projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[Bluetooth] Small cleanup of the L2CAP source code
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / rfcomm / core.c
CommitLineData
1da177e4
LT		 1/*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22*/
23
1da177e4
LT		 24/*
25 * Bluetooth RFCOMM core.
26 *
27 * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $
28 */
29
1da177e4
LT		 30#include <linux/module.h>
31#include <linux/errno.h>
32#include <linux/kernel.h>
33#include <linux/sched.h>
34#include <linux/signal.h>
35#include <linux/init.h>
36#include <linux/wait.h>
be9d1227 37#include <linux/device.h>
1da177e4 38#include <linux/net.h>
4a3e2f71
AV		 39#include <linux/mutex.h>
40
1da177e4
LT		 41#include <net/sock.h>
42#include <asm/uaccess.h>
43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47#include <net/bluetooth/l2cap.h>
48#include <net/bluetooth/rfcomm.h>
49
1da177e4
LT		 50#ifndef CONFIG_BT_RFCOMM_DEBUG
51#undef BT_DBG
52#define BT_DBG(D...)
53#endif
54
56f3a40a
MH		 55#define VERSION "1.7"
56
57static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
58
1da177e4
LT		 59static struct task_struct *rfcomm_thread;
60
4a3e2f71
AV		 61static DEFINE_MUTEX(rfcomm_mutex);
62#define rfcomm_lock() mutex_lock(&rfcomm_mutex)
63#define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
1da177e4
LT		 64
65static unsigned long rfcomm_event;
66
67static LIST_HEAD(session_list);
68static atomic_t terminate, running;
69
70static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
71static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
72static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
73static int rfcomm_queue_disc(struct rfcomm_dlc *d);
74static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
75static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
76static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
77static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
78static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
79static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
80
81static void rfcomm_process_connect(struct rfcomm_session *s);
82
83static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
84static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
85static void rfcomm_session_del(struct rfcomm_session *s);
86
87/* ---- RFCOMM frame parsing macros ---- */
88#define __get_dlci(b) ((b & 0xfc) >> 2)
89#define __get_channel(b) ((b & 0xf8) >> 3)
90#define __get_dir(b) ((b & 0x04) >> 2)
91#define __get_type(b) ((b & 0xef))
92
93#define __test_ea(b) ((b & 0x01))
94#define __test_cr(b) ((b & 0x02))
95#define __test_pf(b) ((b & 0x10))
96
97#define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
98#define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
99#define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
100#define __srv_channel(dlci) (dlci >> 1)
101#define __dir(dlci) (dlci & 0x01)
102
103#define __len8(len) (((len) << 1) | 1)
104#define __len16(len) ((len) << 1)
105
106/* MCC macros */
107#define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
108#define __get_mcc_type(b) ((b & 0xfc) >> 2)
109#define __get_mcc_len(b) ((b & 0xfe) >> 1)
110
111/* RPN macros */
3a5e903c 112#define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
1da177e4
LT		 113#define __get_rpn_data_bits(line) ((line) & 0x3)
114#define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
3a5e903c 115#define __get_rpn_parity(line) (((line) >> 3) & 0x7)
1da177e4
LT		 116
117static inline void rfcomm_schedule(uint event)
118{
119 if (!rfcomm_thread)
120 return;
121 //set_bit(event, &rfcomm_event);
122 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
123 wake_up_process(rfcomm_thread);
124}
125
126static inline void rfcomm_session_put(struct rfcomm_session *s)
127{
128 if (atomic_dec_and_test(&s->refcnt))
129 rfcomm_session_del(s);
130}
131
132/* ---- RFCOMM FCS computation ---- */
133
408c1ce2
MH		 134/* reversed, 8-bit, poly=0x07 */
135static unsigned char rfcomm_crc_table[256] = {
136 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
137 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
138 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
139 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
140
141 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
142 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
143 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
144 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
145
146 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
147 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
148 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
149 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
150
151 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
152 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
153 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
154 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
155
156 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
157 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
158 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
159 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
160
161 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
162 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
163 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
164 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
165
166 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
167 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
168 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
169 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
170
171 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
172 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
173 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
174 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
175};
176
1da177e4
LT		 177/* CRC on 2 bytes */
178#define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
179
180/* FCS on 2 bytes */
181static inline u8 __fcs(u8 *data)
182{
183 return (0xff - __crc(data));
184}
185
186/* FCS on 3 bytes */
187static inline u8 __fcs2(u8 *data)
188{
189 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
190}
191
192/* Check FCS */
193static inline int __check_fcs(u8 *data, int type, u8 fcs)
194{
195 u8 f = __crc(data);
196
197 if (type != RFCOMM_UIH)
198 f = rfcomm_crc_table[f ^ data[2]];
199
200 return rfcomm_crc_table[f ^ fcs] != 0xcf;
201}
202
203/* ---- L2CAP callbacks ---- */
204static void rfcomm_l2state_change(struct sock *sk)
205{
206 BT_DBG("%p state %d", sk, sk->sk_state);
207 rfcomm_schedule(RFCOMM_SCHED_STATE);
208}
209
210static void rfcomm_l2data_ready(struct sock *sk, int bytes)
211{
212 BT_DBG("%p bytes %d", sk, bytes);
213 rfcomm_schedule(RFCOMM_SCHED_RX);
214}
215
216static int rfcomm_l2sock_create(struct socket **sock)
217{
218 int err;
219
220 BT_DBG("");
221
222 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
223 if (!err) {
224 struct sock *sk = (*sock)->sk;
225 sk->sk_data_ready = rfcomm_l2data_ready;
226 sk->sk_state_change = rfcomm_l2state_change;
