
1da177e4
LT		 187}
188
189static void rfcomm_l2data_ready(struct sock *sk, int bytes)
190{
191 BT_DBG("%p bytes %d", sk, bytes);
534c92fd 192 rfcomm_schedule();
1da177e4
LT		 193}
194
195static int rfcomm_l2sock_create(struct socket **sock)
196{
197 int err;
198
199 BT_DBG("");
200
201 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
202 if (!err) {
203 struct sock *sk = (*sock)->sk;
204 sk->sk_data_ready = rfcomm_l2data_ready;
205 sk->sk_state_change = rfcomm_l2state_change;
206 }
207 return err;
208}
209
6039aa73 210static int rfcomm_check_security(struct rfcomm_dlc *d)
77db1980
MH		 211{
212 struct sock *sk = d->session->sock->sk;
8c1d787b
GP		 213 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
214
0684e5f9
MH		 215 __u8 auth_type;
216
217 switch (d->sec_level) {
218 case BT_SECURITY_HIGH:
219 auth_type = HCI_AT_GENERAL_BONDING_MITM;
220 break;
221 case BT_SECURITY_MEDIUM:
222 auth_type = HCI_AT_GENERAL_BONDING;
223 break;
224 default:
225 auth_type = HCI_AT_NO_BONDING;
226 break;
227 }
77db1980 228
8c1d787b 229 return hci_conn_security(conn->hcon, d->sec_level, auth_type);
77db1980
MH		 230}
231
9e726b17
LAD		 232static void rfcomm_session_timeout(unsigned long arg)
233{
234 struct rfcomm_session *s = (void *) arg;
235
236 BT_DBG("session %p state %ld", s, s->state);
237
238 set_bit(RFCOMM_TIMED_OUT, &s->flags);
534c92fd 239 rfcomm_schedule();
9e726b17
LAD		 240}
241
242static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
243{
244 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
245
08c30aca 246 mod_timer(&s->timer, jiffies + timeout);
9e726b17
LAD		 247}
248
249static void rfcomm_session_clear_timer(struct rfcomm_session *s)
250{
251 BT_DBG("session %p state %ld", s, s->state);
252
08c30aca 253 del_timer_sync(&s->timer);
9e726b17
LAD		 254}
255
1da177e4
LT		 256/* ---- RFCOMM DLCs ---- */
257static void rfcomm_dlc_timeout(unsigned long arg)
258{
259 struct rfcomm_dlc *d = (void *) arg;
260
261 BT_DBG("dlc %p state %ld", d, d->state);
262
263 set_bit(RFCOMM_TIMED_OUT, &d->flags);
264 rfcomm_dlc_put(d);
534c92fd 265 rfcomm_schedule();
1da177e4
LT		 266}
267
268static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
269{
270 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
271
272 if (!mod_timer(&d->timer, jiffies + timeout))
273 rfcomm_dlc_hold(d);
274}
275
276static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
277{
278 BT_DBG("dlc %p state %ld", d, d->state);
279
25cc4ae9 280 if (del_timer(&d->timer))
1da177e4
LT		 281 rfcomm_dlc_put(d);
282}
283
284static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
285{
286 BT_DBG("%p", d);
287
288 d->state = BT_OPEN;
289 d->flags = 0;
290 d->mscex = 0;
183f732c 291 d->sec_level = BT_SECURITY_LOW;
1da177e4
LT		 292 d->mtu = RFCOMM_DEFAULT_MTU;
293 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
294
295 d->cfc = RFCOMM_CFC_DISABLED;
296 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
297}
298
dd0fc66f 299struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
1da177e4 300{
25ea6db0
MH		 301 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
302
1da177e4
LT		 303 if (!d)
304 return NULL;
1da177e4 305
b24b8a24 306 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
1da177e4
LT		 307
308 skb_queue_head_init(&d->tx_queue);
309 spin_lock_init(&d->lock);
310 atomic_set(&d->refcnt, 1);
311
312 rfcomm_dlc_clear_state(d);
8e87d142 313
1da177e4 314 BT_DBG("%p", d);
25ea6db0 315
1da177e4
LT		 316 return d;
317}
318
319void rfcomm_dlc_free(struct rfcomm_dlc *d)
320{
321 BT_DBG("%p", d);
322
323 skb_queue_purge(&d->tx_queue);
324 kfree(d);
325}
326
327static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
328{
329 BT_DBG("dlc %p session %p", d, s);
330
9e726b17 331 rfcomm_session_clear_timer(s);
1da177e4
LT		 332 rfcomm_dlc_hold(d);
333 list_add(&d->list, &s->dlcs);
334 d->session = s;
335}
336
337static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
338{
339 struct rfcomm_session *s = d->session;
340
341 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
342
343 list_del(&d->list);
344 d->session = NULL;
345 rfcomm_dlc_put(d);
346
9e726b17
LAD		 347 if (list_empty(&s->dlcs))
348 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
1da177e4
LT		 349}
350
351static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
352{
353 struct rfcomm_dlc *d;
1da177e4 354
8035ded4 355 list_for_each_entry(d, &s->dlcs, list)
1da177e4
LT		 356 if (d->dlci == dlci)
357 return d;
8035ded4 358
1da177e4
LT		 359 return NULL;
360}
361
362static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
363{
364 struct rfcomm_session *s;
365 int err = 0;
366 u8 dlci;
367
6ed93dc6
AE		 368 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d",
369 d, d->state, src, dst, channel);
1da177e4
LT		 370
371 if (channel < 1 || channel > 30)
372 return -EINVAL;
373
374 if (d->state != BT_OPEN && d->state != BT_CLOSED)
375 return 0;
376
377 s = rfcomm_session_get(src, dst);
378 if (!s) {
63ce0900 379 s = rfcomm_session_create(src, dst, d->sec_level, &err);
1da177e4
LT		 380 if (!s)
381 return err;
382 }
383
384 dlci = __dlci(!s->initiator, channel);
385
386 /* Check if DLCI already exists */
387 if (rfcomm_dlc_get(s, dlci))
388 return -EBUSY;
389
390 rfcomm_dlc_clear_state(d);
391
392 d->dlci = dlci;
393 d->addr = __addr(s->initiator, dlci);
394 d->priority = 7;
395
77db1980 396 d->state = BT_CONFIG;
1da177e4
LT		 397 rfcomm_dlc_link(s, d);
398
77db1980
MH		 399 d->out = 1;
400
1da177e4
LT		 401 d->mtu = s->mtu;
402 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
403
77db1980 404 if (s->state == BT_CONNECTED) {
9f2c8a03 405 if (rfcomm_check_security(d))
77db1980 406 rfcomm_send_pn(s, 1, d);
8c1b2355
MH		 407 else
408 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
77db1980
MH		 409 }
410
1da177e4 411 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
77db1980 412
1da177e4
LT		 413 return 0;
414}
415
416int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
417{
418 int r;
419
420 rfcomm_lock();
421
422 r = __rfcomm_dlc_open(d, src, dst, channel);
423
424 rfcomm_unlock();
425 return r;
426}
427
428static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
429{
430 struct rfcomm_session *s = d->session;
431 if (!s)
432 return 0;
433
434 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
435 d, d->state, d->dlci, err, s);
436
437 switch (d->state) {
1da177e4 438 case BT_CONNECT:
bb23c0ab
MH		 439 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
440 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
534c92fd 441 rfcomm_schedule();
bb23c0ab
MH		 442 break;
443 }
444 /* Fall through */
445
446 case BT_CONNECTED:
1da177e4
LT		 447 d->state = BT_DISCONN;
448 if (skb_queue_empty(&d->tx_queue)) {
449 rfcomm_send_disc(s, d->dlci);
450 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
451 } else {
452 rfcomm_queue_disc(d);
453 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
454 }
455 break;
456
bb23c0ab 457 case BT_OPEN:
8bf47941 458 case BT_CONNECT2:
bb23c0ab
MH		 459 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
460 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
534c92fd 461 rfcomm_schedule();
