projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branch 'davem-next' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik...
[deliverable/linux.git] / net / bluetooth / rfcomm / core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
8e87d142
YH		 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 21 SOFTWARE IS DISCLAIMED.
22*/
23
1da177e4
LT		 24/*
25 * Bluetooth RFCOMM core.
1da177e4
LT		 26 */
27
1da177e4
LT		 28#include <linux/module.h>
29#include <linux/errno.h>
30#include <linux/kernel.h>
31#include <linux/sched.h>
32#include <linux/signal.h>
33#include <linux/init.h>
34#include <linux/wait.h>
be9d1227 35#include <linux/device.h>
1da177e4 36#include <linux/net.h>
4a3e2f71 37#include <linux/mutex.h>
a524eccc 38#include <linux/kthread.h>
4a3e2f71 39
1da177e4
LT		 40#include <net/sock.h>
41#include <asm/uaccess.h>
42#include <asm/unaligned.h>
43
44#include <net/bluetooth/bluetooth.h>
45#include <net/bluetooth/hci_core.h>
46#include <net/bluetooth/l2cap.h>
47#include <net/bluetooth/rfcomm.h>
48
1da177e4
LT		 49#ifndef CONFIG_BT_RFCOMM_DEBUG
50#undef BT_DBG
51#define BT_DBG(D...)
52#endif
53
7c2660b0 54#define VERSION "1.8"
56f3a40a 55
7c2660b0 56static int disable_cfc = 0;
98bcd08b 57static int channel_mtu = -1;
56f3a40a
MH		 58static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
59
1da177e4
LT		 60static struct task_struct *rfcomm_thread;
61
4a3e2f71
AV		 62static DEFINE_MUTEX(rfcomm_mutex);
63#define rfcomm_lock() mutex_lock(&rfcomm_mutex)
64#define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
1da177e4
LT		 65
66static unsigned long rfcomm_event;
67
68static LIST_HEAD(session_list);
1da177e4
LT		 69
70static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
71static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
72static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
73static int rfcomm_queue_disc(struct rfcomm_dlc *d);
74static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
75static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
76static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
77static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
78static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
79static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
80
81static void rfcomm_process_connect(struct rfcomm_session *s);
82
83static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
84static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
85static void rfcomm_session_del(struct rfcomm_session *s);
86
87/* ---- RFCOMM frame parsing macros ---- */
88#define __get_dlci(b) ((b & 0xfc) >> 2)
89#define __get_channel(b) ((b & 0xf8) >> 3)
90#define __get_dir(b) ((b & 0x04) >> 2)
91#define __get_type(b) ((b & 0xef))
92
93#define __test_ea(b) ((b & 0x01))
94#define __test_cr(b) ((b & 0x02))
95#define __test_pf(b) ((b & 0x10))
96
97#define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
98#define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
99#define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
100#define __srv_channel(dlci) (dlci >> 1)
101#define __dir(dlci) (dlci & 0x01)
102
103#define __len8(len) (((len) << 1) | 1)
104#define __len16(len) ((len) << 1)
105
106/* MCC macros */
107#define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
108#define __get_mcc_type(b) ((b & 0xfc) >> 2)
109#define __get_mcc_len(b) ((b & 0xfe) >> 1)
110
111/* RPN macros */
3a5e903c 112#define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
1da177e4
LT		 113#define __get_rpn_data_bits(line) ((line) & 0x3)
114#define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
3a5e903c 115#define __get_rpn_parity(line) (((line) >> 3) & 0x7)
1da177e4
LT		 116
117static inline void rfcomm_schedule(uint event)
118{
119 if (!rfcomm_thread)
120 return;
121 //set_bit(event, &rfcomm_event);
122 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
123 wake_up_process(rfcomm_thread);
124}
125
126static inline void rfcomm_session_put(struct rfcomm_session *s)
127{
128 if (atomic_dec_and_test(&s->refcnt))
129 rfcomm_session_del(s);
130}
131
132/* ---- RFCOMM FCS computation ---- */
133
408c1ce2 134/* reversed, 8-bit, poly=0x07 */
8e87d142 135static unsigned char rfcomm_crc_table[256] = {
408c1ce2
MH		 136 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
137 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
138 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
139 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
140
141 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
142 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
143 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
144 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
145
146 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
147 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
148 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
149 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
150
151 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
152 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
153 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
154 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
155
156 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
157 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
158 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
159 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
160
161 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
162 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
163 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
164 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
165
166 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
167 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
168 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
169 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
170
171 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
172 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
173 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
174 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
175};
176
1da177e4
LT		 177/* CRC on 2 bytes */
178#define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
179
8e87d142 180/* FCS on 2 bytes */
1da177e4
LT		 181static inline u8 __fcs(u8 *data)
182{
183 return (0xff - __crc(data));
184}
185
8e87d142 186/* FCS on 3 bytes */
1da177e4
LT		 187static inline u8 __fcs2(u8 *data)
188{
189 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
190}
191
192/* Check FCS */
193static inline int __check_fcs(u8 *data, int type, u8 fcs)
194{
195 u8 f = __crc(data);
196
197 if (type != RFCOMM_UIH)
198 f = rfcomm_crc_table[f ^ data[2]];
199
200 return rfcomm_crc_table[f ^ fcs] != 0xcf;
201}
202
203/* ---- L2CAP callbacks ---- */
204static void rfcomm_l2state_change(struct sock *sk)
205{
206 BT_DBG("%p state %d", sk, sk->sk_state);
207 rfcomm_schedule(RFCOMM_SCHED_STATE);
208}
209
210static void rfcomm_l2data_ready(struct sock *sk, int bytes)
211{
212 BT_DBG("%p bytes %d", sk, bytes);
213 rfcomm_schedule(RFCOMM_SCHED_RX);
214}
215
216static int rfcomm_l2sock_create(struct socket **sock)
217{
218 int err;
219
220 BT_DBG("");
221
222 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
223 if (!err) {
224 struct sock *sk = (*sock)->sk;
225 sk->sk_data_ready = rfcomm_l2data_ready;
226 sk->sk_state_change = rfcomm_l2state_change;
