projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branch 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelv...
[deliverable/linux.git] / net / bluetooth / rfcomm / core.c
CommitLineData
8e87d142 1/*
1da177e4
LT		 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
8e87d142
YH		 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
1da177e4
LT		 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
8e87d142
YH		 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
1da177e4
LT		 21 SOFTWARE IS DISCLAIMED.
22*/
23
1da177e4
LT		 24/*
25 * Bluetooth RFCOMM core.
1da177e4
LT		 26 */
27
1da177e4
LT		 28#include <linux/module.h>
29#include <linux/errno.h>
30#include <linux/kernel.h>
31#include <linux/sched.h>
32#include <linux/signal.h>
33#include <linux/init.h>
34#include <linux/wait.h>
be9d1227 35#include <linux/device.h>
1da177e4 36#include <linux/net.h>
4a3e2f71 37#include <linux/mutex.h>
a524eccc 38#include <linux/kthread.h>
4a3e2f71 39
1da177e4
LT		 40#include <net/sock.h>
41#include <asm/uaccess.h>
42#include <asm/unaligned.h>
43
44#include <net/bluetooth/bluetooth.h>
45#include <net/bluetooth/hci_core.h>
46#include <net/bluetooth/l2cap.h>
47#include <net/bluetooth/rfcomm.h>
48
5f9018af 49#define VERSION "1.11"
56f3a40a 50
7c2660b0 51static int disable_cfc = 0;
98bcd08b 52static int channel_mtu = -1;
56f3a40a
MH		 53static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
54
1da177e4
LT		 55static struct task_struct *rfcomm_thread;
56
4a3e2f71
AV		 57static DEFINE_MUTEX(rfcomm_mutex);
58#define rfcomm_lock() mutex_lock(&rfcomm_mutex)
59#define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
1da177e4
LT		 60
61static unsigned long rfcomm_event;
62
63static LIST_HEAD(session_list);
1da177e4
LT		 64
65static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
66static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
67static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
68static int rfcomm_queue_disc(struct rfcomm_dlc *d);
69static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
70static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
71static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
72static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
73static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
74static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
75
76static void rfcomm_process_connect(struct rfcomm_session *s);
77
78static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
79static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
80static void rfcomm_session_del(struct rfcomm_session *s);
81
82/* ---- RFCOMM frame parsing macros ---- */
83#define __get_dlci(b) ((b & 0xfc) >> 2)
84#define __get_channel(b) ((b & 0xf8) >> 3)
85#define __get_dir(b) ((b & 0x04) >> 2)
86#define __get_type(b) ((b & 0xef))
87
88#define __test_ea(b) ((b & 0x01))
89#define __test_cr(b) ((b & 0x02))
90#define __test_pf(b) ((b & 0x10))
91
92#define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
93#define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
94#define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
95#define __srv_channel(dlci) (dlci >> 1)
96#define __dir(dlci) (dlci & 0x01)
97
98#define __len8(len) (((len) << 1) | 1)
99#define __len16(len) ((len) << 1)
100
101/* MCC macros */
102#define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
103#define __get_mcc_type(b) ((b & 0xfc) >> 2)
104#define __get_mcc_len(b) ((b & 0xfe) >> 1)
105
106/* RPN macros */
3a5e903c 107#define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
1da177e4
LT		 108#define __get_rpn_data_bits(line) ((line) & 0x3)
109#define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
3a5e903c 110#define __get_rpn_parity(line) (((line) >> 3) & 0x7)
1da177e4
LT		 111
112static inline void rfcomm_schedule(uint event)
113{
114 if (!rfcomm_thread)
115 return;
116 //set_bit(event, &rfcomm_event);
117 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
118 wake_up_process(rfcomm_thread);
119}
120
121static inline void rfcomm_session_put(struct rfcomm_session *s)
122{
123 if (atomic_dec_and_test(&s->refcnt))
124 rfcomm_session_del(s);
125}
126
127/* ---- RFCOMM FCS computation ---- */
128
408c1ce2 129/* reversed, 8-bit, poly=0x07 */
8e87d142 130static unsigned char rfcomm_crc_table[256] = {
408c1ce2
MH		 131 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
132 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
133 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
134 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
135
136 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
137 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
138 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
139 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
140
141 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
142 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
143 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
144 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
145
146 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
147 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
148 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
149 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
150
151 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
152 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
153 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
154 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
155
156 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
157 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
158 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
159 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
160
161 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
162 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
163 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
164 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
165
166 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
167 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
168 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
169 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
170};
171
1da177e4
LT		 172/* CRC on 2 bytes */
173#define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
174
8e87d142 175/* FCS on 2 bytes */
1da177e4
LT		 176static inline u8 __fcs(u8 *data)
177{
178 return (0xff - __crc(data));
179}
180
8e87d142 181/* FCS on 3 bytes */
1da177e4
LT		 182static inline u8 __fcs2(u8 *data)
183{
184 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
185}
186
187/* Check FCS */
188static inline int __check_fcs(u8 *data, int type, u8 fcs)
189{
190 u8 f = __crc(data);
191
192 if (type != RFCOMM_UIH)
193 f = rfcomm_crc_table[f ^ data[2]];
194
195 return rfcomm_crc_table[f ^ fcs] != 0xcf;
196}
197
198/* ---- L2CAP callbacks ---- */
199static void rfcomm_l2state_change(struct sock *sk)
200{
201 BT_DBG("%p state %d", sk, sk->sk_state);
202 rfcomm_schedule(RFCOMM_SCHED_STATE);
203}
204
205static void rfcomm_l2data_ready(struct sock *sk, int bytes)
206{
207 BT_DBG("%p bytes %d", sk, bytes);
208 rfcomm_schedule(RFCOMM_SCHED_RX);
209}
210
211static int rfcomm_l2sock_create(struct socket **sock)
212{
213 int err;
214
215 BT_DBG("");
216
217 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
218 if (!err) {
219 struct sock *sk = (*sock)->sk;
220 sk->sk_data_ready = rfcomm_l2data_ready;
221 sk->sk_state_change = rfcomm_l2state_change;
222 }
223 return err;
224}
225
9f2c8a03 226static inline int rfcomm_check_security(struct rfcomm_dlc *d)
77db1980
MH		 227{
228 struct sock *sk = d->session->sock->sk;
0684e5f9
MH		 229 __u8 auth_type;
230
231 switch (d->sec_level) {
232 case BT_SECURITY_HIGH:
233 auth_type = HCI_AT_GENERAL_BONDING_MITM;
234 break;
235 case BT_SECURITY_MEDIUM:
236 auth_type = HCI_AT_GENERAL_BONDING;
237 break;
238 default:
239 auth_type = HCI_AT_NO_BONDING;
240 break;
241 }
77db1980 242
0684e5f9
MH		 243 return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level,
244 auth_type);
77db1980
MH		 245}
246
1da177e4
LT		 247/* ---- RFCOMM DLCs ---- */
