projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[WAN]: converting generic HDLC to use netif_dormant*()
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / bluetooth / rfcomm / core.c
CommitLineData
1da177e4
LT		 1/*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22*/
23
1da177e4
LT		 24/*
25 * Bluetooth RFCOMM core.
26 *
27 * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $
28 */
29
1da177e4
LT		 30#include <linux/module.h>
31#include <linux/errno.h>
32#include <linux/kernel.h>
33#include <linux/sched.h>
34#include <linux/signal.h>
35#include <linux/init.h>
36#include <linux/wait.h>
be9d1227 37#include <linux/device.h>
1da177e4 38#include <linux/net.h>
4a3e2f71
AV		 39#include <linux/mutex.h>
40
1da177e4
LT		 41#include <net/sock.h>
42#include <asm/uaccess.h>
43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47#include <net/bluetooth/l2cap.h>
48#include <net/bluetooth/rfcomm.h>
49
1da177e4
LT		 50#ifndef CONFIG_BT_RFCOMM_DEBUG
51#undef BT_DBG
52#define BT_DBG(D...)
53#endif
54
7c2660b0 55#define VERSION "1.8"
56f3a40a 56
7c2660b0 57static int disable_cfc = 0;
56f3a40a
MH		 58static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
59
1da177e4
LT		 60static struct task_struct *rfcomm_thread;
61
4a3e2f71
AV		 62static DEFINE_MUTEX(rfcomm_mutex);
63#define rfcomm_lock() mutex_lock(&rfcomm_mutex)
64#define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
1da177e4
LT		 65
66static unsigned long rfcomm_event;
67
68static LIST_HEAD(session_list);
69static atomic_t terminate, running;
70
71static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
72static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
73static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
74static int rfcomm_queue_disc(struct rfcomm_dlc *d);
75static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
76static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
77static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
78static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
79static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
80static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
81
82static void rfcomm_process_connect(struct rfcomm_session *s);
83
84static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
85static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
86static void rfcomm_session_del(struct rfcomm_session *s);
87
88/* ---- RFCOMM frame parsing macros ---- */
89#define __get_dlci(b) ((b & 0xfc) >> 2)
90#define __get_channel(b) ((b & 0xf8) >> 3)
91#define __get_dir(b) ((b & 0x04) >> 2)
92#define __get_type(b) ((b & 0xef))
93
94#define __test_ea(b) ((b & 0x01))
95#define __test_cr(b) ((b & 0x02))
96#define __test_pf(b) ((b & 0x10))
97
98#define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
99#define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
100#define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
101#define __srv_channel(dlci) (dlci >> 1)
102#define __dir(dlci) (dlci & 0x01)
103
104#define __len8(len) (((len) << 1) | 1)
105#define __len16(len) ((len) << 1)
106
107/* MCC macros */
108#define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
109#define __get_mcc_type(b) ((b & 0xfc) >> 2)
110#define __get_mcc_len(b) ((b & 0xfe) >> 1)
111
112/* RPN macros */
3a5e903c 113#define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
1da177e4
LT		 114#define __get_rpn_data_bits(line) ((line) & 0x3)
115#define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
3a5e903c 116#define __get_rpn_parity(line) (((line) >> 3) & 0x7)
1da177e4
LT		 117
118static inline void rfcomm_schedule(uint event)
119{
120 if (!rfcomm_thread)
121 return;
122 //set_bit(event, &rfcomm_event);
123 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
124 wake_up_process(rfcomm_thread);
125}
126
127static inline void rfcomm_session_put(struct rfcomm_session *s)
128{
129 if (atomic_dec_and_test(&s->refcnt))
130 rfcomm_session_del(s);
131}
132
133/* ---- RFCOMM FCS computation ---- */
134
408c1ce2
MH		 135/* reversed, 8-bit, poly=0x07 */
136static unsigned char rfcomm_crc_table[256] = {
137 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
138 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
139 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
140 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
141
142 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
143 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
144 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
145 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
146
147 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
148 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
149 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
150 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
151
152 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
153 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
154 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
155 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
156
157 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
158 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
159 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
160 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
161
162 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
163 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
164 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
165 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
166
167 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
168 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
169 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
170 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
171
172 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
173 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
174 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
175 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
176};
177
1da177e4
LT		 178/* CRC on 2 bytes */
179#define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
180
181/* FCS on 2 bytes */
182static inline u8 __fcs(u8 *data)
183{
184 return (0xff - __crc(data));
185}
186
187/* FCS on 3 bytes */
188static inline u8 __fcs2(u8 *data)
189{
190 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
191}
192
193/* Check FCS */
194static inline int __check_fcs(u8 *data, int type, u8 fcs)
195{
196 u8 f = __crc(data);
197
198 if (type != RFCOMM_UIH)
199 f = rfcomm_crc_table[f ^ data[2]];
200
201 return rfcomm_crc_table[f ^ fcs] != 0xcf;
202}
203
204/* ---- L2CAP callbacks ---- */
205static void rfcomm_l2state_change(struct sock *sk)
206{
207 BT_DBG("%p state %d", sk, sk->sk_state);
208 rfcomm_schedule(RFCOMM_SCHED_STATE);
209}
210
211static void rfcomm_l2data_ready(struct sock *sk, int bytes)
212{
213 BT_DBG("%p bytes %d", sk, bytes);
214 rfcomm_schedule(RFCOMM_SCHED_RX);
215}
216
217static int rfcomm_l2sock_create(struct socket **sock)
218{
219 int err;
220
221 BT_DBG("");
222
223 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
224 if (!err) {
225 struct sock *sk = (*sock)->sk;
226 sk->sk_data_ready = rfcomm_l2data_ready;
227 sk->sk_state_change = rfcomm_l2state_change;