227 }
228 return err;
229}
230
231/* ---- RFCOMM DLCs ---- */
232static void rfcomm_dlc_timeout(unsigned long arg)
233{
234 struct rfcomm_dlc *d = (void *) arg;
235
236 BT_DBG("dlc %p state %ld", d, d->state);
237
238 set_bit(RFCOMM_TIMED_OUT, &d->flags);
239 rfcomm_dlc_put(d);
240 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
241}
242
243static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
244{
245 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
246
247 if (!mod_timer(&d->timer, jiffies + timeout))
248 rfcomm_dlc_hold(d);
249}
250
251static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
252{
253 BT_DBG("dlc %p state %ld", d, d->state);
254
255 if (timer_pending(&d->timer) && del_timer(&d->timer))
256 rfcomm_dlc_put(d);
257}
258
259static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
260{
261 BT_DBG("%p", d);
262
263 d->state = BT_OPEN;
264 d->flags = 0;
265 d->mscex = 0;
266 d->mtu = RFCOMM_DEFAULT_MTU;
267 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
268
269 d->cfc = RFCOMM_CFC_DISABLED;
270 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
271}
272
dd0fc66f 273struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
1da177e4 274{
25ea6db0
MH		 275 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
276
1da177e4
LT		 277 if (!d)
278 return NULL;
1da177e4 279
b24b8a24 280 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
1da177e4
LT		 281
282 skb_queue_head_init(&d->tx_queue);
283 spin_lock_init(&d->lock);
284 atomic_set(&d->refcnt, 1);
285
286 rfcomm_dlc_clear_state(d);
8e87d142 287
1da177e4 288 BT_DBG("%p", d);
25ea6db0 289
1da177e4
LT		 290 return d;
291}
292
293void rfcomm_dlc_free(struct rfcomm_dlc *d)
294{
295 BT_DBG("%p", d);
296
297 skb_queue_purge(&d->tx_queue);
298 kfree(d);
299}
300
301static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
302{
303 BT_DBG("dlc %p session %p", d, s);
304
305 rfcomm_session_hold(s);
306
307 rfcomm_dlc_hold(d);
308 list_add(&d->list, &s->dlcs);
309 d->session = s;
310}
311
312static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
313{
314 struct rfcomm_session *s = d->session;
315
316 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
317
318 list_del(&d->list);
319 d->session = NULL;
320 rfcomm_dlc_put(d);
321
322 rfcomm_session_put(s);
323}
324
325static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
326{
327 struct rfcomm_dlc *d;
328 struct list_head *p;
329
330 list_for_each(p, &s->dlcs) {
331 d = list_entry(p, struct rfcomm_dlc, list);
332 if (d->dlci == dlci)
333 return d;
334 }
335 return NULL;
336}
337
338static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
339{
340 struct rfcomm_session *s;
341 int err = 0;
342 u8 dlci;
343
8e87d142 344 BT_DBG("dlc %p state %ld %s %s channel %d",
1da177e4
LT		 345 d, d->state, batostr(src), batostr(dst), channel);
346
347 if (channel < 1 || channel > 30)
348 return -EINVAL;
349
350 if (d->state != BT_OPEN && d->state != BT_CLOSED)
351 return 0;
352
353 s = rfcomm_session_get(src, dst);
354 if (!s) {
355 s = rfcomm_session_create(src, dst, &err);
356 if (!s)
357 return err;
358 }
359
360 dlci = __dlci(!s->initiator, channel);
361
362 /* Check if DLCI already exists */
363 if (rfcomm_dlc_get(s, dlci))
364 return -EBUSY;
365
366 rfcomm_dlc_clear_state(d);
367
368 d->dlci = dlci;
369 d->addr = __addr(s->initiator, dlci);
370 d->priority = 7;
371
372 d->state = BT_CONFIG;
373 rfcomm_dlc_link(s, d);
374
375 d->mtu = s->mtu;
376 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
377
378 if (s->state == BT_CONNECTED)
379 rfcomm_send_pn(s, 1, d);
380 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
381 return 0;
382}
383
384int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
385{
386 int r;
387
388 rfcomm_lock();
389
390 r = __rfcomm_dlc_open(d, src, dst, channel);
391
392 rfcomm_unlock();
393 return r;
394}
395
396static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
397{
398 struct rfcomm_session *s = d->session;
399 if (!s)
400 return 0;
401
402 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
403 d, d->state, d->dlci, err, s);
404
405 switch (d->state) {
406 case BT_CONNECTED:
407 case BT_CONFIG:
408 case BT_CONNECT:
409 d->state = BT_DISCONN;
410 if (skb_queue_empty(&d->tx_queue)) {
411 rfcomm_send_disc(s, d->dlci);
412 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
413 } else {
414 rfcomm_queue_disc(d);
415 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
416 }
417 break;
418
419 default:
420 rfcomm_dlc_clear_timer(d);
421
422 rfcomm_dlc_lock(d);
423 d->state = BT_CLOSED;
1905f6c7 424 d->state_change(d, err);
4c8411f8 425 rfcomm_dlc_unlock(d);
1da177e4
LT		 426
427 skb_queue_purge(&d->tx_queue);
1da177e4
LT		 428 rfcomm_dlc_unlink(d);
429 }
430
431 return 0;
432}
433
434int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
435{
436 int r;
437
438 rfcomm_lock();
439
440 r = __rfcomm_dlc_close(d, err);
441
442 rfcomm_unlock();
443 return r;
444}
445
446int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
447{
448 int len = skb->len;
449
450 if (d->state != BT_CONNECTED)
451 return -ENOTCONN;
452
453 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
454
455 if (len > d->mtu)
456 return -EINVAL;
457
458 rfcomm_make_uih(skb, d->addr);
459 skb_queue_tail(&d->tx_queue, skb);
460
461 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
462 rfcomm_schedule(RFCOMM_SCHED_TX);
463 return len;
464}
465
b5606c2d 466void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
1da177e4
LT		 467{
468 BT_DBG("dlc %p state %ld", d, d->state);
469
470 if (!d->cfc) {
471 d->v24_sig |= RFCOMM_V24_FC;
472 set_bit(RFCOMM_MSC_PENDING, &d->flags);
473 }
474 rfcomm_schedule(RFCOMM_SCHED_TX);
475}
476
b5606c2d 477void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
1da177e4
LT		 478{
479 BT_DBG("dlc %p state %ld", d, d->state);
480
481 if (!d->cfc) {
482 d->v24_sig &= ~RFCOMM_V24_FC;
483 set_bit(RFCOMM_MSC_PENDING, &d->flags);
484 }
485 rfcomm_schedule(RFCOMM_SCHED_TX);
486}
487
8e87d142 488/*
1da177e4
LT		 489 Set/get modem status functions use _local_ status i.e. what we report
490 to the other side.
491 Remote status is provided by dlc->modem_status() callback.
492 */
493int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
494{
8e87d142 495 BT_DBG("dlc %p state %ld v24_sig 0x%x",
1da177e4
LT		 496 d, d->state, v24_sig);
497
498 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
499 v24_sig |= RFCOMM_V24_FC;
500 else
501 v24_sig &= ~RFCOMM_V24_FC;
8e87d142 502
1da177e4
LT		 503 d->v24_sig = v24_sig;
504
505 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
506 rfcomm_schedule(RFCOMM_SCHED_TX);
507
508 return 0;
509}
510
511int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
512{
8e87d142 513 BT_DBG("dlc %p state %ld v24_sig 0x%x",
1da177e4
LT		 514 d, d->state, d->v24_sig);
515
516 *v24_sig = d->v24_sig;
517 return 0;
518}
519
520/* ---- RFCOMM sessions ---- */
521static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
522{
25ea6db0
MH		 523 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
524
1da177e4
LT		 525 if (!s)
526 return NULL;
1da177e4
LT		 527
528 BT_DBG("session %p sock %p", s, sock);
529
530 INIT_LIST_HEAD(&s->dlcs);
531 s->state = state;
532 s->sock = sock;
533
534 s->mtu = RFCOMM_DEFAULT_MTU;
7c2660b0 535 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
1da177e4
LT		 536
537 /* Do not increment module usage count for listening sessions.