227 }
228 return err;
229}
230
231/* ---- RFCOMM DLCs ---- */
232static void rfcomm_dlc_timeout(unsigned long arg)
233{
234 struct rfcomm_dlc *d = (void *) arg;
235
236 BT_DBG("dlc %p state %ld", d, d->state);
237
238 set_bit(RFCOMM_TIMED_OUT, &d->flags);
239 rfcomm_dlc_put(d);
240 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
241}
242
243static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
244{
245 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
246
247 if (!mod_timer(&d->timer, jiffies + timeout))
248 rfcomm_dlc_hold(d);
249}
250
251static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
252{
253 BT_DBG("dlc %p state %ld", d, d->state);
254
255 if (timer_pending(&d->timer) && del_timer(&d->timer))
256 rfcomm_dlc_put(d);
257}
258
259static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
260{
261 BT_DBG("%p", d);
262
263 d->state = BT_OPEN;
264 d->flags = 0;
265 d->mscex = 0;
266 d->mtu = RFCOMM_DEFAULT_MTU;
267 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
268
269 d->cfc = RFCOMM_CFC_DISABLED;
270 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
271}
272
dd0fc66f 273struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
1da177e4
LT		 274{
275 struct rfcomm_dlc *d = kmalloc(sizeof(*d), prio);
276 if (!d)
277 return NULL;
278 memset(d, 0, sizeof(*d));
279
280 init_timer(&d->timer);
281 d->timer.function = rfcomm_dlc_timeout;
282 d->timer.data = (unsigned long) d;
283
284 skb_queue_head_init(&d->tx_queue);
285 spin_lock_init(&d->lock);
286 atomic_set(&d->refcnt, 1);
287
288 rfcomm_dlc_clear_state(d);
289
290 BT_DBG("%p", d);
291 return d;
292}
293
294void rfcomm_dlc_free(struct rfcomm_dlc *d)
295{
296 BT_DBG("%p", d);
297
298 skb_queue_purge(&d->tx_queue);
299 kfree(d);
300}
301
302static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
303{
304 BT_DBG("dlc %p session %p", d, s);
305
306 rfcomm_session_hold(s);
307
308 rfcomm_dlc_hold(d);
309 list_add(&d->list, &s->dlcs);
310 d->session = s;
311}
312
313static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
314{
315 struct rfcomm_session *s = d->session;
316
317 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
318
319 list_del(&d->list);
320 d->session = NULL;
321 rfcomm_dlc_put(d);
322
323 rfcomm_session_put(s);
324}
325
326static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
327{
328 struct rfcomm_dlc *d;
329 struct list_head *p;
330
331 list_for_each(p, &s->dlcs) {
332 d = list_entry(p, struct rfcomm_dlc, list);
333 if (d->dlci == dlci)
334 return d;
335 }
336 return NULL;
337}
338
339static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
340{
341 struct rfcomm_session *s;
342 int err = 0;
343 u8 dlci;
344
345 BT_DBG("dlc %p state %ld %s %s channel %d",
346 d, d->state, batostr(src), batostr(dst), channel);
347
348 if (channel < 1 || channel > 30)
349 return -EINVAL;
350
351 if (d->state != BT_OPEN && d->state != BT_CLOSED)
352 return 0;
353
354 s = rfcomm_session_get(src, dst);
355 if (!s) {
356 s = rfcomm_session_create(src, dst, &err);
357 if (!s)
358 return err;
359 }
360
361 dlci = __dlci(!s->initiator, channel);
362
363 /* Check if DLCI already exists */
364 if (rfcomm_dlc_get(s, dlci))
365 return -EBUSY;
366
367 rfcomm_dlc_clear_state(d);
368
369 d->dlci = dlci;
370 d->addr = __addr(s->initiator, dlci);
371 d->priority = 7;
372
373 d->state = BT_CONFIG;
374 rfcomm_dlc_link(s, d);
375
376 d->mtu = s->mtu;
377 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
378
379 if (s->state == BT_CONNECTED)
380 rfcomm_send_pn(s, 1, d);
381 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
382 return 0;
383}
384
385int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
386{
387 int r;
388
389 rfcomm_lock();
390
391 r = __rfcomm_dlc_open(d, src, dst, channel);
392
393 rfcomm_unlock();
394 return r;
395}
396
397static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
398{
399 struct rfcomm_session *s = d->session;
400 if (!s)
401 return 0;
402
403 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
404 d, d->state, d->dlci, err, s);
405
406 switch (d->state) {
407 case BT_CONNECTED:
408 case BT_CONFIG:
409 case BT_CONNECT:
410 d->state = BT_DISCONN;
411 if (skb_queue_empty(&d->tx_queue)) {
412 rfcomm_send_disc(s, d->dlci);
413 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
414 } else {
415 rfcomm_queue_disc(d);
416 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
417 }
418 break;
419
420 default:
421 rfcomm_dlc_clear_timer(d);
422
423 rfcomm_dlc_lock(d);
424 d->state = BT_CLOSED;
425 d->state_change(d, err);
426 rfcomm_dlc_unlock(d);
427
428 skb_queue_purge(&d->tx_queue);
1da177e4
LT		 429 rfcomm_dlc_unlink(d);
430 }
431
432 return 0;
433}
434
435int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
436{
437 int r;
438
439 rfcomm_lock();
440
441 r = __rfcomm_dlc_close(d, err);
442
443 rfcomm_unlock();
444 return r;
445}
446
447int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
448{
449 int len = skb->len;
450
451 if (d->state != BT_CONNECTED)
452 return -ENOTCONN;
453
454 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
455
456 if (len > d->mtu)
457 return -EINVAL;
458
459 rfcomm_make_uih(skb, d->addr);
460 skb_queue_tail(&d->tx_queue, skb);
461
462 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
463 rfcomm_schedule(RFCOMM_SCHED_TX);
464 return len;
465}
466
467void fastcall __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
468{
469 BT_DBG("dlc %p state %ld", d, d->state);
470
471 if (!d->cfc) {
472 d->v24_sig |= RFCOMM_V24_FC;
473 set_bit(RFCOMM_MSC_PENDING, &d->flags);
474 }
475 rfcomm_schedule(RFCOMM_SCHED_TX);
476}
477
478void fastcall __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
479{
480 BT_DBG("dlc %p state %ld", d, d->state);
481
482 if (!d->cfc) {
483 d->v24_sig &= ~RFCOMM_V24_FC;
484 set_bit(RFCOMM_MSC_PENDING, &d->flags);
485 }
486 rfcomm_schedule(RFCOMM_SCHED_TX);
487}
488
489/*
490 Set/get modem status functions use _local_ status i.e. what we report
491 to the other side.
492 Remote status is provided by dlc->modem_status() callback.
493 */
494int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
495{
496 BT_DBG("dlc %p state %ld v24_sig 0x%x",
497 d, d->state, v24_sig);
498
499 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
500 v24_sig |= RFCOMM_V24_FC;
501 else
502 v24_sig &= ~RFCOMM_V24_FC;
503
504 d->v24_sig = v24_sig;
505
506 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
507 rfcomm_schedule(RFCOMM_SCHED_TX);
508
509 return 0;
510}
511
512int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
513{
514 BT_DBG("dlc %p state %ld v24_sig 0x%x",
515 d, d->state, d->v24_sig);
516
517 *v24_sig = d->v24_sig;
518 return 0;
519}
520
521/* ---- RFCOMM sessions ---- */
522static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
523{
524 struct rfcomm_session *s = kmalloc(sizeof(*s), GFP_KERNEL);
525 if (!s)
526 return NULL;
527 memset(s, 0, sizeof(*s));
528
529 BT_DBG("session %p sock %p", s, sock);
530
531 INIT_LIST_HEAD(&s->dlcs);
532 s->state = state;
533 s->sock = sock;
534
535 s->mtu = RFCOMM_DEFAULT_MTU;
536 s->cfc = RFCOMM_CFC_UNKNOWN;
537
538 /* Do not increment module usage count for listening sessions.