228 }
229 return err;
230}
231
232/* ---- RFCOMM DLCs ---- */
233static void rfcomm_dlc_timeout(unsigned long arg)
234{
235 struct rfcomm_dlc *d = (void *) arg;
236
237 BT_DBG("dlc %p state %ld", d, d->state);
238
239 set_bit(RFCOMM_TIMED_OUT, &d->flags);
240 rfcomm_dlc_put(d);
241 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
242}
243
244static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
245{
246 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
247
248 if (!mod_timer(&d->timer, jiffies + timeout))
249 rfcomm_dlc_hold(d);
250}
251
252static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
253{
254 BT_DBG("dlc %p state %ld", d, d->state);
255
256 if (timer_pending(&d->timer) && del_timer(&d->timer))
257 rfcomm_dlc_put(d);
258}
259
260static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
261{
262 BT_DBG("%p", d);
263
264 d->state = BT_OPEN;
265 d->flags = 0;
266 d->mscex = 0;
267 d->mtu = RFCOMM_DEFAULT_MTU;
268 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
269
270 d->cfc = RFCOMM_CFC_DISABLED;
271 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
272}
273
dd0fc66f 274struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
1da177e4
LT		 275{
276 struct rfcomm_dlc *d = kmalloc(sizeof(*d), prio);
277 if (!d)
278 return NULL;
279 memset(d, 0, sizeof(*d));
280
281 init_timer(&d->timer);
282 d->timer.function = rfcomm_dlc_timeout;
283 d->timer.data = (unsigned long) d;
284
285 skb_queue_head_init(&d->tx_queue);
286 spin_lock_init(&d->lock);
287 atomic_set(&d->refcnt, 1);
288
289 rfcomm_dlc_clear_state(d);
290
291 BT_DBG("%p", d);
292 return d;
293}
294
295void rfcomm_dlc_free(struct rfcomm_dlc *d)
296{
297 BT_DBG("%p", d);
298
299 skb_queue_purge(&d->tx_queue);
300 kfree(d);
301}
302
303static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
304{
305 BT_DBG("dlc %p session %p", d, s);
306
307 rfcomm_session_hold(s);
308
309 rfcomm_dlc_hold(d);
310 list_add(&d->list, &s->dlcs);
311 d->session = s;
312}
313
314static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
315{
316 struct rfcomm_session *s = d->session;
317
318 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
319
320 list_del(&d->list);
321 d->session = NULL;
322 rfcomm_dlc_put(d);
323
324 rfcomm_session_put(s);
325}
326
327static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
328{
329 struct rfcomm_dlc *d;
330 struct list_head *p;
331
332 list_for_each(p, &s->dlcs) {
333 d = list_entry(p, struct rfcomm_dlc, list);
334 if (d->dlci == dlci)
335 return d;
336 }
337 return NULL;
338}
339
340static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
341{
342 struct rfcomm_session *s;
343 int err = 0;
344 u8 dlci;
345
346 BT_DBG("dlc %p state %ld %s %s channel %d",
347 d, d->state, batostr(src), batostr(dst), channel);
348
349 if (channel < 1 || channel > 30)
350 return -EINVAL;
351
352 if (d->state != BT_OPEN && d->state != BT_CLOSED)
353 return 0;
354
355 s = rfcomm_session_get(src, dst);
356 if (!s) {
357 s = rfcomm_session_create(src, dst, &err);
358 if (!s)
359 return err;
360 }
361
362 dlci = __dlci(!s->initiator, channel);
363
364 /* Check if DLCI already exists */
365 if (rfcomm_dlc_get(s, dlci))
366 return -EBUSY;
367
368 rfcomm_dlc_clear_state(d);
369
370 d->dlci = dlci;
371 d->addr = __addr(s->initiator, dlci);
372 d->priority = 7;
373
374 d->state = BT_CONFIG;
375 rfcomm_dlc_link(s, d);
376
377 d->mtu = s->mtu;
378 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
379
380 if (s->state == BT_CONNECTED)
381 rfcomm_send_pn(s, 1, d);
382 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
383 return 0;
384}
385
386int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
387{
388 int r;
389
390 rfcomm_lock();
391
392 r = __rfcomm_dlc_open(d, src, dst, channel);
393
394 rfcomm_unlock();
395 return r;
396}
397
398static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
399{
400 struct rfcomm_session *s = d->session;
401 if (!s)
402 return 0;
403
404 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
405 d, d->state, d->dlci, err, s);
406
407 switch (d->state) {
408 case BT_CONNECTED:
409 case BT_CONFIG:
410 case BT_CONNECT:
411 d->state = BT_DISCONN;
412 if (skb_queue_empty(&d->tx_queue)) {
413 rfcomm_send_disc(s, d->dlci);
414 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
415 } else {
416 rfcomm_queue_disc(d);
417 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
418 }
419 break;
420
421 default:
422 rfcomm_dlc_clear_timer(d);
423
424 rfcomm_dlc_lock(d);
425 d->state = BT_CLOSED;
426 d->state_change(d, err);
427 rfcomm_dlc_unlock(d);
428
429 skb_queue_purge(&d->tx_queue);
1da177e4
LT		 430 rfcomm_dlc_unlink(d);
431 }
432
433 return 0;
434}
435
436int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
437{
438 int r;
439
440 rfcomm_lock();
441
442 r = __rfcomm_dlc_close(d, err);
443
444 rfcomm_unlock();
445 return r;
446}
447
448int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
449{
450 int len = skb->len;
451
452 if (d->state != BT_CONNECTED)
453 return -ENOTCONN;
454
455 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
456
457 if (len > d->mtu)
458 return -EINVAL;
459
460 rfcomm_make_uih(skb, d->addr);
461 skb_queue_tail(&d->tx_queue, skb);
462
463 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
464 rfcomm_schedule(RFCOMM_SCHED_TX);
465 return len;
466}
467
468void fastcall __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
469{
470 BT_DBG("dlc %p state %ld", d, d->state);
471
472 if (!d->cfc) {
473 d->v24_sig |= RFCOMM_V24_FC;
474 set_bit(RFCOMM_MSC_PENDING, &d->flags);
475 }
476 rfcomm_schedule(RFCOMM_SCHED_TX);
477}
478
479void fastcall __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
480{
481 BT_DBG("dlc %p state %ld", d, d->state);
482
483 if (!d->cfc) {
484 d->v24_sig &= ~RFCOMM_V24_FC;
485 set_bit(RFCOMM_MSC_PENDING, &d->flags);
486 }
487 rfcomm_schedule(RFCOMM_SCHED_TX);
488}
489
490/*
491 Set/get modem status functions use _local_ status i.e. what we report
492 to the other side.
493 Remote status is provided by dlc->modem_status() callback.
494 */
495int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
496{
497 BT_DBG("dlc %p state %ld v24_sig 0x%x",
498 d, d->state, v24_sig);
499
500 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
501 v24_sig |= RFCOMM_V24_FC;
502 else
503 v24_sig &= ~RFCOMM_V24_FC;
504
505 d->v24_sig = v24_sig;
506
507 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
508 rfcomm_schedule(RFCOMM_SCHED_TX);
509
510 return 0;
511}
512
513int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
514{
515 BT_DBG("dlc %p state %ld v24_sig 0x%x",
516 d, d->state, d->v24_sig);
517
518 *v24_sig = d->v24_sig;
519 return 0;
520}
521
522/* ---- RFCOMM sessions ---- */
523static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
524{
525 struct rfcomm_session *s = kmalloc(sizeof(*s), GFP_KERNEL);
526 if (!s)
527 return NULL;
528 memset(s, 0, sizeof(*s));
529
530 BT_DBG("session %p sock %p", s, sock);
531
532 INIT_LIST_HEAD(&s->dlcs);
533 s->state = state;
534 s->sock = sock;
535
536 s->mtu = RFCOMM_DEFAULT_MTU;
7c2660b0 537 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
1da177e4
LT		 538
539 /* Do not increment module usage count for listening sessions.