538 * Otherwise we won't be able to unload the module. */
539 if (state != BT_LISTEN)
540 if (!try_module_get(THIS_MODULE)) {
541 kfree(s);
542 return NULL;
543 }
544
545 list_add(&s->list, &session_list);
546
547 return s;
548}
549
550static void rfcomm_session_del(struct rfcomm_session *s)
551{
552 int state = s->state;
553
554 BT_DBG("session %p state %ld", s, s->state);
555
556 list_del(&s->list);
557
558 if (state == BT_CONNECTED)
559 rfcomm_send_disc(s, 0);
560
561 sock_release(s->sock);
562 kfree(s);
563
564 if (state != BT_LISTEN)
565 module_put(THIS_MODULE);
566}
567
568static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
569{
570 struct rfcomm_session *s;
571 struct list_head *p, *n;
572 struct bt_sock *sk;
573 list_for_each_safe(p, n, &session_list) {
574 s = list_entry(p, struct rfcomm_session, list);
8e87d142 575 sk = bt_sk(s->sock->sk);
1da177e4
LT		 576
577 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
578 !bacmp(&sk->dst, dst))
579 return s;
580 }
581 return NULL;
582}
583
584static void rfcomm_session_close(struct rfcomm_session *s, int err)
585{
586 struct rfcomm_dlc *d;
587 struct list_head *p, *n;
588
589 BT_DBG("session %p state %ld err %d", s, s->state, err);
590
591 rfcomm_session_hold(s);
592
593 s->state = BT_CLOSED;
594
595 /* Close all dlcs */
596 list_for_each_safe(p, n, &s->dlcs) {
597 d = list_entry(p, struct rfcomm_dlc, list);
598 d->state = BT_CLOSED;
599 __rfcomm_dlc_close(d, err);
600 }
601
602 rfcomm_session_put(s);
603}
604
605static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
606{
607 struct rfcomm_session *s = NULL;
608 struct sockaddr_l2 addr;
609 struct socket *sock;
610 struct sock *sk;
611
612 BT_DBG("%s %s", batostr(src), batostr(dst));
613
614 *err = rfcomm_l2sock_create(&sock);
615 if (*err < 0)
616 return NULL;
617
618 bacpy(&addr.l2_bdaddr, src);
619 addr.l2_family = AF_BLUETOOTH;
620 addr.l2_psm = 0;
48db9ca4 621 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1da177e4
LT		 622 if (*err < 0)
623 goto failed;
624
625 /* Set L2CAP options */
626 sk = sock->sk;
627 lock_sock(sk);
56f3a40a 628 l2cap_pi(sk)->imtu = l2cap_mtu;
1da177e4
LT		 629 release_sock(sk);
630
631 s = rfcomm_session_add(sock, BT_BOUND);
632 if (!s) {
633 *err = -ENOMEM;
634 goto failed;
635 }
636
1da177e4
LT		 637 s->initiator = 1;
638
639 bacpy(&addr.l2_bdaddr, dst);
640 addr.l2_family = AF_BLUETOOTH;
641 addr.l2_psm = htobs(RFCOMM_PSM);
48db9ca4 642 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
b4c612a4 643 if (*err == 0 || *err == -EINPROGRESS)
1da177e4
LT		 644 return s;
645
646 rfcomm_session_del(s);
647 return NULL;
648
649failed:
650 sock_release(sock);
651 return NULL;
652}
653
654void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
655{
656 struct sock *sk = s->sock->sk;
657 if (src)
658 bacpy(src, &bt_sk(sk)->src);
659 if (dst)
660 bacpy(dst, &bt_sk(sk)->dst);
661}
662
663/* ---- RFCOMM frame sending ---- */
664static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
665{
666 struct socket *sock = s->sock;
667 struct kvec iv = { data, len };
668 struct msghdr msg;
669
670 BT_DBG("session %p len %d", s, len);
671
672 memset(&msg, 0, sizeof(msg));
673
674 return kernel_sendmsg(sock, &msg, &iv, 1, len);
675}
676
677static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
678{
679 struct rfcomm_cmd cmd;
680
681 BT_DBG("%p dlci %d", s, dlci);
682
683 cmd.addr = __addr(s->initiator, dlci);
684 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
685 cmd.len = __len8(0);
686 cmd.fcs = __fcs2((u8 *) &cmd);
687
688 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
689}
690
691static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
692{
693 struct rfcomm_cmd cmd;
694
695 BT_DBG("%p dlci %d", s, dlci);
696
697 cmd.addr = __addr(!s->initiator, dlci);
698 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
699 cmd.len = __len8(0);
700 cmd.fcs = __fcs2((u8 *) &cmd);
701
702 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
703}
704
705static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
706{
707 struct rfcomm_cmd cmd;
708
709 BT_DBG("%p dlci %d", s, dlci);
710
711 cmd.addr = __addr(s->initiator, dlci);
712 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
713 cmd.len = __len8(0);
714 cmd.fcs = __fcs2((u8 *) &cmd);
715
716 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
717}
718
719static int rfcomm_queue_disc(struct rfcomm_dlc *d)
720{
721 struct rfcomm_cmd *cmd;
722 struct sk_buff *skb;
723
724 BT_DBG("dlc %p dlci %d", d, d->dlci);
725
726 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
727 if (!skb)
728 return -ENOMEM;
729
730 cmd = (void *) __skb_put(skb, sizeof(*cmd));
731 cmd->addr = d->addr;
732 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
733 cmd->len = __len8(0);
734 cmd->fcs = __fcs2((u8 *) cmd);
735
736 skb_queue_tail(&d->tx_queue, skb);
737 rfcomm_schedule(RFCOMM_SCHED_TX);
738 return 0;
739}
740
741static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
742{
743 struct rfcomm_cmd cmd;
744
745 BT_DBG("%p dlci %d", s, dlci);
746
747 cmd.addr = __addr(!s->initiator, dlci);
748 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
749 cmd.len = __len8(0);
750 cmd.fcs = __fcs2((u8 *) &cmd);
751
752 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
753}
754
755static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
756{
757 struct rfcomm_hdr *hdr;
758 struct rfcomm_mcc *mcc;
759 u8 buf[16], *ptr = buf;
760
761 BT_DBG("%p cr %d type %d", s, cr, type);
762
763 hdr = (void *) ptr; ptr += sizeof(*hdr);
764 hdr->addr = __addr(s->initiator, 0);
765 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
766 hdr->len = __len8(sizeof(*mcc) + 1);
767
768 mcc = (void *) ptr; ptr += sizeof(*mcc);
769 mcc->type = __mcc_type(cr, RFCOMM_NSC);
770 mcc->len = __len8(1);
771
772 /* Type that we didn't like */
773 *ptr = __mcc_type(cr, type); ptr++;
774
775 *ptr = __fcs(buf); ptr++;
776
777 return rfcomm_send_frame(s, buf, ptr - buf);
778}
779
780static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
781{
782 struct rfcomm_hdr *hdr;
783 struct rfcomm_mcc *mcc;
784 struct rfcomm_pn *pn;
785 u8 buf[16], *ptr = buf;
786
787 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
788
789 hdr = (void *) ptr; ptr += sizeof(*hdr);
790 hdr->addr = __addr(s->initiator, 0);
791 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
792 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
793
794 mcc = (void *) ptr; ptr += sizeof(*mcc);
795 mcc->type = __mcc_type(cr, RFCOMM_PN);