bb23c0ab
MH		 462 break;
463 }
464 /* Fall through */
465
1da177e4
LT		 466 default:
467 rfcomm_dlc_clear_timer(d);
468
469 rfcomm_dlc_lock(d);
470 d->state = BT_CLOSED;
1905f6c7 471 d->state_change(d, err);
4c8411f8 472 rfcomm_dlc_unlock(d);
1da177e4
LT		 473
474 skb_queue_purge(&d->tx_queue);
1da177e4
LT		 475 rfcomm_dlc_unlink(d);
476 }
477
478 return 0;
479}
480
481int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
482{
c06f7d53
DJ		 483 int r = 0;
484 struct rfcomm_dlc *d_list;
485 struct rfcomm_session *s, *s_list;
486
487 BT_DBG("dlc %p state %ld dlci %d err %d", d, d->state, d->dlci, err);
1da177e4
LT		 488
489 rfcomm_lock();
490
c06f7d53
DJ		 491 s = d->session;
492 if (!s)
493 goto no_session;
494
495 /* after waiting on the mutex check the session still exists
496 * then check the dlc still exists
497 */
498 list_for_each_entry(s_list, &session_list, list) {
499 if (s_list == s) {
500 list_for_each_entry(d_list, &s->dlcs, list) {
501 if (d_list == d) {
502 r = __rfcomm_dlc_close(d, err);
503 break;
504 }
505 }
506 break;
507 }
508 }
1da177e4 509
c06f7d53 510no_session:
1da177e4
LT		 511 rfcomm_unlock();
512 return r;
513}
514
515int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
516{
517 int len = skb->len;
518
519 if (d->state != BT_CONNECTED)
520 return -ENOTCONN;
521
522 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
523
524 if (len > d->mtu)
525 return -EINVAL;
526
527 rfcomm_make_uih(skb, d->addr);
528 skb_queue_tail(&d->tx_queue, skb);
529
530 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
534c92fd 531 rfcomm_schedule();
1da177e4
LT		 532 return len;
533}
534
b5606c2d 535void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
1da177e4
LT		 536{
537 BT_DBG("dlc %p state %ld", d, d->state);
538
539 if (!d->cfc) {
540 d->v24_sig |= RFCOMM_V24_FC;
541 set_bit(RFCOMM_MSC_PENDING, &d->flags);
542 }
534c92fd 543 rfcomm_schedule();
1da177e4
LT		 544}
545
b5606c2d 546void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
1da177e4
LT		 547{
548 BT_DBG("dlc %p state %ld", d, d->state);
549
550 if (!d->cfc) {
551 d->v24_sig &= ~RFCOMM_V24_FC;
552 set_bit(RFCOMM_MSC_PENDING, &d->flags);
553 }
534c92fd 554 rfcomm_schedule();
1da177e4
LT		 555}
556
8e87d142 557/*
1da177e4
LT		 558 Set/get modem status functions use _local_ status i.e. what we report
559 to the other side.
560 Remote status is provided by dlc->modem_status() callback.
561 */
562int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
563{
8e87d142 564 BT_DBG("dlc %p state %ld v24_sig 0x%x",
1da177e4
LT		 565 d, d->state, v24_sig);
566
567 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
568 v24_sig |= RFCOMM_V24_FC;
569 else
570 v24_sig &= ~RFCOMM_V24_FC;
8e87d142 571
1da177e4
LT		 572 d->v24_sig = v24_sig;
573
574 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
534c92fd 575 rfcomm_schedule();
1da177e4
LT		 576
577 return 0;
578}
579
580int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
581{
8e87d142 582 BT_DBG("dlc %p state %ld v24_sig 0x%x",
1da177e4
LT		 583 d, d->state, d->v24_sig);
584
585 *v24_sig = d->v24_sig;
586 return 0;
587}
588
589/* ---- RFCOMM sessions ---- */
590static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
591{
25ea6db0
MH		 592 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
593
1da177e4
LT		 594 if (!s)
595 return NULL;
1da177e4
LT		 596
597 BT_DBG("session %p sock %p", s, sock);
598
9e726b17
LAD		 599 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
600
1da177e4
LT		 601 INIT_LIST_HEAD(&s->dlcs);
602 s->state = state;
603 s->sock = sock;
604
605 s->mtu = RFCOMM_DEFAULT_MTU;
7c2660b0 606 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
1da177e4
LT		 607
608 /* Do not increment module usage count for listening sessions.
609 * Otherwise we won't be able to unload the module. */
610 if (state != BT_LISTEN)
611 if (!try_module_get(THIS_MODULE)) {
612 kfree(s);
613 return NULL;
614 }
615
616 list_add(&s->list, &session_list);
617
618 return s;
619}
620
8ff52f7d 621static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s)
1da177e4
LT		 622{
623 int state = s->state;
624
625 BT_DBG("session %p state %ld", s, s->state);
626
627 list_del(&s->list);
628
9e726b17 629 rfcomm_session_clear_timer(s);
1da177e4
LT		 630 sock_release(s->sock);
631 kfree(s);
632
633 if (state != BT_LISTEN)
634 module_put(THIS_MODULE);
8ff52f7d
DJ		 635
636 return NULL;
1da177e4
LT		 637}
638
639static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
640{
641 struct rfcomm_session *s;
642 struct list_head *p, *n;
643 struct bt_sock *sk;
644 list_for_each_safe(p, n, &session_list) {
645 s = list_entry(p, struct rfcomm_session, list);
8e87d142 646 sk = bt_sk(s->sock->sk);
1da177e4
LT		 647
648 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
649 !bacmp(&sk->dst, dst))
650 return s;
651 }
652 return NULL;
653}
654
8ff52f7d
DJ		 655static struct rfcomm_session *rfcomm_session_close(struct rfcomm_session *s,
656 int err)
1da177e4
LT		 657{
658 struct rfcomm_dlc *d;
659 struct list_head *p, *n;
660
1da177e4
LT		 661 s->state = BT_CLOSED;
662
24fd642c
DJ		 663 BT_DBG("session %p state %ld err %d", s, s->state, err);
664
1da177e4
LT		 665 /* Close all dlcs */
666 list_for_each_safe(p, n, &s->dlcs) {
667 d = list_entry(p, struct rfcomm_dlc, list);
668 d->state = BT_CLOSED;
669 __rfcomm_dlc_close(d, err);
670 }
671
9e726b17 672 rfcomm_session_clear_timer(s);
08c30aca 673 return rfcomm_session_del(s);
1da177e4
LT		 674}
675
63ce0900
LAD		 676static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
677 bdaddr_t *dst,
678 u8 sec_level,
679 int *err)
1da177e4
LT		 680{
681 struct rfcomm_session *s = NULL;
682 struct sockaddr_l2 addr;
683 struct socket *sock;
684 struct sock *sk;
685
6ed93dc6 686 BT_DBG("%pMR -> %pMR", src, dst);
1da177e4
LT		 687
688 *err = rfcomm_l2sock_create(&sock);
689 if (*err < 0)
690 return NULL;
691
692 bacpy(&addr.l2_bdaddr, src);
693 addr.l2_family = AF_BLUETOOTH;
694 addr.l2_psm = 0;
37e62f55 695 addr.l2_cid = 0;
48db9ca4 696 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1da177e4
LT		 697 if (*err < 0)
698 goto failed;
699
700 /* Set L2CAP options */
701 sk = sock->sk;
702 lock_sock(sk);
0c1bc5c6 703 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
47d1ec61 704 l2cap_pi(sk)->chan->sec_level = sec_level;
eae38eed 705 if (l2cap_ertm)
0c1bc5c6 706 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
1da177e4
LT		 707 release_sock(sk);
708
709 s = rfcomm_session_add(sock, BT_BOUND);
710 if (!s) {
711 *err = -ENOMEM;
712 goto failed;
713 }
714
1da177e4
LT		 715 s->initiator = 1;
716
717 bacpy(&addr.l2_bdaddr, dst);
718 addr.l2_family = AF_BLUETOOTH;
5bcb8094 719 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
37e62f55 720 addr.l2_cid = 0;
48db9ca4 721 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
b4c612a4 722 if (*err == 0 || *err == -EINPROGRESS)
1da177e4
LT		 723 return s;
724
8ff52f7d 725 return rfcomm_session_del(s);
1da177e4
LT		 726
727failed:
728 sock_release(sock);
729 return NULL;
730}
731
732void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
733{
734 struct sock *sk = s->sock->sk;
735 if (src)