540 * Otherwise we won't be able to unload the module. */
541 if (state != BT_LISTEN)
542 if (!try_module_get(THIS_MODULE)) {
543 kfree(s);
544 return NULL;
545 }
546
547 list_add(&s->list, &session_list);
548
549 return s;
550}
551
552static void rfcomm_session_del(struct rfcomm_session *s)
553{
554 int state = s->state;
555
556 BT_DBG("session %p state %ld", s, s->state);
557
558 list_del(&s->list);
559
560 if (state == BT_CONNECTED)
561 rfcomm_send_disc(s, 0);
562
563 sock_release(s->sock);
564 kfree(s);
565
566 if (state != BT_LISTEN)
567 module_put(THIS_MODULE);
568}
569
570static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
571{
572 struct rfcomm_session *s;
573 struct list_head *p, *n;
574 struct bt_sock *sk;
575 list_for_each_safe(p, n, &session_list) {
576 s = list_entry(p, struct rfcomm_session, list);
577 sk = bt_sk(s->sock->sk);
578
579 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
580 !bacmp(&sk->dst, dst))
581 return s;
582 }
583 return NULL;
584}
585
586static void rfcomm_session_close(struct rfcomm_session *s, int err)
587{
588 struct rfcomm_dlc *d;
589 struct list_head *p, *n;
590
591 BT_DBG("session %p state %ld err %d", s, s->state, err);
592
593 rfcomm_session_hold(s);
594
595 s->state = BT_CLOSED;
596
597 /* Close all dlcs */
598 list_for_each_safe(p, n, &s->dlcs) {
599 d = list_entry(p, struct rfcomm_dlc, list);
600 d->state = BT_CLOSED;
601 __rfcomm_dlc_close(d, err);
602 }
603
604 rfcomm_session_put(s);
605}
606
607static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
608{
609 struct rfcomm_session *s = NULL;
610 struct sockaddr_l2 addr;
611 struct socket *sock;
612 struct sock *sk;
613
614 BT_DBG("%s %s", batostr(src), batostr(dst));
615
616 *err = rfcomm_l2sock_create(&sock);
617 if (*err < 0)
618 return NULL;
619
620 bacpy(&addr.l2_bdaddr, src);
621 addr.l2_family = AF_BLUETOOTH;
622 addr.l2_psm = 0;
623 *err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
624 if (*err < 0)
625 goto failed;
626
627 /* Set L2CAP options */
628 sk = sock->sk;
629 lock_sock(sk);
56f3a40a 630 l2cap_pi(sk)->imtu = l2cap_mtu;
1da177e4
LT		 631 release_sock(sk);
632
633 s = rfcomm_session_add(sock, BT_BOUND);
634 if (!s) {
635 *err = -ENOMEM;
636 goto failed;
637 }
638
1da177e4
LT		 639 s->initiator = 1;
640
641 bacpy(&addr.l2_bdaddr, dst);
642 addr.l2_family = AF_BLUETOOTH;
643 addr.l2_psm = htobs(RFCOMM_PSM);
644 *err = sock->ops->connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
645 if (*err == 0 || *err == -EAGAIN)
646 return s;
647
648 rfcomm_session_del(s);
649 return NULL;
650
651failed:
652 sock_release(sock);
653 return NULL;
654}
655
656void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
657{
658 struct sock *sk = s->sock->sk;
659 if (src)
660 bacpy(src, &bt_sk(sk)->src);
661 if (dst)
662 bacpy(dst, &bt_sk(sk)->dst);
663}
664
665/* ---- RFCOMM frame sending ---- */
666static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
667{
668 struct socket *sock = s->sock;
669 struct kvec iv = { data, len };
670 struct msghdr msg;
671
672 BT_DBG("session %p len %d", s, len);
673
674 memset(&msg, 0, sizeof(msg));
675
676 return kernel_sendmsg(sock, &msg, &iv, 1, len);
677}
678
679static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
680{
681 struct rfcomm_cmd cmd;
682
683 BT_DBG("%p dlci %d", s, dlci);
684
685 cmd.addr = __addr(s->initiator, dlci);
686 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
687 cmd.len = __len8(0);
688 cmd.fcs = __fcs2((u8 *) &cmd);
689
690 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
691}
692
693static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
694{
695 struct rfcomm_cmd cmd;
696
697 BT_DBG("%p dlci %d", s, dlci);
698
699 cmd.addr = __addr(!s->initiator, dlci);
700 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
701 cmd.len = __len8(0);
702 cmd.fcs = __fcs2((u8 *) &cmd);
703
704 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
705}
706
707static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
708{
709 struct rfcomm_cmd cmd;
710
711 BT_DBG("%p dlci %d", s, dlci);
712
713 cmd.addr = __addr(s->initiator, dlci);
714 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
715 cmd.len = __len8(0);
716 cmd.fcs = __fcs2((u8 *) &cmd);
717
718 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
719}
720
721static int rfcomm_queue_disc(struct rfcomm_dlc *d)
722{
723 struct rfcomm_cmd *cmd;
724 struct sk_buff *skb;
725
726 BT_DBG("dlc %p dlci %d", d, d->dlci);
727
728 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
729 if (!skb)
730 return -ENOMEM;
731
732 cmd = (void *) __skb_put(skb, sizeof(*cmd));
733 cmd->addr = d->addr;
734 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
735 cmd->len = __len8(0);
736 cmd->fcs = __fcs2((u8 *) cmd);
737
738 skb_queue_tail(&d->tx_queue, skb);
739 rfcomm_schedule(RFCOMM_SCHED_TX);
740 return 0;
741}
742
743static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
744{
745 struct rfcomm_cmd cmd;
746
747 BT_DBG("%p dlci %d", s, dlci);
748
749 cmd.addr = __addr(!s->initiator, dlci);
750 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
751 cmd.len = __len8(0);
752 cmd.fcs = __fcs2((u8 *) &cmd);
753
754 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
755}
756
757static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
758{
759 struct rfcomm_hdr *hdr;
760 struct rfcomm_mcc *mcc;
761 u8 buf[16], *ptr = buf;
762
763 BT_DBG("%p cr %d type %d", s, cr, type);
764
765 hdr = (void *) ptr; ptr += sizeof(*hdr);
766 hdr->addr = __addr(s->initiator, 0);
767 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
768 hdr->len = __len8(sizeof(*mcc) + 1);
769
770 mcc = (void *) ptr; ptr += sizeof(*mcc);
771 mcc->type = __mcc_type(cr, RFCOMM_NSC);
772 mcc->len = __len8(1);
773
774 /* Type that we didn't like */
775 *ptr = __mcc_type(cr, type); ptr++;
776
777 *ptr = __fcs(buf); ptr++;
778
779 return rfcomm_send_frame(s, buf, ptr - buf);
780}
781
782static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
783{
784 struct rfcomm_hdr *hdr;
785 struct rfcomm_mcc *mcc;
786 struct rfcomm_pn *pn;
787 u8 buf[16], *ptr = buf;
788
789 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
790
791 hdr = (void *) ptr; ptr += sizeof(*hdr);
792 hdr->addr = __addr(s->initiator, 0);
793 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