796 mcc->len = __len8(sizeof(*pn));
797
798 pn = (void *) ptr; ptr += sizeof(*pn);
799 pn->dlci = d->dlci;
800 pn->priority = d->priority;
801 pn->ack_timer = 0;
802 pn->max_retrans = 0;
803
804 if (s->cfc) {
805 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
806 pn->credits = RFCOMM_DEFAULT_CREDITS;
807 } else {
808 pn->flow_ctrl = 0;
809 pn->credits = 0;
810 }
811
98bcd08b
MH		 812 if (cr && channel_mtu >= 0)
813 pn->mtu = htobs(channel_mtu);
814 else
815 pn->mtu = htobs(d->mtu);
1da177e4
LT		 816
817 *ptr = __fcs(buf); ptr++;
818
819 return rfcomm_send_frame(s, buf, ptr - buf);
820}
821
3a5e903c
S		 822int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
823 u8 bit_rate, u8 data_bits, u8 stop_bits,
8e87d142 824 u8 parity, u8 flow_ctrl_settings,
3a5e903c 825 u8 xon_char, u8 xoff_char, u16 param_mask)
1da177e4
LT		 826{
827 struct rfcomm_hdr *hdr;
828 struct rfcomm_mcc *mcc;
829 struct rfcomm_rpn *rpn;
830 u8 buf[16], *ptr = buf;
831
832 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
8e87d142
YH		 833 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
834 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
3a5e903c 835 flow_ctrl_settings, xon_char, xoff_char, param_mask);
1da177e4
LT		 836
837 hdr = (void *) ptr; ptr += sizeof(*hdr);
838 hdr->addr = __addr(s->initiator, 0);
839 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
840 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
841
842 mcc = (void *) ptr; ptr += sizeof(*mcc);
843 mcc->type = __mcc_type(cr, RFCOMM_RPN);
844 mcc->len = __len8(sizeof(*rpn));
845
846 rpn = (void *) ptr; ptr += sizeof(*rpn);
847 rpn->dlci = __addr(1, dlci);
848 rpn->bit_rate = bit_rate;
849 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
850 rpn->flow_ctrl = flow_ctrl_settings;
851 rpn->xon_char = xon_char;
852 rpn->xoff_char = xoff_char;
e8db8c99 853 rpn->param_mask = cpu_to_le16(param_mask);
1da177e4
LT		 854
855 *ptr = __fcs(buf); ptr++;
856
857 return rfcomm_send_frame(s, buf, ptr - buf);
858}
859
860static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
861{
862 struct rfcomm_hdr *hdr;
863 struct rfcomm_mcc *mcc;
864 struct rfcomm_rls *rls;
865 u8 buf[16], *ptr = buf;
866
867 BT_DBG("%p cr %d status 0x%x", s, cr, status);
868
869 hdr = (void *) ptr; ptr += sizeof(*hdr);
870 hdr->addr = __addr(s->initiator, 0);
871 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
872 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
873
874 mcc = (void *) ptr; ptr += sizeof(*mcc);
875 mcc->type = __mcc_type(cr, RFCOMM_RLS);
876 mcc->len = __len8(sizeof(*rls));
877
878 rls = (void *) ptr; ptr += sizeof(*rls);
879 rls->dlci = __addr(1, dlci);
880 rls->status = status;
881
882 *ptr = __fcs(buf); ptr++;
883
884 return rfcomm_send_frame(s, buf, ptr - buf);
885}
886
887static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
888{
889 struct rfcomm_hdr *hdr;
890 struct rfcomm_mcc *mcc;
891 struct rfcomm_msc *msc;
892 u8 buf[16], *ptr = buf;
893
894 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
895
896 hdr = (void *) ptr; ptr += sizeof(*hdr);
897 hdr->addr = __addr(s->initiator, 0);
898 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
899 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
900
901 mcc = (void *) ptr; ptr += sizeof(*mcc);
902 mcc->type = __mcc_type(cr, RFCOMM_MSC);
903 mcc->len = __len8(sizeof(*msc));
904
905 msc = (void *) ptr; ptr += sizeof(*msc);
906 msc->dlci = __addr(1, dlci);
907 msc->v24_sig = v24_sig | 0x01;
908
909 *ptr = __fcs(buf); ptr++;
910
911 return rfcomm_send_frame(s, buf, ptr - buf);
912}
913
914static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
915{
916 struct rfcomm_hdr *hdr;
917 struct rfcomm_mcc *mcc;
918 u8 buf[16], *ptr = buf;
919
920 BT_DBG("%p cr %d", s, cr);
921
922 hdr = (void *) ptr; ptr += sizeof(*hdr);
923 hdr->addr = __addr(s->initiator, 0);
924 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
925 hdr->len = __len8(sizeof(*mcc));
926
927 mcc = (void *) ptr; ptr += sizeof(*mcc);
928 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
929 mcc->len = __len8(0);
930
931 *ptr = __fcs(buf); ptr++;
932
933 return rfcomm_send_frame(s, buf, ptr - buf);
934}
935
936static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
937{
938 struct rfcomm_hdr *hdr;
939 struct rfcomm_mcc *mcc;
940 u8 buf[16], *ptr = buf;
941
942 BT_DBG("%p cr %d", s, cr);
943
944 hdr = (void *) ptr; ptr += sizeof(*hdr);
945 hdr->addr = __addr(s->initiator, 0);
946 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
947 hdr->len = __len8(sizeof(*mcc));
948
949 mcc = (void *) ptr; ptr += sizeof(*mcc);
950 mcc->type = __mcc_type(cr, RFCOMM_FCON);
951 mcc->len = __len8(0);
952
953 *ptr = __fcs(buf); ptr++;
954
955 return rfcomm_send_frame(s, buf, ptr - buf);
956}
957
958static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
959{
960 struct socket *sock = s->sock;
961 struct kvec iv[3];
962 struct msghdr msg;
963 unsigned char hdr[5], crc[1];
964
965 if (len > 125)
966 return -EINVAL;
967
968 BT_DBG("%p cr %d", s, cr);
969
970 hdr[0] = __addr(s->initiator, 0);
971 hdr[1] = __ctrl(RFCOMM_UIH, 0);
972 hdr[2] = 0x01 | ((len + 2) << 1);
973 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
974 hdr[4] = 0x01 | (len << 1);
975
976 crc[0] = __fcs(hdr);
977
978 iv[0].iov_base = hdr;
979 iv[0].iov_len = 5;
980 iv[1].iov_base = pattern;
981 iv[1].iov_len = len;
982 iv[2].iov_base = crc;
983 iv[2].iov_len = 1;
984
985 memset(&msg, 0, sizeof(msg));
986
987 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
988}
989
990static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
991{
992 struct rfcomm_hdr *hdr;
993 u8 buf[16], *ptr = buf;
994
995 BT_DBG("%p addr %d credits %d", s, addr, credits);
996
997 hdr = (void *) ptr; ptr += sizeof(*hdr);
998 hdr->addr = addr;
999 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1000 hdr->len = __len8(0);
1001
1002 *ptr = credits; ptr++;
1003
1004 *ptr = __fcs(buf); ptr++;
1005
1006 return rfcomm_send_frame(s, buf, ptr - buf);
1007}
1008
1009static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1010{
1011 struct rfcomm_hdr *hdr;
1012 int len = skb->len;
1013 u8 *crc;
1014
1015 if (len > 127) {
1016 hdr = (void *) skb_push(skb, 4);
6ba9c755 1017 put_unaligned(htobs(__len16(len)), (__le16 *) &hdr->len);
1da177e4
LT		 1018 } else {
1019 hdr = (void *) skb_push(skb, 3);
1020 hdr->len = __len8(len);
1021 }
1022 hdr->addr = addr;
1023 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1024
1025 crc = skb_put(skb, 1);
1026 *crc = __fcs((void *) hdr);
