]> bbs.cooldavid.org Git - net-next-2.6.git/blame - net/bluetooth/rfcomm/core.c
git://bbs.cooldavid.org / net-next-2.6.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
iwlwifi: don't include iwl-dev.h from iwl-devtrace.h
[net-next-2.6.git] / net / bluetooth / rfcomm / core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
8e87d142
YH		 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 21 SOFTWARE IS DISCLAIMED.
22*/
23
1da177e4
LT		 24/*
25 * Bluetooth RFCOMM core.
1da177e4
LT		 26 */
27
1da177e4
LT		 28#include <linux/module.h>
29#include <linux/errno.h>
30#include <linux/kernel.h>
31#include <linux/sched.h>
32#include <linux/signal.h>
33#include <linux/init.h>
34#include <linux/wait.h>
be9d1227 35#include <linux/device.h>
aef7d97c
MH		 36#include <linux/debugfs.h>
37#include <linux/seq_file.h>
1da177e4 38#include <linux/net.h>
4a3e2f71 39#include <linux/mutex.h>
a524eccc 40#include <linux/kthread.h>
4a3e2f71 41
1da177e4
LT		 42#include <net/sock.h>
43#include <asm/uaccess.h>
44#include <asm/unaligned.h>
45
46#include <net/bluetooth/bluetooth.h>
47#include <net/bluetooth/hci_core.h>
48#include <net/bluetooth/l2cap.h>
49#include <net/bluetooth/rfcomm.h>
50
5f9018af 51#define VERSION "1.11"
56f3a40a 52
7c2660b0 53static int disable_cfc = 0;
98bcd08b 54static int channel_mtu = -1;
56f3a40a 55static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
eae38eed 56static int l2cap_ertm = 0;
56f3a40a 57
1da177e4
LT		 58static struct task_struct *rfcomm_thread;
59
4a3e2f71
AV		 60static DEFINE_MUTEX(rfcomm_mutex);
61#define rfcomm_lock() mutex_lock(&rfcomm_mutex)
62#define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
1da177e4
LT		 63
64static unsigned long rfcomm_event;
65
66static LIST_HEAD(session_list);
1da177e4
LT		 67
68static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
69static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
70static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
71static int rfcomm_queue_disc(struct rfcomm_dlc *d);
72static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
73static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
74static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
75static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
76static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
77static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
78
79static void rfcomm_process_connect(struct rfcomm_session *s);
80
81static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
82static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
83static void rfcomm_session_del(struct rfcomm_session *s);
84
85/* ---- RFCOMM frame parsing macros ---- */
86#define __get_dlci(b) ((b & 0xfc) >> 2)
87#define __get_channel(b) ((b & 0xf8) >> 3)
88#define __get_dir(b) ((b & 0x04) >> 2)
89#define __get_type(b) ((b & 0xef))
90
91#define __test_ea(b) ((b & 0x01))
92#define __test_cr(b) ((b & 0x02))
93#define __test_pf(b) ((b & 0x10))
94
95#define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
96#define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
97#define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
98#define __srv_channel(dlci) (dlci >> 1)
99#define __dir(dlci) (dlci & 0x01)
100
101#define __len8(len) (((len) << 1) | 1)
102#define __len16(len) ((len) << 1)
103
104/* MCC macros */
105#define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
106#define __get_mcc_type(b) ((b & 0xfc) >> 2)
107#define __get_mcc_len(b) ((b & 0xfe) >> 1)
108
109/* RPN macros */
3a5e903c 110#define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
1da177e4
LT		 111#define __get_rpn_data_bits(line) ((line) & 0x3)
112#define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
3a5e903c 113#define __get_rpn_parity(line) (((line) >> 3) & 0x7)
1da177e4
LT		 114
115static inline void rfcomm_schedule(uint event)
116{
117 if (!rfcomm_thread)
118 return;
119 //set_bit(event, &rfcomm_event);
120 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
121 wake_up_process(rfcomm_thread);
122}
123
124static inline void rfcomm_session_put(struct rfcomm_session *s)
125{
126 if (atomic_dec_and_test(&s->refcnt))
127 rfcomm_session_del(s);
128}
129
130/* ---- RFCOMM FCS computation ---- */
131
408c1ce2 132/* reversed, 8-bit, poly=0x07 */
8e87d142 133static unsigned char rfcomm_crc_table[256] = {
408c1ce2
MH		 134 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
135 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
136 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
137 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
138
139 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
140 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
141 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
142 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
143
144 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
145 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
146 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
147 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
148
149 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
150 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
151 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
152 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
153
154 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
155 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
156 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
157 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
158
159 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
160 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
161 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
162 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
163
164 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
165 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
166 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
167 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
168
169 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
170 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
171 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
172 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
173};
174
1da177e4
LT		 175/* CRC on 2 bytes */
176#define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
177
8e87d142 178/* FCS on 2 bytes */
1da177e4
LT		 179static inline u8 __fcs(u8 *data)
180{
181 return (0xff - __crc(data));
182}
183
8e87d142 184/* FCS on 3 bytes */
1da177e4
LT		 185static inline u8 __fcs2(u8 *data)
186{
187 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
188}
189
190/* Check FCS */
191static inline int __check_fcs(u8 *data, int type, u8 fcs)
192{
193 u8 f = __crc(data);
194
195 if (type != RFCOMM_UIH)
196 f = rfcomm_crc_table[f ^ data[2]];
197
198 return rfcomm_crc_table[f ^ fcs] != 0xcf;
199}
200
201/* ---- L2CAP callbacks ---- */
202static void rfcomm_l2state_change(struct sock *sk)
203{
204 BT_DBG("%p state %d", sk, sk->sk_state);
205 rfcomm_schedule(RFCOMM_SCHED_STATE);
206}
207
208static void rfcomm_l2data_ready(struct sock *sk, int bytes)
209{
210 BT_DBG("%p bytes %d", sk, bytes);
211 rfcomm_schedule(RFCOMM_SCHED_RX);
212}
213
214static int rfcomm_l2sock_create(struct socket **sock)
215{
216 int err;
217
218 BT_DBG("");
219
220 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
221 if (!err) {
222 struct sock *sk = (*sock)->sk;
223 sk->sk_data_ready = rfcomm_l2data_ready;
224 sk->sk_state_change = rfcomm_l2state_change;
225 }
226 return err;
227}
228
9f2c8a03 229static inline int rfcomm_check_security(struct rfcomm_dlc *d)
77db1980
MH		 230{
231 struct sock *sk = d->session->sock->sk;
0684e5f9
MH		 232 __u8 auth_type;
233
234 switch (d->sec_level) {
235 case BT_SECURITY_HIGH:
236 auth_type = HCI_AT_GENERAL_BONDING_MITM;
237 break;
238 case BT_SECURITY_MEDIUM:
239 auth_type = HCI_AT_GENERAL_BONDING;
240 break;
241 default:
242 auth_type = HCI_AT_NO_BONDING;
243 break;
244 }
77db1980 245
0684e5f9
MH		 246 return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level,
247 auth_type);
77db1980
MH		 248}
249
9e726b17
LAD		 250static void rfcomm_session_timeout(unsigned long arg)
251{
252 struct rfcomm_session *s = (void *) arg;
253
254 BT_DBG("session %p state %ld", s, s->state);
255
256 set_bit(RFCOMM_TIMED_OUT, &s->flags);
9e726b17
LAD		 257 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
258}
259
260static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
261{
262 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
263
264 if (!mod_timer(&s->timer, jiffies + timeout))
265 rfcomm_session_hold(s);
266}
267