539 * Otherwise we won't be able to unload the module. */
540 if (state != BT_LISTEN)
541 if (!try_module_get(THIS_MODULE)) {
542 kfree(s);
543 return NULL;
544 }
545
546 list_add(&s->list, &session_list);
547
548 return s;
549}
550
551static void rfcomm_session_del(struct rfcomm_session *s)
552{
553 int state = s->state;
554
555 BT_DBG("session %p state %ld", s, s->state);
556
557 list_del(&s->list);
558
559 if (state == BT_CONNECTED)
560 rfcomm_send_disc(s, 0);
561
562 sock_release(s->sock);
563 kfree(s);
564
565 if (state != BT_LISTEN)
566 module_put(THIS_MODULE);
567}
568
569static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
570{
571 struct rfcomm_session *s;
572 struct list_head *p, *n;
573 struct bt_sock *sk;
574 list_for_each_safe(p, n, &session_list) {
575 s = list_entry(p, struct rfcomm_session, list);
576 sk = bt_sk(s->sock->sk);
577
578 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
579 !bacmp(&sk->dst, dst))
580 return s;
581 }
582 return NULL;
583}
584
585static void rfcomm_session_close(struct rfcomm_session *s, int err)
586{
587 struct rfcomm_dlc *d;
588 struct list_head *p, *n;
589
590 BT_DBG("session %p state %ld err %d", s, s->state, err);
591
592 rfcomm_session_hold(s);
593
594 s->state = BT_CLOSED;
595
596 /* Close all dlcs */
597 list_for_each_safe(p, n, &s->dlcs) {
598 d = list_entry(p, struct rfcomm_dlc, list);
599 d->state = BT_CLOSED;
600 __rfcomm_dlc_close(d, err);
601 }
602
603 rfcomm_session_put(s);
604}
605
606static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
607{
608 struct rfcomm_session *s = NULL;
609 struct sockaddr_l2 addr;
610 struct socket *sock;
611 struct sock *sk;
612
613 BT_DBG("%s %s", batostr(src), batostr(dst));
614
615 *err = rfcomm_l2sock_create(&sock);
616 if (*err < 0)
617 return NULL;
618
619 bacpy(&addr.l2_bdaddr, src);
620 addr.l2_family = AF_BLUETOOTH;
621 addr.l2_psm = 0;
622 *err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
623 if (*err < 0)
624 goto failed;
625
626 /* Set L2CAP options */
627 sk = sock->sk;
628 lock_sock(sk);
56f3a40a 629 l2cap_pi(sk)->imtu = l2cap_mtu;
1da177e4
LT		 630 release_sock(sk);
631
632 s = rfcomm_session_add(sock, BT_BOUND);
633 if (!s) {
634 *err = -ENOMEM;
635 goto failed;
636 }
637
1da177e4
LT		 638 s->initiator = 1;
639
640 bacpy(&addr.l2_bdaddr, dst);
641 addr.l2_family = AF_BLUETOOTH;
642 addr.l2_psm = htobs(RFCOMM_PSM);
643 *err = sock->ops->connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
644 if (*err == 0 || *err == -EAGAIN)
645 return s;
646
647 rfcomm_session_del(s);
648 return NULL;
649
650failed:
651 sock_release(sock);
652 return NULL;
653}
654
655void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
656{
657 struct sock *sk = s->sock->sk;
658 if (src)
659 bacpy(src, &bt_sk(sk)->src);
660 if (dst)
661 bacpy(dst, &bt_sk(sk)->dst);
662}
663
664/* ---- RFCOMM frame sending ---- */
665static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
666{
667 struct socket *sock = s->sock;
668 struct kvec iv = { data, len };
669 struct msghdr msg;
670
671 BT_DBG("session %p len %d", s, len);
672
673 memset(&msg, 0, sizeof(msg));
674
675 return kernel_sendmsg(sock, &msg, &iv, 1, len);
676}
677
678static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
679{
680 struct rfcomm_cmd cmd;
681
682 BT_DBG("%p dlci %d", s, dlci);
683
684 cmd.addr = __addr(s->initiator, dlci);
685 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
686 cmd.len = __len8(0);
687 cmd.fcs = __fcs2((u8 *) &cmd);
688
689 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
690}
691
692static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
693{
694 struct rfcomm_cmd cmd;
695
696 BT_DBG("%p dlci %d", s, dlci);
697
698 cmd.addr = __addr(!s->initiator, dlci);
699 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
700 cmd.len = __len8(0);
701 cmd.fcs = __fcs2((u8 *) &cmd);
702
703 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
704}
705
706static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
707{
708 struct rfcomm_cmd cmd;
709
710 BT_DBG("%p dlci %d", s, dlci);
711
712 cmd.addr = __addr(s->initiator, dlci);
713 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
714 cmd.len = __len8(0);
715 cmd.fcs = __fcs2((u8 *) &cmd);
716
717 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
718}
719
720static int rfcomm_queue_disc(struct rfcomm_dlc *d)
721{
722 struct rfcomm_cmd *cmd;
723 struct sk_buff *skb;
724
725 BT_DBG("dlc %p dlci %d", d, d->dlci);
726
727 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
728 if (!skb)
729 return -ENOMEM;
730
731 cmd = (void *) __skb_put(skb, sizeof(*cmd));
732 cmd->addr = d->addr;
733 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
734 cmd->len = __len8(0);
735 cmd->fcs = __fcs2((u8 *) cmd);
736
737 skb_queue_tail(&d->tx_queue, skb);
738 rfcomm_schedule(RFCOMM_SCHED_TX);
739 return 0;
740}
741
742static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
743{
744 struct rfcomm_cmd cmd;
745
746 BT_DBG("%p dlci %d", s, dlci);
747
748 cmd.addr = __addr(!s->initiator, dlci);
749 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
750 cmd.len = __len8(0);
751 cmd.fcs = __fcs2((u8 *) &cmd);
752
753 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
754}
755
756static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
757{
758 struct rfcomm_hdr *hdr;
759 struct rfcomm_mcc *mcc;
760 u8 buf[16], *ptr = buf;
761
762 BT_DBG("%p cr %d type %d", s, cr, type);
763
764 hdr = (void *) ptr; ptr += sizeof(*hdr);
765 hdr->addr = __addr(s->initiator, 0);
766 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
767 hdr->len = __len8(sizeof(*mcc) + 1);
768
769 mcc = (void *) ptr; ptr += sizeof(*mcc);
770 mcc->type = __mcc_type(cr, RFCOMM_NSC);
771 mcc->len = __len8(1);
772
773 /* Type that we didn't like */
774 *ptr = __mcc_type(cr, type); ptr++;
775
776 *ptr = __fcs(buf); ptr++;
777
778 return rfcomm_send_frame(s, buf, ptr - buf);
779}
780
781static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
782{
783 struct rfcomm_hdr *hdr;
784 struct rfcomm_mcc *mcc;
785 struct rfcomm_pn *pn;
786 u8 buf[16], *ptr = buf;
787
788 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
789
790 hdr = (void *) ptr; ptr += sizeof(*hdr);