248static void rfcomm_dlc_timeout(unsigned long arg)
249{
250 struct rfcomm_dlc *d = (void *) arg;
251
252 BT_DBG("dlc %p state %ld", d, d->state);
253
254 set_bit(RFCOMM_TIMED_OUT, &d->flags);
255 rfcomm_dlc_put(d);
256 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
257}
258
259static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
260{
261 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
262
263 if (!mod_timer(&d->timer, jiffies + timeout))
264 rfcomm_dlc_hold(d);
265}
266
267static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
268{
269 BT_DBG("dlc %p state %ld", d, d->state);
270
271 if (timer_pending(&d->timer) && del_timer(&d->timer))
272 rfcomm_dlc_put(d);
273}
274
275static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
276{
277 BT_DBG("%p", d);
278
279 d->state = BT_OPEN;
280 d->flags = 0;
281 d->mscex = 0;
282 d->mtu = RFCOMM_DEFAULT_MTU;
283 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
284
285 d->cfc = RFCOMM_CFC_DISABLED;
286 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
287}
288
dd0fc66f 289struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
1da177e4 290{
25ea6db0
MH		 291 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
292
1da177e4
LT		 293 if (!d)
294 return NULL;
1da177e4 295
b24b8a24 296 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
1da177e4
LT		 297
298 skb_queue_head_init(&d->tx_queue);
299 spin_lock_init(&d->lock);
300 atomic_set(&d->refcnt, 1);
301
302 rfcomm_dlc_clear_state(d);
8e87d142 303
1da177e4 304 BT_DBG("%p", d);
25ea6db0 305
1da177e4
LT		 306 return d;
307}
308
309void rfcomm_dlc_free(struct rfcomm_dlc *d)
310{
311 BT_DBG("%p", d);
312
313 skb_queue_purge(&d->tx_queue);
314 kfree(d);
315}
316
317static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
318{
319 BT_DBG("dlc %p session %p", d, s);
320
321 rfcomm_session_hold(s);
322
323 rfcomm_dlc_hold(d);
324 list_add(&d->list, &s->dlcs);
325 d->session = s;
326}
327
328static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
329{
330 struct rfcomm_session *s = d->session;
331
332 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
333
334 list_del(&d->list);
335 d->session = NULL;
336 rfcomm_dlc_put(d);
337
338 rfcomm_session_put(s);
339}
340
341static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
342{
343 struct rfcomm_dlc *d;
344 struct list_head *p;
345
346 list_for_each(p, &s->dlcs) {
347 d = list_entry(p, struct rfcomm_dlc, list);
348 if (d->dlci == dlci)
349 return d;
350 }
351 return NULL;
352}
353
354static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
355{
356 struct rfcomm_session *s;
357 int err = 0;
358 u8 dlci;
359
8e87d142 360 BT_DBG("dlc %p state %ld %s %s channel %d",
1da177e4
LT		 361 d, d->state, batostr(src), batostr(dst), channel);
362
363 if (channel < 1 || channel > 30)
364 return -EINVAL;
365
366 if (d->state != BT_OPEN && d->state != BT_CLOSED)
367 return 0;
368
369 s = rfcomm_session_get(src, dst);
370 if (!s) {
371 s = rfcomm_session_create(src, dst, &err);
372 if (!s)
373 return err;
374 }
375
376 dlci = __dlci(!s->initiator, channel);
377
378 /* Check if DLCI already exists */
379 if (rfcomm_dlc_get(s, dlci))
380 return -EBUSY;
381
382 rfcomm_dlc_clear_state(d);
383
384 d->dlci = dlci;
385 d->addr = __addr(s->initiator, dlci);
386 d->priority = 7;
387
77db1980 388 d->state = BT_CONFIG;
1da177e4
LT		 389 rfcomm_dlc_link(s, d);
390
77db1980
MH		 391 d->out = 1;
392
1da177e4
LT		 393 d->mtu = s->mtu;
394 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
395
77db1980 396 if (s->state == BT_CONNECTED) {
9f2c8a03 397 if (rfcomm_check_security(d))
77db1980 398 rfcomm_send_pn(s, 1, d);
8c1b2355
MH		 399 else
400 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
77db1980
MH		 401 }
402
1da177e4 403 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
77db1980 404
1da177e4
LT		 405 return 0;
406}
407
408int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
409{
410 int r;
411
412 rfcomm_lock();
413
414 r = __rfcomm_dlc_open(d, src, dst, channel);
415
416 rfcomm_unlock();
417 return r;
418}
419
420static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
421{
422 struct rfcomm_session *s = d->session;
423 if (!s)
424 return 0;
425
426 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
427 d, d->state, d->dlci, err, s);
428
429 switch (d->state) {
1da177e4 430 case BT_CONNECT:
bb23c0ab
MH		 431 case BT_CONFIG:
432 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
433 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
434 rfcomm_schedule(RFCOMM_SCHED_AUTH);
435 break;
436 }
437 /* Fall through */
438
439 case BT_CONNECTED:
1da177e4
LT		 440 d->state = BT_DISCONN;
441 if (skb_queue_empty(&d->tx_queue)) {
442 rfcomm_send_disc(s, d->dlci);
443 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
444 } else {
445 rfcomm_queue_disc(d);
446 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
447 }
448 break;
449
bb23c0ab 450 case BT_OPEN:
8bf47941 451 case BT_CONNECT2:
bb23c0ab
MH		 452 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
453 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
454 rfcomm_schedule(RFCOMM_SCHED_AUTH);
455 break;
456 }
457 /* Fall through */
458
1da177e4
LT		 459 default:
460 rfcomm_dlc_clear_timer(d);
461
462 rfcomm_dlc_lock(d);
463 d->state = BT_CLOSED;
1905f6c7 464 d->state_change(d, err);
4c8411f8 465 rfcomm_dlc_unlock(d);
1da177e4
LT		 466
467 skb_queue_purge(&d->tx_queue);
1da177e4
LT		 468 rfcomm_dlc_unlink(d);
469 }
470
471 return 0;
472}
473
474int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
475{
476 int r;
477
478 rfcomm_lock();
479
480 r = __rfcomm_dlc_close(d, err);
481
482 rfcomm_unlock();
483 return r;
484}
485
486int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
487{
488 int len = skb->len;
489
490 if (d->state != BT_CONNECTED)
491 return -ENOTCONN;
492
493 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
494
495 if (len > d->mtu)
496 return -EINVAL;
497
498 rfcomm_make_uih(skb, d->addr);
499 skb_queue_tail(&d->tx_queue, skb);
500
501 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
502 rfcomm_schedule(RFCOMM_SCHED_TX);
503 return len;
504}
505
b5606c2d 506void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
1da177e4
LT		 507{
508 BT_DBG("dlc %p state %ld", d, d->state);
509
510 if (!d->cfc) {
511 d->v24_sig |= RFCOMM_V24_FC;
512 set_bit(RFCOMM_MSC_PENDING, &d->flags);
513 }
514 rfcomm_schedule(RFCOMM_SCHED_TX);
515}
516
b5606c2d 517void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
1da177e4
LT		 518{
519 BT_DBG("dlc %p state %ld", d, d->state);
520
521 if (!d->cfc) {
522 d->v24_sig &= ~RFCOMM_V24_FC;
523 set_bit(RFCOMM_MSC_PENDING, &d->flags);
524 }
525 rfcomm_schedule(RFCOMM_SCHED_TX);
526}
527
8e87d142 528/*
1da177e4
LT		 529 Set/get modem status functions use _local_ status i.e. what we report
530 to the other side.
531 Remote status is provided by dlc->modem_status() callback.
532 */
533int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
534{
8e87d142 535 BT_DBG("dlc %p state %ld v24_sig 0x%x",
1da177e4
LT		 536 d, d->state, v24_sig);
537
538 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
539 v24_sig |= RFCOMM_V24_FC;
540 else
541 v24_sig &= ~RFCOMM_V24_FC;
8e87d142 542
1da177e4
LT		 543 d->v24_sig = v24_sig;
544
545 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
546 rfcomm_schedule(RFCOMM_SCHED_TX);
547
548 return 0;
549}
550
551int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
552{
8e87d142 553 BT_DBG("dlc %p state %ld v24_sig 0x%x",
1da177e4
LT		 554 d, d->state, d->v24_sig);
555
556 *v24_sig = d->v24_sig;
557 return 0;
558}
559
560/* ---- RFCOMM sessions ---- */
561static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
562{
25ea6db0
MH		 563 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
564
1da177e4
LT		 565 if (!s)
566 return NULL;
1da177e4
LT		 567
568 BT_DBG("session %p sock %p", s, sock);
569
570 INIT_LIST_HEAD(&s->dlcs);
571 s->state = state;
572 s->sock = sock;
573
574 s->mtu = RFCOMM_DEFAULT_MTU;
7c2660b0 575 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
1da177e4
LT		 576
577 /* Do not increment module usage count for listening sessions.