268static void rfcomm_session_clear_timer(struct rfcomm_session *s)
269{
270 BT_DBG("session %p state %ld", s, s->state);
271
272 if (timer_pending(&s->timer) && del_timer(&s->timer))
273 rfcomm_session_put(s);
274}
275
1da177e4
LT		 276/* ---- RFCOMM DLCs ---- */
277static void rfcomm_dlc_timeout(unsigned long arg)
278{
279 struct rfcomm_dlc *d = (void *) arg;
280
281 BT_DBG("dlc %p state %ld", d, d->state);
282
283 set_bit(RFCOMM_TIMED_OUT, &d->flags);
284 rfcomm_dlc_put(d);
285 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
286}
287
288static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
289{
290 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
291
292 if (!mod_timer(&d->timer, jiffies + timeout))
293 rfcomm_dlc_hold(d);
294}
295
296static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
297{
298 BT_DBG("dlc %p state %ld", d, d->state);
299
300 if (timer_pending(&d->timer) && del_timer(&d->timer))
301 rfcomm_dlc_put(d);
302}
303
304static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
305{
306 BT_DBG("%p", d);
307
308 d->state = BT_OPEN;
309 d->flags = 0;
310 d->mscex = 0;
311 d->mtu = RFCOMM_DEFAULT_MTU;
312 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
313
314 d->cfc = RFCOMM_CFC_DISABLED;
315 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
316}
317
dd0fc66f 318struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
1da177e4 319{
25ea6db0
MH		 320 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
321
1da177e4
LT		 322 if (!d)
323 return NULL;
1da177e4 324
b24b8a24 325 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
1da177e4
LT		 326
327 skb_queue_head_init(&d->tx_queue);
328 spin_lock_init(&d->lock);
329 atomic_set(&d->refcnt, 1);
330
331 rfcomm_dlc_clear_state(d);
8e87d142 332
1da177e4 333 BT_DBG("%p", d);
25ea6db0 334
1da177e4
LT		 335 return d;
336}
337
338void rfcomm_dlc_free(struct rfcomm_dlc *d)
339{
340 BT_DBG("%p", d);
341
342 skb_queue_purge(&d->tx_queue);
343 kfree(d);
344}
345
346static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
347{
348 BT_DBG("dlc %p session %p", d, s);
349
350 rfcomm_session_hold(s);
351
9e726b17 352 rfcomm_session_clear_timer(s);
1da177e4
LT		 353 rfcomm_dlc_hold(d);
354 list_add(&d->list, &s->dlcs);
355 d->session = s;
356}
357
358static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
359{
360 struct rfcomm_session *s = d->session;
361
362 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
363
364 list_del(&d->list);
365 d->session = NULL;
366 rfcomm_dlc_put(d);
367
9e726b17
LAD		 368 if (list_empty(&s->dlcs))
369 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
370
1da177e4
LT		 371 rfcomm_session_put(s);
372}
373
374static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
375{
376 struct rfcomm_dlc *d;
377 struct list_head *p;
378
379 list_for_each(p, &s->dlcs) {
380 d = list_entry(p, struct rfcomm_dlc, list);
381 if (d->dlci == dlci)
382 return d;
383 }
384 return NULL;
385}
386
387static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
388{
389 struct rfcomm_session *s;
390 int err = 0;
391 u8 dlci;
392
8e87d142 393 BT_DBG("dlc %p state %ld %s %s channel %d",
1da177e4
LT		 394 d, d->state, batostr(src), batostr(dst), channel);
395
396 if (channel < 1 || channel > 30)
397 return -EINVAL;
398
399 if (d->state != BT_OPEN && d->state != BT_CLOSED)
400 return 0;
401
402 s = rfcomm_session_get(src, dst);
403 if (!s) {
404 s = rfcomm_session_create(src, dst, &err);
405 if (!s)
406 return err;
407 }
408
409 dlci = __dlci(!s->initiator, channel);
410
411 /* Check if DLCI already exists */
412 if (rfcomm_dlc_get(s, dlci))
413 return -EBUSY;
414
415 rfcomm_dlc_clear_state(d);
416
417 d->dlci = dlci;
418 d->addr = __addr(s->initiator, dlci);
419 d->priority = 7;
420
77db1980 421 d->state = BT_CONFIG;
1da177e4
LT		 422 rfcomm_dlc_link(s, d);
423
77db1980
MH		 424 d->out = 1;
425
1da177e4
LT		 426 d->mtu = s->mtu;
427 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
428
77db1980 429 if (s->state == BT_CONNECTED) {
9f2c8a03 430 if (rfcomm_check_security(d))
77db1980 431 rfcomm_send_pn(s, 1, d);
8c1b2355
MH		 432 else
433 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
77db1980
MH		 434 }
435
1da177e4 436 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
77db1980 437
1da177e4
LT		 438 return 0;
439}
440
441int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
442{
443 int r;
444
445 rfcomm_lock();
446
447 r = __rfcomm_dlc_open(d, src, dst, channel);
448
449 rfcomm_unlock();
450 return r;
451}
452
453static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
454{
455 struct rfcomm_session *s = d->session;
456 if (!s)
457 return 0;
458
459 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
460 d, d->state, d->dlci, err, s);
461
462 switch (d->state) {
1da177e4 463 case BT_CONNECT:
bb23c0ab
MH		 464 case BT_CONFIG:
465 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
466 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
467 rfcomm_schedule(RFCOMM_SCHED_AUTH);
468 break;
469 }
470 /* Fall through */
471
472 case BT_CONNECTED:
1da177e4
LT		 473 d->state = BT_DISCONN;
474 if (skb_queue_empty(&d->tx_queue)) {
475 rfcomm_send_disc(s, d->dlci);
476 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
477 } else {
478 rfcomm_queue_disc(d);
479 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
480 }
481 break;
482
bb23c0ab 483 case BT_OPEN:
8bf47941 484 case BT_CONNECT2:
bb23c0ab
MH		 485 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
486 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
487 rfcomm_schedule(RFCOMM_SCHED_AUTH);
488 break;
489 }
490 /* Fall through */
491
1da177e4
LT		 492 default:
493 rfcomm_dlc_clear_timer(d);
494
495 rfcomm_dlc_lock(d);
496 d->state = BT_CLOSED;
1905f6c7 497 d->state_change(d, err);
4c8411f8 498 rfcomm_dlc_unlock(d);
1da177e4
LT		 499
500 skb_queue_purge(&d->tx_queue);
1da177e4
LT		 501 rfcomm_dlc_unlink(d);
502 }
503
504 return 0;
505}
506
507int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
508{
509 int r;
510
511 rfcomm_lock();
512
513 r = __rfcomm_dlc_close(d, err);
514
515 rfcomm_unlock();
516 return r;
517}
518
519int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
520{
521 int len = skb->len;
522
523 if (d->state != BT_CONNECTED)
524 return -ENOTCONN;
525
526 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
527
528 if (len > d->mtu)
529 return -EINVAL;
530
531 rfcomm_make_uih(skb, d->addr);
532 skb_queue_tail(&d->tx_queue, skb);
533
534 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
535 rfcomm_schedule(RFCOMM_SCHED_TX);
536 return len;
537}
538
b5606c2d 539void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
1da177e4
LT		 540{
541 BT_DBG("dlc %p state %ld", d, d->state);
542
543 if (!d->cfc) {
544 d->v24_sig |= RFCOMM_V24_FC;
545 set_bit(RFCOMM_MSC_PENDING, &d->flags);
546 }
547 rfcomm_schedule(RFCOMM_SCHED_TX);
548}
549
b5606c2d 550void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
1da177e4
LT		 551{
552 BT_DBG("dlc %p state %ld", d, d->state);
553
554 if (!d->cfc) {
555 d->v24_sig &= ~RFCOMM_V24_FC;
556 set_bit(RFCOMM_MSC_PENDING, &d->flags);
557 }
558 rfcomm_schedule(RFCOMM_SCHED_TX);
559}
560
8e87d142 561/*
1da177e4
LT		 562 Set/get modem status functions use _local_ status i.e. what we report
563 to the other side.
564 Remote status is provided by dlc->modem_status() callback.
565 */
566int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
567{
8e87d142 568 BT_DBG("dlc %p state %ld v24_sig 0x%x",
1da177e4
LT		 569 d, d->state, v24_sig);
570
571 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
572 v24_sig |= RFCOMM_V24_FC;
573 else
574 v24_sig &= ~RFCOMM_V24_FC;
8e87d142 575
1da177e4
LT		 576 d->v24_sig = v24_sig;
577
578 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
579 rfcomm_schedule(RFCOMM_SCHED_TX);
580
581 return 0;
582}
583
584int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
585{
8e87d142 586 BT_DBG("dlc %p state %ld v24_sig 0x%x",
1da177e4
LT		 587 d, d->state, d->v24_sig);
588
589 *v24_sig = d->v24_sig;
590 return 0;
591}
592
593/* ---- RFCOMM sessions ---- */
594static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
595{
25ea6db0
MH		 596 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
597
1da177e4
LT		 598 if (!s)
599 return NULL;
1da177e4
LT		 600
601 BT_DBG("session %p sock %p", s, sock);
602
9e726b17
LAD		 603 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
604
1da177e4
LT		 605 INIT_LIST_HEAD(&s->dlcs);
606 s->state = state;
607 s->sock = sock;
608
609 s->mtu = RFCOMM_DEFAULT_MTU;
7c2660b0 610 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
1da177e4
LT		 611
612 /* Do not increment module usage count for listening sessions.