736 bacpy(src, &bt_sk(sk)->src);
737 if (dst)
738 bacpy(dst, &bt_sk(sk)->dst);
739}
740
741/* ---- RFCOMM frame sending ---- */
5436538f 742static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
1da177e4 743{
1da177e4
LT		 744 struct kvec iv = { data, len };
745 struct msghdr msg;
746
5436538f 747 BT_DBG("session %p len %d", s, len);
1da177e4
LT		 748
749 memset(&msg, 0, sizeof(msg));
750
5436538f 751 return kernel_sendmsg(s->sock, &msg, &iv, 1, len);
1da177e4
LT		 752}
753
262038fc
LAD		 754static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd)
755{
756 BT_DBG("%p cmd %u", s, cmd->ctrl);
757
5436538f 758 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd));
262038fc
LAD		 759}
760
1da177e4
LT		 761static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
762{
763 struct rfcomm_cmd cmd;
764
765 BT_DBG("%p dlci %d", s, dlci);
766
767 cmd.addr = __addr(s->initiator, dlci);
768 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
769 cmd.len = __len8(0);
770 cmd.fcs = __fcs2((u8 *) &cmd);
771
262038fc 772 return rfcomm_send_cmd(s, &cmd);
1da177e4
LT		 773}
774
775static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
776{
777 struct rfcomm_cmd cmd;
778
779 BT_DBG("%p dlci %d", s, dlci);
780
781 cmd.addr = __addr(!s->initiator, dlci);
782 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
783 cmd.len = __len8(0);
784 cmd.fcs = __fcs2((u8 *) &cmd);
785
262038fc 786 return rfcomm_send_cmd(s, &cmd);
1da177e4
LT		 787}
788
789static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
790{
791 struct rfcomm_cmd cmd;
792
793 BT_DBG("%p dlci %d", s, dlci);
794
795 cmd.addr = __addr(s->initiator, dlci);
796 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
797 cmd.len = __len8(0);
798 cmd.fcs = __fcs2((u8 *) &cmd);
799
262038fc 800 return rfcomm_send_cmd(s, &cmd);
1da177e4
LT		 801}
802
803static int rfcomm_queue_disc(struct rfcomm_dlc *d)
804{
805 struct rfcomm_cmd *cmd;
806 struct sk_buff *skb;
807
808 BT_DBG("dlc %p dlci %d", d, d->dlci);
809
810 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
811 if (!skb)
812 return -ENOMEM;
813
814 cmd = (void *) __skb_put(skb, sizeof(*cmd));
815 cmd->addr = d->addr;
816 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
817 cmd->len = __len8(0);
818 cmd->fcs = __fcs2((u8 *) cmd);
819
820 skb_queue_tail(&d->tx_queue, skb);
534c92fd 821 rfcomm_schedule();
1da177e4
LT		 822 return 0;
823}
824
825static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
826{
827 struct rfcomm_cmd cmd;
828
829 BT_DBG("%p dlci %d", s, dlci);
830
831 cmd.addr = __addr(!s->initiator, dlci);
832 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
833 cmd.len = __len8(0);
834 cmd.fcs = __fcs2((u8 *) &cmd);
835
262038fc 836 return rfcomm_send_cmd(s, &cmd);
1da177e4
LT		 837}
838
839static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
840{
841 struct rfcomm_hdr *hdr;
842 struct rfcomm_mcc *mcc;
843 u8 buf[16], *ptr = buf;
844
845 BT_DBG("%p cr %d type %d", s, cr, type);
846
847 hdr = (void *) ptr; ptr += sizeof(*hdr);
848 hdr->addr = __addr(s->initiator, 0);
849 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
850 hdr->len = __len8(sizeof(*mcc) + 1);
851
852 mcc = (void *) ptr; ptr += sizeof(*mcc);
853 mcc->type = __mcc_type(cr, RFCOMM_NSC);
854 mcc->len = __len8(1);
855
856 /* Type that we didn't like */
857 *ptr = __mcc_type(cr, type); ptr++;
858
859 *ptr = __fcs(buf); ptr++;
860
5436538f 861 return rfcomm_send_frame(s, buf, ptr - buf);
1da177e4
LT		 862}
863
864static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
865{
866 struct rfcomm_hdr *hdr;
867 struct rfcomm_mcc *mcc;
868 struct rfcomm_pn *pn;
869 u8 buf[16], *ptr = buf;
870
871 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
872
873 hdr = (void *) ptr; ptr += sizeof(*hdr);
874 hdr->addr = __addr(s->initiator, 0);
875 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
876 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
877
878 mcc = (void *) ptr; ptr += sizeof(*mcc);
879 mcc->type = __mcc_type(cr, RFCOMM_PN);
880 mcc->len = __len8(sizeof(*pn));
881
882 pn = (void *) ptr; ptr += sizeof(*pn);
883 pn->dlci = d->dlci;
884 pn->priority = d->priority;
885 pn->ack_timer = 0;
886 pn->max_retrans = 0;
887
888 if (s->cfc) {
889 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
890 pn->credits = RFCOMM_DEFAULT_CREDITS;
891 } else {
892 pn->flow_ctrl = 0;
893 pn->credits = 0;
894 }
895
98bcd08b 896 if (cr && channel_mtu >= 0)
b4324b5d 897 pn->mtu = cpu_to_le16(channel_mtu);
98bcd08b 898 else
b4324b5d 899 pn->mtu = cpu_to_le16(d->mtu);
1da177e4
LT		 900
901 *ptr = __fcs(buf); ptr++;
902
5436538f 903 return rfcomm_send_frame(s, buf, ptr - buf);
1da177e4
LT		 904}
905
3a5e903c
S		 906int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
907 u8 bit_rate, u8 data_bits, u8 stop_bits,
8e87d142 908 u8 parity, u8 flow_ctrl_settings,
3a5e903c 909 u8 xon_char, u8 xoff_char, u16 param_mask)
1da177e4
LT		 910{
911 struct rfcomm_hdr *hdr;
912 struct rfcomm_mcc *mcc;
913 struct rfcomm_rpn *rpn;
914 u8 buf[16], *ptr = buf;
915
916 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
8e87d142
YH		 917 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
918 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
3a5e903c 919 flow_ctrl_settings, xon_char, xoff_char, param_mask);
1da177e4
LT		 920
921 hdr = (void *) ptr; ptr += sizeof(*hdr);
922 hdr->addr = __addr(s->initiator, 0);
923 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
924 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
925
926 mcc = (void *) ptr; ptr += sizeof(*mcc);
927 mcc->type = __mcc_type(cr, RFCOMM_RPN);
928 mcc->len = __len8(sizeof(*rpn));
929
930 rpn = (void *) ptr; ptr += sizeof(*rpn);
931 rpn->dlci = __addr(1, dlci);
932 rpn->bit_rate = bit_rate;
933 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
934 rpn->flow_ctrl = flow_ctrl_settings;
935 rpn->xon_char = xon_char;
936 rpn->xoff_char = xoff_char;
e8db8c99 937 rpn->param_mask = cpu_to_le16(param_mask);
1da177e4
LT		 938
939 *ptr = __fcs(buf); ptr++;
940
5436538f 941 return rfcomm_send_frame(s, buf, ptr - buf);
1da177e4
LT		 942}
943
944static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
945{
946 struct rfcomm_hdr *hdr;
947 struct rfcomm_mcc *mcc;
948 struct rfcomm_rls *rls;
949 u8 buf[16], *ptr = buf;
950
951 BT_DBG("%p cr %d status 0x%x", s, cr, status);
952
953 hdr = (void *) ptr; ptr += sizeof(*hdr);
954 hdr->addr = __addr(s->initiator, 0);
955 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
956 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
957
958 mcc = (void *) ptr; ptr += sizeof(*mcc);
959 mcc->type = __mcc_type(cr, RFCOMM_RLS);
960 mcc->len = __len8(sizeof(*rls));
961
962 rls = (void *) ptr; ptr += sizeof(*rls);
963 rls->dlci = __addr(1, dlci);
964 rls->status = status;
965
966 *ptr = __fcs(buf); ptr++;
967
5436538f 968 return rfcomm_send_frame(s, buf, ptr - buf);
1da177e4
LT		 969}
970
971static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
972{
973 struct rfcomm_hdr *hdr;
974 struct rfcomm_mcc *mcc;
975 struct rfcomm_msc *msc;
976 u8 buf[16], *ptr = buf;
977
978 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