578 * Otherwise we won't be able to unload the module. */
579 if (state != BT_LISTEN)
580 if (!try_module_get(THIS_MODULE)) {
581 kfree(s);
582 return NULL;
583 }
584
585 list_add(&s->list, &session_list);
586
587 return s;
588}
589
590static void rfcomm_session_del(struct rfcomm_session *s)
591{
592 int state = s->state;
593
594 BT_DBG("session %p state %ld", s, s->state);
595
596 list_del(&s->list);
597
598 if (state == BT_CONNECTED)
599 rfcomm_send_disc(s, 0);
600
601 sock_release(s->sock);
602 kfree(s);
603
604 if (state != BT_LISTEN)
605 module_put(THIS_MODULE);
606}
607
608static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
609{
610 struct rfcomm_session *s;
611 struct list_head *p, *n;
612 struct bt_sock *sk;
613 list_for_each_safe(p, n, &session_list) {
614 s = list_entry(p, struct rfcomm_session, list);
8e87d142 615 sk = bt_sk(s->sock->sk);
1da177e4
LT		 616
617 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
618 !bacmp(&sk->dst, dst))
619 return s;
620 }
621 return NULL;
622}
623
624static void rfcomm_session_close(struct rfcomm_session *s, int err)
625{
626 struct rfcomm_dlc *d;
627 struct list_head *p, *n;
628
629 BT_DBG("session %p state %ld err %d", s, s->state, err);
630
631 rfcomm_session_hold(s);
632
633 s->state = BT_CLOSED;
634
635 /* Close all dlcs */
636 list_for_each_safe(p, n, &s->dlcs) {
637 d = list_entry(p, struct rfcomm_dlc, list);
638 d->state = BT_CLOSED;
639 __rfcomm_dlc_close(d, err);
640 }
641
642 rfcomm_session_put(s);
643}
644
645static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
646{
647 struct rfcomm_session *s = NULL;
648 struct sockaddr_l2 addr;
649 struct socket *sock;
650 struct sock *sk;
651
652 BT_DBG("%s %s", batostr(src), batostr(dst));
653
654 *err = rfcomm_l2sock_create(&sock);
655 if (*err < 0)
656 return NULL;
657
658 bacpy(&addr.l2_bdaddr, src);
659 addr.l2_family = AF_BLUETOOTH;
660 addr.l2_psm = 0;
37e62f55 661 addr.l2_cid = 0;
48db9ca4 662 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1da177e4
LT		 663 if (*err < 0)
664 goto failed;
665
666 /* Set L2CAP options */
667 sk = sock->sk;
668 lock_sock(sk);
56f3a40a 669 l2cap_pi(sk)->imtu = l2cap_mtu;
1da177e4
LT		 670 release_sock(sk);
671
672 s = rfcomm_session_add(sock, BT_BOUND);
673 if (!s) {
674 *err = -ENOMEM;
675 goto failed;
676 }
677
1da177e4
LT		 678 s->initiator = 1;
679
680 bacpy(&addr.l2_bdaddr, dst);
681 addr.l2_family = AF_BLUETOOTH;
b4324b5d 682 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
37e62f55 683 addr.l2_cid = 0;
48db9ca4 684 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
b4c612a4 685 if (*err == 0 || *err == -EINPROGRESS)
1da177e4
LT		 686 return s;
687
688 rfcomm_session_del(s);
689 return NULL;
690
691failed:
692 sock_release(sock);
693 return NULL;
694}
695
696void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
697{
698 struct sock *sk = s->sock->sk;
699 if (src)
700 bacpy(src, &bt_sk(sk)->src);
701 if (dst)
702 bacpy(dst, &bt_sk(sk)->dst);
703}
704
705/* ---- RFCOMM frame sending ---- */
706static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
707{
708 struct socket *sock = s->sock;
709 struct kvec iv = { data, len };
710 struct msghdr msg;
711
712 BT_DBG("session %p len %d", s, len);
713
714 memset(&msg, 0, sizeof(msg));
715
716 return kernel_sendmsg(sock, &msg, &iv, 1, len);
717}
718
719static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
720{
721 struct rfcomm_cmd cmd;
722
723 BT_DBG("%p dlci %d", s, dlci);
724
725 cmd.addr = __addr(s->initiator, dlci);
726 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
727 cmd.len = __len8(0);
728 cmd.fcs = __fcs2((u8 *) &cmd);
729
730 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
731}
732
733static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
734{
735 struct rfcomm_cmd cmd;
736
737 BT_DBG("%p dlci %d", s, dlci);
738
739 cmd.addr = __addr(!s->initiator, dlci);
740 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
741 cmd.len = __len8(0);
742 cmd.fcs = __fcs2((u8 *) &cmd);
743
744 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
745}
746
747static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
748{
749 struct rfcomm_cmd cmd;
750
751 BT_DBG("%p dlci %d", s, dlci);
752
753 cmd.addr = __addr(s->initiator, dlci);
754 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
755 cmd.len = __len8(0);
756 cmd.fcs = __fcs2((u8 *) &cmd);
757
758 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
759}
760
761static int rfcomm_queue_disc(struct rfcomm_dlc *d)
762{
763 struct rfcomm_cmd *cmd;
764 struct sk_buff *skb;
765
766 BT_DBG("dlc %p dlci %d", d, d->dlci);
767
768 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
769 if (!skb)
770 return -ENOMEM;
771
772 cmd = (void *) __skb_put(skb, sizeof(*cmd));
773 cmd->addr = d->addr;
774 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
775 cmd->len = __len8(0);
776 cmd->fcs = __fcs2((u8 *) cmd);
777
778 skb_queue_tail(&d->tx_queue, skb);
779 rfcomm_schedule(RFCOMM_SCHED_TX);
780 return 0;
781}
782
783static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
784{
785 struct rfcomm_cmd cmd;
786
787 BT_DBG("%p dlci %d", s, dlci);
788
789 cmd.addr = __addr(!s->initiator, dlci);
790 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
791 cmd.len = __len8(0);
792 cmd.fcs = __fcs2((u8 *) &cmd);
793
794 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
795}
796
797static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
798{
799 struct rfcomm_hdr *hdr;
800 struct rfcomm_mcc *mcc;
801 u8 buf[16], *ptr = buf;
802
803 BT_DBG("%p cr %d type %d", s, cr, type);
804
805 hdr = (void *) ptr; ptr += sizeof(*hdr);
806 hdr->addr = __addr(s->initiator, 0);
807 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
808 hdr->len = __len8(sizeof(*mcc) + 1);
809
810 mcc = (void *) ptr; ptr += sizeof(*mcc);
811 mcc->type = __mcc_type(cr, RFCOMM_NSC);
812 mcc->len = __len8(1);
813
814 /* Type that we didn't like */
815 *ptr = __mcc_type(cr, type); ptr++;
816
817 *ptr = __fcs(buf); ptr++;
818
819 return rfcomm_send_frame(s, buf, ptr - buf);
820}
821
822static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
823{
824 struct rfcomm_hdr *hdr;
825 struct rfcomm_mcc *mcc;
826 struct rfcomm_pn *pn;
827 u8 buf[16], *ptr = buf;
828
829 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
830
831 hdr = (void *) ptr; ptr += sizeof(*hdr);
832 hdr->addr = __addr(s->initiator, 0);
833 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
834 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
835
836 mcc = (void *) ptr; ptr += sizeof(*mcc);
837 mcc->type = __mcc_type(cr, RFCOMM_PN);