1027}
1028
1029/* ---- RFCOMM frame reception ---- */
1030static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1031{
1032 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1033
1034 if (dlci) {
1035 /* Data channel */
1036 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1037 if (!d) {
1038 rfcomm_send_dm(s, dlci);
1039 return 0;
1040 }
1041
1042 switch (d->state) {
1043 case BT_CONNECT:
1044 rfcomm_dlc_clear_timer(d);
1045
1046 rfcomm_dlc_lock(d);
1047 d->state = BT_CONNECTED;
1048 d->state_change(d, 0);
1049 rfcomm_dlc_unlock(d);
1050
1051 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1052 break;
1053
1054 case BT_DISCONN:
1055 d->state = BT_CLOSED;
1056 __rfcomm_dlc_close(d, 0);
9cf5b0ea
MH		 1057
1058 if (list_empty(&s->dlcs)) {
1059 s->state = BT_DISCONN;
1060 rfcomm_send_disc(s, 0);
1061 }
1062
1da177e4
LT		 1063 break;
1064 }
1065 } else {
1066 /* Control channel */
1067 switch (s->state) {
1068 case BT_CONNECT:
1069 s->state = BT_CONNECTED;
1070 rfcomm_process_connect(s);
1071 break;
9cf5b0ea
MH		 1072
1073 case BT_DISCONN:
1074 rfcomm_session_put(s);
1075 break;
1da177e4
LT		 1076 }
1077 }
1078 return 0;
1079}
1080
1081static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1082{
1083 int err = 0;
1084
1085 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1086
1087 if (dlci) {
1088 /* Data DLC */
1089 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1090 if (d) {
1091 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1092 err = ECONNREFUSED;
1093 else
1094 err = ECONNRESET;
1095
1096 d->state = BT_CLOSED;
1097 __rfcomm_dlc_close(d, err);
1098 }
1099 } else {
1100 if (s->state == BT_CONNECT)
1101 err = ECONNREFUSED;
1102 else
1103 err = ECONNRESET;
1104
1105 s->state = BT_CLOSED;
1106 rfcomm_session_close(s, err);
1107 }
1108 return 0;
1109}
1110
1111static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1112{
1113 int err = 0;
1114
1115 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1116
1117 if (dlci) {
1118 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1119 if (d) {
1120 rfcomm_send_ua(s, dlci);
1121
1122 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1123 err = ECONNREFUSED;
1124 else
1125 err = ECONNRESET;
1126
1127 d->state = BT_CLOSED;
1128 __rfcomm_dlc_close(d, err);
8e87d142 1129 } else
1da177e4 1130 rfcomm_send_dm(s, dlci);
8e87d142 1131
1da177e4
LT		 1132 } else {
1133 rfcomm_send_ua(s, 0);
1134
1135 if (s->state == BT_CONNECT)
1136 err = ECONNREFUSED;
1137 else
1138 err = ECONNRESET;
1139
1140 s->state = BT_CLOSED;
1141 rfcomm_session_close(s, err);
1142 }
1143
1144 return 0;
1145}
1146
1147static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
1148{
1149 struct sock *sk = d->session->sock->sk;
1150
1151 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
1152 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
1153 return 1;
1154 } else if (d->link_mode & RFCOMM_LM_AUTH) {
1155 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
1156 return 1;
1157 }
1158
1159 return 0;
1160}
1161
1162static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1163{
300b9397
MH		 1164 struct sock *sk = d->session->sock->sk;
1165
1da177e4
LT		 1166 BT_DBG("dlc %p", d);
1167
1168 rfcomm_send_ua(d->session, d->dlci);
1169
1170 rfcomm_dlc_lock(d);
1171 d->state = BT_CONNECTED;
1172 d->state_change(d, 0);
1173 rfcomm_dlc_unlock(d);
1174
300b9397
MH		 1175 if (d->link_mode & RFCOMM_LM_MASTER)
1176 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);
1177
1da177e4
LT		 1178 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1179}
1180
1181static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1182{
1183 struct rfcomm_dlc *d;
1184 u8 channel;
1185
1186 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1187
1188 if (!dlci) {
1189 rfcomm_send_ua(s, 0);
1190
1191 if (s->state == BT_OPEN) {
1192 s->state = BT_CONNECTED;
1193 rfcomm_process_connect(s);
1194 }
1195 return 0;
1196 }
1197
1198 /* Check if DLC exists */
1199 d = rfcomm_dlc_get(s, dlci);
1200 if (d) {
1201 if (d->state == BT_OPEN) {
1202 /* DLC was previously opened by PN request */
1203 if (rfcomm_check_link_mode(d)) {
1204 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1205 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1206 return 0;
1207 }
1208
1209 rfcomm_dlc_accept(d);
1210 }
1211 return 0;
1212 }
1213
1214 /* Notify socket layer about incoming connection */
1215 channel = __srv_channel(dlci);
1216 if (rfcomm_connect_ind(s, channel, &d)) {
1217 d->dlci = dlci;
1218 d->addr = __addr(s->initiator, dlci);
1219 rfcomm_dlc_link(s, d);
1220
1221 if (rfcomm_check_link_mode(d)) {
1222 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1223 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1224 return 0;
1225 }
1226
1227 rfcomm_dlc_accept(d);
1228 } else {
1229 rfcomm_send_dm(s, dlci);
1230 }
1231
1232 return 0;
1233}
1234
1235static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1236{
1237 struct rfcomm_session *s = d->session;
1238
8e87d142 1239 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1da177e4
LT		 1240 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1241
7c2660b0
MH		 1242 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1243 pn->flow_ctrl == 0xe0) {
1244 d->cfc = RFCOMM_CFC_ENABLED;
1da177e4
LT		 1245 d->tx_credits = pn->credits;
1246 } else {
7c2660b0 1247 d->cfc = RFCOMM_CFC_DISABLED;
1da177e4
LT		 1248 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1249 }
1250
7c2660b0
MH		 1251 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1252 s->cfc = d->cfc;
1253
1da177e4
LT		 1254 d->priority = pn->priority;
1255
98bcd08b
MH		 1256 d->mtu = btohs(pn->mtu);
1257
1258 if (cr && d->mtu > s->mtu)
1259 d->mtu = s->mtu;
1da177e4
LT		 1260
1261 return 0;
1262}
1263
1264static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1265{
1266 struct rfcomm_pn *pn = (void *) skb->data;
1267 struct rfcomm_dlc *d;
1268 u8 dlci = pn->dlci;
1269
1270 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1271
1272 if (!dlci)
1273 return 0;
1274
1275 d = rfcomm_dlc_get(s, dlci);
1276 if (d) {
1277 if (cr) {
1278 /* PN request */
1279 rfcomm_apply_pn(d, cr, pn);
1280 rfcomm_send_pn(s, 0, d);
1281 } else {
1282 /* PN response */
1283 switch (d->state) {
1284 case BT_CONFIG:
1285 rfcomm_apply_pn(d, cr, pn);
1286
1287 d->state = BT_CONNECT;
1288 rfcomm_send_sabm(s, d->dlci);
1289 break;
1290 }
1291 }
1292 } else {
1293 u8 channel = __srv_channel(dlci);
1294
1295 if (!cr)
1296 return 0;
1297
1298 /* PN request for non existing DLC.