794 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
795
796 mcc = (void *) ptr; ptr += sizeof(*mcc);
797 mcc->type = __mcc_type(cr, RFCOMM_PN);
798 mcc->len = __len8(sizeof(*pn));
799
800 pn = (void *) ptr; ptr += sizeof(*pn);
801 pn->dlci = d->dlci;
802 pn->priority = d->priority;
803 pn->ack_timer = 0;
804 pn->max_retrans = 0;
805
806 if (s->cfc) {
807 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
808 pn->credits = RFCOMM_DEFAULT_CREDITS;
809 } else {
810 pn->flow_ctrl = 0;
811 pn->credits = 0;
812 }
813
814 pn->mtu = htobs(d->mtu);
815
816 *ptr = __fcs(buf); ptr++;
817
818 return rfcomm_send_frame(s, buf, ptr - buf);
819}
820
3a5e903c
S		 821int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
822 u8 bit_rate, u8 data_bits, u8 stop_bits,
823 u8 parity, u8 flow_ctrl_settings,
824 u8 xon_char, u8 xoff_char, u16 param_mask)
1da177e4
LT		 825{
826 struct rfcomm_hdr *hdr;
827 struct rfcomm_mcc *mcc;
828 struct rfcomm_rpn *rpn;
829 u8 buf[16], *ptr = buf;
830
831 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
3a5e903c
S		 832 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
833 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
834 flow_ctrl_settings, xon_char, xoff_char, param_mask);
1da177e4
LT		 835
836 hdr = (void *) ptr; ptr += sizeof(*hdr);
837 hdr->addr = __addr(s->initiator, 0);
838 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
839 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
840
841 mcc = (void *) ptr; ptr += sizeof(*mcc);
842 mcc->type = __mcc_type(cr, RFCOMM_RPN);
843 mcc->len = __len8(sizeof(*rpn));
844
845 rpn = (void *) ptr; ptr += sizeof(*rpn);
846 rpn->dlci = __addr(1, dlci);
847 rpn->bit_rate = bit_rate;
848 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
849 rpn->flow_ctrl = flow_ctrl_settings;
850 rpn->xon_char = xon_char;
851 rpn->xoff_char = xoff_char;
852 rpn->param_mask = param_mask;
853
854 *ptr = __fcs(buf); ptr++;
855
856 return rfcomm_send_frame(s, buf, ptr - buf);
857}
858
859static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
860{
861 struct rfcomm_hdr *hdr;
862 struct rfcomm_mcc *mcc;
863 struct rfcomm_rls *rls;
864 u8 buf[16], *ptr = buf;
865
866 BT_DBG("%p cr %d status 0x%x", s, cr, status);
867
868 hdr = (void *) ptr; ptr += sizeof(*hdr);
869 hdr->addr = __addr(s->initiator, 0);
870 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
871 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
872
873 mcc = (void *) ptr; ptr += sizeof(*mcc);
874 mcc->type = __mcc_type(cr, RFCOMM_RLS);
875 mcc->len = __len8(sizeof(*rls));
876
877 rls = (void *) ptr; ptr += sizeof(*rls);
878 rls->dlci = __addr(1, dlci);
879 rls->status = status;
880
881 *ptr = __fcs(buf); ptr++;
882
883 return rfcomm_send_frame(s, buf, ptr - buf);
884}
885
886static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
887{
888 struct rfcomm_hdr *hdr;
889 struct rfcomm_mcc *mcc;
890 struct rfcomm_msc *msc;
891 u8 buf[16], *ptr = buf;
892
893 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
894
895 hdr = (void *) ptr; ptr += sizeof(*hdr);
896 hdr->addr = __addr(s->initiator, 0);
897 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
898 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
899
900 mcc = (void *) ptr; ptr += sizeof(*mcc);
901 mcc->type = __mcc_type(cr, RFCOMM_MSC);
902 mcc->len = __len8(sizeof(*msc));
903
904 msc = (void *) ptr; ptr += sizeof(*msc);
905 msc->dlci = __addr(1, dlci);
906 msc->v24_sig = v24_sig | 0x01;
907
908 *ptr = __fcs(buf); ptr++;
909
910 return rfcomm_send_frame(s, buf, ptr - buf);
911}
912
913static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
914{
915 struct rfcomm_hdr *hdr;
916 struct rfcomm_mcc *mcc;
917 u8 buf[16], *ptr = buf;
918
919 BT_DBG("%p cr %d", s, cr);
920
921 hdr = (void *) ptr; ptr += sizeof(*hdr);
922 hdr->addr = __addr(s->initiator, 0);
923 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
924 hdr->len = __len8(sizeof(*mcc));
925
926 mcc = (void *) ptr; ptr += sizeof(*mcc);
927 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
928 mcc->len = __len8(0);
929
930 *ptr = __fcs(buf); ptr++;
931
932 return rfcomm_send_frame(s, buf, ptr - buf);
933}
934
935static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
936{
937 struct rfcomm_hdr *hdr;
938 struct rfcomm_mcc *mcc;
939 u8 buf[16], *ptr = buf;
940
941 BT_DBG("%p cr %d", s, cr);
942
943 hdr = (void *) ptr; ptr += sizeof(*hdr);
944 hdr->addr = __addr(s->initiator, 0);
945 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
946 hdr->len = __len8(sizeof(*mcc));
947
948 mcc = (void *) ptr; ptr += sizeof(*mcc);
949 mcc->type = __mcc_type(cr, RFCOMM_FCON);
950 mcc->len = __len8(0);
951
952 *ptr = __fcs(buf); ptr++;
953
954 return rfcomm_send_frame(s, buf, ptr - buf);
955}
956
957static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
958{
959 struct socket *sock = s->sock;
960 struct kvec iv[3];
961 struct msghdr msg;
962 unsigned char hdr[5], crc[1];
963
964 if (len > 125)
965 return -EINVAL;
966
967 BT_DBG("%p cr %d", s, cr);
968
969 hdr[0] = __addr(s->initiator, 0);
970 hdr[1] = __ctrl(RFCOMM_UIH, 0);
971 hdr[2] = 0x01 | ((len + 2) << 1);
972 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
973 hdr[4] = 0x01 | (len << 1);
974
975 crc[0] = __fcs(hdr);
976
977 iv[0].iov_base = hdr;
978 iv[0].iov_len = 5;
979 iv[1].iov_base = pattern;
980 iv[1].iov_len = len;
981 iv[2].iov_base = crc;
982 iv[2].iov_len = 1;
983
984 memset(&msg, 0, sizeof(msg));
985
986 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
987}
988
989static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
990{
991 struct rfcomm_hdr *hdr;
992 u8 buf[16], *ptr = buf;
993
994 BT_DBG("%p addr %d credits %d", s, addr, credits);
995
996 hdr = (void *) ptr; ptr += sizeof(*hdr);
997 hdr->addr = addr;
998 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
999 hdr->len = __len8(0);
1000
1001 *ptr = credits; ptr++;
1002
1003 *ptr = __fcs(buf); ptr++;
1004
1005 return rfcomm_send_frame(s, buf, ptr - buf);
1006}
1007
1008static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1009{
1010 struct rfcomm_hdr *hdr;
1011 int len = skb->len;
1012 u8 *crc;
1013
1014 if (len > 127) {
1015 hdr = (void *) skb_push(skb, 4);
1016 put_unaligned(htobs(__len16(len)), (u16 *) &hdr->len);
1017 } else {
1018 hdr = (void *) skb_push(skb, 3);
1019 hdr->len = __len8(len);