613 * Otherwise we won't be able to unload the module. */
614 if (state != BT_LISTEN)
615 if (!try_module_get(THIS_MODULE)) {
616 kfree(s);
617 return NULL;
618 }
619
620 list_add(&s->list, &session_list);
621
622 return s;
623}
624
625static void rfcomm_session_del(struct rfcomm_session *s)
626{
627 int state = s->state;
628
629 BT_DBG("session %p state %ld", s, s->state);
630
631 list_del(&s->list);
632
633 if (state == BT_CONNECTED)
634 rfcomm_send_disc(s, 0);
635
9e726b17 636 rfcomm_session_clear_timer(s);
1da177e4
LT		 637 sock_release(s->sock);
638 kfree(s);
639
640 if (state != BT_LISTEN)
641 module_put(THIS_MODULE);
642}
643
644static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
645{
646 struct rfcomm_session *s;
647 struct list_head *p, *n;
648 struct bt_sock *sk;
649 list_for_each_safe(p, n, &session_list) {
650 s = list_entry(p, struct rfcomm_session, list);
8e87d142 651 sk = bt_sk(s->sock->sk);
1da177e4
LT		 652
653 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
654 !bacmp(&sk->dst, dst))
655 return s;
656 }
657 return NULL;
658}
659
660static void rfcomm_session_close(struct rfcomm_session *s, int err)
661{
662 struct rfcomm_dlc *d;
663 struct list_head *p, *n;
664
665 BT_DBG("session %p state %ld err %d", s, s->state, err);
666
667 rfcomm_session_hold(s);
668
669 s->state = BT_CLOSED;
670
671 /* Close all dlcs */
672 list_for_each_safe(p, n, &s->dlcs) {
673 d = list_entry(p, struct rfcomm_dlc, list);
674 d->state = BT_CLOSED;
675 __rfcomm_dlc_close(d, err);
676 }
677
9e726b17 678 rfcomm_session_clear_timer(s);
1da177e4
LT		 679 rfcomm_session_put(s);
680}
681
682static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
683{
684 struct rfcomm_session *s = NULL;
685 struct sockaddr_l2 addr;
686 struct socket *sock;
687 struct sock *sk;
688
689 BT_DBG("%s %s", batostr(src), batostr(dst));
690
691 *err = rfcomm_l2sock_create(&sock);
692 if (*err < 0)
693 return NULL;
694
695 bacpy(&addr.l2_bdaddr, src);
696 addr.l2_family = AF_BLUETOOTH;
697 addr.l2_psm = 0;
37e62f55 698 addr.l2_cid = 0;
48db9ca4 699 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1da177e4
LT		 700 if (*err < 0)
701 goto failed;
702
703 /* Set L2CAP options */
704 sk = sock->sk;
705 lock_sock(sk);
56f3a40a 706 l2cap_pi(sk)->imtu = l2cap_mtu;
eae38eed
MH		 707 if (l2cap_ertm)
708 l2cap_pi(sk)->mode = L2CAP_MODE_ERTM;
1da177e4
LT		 709 release_sock(sk);
710
711 s = rfcomm_session_add(sock, BT_BOUND);
712 if (!s) {
713 *err = -ENOMEM;
714 goto failed;
715 }
716
1da177e4
LT		 717 s->initiator = 1;
718
719 bacpy(&addr.l2_bdaddr, dst);
720 addr.l2_family = AF_BLUETOOTH;
b4324b5d 721 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
37e62f55 722 addr.l2_cid = 0;
48db9ca4 723 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
b4c612a4 724 if (*err == 0 || *err == -EINPROGRESS)
1da177e4
LT		 725 return s;
726
727 rfcomm_session_del(s);
728 return NULL;
729
730failed:
731 sock_release(sock);
732 return NULL;
733}
734
735void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
736{
737 struct sock *sk = s->sock->sk;
738 if (src)
739 bacpy(src, &bt_sk(sk)->src);
740 if (dst)
741 bacpy(dst, &bt_sk(sk)->dst);
742}
743
744/* ---- RFCOMM frame sending ---- */
745static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
746{
747 struct socket *sock = s->sock;
748 struct kvec iv = { data, len };
749 struct msghdr msg;
750
751 BT_DBG("session %p len %d", s, len);
752
753 memset(&msg, 0, sizeof(msg));
754
755 return kernel_sendmsg(sock, &msg, &iv, 1, len);
756}
757
758static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
759{
760 struct rfcomm_cmd cmd;
761
762 BT_DBG("%p dlci %d", s, dlci);
763
764 cmd.addr = __addr(s->initiator, dlci);
765 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
766 cmd.len = __len8(0);
767 cmd.fcs = __fcs2((u8 *) &cmd);
768
769 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
770}
771
772static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
773{
774 struct rfcomm_cmd cmd;
775
776 BT_DBG("%p dlci %d", s, dlci);
777
778 cmd.addr = __addr(!s->initiator, dlci);
779 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
780 cmd.len = __len8(0);
781 cmd.fcs = __fcs2((u8 *) &cmd);
782
783 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
784}
785
786static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
787{
788 struct rfcomm_cmd cmd;
789
790 BT_DBG("%p dlci %d", s, dlci);
791
792 cmd.addr = __addr(s->initiator, dlci);
793 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
794 cmd.len = __len8(0);
795 cmd.fcs = __fcs2((u8 *) &cmd);
796
797 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
798}
799
800static int rfcomm_queue_disc(struct rfcomm_dlc *d)
801{
802 struct rfcomm_cmd *cmd;
803 struct sk_buff *skb;
804
805 BT_DBG("dlc %p dlci %d", d, d->dlci);
806
807 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
808 if (!skb)
809 return -ENOMEM;
810
811 cmd = (void *) __skb_put(skb, sizeof(*cmd));
812 cmd->addr = d->addr;
813 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
814 cmd->len = __len8(0);
815 cmd->fcs = __fcs2((u8 *) cmd);
816
817 skb_queue_tail(&d->tx_queue, skb);
818 rfcomm_schedule(RFCOMM_SCHED_TX);
819 return 0;
820}
821
822static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
823{
824 struct rfcomm_cmd cmd;
825
826 BT_DBG("%p dlci %d", s, dlci);
827
828 cmd.addr = __addr(!s->initiator, dlci);
829 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
830 cmd.len = __len8(0);
831 cmd.fcs = __fcs2((u8 *) &cmd);
832
833 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
834}
835
836static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
837{
838 struct rfcomm_hdr *hdr;
839 struct rfcomm_mcc *mcc;
840 u8 buf[16], *ptr = buf;
841
842 BT_DBG("%p cr %d type %d", s, cr, type);
843
844 hdr = (void *) ptr; ptr += sizeof(*hdr);
845 hdr->addr = __addr(s->initiator, 0);
846 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
847 hdr->len = __len8(sizeof(*mcc) + 1);
848
849 mcc = (void *) ptr; ptr += sizeof(*mcc);
850 mcc->type = __mcc_type(cr, RFCOMM_NSC);
851 mcc->len = __len8(1);
852
853 /* Type that we didn't like */
854 *ptr = __mcc_type(cr, type); ptr++;
855
856 *ptr = __fcs(buf); ptr++;
857
858 return rfcomm_send_frame(s, buf, ptr - buf);
859}
860
861static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
862{
863 struct rfcomm_hdr *hdr;
864 struct rfcomm_mcc *mcc;
865 struct rfcomm_pn *pn;
866 u8 buf[16], *ptr = buf;
867
868 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
869
870 hdr = (void *) ptr; ptr += sizeof(*hdr);
871 hdr->addr = __addr(s->initiator, 0);
872 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
873 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
874
875 mcc = (void *) ptr; ptr += sizeof(*mcc);