1299 * Assume incoming connection. */
1300 if (rfcomm_connect_ind(s, channel, &d)) {
1301 d->dlci = dlci;
1302 d->addr = __addr(s->initiator, dlci);
1303 rfcomm_dlc_link(s, d);
1304
1305 rfcomm_apply_pn(d, cr, pn);
1306
1307 d->state = BT_OPEN;
1308 rfcomm_send_pn(s, 0, d);
1309 } else {
1310 rfcomm_send_dm(s, dlci);
1311 }
1312 }
1313 return 0;
1314}
1315
1316static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1317{
1318 struct rfcomm_rpn *rpn = (void *) skb->data;
1319 u8 dlci = __get_dlci(rpn->dlci);
1320
1321 u8 bit_rate = 0;
1322 u8 data_bits = 0;
1323 u8 stop_bits = 0;
1324 u8 parity = 0;
1325 u8 flow_ctrl = 0;
1326 u8 xon_char = 0;
1327 u8 xoff_char = 0;
1328 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
3a5e903c
S		 1329
1330 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1331 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1332 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1333
1334 if (!cr)
1da177e4 1335 return 0;
3a5e903c 1336
1da177e4 1337 if (len == 1) {
3a5e903c 1338 /* This is a request, return default settings */
1da177e4
LT		 1339 bit_rate = RFCOMM_RPN_BR_115200;
1340 data_bits = RFCOMM_RPN_DATA_8;
1341 stop_bits = RFCOMM_RPN_STOP_1;
1342 parity = RFCOMM_RPN_PARITY_NONE;
1343 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1344 xon_char = RFCOMM_RPN_XON_CHAR;
1345 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1da177e4
LT		 1346 goto rpn_out;
1347 }
3a5e903c
S		 1348
1349 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1350 * no parity, no flow control lines, normal XON/XOFF chars */
1351
e8db8c99 1352 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1da177e4
LT		 1353 bit_rate = rpn->bit_rate;
1354 if (bit_rate != RFCOMM_RPN_BR_115200) {
1355 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1356 bit_rate = RFCOMM_RPN_BR_115200;
1357 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1358 }
1359 }
3a5e903c 1360
e8db8c99 1361 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1da177e4
LT		 1362 data_bits = __get_rpn_data_bits(rpn->line_settings);
1363 if (data_bits != RFCOMM_RPN_DATA_8) {
1364 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1365 data_bits = RFCOMM_RPN_DATA_8;
1366 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1367 }
1368 }
3a5e903c 1369
e8db8c99 1370 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1da177e4
LT		 1371 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1372 if (stop_bits != RFCOMM_RPN_STOP_1) {
1373 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1374 stop_bits = RFCOMM_RPN_STOP_1;
1375 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1376 }
1377 }
3a5e903c 1378
e8db8c99 1379 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1da177e4
LT		 1380 parity = __get_rpn_parity(rpn->line_settings);
1381 if (parity != RFCOMM_RPN_PARITY_NONE) {
1382 BT_DBG("RPN parity mismatch 0x%x", parity);
1383 parity = RFCOMM_RPN_PARITY_NONE;
1384 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1385 }
1386 }
3a5e903c 1387
e8db8c99 1388 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1da177e4
LT		 1389 flow_ctrl = rpn->flow_ctrl;
1390 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1391 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1392 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1393 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1394 }
1395 }
3a5e903c 1396
e8db8c99 1397 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1da177e4
LT		 1398 xon_char = rpn->xon_char;
1399 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1400 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1401 xon_char = RFCOMM_RPN_XON_CHAR;
1402 rpn_mask ^= RFCOMM_RPN_PM_XON;
1403 }
1404 }
3a5e903c 1405
e8db8c99 1406 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1da177e4
LT		 1407 xoff_char = rpn->xoff_char;
1408 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1409 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1410 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1411 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1412 }
1413 }
1414
1415rpn_out:
3a5e903c
S		 1416 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1417 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1da177e4
LT		 1418
1419 return 0;
1420}
1421
1422static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1423{
1424 struct rfcomm_rls *rls = (void *) skb->data;
1425 u8 dlci = __get_dlci(rls->dlci);
1426
1427 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
3a5e903c 1428
1da177e4
LT		 1429 if (!cr)
1430 return 0;
1431
3a5e903c
S		 1432 /* We should probably do something with this information here. But
1433 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1434 * mandatory to recognise and respond to RLS */
1da177e4
LT		 1435
1436 rfcomm_send_rls(s, 0, dlci, rls->status);
1437
1438 return 0;
1439}
1440
1441static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1442{
1443 struct rfcomm_msc *msc = (void *) skb->data;
1444 struct rfcomm_dlc *d;
1445 u8 dlci = __get_dlci(msc->dlci);
1446
1447 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1448
1449 d = rfcomm_dlc_get(s, dlci);
3a5e903c 1450 if (!d)
1da177e4
LT		 1451 return 0;
1452
1453 if (cr) {
1454 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1455 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1456 else
1457 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
3a5e903c 1458
1da177e4
LT		 1459 rfcomm_dlc_lock(d);
1460 if (d->modem_status)
1461 d->modem_status(d, msc->v24_sig);
1462 rfcomm_dlc_unlock(d);
8e87d142 1463
1da177e4
LT		 1464 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1465
1466 d->mscex |= RFCOMM_MSCEX_RX;
3a5e903c 1467 } else
1da177e4
LT		 1468 d->mscex |= RFCOMM_MSCEX_TX;
1469
1470 return 0;
1471}
1472
1473static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1474{
1475 struct rfcomm_mcc *mcc = (void *) skb->data;
1476 u8 type, cr, len;
1477
1478 cr = __test_cr(mcc->type);
1479 type = __get_mcc_type(mcc->type);
1480 len = __get_mcc_len(mcc->len);
1481
1482 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1483
1484 skb_pull(skb, 2);
1485
1486 switch (type) {
1487 case RFCOMM_PN:
1488 rfcomm_recv_pn(s, cr, skb);
1489 break;
1490
1491 case RFCOMM_RPN:
1492 rfcomm_recv_rpn(s, cr, len, skb);
1493 break;
1494
1495 case RFCOMM_RLS:
1496 rfcomm_recv_rls(s, cr, skb);
1497 break;
1498
1499 case RFCOMM_MSC:
1500 rfcomm_recv_msc(s, cr, skb);
1501 break;
1502
1503 case RFCOMM_FCOFF:
1504 if (cr) {
1505 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1506 rfcomm_send_fcoff(s, 0);
1507 }
1508 break;
1509
1510 case RFCOMM_FCON:
1511 if (cr) {
1512 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1513 rfcomm_send_fcon(s, 0);
1514 }
1515 break;
1516
1517 case RFCOMM_TEST:
1518 if (cr)
1519 rfcomm_send_test(s, 0, skb->data, skb->len);
1520 break;
1521
1522 case RFCOMM_NSC:
1523 break;
1524
1525 default:
1526 BT_ERR("Unknown control type 0x%02x", type);
1527 rfcomm_send_nsc(s, cr, type);
1528 break;
1529 }
1530 return 0;
1531}
1532
1533static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1534{
1535 struct rfcomm_dlc *d;
1536
1537 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1538
1539 d = rfcomm_dlc_get(s, dlci);
1540 if (!d) {
1541 rfcomm_send_dm(s, dlci);
1542 goto drop;
1543 }
1544
1545 if (pf && d->cfc) {
1546 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1547
1548 d->tx_credits += credits;
1549 if (d->tx_credits)
1550 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1551 }
1552
1553 if (skb->len && d->state == BT_CONNECTED) {
1554 rfcomm_dlc_lock(d);
1555 d->rx_credits--;
1556 d->data_ready(d, skb);
1557 rfcomm_dlc_unlock(d);
1558 return 0;
1559 }
1560
1561drop:
1562 kfree_skb(skb);
1563 return 0;
1564}
1565
1566static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1567{
1568 struct rfcomm_hdr *hdr = (void *) skb->data;
1569 u8 type, dlci, fcs;
1570
1571 dlci = __get_dlci(hdr->addr);
1572 type = __get_type(hdr->ctrl);
1573
1574 /* Trim FCS */
1575 skb->len--; skb->tail--;
27a884dc 1576 fcs = *(u8 *)skb_tail_pointer(skb);
1da177e4
LT		 1577
1578 if (__check_fcs(skb->data, type, fcs)) {
1579 BT_ERR("bad checksum in packet");
1580 kfree_skb(skb);
1581 return -EILSEQ;
1582 }
1583
1584 if (__test_ea(hdr->len))
1585 skb_pull(skb, 3);
1586 else
1587 skb_pull(skb, 4);
1588
1589 switch (type) {
1590 case RFCOMM_SABM:
1591 if (__test_pf(hdr->ctrl))
1592 rfcomm_recv_sabm(s, dlci);
1593 break;
1594
1595 case RFCOMM_DISC:
1596 if (__test_pf(hdr->ctrl))
1597 rfcomm_recv_disc(s, dlci);
1598 break;
1599
1600 case RFCOMM_UA:
1601 if (__test_pf(hdr->ctrl))
1602 rfcomm_recv_ua(s, dlci);
1603 break;
1604
1605 case RFCOMM_DM:
1606 rfcomm_recv_dm(s, dlci);
1607 break;
1608
1609 case RFCOMM_UIH:
1610 if (dlci)
1611 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1612
1613 rfcomm_recv_mcc(s, skb);
1614 break;
1615
1616 default:
1617 BT_ERR("Unknown packet type 0x%02x\n", type);
1618 break;
1619 }
1620 kfree_skb(skb);
1621 return 0;
1622}
1623
1624/* ---- Connection and data processing ---- */
1625
1626static void rfcomm_process_connect(struct rfcomm_session *s)
1627{
1628 struct rfcomm_dlc *d;
1629 struct list_head *p, *n;
1630
1631 BT_DBG("session %p state %ld", s, s->state);
1632
1633 list_for_each_safe(p, n, &s->dlcs) {
1634 d = list_entry(p, struct rfcomm_dlc, list);
1635 if (d->state == BT_CONFIG) {
1636 d->mtu = s->mtu;
1637 rfcomm_send_pn(s, 1, d);
1638 }
1639 }
1640}
1641
1642/* Send data queued for the DLC.