1020 }
1021 hdr->addr = addr;
1022 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1023
1024 crc = skb_put(skb, 1);
1025 *crc = __fcs((void *) hdr);
1026}
1027
1028/* ---- RFCOMM frame reception ---- */
1029static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1030{
1031 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1032
1033 if (dlci) {
1034 /* Data channel */
1035 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1036 if (!d) {
1037 rfcomm_send_dm(s, dlci);
1038 return 0;
1039 }
1040
1041 switch (d->state) {
1042 case BT_CONNECT:
1043 rfcomm_dlc_clear_timer(d);
1044
1045 rfcomm_dlc_lock(d);
1046 d->state = BT_CONNECTED;
1047 d->state_change(d, 0);
1048 rfcomm_dlc_unlock(d);
1049
1050 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1051 break;
1052
1053 case BT_DISCONN:
1054 d->state = BT_CLOSED;
1055 __rfcomm_dlc_close(d, 0);
1056 break;
1057 }
1058 } else {
1059 /* Control channel */
1060 switch (s->state) {
1061 case BT_CONNECT:
1062 s->state = BT_CONNECTED;
1063 rfcomm_process_connect(s);
1064 break;
1065 }
1066 }
1067 return 0;
1068}
1069
1070static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1071{
1072 int err = 0;
1073
1074 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1075
1076 if (dlci) {
1077 /* Data DLC */
1078 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1079 if (d) {
1080 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1081 err = ECONNREFUSED;
1082 else
1083 err = ECONNRESET;
1084
1085 d->state = BT_CLOSED;
1086 __rfcomm_dlc_close(d, err);
1087 }
1088 } else {
1089 if (s->state == BT_CONNECT)
1090 err = ECONNREFUSED;
1091 else
1092 err = ECONNRESET;
1093
1094 s->state = BT_CLOSED;
1095 rfcomm_session_close(s, err);
1096 }
1097 return 0;
1098}
1099
1100static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1101{
1102 int err = 0;
1103
1104 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1105
1106 if (dlci) {
1107 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1108 if (d) {
1109 rfcomm_send_ua(s, dlci);
1110
1111 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1112 err = ECONNREFUSED;
1113 else
1114 err = ECONNRESET;
1115
1116 d->state = BT_CLOSED;
1117 __rfcomm_dlc_close(d, err);
1118 } else
1119 rfcomm_send_dm(s, dlci);
1120
1121 } else {
1122 rfcomm_send_ua(s, 0);
1123
1124 if (s->state == BT_CONNECT)
1125 err = ECONNREFUSED;
1126 else
1127 err = ECONNRESET;
1128
1129 s->state = BT_CLOSED;
1130 rfcomm_session_close(s, err);
1131 }
1132
1133 return 0;
1134}
1135
1136static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
1137{
1138 struct sock *sk = d->session->sock->sk;
1139
1140 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
1141 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
1142 return 1;
1143 } else if (d->link_mode & RFCOMM_LM_AUTH) {
1144 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
1145 return 1;
1146 }
1147
1148 return 0;
1149}
1150
1151static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1152{
300b9397
MH		 1153 struct sock *sk = d->session->sock->sk;
1154
1da177e4
LT		 1155 BT_DBG("dlc %p", d);
1156
1157 rfcomm_send_ua(d->session, d->dlci);
1158
1159 rfcomm_dlc_lock(d);
1160 d->state = BT_CONNECTED;
1161 d->state_change(d, 0);
1162 rfcomm_dlc_unlock(d);
1163
300b9397
MH		 1164 if (d->link_mode & RFCOMM_LM_MASTER)
1165 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);
1166
1da177e4
LT		 1167 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1168}
1169
1170static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1171{
1172 struct rfcomm_dlc *d;
1173 u8 channel;
1174
1175 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1176
1177 if (!dlci) {
1178 rfcomm_send_ua(s, 0);
1179
1180 if (s->state == BT_OPEN) {
1181 s->state = BT_CONNECTED;
1182 rfcomm_process_connect(s);
1183 }
1184 return 0;
1185 }
1186
1187 /* Check if DLC exists */
1188 d = rfcomm_dlc_get(s, dlci);
1189 if (d) {
1190 if (d->state == BT_OPEN) {
1191 /* DLC was previously opened by PN request */
1192 if (rfcomm_check_link_mode(d)) {
1193 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1194 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1195 return 0;
1196 }
1197
1198 rfcomm_dlc_accept(d);
1199 }
1200 return 0;
1201 }
1202
1203 /* Notify socket layer about incoming connection */
1204 channel = __srv_channel(dlci);
1205 if (rfcomm_connect_ind(s, channel, &d)) {
1206 d->dlci = dlci;
1207 d->addr = __addr(s->initiator, dlci);
1208 rfcomm_dlc_link(s, d);
1209
1210 if (rfcomm_check_link_mode(d)) {
1211 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1212 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1213 return 0;
1214 }
1215
1216 rfcomm_dlc_accept(d);
1217 } else {
1218 rfcomm_send_dm(s, dlci);
1219 }
1220
1221 return 0;
1222}
1223
1224static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1225{
1226 struct rfcomm_session *s = d->session;
1227
1228 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1229 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1230
7c2660b0
MH		 1231 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1232 pn->flow_ctrl == 0xe0) {
1233 d->cfc = RFCOMM_CFC_ENABLED;
1da177e4
LT		 1234 d->tx_credits = pn->credits;
1235 } else {
7c2660b0 1236 d->cfc = RFCOMM_CFC_DISABLED;
1da177e4
LT		 1237 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1238 }
1239
7c2660b0
MH		 1240 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1241 s->cfc = d->cfc;
1242
1da177e4
LT		 1243 d->priority = pn->priority;
1244
1245 d->mtu = s->mtu = btohs(pn->mtu);
1246
1247 return 0;
1248}
1249
1250static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1251{
1252 struct rfcomm_pn *pn = (void *) skb->data;
1253 struct rfcomm_dlc *d;
1254 u8 dlci = pn->dlci;
1255
1256 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1257
1258 if (!dlci)
1259 return 0;
1260
1261 d = rfcomm_dlc_get(s, dlci);
1262 if (d) {
1263 if (cr) {
1264 /* PN request */
1265 rfcomm_apply_pn(d, cr, pn);
1266 rfcomm_send_pn(s, 0, d);
1267 } else {
1268 /* PN response */
1269 switch (d->state) {
1270 case BT_CONFIG:
1271 rfcomm_apply_pn(d, cr, pn);
1272
1273 d->state = BT_CONNECT;
1274 rfcomm_send_sabm(s, d->dlci);
1275 break;
1276 }
1277 }
1278 } else {
1279 u8 channel = __srv_channel(dlci);
1280
1281 if (!cr)
1282 return 0;
1283
1284 /* PN request for non existing DLC.