979
980 hdr = (void *) ptr; ptr += sizeof(*hdr);
981 hdr->addr = __addr(s->initiator, 0);
982 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
983 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
984
985 mcc = (void *) ptr; ptr += sizeof(*mcc);
986 mcc->type = __mcc_type(cr, RFCOMM_MSC);
987 mcc->len = __len8(sizeof(*msc));
988
989 msc = (void *) ptr; ptr += sizeof(*msc);
990 msc->dlci = __addr(1, dlci);
991 msc->v24_sig = v24_sig | 0x01;
992
993 *ptr = __fcs(buf); ptr++;
994
5436538f 995 return rfcomm_send_frame(s, buf, ptr - buf);
1da177e4
LT		 996}
997
998static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
999{
1000 struct rfcomm_hdr *hdr;
1001 struct rfcomm_mcc *mcc;
1002 u8 buf[16], *ptr = buf;
1003
1004 BT_DBG("%p cr %d", s, cr);
1005
1006 hdr = (void *) ptr; ptr += sizeof(*hdr);
1007 hdr->addr = __addr(s->initiator, 0);
1008 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1009 hdr->len = __len8(sizeof(*mcc));
1010
1011 mcc = (void *) ptr; ptr += sizeof(*mcc);
1012 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1013 mcc->len = __len8(0);
1014
1015 *ptr = __fcs(buf); ptr++;
1016
5436538f 1017 return rfcomm_send_frame(s, buf, ptr - buf);
1da177e4
LT		 1018}
1019
1020static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1021{
1022 struct rfcomm_hdr *hdr;
1023 struct rfcomm_mcc *mcc;
1024 u8 buf[16], *ptr = buf;
1025
1026 BT_DBG("%p cr %d", s, cr);
1027
1028 hdr = (void *) ptr; ptr += sizeof(*hdr);
1029 hdr->addr = __addr(s->initiator, 0);
1030 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1031 hdr->len = __len8(sizeof(*mcc));
1032
1033 mcc = (void *) ptr; ptr += sizeof(*mcc);
1034 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1035 mcc->len = __len8(0);
1036
1037 *ptr = __fcs(buf); ptr++;
1038
5436538f 1039 return rfcomm_send_frame(s, buf, ptr - buf);
1da177e4
LT		 1040}
1041
1042static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1043{
1044 struct socket *sock = s->sock;
1045 struct kvec iv[3];
1046 struct msghdr msg;
1047 unsigned char hdr[5], crc[1];
1048
1049 if (len > 125)
1050 return -EINVAL;
1051
1052 BT_DBG("%p cr %d", s, cr);
1053
1054 hdr[0] = __addr(s->initiator, 0);
1055 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1056 hdr[2] = 0x01 | ((len + 2) << 1);
1057 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1058 hdr[4] = 0x01 | (len << 1);
1059
1060 crc[0] = __fcs(hdr);
1061
1062 iv[0].iov_base = hdr;
1063 iv[0].iov_len = 5;
1064 iv[1].iov_base = pattern;
1065 iv[1].iov_len = len;
1066 iv[2].iov_base = crc;
1067 iv[2].iov_len = 1;
1068
1069 memset(&msg, 0, sizeof(msg));
1070
1071 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1072}
1073
1074static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1075{
1076 struct rfcomm_hdr *hdr;
1077 u8 buf[16], *ptr = buf;
1078
1079 BT_DBG("%p addr %d credits %d", s, addr, credits);
1080
1081 hdr = (void *) ptr; ptr += sizeof(*hdr);
1082 hdr->addr = addr;
1083 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1084 hdr->len = __len8(0);
1085
1086 *ptr = credits; ptr++;
1087
1088 *ptr = __fcs(buf); ptr++;
1089
5436538f 1090 return rfcomm_send_frame(s, buf, ptr - buf);
1da177e4
LT		 1091}
1092
1093static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1094{
1095 struct rfcomm_hdr *hdr;
1096 int len = skb->len;
1097 u8 *crc;
1098
1099 if (len > 127) {
1100 hdr = (void *) skb_push(skb, 4);
b4324b5d 1101 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1da177e4
LT		 1102 } else {
1103 hdr = (void *) skb_push(skb, 3);
1104 hdr->len = __len8(len);
1105 }
1106 hdr->addr = addr;
1107 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1108
1109 crc = skb_put(skb, 1);
1110 *crc = __fcs((void *) hdr);
1111}
1112
1113/* ---- RFCOMM frame reception ---- */
8ff52f7d 1114static struct rfcomm_session *rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1da177e4
LT		 1115{
1116 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1117
1118 if (dlci) {
1119 /* Data channel */
1120 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1121 if (!d) {
1122 rfcomm_send_dm(s, dlci);
8ff52f7d 1123 return s;
1da177e4
LT		 1124 }
1125
1126 switch (d->state) {
1127 case BT_CONNECT:
1128 rfcomm_dlc_clear_timer(d);
1129
1130 rfcomm_dlc_lock(d);
1131 d->state = BT_CONNECTED;
1132 d->state_change(d, 0);
1133 rfcomm_dlc_unlock(d);
1134
1135 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1136 break;
1137
1138 case BT_DISCONN:
1139 d->state = BT_CLOSED;
1140 __rfcomm_dlc_close(d, 0);
9cf5b0ea
MH		 1141
1142 if (list_empty(&s->dlcs)) {
1143 s->state = BT_DISCONN;
1144 rfcomm_send_disc(s, 0);
79e65478 1145 rfcomm_session_clear_timer(s);
9cf5b0ea
MH		 1146 }
1147
1da177e4
LT		 1148 break;
1149 }
1150 } else {
1151 /* Control channel */
1152 switch (s->state) {
1153 case BT_CONNECT:
1154 s->state = BT_CONNECTED;
1155 rfcomm_process_connect(s);
1156 break;
9cf5b0ea
MH		 1157
1158 case BT_DISCONN:
8ff52f7d 1159 s = rfcomm_session_close(s, ECONNRESET);
9cf5b0ea 1160 break;
1da177e4
LT		 1161 }
1162 }
8ff52f7d 1163 return s;
1da177e4
LT		 1164}
1165
8ff52f7d 1166static struct rfcomm_session *rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1da177e4
LT		 1167{
1168 int err = 0;
1169
1170 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1171
1172 if (dlci) {
1173 /* Data DLC */
1174 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1175 if (d) {
1176 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1177 err = ECONNREFUSED;
1178 else
1179 err = ECONNRESET;
1180
1181 d->state = BT_CLOSED;
1182 __rfcomm_dlc_close(d, err);
1183 }
1184 } else {
1185 if (s->state == BT_CONNECT)
1186 err = ECONNREFUSED;
1187 else
1188 err = ECONNRESET;
1189
8ff52f7d 1190 s = rfcomm_session_close(s, err);
1da177e4 1191 }
8ff52f7d 1192 return s;
1da177e4
LT		 1193}
1194
8ff52f7d
DJ		 1195static struct rfcomm_session *rfcomm_recv_disc(struct rfcomm_session *s,
1196 u8 dlci)
1da177e4
LT		 1197{
1198 int err = 0;
1199
1200 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1201
1202 if (dlci) {
1203 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1204 if (d) {
1205 rfcomm_send_ua(s, dlci);
1206
1207 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1208 err = ECONNREFUSED;
1209 else
1210 err = ECONNRESET;
1211
1212 d->state = BT_CLOSED;
1213 __rfcomm_dlc_close(d, err);
8e87d142 1214 } else
1da177e4 1215 rfcomm_send_dm(s, dlci);
8e87d142 1216
1da177e4
LT		 1217 } else {
1218 rfcomm_send_ua(s, 0);
1219
1220 if (s->state == BT_CONNECT)
1221 err = ECONNREFUSED;
1222 else
1223 err = ECONNRESET;
1224
8ff52f7d 1225 s = rfcomm_session_close(s, err);
1da177e4 1226 }
8ff52f7d 1227 return s;
1da177e4
LT		 1228}
1229
bb23c0ab 1230void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1da177e4 1231{
300b9397 1232 struct sock *sk = d->session->sock->sk;
8c1d787b 1233 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
300b9397 1234
1da177e4
LT		 1235 BT_DBG("dlc %p", d);
1236
1237 rfcomm_send_ua(d->session, d->dlci);
1238
e2139b32
JH		 1239 rfcomm_dlc_clear_timer(d);
1240
1da177e4
LT		 1241 rfcomm_dlc_lock(d);
1242 d->state = BT_CONNECTED;
1243 d->state_change(d, 0);
1244 rfcomm_dlc_unlock(d);
1245