1643 * Return number of frames left in the queue.
1644 */
1645static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1646{
1647 struct sk_buff *skb;
1648 int err;
1649
8e87d142 1650 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1da177e4
LT		 1651 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1652
1653 /* Send pending MSC */
1654 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
8e87d142 1655 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1da177e4
LT		 1656
1657 if (d->cfc) {
8e87d142 1658 /* CFC enabled.
1da177e4
LT		 1659 * Give them some credits */
1660 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
8e87d142 1661 d->rx_credits <= (d->cfc >> 2)) {
1da177e4
LT		 1662 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1663 d->rx_credits = d->cfc;
1664 }
1665 } else {
1666 /* CFC disabled.
1667 * Give ourselves some credits */
1668 d->tx_credits = 5;
1669 }
1670
1671 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1672 return skb_queue_len(&d->tx_queue);
1673
1674 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1675 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1676 if (err < 0) {
1677 skb_queue_head(&d->tx_queue, skb);
1678 break;
1679 }
1680 kfree_skb(skb);
1681 d->tx_credits--;
1682 }
1683
1684 if (d->cfc && !d->tx_credits) {
1685 /* We're out of TX credits.
1686 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1687 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1688 }
1689
1690 return skb_queue_len(&d->tx_queue);
1691}
1692
1693static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1694{
1695 struct rfcomm_dlc *d;
1696 struct list_head *p, *n;
1697
1698 BT_DBG("session %p state %ld", s, s->state);
1699
1700 list_for_each_safe(p, n, &s->dlcs) {
1701 d = list_entry(p, struct rfcomm_dlc, list);
1702
1703 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1704 __rfcomm_dlc_close(d, ETIMEDOUT);
1705 continue;
1706 }
1707
1708 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1709 rfcomm_dlc_clear_timer(d);
1710 rfcomm_dlc_accept(d);
1711 if (d->link_mode & RFCOMM_LM_SECURE) {
1712 struct sock *sk = s->sock->sk;
1713 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
1714 }
1715 continue;
1716 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1717 rfcomm_dlc_clear_timer(d);
1718 rfcomm_send_dm(s, d->dlci);
1719 __rfcomm_dlc_close(d, ECONNREFUSED);
1720 continue;
1721 }
1722
1723 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1724 continue;
1725
1726 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1727 d->mscex == RFCOMM_MSCEX_OK)
1728 rfcomm_process_tx(d);
1729 }
1730}
1731
1732static inline void rfcomm_process_rx(struct rfcomm_session *s)
1733{
1734 struct socket *sock = s->sock;
1735 struct sock *sk = sock->sk;
1736 struct sk_buff *skb;
1737
1738 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1739
1740 /* Get data directly from socket receive queue without copying it. */
1741 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1742 skb_orphan(skb);
1743 rfcomm_recv_frame(s, skb);
1744 }
1745
1746 if (sk->sk_state == BT_CLOSED) {
1747 if (!s->initiator)
1748 rfcomm_session_put(s);
1749
1750 rfcomm_session_close(s, sk->sk_err);
1751 }
1752}
1753
1754static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1755{
1756 struct socket *sock = s->sock, *nsock;
1757 int err;
1758
1759 /* Fast check for a new connection.
1760 * Avoids unnesesary socket allocations. */
1761 if (list_empty(&bt_sk(sock->sk)->accept_q))
1762 return;
1763
1764 BT_DBG("session %p", s);
1765
48db9ca4
MH		 1766 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1767 if (err < 0)
1da177e4
LT		 1768 return;
1769
1da177e4
LT		 1770 __module_get(nsock->ops->owner);
1771
1da177e4
LT		 1772 /* Set our callbacks */
1773 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1774 nsock->sk->sk_state_change = rfcomm_l2state_change;
1775
1776 s = rfcomm_session_add(nsock, BT_OPEN);
1777 if (s) {
1778 rfcomm_session_hold(s);
98bcd08b
MH		 1779
1780 /* We should adjust MTU on incoming sessions.
1781 * L2CAP MTU minus UIH header and FCS. */
1782 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5;
1783
1da177e4
LT		 1784 rfcomm_schedule(RFCOMM_SCHED_RX);
1785 } else
1786 sock_release(nsock);
1787}
1788
1789static inline void rfcomm_check_connection(struct rfcomm_session *s)
1790{
1791 struct sock *sk = s->sock->sk;
1792
1793 BT_DBG("%p state %ld", s, s->state);
1794
1795 switch(sk->sk_state) {
1796 case BT_CONNECTED:
1797 s->state = BT_CONNECT;
1798
1799 /* We can adjust MTU on outgoing sessions.