876 mcc->type = __mcc_type(cr, RFCOMM_PN);
877 mcc->len = __len8(sizeof(*pn));
878
879 pn = (void *) ptr; ptr += sizeof(*pn);
880 pn->dlci = d->dlci;
881 pn->priority = d->priority;
882 pn->ack_timer = 0;
883 pn->max_retrans = 0;
884
885 if (s->cfc) {
886 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
887 pn->credits = RFCOMM_DEFAULT_CREDITS;
888 } else {
889 pn->flow_ctrl = 0;
890 pn->credits = 0;
891 }
892
98bcd08b 893 if (cr && channel_mtu >= 0)
b4324b5d 894 pn->mtu = cpu_to_le16(channel_mtu);
98bcd08b 895 else
b4324b5d 896 pn->mtu = cpu_to_le16(d->mtu);
1da177e4
LT		 897
898 *ptr = __fcs(buf); ptr++;
899
900 return rfcomm_send_frame(s, buf, ptr - buf);
901}
902
3a5e903c
S		 903int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
904 u8 bit_rate, u8 data_bits, u8 stop_bits,
8e87d142 905 u8 parity, u8 flow_ctrl_settings,
3a5e903c 906 u8 xon_char, u8 xoff_char, u16 param_mask)
1da177e4
LT		 907{
908 struct rfcomm_hdr *hdr;
909 struct rfcomm_mcc *mcc;
910 struct rfcomm_rpn *rpn;
911 u8 buf[16], *ptr = buf;
912
913 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
8e87d142
YH		 914 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
915 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
3a5e903c 916 flow_ctrl_settings, xon_char, xoff_char, param_mask);
1da177e4
LT		 917
918 hdr = (void *) ptr; ptr += sizeof(*hdr);
919 hdr->addr = __addr(s->initiator, 0);
920 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
921 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
922
923 mcc = (void *) ptr; ptr += sizeof(*mcc);
924 mcc->type = __mcc_type(cr, RFCOMM_RPN);
925 mcc->len = __len8(sizeof(*rpn));
926
927 rpn = (void *) ptr; ptr += sizeof(*rpn);
928 rpn->dlci = __addr(1, dlci);
929 rpn->bit_rate = bit_rate;
930 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
931 rpn->flow_ctrl = flow_ctrl_settings;
932 rpn->xon_char = xon_char;
933 rpn->xoff_char = xoff_char;
e8db8c99 934 rpn->param_mask = cpu_to_le16(param_mask);
1da177e4
LT		 935
936 *ptr = __fcs(buf); ptr++;
937
938 return rfcomm_send_frame(s, buf, ptr - buf);
939}
940
941static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
942{
943 struct rfcomm_hdr *hdr;
944 struct rfcomm_mcc *mcc;
945 struct rfcomm_rls *rls;
946 u8 buf[16], *ptr = buf;
947
948 BT_DBG("%p cr %d status 0x%x", s, cr, status);
949
950 hdr = (void *) ptr; ptr += sizeof(*hdr);
951 hdr->addr = __addr(s->initiator, 0);
952 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
953 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
954
955 mcc = (void *) ptr; ptr += sizeof(*mcc);
956 mcc->type = __mcc_type(cr, RFCOMM_RLS);
957 mcc->len = __len8(sizeof(*rls));
958
959 rls = (void *) ptr; ptr += sizeof(*rls);
960 rls->dlci = __addr(1, dlci);
961 rls->status = status;
962
963 *ptr = __fcs(buf); ptr++;
964
965 return rfcomm_send_frame(s, buf, ptr - buf);
966}
967
968static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
969{
970 struct rfcomm_hdr *hdr;
971 struct rfcomm_mcc *mcc;
972 struct rfcomm_msc *msc;
973 u8 buf[16], *ptr = buf;
974
975 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
976
977 hdr = (void *) ptr; ptr += sizeof(*hdr);
978 hdr->addr = __addr(s->initiator, 0);
979 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
980 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
981
982 mcc = (void *) ptr; ptr += sizeof(*mcc);
983 mcc->type = __mcc_type(cr, RFCOMM_MSC);
984 mcc->len = __len8(sizeof(*msc));
985
986 msc = (void *) ptr; ptr += sizeof(*msc);
987 msc->dlci = __addr(1, dlci);
988 msc->v24_sig = v24_sig | 0x01;
989
990 *ptr = __fcs(buf); ptr++;
991
992 return rfcomm_send_frame(s, buf, ptr - buf);
993}
994
995static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
996{
997 struct rfcomm_hdr *hdr;
998 struct rfcomm_mcc *mcc;
999 u8 buf[16], *ptr = buf;
1000
1001 BT_DBG("%p cr %d", s, cr);
1002
1003 hdr = (void *) ptr; ptr += sizeof(*hdr);
1004 hdr->addr = __addr(s->initiator, 0);
1005 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1006 hdr->len = __len8(sizeof(*mcc));
1007
1008 mcc = (void *) ptr; ptr += sizeof(*mcc);
1009 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1010 mcc->len = __len8(0);
1011
1012 *ptr = __fcs(buf); ptr++;
1013
1014 return rfcomm_send_frame(s, buf, ptr - buf);
1015}
1016
1017static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1018{
1019 struct rfcomm_hdr *hdr;
1020 struct rfcomm_mcc *mcc;
1021 u8 buf[16], *ptr = buf;
1022
1023 BT_DBG("%p cr %d", s, cr);
1024
1025 hdr = (void *) ptr; ptr += sizeof(*hdr);
1026 hdr->addr = __addr(s->initiator, 0);
1027 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1028 hdr->len = __len8(sizeof(*mcc));
1029
1030 mcc = (void *) ptr; ptr += sizeof(*mcc);
1031 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1032 mcc->len = __len8(0);
1033
1034 *ptr = __fcs(buf); ptr++;
1035
1036 return rfcomm_send_frame(s, buf, ptr - buf);
1037}
1038
1039static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1040{
1041 struct socket *sock = s->sock;
1042 struct kvec iv[3];
1043 struct msghdr msg;
1044 unsigned char hdr[5], crc[1];
1045
1046 if (len > 125)
1047 return -EINVAL;
1048
1049 BT_DBG("%p cr %d", s, cr);
1050
1051 hdr[0] = __addr(s->initiator, 0);
1052 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1053 hdr[2] = 0x01 | ((len + 2) << 1);
1054 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1055 hdr[4] = 0x01 | (len << 1);
1056
1057 crc[0] = __fcs(hdr);
1058
1059 iv[0].iov_base = hdr;
1060 iv[0].iov_len = 5;
1061 iv[1].iov_base = pattern;
1062 iv[1].iov_len = len;
1063 iv[2].iov_base = crc;
1064 iv[2].iov_len = 1;
1065
1066 memset(&msg, 0, sizeof(msg));
1067
1068 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1069}
1070
1071static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1072{
1073 struct rfcomm_hdr *hdr;
1074 u8 buf[16], *ptr = buf;
1075
1076 BT_DBG("%p addr %d credits %d", s, addr, credits);
1077
1078 hdr = (void *) ptr; ptr += sizeof(*hdr);
1079 hdr->addr = addr;
1080 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1081 hdr->len = __len8(0);
1082
1083 *ptr = credits; ptr++;
1084
1085 *ptr = __fcs(buf); ptr++;
1086
1087 return rfcomm_send_frame(s, buf, ptr - buf);
1088}
1089
1090static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1091{
1092 struct rfcomm_hdr *hdr;
1093 int len = skb->len;
1094 u8 *crc;
1095
1096 if (len > 127) {
1097 hdr = (void *) skb_push(skb, 4);
b4324b5d 1098 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1da177e4
LT		 1099 } else {
1100 hdr = (void *) skb_push(skb, 3);
1101 hdr->len = __len8(len);
1102 }
1103 hdr->addr = addr;
1104 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1105
1106 crc = skb_put(skb, 1);
1107 *crc = __fcs((void *) hdr);
1108}