838 mcc->len = __len8(sizeof(*pn));
839
840 pn = (void *) ptr; ptr += sizeof(*pn);
841 pn->dlci = d->dlci;
842 pn->priority = d->priority;
843 pn->ack_timer = 0;
844 pn->max_retrans = 0;
845
846 if (s->cfc) {
847 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
848 pn->credits = RFCOMM_DEFAULT_CREDITS;
849 } else {
850 pn->flow_ctrl = 0;
851 pn->credits = 0;
852 }
853
98bcd08b 854 if (cr && channel_mtu >= 0)
b4324b5d 855 pn->mtu = cpu_to_le16(channel_mtu);
98bcd08b 856 else
b4324b5d 857 pn->mtu = cpu_to_le16(d->mtu);
1da177e4
LT		 858
859 *ptr = __fcs(buf); ptr++;
860
861 return rfcomm_send_frame(s, buf, ptr - buf);
862}
863
3a5e903c
S		 864int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
865 u8 bit_rate, u8 data_bits, u8 stop_bits,
8e87d142 866 u8 parity, u8 flow_ctrl_settings,
3a5e903c 867 u8 xon_char, u8 xoff_char, u16 param_mask)
1da177e4
LT		 868{
869 struct rfcomm_hdr *hdr;
870 struct rfcomm_mcc *mcc;
871 struct rfcomm_rpn *rpn;
872 u8 buf[16], *ptr = buf;
873
874 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
8e87d142
YH		 875 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
876 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
3a5e903c 877 flow_ctrl_settings, xon_char, xoff_char, param_mask);
1da177e4
LT		 878
879 hdr = (void *) ptr; ptr += sizeof(*hdr);
880 hdr->addr = __addr(s->initiator, 0);
881 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
882 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
883
884 mcc = (void *) ptr; ptr += sizeof(*mcc);
885 mcc->type = __mcc_type(cr, RFCOMM_RPN);
886 mcc->len = __len8(sizeof(*rpn));
887
888 rpn = (void *) ptr; ptr += sizeof(*rpn);
889 rpn->dlci = __addr(1, dlci);
890 rpn->bit_rate = bit_rate;
891 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
892 rpn->flow_ctrl = flow_ctrl_settings;
893 rpn->xon_char = xon_char;
894 rpn->xoff_char = xoff_char;
e8db8c99 895 rpn->param_mask = cpu_to_le16(param_mask);
1da177e4
LT		 896
897 *ptr = __fcs(buf); ptr++;
898
899 return rfcomm_send_frame(s, buf, ptr - buf);
900}
901
902static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
903{
904 struct rfcomm_hdr *hdr;
905 struct rfcomm_mcc *mcc;
906 struct rfcomm_rls *rls;
907 u8 buf[16], *ptr = buf;
908
909 BT_DBG("%p cr %d status 0x%x", s, cr, status);
910
911 hdr = (void *) ptr; ptr += sizeof(*hdr);
912 hdr->addr = __addr(s->initiator, 0);
913 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
914 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
915
916 mcc = (void *) ptr; ptr += sizeof(*mcc);
917 mcc->type = __mcc_type(cr, RFCOMM_RLS);
918 mcc->len = __len8(sizeof(*rls));
919
920 rls = (void *) ptr; ptr += sizeof(*rls);
921 rls->dlci = __addr(1, dlci);
922 rls->status = status;
923
924 *ptr = __fcs(buf); ptr++;
925
926 return rfcomm_send_frame(s, buf, ptr - buf);
927}
928
929static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
930{
931 struct rfcomm_hdr *hdr;
932 struct rfcomm_mcc *mcc;
933 struct rfcomm_msc *msc;
934 u8 buf[16], *ptr = buf;
935
936 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
937
938 hdr = (void *) ptr; ptr += sizeof(*hdr);
939 hdr->addr = __addr(s->initiator, 0);
940 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
941 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
942
943 mcc = (void *) ptr; ptr += sizeof(*mcc);
944 mcc->type = __mcc_type(cr, RFCOMM_MSC);
945 mcc->len = __len8(sizeof(*msc));
946
947 msc = (void *) ptr; ptr += sizeof(*msc);
948 msc->dlci = __addr(1, dlci);
949 msc->v24_sig = v24_sig | 0x01;
950
951 *ptr = __fcs(buf); ptr++;
952
953 return rfcomm_send_frame(s, buf, ptr - buf);
954}
955
956static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
957{
958 struct rfcomm_hdr *hdr;
959 struct rfcomm_mcc *mcc;
960 u8 buf[16], *ptr = buf;
961
962 BT_DBG("%p cr %d", s, cr);
963
964 hdr = (void *) ptr; ptr += sizeof(*hdr);
965 hdr->addr = __addr(s->initiator, 0);
966 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
967 hdr->len = __len8(sizeof(*mcc));
968
969 mcc = (void *) ptr; ptr += sizeof(*mcc);
970 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
971 mcc->len = __len8(0);
972
973 *ptr = __fcs(buf); ptr++;
974
975 return rfcomm_send_frame(s, buf, ptr - buf);
976}
977
978static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
979{
980 struct rfcomm_hdr *hdr;
981 struct rfcomm_mcc *mcc;
982 u8 buf[16], *ptr = buf;
983
984 BT_DBG("%p cr %d", s, cr);
985
986 hdr = (void *) ptr; ptr += sizeof(*hdr);
987 hdr->addr = __addr(s->initiator, 0);
988 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
989 hdr->len = __len8(sizeof(*mcc));
990
991 mcc = (void *) ptr; ptr += sizeof(*mcc);
992 mcc->type = __mcc_type(cr, RFCOMM_FCON);
993 mcc->len = __len8(0);
994
995 *ptr = __fcs(buf); ptr++;
996
997 return rfcomm_send_frame(s, buf, ptr - buf);
998}
999
1000static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1001{
1002 struct socket *sock = s->sock;
1003 struct kvec iv[3];
1004 struct msghdr msg;
1005 unsigned char hdr[5], crc[1];
1006
1007 if (len > 125)
1008 return -EINVAL;
1009
1010 BT_DBG("%p cr %d", s, cr);
1011
1012 hdr[0] = __addr(s->initiator, 0);
1013 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1014 hdr[2] = 0x01 | ((len + 2) << 1);
1015 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1016 hdr[4] = 0x01 | (len << 1);
1017
1018 crc[0] = __fcs(hdr);
1019
1020 iv[0].iov_base = hdr;
1021 iv[0].iov_len = 5;
1022 iv[1].iov_base = pattern;
1023 iv[1].iov_len = len;
1024 iv[2].iov_base = crc;
1025 iv[2].iov_len = 1;
1026
1027 memset(&msg, 0, sizeof(msg));
1028
1029 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1030}
1031
1032static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1033{
1034 struct rfcomm_hdr *hdr;
1035 u8 buf[16], *ptr = buf;
1036
1037 BT_DBG("%p addr %d credits %d", s, addr, credits);
1038
1039 hdr = (void *) ptr; ptr += sizeof(*hdr);
1040 hdr->addr = addr;
1041 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1042 hdr->len = __len8(0);
1043
1044 *ptr = credits; ptr++;
1045
1046 *ptr = __fcs(buf); ptr++;
1047
1048 return rfcomm_send_frame(s, buf, ptr - buf);
1049}
1050
1051static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1052{
1053 struct rfcomm_hdr *hdr;
1054 int len = skb->len;
1055 u8 *crc;
1056
1057 if (len > 127) {
1058 hdr = (void *) skb_push(skb, 4);
b4324b5d 1059 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1da177e4
LT		 1060 } else {
1061 hdr = (void *) skb_push(skb, 3);
1062 hdr->len = __len8(len);
1063 }
1064 hdr->addr = addr;
1065 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1066
1067 crc = skb_put(skb, 1);