1800 * L2CAP MTU minus UIH header and FCS. */
1801 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1802
1803 rfcomm_send_sabm(s, 0);
1804 break;
1805
1806 case BT_CLOSED:
1807 s->state = BT_CLOSED;
1808 rfcomm_session_close(s, sk->sk_err);
1809 break;
1810 }
1811}
1812
1813static inline void rfcomm_process_sessions(void)
1814{
1815 struct list_head *p, *n;
1816
1817 rfcomm_lock();
1818
1819 list_for_each_safe(p, n, &session_list) {
1820 struct rfcomm_session *s;
1821 s = list_entry(p, struct rfcomm_session, list);
1822
1823 if (s->state == BT_LISTEN) {
1824 rfcomm_accept_connection(s);
1825 continue;
1826 }
1827
1828 rfcomm_session_hold(s);
1829
1830 switch (s->state) {
1831 case BT_BOUND:
1832 rfcomm_check_connection(s);
1833 break;
1834
1835 default:
1836 rfcomm_process_rx(s);
1837 break;
1838 }
1839
1840 rfcomm_process_dlcs(s);
1841
1842 rfcomm_session_put(s);
1843 }
1844
1845 rfcomm_unlock();
1846}
1847
1da177e4
LT		 1848static int rfcomm_add_listener(bdaddr_t *ba)
1849{
1850 struct sockaddr_l2 addr;
1851 struct socket *sock;
1852 struct sock *sk;
1853 struct rfcomm_session *s;
1854 int err = 0;
1855
1856 /* Create socket */
1857 err = rfcomm_l2sock_create(&sock);
8e87d142 1858 if (err < 0) {
1da177e4
LT		 1859 BT_ERR("Create socket failed %d", err);
1860 return err;
1861 }
1862
1863 /* Bind socket */
1864 bacpy(&addr.l2_bdaddr, ba);
1865 addr.l2_family = AF_BLUETOOTH;
1866 addr.l2_psm = htobs(RFCOMM_PSM);
48db9ca4 1867 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1da177e4
LT		 1868 if (err < 0) {
1869 BT_ERR("Bind failed %d", err);
1870 goto failed;
1871 }
1872
1873 /* Set L2CAP options */
1874 sk = sock->sk;
1875 lock_sock(sk);
56f3a40a 1876 l2cap_pi(sk)->imtu = l2cap_mtu;
1da177e4
LT		 1877 release_sock(sk);
1878
1879 /* Start listening on the socket */
48db9ca4 1880 err = kernel_listen(sock, 10);
1da177e4
LT		 1881 if (err) {
1882 BT_ERR("Listen failed %d", err);
1883 goto failed;
1884 }
1885
1886 /* Add listening session */
1887 s = rfcomm_session_add(sock, BT_LISTEN);
1888 if (!s)
1889 goto failed;
1890
1891 rfcomm_session_hold(s);
1892 return 0;
1893failed:
1894 sock_release(sock);
1895 return err;
1896}
1897
1898static void rfcomm_kill_listener(void)
1899{
1900 struct rfcomm_session *s;
1901 struct list_head *p, *n;
1902
1903 BT_DBG("");
1904
1905 list_for_each_safe(p, n, &session_list) {
1906 s = list_entry(p, struct rfcomm_session, list);
1907 rfcomm_session_del(s);
1908 }
1909}
1910
1911static int rfcomm_run(void *unused)
1912{
a524eccc 1913 BT_DBG("");
1da177e4 1914
1da177e4 1915 set_user_nice(current, -10);
1da177e4 1916
1da177e4
LT		 1917 rfcomm_add_listener(BDADDR_ANY);
1918
a524eccc
MH		 1919 while (!kthread_should_stop()) {
1920 set_current_state(TASK_INTERRUPTIBLE);
1921 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1922 /* No pending events. Let's sleep.
1923 * Incoming connections and data will wake us up. */
1924 schedule();
1925 }
1926 set_current_state(TASK_RUNNING);
1927
1928 /* Process stuff */
1929 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1930 rfcomm_process_sessions();
1931 }
1da177e4
LT		 1932
1933 rfcomm_kill_listener();
1934
1da177e4
LT		 1935 return 0;
1936}
1937
1938static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
1939{
1940 struct rfcomm_session *s;
1941 struct rfcomm_dlc *d;
1942 struct list_head *p, *n;
1943
1944 BT_DBG("conn %p status 0x%02x", conn, status);
1945
1946 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1947 if (!s)
1948 return;
1949
1950 rfcomm_session_hold(s);
1951
1952 list_for_each_safe(p, n, &s->dlcs) {
1953 d = list_entry(p, struct rfcomm_dlc, list);
1954
1955 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE))
1956 continue;
1957
1958 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1959 continue;
1960
1961 if (!status)
1962 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1963 else
1964 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1965 }
1966
1967 rfcomm_session_put(s);
1968
1969 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1970}
1971
1972static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1973{
1974 struct rfcomm_session *s;
1975 struct rfcomm_dlc *d;
1976 struct list_head *p, *n;
1977
1978 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
1979
1980 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1981 if (!s)
1982 return;
1983
1984 rfcomm_session_hold(s);
1985
1986 list_for_each_safe(p, n, &s->dlcs) {
1987 d = list_entry(p, struct rfcomm_dlc, list);
1988
1989 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1990 continue;
1991
1992 if (!status && encrypt)
1993 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1994 else
1995 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1996 }
1997
1998 rfcomm_session_put(s);
1999
2000 rfcomm_schedule(RFCOMM_SCHED_AUTH);
2001}
2002
2003static struct hci_cb rfcomm_cb = {
2004 .name = "RFCOMM",
2005 .auth_cfm = rfcomm_auth_cfm,
2006 .encrypt_cfm = rfcomm_encrypt_cfm
2007};
2008
be9d1227 2009static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
1da177e4
LT		 2010{
2011 struct rfcomm_session *s;
2012 struct list_head *pp, *p;
be9d1227 2013 char *str = buf;
1da177e4
LT		 2014
2015 rfcomm_lock();
2016
2017 list_for_each(p, &session_list) {
2018 s = list_entry(p, struct rfcomm_session, list);
be9d1227
MH		 2019 list_for_each(pp, &s->dlcs) {
2020 struct sock *sk = s->sock->sk;
2021 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
1da177e4 2022
be9d1227
MH		 2023 str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2024 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2025 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
1da177e4
LT		 2026 }
2027 }
1da177e4 2028
1da177e4 2029 rfcomm_unlock();
1da177e4 2030
be9d1227 2031 return (str - buf);
1da177e4
LT		 2032}
2033
be9d1227 2034static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
1da177e4
LT		 2035
2036/* ---- Initialization ---- */
2037static int __init rfcomm_init(void)
2038{
2039 l2cap_load();
2040
2041 hci_register_cb(&rfcomm_cb);
2042
a524eccc
MH		 2043 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2044 if (IS_ERR(rfcomm_thread)) {
2045 hci_unregister_cb(&rfcomm_cb);
2046 return PTR_ERR(rfcomm_thread);
2047 }
1da177e4 2048
df5c37ea
MH		 2049 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0)
2050 BT_ERR("Failed to create RFCOMM info file");
1da177e4
LT		 2051
2052 rfcomm_init_sockets();
2053
2054#ifdef CONFIG_BT_RFCOMM_TTY
2055 rfcomm_init_ttys();
2056#endif
2057
be9d1227
MH		 2058 BT_INFO("RFCOMM ver %s", VERSION);
2059
1da177e4
LT		 2060 return 0;
2061}
2062
2063static void __exit rfcomm_exit(void)
2064{
a91f2e39 2065 class_remove_file(bt_class, &class_attr_rfcomm_dlc);
be9d1227 2066
1da177e4
LT		 2067 hci_unregister_cb(&rfcomm_cb);
2068
a524eccc 2069 kthread_stop(rfcomm_thread);
1da177e4
LT		 2070
2071#ifdef CONFIG_BT_RFCOMM_TTY
2072 rfcomm_cleanup_ttys();
2073#endif
2074
2075 rfcomm_cleanup_sockets();
1da177e4
LT		 2076}
2077
2078module_init(rfcomm_init);
2079module_exit(rfcomm_exit);
2080
7c2660b0
MH		 2081module_param(disable_cfc, bool, 0644);
2082MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2083
98bcd08b
MH		 2084module_param(channel_mtu, int, 0644);
2085MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2086
56f3a40a
MH		 2087module_param(l2cap_mtu, uint, 0644);
2088MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2089
1da177e4
LT		 2090MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
2091MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2092MODULE_VERSION(VERSION);
2093MODULE_LICENSE("GPL");
2094MODULE_ALIAS("bt-proto-3");
Linux kernel - Deliverables
This page took 0.550544 seconds and 5 git commands to generate.