1109
1110/* ---- RFCOMM frame reception ---- */
1111static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1112{
1113 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1114
1115 if (dlci) {
1116 /* Data channel */
1117 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1118 if (!d) {
1119 rfcomm_send_dm(s, dlci);
1120 return 0;
1121 }
1122
1123 switch (d->state) {
1124 case BT_CONNECT:
1125 rfcomm_dlc_clear_timer(d);
1126
1127 rfcomm_dlc_lock(d);
1128 d->state = BT_CONNECTED;
1129 d->state_change(d, 0);
1130 rfcomm_dlc_unlock(d);
1131
1132 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1133 break;
1134
1135 case BT_DISCONN:
1136 d->state = BT_CLOSED;
1137 __rfcomm_dlc_close(d, 0);
9cf5b0ea
MH		 1138
1139 if (list_empty(&s->dlcs)) {
1140 s->state = BT_DISCONN;
1141 rfcomm_send_disc(s, 0);
1142 }
1143
1da177e4
LT		 1144 break;
1145 }
1146 } else {
1147 /* Control channel */
1148 switch (s->state) {
1149 case BT_CONNECT:
1150 s->state = BT_CONNECTED;
1151 rfcomm_process_connect(s);
1152 break;
9cf5b0ea
MH		 1153
1154 case BT_DISCONN:
6c2718da
NP		 1155 /* When socket is closed and we are not RFCOMM
1156 * initiator rfcomm_process_rx already calls
1157 * rfcomm_session_put() */
1158 if (s->sock->sk->sk_state != BT_CLOSED)
1159 rfcomm_session_put(s);
9cf5b0ea 1160 break;
1da177e4
LT		 1161 }
1162 }
1163 return 0;
1164}
1165
1166static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1167{
1168 int err = 0;
1169
1170 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1171
1172 if (dlci) {
1173 /* Data DLC */
1174 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1175 if (d) {
1176 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1177 err = ECONNREFUSED;
1178 else
1179 err = ECONNRESET;
1180
1181 d->state = BT_CLOSED;
1182 __rfcomm_dlc_close(d, err);
1183 }
1184 } else {
1185 if (s->state == BT_CONNECT)
1186 err = ECONNREFUSED;
1187 else
1188 err = ECONNRESET;
1189
1190 s->state = BT_CLOSED;
1191 rfcomm_session_close(s, err);
1192 }
1193 return 0;
1194}
1195
1196static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1197{
1198 int err = 0;
1199
1200 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1201
1202 if (dlci) {
1203 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1204 if (d) {
1205 rfcomm_send_ua(s, dlci);
1206
1207 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1208 err = ECONNREFUSED;
1209 else
1210 err = ECONNRESET;
1211
1212 d->state = BT_CLOSED;
1213 __rfcomm_dlc_close(d, err);
8e87d142 1214 } else
1da177e4 1215 rfcomm_send_dm(s, dlci);
8e87d142 1216
1da177e4
LT		 1217 } else {
1218 rfcomm_send_ua(s, 0);
1219
1220 if (s->state == BT_CONNECT)
1221 err = ECONNREFUSED;
1222 else
1223 err = ECONNRESET;
1224
1225 s->state = BT_CLOSED;
1226 rfcomm_session_close(s, err);
1227 }
1228
1229 return 0;
1230}
1231
bb23c0ab 1232void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1da177e4 1233{
300b9397
MH		 1234 struct sock *sk = d->session->sock->sk;
1235
1da177e4
LT		 1236 BT_DBG("dlc %p", d);
1237
1238 rfcomm_send_ua(d->session, d->dlci);
1239
e2139b32
JH		 1240 rfcomm_dlc_clear_timer(d);
1241
1da177e4
LT		 1242 rfcomm_dlc_lock(d);
1243 d->state = BT_CONNECTED;
1244 d->state_change(d, 0);
1245 rfcomm_dlc_unlock(d);
1246
9f2c8a03 1247 if (d->role_switch)
300b9397
MH		 1248 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);
1249
1da177e4
LT		 1250 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1251}
1252
bb23c0ab
MH		 1253static void rfcomm_check_accept(struct rfcomm_dlc *d)
1254{
9f2c8a03 1255 if (rfcomm_check_security(d)) {
bb23c0ab
MH		 1256 if (d->defer_setup) {
1257 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1258 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
8bf47941
MH		 1259
1260 rfcomm_dlc_lock(d);
1261 d->state = BT_CONNECT2;
1262 d->state_change(d, 0);
1263 rfcomm_dlc_unlock(d);
bb23c0ab
MH		 1264 } else
1265 rfcomm_dlc_accept(d);
8c1b2355
MH		 1266 } else {
1267 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1268 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
bb23c0ab
MH		 1269 }
1270}
1271
1da177e4
LT		 1272static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1273{
1274 struct rfcomm_dlc *d;
1275 u8 channel;
1276
1277 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1278
1279 if (!dlci) {
1280 rfcomm_send_ua(s, 0);
1281
1282 if (s->state == BT_OPEN) {
1283 s->state = BT_CONNECTED;
1284 rfcomm_process_connect(s);
1285 }
1286 return 0;
1287 }
1288
1289 /* Check if DLC exists */
1290 d = rfcomm_dlc_get(s, dlci);
1291 if (d) {
1292 if (d->state == BT_OPEN) {
1293 /* DLC was previously opened by PN request */
bb23c0ab 1294 rfcomm_check_accept(d);
1da177e4
LT		 1295 }
1296 return 0;
1297 }
1298
1299 /* Notify socket layer about incoming connection */
1300 channel = __srv_channel(dlci);
1301 if (rfcomm_connect_ind(s, channel, &d)) {
1302 d->dlci = dlci;
1303 d->addr = __addr(s->initiator, dlci);
1304 rfcomm_dlc_link(s, d);
1305
bb23c0ab 1306 rfcomm_check_accept(d);
1da177e4
LT		 1307 } else {
1308 rfcomm_send_dm(s, dlci);
1309 }
1310
1311 return 0;
1312}
1313
1314static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1315{
1316 struct rfcomm_session *s = d->session;
1317
8e87d142 1318 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1da177e4
LT		 1319 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1320
7c2660b0
MH		 1321 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1322 pn->flow_ctrl == 0xe0) {
1323 d->cfc = RFCOMM_CFC_ENABLED;
1da177e4
LT		 1324 d->tx_credits = pn->credits;
1325 } else {
7c2660b0 1326 d->cfc = RFCOMM_CFC_DISABLED;
1da177e4
LT		 1327 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1328 }
1329
7c2660b0
MH		 1330 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1331 s->cfc = d->cfc;
1332
1da177e4
LT		 1333 d->priority = pn->priority;
1334
b4324b5d 1335 d->mtu = __le16_to_cpu(pn->mtu);
98bcd08b
MH		 1336
1337 if (cr && d->mtu > s->mtu)
1338 d->mtu = s->mtu;
1da177e4
LT		 1339
1340 return 0;
1341}
1342
1343static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1344{
1345 struct rfcomm_pn *pn = (void *) skb->data;
1346 struct rfcomm_dlc *d;
1347 u8 dlci = pn->dlci;
1348
1349 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1350
1351 if (!dlci)
1352 return 0;
1353
1354 d = rfcomm_dlc_get(s, dlci);
1355 if (d) {
1356 if (cr) {
1357 /* PN request */
1358 rfcomm_apply_pn(d, cr, pn);
1359 rfcomm_send_pn(s, 0, d);
1360 } else {
1361 /* PN response */
1362 switch (d->state) {
1363 case BT_CONFIG:
1364 rfcomm_apply_pn(d, cr, pn);
1365
1366 d->state = BT_CONNECT;
1367 rfcomm_send_sabm(s, d->dlci);
1368 break;
1369 }
1370 }
1371 } else {
1372 u8 channel = __srv_channel(dlci);
1373
1374 if (!cr)
1375 return 0;
1376
1377 /* PN request for non existing DLC.