1068 *crc = __fcs((void *) hdr);
1069}
1070
1071/* ---- RFCOMM frame reception ---- */
1072static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1073{
1074 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1075
1076 if (dlci) {
1077 /* Data channel */
1078 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1079 if (!d) {
1080 rfcomm_send_dm(s, dlci);
1081 return 0;
1082 }
1083
1084 switch (d->state) {
1085 case BT_CONNECT:
1086 rfcomm_dlc_clear_timer(d);
1087
1088 rfcomm_dlc_lock(d);
1089 d->state = BT_CONNECTED;
1090 d->state_change(d, 0);
1091 rfcomm_dlc_unlock(d);
1092
1093 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1094 break;
1095
1096 case BT_DISCONN:
1097 d->state = BT_CLOSED;
1098 __rfcomm_dlc_close(d, 0);
9cf5b0ea
MH		 1099
1100 if (list_empty(&s->dlcs)) {
1101 s->state = BT_DISCONN;
1102 rfcomm_send_disc(s, 0);
1103 }
1104
1da177e4
LT		 1105 break;
1106 }
1107 } else {
1108 /* Control channel */
1109 switch (s->state) {
1110 case BT_CONNECT:
1111 s->state = BT_CONNECTED;
1112 rfcomm_process_connect(s);
1113 break;
9cf5b0ea
MH		 1114
1115 case BT_DISCONN:
1116 rfcomm_session_put(s);
1117 break;
1da177e4
LT		 1118 }
1119 }
1120 return 0;
1121}
1122
1123static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1124{
1125 int err = 0;
1126
1127 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1128
1129 if (dlci) {
1130 /* Data DLC */
1131 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1132 if (d) {
1133 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1134 err = ECONNREFUSED;
1135 else
1136 err = ECONNRESET;
1137
1138 d->state = BT_CLOSED;
1139 __rfcomm_dlc_close(d, err);
1140 }
1141 } else {
1142 if (s->state == BT_CONNECT)
1143 err = ECONNREFUSED;
1144 else
1145 err = ECONNRESET;
1146
1147 s->state = BT_CLOSED;
1148 rfcomm_session_close(s, err);
1149 }
1150 return 0;
1151}
1152
1153static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1154{
1155 int err = 0;
1156
1157 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1158
1159 if (dlci) {
1160 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1161 if (d) {
1162 rfcomm_send_ua(s, dlci);
1163
1164 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1165 err = ECONNREFUSED;
1166 else
1167 err = ECONNRESET;
1168
1169 d->state = BT_CLOSED;
1170 __rfcomm_dlc_close(d, err);
8e87d142 1171 } else
1da177e4 1172 rfcomm_send_dm(s, dlci);
8e87d142 1173
1da177e4
LT		 1174 } else {
1175 rfcomm_send_ua(s, 0);
1176
1177 if (s->state == BT_CONNECT)
1178 err = ECONNREFUSED;
1179 else
1180 err = ECONNRESET;
1181
1182 s->state = BT_CLOSED;
1183 rfcomm_session_close(s, err);
1184 }
1185
1186 return 0;
1187}
1188
bb23c0ab 1189void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1da177e4 1190{
300b9397
MH		 1191 struct sock *sk = d->session->sock->sk;
1192
1da177e4
LT		 1193 BT_DBG("dlc %p", d);
1194
1195 rfcomm_send_ua(d->session, d->dlci);
1196
e2139b32
JH		 1197 rfcomm_dlc_clear_timer(d);
1198
1da177e4
LT		 1199 rfcomm_dlc_lock(d);
1200 d->state = BT_CONNECTED;
1201 d->state_change(d, 0);
1202 rfcomm_dlc_unlock(d);
1203
9f2c8a03 1204 if (d->role_switch)
300b9397
MH		 1205 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);
1206
1da177e4
LT		 1207 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1208}
1209
bb23c0ab
MH		 1210static void rfcomm_check_accept(struct rfcomm_dlc *d)
1211{
9f2c8a03 1212 if (rfcomm_check_security(d)) {
bb23c0ab
MH		 1213 if (d->defer_setup) {
1214 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1215 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
8bf47941
MH		 1216
1217 rfcomm_dlc_lock(d);
1218 d->state = BT_CONNECT2;
1219 d->state_change(d, 0);
1220 rfcomm_dlc_unlock(d);
bb23c0ab
MH		 1221 } else
1222 rfcomm_dlc_accept(d);
8c1b2355
MH		 1223 } else {
1224 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1225 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
bb23c0ab
MH		 1226 }
1227}
1228
1da177e4
LT		 1229static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1230{
1231 struct rfcomm_dlc *d;
1232 u8 channel;
1233
1234 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1235
1236 if (!dlci) {
1237 rfcomm_send_ua(s, 0);
1238
1239 if (s->state == BT_OPEN) {
1240 s->state = BT_CONNECTED;
1241 rfcomm_process_connect(s);
1242 }
1243 return 0;
1244 }
1245
1246 /* Check if DLC exists */
1247 d = rfcomm_dlc_get(s, dlci);
1248 if (d) {
1249 if (d->state == BT_OPEN) {
1250 /* DLC was previously opened by PN request */
bb23c0ab 1251 rfcomm_check_accept(d);
1da177e4
LT		 1252 }
1253 return 0;
1254 }
1255
1256 /* Notify socket layer about incoming connection */
1257 channel = __srv_channel(dlci);
1258 if (rfcomm_connect_ind(s, channel, &d)) {
1259 d->dlci = dlci;
1260 d->addr = __addr(s->initiator, dlci);
1261 rfcomm_dlc_link(s, d);
1262
bb23c0ab 1263 rfcomm_check_accept(d);
1da177e4
LT		 1264 } else {
1265 rfcomm_send_dm(s, dlci);
1266 }
1267
1268 return 0;
1269}
1270
1271static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1272{
1273 struct rfcomm_session *s = d->session;
1274
8e87d142 1275 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1da177e4
LT		 1276 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1277
7c2660b0
MH		 1278 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1279 pn->flow_ctrl == 0xe0) {
1280 d->cfc = RFCOMM_CFC_ENABLED;
1da177e4
LT		 1281 d->tx_credits = pn->credits;
1282 } else {
7c2660b0 1283 d->cfc = RFCOMM_CFC_DISABLED;
1da177e4
LT		 1284 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1285 }
1286
7c2660b0
MH		 1287 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1288 s->cfc = d->cfc;
1289
1da177e4
LT		 1290 d->priority = pn->priority;
1291
b4324b5d 1292 d->mtu = __le16_to_cpu(pn->mtu);
98bcd08b
MH		 1293
1294 if (cr && d->mtu > s->mtu)
1295 d->mtu = s->mtu;
1da177e4
LT		 1296
1297 return 0;
1298}
1299
1300static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1301{
1302 struct rfcomm_pn *pn = (void *) skb->data;
1303 struct rfcomm_dlc *d;
1304 u8 dlci = pn->dlci;
1305
1306 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1307
1308 if (!dlci)
1309 return 0;
1310
1311 d = rfcomm_dlc_get(s, dlci);
1312 if (d) {
1313 if (cr) {
1314 /* PN request */
1315 rfcomm_apply_pn(d, cr, pn);
1316 rfcomm_send_pn(s, 0, d);
1317 } else {
1318 /* PN response */
1319 switch (d->state) {
1320 case BT_CONFIG:
1321 rfcomm_apply_pn(d, cr, pn);
1322
1323 d->state = BT_CONNECT;
1324 rfcomm_send_sabm(s, d->dlci);
1325 break;
1326 }
1327 }
1328 } else {
1329 u8 channel = __srv_channel(dlci);
1330
1331 if (!cr)
1332 return 0;
1333
1334 /* PN request for non existing DLC.