1285 * Assume incoming connection. */
1286 if (rfcomm_connect_ind(s, channel, &d)) {
1287 d->dlci = dlci;
1288 d->addr = __addr(s->initiator, dlci);
1289 rfcomm_dlc_link(s, d);
1290
1291 rfcomm_apply_pn(d, cr, pn);
1292
1293 d->state = BT_OPEN;
1294 rfcomm_send_pn(s, 0, d);
1295 } else {
1296 rfcomm_send_dm(s, dlci);
1297 }
1298 }
1299 return 0;
1300}
1301
1302static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1303{
1304 struct rfcomm_rpn *rpn = (void *) skb->data;
1305 u8 dlci = __get_dlci(rpn->dlci);
1306
1307 u8 bit_rate = 0;
1308 u8 data_bits = 0;
1309 u8 stop_bits = 0;
1310 u8 parity = 0;
1311 u8 flow_ctrl = 0;
1312 u8 xon_char = 0;
1313 u8 xoff_char = 0;
1314 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
3a5e903c
S		 1315
1316 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1317 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1318 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1319
1320 if (!cr)
1da177e4 1321 return 0;
3a5e903c 1322
1da177e4 1323 if (len == 1) {
3a5e903c 1324 /* This is a request, return default settings */
1da177e4
LT		 1325 bit_rate = RFCOMM_RPN_BR_115200;
1326 data_bits = RFCOMM_RPN_DATA_8;
1327 stop_bits = RFCOMM_RPN_STOP_1;
1328 parity = RFCOMM_RPN_PARITY_NONE;
1329 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1330 xon_char = RFCOMM_RPN_XON_CHAR;
1331 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1da177e4
LT		 1332 goto rpn_out;
1333 }
3a5e903c
S		 1334
1335 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1336 * no parity, no flow control lines, normal XON/XOFF chars */
1337
1da177e4
LT		 1338 if (rpn->param_mask & RFCOMM_RPN_PM_BITRATE) {
1339 bit_rate = rpn->bit_rate;
1340 if (bit_rate != RFCOMM_RPN_BR_115200) {
1341 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1342 bit_rate = RFCOMM_RPN_BR_115200;
1343 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1344 }
1345 }
3a5e903c 1346
1da177e4
LT		 1347 if (rpn->param_mask & RFCOMM_RPN_PM_DATA) {
1348 data_bits = __get_rpn_data_bits(rpn->line_settings);
1349 if (data_bits != RFCOMM_RPN_DATA_8) {
1350 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1351 data_bits = RFCOMM_RPN_DATA_8;
1352 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1353 }
1354 }
3a5e903c 1355
1da177e4
LT		 1356 if (rpn->param_mask & RFCOMM_RPN_PM_STOP) {
1357 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1358 if (stop_bits != RFCOMM_RPN_STOP_1) {
1359 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1360 stop_bits = RFCOMM_RPN_STOP_1;
1361 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1362 }
1363 }
3a5e903c 1364
1da177e4
LT		 1365 if (rpn->param_mask & RFCOMM_RPN_PM_PARITY) {
1366 parity = __get_rpn_parity(rpn->line_settings);
1367 if (parity != RFCOMM_RPN_PARITY_NONE) {
1368 BT_DBG("RPN parity mismatch 0x%x", parity);
1369 parity = RFCOMM_RPN_PARITY_NONE;
1370 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1371 }
1372 }
3a5e903c 1373
1da177e4
LT		 1374 if (rpn->param_mask & RFCOMM_RPN_PM_FLOW) {
1375 flow_ctrl = rpn->flow_ctrl;
1376 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1377 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1378 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1379 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1380 }
1381 }
3a5e903c 1382
1da177e4
LT		 1383 if (rpn->param_mask & RFCOMM_RPN_PM_XON) {
1384 xon_char = rpn->xon_char;
1385 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1386 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1387 xon_char = RFCOMM_RPN_XON_CHAR;
1388 rpn_mask ^= RFCOMM_RPN_PM_XON;
1389 }
1390 }
3a5e903c 1391
1da177e4
LT		 1392 if (rpn->param_mask & RFCOMM_RPN_PM_XOFF) {
1393 xoff_char = rpn->xoff_char;
1394 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1395 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1396 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1397 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1398 }
1399 }
1400
1401rpn_out:
3a5e903c
S		 1402 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1403 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1da177e4
LT		 1404
1405 return 0;
1406}
1407
1408static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1409{
1410 struct rfcomm_rls *rls = (void *) skb->data;
1411 u8 dlci = __get_dlci(rls->dlci);
1412
1413 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
3a5e903c 1414
1da177e4
LT		 1415 if (!cr)
1416 return 0;
1417
3a5e903c
S		 1418 /* We should probably do something with this information here. But
1419 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1420 * mandatory to recognise and respond to RLS */
1da177e4
LT		 1421
1422 rfcomm_send_rls(s, 0, dlci, rls->status);
1423
1424 return 0;
1425}
1426
1427static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1428{
1429 struct rfcomm_msc *msc = (void *) skb->data;
1430 struct rfcomm_dlc *d;
1431 u8 dlci = __get_dlci(msc->dlci);
1432
1433 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1434
1435 d = rfcomm_dlc_get(s, dlci);
3a5e903c 1436 if (!d)
1da177e4
LT		 1437 return 0;
1438
1439 if (cr) {
1440 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1441 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1442 else
1443 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
3a5e903c 1444
1da177e4
LT		 1445 rfcomm_dlc_lock(d);
1446 if (d->modem_status)
1447 d->modem_status(d, msc->v24_sig);
1448 rfcomm_dlc_unlock(d);
1449
1450 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1451
1452 d->mscex |= RFCOMM_MSCEX_RX;
3a5e903c 1453 } else
1da177e4
LT		 1454 d->mscex |= RFCOMM_MSCEX_TX;
1455
1456 return 0;
1457}
1458
1459static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1460{
1461 struct rfcomm_mcc *mcc = (void *) skb->data;
1462 u8 type, cr, len;
1463
1464 cr = __test_cr(mcc->type);
1465 type = __get_mcc_type(mcc->type);
1466 len = __get_mcc_len(mcc->len);
1467
1468 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1469
1470 skb_pull(skb, 2);
1471
1472 switch (type) {
1473 case RFCOMM_PN:
1474 rfcomm_recv_pn(s, cr, skb);
1475 break;
1476
1477 case RFCOMM_RPN:
1478 rfcomm_recv_rpn(s, cr, len, skb);
1479 break;
1480
1481 case RFCOMM_RLS:
1482 rfcomm_recv_rls(s, cr, skb);
1483 break;
1484
1485 case RFCOMM_MSC:
1486 rfcomm_recv_msc(s, cr, skb);
1487 break;
1488
1489 case RFCOMM_FCOFF:
1490 if (cr) {
1491 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1492 rfcomm_send_fcoff(s, 0);
1493 }
1494 break;
1495
1496 case RFCOMM_FCON:
1497 if (cr) {
1498 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1499 rfcomm_send_fcon(s, 0);
1500 }
1501 break;
1502
1503 case RFCOMM_TEST:
1504 if (cr)
1505 rfcomm_send_test(s, 0, skb->data, skb->len);
1506 break;
1507
1508 case RFCOMM_NSC:
1509 break;
1510
1511 default:
1512 BT_ERR("Unknown control type 0x%02x", type);
1513 rfcomm_send_nsc(s, cr, type);
1514 break;
1515 }
1516 return 0;
1517}
1518
1519static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1520{
1521 struct rfcomm_dlc *d;
1522
1523 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1524
1525 d = rfcomm_dlc_get(s, dlci);
1526 if (!d) {
1527 rfcomm_send_dm(s, dlci);
1528 goto drop;
1529 }
1530
1531 if (pf && d->cfc) {
1532 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1533
1534 d->tx_credits += credits;
1535 if (d->tx_credits)
1536 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1537 }
1538
1539 if (skb->len && d->state == BT_CONNECTED) {
1540 rfcomm_dlc_lock(d);
1541 d->rx_credits--;
1542 d->data_ready(d, skb);
1543 rfcomm_dlc_unlock(d);
1544 return 0;
1545 }
1546
1547drop:
1548 kfree_skb(skb);
1549 return 0;
1550}
1551
1552static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1553{
1554 struct rfcomm_hdr *hdr = (void *) skb->data;
1555 u8 type, dlci, fcs;
1556
1557 dlci = __get_dlci(hdr->addr);
1558 type = __get_type(hdr->ctrl);
1559
1560 /* Trim FCS */
1561 skb->len--; skb->tail--;
1562 fcs = *(u8 *) skb->tail;
1563
1564 if (__check_fcs(skb->data, type, fcs)) {
1565 BT_ERR("bad checksum in packet");
1566 kfree_skb(skb);
1567 return -EILSEQ;
1568 }
1569
1570 if (__test_ea(hdr->len))
1571 skb_pull(skb, 3);
1572 else
1573 skb_pull(skb, 4);
1574
1575 switch (type) {
1576 case RFCOMM_SABM:
1577 if (__test_pf(hdr->ctrl))
1578 rfcomm_recv_sabm(s, dlci);
1579 break;
1580
1581 case RFCOMM_DISC:
1582 if (__test_pf(hdr->ctrl))
1583 rfcomm_recv_disc(s, dlci);
1584 break;
1585
1586 case RFCOMM_UA:
1587 if (__test_pf(hdr->ctrl))
1588 rfcomm_recv_ua(s, dlci);
1589 break;
1590
1591 case RFCOMM_DM:
1592 rfcomm_recv_dm(s, dlci);
1593 break;
1594
1595 case RFCOMM_UIH:
1596 if (dlci)
1597 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1598
1599 rfcomm_recv_mcc(s, skb);
1600 break;
1601
1602 default:
1603 BT_ERR("Unknown packet type 0x%02x\n", type);
1604 break;
1605 }
1606 kfree_skb(skb);
1607 return 0;
1608}
1609
1610/* ---- Connection and data processing ---- */
1611
1612static void rfcomm_process_connect(struct rfcomm_session *s)
1613{
1614 struct rfcomm_dlc *d;
1615 struct list_head *p, *n;
1616
1617 BT_DBG("session %p state %ld", s, s->state);
1618
1619 list_for_each_safe(p, n, &s->dlcs) {
1620 d = list_entry(p, struct rfcomm_dlc, list);
1621 if (d->state == BT_CONFIG) {
1622 d->mtu = s->mtu;
1623 rfcomm_send_pn(s, 1, d);
1624 }
1625 }
1626}
1627
1628/* Send data queued for the DLC.