791 hdr->addr = __addr(s->initiator, 0);
792 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
793 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
794
795 mcc = (void *) ptr; ptr += sizeof(*mcc);
796 mcc->type = __mcc_type(cr, RFCOMM_PN);
797 mcc->len = __len8(sizeof(*pn));
798
799 pn = (void *) ptr; ptr += sizeof(*pn);
800 pn->dlci = d->dlci;
801 pn->priority = d->priority;
802 pn->ack_timer = 0;
803 pn->max_retrans = 0;
804
805 if (s->cfc) {
806 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
807 pn->credits = RFCOMM_DEFAULT_CREDITS;
808 } else {
809 pn->flow_ctrl = 0;
810 pn->credits = 0;
811 }
812
813 pn->mtu = htobs(d->mtu);
814
815 *ptr = __fcs(buf); ptr++;
816
817 return rfcomm_send_frame(s, buf, ptr - buf);
818}
819
3a5e903c
S		 820int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
821 u8 bit_rate, u8 data_bits, u8 stop_bits,
822 u8 parity, u8 flow_ctrl_settings,
823 u8 xon_char, u8 xoff_char, u16 param_mask)
1da177e4
LT		 824{
825 struct rfcomm_hdr *hdr;
826 struct rfcomm_mcc *mcc;
827 struct rfcomm_rpn *rpn;
828 u8 buf[16], *ptr = buf;
829
830 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
3a5e903c
S		 831 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
832 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
833 flow_ctrl_settings, xon_char, xoff_char, param_mask);
1da177e4
LT		 834
835 hdr = (void *) ptr; ptr += sizeof(*hdr);
836 hdr->addr = __addr(s->initiator, 0);
837 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
838 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
839
840 mcc = (void *) ptr; ptr += sizeof(*mcc);
841 mcc->type = __mcc_type(cr, RFCOMM_RPN);
842 mcc->len = __len8(sizeof(*rpn));
843
844 rpn = (void *) ptr; ptr += sizeof(*rpn);
845 rpn->dlci = __addr(1, dlci);
846 rpn->bit_rate = bit_rate;
847 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
848 rpn->flow_ctrl = flow_ctrl_settings;
849 rpn->xon_char = xon_char;
850 rpn->xoff_char = xoff_char;
851 rpn->param_mask = param_mask;
852
853 *ptr = __fcs(buf); ptr++;
854
855 return rfcomm_send_frame(s, buf, ptr - buf);
856}
857
858static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
859{
860 struct rfcomm_hdr *hdr;
861 struct rfcomm_mcc *mcc;
862 struct rfcomm_rls *rls;
863 u8 buf[16], *ptr = buf;
864
865 BT_DBG("%p cr %d status 0x%x", s, cr, status);
866
867 hdr = (void *) ptr; ptr += sizeof(*hdr);
868 hdr->addr = __addr(s->initiator, 0);
869 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
870 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
871
872 mcc = (void *) ptr; ptr += sizeof(*mcc);
873 mcc->type = __mcc_type(cr, RFCOMM_RLS);
874 mcc->len = __len8(sizeof(*rls));
875
876 rls = (void *) ptr; ptr += sizeof(*rls);
877 rls->dlci = __addr(1, dlci);
878 rls->status = status;
879
880 *ptr = __fcs(buf); ptr++;
881
882 return rfcomm_send_frame(s, buf, ptr - buf);
883}
884
885static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
886{
887 struct rfcomm_hdr *hdr;
888 struct rfcomm_mcc *mcc;
889 struct rfcomm_msc *msc;
890 u8 buf[16], *ptr = buf;
891
892 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
893
894 hdr = (void *) ptr; ptr += sizeof(*hdr);
895 hdr->addr = __addr(s->initiator, 0);
896 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
897 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
898
899 mcc = (void *) ptr; ptr += sizeof(*mcc);
900 mcc->type = __mcc_type(cr, RFCOMM_MSC);
901 mcc->len = __len8(sizeof(*msc));
902
903 msc = (void *) ptr; ptr += sizeof(*msc);
904 msc->dlci = __addr(1, dlci);
905 msc->v24_sig = v24_sig | 0x01;
906
907 *ptr = __fcs(buf); ptr++;
908
909 return rfcomm_send_frame(s, buf, ptr - buf);
910}
911
912static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
913{
914 struct rfcomm_hdr *hdr;
915 struct rfcomm_mcc *mcc;
916 u8 buf[16], *ptr = buf;
917
918 BT_DBG("%p cr %d", s, cr);
919
920 hdr = (void *) ptr; ptr += sizeof(*hdr);
921 hdr->addr = __addr(s->initiator, 0);
922 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
923 hdr->len = __len8(sizeof(*mcc));
924
925 mcc = (void *) ptr; ptr += sizeof(*mcc);
926 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
927 mcc->len = __len8(0);
928
929 *ptr = __fcs(buf); ptr++;
930
931 return rfcomm_send_frame(s, buf, ptr - buf);
932}
933
934static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
935{
936 struct rfcomm_hdr *hdr;
937 struct rfcomm_mcc *mcc;
938 u8 buf[16], *ptr = buf;
939
940 BT_DBG("%p cr %d", s, cr);
941
942 hdr = (void *) ptr; ptr += sizeof(*hdr);
943 hdr->addr = __addr(s->initiator, 0);
944 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
945 hdr->len = __len8(sizeof(*mcc));
946
947 mcc = (void *) ptr; ptr += sizeof(*mcc);
948 mcc->type = __mcc_type(cr, RFCOMM_FCON);
949 mcc->len = __len8(0);
950
951 *ptr = __fcs(buf); ptr++;
952
953 return rfcomm_send_frame(s, buf, ptr - buf);
954}
955
956static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
957{
958 struct socket *sock = s->sock;
959 struct kvec iv[3];
960 struct msghdr msg;
961 unsigned char hdr[5], crc[1];
962
963 if (len > 125)
964 return -EINVAL;
965
966 BT_DBG("%p cr %d", s, cr);
967
968 hdr[0] = __addr(s->initiator, 0);
969 hdr[1] = __ctrl(RFCOMM_UIH, 0);
970 hdr[2] = 0x01 | ((len + 2) << 1);
971 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
972 hdr[4] = 0x01 | (len << 1);
973
974 crc[0] = __fcs(hdr);
975
976 iv[0].iov_base = hdr;
977 iv[0].iov_len = 5;
978 iv[1].iov_base = pattern;
979 iv[1].iov_len = len;
980 iv[2].iov_base = crc;
981 iv[2].iov_len = 1;
982
983 memset(&msg, 0, sizeof(msg));
984
985 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
986}
987
988static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
989{
990 struct rfcomm_hdr *hdr;
991 u8 buf[16], *ptr = buf;
992
993 BT_DBG("%p addr %d credits %d", s, addr, credits);
994
995 hdr = (void *) ptr; ptr += sizeof(*hdr);
996 hdr->addr = addr;
997 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
998 hdr->len = __len8(0);
999
1000 *ptr = credits; ptr++;
1001
1002 *ptr = __fcs(buf); ptr++;
1003
1004 return rfcomm_send_frame(s, buf, ptr - buf);
1005}
1006
1007static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1008{