1378 * Assume incoming connection. */
1379 if (rfcomm_connect_ind(s, channel, &d)) {
1380 d->dlci = dlci;
1381 d->addr = __addr(s->initiator, dlci);
1382 rfcomm_dlc_link(s, d);
1383
1384 rfcomm_apply_pn(d, cr, pn);
1385
1386 d->state = BT_OPEN;
1387 rfcomm_send_pn(s, 0, d);
1388 } else {
1389 rfcomm_send_dm(s, dlci);
1390 }
1391 }
1392 return 0;
1393}
1394
1395static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1396{
1397 struct rfcomm_rpn *rpn = (void *) skb->data;
1398 u8 dlci = __get_dlci(rpn->dlci);
1399
1400 u8 bit_rate = 0;
1401 u8 data_bits = 0;
1402 u8 stop_bits = 0;
1403 u8 parity = 0;
1404 u8 flow_ctrl = 0;
1405 u8 xon_char = 0;
1406 u8 xoff_char = 0;
1407 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
3a5e903c
S		 1408
1409 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1410 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1411 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1412
1413 if (!cr)
1da177e4 1414 return 0;
3a5e903c 1415
1da177e4 1416 if (len == 1) {
3a5e903c 1417 /* This is a request, return default settings */
1da177e4
LT		 1418 bit_rate = RFCOMM_RPN_BR_115200;
1419 data_bits = RFCOMM_RPN_DATA_8;
1420 stop_bits = RFCOMM_RPN_STOP_1;
1421 parity = RFCOMM_RPN_PARITY_NONE;
1422 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1423 xon_char = RFCOMM_RPN_XON_CHAR;
1424 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1da177e4
LT		 1425 goto rpn_out;
1426 }
3a5e903c
S		 1427
1428 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1429 * no parity, no flow control lines, normal XON/XOFF chars */
1430
e8db8c99 1431 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1da177e4
LT		 1432 bit_rate = rpn->bit_rate;
1433 if (bit_rate != RFCOMM_RPN_BR_115200) {
1434 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1435 bit_rate = RFCOMM_RPN_BR_115200;
1436 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1437 }
1438 }
3a5e903c 1439
e8db8c99 1440 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1da177e4
LT		 1441 data_bits = __get_rpn_data_bits(rpn->line_settings);
1442 if (data_bits != RFCOMM_RPN_DATA_8) {
1443 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1444 data_bits = RFCOMM_RPN_DATA_8;
1445 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1446 }
1447 }
3a5e903c 1448
e8db8c99 1449 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1da177e4
LT		 1450 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1451 if (stop_bits != RFCOMM_RPN_STOP_1) {
1452 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1453 stop_bits = RFCOMM_RPN_STOP_1;
1454 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1455 }
1456 }
3a5e903c 1457
e8db8c99 1458 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1da177e4
LT		 1459 parity = __get_rpn_parity(rpn->line_settings);
1460 if (parity != RFCOMM_RPN_PARITY_NONE) {
1461 BT_DBG("RPN parity mismatch 0x%x", parity);
1462 parity = RFCOMM_RPN_PARITY_NONE;
1463 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1464 }
1465 }
3a5e903c 1466
e8db8c99 1467 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1da177e4
LT		 1468 flow_ctrl = rpn->flow_ctrl;
1469 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1470 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1471 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1472 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1473 }
1474 }
3a5e903c 1475
e8db8c99 1476 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1da177e4
LT		 1477 xon_char = rpn->xon_char;
1478 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1479 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1480 xon_char = RFCOMM_RPN_XON_CHAR;
1481 rpn_mask ^= RFCOMM_RPN_PM_XON;
1482 }
1483 }
3a5e903c 1484
e8db8c99 1485 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1da177e4
LT		 1486 xoff_char = rpn->xoff_char;
1487 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1488 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1489 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1490 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1491 }
1492 }
1493
1494rpn_out:
3a5e903c
S		 1495 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1496 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1da177e4
LT		 1497
1498 return 0;
1499}
1500
1501static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1502{
1503 struct rfcomm_rls *rls = (void *) skb->data;
1504 u8 dlci = __get_dlci(rls->dlci);
1505
1506 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
3a5e903c 1507
1da177e4
LT		 1508 if (!cr)
1509 return 0;
1510
3a5e903c
S		 1511 /* We should probably do something with this information here. But
1512 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1513 * mandatory to recognise and respond to RLS */
1da177e4
LT		 1514
1515 rfcomm_send_rls(s, 0, dlci, rls->status);
1516
1517 return 0;
1518}
1519
1520static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1521{
1522 struct rfcomm_msc *msc = (void *) skb->data;
1523 struct rfcomm_dlc *d;
1524 u8 dlci = __get_dlci(msc->dlci);
1525
1526 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1527
1528 d = rfcomm_dlc_get(s, dlci);
3a5e903c 1529 if (!d)
1da177e4
LT		 1530 return 0;
1531
1532 if (cr) {
1533 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1534 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1535 else
1536 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
3a5e903c 1537
1da177e4 1538 rfcomm_dlc_lock(d);
8b6b3da7
MH		 1539
1540 d->remote_v24_sig = msc->v24_sig;
1541
1da177e4
LT		 1542 if (d->modem_status)
1543 d->modem_status(d, msc->v24_sig);
8b6b3da7 1544
1da177e4 1545 rfcomm_dlc_unlock(d);
8e87d142 1546
1da177e4
LT		 1547 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1548
1549 d->mscex |= RFCOMM_MSCEX_RX;
3a5e903c 1550 } else
1da177e4
LT		 1551 d->mscex |= RFCOMM_MSCEX_TX;
1552
1553 return 0;
1554}
1555
1556static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1557{
1558 struct rfcomm_mcc *mcc = (void *) skb->data;
1559 u8 type, cr, len;
1560
1561 cr = __test_cr(mcc->type);
1562 type = __get_mcc_type(mcc->type);
1563 len = __get_mcc_len(mcc->len);
1564
1565 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1566
1567 skb_pull(skb, 2);
1568
1569 switch (type) {
1570 case RFCOMM_PN:
1571 rfcomm_recv_pn(s, cr, skb);
1572 break;
1573
1574 case RFCOMM_RPN:
1575 rfcomm_recv_rpn(s, cr, len, skb);
1576 break;
1577
1578 case RFCOMM_RLS:
1579 rfcomm_recv_rls(s, cr, skb);
1580 break;
1581
1582 case RFCOMM_MSC:
1583 rfcomm_recv_msc(s, cr, skb);
1584 break;
1585
1586 case RFCOMM_FCOFF:
1587 if (cr) {
1588 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1589 rfcomm_send_fcoff(s, 0);
1590 }
1591 break;
1592
1593 case RFCOMM_FCON:
1594 if (cr) {
1595 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1596 rfcomm_send_fcon(s, 0);
1597 }
1598 break;
1599
1600 case RFCOMM_TEST:
1601 if (cr)
1602 rfcomm_send_test(s, 0, skb->data, skb->len);
1603 break;
1604
1605 case RFCOMM_NSC:
1606 break;
1607
1608 default:
1609 BT_ERR("Unknown control type 0x%02x", type);
1610 rfcomm_send_nsc(s, cr, type);
1611 break;
1612 }
1613 return 0;
1614}
1615
1616static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1617{
1618 struct rfcomm_dlc *d;
1619
1620 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1621
1622 d = rfcomm_dlc_get(s, dlci);
1623 if (!d) {
1624 rfcomm_send_dm(s, dlci);
1625 goto drop;
1626 }
1627
1628 if (pf && d->cfc) {
1629 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1630
1631 d->tx_credits += credits;
1632 if (d->tx_credits)
1633 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1634 }
1635
1636 if (skb->len && d->state == BT_CONNECTED) {
1637 rfcomm_dlc_lock(d);
1638 d->rx_credits--;
1639 d->data_ready(d, skb);
1640 rfcomm_dlc_unlock(d);
1641 return 0;
1642 }
1643
1644drop:
1645 kfree_skb(skb);
1646 return 0;
1647}
1648
1649static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1650{
1651 struct rfcomm_hdr *hdr = (void *) skb->data;
1652 u8 type, dlci, fcs;
1653
1654 dlci = __get_dlci(hdr->addr);
1655 type = __get_type(hdr->ctrl);
1656
1657 /* Trim FCS */
1658 skb->len--; skb->tail--;
27a884dc 1659 fcs = *(u8 *)skb_tail_pointer(skb);
1da177e4
LT		 1660
1661 if (__check_fcs(skb->data, type, fcs)) {
1662 BT_ERR("bad checksum in packet");
1663 kfree_skb(skb);
1664 return -EILSEQ;
1665 }
1666
1667 if (__test_ea(hdr->len))
1668 skb_pull(skb, 3);
1669 else
1670 skb_pull(skb, 4);
1671
1672 switch (type) {
1673 case RFCOMM_SABM:
1674 if (__test_pf(hdr->ctrl))
1675 rfcomm_recv_sabm(s, dlci);
1676 break;
1677
1678 case RFCOMM_DISC:
1679 if (__test_pf(hdr->ctrl))
1680 rfcomm_recv_disc(s, dlci);
1681 break;
1682
1683 case RFCOMM_UA:
1684 if (__test_pf(hdr->ctrl))
1685 rfcomm_recv_ua(s, dlci);
1686 break;
1687
1688 case RFCOMM_DM:
1689 rfcomm_recv_dm(s, dlci);
1690 break;
1691
1692 case RFCOMM_UIH:
1693 if (dlci)
1694 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1695
1696 rfcomm_recv_mcc(s, skb);
1697 break;
1698
1699 default:
1700 BT_ERR("Unknown packet type 0x%02x\n", type);
1701 break;
1702 }
1703 kfree_skb(skb);
1704 return 0;
1705}
1706
1707/* ---- Connection and data processing ---- */
1708
1709static void rfcomm_process_connect(struct rfcomm_session *s)
1710{
1711 struct rfcomm_dlc *d;
1712 struct list_head *p, *n;
1713
1714 BT_DBG("session %p state %ld", s, s->state);
1715
1716 list_for_each_safe(p, n, &s->dlcs) {
1717 d = list_entry(p, struct rfcomm_dlc, list);
1718 if (d->state == BT_CONFIG) {
1719 d->mtu = s->mtu;
9f2c8a03 1720 if (rfcomm_check_security(d)) {
8c1b2355
MH		 1721 rfcomm_send_pn(s, 1, d);
1722 } else {
77db1980
MH		 1723 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1724 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
8c1b2355 1725 }
1da177e4
LT		 1726 }
1727 }
1728}
1729
1730/* Send data queued for the DLC.