1629 * Return number of frames left in the queue.
1630 */
1631static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1632{
1633 struct sk_buff *skb;
1634 int err;
1635
1636 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1637 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1638
1639 /* Send pending MSC */
1640 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1641 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1642
1643 if (d->cfc) {
1644 /* CFC enabled.
1645 * Give them some credits */
1646 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1647 d->rx_credits <= (d->cfc >> 2)) {
1648 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1649 d->rx_credits = d->cfc;
1650 }
1651 } else {
1652 /* CFC disabled.
1653 * Give ourselves some credits */
1654 d->tx_credits = 5;
1655 }
1656
1657 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1658 return skb_queue_len(&d->tx_queue);
1659
1660 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1661 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1662 if (err < 0) {
1663 skb_queue_head(&d->tx_queue, skb);
1664 break;
1665 }
1666 kfree_skb(skb);
1667 d->tx_credits--;
1668 }
1669
1670 if (d->cfc && !d->tx_credits) {
1671 /* We're out of TX credits.
1672 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1673 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1674 }
1675
1676 return skb_queue_len(&d->tx_queue);
1677}
1678
1679static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1680{
1681 struct rfcomm_dlc *d;
1682 struct list_head *p, *n;
1683
1684 BT_DBG("session %p state %ld", s, s->state);
1685
1686 list_for_each_safe(p, n, &s->dlcs) {
1687 d = list_entry(p, struct rfcomm_dlc, list);
1688
1689 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1690 __rfcomm_dlc_close(d, ETIMEDOUT);
1691 continue;
1692 }
1693
1694 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1695 rfcomm_dlc_clear_timer(d);
1696 rfcomm_dlc_accept(d);
1697 if (d->link_mode & RFCOMM_LM_SECURE) {
1698 struct sock *sk = s->sock->sk;
1699 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
1700 }
1701 continue;
1702 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1703 rfcomm_dlc_clear_timer(d);
1704 rfcomm_send_dm(s, d->dlci);
1705 __rfcomm_dlc_close(d, ECONNREFUSED);
1706 continue;
1707 }
1708
1709 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1710 continue;
1711
1712 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1713 d->mscex == RFCOMM_MSCEX_OK)
1714 rfcomm_process_tx(d);
1715 }
1716}
1717
1718static inline void rfcomm_process_rx(struct rfcomm_session *s)
1719{
1720 struct socket *sock = s->sock;
1721 struct sock *sk = sock->sk;
1722 struct sk_buff *skb;
1723
1724 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1725
1726 /* Get data directly from socket receive queue without copying it. */
1727 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1728 skb_orphan(skb);
1729 rfcomm_recv_frame(s, skb);
1730 }
1731
1732 if (sk->sk_state == BT_CLOSED) {
1733 if (!s->initiator)
1734 rfcomm_session_put(s);
1735
1736 rfcomm_session_close(s, sk->sk_err);
1737 }
1738}
1739
1740static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1741{
1742 struct socket *sock = s->sock, *nsock;
1743 int err;
1744
1745 /* Fast check for a new connection.
1746 * Avoids unnesesary socket allocations. */
1747 if (list_empty(&bt_sk(sock->sk)->accept_q))
1748 return;
1749
1750 BT_DBG("session %p", s);
1751
1752 if (sock_create_lite(PF_BLUETOOTH, sock->type, BTPROTO_L2CAP, &nsock))
1753 return;
1754
1755 nsock->ops = sock->ops;
1756
1757 __module_get(nsock->ops->owner);
1758
1759 err = sock->ops->accept(sock, nsock, O_NONBLOCK);
1760 if (err < 0) {
1761 sock_release(nsock);
1762 return;
1763 }
1764
1765 /* Set our callbacks */
1766 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1767 nsock->sk->sk_state_change = rfcomm_l2state_change;
1768
1769 s = rfcomm_session_add(nsock, BT_OPEN);
1770 if (s) {
1771 rfcomm_session_hold(s);
1772 rfcomm_schedule(RFCOMM_SCHED_RX);
1773 } else
1774 sock_release(nsock);
1775}
1776
1777static inline void rfcomm_check_connection(struct rfcomm_session *s)
1778{
1779 struct sock *sk = s->sock->sk;
1780
1781 BT_DBG("%p state %ld", s, s->state);
1782
1783 switch(sk->sk_state) {
1784 case BT_CONNECTED:
1785 s->state = BT_CONNECT;
1786
1787 /* We can adjust MTU on outgoing sessions.
1788 * L2CAP MTU minus UIH header and FCS. */
1789 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1790
1791 rfcomm_send_sabm(s, 0);
1792 break;
1793
1794 case BT_CLOSED:
1795 s->state = BT_CLOSED;
1796 rfcomm_session_close(s, sk->sk_err);
1797 break;
1798 }
1799}
1800
1801static inline void rfcomm_process_sessions(void)
1802{
1803 struct list_head *p, *n;
1804
1805 rfcomm_lock();
1806
1807 list_for_each_safe(p, n, &session_list) {
1808 struct rfcomm_session *s;
1809 s = list_entry(p, struct rfcomm_session, list);
1810
1811 if (s->state == BT_LISTEN) {
1812 rfcomm_accept_connection(s);
1813 continue;
1814 }
1815
1816 rfcomm_session_hold(s);
1817
1818 switch (s->state) {
1819 case BT_BOUND:
1820 rfcomm_check_connection(s);
1821 break;
1822
1823 default:
1824 rfcomm_process_rx(s);
1825 break;
1826 }
1827
1828 rfcomm_process_dlcs(s);
1829
1830 rfcomm_session_put(s);
1831 }
1832
1833 rfcomm_unlock();
1834}
1835
1836static void rfcomm_worker(void)
1837{
1838 BT_DBG("");
1839
1840 while (!atomic_read(&terminate)) {
1841 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1842 /* No pending events. Let's sleep.