1009 struct rfcomm_hdr *hdr;
1010 int len = skb->len;
1011 u8 *crc;
1012
1013 if (len > 127) {
1014 hdr = (void *) skb_push(skb, 4);
1015 put_unaligned(htobs(__len16(len)), (u16 *) &hdr->len);
1016 } else {
1017 hdr = (void *) skb_push(skb, 3);
1018 hdr->len = __len8(len);
1019 }
1020 hdr->addr = addr;
1021 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1022
1023 crc = skb_put(skb, 1);
1024 *crc = __fcs((void *) hdr);
1025}
1026
1027/* ---- RFCOMM frame reception ---- */
1028static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1029{
1030 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1031
1032 if (dlci) {
1033 /* Data channel */
1034 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1035 if (!d) {
1036 rfcomm_send_dm(s, dlci);
1037 return 0;
1038 }
1039
1040 switch (d->state) {
1041 case BT_CONNECT:
1042 rfcomm_dlc_clear_timer(d);
1043
1044 rfcomm_dlc_lock(d);
1045 d->state = BT_CONNECTED;
1046 d->state_change(d, 0);
1047 rfcomm_dlc_unlock(d);
1048
1049 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1050 break;
1051
1052 case BT_DISCONN:
1053 d->state = BT_CLOSED;
1054 __rfcomm_dlc_close(d, 0);
1055 break;
1056 }
1057 } else {
1058 /* Control channel */
1059 switch (s->state) {
1060 case BT_CONNECT:
1061 s->state = BT_CONNECTED;
1062 rfcomm_process_connect(s);
1063 break;
1064 }
1065 }
1066 return 0;
1067}
1068
1069static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1070{
1071 int err = 0;
1072
1073 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1074
1075 if (dlci) {
1076 /* Data DLC */
1077 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1078 if (d) {
1079 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1080 err = ECONNREFUSED;
1081 else
1082 err = ECONNRESET;
1083
1084 d->state = BT_CLOSED;
1085 __rfcomm_dlc_close(d, err);
1086 }
1087 } else {
1088 if (s->state == BT_CONNECT)
1089 err = ECONNREFUSED;
1090 else
1091 err = ECONNRESET;
1092
1093 s->state = BT_CLOSED;
1094 rfcomm_session_close(s, err);
1095 }
1096 return 0;
1097}
1098
1099static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1100{
1101 int err = 0;
1102
1103 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1104
1105 if (dlci) {
1106 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1107 if (d) {
1108 rfcomm_send_ua(s, dlci);
1109
1110 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1111 err = ECONNREFUSED;
1112 else
1113 err = ECONNRESET;
1114
1115 d->state = BT_CLOSED;
1116 __rfcomm_dlc_close(d, err);
1117 } else
1118 rfcomm_send_dm(s, dlci);
1119
1120 } else {
1121 rfcomm_send_ua(s, 0);
1122
1123 if (s->state == BT_CONNECT)
1124 err = ECONNREFUSED;
1125 else
1126 err = ECONNRESET;
1127
1128 s->state = BT_CLOSED;
1129 rfcomm_session_close(s, err);
1130 }
1131
1132 return 0;
1133}
1134
1135static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
1136{
1137 struct sock *sk = d->session->sock->sk;
1138
1139 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
1140 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
1141 return 1;
1142 } else if (d->link_mode & RFCOMM_LM_AUTH) {
1143 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
1144 return 1;
1145 }
1146
1147 return 0;
1148}
1149
1150static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1151{
1152 BT_DBG("dlc %p", d);
1153
1154 rfcomm_send_ua(d->session, d->dlci);
1155
1156 rfcomm_dlc_lock(d);
1157 d->state = BT_CONNECTED;
1158 d->state_change(d, 0);
1159 rfcomm_dlc_unlock(d);
1160
1161 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1162}
1163
1164static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1165{
1166 struct rfcomm_dlc *d;
1167 u8 channel;
1168
1169 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1170
1171 if (!dlci) {
1172 rfcomm_send_ua(s, 0);
1173
1174 if (s->state == BT_OPEN) {
1175 s->state = BT_CONNECTED;
1176 rfcomm_process_connect(s);
1177 }
1178 return 0;
1179 }
1180
1181 /* Check if DLC exists */
1182 d = rfcomm_dlc_get(s, dlci);
1183 if (d) {
1184 if (d->state == BT_OPEN) {
1185 /* DLC was previously opened by PN request */
1186 if (rfcomm_check_link_mode(d)) {
1187 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1188 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1189 return 0;
1190 }
1191
1192 rfcomm_dlc_accept(d);
1193 }
1194 return 0;
1195 }
1196
1197 /* Notify socket layer about incoming connection */
1198 channel = __srv_channel(dlci);
1199 if (rfcomm_connect_ind(s, channel, &d)) {
1200 d->dlci = dlci;
1201 d->addr = __addr(s->initiator, dlci);
1202 rfcomm_dlc_link(s, d);
1203
1204 if (rfcomm_check_link_mode(d)) {
1205 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1206 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1207 return 0;
1208 }
1209
1210 rfcomm_dlc_accept(d);
1211 } else {
1212 rfcomm_send_dm(s, dlci);
1213 }
1214
1215 return 0;
1216}
1217
1218static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1219{
1220 struct rfcomm_session *s = d->session;
1221
1222 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1223 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1224
1225 if (pn->flow_ctrl == 0xf0 || pn->flow_ctrl == 0xe0) {
1226 d->cfc = s->cfc = RFCOMM_CFC_ENABLED;
1227 d->tx_credits = pn->credits;
1228 } else {
1229 d->cfc = s->cfc = RFCOMM_CFC_DISABLED;
1230 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1231 }
1232
1233 d->priority = pn->priority;
1234
1235 d->mtu = s->mtu = btohs(pn->mtu);
1236
1237 return 0;
1238}
1239
1240static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1241{
1242 struct rfcomm_pn *pn = (void *) skb->data;
1243 struct rfcomm_dlc *d;
1244 u8 dlci = pn->dlci;
1245
1246 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1247
1248 if (!dlci)
1249 return 0;
1250
1251 d = rfcomm_dlc_get(s, dlci);
1252 if (d) {
1253 if (cr) {
1254 /* PN request */
1255 rfcomm_apply_pn(d, cr, pn);
1256 rfcomm_send_pn(s, 0, d);
1257 } else {
1258 /* PN response */
1259 switch (d->state) {
1260 case BT_CONFIG:
1261 rfcomm_apply_pn(d, cr, pn);
1262
1263 d->state = BT_CONNECT;
1264 rfcomm_send_sabm(s, d->dlci);
1265 break;
1266 }
1267 }
1268 } else {
1269 u8 channel = __srv_channel(dlci);
1270
1271 if (!cr)
1272 return 0;
1273
1274 /* PN request for non existing DLC.