1335 * Assume incoming connection. */
1336 if (rfcomm_connect_ind(s, channel, &d)) {
1337 d->dlci = dlci;
1338 d->addr = __addr(s->initiator, dlci);
1339 rfcomm_dlc_link(s, d);
1340
1341 rfcomm_apply_pn(d, cr, pn);
1342
1343 d->state = BT_OPEN;
1344 rfcomm_send_pn(s, 0, d);
1345 } else {
1346 rfcomm_send_dm(s, dlci);
1347 }
1348 }
1349 return 0;
1350}
1351
1352static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1353{
1354 struct rfcomm_rpn *rpn = (void *) skb->data;
1355 u8 dlci = __get_dlci(rpn->dlci);
1356
1357 u8 bit_rate = 0;
1358 u8 data_bits = 0;
1359 u8 stop_bits = 0;
1360 u8 parity = 0;
1361 u8 flow_ctrl = 0;
1362 u8 xon_char = 0;
1363 u8 xoff_char = 0;
1364 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
3a5e903c
S		 1365
1366 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1367 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1368 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1369
1370 if (!cr)
1da177e4 1371 return 0;
3a5e903c 1372
1da177e4 1373 if (len == 1) {
3a5e903c 1374 /* This is a request, return default settings */
1da177e4
LT		 1375 bit_rate = RFCOMM_RPN_BR_115200;
1376 data_bits = RFCOMM_RPN_DATA_8;
1377 stop_bits = RFCOMM_RPN_STOP_1;
1378 parity = RFCOMM_RPN_PARITY_NONE;
1379 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1380 xon_char = RFCOMM_RPN_XON_CHAR;
1381 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1da177e4
LT		 1382 goto rpn_out;
1383 }
3a5e903c
S		 1384
1385 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1386 * no parity, no flow control lines, normal XON/XOFF chars */
1387
e8db8c99 1388 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1da177e4
LT		 1389 bit_rate = rpn->bit_rate;
1390 if (bit_rate != RFCOMM_RPN_BR_115200) {
1391 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1392 bit_rate = RFCOMM_RPN_BR_115200;
1393 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1394 }
1395 }
3a5e903c 1396
e8db8c99 1397 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1da177e4
LT		 1398 data_bits = __get_rpn_data_bits(rpn->line_settings);
1399 if (data_bits != RFCOMM_RPN_DATA_8) {
1400 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1401 data_bits = RFCOMM_RPN_DATA_8;
1402 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1403 }
1404 }
3a5e903c 1405
e8db8c99 1406 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1da177e4
LT		 1407 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1408 if (stop_bits != RFCOMM_RPN_STOP_1) {
1409 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1410 stop_bits = RFCOMM_RPN_STOP_1;
1411 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1412 }
1413 }
3a5e903c 1414
e8db8c99 1415 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1da177e4
LT		 1416 parity = __get_rpn_parity(rpn->line_settings);
1417 if (parity != RFCOMM_RPN_PARITY_NONE) {
1418 BT_DBG("RPN parity mismatch 0x%x", parity);
1419 parity = RFCOMM_RPN_PARITY_NONE;
1420 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1421 }
1422 }
3a5e903c 1423
e8db8c99 1424 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1da177e4
LT		 1425 flow_ctrl = rpn->flow_ctrl;
1426 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1427 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1428 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1429 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1430 }
1431 }
3a5e903c 1432
e8db8c99 1433 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1da177e4
LT		 1434 xon_char = rpn->xon_char;
1435 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1436 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1437 xon_char = RFCOMM_RPN_XON_CHAR;
1438 rpn_mask ^= RFCOMM_RPN_PM_XON;
1439 }
1440 }
3a5e903c 1441
e8db8c99 1442 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1da177e4
LT		 1443 xoff_char = rpn->xoff_char;
1444 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1445 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1446 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1447 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1448 }
1449 }
1450
1451rpn_out:
3a5e903c
S		 1452 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1453 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1da177e4
LT		 1454
1455 return 0;
1456}
1457
1458static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1459{
1460 struct rfcomm_rls *rls = (void *) skb->data;
1461 u8 dlci = __get_dlci(rls->dlci);
1462
1463 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
3a5e903c 1464
1da177e4
LT		 1465 if (!cr)
1466 return 0;
1467
3a5e903c
S		 1468 /* We should probably do something with this information here. But
1469 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1470 * mandatory to recognise and respond to RLS */
1da177e4
LT		 1471
1472 rfcomm_send_rls(s, 0, dlci, rls->status);
1473
1474 return 0;
1475}
1476
1477static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1478{
1479 struct rfcomm_msc *msc = (void *) skb->data;
1480 struct rfcomm_dlc *d;
1481 u8 dlci = __get_dlci(msc->dlci);
1482
1483 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1484
1485 d = rfcomm_dlc_get(s, dlci);
3a5e903c 1486 if (!d)
1da177e4
LT		 1487 return 0;
1488
1489 if (cr) {
1490 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1491 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1492 else
1493 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
3a5e903c 1494
1da177e4 1495 rfcomm_dlc_lock(d);
8b6b3da7
MH		 1496
1497 d->remote_v24_sig = msc->v24_sig;
1498
1da177e4
LT		 1499 if (d->modem_status)
1500 d->modem_status(d, msc->v24_sig);
8b6b3da7 1501
1da177e4 1502 rfcomm_dlc_unlock(d);
8e87d142 1503
1da177e4
LT		 1504 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1505
1506 d->mscex |= RFCOMM_MSCEX_RX;
3a5e903c 1507 } else
1da177e4
LT		 1508 d->mscex |= RFCOMM_MSCEX_TX;
1509
1510 return 0;
1511}
1512
1513static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1514{
1515 struct rfcomm_mcc *mcc = (void *) skb->data;
1516 u8 type, cr, len;
1517
1518 cr = __test_cr(mcc->type);
1519 type = __get_mcc_type(mcc->type);
1520 len = __get_mcc_len(mcc->len);
1521
1522 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1523
1524 skb_pull(skb, 2);
1525
1526 switch (type) {
1527 case RFCOMM_PN:
1528 rfcomm_recv_pn(s, cr, skb);
1529 break;
1530
1531 case RFCOMM_RPN:
1532 rfcomm_recv_rpn(s, cr, len, skb);
1533 break;
1534
1535 case RFCOMM_RLS:
1536 rfcomm_recv_rls(s, cr, skb);
1537 break;
1538
1539 case RFCOMM_MSC:
1540 rfcomm_recv_msc(s, cr, skb);
1541 break;
1542
1543 case RFCOMM_FCOFF:
1544 if (cr) {
1545 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1546 rfcomm_send_fcoff(s, 0);
1547 }
1548 break;
1549
1550 case RFCOMM_FCON:
1551 if (cr) {
1552 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1553 rfcomm_send_fcon(s, 0);
1554 }
1555 break;
1556
1557 case RFCOMM_TEST:
1558 if (cr)
1559 rfcomm_send_test(s, 0, skb->data, skb->len);
1560 break;
1561
1562 case RFCOMM_NSC:
1563 break;
1564
1565 default:
1566 BT_ERR("Unknown control type 0x%02x", type);
1567 rfcomm_send_nsc(s, cr, type);
1568 break;
1569 }
1570 return 0;
1571}
1572
1573static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1574{
1575 struct rfcomm_dlc *d;
1576
1577 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1578
1579 d = rfcomm_dlc_get(s, dlci);
1580 if (!d) {
1581 rfcomm_send_dm(s, dlci);
1582 goto drop;
1583 }
1584
1585 if (pf && d->cfc) {
1586 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1587
1588 d->tx_credits += credits;
1589 if (d->tx_credits)
1590 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1591 }
1592
1593 if (skb->len && d->state == BT_CONNECTED) {
1594 rfcomm_dlc_lock(d);
1595 d->rx_credits--;
1596 d->data_ready(d, skb);
1597 rfcomm_dlc_unlock(d);
1598 return 0;
1599 }
1600
1601drop:
1602 kfree_skb(skb);
1603 return 0;
1604}
1605
1606static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1607{
1608 struct rfcomm_hdr *hdr = (void *) skb->data;
1609 u8 type, dlci, fcs;
1610
1611 dlci = __get_dlci(hdr->addr);
1612 type = __get_type(hdr->ctrl);
1613
1614 /* Trim FCS */
1615 skb->len--; skb->tail--;
27a884dc 1616 fcs = *(u8 *)skb_tail_pointer(skb);
1da177e4
LT		 1617
1618 if (__check_fcs(skb->data, type, fcs)) {
1619 BT_ERR("bad checksum in packet");
1620 kfree_skb(skb);
1621 return -EILSEQ;
1622 }
1623
1624 if (__test_ea(hdr->len))
1625 skb_pull(skb, 3);
1626 else
1627 skb_pull(skb, 4);
1628
1629 switch (type) {
1630 case RFCOMM_SABM:
1631 if (__test_pf(hdr->ctrl))
1632 rfcomm_recv_sabm(s, dlci);
1633 break;
1634
1635 case RFCOMM_DISC:
1636 if (__test_pf(hdr->ctrl))
1637 rfcomm_recv_disc(s, dlci);
1638 break;
1639
1640 case RFCOMM_UA:
1641 if (__test_pf(hdr->ctrl))
1642 rfcomm_recv_ua(s, dlci);
1643 break;
1644
1645 case RFCOMM_DM:
1646 rfcomm_recv_dm(s, dlci);
1647 break;
1648
1649 case RFCOMM_UIH:
1650 if (dlci)
1651 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1652
1653 rfcomm_recv_mcc(s, skb);
1654 break;
1655
1656 default:
1657 BT_ERR("Unknown packet type 0x%02x\n", type);
1658 break;
1659 }
1660 kfree_skb(skb);
1661 return 0;
1662}
1663
1664/* ---- Connection and data processing ---- */
1665
1666static void rfcomm_process_connect(struct rfcomm_session *s)
1667{
1668 struct rfcomm_dlc *d;
1669 struct list_head *p, *n;
1670
1671 BT_DBG("session %p state %ld", s, s->state);
1672
1673 list_for_each_safe(p, n, &s->dlcs) {
1674 d = list_entry(p, struct rfcomm_dlc, list);
1675 if (d->state == BT_CONFIG) {
1676 d->mtu = s->mtu;
9f2c8a03 1677 if (rfcomm_check_security(d)) {
8c1b2355
MH		 1678 rfcomm_send_pn(s, 1, d);
1679 } else {
77db1980
MH		 1680 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1681 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
8c1b2355 1682 }
1da177e4
LT		 1683 }
1684 }
1685}
1686
1687/* Send data queued for the DLC.