9f2c8a03 1246 if (d->role_switch)
8c1d787b 1247 hci_conn_switch_role(conn->hcon, 0x00);
300b9397 1248
1da177e4
LT		 1249 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1250}
1251
bb23c0ab
MH		 1252static void rfcomm_check_accept(struct rfcomm_dlc *d)
1253{
9f2c8a03 1254 if (rfcomm_check_security(d)) {
bb23c0ab
MH		 1255 if (d->defer_setup) {
1256 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1257 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
8bf47941
MH		 1258
1259 rfcomm_dlc_lock(d);
1260 d->state = BT_CONNECT2;
1261 d->state_change(d, 0);
1262 rfcomm_dlc_unlock(d);
bb23c0ab
MH		 1263 } else
1264 rfcomm_dlc_accept(d);
8c1b2355
MH		 1265 } else {
1266 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1267 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
bb23c0ab
MH		 1268 }
1269}
1270
1da177e4
LT		 1271static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1272{
1273 struct rfcomm_dlc *d;
1274 u8 channel;
1275
1276 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1277
1278 if (!dlci) {
1279 rfcomm_send_ua(s, 0);
1280
1281 if (s->state == BT_OPEN) {
1282 s->state = BT_CONNECTED;
1283 rfcomm_process_connect(s);
1284 }
1285 return 0;
1286 }
1287
1288 /* Check if DLC exists */
1289 d = rfcomm_dlc_get(s, dlci);
1290 if (d) {
1291 if (d->state == BT_OPEN) {
1292 /* DLC was previously opened by PN request */
bb23c0ab 1293 rfcomm_check_accept(d);
1da177e4
LT		 1294 }
1295 return 0;
1296 }
1297
1298 /* Notify socket layer about incoming connection */
1299 channel = __srv_channel(dlci);
1300 if (rfcomm_connect_ind(s, channel, &d)) {
1301 d->dlci = dlci;
1302 d->addr = __addr(s->initiator, dlci);
1303 rfcomm_dlc_link(s, d);
1304
bb23c0ab 1305 rfcomm_check_accept(d);
1da177e4
LT		 1306 } else {
1307 rfcomm_send_dm(s, dlci);
1308 }
1309
1310 return 0;
1311}
1312
1313static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1314{
1315 struct rfcomm_session *s = d->session;
1316
8e87d142 1317 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1da177e4
LT		 1318 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1319
7c2660b0
MH		 1320 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1321 pn->flow_ctrl == 0xe0) {
1322 d->cfc = RFCOMM_CFC_ENABLED;
1da177e4
LT		 1323 d->tx_credits = pn->credits;
1324 } else {
7c2660b0 1325 d->cfc = RFCOMM_CFC_DISABLED;
1da177e4
LT		 1326 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1327 }
1328
7c2660b0
MH		 1329 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1330 s->cfc = d->cfc;
1331
1da177e4
LT		 1332 d->priority = pn->priority;
1333
b4324b5d 1334 d->mtu = __le16_to_cpu(pn->mtu);
98bcd08b
MH		 1335
1336 if (cr && d->mtu > s->mtu)
1337 d->mtu = s->mtu;
1da177e4
LT		 1338
1339 return 0;
1340}
1341
1342static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1343{
1344 struct rfcomm_pn *pn = (void *) skb->data;
1345 struct rfcomm_dlc *d;
1346 u8 dlci = pn->dlci;
1347
1348 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1349
1350 if (!dlci)
1351 return 0;
1352
1353 d = rfcomm_dlc_get(s, dlci);
1354 if (d) {
1355 if (cr) {
1356 /* PN request */
1357 rfcomm_apply_pn(d, cr, pn);
1358 rfcomm_send_pn(s, 0, d);
1359 } else {
1360 /* PN response */
1361 switch (d->state) {
1362 case BT_CONFIG:
1363 rfcomm_apply_pn(d, cr, pn);
1364
1365 d->state = BT_CONNECT;
1366 rfcomm_send_sabm(s, d->dlci);
1367 break;
1368 }
1369 }
1370 } else {
1371 u8 channel = __srv_channel(dlci);
1372
1373 if (!cr)
1374 return 0;
1375
1376 /* PN request for non existing DLC.
1377 * Assume incoming connection. */
1378 if (rfcomm_connect_ind(s, channel, &d)) {
1379 d->dlci = dlci;
1380 d->addr = __addr(s->initiator, dlci);
1381 rfcomm_dlc_link(s, d);
1382
1383 rfcomm_apply_pn(d, cr, pn);
1384
1385 d->state = BT_OPEN;
1386 rfcomm_send_pn(s, 0, d);
1387 } else {
1388 rfcomm_send_dm(s, dlci);
1389 }
1390 }
1391 return 0;
1392}
1393
1394static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1395{
1396 struct rfcomm_rpn *rpn = (void *) skb->data;
1397 u8 dlci = __get_dlci(rpn->dlci);
1398
1399 u8 bit_rate = 0;
1400 u8 data_bits = 0;
1401 u8 stop_bits = 0;
1402 u8 parity = 0;
1403 u8 flow_ctrl = 0;
1404 u8 xon_char = 0;
1405 u8 xoff_char = 0;
1406 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
3a5e903c
S		 1407
1408 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1409 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1410 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1411
1412 if (!cr)
1da177e4 1413 return 0;
3a5e903c 1414
1da177e4 1415 if (len == 1) {
08601469
YK		 1416 /* This is a request, return default (according to ETSI TS 07.10) settings */
1417 bit_rate = RFCOMM_RPN_BR_9600;
1da177e4
LT		 1418 data_bits = RFCOMM_RPN_DATA_8;
1419 stop_bits = RFCOMM_RPN_STOP_1;
1420 parity = RFCOMM_RPN_PARITY_NONE;
1421 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1422 xon_char = RFCOMM_RPN_XON_CHAR;
1423 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1da177e4
LT		 1424 goto rpn_out;
1425 }
3a5e903c
S		 1426
1427 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1428 * no parity, no flow control lines, normal XON/XOFF chars */
1429
e8db8c99 1430 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1da177e4 1431 bit_rate = rpn->bit_rate;
08601469 1432 if (bit_rate > RFCOMM_RPN_BR_230400) {
1da177e4 1433 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
08601469 1434 bit_rate = RFCOMM_RPN_BR_9600;
1da177e4
LT		 1435 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1436 }
1437 }
3a5e903c 1438
e8db8c99 1439 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1da177e4
LT		 1440 data_bits = __get_rpn_data_bits(rpn->line_settings);
1441 if (data_bits != RFCOMM_RPN_DATA_8) {
1442 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1443 data_bits = RFCOMM_RPN_DATA_8;
1444 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1445 }
1446 }
3a5e903c 1447
e8db8c99 1448 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1da177e4
LT		 1449 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1450 if (stop_bits != RFCOMM_RPN_STOP_1) {
1451 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1452 stop_bits = RFCOMM_RPN_STOP_1;
1453 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1454 }
1455 }
3a5e903c 1456
e8db8c99 1457 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1da177e4
LT		 1458 parity = __get_rpn_parity(rpn->line_settings);
1459 if (parity != RFCOMM_RPN_PARITY_NONE) {
1460 BT_DBG("RPN parity mismatch 0x%x", parity);
1461 parity = RFCOMM_RPN_PARITY_NONE;
1462 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1463 }
1464 }
3a5e903c 1465
e8db8c99 1466 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1da177e4
LT		 1467 flow_ctrl = rpn->flow_ctrl;
1468 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1469 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1470 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1471 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1472 }
1473 }
3a5e903c 1474
e8db8c99 1475 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1da177e4
LT		 1476 xon_char = rpn->xon_char;
1477 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1478 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1479 xon_char = RFCOMM_RPN_XON_CHAR;