1275 * Assume incoming connection. */
1276 if (rfcomm_connect_ind(s, channel, &d)) {
1277 d->dlci = dlci;
1278 d->addr = __addr(s->initiator, dlci);
1279 rfcomm_dlc_link(s, d);
1280
1281 rfcomm_apply_pn(d, cr, pn);
1282
1283 d->state = BT_OPEN;
1284 rfcomm_send_pn(s, 0, d);
1285 } else {
1286 rfcomm_send_dm(s, dlci);
1287 }
1288 }
1289 return 0;
1290}
1291
1292static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1293{
1294 struct rfcomm_rpn *rpn = (void *) skb->data;
1295 u8 dlci = __get_dlci(rpn->dlci);
1296
1297 u8 bit_rate = 0;
1298 u8 data_bits = 0;
1299 u8 stop_bits = 0;
1300 u8 parity = 0;
1301 u8 flow_ctrl = 0;
1302 u8 xon_char = 0;
1303 u8 xoff_char = 0;
1304 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
3a5e903c
S		 1305
1306 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1307 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1308 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1309
1310 if (!cr)
1da177e4 1311 return 0;
3a5e903c 1312
1da177e4 1313 if (len == 1) {
3a5e903c 1314 /* This is a request, return default settings */
1da177e4
LT		 1315 bit_rate = RFCOMM_RPN_BR_115200;
1316 data_bits = RFCOMM_RPN_DATA_8;
1317 stop_bits = RFCOMM_RPN_STOP_1;
1318 parity = RFCOMM_RPN_PARITY_NONE;
1319 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1320 xon_char = RFCOMM_RPN_XON_CHAR;
1321 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1da177e4
LT		 1322 goto rpn_out;
1323 }
3a5e903c
S		 1324
1325 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1326 * no parity, no flow control lines, normal XON/XOFF chars */
1327
1da177e4
LT		 1328 if (rpn->param_mask & RFCOMM_RPN_PM_BITRATE) {
1329 bit_rate = rpn->bit_rate;
1330 if (bit_rate != RFCOMM_RPN_BR_115200) {
1331 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1332 bit_rate = RFCOMM_RPN_BR_115200;
1333 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1334 }
1335 }
3a5e903c 1336
1da177e4
LT		 1337 if (rpn->param_mask & RFCOMM_RPN_PM_DATA) {
1338 data_bits = __get_rpn_data_bits(rpn->line_settings);
1339 if (data_bits != RFCOMM_RPN_DATA_8) {
1340 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1341 data_bits = RFCOMM_RPN_DATA_8;
1342 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1343 }
1344 }
3a5e903c 1345
1da177e4
LT		 1346 if (rpn->param_mask & RFCOMM_RPN_PM_STOP) {
1347 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1348 if (stop_bits != RFCOMM_RPN_STOP_1) {
1349 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1350 stop_bits = RFCOMM_RPN_STOP_1;
1351 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1352 }
1353 }
3a5e903c 1354
1da177e4
LT		 1355 if (rpn->param_mask & RFCOMM_RPN_PM_PARITY) {
1356 parity = __get_rpn_parity(rpn->line_settings);
1357 if (parity != RFCOMM_RPN_PARITY_NONE) {
1358 BT_DBG("RPN parity mismatch 0x%x", parity);
1359 parity = RFCOMM_RPN_PARITY_NONE;
1360 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1361 }
1362 }
3a5e903c 1363
1da177e4
LT		 1364 if (rpn->param_mask & RFCOMM_RPN_PM_FLOW) {
1365 flow_ctrl = rpn->flow_ctrl;
1366 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1367 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1368 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1369 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1370 }
1371 }
3a5e903c 1372
1da177e4
LT		 1373 if (rpn->param_mask & RFCOMM_RPN_PM_XON) {
1374 xon_char = rpn->xon_char;
1375 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1376 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1377 xon_char = RFCOMM_RPN_XON_CHAR;
1378 rpn_mask ^= RFCOMM_RPN_PM_XON;
1379 }
1380 }
3a5e903c 1381
1da177e4
LT		 1382 if (rpn->param_mask & RFCOMM_RPN_PM_XOFF) {
1383 xoff_char = rpn->xoff_char;
1384 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1385 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1386 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1387 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1388 }
1389 }
1390
1391rpn_out:
3a5e903c
S		 1392 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1393 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1da177e4
LT		 1394
1395 return 0;
1396}
1397
1398static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1399{
1400 struct rfcomm_rls *rls = (void *) skb->data;
1401 u8 dlci = __get_dlci(rls->dlci);
1402
1403 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
3a5e903c 1404
1da177e4
LT		 1405 if (!cr)
1406 return 0;
1407
3a5e903c
S		 1408 /* We should probably do something with this information here. But
1409 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1410 * mandatory to recognise and respond to RLS */
1da177e4
LT		 1411
1412 rfcomm_send_rls(s, 0, dlci, rls->status);
1413
1414 return 0;
1415}
1416
1417static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1418{
1419 struct rfcomm_msc *msc = (void *) skb->data;
1420 struct rfcomm_dlc *d;
1421 u8 dlci = __get_dlci(msc->dlci);
1422
1423 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1424
1425 d = rfcomm_dlc_get(s, dlci);
3a5e903c 1426 if (!d)
1da177e4
LT		 1427 return 0;
1428
1429 if (cr) {
1430 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1431 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1432 else
1433 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
3a5e903c 1434
1da177e4
LT		 1435 rfcomm_dlc_lock(d);
1436 if (d->modem_status)
1437 d->modem_status(d, msc->v24_sig);
1438 rfcomm_dlc_unlock(d);
1439
1440 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1441
1442 d->mscex |= RFCOMM_MSCEX_RX;
3a5e903c 1443 } else
1da177e4
LT		 1444 d->mscex |= RFCOMM_MSCEX_TX;
1445
1446 return 0;
1447}
1448
1449static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1450{
1451 struct rfcomm_mcc *mcc = (void *) skb->data;
1452 u8 type, cr, len;
1453
1454 cr = __test_cr(mcc->type);
1455 type = __get_mcc_type(mcc->type);
1456 len = __get_mcc_len(mcc->len);
1457
1458 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1459
1460 skb_pull(skb, 2);
1461
1462 switch (type) {
1463 case RFCOMM_PN:
1464 rfcomm_recv_pn(s, cr, skb);
1465 break;
1466
1467 case RFCOMM_RPN:
1468 rfcomm_recv_rpn(s, cr, len, skb);
1469 break;
1470
1471 case RFCOMM_RLS:
1472 rfcomm_recv_rls(s, cr, skb);
1473 break;
1474
1475 case RFCOMM_MSC:
1476 rfcomm_recv_msc(s, cr, skb);
1477 break;
1478
1479 case RFCOMM_FCOFF:
1480 if (cr) {
1481 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1482 rfcomm_send_fcoff(s, 0);
1483 }
1484 break;
1485
1486 case RFCOMM_FCON:
1487 if (cr) {
1488 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1489 rfcomm_send_fcon(s, 0);
1490 }
1491 break;
1492
1493 case RFCOMM_TEST:
1494 if (cr)
1495 rfcomm_send_test(s, 0, skb->data, skb->len);
1496 break;
1497
1498 case RFCOMM_NSC:
1499 break;
1500
1501 default:
1502 BT_ERR("Unknown control type 0x%02x", type);
1503 rfcomm_send_nsc(s, cr, type);
1504 break;
1505 }
1506 return 0;
1507}
1508
1509static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1510{
1511 struct rfcomm_dlc *d;
1512
1513 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1514
1515 d = rfcomm_dlc_get(s, dlci);
1516 if (!d) {
1517 rfcomm_send_dm(s, dlci);
1518 goto drop;
1519 }
1520
1521 if (pf && d->cfc) {
1522 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1523
1524 d->tx_credits += credits;
1525 if (d->tx_credits)
1526 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1527 }
1528
1529 if (skb->len && d->state == BT_CONNECTED) {
1530 rfcomm_dlc_lock(d);
1531 d->rx_credits--;
1532 d->data_ready(d, skb);
1533 rfcomm_dlc_unlock(d);
1534 return 0;
1535 }
1536
1537drop:
1538 kfree_skb(skb);
1539 return 0;
1540}
1541
1542static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1543{
1544 struct rfcomm_hdr *hdr = (void *) skb->data;
1545 u8 type, dlci, fcs;
1546
1547 dlci = __get_dlci(hdr->addr);
1548 type = __get_type(hdr->ctrl);
1549
1550 /* Trim FCS */
1551 skb->len--; skb->tail--;
1552 fcs = *(u8 *) skb->tail;
1553
1554 if (__check_fcs(skb->data, type, fcs)) {
1555 BT_ERR("bad checksum in packet");
1556 kfree_skb(skb);
1557 return -EILSEQ;
1558 }
1559
1560 if (__test_ea(hdr->len))
1561 skb_pull(skb, 3);
1562 else
1563 skb_pull(skb, 4);
1564
1565 switch (type) {
1566 case RFCOMM_SABM:
1567 if (__test_pf(hdr->ctrl))
1568 rfcomm_recv_sabm(s, dlci);
1569 break;
1570
1571 case RFCOMM_DISC:
1572 if (__test_pf(hdr->ctrl))
1573 rfcomm_recv_disc(s, dlci);
1574 break;
1575
1576 case RFCOMM_UA:
1577 if (__test_pf(hdr->ctrl))
1578 rfcomm_recv_ua(s, dlci);
1579 break;
1580
1581 case RFCOMM_DM:
1582 rfcomm_recv_dm(s, dlci);
1583 break;
1584
1585 case RFCOMM_UIH:
1586 if (dlci)
1587 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1588
1589 rfcomm_recv_mcc(s, skb);
1590 break;
1591
1592 default:
1593 BT_ERR("Unknown packet type 0x%02x\n", type);
1594 break;
1595 }
1596 kfree_skb(skb);
1597 return 0;
1598}
1599
1600/* ---- Connection and data processing ---- */
1601
1602static void rfcomm_process_connect(struct rfcomm_session *s)
1603{
1604 struct rfcomm_dlc *d;
1605 struct list_head *p, *n;
1606
1607 BT_DBG("session %p state %ld", s, s->state);
1608
1609 list_for_each_safe(p, n, &s->dlcs) {
1610 d = list_entry(p, struct rfcomm_dlc, list);
1611 if (d->state == BT_CONFIG) {
1612 d->mtu = s->mtu;
1613 rfcomm_send_pn(s, 1, d);
1614 }
1615 }
1616}
1617
1618/* Send data queued for the DLC.