1688 * Return number of frames left in the queue.
1689 */
1690static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1691{
1692 struct sk_buff *skb;
1693 int err;
1694
8e87d142 1695 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1da177e4
LT		 1696 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1697
1698 /* Send pending MSC */
1699 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
8e87d142 1700 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1da177e4
LT		 1701
1702 if (d->cfc) {
8e87d142 1703 /* CFC enabled.
1da177e4
LT		 1704 * Give them some credits */
1705 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
8e87d142 1706 d->rx_credits <= (d->cfc >> 2)) {
1da177e4
LT		 1707 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1708 d->rx_credits = d->cfc;
1709 }
1710 } else {
1711 /* CFC disabled.
1712 * Give ourselves some credits */
1713 d->tx_credits = 5;
1714 }
1715
1716 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1717 return skb_queue_len(&d->tx_queue);
1718
1719 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1720 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1721 if (err < 0) {
1722 skb_queue_head(&d->tx_queue, skb);
1723 break;
1724 }
1725 kfree_skb(skb);
1726 d->tx_credits--;
1727 }
1728
1729 if (d->cfc && !d->tx_credits) {
1730 /* We're out of TX credits.
1731 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1732 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1733 }
1734
1735 return skb_queue_len(&d->tx_queue);
1736}
1737
1738static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1739{
1740 struct rfcomm_dlc *d;
1741 struct list_head *p, *n;
1742
1743 BT_DBG("session %p state %ld", s, s->state);
1744
1745 list_for_each_safe(p, n, &s->dlcs) {
1746 d = list_entry(p, struct rfcomm_dlc, list);
1747
1748 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1749 __rfcomm_dlc_close(d, ETIMEDOUT);
1750 continue;
1751 }
1752
1753 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1754 rfcomm_dlc_clear_timer(d);
77db1980
MH		 1755 if (d->out) {
1756 rfcomm_send_pn(s, 1, d);
1757 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
bb23c0ab
MH		 1758 } else {
1759 if (d->defer_setup) {
1760 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1761 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
8bf47941
MH		 1762
1763 rfcomm_dlc_lock(d);
1764 d->state = BT_CONNECT2;
1765 d->state_change(d, 0);
1766 rfcomm_dlc_unlock(d);
bb23c0ab
MH		 1767 } else
1768 rfcomm_dlc_accept(d);
1769 }
1da177e4
LT		 1770 continue;
1771 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1772 rfcomm_dlc_clear_timer(d);
77db1980
MH		 1773 if (!d->out)
1774 rfcomm_send_dm(s, d->dlci);
1775 else
1776 d->state = BT_CLOSED;
1da177e4
LT		 1777 __rfcomm_dlc_close(d, ECONNREFUSED);
1778 continue;
1779 }
1780
6e1031a4
JG		 1781 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1782 continue;
1783
1da177e4
LT		 1784 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1785 continue;
1786
1787 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
77db1980 1788 d->mscex == RFCOMM_MSCEX_OK)
1da177e4
LT		 1789 rfcomm_process_tx(d);
1790 }
1791}
1792
1793static inline void rfcomm_process_rx(struct rfcomm_session *s)
1794{
1795 struct socket *sock = s->sock;
1796 struct sock *sk = sock->sk;
1797 struct sk_buff *skb;
1798
1799 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1800
1801 /* Get data directly from socket receive queue without copying it. */
1802 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1803 skb_orphan(skb);
1804 rfcomm_recv_frame(s, skb);
1805 }
1806
1807 if (sk->sk_state == BT_CLOSED) {
1808 if (!s->initiator)
1809 rfcomm_session_put(s);
1810
1811 rfcomm_session_close(s, sk->sk_err);
1812 }
1813}
1814
1815static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1816{
1817 struct socket *sock = s->sock, *nsock;
1818 int err;
1819
1820 /* Fast check for a new connection.
1821 * Avoids unnesesary socket allocations. */
1822 if (list_empty(&bt_sk(sock->sk)->accept_q))
1823 return;
1824
1825 BT_DBG("session %p", s);
1826
48db9ca4
MH		 1827 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1828 if (err < 0)
1da177e4
LT		 1829 return;
1830
1da177e4
LT		 1831 /* Set our callbacks */
1832 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1833 nsock->sk->sk_state_change = rfcomm_l2state_change;
1834
1835 s = rfcomm_session_add(nsock, BT_OPEN);
1836 if (s) {
1837 rfcomm_session_hold(s);
98bcd08b
MH		 1838
1839 /* We should adjust MTU on incoming sessions.
1840 * L2CAP MTU minus UIH header and FCS. */
1841 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5;
1842
1da177e4
LT		 1843 rfcomm_schedule(RFCOMM_SCHED_RX);
1844 } else
1845 sock_release(nsock);
1846}
1847
1848static inline void rfcomm_check_connection(struct rfcomm_session *s)
1849{
1850 struct sock *sk = s->sock->sk;
1851
1852 BT_DBG("%p state %ld", s, s->state);
1853
1854 switch(sk->sk_state) {
1855 case BT_CONNECTED:
1856 s->state = BT_CONNECT;
1857
1858 /* We can adjust MTU on outgoing sessions.