1843 * Incoming connections and data will wake us up. */
1844 set_current_state(TASK_INTERRUPTIBLE);
1845 schedule();
1846 }
1847
1848 /* Process stuff */
1849 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1850 rfcomm_process_sessions();
1851 }
1852 set_current_state(TASK_RUNNING);
1853 return;
1854}
1855
1856static int rfcomm_add_listener(bdaddr_t *ba)
1857{
1858 struct sockaddr_l2 addr;
1859 struct socket *sock;
1860 struct sock *sk;
1861 struct rfcomm_session *s;
1862 int err = 0;
1863
1864 /* Create socket */
1865 err = rfcomm_l2sock_create(&sock);
1866 if (err < 0) {
1867 BT_ERR("Create socket failed %d", err);
1868 return err;
1869 }
1870
1871 /* Bind socket */
1872 bacpy(&addr.l2_bdaddr, ba);
1873 addr.l2_family = AF_BLUETOOTH;
1874 addr.l2_psm = htobs(RFCOMM_PSM);
1875 err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1876 if (err < 0) {
1877 BT_ERR("Bind failed %d", err);
1878 goto failed;
1879 }
1880
1881 /* Set L2CAP options */
1882 sk = sock->sk;
1883 lock_sock(sk);
56f3a40a 1884 l2cap_pi(sk)->imtu = l2cap_mtu;
1da177e4
LT		 1885 release_sock(sk);
1886
1887 /* Start listening on the socket */
1888 err = sock->ops->listen(sock, 10);
1889 if (err) {
1890 BT_ERR("Listen failed %d", err);
1891 goto failed;
1892 }
1893
1894 /* Add listening session */
1895 s = rfcomm_session_add(sock, BT_LISTEN);
1896 if (!s)
1897 goto failed;
1898
1899 rfcomm_session_hold(s);
1900 return 0;
1901failed:
1902 sock_release(sock);
1903 return err;
1904}
1905
1906static void rfcomm_kill_listener(void)
1907{
1908 struct rfcomm_session *s;
1909 struct list_head *p, *n;
1910
1911 BT_DBG("");
1912
1913 list_for_each_safe(p, n, &session_list) {
1914 s = list_entry(p, struct rfcomm_session, list);
1915 rfcomm_session_del(s);
1916 }
1917}
1918
1919static int rfcomm_run(void *unused)
1920{
1921 rfcomm_thread = current;
1922
1923 atomic_inc(&running);
1924
1925 daemonize("krfcommd");
1926 set_user_nice(current, -10);
1927 current->flags |= PF_NOFREEZE;
1928
1929 BT_DBG("");
1930
1931 rfcomm_add_listener(BDADDR_ANY);
1932
1933 rfcomm_worker();
1934
1935 rfcomm_kill_listener();
1936
1937 atomic_dec(&running);
1938 return 0;
1939}
1940
1941static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
1942{
1943 struct rfcomm_session *s;
1944 struct rfcomm_dlc *d;
1945 struct list_head *p, *n;
1946
1947 BT_DBG("conn %p status 0x%02x", conn, status);
1948
1949 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1950 if (!s)
1951 return;
1952
1953 rfcomm_session_hold(s);
1954
1955 list_for_each_safe(p, n, &s->dlcs) {
1956 d = list_entry(p, struct rfcomm_dlc, list);
1957
1958 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE))
1959 continue;
1960
1961 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1962 continue;
1963
1964 if (!status)
1965 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1966 else
1967 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1968 }
1969
1970 rfcomm_session_put(s);
1971
1972 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1973}
1974
1975static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1976{
1977 struct rfcomm_session *s;
1978 struct rfcomm_dlc *d;
1979 struct list_head *p, *n;
1980
1981 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
1982
1983 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1984 if (!s)
1985 return;
1986
1987 rfcomm_session_hold(s);
1988
1989 list_for_each_safe(p, n, &s->dlcs) {
1990 d = list_entry(p, struct rfcomm_dlc, list);
1991
1992 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1993 continue;
1994
1995 if (!status && encrypt)
1996 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1997 else
1998 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1999 }
2000
2001 rfcomm_session_put(s);
2002
2003 rfcomm_schedule(RFCOMM_SCHED_AUTH);
2004}
2005
2006static struct hci_cb rfcomm_cb = {
2007 .name = "RFCOMM",
2008 .auth_cfm = rfcomm_auth_cfm,
2009 .encrypt_cfm = rfcomm_encrypt_cfm
2010};
2011
be9d1227 2012static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
1da177e4
LT		 2013{
2014 struct rfcomm_session *s;
2015 struct list_head *pp, *p;
be9d1227 2016 char *str = buf;
1da177e4
LT		 2017
2018 rfcomm_lock();
2019
2020 list_for_each(p, &session_list) {
2021 s = list_entry(p, struct rfcomm_session, list);
be9d1227
MH		 2022 list_for_each(pp, &s->dlcs) {
2023 struct sock *sk = s->sock->sk;
2024 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
1da177e4 2025
be9d1227
MH		 2026 str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2027 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2028 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
1da177e4
LT		 2029 }
2030 }
1da177e4 2031
1da177e4 2032 rfcomm_unlock();
1da177e4 2033
be9d1227 2034 return (str - buf);
1da177e4
LT		 2035}
2036
be9d1227 2037static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
1da177e4
LT		 2038
2039/* ---- Initialization ---- */
2040static int __init rfcomm_init(void)
2041{
2042 l2cap_load();
2043
2044 hci_register_cb(&rfcomm_cb);
2045
2046 kernel_thread(rfcomm_run, NULL, CLONE_KERNEL);
2047
a91f2e39 2048 class_create_file(bt_class, &class_attr_rfcomm_dlc);
1da177e4
LT		 2049
2050 rfcomm_init_sockets();
2051
2052#ifdef CONFIG_BT_RFCOMM_TTY
2053 rfcomm_init_ttys();
2054#endif
2055
be9d1227
MH		 2056 BT_INFO("RFCOMM ver %s", VERSION);
2057
1da177e4
LT		 2058 return 0;
2059}
2060
2061static void __exit rfcomm_exit(void)
2062{
a91f2e39 2063 class_remove_file(bt_class, &class_attr_rfcomm_dlc);
be9d1227 2064
1da177e4
LT		 2065 hci_unregister_cb(&rfcomm_cb);
2066
2067 /* Terminate working thread.
2068 * ie. Set terminate flag and wake it up */
2069 atomic_inc(&terminate);
2070 rfcomm_schedule(RFCOMM_SCHED_STATE);
2071
2072 /* Wait until thread is running */
2073 while (atomic_read(&running))
2074 schedule();
2075
2076#ifdef CONFIG_BT_RFCOMM_TTY
2077 rfcomm_cleanup_ttys();
2078#endif
2079
2080 rfcomm_cleanup_sockets();
1da177e4
LT		 2081}
2082
2083module_init(rfcomm_init);
2084module_exit(rfcomm_exit);
2085
7c2660b0
MH		 2086module_param(disable_cfc, bool, 0644);
2087MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2088
56f3a40a
MH		 2089module_param(l2cap_mtu, uint, 0644);
2090MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2091
1da177e4
LT		 2092MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
2093MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2094MODULE_VERSION(VERSION);
2095MODULE_LICENSE("GPL");
2096MODULE_ALIAS("bt-proto-3");
kernel source for telekom puls (alcatel/mediatek)