1619 * Return number of frames left in the queue.
1620 */
1621static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1622{
1623 struct sk_buff *skb;
1624 int err;
1625
1626 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1627 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1628
1629 /* Send pending MSC */
1630 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1631 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1632
1633 if (d->cfc) {
1634 /* CFC enabled.
1635 * Give them some credits */
1636 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1637 d->rx_credits <= (d->cfc >> 2)) {
1638 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1639 d->rx_credits = d->cfc;
1640 }
1641 } else {
1642 /* CFC disabled.
1643 * Give ourselves some credits */
1644 d->tx_credits = 5;
1645 }
1646
1647 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1648 return skb_queue_len(&d->tx_queue);
1649
1650 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1651 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1652 if (err < 0) {
1653 skb_queue_head(&d->tx_queue, skb);
1654 break;
1655 }
1656 kfree_skb(skb);
1657 d->tx_credits--;
1658 }
1659
1660 if (d->cfc && !d->tx_credits) {
1661 /* We're out of TX credits.
1662 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1663 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1664 }
1665
1666 return skb_queue_len(&d->tx_queue);
1667}
1668
1669static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1670{
1671 struct rfcomm_dlc *d;
1672 struct list_head *p, *n;
1673
1674 BT_DBG("session %p state %ld", s, s->state);
1675
1676 list_for_each_safe(p, n, &s->dlcs) {
1677 d = list_entry(p, struct rfcomm_dlc, list);
1678
1679 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1680 __rfcomm_dlc_close(d, ETIMEDOUT);
1681 continue;
1682 }
1683
1684 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1685 rfcomm_dlc_clear_timer(d);
1686 rfcomm_dlc_accept(d);
1687 if (d->link_mode & RFCOMM_LM_SECURE) {
1688 struct sock *sk = s->sock->sk;
1689 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
1690 }
1691 continue;
1692 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1693 rfcomm_dlc_clear_timer(d);
1694 rfcomm_send_dm(s, d->dlci);
1695 __rfcomm_dlc_close(d, ECONNREFUSED);
1696 continue;
1697 }
1698
1699 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1700 continue;
1701
1702 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1703 d->mscex == RFCOMM_MSCEX_OK)
1704 rfcomm_process_tx(d);
1705 }
1706}
1707
1708static inline void rfcomm_process_rx(struct rfcomm_session *s)
1709{
1710 struct socket *sock = s->sock;
1711 struct sock *sk = sock->sk;
1712 struct sk_buff *skb;
1713
1714 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1715
1716 /* Get data directly from socket receive queue without copying it. */
1717 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1718 skb_orphan(skb);
1719 rfcomm_recv_frame(s, skb);
1720 }
1721
1722 if (sk->sk_state == BT_CLOSED) {
1723 if (!s->initiator)
1724 rfcomm_session_put(s);
1725
1726 rfcomm_session_close(s, sk->sk_err);
1727 }
1728}
1729
1730static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1731{
1732 struct socket *sock = s->sock, *nsock;
1733 int err;
1734
1735 /* Fast check for a new connection.
1736 * Avoids unnesesary socket allocations. */
1737 if (list_empty(&bt_sk(sock->sk)->accept_q))
1738 return;
1739
1740 BT_DBG("session %p", s);
1741
1742 if (sock_create_lite(PF_BLUETOOTH, sock->type, BTPROTO_L2CAP, &nsock))
1743 return;
1744
1745 nsock->ops = sock->ops;
1746
1747 __module_get(nsock->ops->owner);
1748
1749 err = sock->ops->accept(sock, nsock, O_NONBLOCK);
1750 if (err < 0) {
1751 sock_release(nsock);
1752 return;
1753 }
1754
1755 /* Set our callbacks */
1756 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1757 nsock->sk->sk_state_change = rfcomm_l2state_change;
1758
1759 s = rfcomm_session_add(nsock, BT_OPEN);
1760 if (s) {
1761 rfcomm_session_hold(s);
1762 rfcomm_schedule(RFCOMM_SCHED_RX);
1763 } else
1764 sock_release(nsock);
1765}
1766
1767static inline void rfcomm_check_connection(struct rfcomm_session *s)
1768{
1769 struct sock *sk = s->sock->sk;
1770
1771 BT_DBG("%p state %ld", s, s->state);
1772
1773 switch(sk->sk_state) {
1774 case BT_CONNECTED:
1775 s->state = BT_CONNECT;
1776
1777 /* We can adjust MTU on outgoing sessions.
1778 * L2CAP MTU minus UIH header and FCS. */
1779 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1780
1781 rfcomm_send_sabm(s, 0);
1782 break;
1783
1784 case BT_CLOSED:
1785 s->state = BT_CLOSED;
1786 rfcomm_session_close(s, sk->sk_err);
1787 break;
1788 }
1789}
1790
1791static inline void rfcomm_process_sessions(void)
1792{
1793 struct list_head *p, *n;
1794
1795 rfcomm_lock();
1796
1797 list_for_each_safe(p, n, &session_list) {
1798 struct rfcomm_session *s;
1799 s = list_entry(p, struct rfcomm_session, list);
1800
1801 if (s->state == BT_LISTEN) {
1802 rfcomm_accept_connection(s);
1803 continue;
1804 }
1805
1806 rfcomm_session_hold(s);
1807
1808 switch (s->state) {
1809 case BT_BOUND:
1810 rfcomm_check_connection(s);
1811 break;
1812
1813 default:
1814 rfcomm_process_rx(s);
1815 break;
1816 }
1817
1818 rfcomm_process_dlcs(s);
1819
1820 rfcomm_session_put(s);
1821 }
1822
1823 rfcomm_unlock();
1824}
1825
1826static void rfcomm_worker(void)
1827{
1828 BT_DBG("");
1829
1830 while (!atomic_read(&terminate)) {
1831 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1832 /* No pending events. Let's sleep.