1731 * Return number of frames left in the queue.
1732 */
1733static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1734{
1735 struct sk_buff *skb;
1736 int err;
1737
8e87d142 1738 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1da177e4
LT		 1739 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1740
1741 /* Send pending MSC */
1742 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
8e87d142 1743 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1da177e4
LT		 1744
1745 if (d->cfc) {
8e87d142 1746 /* CFC enabled.
1da177e4
LT		 1747 * Give them some credits */
1748 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
8e87d142 1749 d->rx_credits <= (d->cfc >> 2)) {
1da177e4
LT		 1750 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1751 d->rx_credits = d->cfc;
1752 }
1753 } else {
1754 /* CFC disabled.
1755 * Give ourselves some credits */
1756 d->tx_credits = 5;
1757 }
1758
1759 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1760 return skb_queue_len(&d->tx_queue);
1761
1762 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1763 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1764 if (err < 0) {
1765 skb_queue_head(&d->tx_queue, skb);
1766 break;
1767 }
1768 kfree_skb(skb);
1769 d->tx_credits--;
1770 }
1771
1772 if (d->cfc && !d->tx_credits) {
1773 /* We're out of TX credits.
1774 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1775 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1776 }
1777
1778 return skb_queue_len(&d->tx_queue);
1779}
1780
1781static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1782{
1783 struct rfcomm_dlc *d;
1784 struct list_head *p, *n;
1785
1786 BT_DBG("session %p state %ld", s, s->state);
1787
1788 list_for_each_safe(p, n, &s->dlcs) {
1789 d = list_entry(p, struct rfcomm_dlc, list);
1790
1791 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1792 __rfcomm_dlc_close(d, ETIMEDOUT);
1793 continue;
1794 }
1795
1796 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1797 rfcomm_dlc_clear_timer(d);
77db1980
MH		 1798 if (d->out) {
1799 rfcomm_send_pn(s, 1, d);
1800 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
bb23c0ab
MH		 1801 } else {
1802 if (d->defer_setup) {
1803 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1804 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
8bf47941
MH		 1805
1806 rfcomm_dlc_lock(d);
1807 d->state = BT_CONNECT2;
1808 d->state_change(d, 0);
1809 rfcomm_dlc_unlock(d);
bb23c0ab
MH		 1810 } else
1811 rfcomm_dlc_accept(d);
1812 }
1da177e4
LT		 1813 continue;
1814 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1815 rfcomm_dlc_clear_timer(d);
77db1980
MH		 1816 if (!d->out)
1817 rfcomm_send_dm(s, d->dlci);
1818 else
1819 d->state = BT_CLOSED;
1da177e4
LT		 1820 __rfcomm_dlc_close(d, ECONNREFUSED);
1821 continue;
1822 }
1823
6e1031a4
JG		 1824 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1825 continue;
1826
1da177e4
LT		 1827 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1828 continue;
1829
1830 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
77db1980 1831 d->mscex == RFCOMM_MSCEX_OK)
1da177e4
LT		 1832 rfcomm_process_tx(d);
1833 }
1834}
1835
1836static inline void rfcomm_process_rx(struct rfcomm_session *s)
1837{
1838 struct socket *sock = s->sock;
1839 struct sock *sk = sock->sk;
1840 struct sk_buff *skb;
1841
1842 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1843
1844 /* Get data directly from socket receive queue without copying it. */
1845 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1846 skb_orphan(skb);
1847 rfcomm_recv_frame(s, skb);
1848 }
1849
1850 if (sk->sk_state == BT_CLOSED) {
1851 if (!s->initiator)
1852 rfcomm_session_put(s);
1853
1854 rfcomm_session_close(s, sk->sk_err);
1855 }
1856}
1857
1858static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1859{
1860 struct socket *sock = s->sock, *nsock;
1861 int err;
1862
1863 /* Fast check for a new connection.
1864 * Avoids unnesesary socket allocations. */
1865 if (list_empty(&bt_sk(sock->sk)->accept_q))
1866 return;
1867
1868 BT_DBG("session %p", s);
1869
48db9ca4
MH		 1870 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1871 if (err < 0)
1da177e4
LT		 1872 return;
1873
1da177e4
LT		 1874 /* Set our callbacks */
1875 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1876 nsock->sk->sk_state_change = rfcomm_l2state_change;
1877
1878 s = rfcomm_session_add(nsock, BT_OPEN);
1879 if (s) {
1880 rfcomm_session_hold(s);
98bcd08b
MH		 1881
1882 /* We should adjust MTU on incoming sessions.
1883 * L2CAP MTU minus UIH header and FCS. */
1884 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5;
1885
1da177e4
LT		 1886 rfcomm_schedule(RFCOMM_SCHED_RX);
1887 } else
1888 sock_release(nsock);
1889}
1890
1891static inline void rfcomm_check_connection(struct rfcomm_session *s)
1892{
1893 struct sock *sk = s->sock->sk;
1894
1895 BT_DBG("%p state %ld", s, s->state);
1896
1897 switch(sk->sk_state) {
1898 case BT_CONNECTED:
1899 s->state = BT_CONNECT;
1900
1901 /* We can adjust MTU on outgoing sessions.
1902 * L2CAP MTU minus UIH header and FCS. */
1903 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1904
1905 rfcomm_send_sabm(s, 0);
1906 break;
1907
1908 case BT_CLOSED:
1909 s->state = BT_CLOSED;
1910 rfcomm_session_close(s, sk->sk_err);
1911 break;
1912 }
1913}
1914
1915static inline void rfcomm_process_sessions(void)
1916{
1917 struct list_head *p, *n;
1918
1919 rfcomm_lock();
1920
1921 list_for_each_safe(p, n, &session_list) {
1922 struct rfcomm_session *s;
1923 s = list_entry(p, struct rfcomm_session, list);
1924
9e726b17
LAD		 1925 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1926 s->state = BT_DISCONN;
1927 rfcomm_send_disc(s, 0);
485f1eff 1928 rfcomm_session_put(s);
9e726b17
LAD		 1929 continue;
1930 }
1931
1da177e4
LT		 1932 if (s->state == BT_LISTEN) {
1933 rfcomm_accept_connection(s);
1934 continue;
1935 }
1936
1937 rfcomm_session_hold(s);
1938
1939 switch (s->state) {
1940 case BT_BOUND:
1941 rfcomm_check_connection(s);
1942 break;
1943
1944 default:
1945 rfcomm_process_rx(s);
1946 break;
1947 }
1948
1949 rfcomm_process_dlcs(s);
1950
1951 rfcomm_session_put(s);
1952 }
1953
1954 rfcomm_unlock();
1955}
1956
1da177e4
LT		 1957static int rfcomm_add_listener(bdaddr_t *ba)
1958{
1959 struct sockaddr_l2 addr;
1960 struct socket *sock;
1961 struct sock *sk;
1962 struct rfcomm_session *s;
1963 int err = 0;
1964
1965 /* Create socket */
1966 err = rfcomm_l2sock_create(&sock);
8e87d142 1967 if (err < 0) {
1da177e4
LT		 1968 BT_ERR("Create socket failed %d", err);
1969 return err;
1970 }
1971
1972 /* Bind socket */
1973 bacpy(&addr.l2_bdaddr, ba);
1974 addr.l2_family = AF_BLUETOOTH;
b4324b5d 1975 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
37e62f55 1976 addr.l2_cid = 0;
48db9ca4 1977 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1da177e4
LT		 1978 if (err < 0) {
1979 BT_ERR("Bind failed %d", err);
1980 goto failed;
1981 }
1982
1983 /* Set L2CAP options */
1984 sk = sock->sk;
1985 lock_sock(sk);
56f3a40a 1986 l2cap_pi(sk)->imtu = l2cap_mtu;
1da177e4
LT		 1987 release_sock(sk);
1988
1989 /* Start listening on the socket */
48db9ca4 1990 err = kernel_listen(sock, 10);
1da177e4
LT		 1991 if (err) {
1992 BT_ERR("Listen failed %d", err);
1993 goto failed;
1994 }
1995
1996 /* Add listening session */
1997 s = rfcomm_session_add(sock, BT_LISTEN);
1998 if (!s)
1999 goto failed;
2000
2001 rfcomm_session_hold(s);
2002 return 0;
2003failed:
2004 sock_release(sock);
2005 return err;
2006}
2007
2008static void rfcomm_kill_listener(void)
2009{
2010 struct rfcomm_session *s;
2011 struct list_head *p, *n;
2012
2013 BT_DBG("");
2014
2015 list_for_each_safe(p, n, &session_list) {
2016 s = list_entry(p, struct rfcomm_session, list);
2017 rfcomm_session_del(s);
2018 }
2019}
2020
2021static int rfcomm_run(void *unused)
2022{
a524eccc 2023 BT_DBG("");
1da177e4 2024
1da177e4 2025 set_user_nice(current, -10);
1da177e4 2026
1da177e4
LT		 2027 rfcomm_add_listener(BDADDR_ANY);
2028
a524eccc
MH		 2029 while (!kthread_should_stop()) {
2030 set_current_state(TASK_INTERRUPTIBLE);
2031 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
2032 /* No pending events. Let's sleep.