1480 rpn_mask ^= RFCOMM_RPN_PM_XON;
1481 }
1482 }
3a5e903c 1483
e8db8c99 1484 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1da177e4
LT		 1485 xoff_char = rpn->xoff_char;
1486 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1487 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1488 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1489 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1490 }
1491 }
1492
1493rpn_out:
3a5e903c
S		 1494 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1495 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1da177e4
LT		 1496
1497 return 0;
1498}
1499
1500static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1501{
1502 struct rfcomm_rls *rls = (void *) skb->data;
1503 u8 dlci = __get_dlci(rls->dlci);
1504
1505 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
3a5e903c 1506
1da177e4
LT		 1507 if (!cr)
1508 return 0;
1509
3a5e903c
S		 1510 /* We should probably do something with this information here. But
1511 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1512 * mandatory to recognise and respond to RLS */
1da177e4
LT		 1513
1514 rfcomm_send_rls(s, 0, dlci, rls->status);
1515
1516 return 0;
1517}
1518
1519static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1520{
1521 struct rfcomm_msc *msc = (void *) skb->data;
1522 struct rfcomm_dlc *d;
1523 u8 dlci = __get_dlci(msc->dlci);
1524
1525 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1526
1527 d = rfcomm_dlc_get(s, dlci);
3a5e903c 1528 if (!d)
1da177e4
LT		 1529 return 0;
1530
1531 if (cr) {
1532 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1533 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1534 else
1535 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
3a5e903c 1536
1da177e4 1537 rfcomm_dlc_lock(d);
8b6b3da7
MH		 1538
1539 d->remote_v24_sig = msc->v24_sig;
1540
1da177e4
LT		 1541 if (d->modem_status)
1542 d->modem_status(d, msc->v24_sig);
8b6b3da7 1543
1da177e4 1544 rfcomm_dlc_unlock(d);
8e87d142 1545
1da177e4
LT		 1546 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1547
1548 d->mscex |= RFCOMM_MSCEX_RX;
3a5e903c 1549 } else
1da177e4
LT		 1550 d->mscex |= RFCOMM_MSCEX_TX;
1551
1552 return 0;
1553}
1554
1555static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1556{
1557 struct rfcomm_mcc *mcc = (void *) skb->data;
1558 u8 type, cr, len;
1559
1560 cr = __test_cr(mcc->type);
1561 type = __get_mcc_type(mcc->type);
1562 len = __get_mcc_len(mcc->len);
1563
1564 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1565
1566 skb_pull(skb, 2);
1567
1568 switch (type) {
1569 case RFCOMM_PN:
1570 rfcomm_recv_pn(s, cr, skb);
1571 break;
1572
1573 case RFCOMM_RPN:
1574 rfcomm_recv_rpn(s, cr, len, skb);
1575 break;
1576
1577 case RFCOMM_RLS:
1578 rfcomm_recv_rls(s, cr, skb);
1579 break;
1580
1581 case RFCOMM_MSC:
1582 rfcomm_recv_msc(s, cr, skb);
1583 break;
1584
1585 case RFCOMM_FCOFF:
1586 if (cr) {
1587 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1588 rfcomm_send_fcoff(s, 0);
1589 }
1590 break;
1591
1592 case RFCOMM_FCON:
1593 if (cr) {
1594 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1595 rfcomm_send_fcon(s, 0);
1596 }
1597 break;
1598
1599 case RFCOMM_TEST:
1600 if (cr)
1601 rfcomm_send_test(s, 0, skb->data, skb->len);
1602 break;
1603
1604 case RFCOMM_NSC:
1605 break;
1606
1607 default:
1608 BT_ERR("Unknown control type 0x%02x", type);
1609 rfcomm_send_nsc(s, cr, type);
1610 break;
1611 }
1612 return 0;
1613}
1614
1615static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1616{
1617 struct rfcomm_dlc *d;
1618
1619 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1620
1621 d = rfcomm_dlc_get(s, dlci);
1622 if (!d) {
1623 rfcomm_send_dm(s, dlci);
1624 goto drop;
1625 }
1626
1627 if (pf && d->cfc) {
1628 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1629
1630 d->tx_credits += credits;
1631 if (d->tx_credits)
1632 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1633 }
1634
1635 if (skb->len && d->state == BT_CONNECTED) {
1636 rfcomm_dlc_lock(d);
1637 d->rx_credits--;
1638 d->data_ready(d, skb);
1639 rfcomm_dlc_unlock(d);
1640 return 0;
1641 }
1642
1643drop:
1644 kfree_skb(skb);
1645 return 0;
1646}
1647
8ff52f7d
DJ		 1648static struct rfcomm_session *rfcomm_recv_frame(struct rfcomm_session *s,
1649 struct sk_buff *skb)
1da177e4
LT		 1650{
1651 struct rfcomm_hdr *hdr = (void *) skb->data;
1652 u8 type, dlci, fcs;
1653
8ff52f7d
DJ		 1654 if (!s) {
1655 /* no session, so free socket data */
1656 kfree_skb(skb);
1657 return s;
1658 }
1659
1da177e4
LT		 1660 dlci = __get_dlci(hdr->addr);
1661 type = __get_type(hdr->ctrl);
1662
1663 /* Trim FCS */
1664 skb->len--; skb->tail--;
27a884dc 1665 fcs = *(u8 *)skb_tail_pointer(skb);
1da177e4
LT		 1666
1667 if (__check_fcs(skb->data, type, fcs)) {
1668 BT_ERR("bad checksum in packet");
1669 kfree_skb(skb);
8ff52f7d 1670 return s;
1da177e4
LT		 1671 }
1672
1673 if (__test_ea(hdr->len))
1674 skb_pull(skb, 3);
1675 else
1676 skb_pull(skb, 4);
1677
1678 switch (type) {
1679 case RFCOMM_SABM:
1680 if (__test_pf(hdr->ctrl))
1681 rfcomm_recv_sabm(s, dlci);
1682 break;
1683
1684 case RFCOMM_DISC:
1685 if (__test_pf(hdr->ctrl))
8ff52f7d 1686 s = rfcomm_recv_disc(s, dlci);
1da177e4
LT		 1687 break;
1688
1689 case RFCOMM_UA:
1690 if (__test_pf(hdr->ctrl))
8ff52f7d 1691 s = rfcomm_recv_ua(s, dlci);
1da177e4
LT		 1692 break;
1693
1694 case RFCOMM_DM:
8ff52f7d 1695 s = rfcomm_recv_dm(s, dlci);
1da177e4
LT		 1696 break;
1697
1698 case RFCOMM_UIH:
8ff52f7d
DJ		 1699 if (dlci) {
1700 rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1701 return s;
1702 }
1da177e4
LT		 1703 rfcomm_recv_mcc(s, skb);
1704 break;
1705
1706 default:
5017d8dd 1707 BT_ERR("Unknown packet type 0x%02x", type);
1da177e4
LT		 1708 break;
1709 }
1710 kfree_skb(skb);
8ff52f7d 1711 return s;
1da177e4
LT		 1712}
1713
1714/* ---- Connection and data processing ---- */
1715
1716static void rfcomm_process_connect(struct rfcomm_session *s)
1717{
1718 struct rfcomm_dlc *d;
1719 struct list_head *p, *n;
1720
1721 BT_DBG("session %p state %ld", s, s->state);
1722
1723 list_for_each_safe(p, n, &s->dlcs) {
1724 d = list_entry(p, struct rfcomm_dlc, list);
1725 if (d->state == BT_CONFIG) {
1726 d->mtu = s->mtu;
9f2c8a03 1727 if (rfcomm_check_security(d)) {
8c1b2355
MH		 1728 rfcomm_send_pn(s, 1, d);
1729 } else {
77db1980
MH		 1730 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1731 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
8c1b2355 1732 }
1da177e4
LT		 1733 }
1734 }
1735}
1736
1737/* Send data queued for the DLC.
1738 * Return number of frames left in the queue.
1739 */
6039aa73 1740static int rfcomm_process_tx(struct rfcomm_dlc *d)
1da177e4
LT		 1741{
1742 struct sk_buff *skb;
1743 int err;
1744
8e87d142 1745 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1da177e4
LT		 1746 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1747
1748 /* Send pending MSC */
1749 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
8e87d142 1750 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1da177e4
LT		 1751
1752 if (d->cfc) {
8e87d142 1753 /* CFC enabled.