1833 * Incoming connections and data will wake us up. */
1834 set_current_state(TASK_INTERRUPTIBLE);
1835 schedule();
1836 }
1837
1838 /* Process stuff */
1839 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1840 rfcomm_process_sessions();
1841 }
1842 set_current_state(TASK_RUNNING);
1843 return;
1844}
1845
1846static int rfcomm_add_listener(bdaddr_t *ba)
1847{
1848 struct sockaddr_l2 addr;
1849 struct socket *sock;
1850 struct sock *sk;
1851 struct rfcomm_session *s;
1852 int err = 0;
1853
1854 /* Create socket */
1855 err = rfcomm_l2sock_create(&sock);
1856 if (err < 0) {
1857 BT_ERR("Create socket failed %d", err);
1858 return err;
1859 }
1860
1861 /* Bind socket */
1862 bacpy(&addr.l2_bdaddr, ba);
1863 addr.l2_family = AF_BLUETOOTH;
1864 addr.l2_psm = htobs(RFCOMM_PSM);
1865 err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1866 if (err < 0) {
1867 BT_ERR("Bind failed %d", err);
1868 goto failed;
1869 }
1870
1871 /* Set L2CAP options */
1872 sk = sock->sk;
1873 lock_sock(sk);
56f3a40a 1874 l2cap_pi(sk)->imtu = l2cap_mtu;
1da177e4
LT		 1875 release_sock(sk);
1876
1877 /* Start listening on the socket */
1878 err = sock->ops->listen(sock, 10);
1879 if (err) {
1880 BT_ERR("Listen failed %d", err);
1881 goto failed;
1882 }
1883
1884 /* Add listening session */
1885 s = rfcomm_session_add(sock, BT_LISTEN);
1886 if (!s)
1887 goto failed;
1888
1889 rfcomm_session_hold(s);
1890 return 0;
1891failed:
1892 sock_release(sock);
1893 return err;
1894}
1895
1896static void rfcomm_kill_listener(void)
1897{
1898 struct rfcomm_session *s;
1899 struct list_head *p, *n;
1900
1901 BT_DBG("");
1902
1903 list_for_each_safe(p, n, &session_list) {
1904 s = list_entry(p, struct rfcomm_session, list);
1905 rfcomm_session_del(s);
1906 }
1907}
1908
1909static int rfcomm_run(void *unused)
1910{
1911 rfcomm_thread = current;
1912
1913 atomic_inc(&running);
1914
1915 daemonize("krfcommd");
1916 set_user_nice(current, -10);
1917 current->flags |= PF_NOFREEZE;
1918
1919 BT_DBG("");
1920
1921 rfcomm_add_listener(BDADDR_ANY);
1922
1923 rfcomm_worker();
1924
1925 rfcomm_kill_listener();
1926
1927 atomic_dec(&running);
1928 return 0;
1929}
1930
1931static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
1932{
1933 struct rfcomm_session *s;
1934 struct rfcomm_dlc *d;
1935 struct list_head *p, *n;
1936
1937 BT_DBG("conn %p status 0x%02x", conn, status);
1938
1939 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1940 if (!s)
1941 return;
1942
1943 rfcomm_session_hold(s);
1944
1945 list_for_each_safe(p, n, &s->dlcs) {
1946 d = list_entry(p, struct rfcomm_dlc, list);
1947
1948 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE))
1949 continue;
1950
1951 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1952 continue;
1953
1954 if (!status)
1955 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1956 else
1957 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1958 }
1959
1960 rfcomm_session_put(s);
1961
1962 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1963}
1964
1965static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1966{
1967 struct rfcomm_session *s;
1968 struct rfcomm_dlc *d;
1969 struct list_head *p, *n;
1970
1971 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
1972
1973 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1974 if (!s)
1975 return;
1976
1977 rfcomm_session_hold(s);
1978
1979 list_for_each_safe(p, n, &s->dlcs) {
1980 d = list_entry(p, struct rfcomm_dlc, list);
1981
1982 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1983 continue;
1984
1985 if (!status && encrypt)
1986 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1987 else
1988 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1989 }
1990
1991 rfcomm_session_put(s);
1992
1993 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1994}
1995
1996static struct hci_cb rfcomm_cb = {
1997 .name = "RFCOMM",
1998 .auth_cfm = rfcomm_auth_cfm,
1999 .encrypt_cfm = rfcomm_encrypt_cfm
2000};
2001
be9d1227 2002static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
1da177e4
LT		 2003{
2004 struct rfcomm_session *s;
2005 struct list_head *pp, *p;
be9d1227 2006 char *str = buf;
1da177e4
LT		 2007
2008 rfcomm_lock();
2009
2010 list_for_each(p, &session_list) {
2011 s = list_entry(p, struct rfcomm_session, list);
be9d1227
MH		 2012 list_for_each(pp, &s->dlcs) {
2013 struct sock *sk = s->sock->sk;
2014 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
1da177e4 2015
be9d1227
MH		 2016 str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2017 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2018 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
1da177e4
LT		 2019 }
2020 }
1da177e4 2021
1da177e4 2022 rfcomm_unlock();
1da177e4 2023
be9d1227 2024 return (str - buf);
1da177e4
LT		 2025}
2026
be9d1227 2027static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
1da177e4
LT		 2028
2029/* ---- Initialization ---- */
2030static int __init rfcomm_init(void)
2031{
2032 l2cap_load();
2033
2034 hci_register_cb(&rfcomm_cb);
2035
2036 kernel_thread(rfcomm_run, NULL, CLONE_KERNEL);
2037
a91f2e39 2038 class_create_file(bt_class, &class_attr_rfcomm_dlc);
1da177e4
LT		 2039
2040 rfcomm_init_sockets();
2041
2042#ifdef CONFIG_BT_RFCOMM_TTY
2043 rfcomm_init_ttys();
2044#endif
2045
be9d1227
MH		 2046 BT_INFO("RFCOMM ver %s", VERSION);
2047
1da177e4
LT		 2048 return 0;
2049}
2050
2051static void __exit rfcomm_exit(void)
2052{
a91f2e39 2053 class_remove_file(bt_class, &class_attr_rfcomm_dlc);
be9d1227 2054
1da177e4
LT		 2055 hci_unregister_cb(&rfcomm_cb);
2056
2057 /* Terminate working thread.
2058 * ie. Set terminate flag and wake it up */
2059 atomic_inc(&terminate);
2060 rfcomm_schedule(RFCOMM_SCHED_STATE);
2061
2062 /* Wait until thread is running */
2063 while (atomic_read(&running))
2064 schedule();
2065
2066#ifdef CONFIG_BT_RFCOMM_TTY
2067 rfcomm_cleanup_ttys();
2068#endif
2069
2070 rfcomm_cleanup_sockets();
1da177e4
LT		 2071}
2072
2073module_init(rfcomm_init);
2074module_exit(rfcomm_exit);
2075
56f3a40a
MH		 2076module_param(l2cap_mtu, uint, 0644);
2077MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2078
1da177e4
LT		 2079MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
2080MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2081MODULE_VERSION(VERSION);
2082MODULE_LICENSE("GPL");
2083MODULE_ALIAS("bt-proto-3");
kernel source for telekom puls (alcatel/mediatek)