2033 * Incoming connections and data will wake us up. */
2034 schedule();
2035 }
2036 set_current_state(TASK_RUNNING);
2037
2038 /* Process stuff */
2039 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
2040 rfcomm_process_sessions();
2041 }
1da177e4
LT		 2042
2043 rfcomm_kill_listener();
2044
1da177e4
LT		 2045 return 0;
2046}
2047
8c1b2355 2048static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1da177e4
LT		 2049{
2050 struct rfcomm_session *s;
2051 struct rfcomm_dlc *d;
2052 struct list_head *p, *n;
2053
2054 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2055
2056 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2057 if (!s)
2058 return;
2059
2060 rfcomm_session_hold(s);
2061
2062 list_for_each_safe(p, n, &s->dlcs) {
2063 d = list_entry(p, struct rfcomm_dlc, list);
2064
8c84b830
MH		 2065 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2066 rfcomm_dlc_clear_timer(d);
2067 if (status || encrypt == 0x00) {
2068 __rfcomm_dlc_close(d, ECONNREFUSED);
2069 continue;
2070 }
2071 }
2072
2073 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2074 if (d->sec_level == BT_SECURITY_MEDIUM) {
2075 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2076 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2077 continue;
2078 } else if (d->sec_level == BT_SECURITY_HIGH) {
2079 __rfcomm_dlc_close(d, ECONNREFUSED);
2080 continue;
2081 }
9719f8af
MH		 2082 }
2083
1da177e4
LT		 2084 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2085 continue;
2086
8c1b2355 2087 if (!status)
1da177e4
LT		 2088 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2089 else
2090 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2091 }
2092
2093 rfcomm_session_put(s);
2094
2095 rfcomm_schedule(RFCOMM_SCHED_AUTH);
2096}
2097
2098static struct hci_cb rfcomm_cb = {
2099 .name = "RFCOMM",
8c1b2355 2100 .security_cfm = rfcomm_security_cfm
1da177e4
LT		 2101};
2102
aef7d97c 2103static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
1da177e4
LT		 2104{
2105 struct rfcomm_session *s;
2106 struct list_head *pp, *p;
1da177e4
LT		 2107
2108 rfcomm_lock();
2109
2110 list_for_each(p, &session_list) {
2111 s = list_entry(p, struct rfcomm_session, list);
be9d1227
MH		 2112 list_for_each(pp, &s->dlcs) {
2113 struct sock *sk = s->sock->sk;
2114 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
1da177e4 2115
aef7d97c
MH		 2116 seq_printf(f, "%s %s %ld %d %d %d %d\n",
2117 batostr(&bt_sk(sk)->src),
2118 batostr(&bt_sk(sk)->dst),
2119 d->state, d->dlci, d->mtu,
2120 d->rx_credits, d->tx_credits);
1da177e4
LT		 2121 }
2122 }
1da177e4 2123
1da177e4 2124 rfcomm_unlock();
1da177e4 2125
aef7d97c
MH		 2126 return 0;
2127}
2128
2129static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file)
2130{
2131 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private);
1da177e4
LT		 2132}
2133
aef7d97c
MH		 2134static const struct file_operations rfcomm_dlc_debugfs_fops = {
2135 .open = rfcomm_dlc_debugfs_open,
2136 .read = seq_read,
2137 .llseek = seq_lseek,
2138 .release = single_release,
2139};
2140
2141static struct dentry *rfcomm_dlc_debugfs;
1da177e4
LT		 2142
2143/* ---- Initialization ---- */
2144static int __init rfcomm_init(void)
2145{
52d18347 2146 int err;
af0d3b10 2147
1da177e4
LT		 2148 l2cap_load();
2149
2150 hci_register_cb(&rfcomm_cb);
2151
a524eccc
MH		 2152 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2153 if (IS_ERR(rfcomm_thread)) {
52d18347
MH		 2154 err = PTR_ERR(rfcomm_thread);
2155 goto unregister;
a524eccc 2156 }
1da177e4 2157
aef7d97c
MH		 2158 if (bt_debugfs) {
2159 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2160 bt_debugfs, NULL, &rfcomm_dlc_debugfs_fops);
2161 if (!rfcomm_dlc_debugfs)
2162 BT_ERR("Failed to create RFCOMM debug file");
2163 }
1da177e4 2164
52d18347
MH		 2165 err = rfcomm_init_ttys();
2166 if (err < 0)
2167 goto stop;
1da177e4 2168
52d18347
MH		 2169 err = rfcomm_init_sockets();
2170 if (err < 0)
2171 goto cleanup;
1da177e4 2172
be9d1227
MH		 2173 BT_INFO("RFCOMM ver %s", VERSION);
2174
1da177e4 2175 return 0;
af0d3b10 2176
52d18347 2177cleanup:
af0d3b10 2178 rfcomm_cleanup_ttys();
52d18347
MH		 2179
2180stop:
af0d3b10 2181 kthread_stop(rfcomm_thread);
52d18347
MH		 2182
2183unregister:
af0d3b10
DY		 2184 hci_unregister_cb(&rfcomm_cb);
2185
52d18347 2186 return err;
1da177e4
LT		 2187}
2188
2189static void __exit rfcomm_exit(void)
2190{
aef7d97c 2191 debugfs_remove(rfcomm_dlc_debugfs);
be9d1227 2192
1da177e4
LT		 2193 hci_unregister_cb(&rfcomm_cb);
2194
a524eccc 2195 kthread_stop(rfcomm_thread);
1da177e4 2196
1da177e4 2197 rfcomm_cleanup_ttys();
1da177e4
LT		 2198
2199 rfcomm_cleanup_sockets();
1da177e4
LT		 2200}
2201
2202module_init(rfcomm_init);
2203module_exit(rfcomm_exit);
2204
7c2660b0
MH		 2205module_param(disable_cfc, bool, 0644);
2206MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2207
98bcd08b
MH		 2208module_param(channel_mtu, int, 0644);
2209MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2210
56f3a40a
MH		 2211module_param(l2cap_mtu, uint, 0644);
2212MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2213
eae38eed
MH		 2214module_param(l2cap_ertm, bool, 0644);
2215MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2216
63fbd24e 2217MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1da177e4
LT		 2218MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2219MODULE_VERSION(VERSION);
2220MODULE_LICENSE("GPL");
2221MODULE_ALIAS("bt-proto-3");
Clone of davem's net-next-2.6 tree