1da177e4
LT		 1754 * Give them some credits */
1755 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
8e87d142 1756 d->rx_credits <= (d->cfc >> 2)) {
1da177e4
LT		 1757 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1758 d->rx_credits = d->cfc;
1759 }
1760 } else {
1761 /* CFC disabled.
1762 * Give ourselves some credits */
1763 d->tx_credits = 5;
1764 }
1765
1766 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1767 return skb_queue_len(&d->tx_queue);
1768
1769 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
5436538f 1770 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1da177e4
LT		 1771 if (err < 0) {
1772 skb_queue_head(&d->tx_queue, skb);
1773 break;
1774 }
1775 kfree_skb(skb);
1776 d->tx_credits--;
1777 }
1778
1779 if (d->cfc && !d->tx_credits) {
1780 /* We're out of TX credits.
1781 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1782 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1783 }
1784
1785 return skb_queue_len(&d->tx_queue);
1786}
1787
6039aa73 1788static void rfcomm_process_dlcs(struct rfcomm_session *s)
1da177e4
LT		 1789{
1790 struct rfcomm_dlc *d;
1791 struct list_head *p, *n;
1792
1793 BT_DBG("session %p state %ld", s, s->state);
1794
1795 list_for_each_safe(p, n, &s->dlcs) {
1796 d = list_entry(p, struct rfcomm_dlc, list);
1797
1798 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1799 __rfcomm_dlc_close(d, ETIMEDOUT);
1800 continue;
1801 }
1802
db54467a
SJ		 1803 if (test_bit(RFCOMM_ENC_DROP, &d->flags)) {
1804 __rfcomm_dlc_close(d, ECONNREFUSED);
1805 continue;
1806 }
1807
1da177e4
LT		 1808 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1809 rfcomm_dlc_clear_timer(d);
77db1980
MH		 1810 if (d->out) {
1811 rfcomm_send_pn(s, 1, d);
1812 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
bb23c0ab
MH		 1813 } else {
1814 if (d->defer_setup) {
1815 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1816 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
8bf47941
MH		 1817
1818 rfcomm_dlc_lock(d);
1819 d->state = BT_CONNECT2;
1820 d->state_change(d, 0);
1821 rfcomm_dlc_unlock(d);
bb23c0ab
MH		 1822 } else
1823 rfcomm_dlc_accept(d);
1824 }
1da177e4
LT		 1825 continue;
1826 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1827 rfcomm_dlc_clear_timer(d);
77db1980
MH		 1828 if (!d->out)
1829 rfcomm_send_dm(s, d->dlci);
1830 else
1831 d->state = BT_CLOSED;
1da177e4
LT		 1832 __rfcomm_dlc_close(d, ECONNREFUSED);
1833 continue;
1834 }
1835
6e1031a4
JG		 1836 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1837 continue;
1838
1da177e4
LT		 1839 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1840 continue;
1841
1842 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
77db1980 1843 d->mscex == RFCOMM_MSCEX_OK)
1da177e4
LT		 1844 rfcomm_process_tx(d);
1845 }
1846}
1847
8ff52f7d 1848static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s)
1da177e4
LT		 1849{
1850 struct socket *sock = s->sock;
1851 struct sock *sk = sock->sk;
1852 struct sk_buff *skb;
1853
1854 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1855
1856 /* Get data directly from socket receive queue without copying it. */
1857 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1858 skb_orphan(skb);
07b41b34 1859 if (!skb_linearize(skb)) {
8ff52f7d 1860 s = rfcomm_recv_frame(s, skb);
07b41b34
VR		 1861 if (!s)
1862 break;
1863 } else {
44935720 1864 kfree_skb(skb);
07b41b34 1865 }
1da177e4
LT		 1866 }
1867
08c30aca
DJ		 1868 if (s && (sk->sk_state == BT_CLOSED))
1869 s = rfcomm_session_close(s, sk->sk_err);
8ff52f7d
DJ		 1870
1871 return s;
1da177e4
LT		 1872}
1873
6039aa73 1874static void rfcomm_accept_connection(struct rfcomm_session *s)
1da177e4
LT		 1875{
1876 struct socket *sock = s->sock, *nsock;
1877 int err;
1878
1879 /* Fast check for a new connection.
1880 * Avoids unnesesary socket allocations. */
1881 if (list_empty(&bt_sk(sock->sk)->accept_q))
1882 return;
1883
1884 BT_DBG("session %p", s);
1885
48db9ca4
MH		 1886 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1887 if (err < 0)
1da177e4
LT		 1888 return;
1889
1da177e4
LT		 1890 /* Set our callbacks */
1891 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1892 nsock->sk->sk_state_change = rfcomm_l2state_change;
1893
1894 s = rfcomm_session_add(nsock, BT_OPEN);
1895 if (s) {
98bcd08b
MH		 1896 /* We should adjust MTU on incoming sessions.
1897 * L2CAP MTU minus UIH header and FCS. */
0c1bc5c6
GP		 1898 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1899 l2cap_pi(nsock->sk)->chan->imtu) - 5;
98bcd08b 1900
534c92fd 1901 rfcomm_schedule();
1da177e4
LT		 1902 } else
1903 sock_release(nsock);
1904}
1905
8ff52f7d 1906static struct rfcomm_session *rfcomm_check_connection(struct rfcomm_session *s)
1da177e4
LT		 1907{
1908 struct sock *sk = s->sock->sk;
1909
1910 BT_DBG("%p state %ld", s, s->state);
1911
285b4e90 1912 switch (sk->sk_state) {
1da177e4
LT		 1913 case BT_CONNECTED:
1914 s->state = BT_CONNECT;
1915
1916 /* We can adjust MTU on outgoing sessions.