1859 * L2CAP MTU minus UIH header and FCS. */
1860 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1861
1862 rfcomm_send_sabm(s, 0);
1863 break;
1864
1865 case BT_CLOSED:
1866 s->state = BT_CLOSED;
1867 rfcomm_session_close(s, sk->sk_err);
1868 break;
1869 }
1870}
1871
1872static inline void rfcomm_process_sessions(void)
1873{
1874 struct list_head *p, *n;
1875
1876 rfcomm_lock();
1877
1878 list_for_each_safe(p, n, &session_list) {
1879 struct rfcomm_session *s;
1880 s = list_entry(p, struct rfcomm_session, list);
1881
1882 if (s->state == BT_LISTEN) {
1883 rfcomm_accept_connection(s);
1884 continue;
1885 }
1886
1887 rfcomm_session_hold(s);
1888
1889 switch (s->state) {
1890 case BT_BOUND:
1891 rfcomm_check_connection(s);
1892 break;
1893
1894 default:
1895 rfcomm_process_rx(s);
1896 break;
1897 }
1898
1899 rfcomm_process_dlcs(s);
1900
1901 rfcomm_session_put(s);
1902 }
1903
1904 rfcomm_unlock();
1905}
1906
1da177e4
LT		 1907static int rfcomm_add_listener(bdaddr_t *ba)
1908{
1909 struct sockaddr_l2 addr;
1910 struct socket *sock;
1911 struct sock *sk;
1912 struct rfcomm_session *s;
1913 int err = 0;
1914
1915 /* Create socket */
1916 err = rfcomm_l2sock_create(&sock);
8e87d142 1917 if (err < 0) {
1da177e4
LT		 1918 BT_ERR("Create socket failed %d", err);
1919 return err;
1920 }
1921
1922 /* Bind socket */
1923 bacpy(&addr.l2_bdaddr, ba);
1924 addr.l2_family = AF_BLUETOOTH;
b4324b5d 1925 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
37e62f55 1926 addr.l2_cid = 0;
48db9ca4 1927 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1da177e4
LT		 1928 if (err < 0) {
1929 BT_ERR("Bind failed %d", err);
1930 goto failed;
1931 }
1932
1933 /* Set L2CAP options */
1934 sk = sock->sk;
1935 lock_sock(sk);
56f3a40a 1936 l2cap_pi(sk)->imtu = l2cap_mtu;
1da177e4
LT		 1937 release_sock(sk);
1938
1939 /* Start listening on the socket */
48db9ca4 1940 err = kernel_listen(sock, 10);
1da177e4
LT		 1941 if (err) {
1942 BT_ERR("Listen failed %d", err);
1943 goto failed;
1944 }
1945
1946 /* Add listening session */
1947 s = rfcomm_session_add(sock, BT_LISTEN);
1948 if (!s)
1949 goto failed;
1950
1951 rfcomm_session_hold(s);
1952 return 0;
1953failed:
1954 sock_release(sock);
1955 return err;
1956}
1957
1958static void rfcomm_kill_listener(void)
1959{
1960 struct rfcomm_session *s;
1961 struct list_head *p, *n;
1962
1963 BT_DBG("");
1964
1965 list_for_each_safe(p, n, &session_list) {
1966 s = list_entry(p, struct rfcomm_session, list);
1967 rfcomm_session_del(s);
1968 }
1969}
1970
1971static int rfcomm_run(void *unused)
1972{
a524eccc 1973 BT_DBG("");
1da177e4 1974
1da177e4 1975 set_user_nice(current, -10);
1da177e4 1976
1da177e4
LT		 1977 rfcomm_add_listener(BDADDR_ANY);
1978
a524eccc
MH		 1979 while (!kthread_should_stop()) {
1980 set_current_state(TASK_INTERRUPTIBLE);
1981 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1982 /* No pending events. Let's sleep.
1983 * Incoming connections and data will wake us up. */
1984 schedule();
1985 }
1986 set_current_state(TASK_RUNNING);
1987
1988 /* Process stuff */
1989 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1990 rfcomm_process_sessions();
1991 }
1da177e4
LT		 1992
1993 rfcomm_kill_listener();
1994
1da177e4
LT		 1995 return 0;
1996}
1997
8c1b2355 1998static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1da177e4
LT		 1999{
2000 struct rfcomm_session *s;
2001 struct rfcomm_dlc *d;
2002 struct list_head *p, *n;
2003
2004 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2005
2006 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2007 if (!s)
2008 return;
2009
2010 rfcomm_session_hold(s);
2011
2012 list_for_each_safe(p, n, &s->dlcs) {
2013 d = list_entry(p, struct rfcomm_dlc, list);
2014
8c84b830
MH		 2015 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2016 rfcomm_dlc_clear_timer(d);
2017 if (status || encrypt == 0x00) {
2018 __rfcomm_dlc_close(d, ECONNREFUSED);
2019 continue;
2020 }
2021 }
2022
2023 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2024 if (d->sec_level == BT_SECURITY_MEDIUM) {
2025 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2026 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2027 continue;
2028 } else if (d->sec_level == BT_SECURITY_HIGH) {
2029 __rfcomm_dlc_close(d, ECONNREFUSED);
2030 continue;
2031 }
9719f8af
MH		 2032 }
2033
1da177e4
LT		 2034 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2035 continue;
2036
8c1b2355 2037 if (!status)
1da177e4
LT		 2038 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2039 else
2040 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2041 }
2042
2043 rfcomm_session_put(s);
2044
2045 rfcomm_schedule(RFCOMM_SCHED_AUTH);
2046}
2047
2048static struct hci_cb rfcomm_cb = {
2049 .name = "RFCOMM",
8c1b2355 2050 .security_cfm = rfcomm_security_cfm
1da177e4
LT		 2051};
2052
be9d1227 2053static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
1da177e4
LT		 2054{
2055 struct rfcomm_session *s;
2056 struct list_head *pp, *p;
be9d1227 2057 char *str = buf;
1da177e4
LT		 2058
2059 rfcomm_lock();
2060
2061 list_for_each(p, &session_list) {
2062 s = list_entry(p, struct rfcomm_session, list);
be9d1227
MH		 2063 list_for_each(pp, &s->dlcs) {
2064 struct sock *sk = s->sock->sk;
2065 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
1da177e4 2066
be9d1227
MH		 2067 str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2068 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2069 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
1da177e4
LT		 2070 }
2071 }
1da177e4 2072
1da177e4 2073 rfcomm_unlock();
1da177e4 2074
be9d1227 2075 return (str - buf);
1da177e4
LT		 2076}
2077
be9d1227 2078static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
1da177e4
LT		 2079
2080/* ---- Initialization ---- */
2081static int __init rfcomm_init(void)
2082{
2083 l2cap_load();
2084
2085 hci_register_cb(&rfcomm_cb);
2086
a524eccc
MH		 2087 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2088 if (IS_ERR(rfcomm_thread)) {
2089 hci_unregister_cb(&rfcomm_cb);
2090 return PTR_ERR(rfcomm_thread);
2091 }
1da177e4 2092
df5c37ea
MH		 2093 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0)
2094 BT_ERR("Failed to create RFCOMM info file");
1da177e4
LT		 2095
2096 rfcomm_init_sockets();
2097
2098#ifdef CONFIG_BT_RFCOMM_TTY
2099 rfcomm_init_ttys();
2100#endif
2101
be9d1227
MH		 2102 BT_INFO("RFCOMM ver %s", VERSION);
2103
1da177e4
LT		 2104 return 0;
2105}
2106
2107static void __exit rfcomm_exit(void)
2108{
a91f2e39 2109 class_remove_file(bt_class, &class_attr_rfcomm_dlc);
be9d1227 2110
1da177e4
LT		 2111 hci_unregister_cb(&rfcomm_cb);
2112
a524eccc 2113 kthread_stop(rfcomm_thread);
1da177e4
LT		 2114
2115#ifdef CONFIG_BT_RFCOMM_TTY
2116 rfcomm_cleanup_ttys();
2117#endif
2118
2119 rfcomm_cleanup_sockets();
1da177e4
LT		 2120}
2121
2122module_init(rfcomm_init);
2123module_exit(rfcomm_exit);
2124
7c2660b0
MH		 2125module_param(disable_cfc, bool, 0644);
2126MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2127
98bcd08b
MH		 2128module_param(channel_mtu, int, 0644);
2129MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2130
56f3a40a
MH		 2131module_param(l2cap_mtu, uint, 0644);
2132MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2133
63fbd24e 2134MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1da177e4
LT		 2135MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2136MODULE_VERSION(VERSION);
2137MODULE_LICENSE("GPL");
2138MODULE_ALIAS("bt-proto-3");
Linux kernel - Deliverables
This page took 0.529899 seconds and 5 git commands to generate.