1917 * L2CAP MTU minus UIH header and FCS. */
0c1bc5c6 1918 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
1da177e4
LT		 1919
1920 rfcomm_send_sabm(s, 0);
1921 break;
1922
1923 case BT_CLOSED:
8ff52f7d 1924 s = rfcomm_session_close(s, sk->sk_err);
1da177e4
LT		 1925 break;
1926 }
8ff52f7d 1927 return s;
1da177e4
LT		 1928}
1929
6039aa73 1930static void rfcomm_process_sessions(void)
1da177e4
LT		 1931{
1932 struct list_head *p, *n;
1933
1934 rfcomm_lock();
1935
1936 list_for_each_safe(p, n, &session_list) {
1937 struct rfcomm_session *s;
1938 s = list_entry(p, struct rfcomm_session, list);
1939
9e726b17
LAD		 1940 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1941 s->state = BT_DISCONN;
1942 rfcomm_send_disc(s, 0);
1943 continue;
1944 }
1945
1da177e4
LT		 1946 if (s->state == BT_LISTEN) {
1947 rfcomm_accept_connection(s);
1948 continue;
1949 }
1950
1da177e4
LT		 1951 switch (s->state) {
1952 case BT_BOUND:
8ff52f7d 1953 s = rfcomm_check_connection(s);
1da177e4
LT		 1954 break;
1955
1956 default:
8ff52f7d 1957 s = rfcomm_process_rx(s);
1da177e4
LT		 1958 break;
1959 }
1960
8ff52f7d
DJ		 1961 if (s)
1962 rfcomm_process_dlcs(s);
1da177e4
LT		 1963 }
1964
1965 rfcomm_unlock();
1966}
1967
1da177e4
LT		 1968static int rfcomm_add_listener(bdaddr_t *ba)
1969{
1970 struct sockaddr_l2 addr;
1971 struct socket *sock;
1972 struct sock *sk;
1973 struct rfcomm_session *s;
1974 int err = 0;
1975
1976 /* Create socket */
1977 err = rfcomm_l2sock_create(&sock);
8e87d142 1978 if (err < 0) {
1da177e4
LT		 1979 BT_ERR("Create socket failed %d", err);
1980 return err;
1981 }
1982
1983 /* Bind socket */
1984 bacpy(&addr.l2_bdaddr, ba);
1985 addr.l2_family = AF_BLUETOOTH;
5bcb8094 1986 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
37e62f55 1987 addr.l2_cid = 0;
48db9ca4 1988 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1da177e4
LT		 1989 if (err < 0) {
1990 BT_ERR("Bind failed %d", err);
1991 goto failed;
1992 }
1993
1994 /* Set L2CAP options */
1995 sk = sock->sk;
1996 lock_sock(sk);
0c1bc5c6 1997 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
1da177e4
LT		 1998 release_sock(sk);
1999
2000 /* Start listening on the socket */
48db9ca4 2001 err = kernel_listen(sock, 10);
1da177e4
LT		 2002 if (err) {
2003 BT_ERR("Listen failed %d", err);
2004 goto failed;
2005 }
2006
2007 /* Add listening session */
2008 s = rfcomm_session_add(sock, BT_LISTEN);
0227c7b5
WY		 2009 if (!s) {
2010 err = -ENOMEM;
1da177e4 2011 goto failed;
0227c7b5 2012 }
1da177e4 2013
1da177e4
LT		 2014 return 0;
2015failed:
2016 sock_release(sock);
2017 return err;
2018}
2019
2020static void rfcomm_kill_listener(void)
2021{
2022 struct rfcomm_session *s;
2023 struct list_head *p, *n;
2024
2025 BT_DBG("");
2026
2027 list_for_each_safe(p, n, &session_list) {
2028 s = list_entry(p, struct rfcomm_session, list);
2029 rfcomm_session_del(s);
2030 }
2031}
2032
2033static int rfcomm_run(void *unused)
2034{
a524eccc 2035 BT_DBG("");
1da177e4 2036
1da177e4 2037 set_user_nice(current, -10);
1da177e4 2038
1da177e4
LT		 2039 rfcomm_add_listener(BDADDR_ANY);
2040
e5842cdb 2041 while (1) {
a524eccc 2042 set_current_state(TASK_INTERRUPTIBLE);
e5842cdb
PH		 2043
2044 if (kthread_should_stop())
2045 break;
a524eccc
MH		 2046
2047 /* Process stuff */
a524eccc 2048 rfcomm_process_sessions();
e5842cdb
PH		 2049
2050 schedule();
a524eccc 2051 }
e5842cdb 2052 __set_current_state(TASK_RUNNING);
1da177e4
LT		 2053
2054 rfcomm_kill_listener();
2055
1da177e4
LT		 2056 return 0;
2057}
2058
8c1b2355 2059static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1da177e4
LT		 2060{
2061 struct rfcomm_session *s;
2062 struct rfcomm_dlc *d;
2063 struct list_head *p, *n;
2064
2065 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2066
2067 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2068 if (!s)
2069 return;
2070
1da177e4
LT		 2071 list_for_each_safe(p, n, &s->dlcs) {
2072 d = list_entry(p, struct rfcomm_dlc, list);
2073
8c84b830
MH		 2074 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2075 rfcomm_dlc_clear_timer(d);
2076 if (status || encrypt == 0x00) {
db54467a 2077 set_bit(RFCOMM_ENC_DROP, &d->flags);
8c84b830
MH		 2078 continue;
2079 }
2080 }
2081
2082 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2083 if (d->sec_level == BT_SECURITY_MEDIUM) {
2084 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2085 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2086 continue;
2087 } else if (d->sec_level == BT_SECURITY_HIGH) {
db54467a 2088 set_bit(RFCOMM_ENC_DROP, &d->flags);
8c84b830
MH		 2089 continue;
2090 }
9719f8af
MH		 2091 }
2092
1da177e4
LT		 2093 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2094 continue;
2095
b3b1b061 2096 if (!status && hci_conn_check_secure(conn, d->sec_level))
1da177e4
LT		 2097 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2098 else
2099 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2100 }
2101
534c92fd 2102 rfcomm_schedule();
1da177e4
LT		 2103}
2104
2105static struct hci_cb rfcomm_cb = {
2106 .name = "RFCOMM",
8c1b2355 2107 .security_cfm = rfcomm_security_cfm
1da177e4
LT		 2108};
2109
aef7d97c 2110static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
1da177e4
LT		 2111{
2112 struct rfcomm_session *s;
1da177e4
LT		 2113
2114 rfcomm_lock();
2115
8035ded4
LAD		 2116 list_for_each_entry(s, &session_list, list) {
2117 struct rfcomm_dlc *d;
2118 list_for_each_entry(d, &s->dlcs, list) {
be9d1227 2119 struct sock *sk = s->sock->sk;
1da177e4 2120
fcb73338
AE		 2121 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n",
2122 &bt_sk(sk)->src, &bt_sk(sk)->dst,
2123 d->state, d->dlci, d->mtu,
2124 d->rx_credits, d->tx_credits);
1da177e4
LT		 2125 }
2126 }
1da177e4 2127
1da177e4 2128 rfcomm_unlock();
1da177e4 2129
aef7d97c
MH		 2130 return 0;
2131}
2132
2133static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file)
2134{
2135 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private);
1da177e4
LT		 2136}
2137
aef7d97c
MH		 2138static const struct file_operations rfcomm_dlc_debugfs_fops = {
2139 .open = rfcomm_dlc_debugfs_open,
2140 .read = seq_read,
2141 .llseek = seq_lseek,
2142 .release = single_release,
2143};
2144
2145static struct dentry *rfcomm_dlc_debugfs;
1da177e4
LT		 2146
2147/* ---- Initialization ---- */
2148static int __init rfcomm_init(void)
2149{
52d18347 2150 int err;
af0d3b10 2151
1da177e4
LT		 2152 hci_register_cb(&rfcomm_cb);
2153
a524eccc
MH		 2154 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2155 if (IS_ERR(rfcomm_thread)) {
52d18347
MH		 2156 err = PTR_ERR(rfcomm_thread);
2157 goto unregister;
a524eccc 2158 }
1da177e4 2159
aef7d97c
MH		 2160 if (bt_debugfs) {
2161 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2162 bt_debugfs, NULL, &rfcomm_dlc_debugfs_fops);
2163 if (!rfcomm_dlc_debugfs)
2164 BT_ERR("Failed to create RFCOMM debug file");
2165 }
1da177e4 2166
52d18347
MH		 2167 err = rfcomm_init_ttys();
2168 if (err < 0)
2169 goto stop;
1da177e4 2170
52d18347
MH		 2171 err = rfcomm_init_sockets();
2172 if (err < 0)
2173 goto cleanup;
1da177e4 2174
be9d1227
MH		 2175 BT_INFO("RFCOMM ver %s", VERSION);
2176
1da177e4 2177 return 0;
af0d3b10 2178
52d18347 2179cleanup:
af0d3b10 2180 rfcomm_cleanup_ttys();
52d18347
MH		 2181
2182stop:
af0d3b10 2183 kthread_stop(rfcomm_thread);
52d18347
MH		 2184
2185unregister:
af0d3b10
DY		 2186 hci_unregister_cb(&rfcomm_cb);
2187
52d18347 2188 return err;
1da177e4
LT		 2189}
2190
2191static void __exit rfcomm_exit(void)
2192{
aef7d97c 2193 debugfs_remove(rfcomm_dlc_debugfs);
be9d1227 2194
1da177e4
LT		 2195 hci_unregister_cb(&rfcomm_cb);
2196
a524eccc 2197 kthread_stop(rfcomm_thread);
1da177e4 2198
1da177e4 2199 rfcomm_cleanup_ttys();
1da177e4
LT		 2200
2201 rfcomm_cleanup_sockets();
1da177e4
LT		 2202}
2203
2204module_init(rfcomm_init);
2205module_exit(rfcomm_exit);
2206
7c2660b0
MH		 2207module_param(disable_cfc, bool, 0644);
2208MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2209
98bcd08b
MH		 2210module_param(channel_mtu, int, 0644);
2211MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2212
56f3a40a
MH		 2213module_param(l2cap_mtu, uint, 0644);
2214MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2215
eae38eed
MH		 2216module_param(l2cap_ertm, bool, 0644);
2217MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2218
63fbd24e 2219MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1da177e4
LT		 2220MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2221MODULE_VERSION(VERSION);
2222MODULE_LICENSE("GPL");
2223MODULE_ALIAS("bt-proto-3");
kernel source for telekom puls (alcatel/mediatek)