search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[PARISC] irq_affinityp[] only available for SMP builds
[linux-2.6.22.y-op.git] / net / bluetooth / rfcomm / core.c
blob0d89d64341364fcf9e6eb4214568c24795ea6a51
1 /*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25 * Bluetooth RFCOMM core.
26 *
27 * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $
28 */
29
30 #include <linux/config.h>
31 #include <linux/module.h>
32 #include <linux/errno.h>
33 #include <linux/kernel.h>
34 #include <linux/sched.h>
35 #include <linux/signal.h>
36 #include <linux/init.h>
37 #include <linux/wait.h>
38 #include <linux/device.h>
39 #include <linux/net.h>
40 #include <net/sock.h>
41 #include <asm/uaccess.h>
42 #include <asm/unaligned.h>
43
44 #include <net/bluetooth/bluetooth.h>
45 #include <net/bluetooth/hci_core.h>
46 #include <net/bluetooth/l2cap.h>
47 #include <net/bluetooth/rfcomm.h>
48
49 #define VERSION "1.6"
50
51 #ifndef CONFIG_BT_RFCOMM_DEBUG
52 #undef BT_DBG
53 #define BT_DBG(D...)
54 #endif
55
56 static struct task_struct *rfcomm_thread;
57
58 static DECLARE_MUTEX(rfcomm_sem);
59 #define rfcomm_lock() down(&rfcomm_sem);
60 #define rfcomm_unlock() up(&rfcomm_sem);
61
62 static unsigned long rfcomm_event;
63
64 static LIST_HEAD(session_list);
65 static atomic_t terminate, running;
66
67 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
68 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
69 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
70 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
71 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
72 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
73 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
74 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
75 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
76 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
77
78 static void rfcomm_process_connect(struct rfcomm_session *s);
79
80 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
81 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
82 static void rfcomm_session_del(struct rfcomm_session *s);
83
84 /* ---- RFCOMM frame parsing macros ---- */
85 #define __get_dlci(b) ((b & 0xfc) >> 2)
86 #define __get_channel(b) ((b & 0xf8) >> 3)
87 #define __get_dir(b) ((b & 0x04) >> 2)
88 #define __get_type(b) ((b & 0xef))
89
90 #define __test_ea(b) ((b & 0x01))
91 #define __test_cr(b) ((b & 0x02))
92 #define __test_pf(b) ((b & 0x10))
93
94 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
95 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
96 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
97 #define __srv_channel(dlci) (dlci >> 1)
98 #define __dir(dlci) (dlci & 0x01)
99
100 #define __len8(len) (((len) << 1) | 1)
101 #define __len16(len) ((len) << 1)
102
103 /* MCC macros */
104 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
105 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
106 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
107
108 /* RPN macros */
109 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
110 #define __get_rpn_data_bits(line) ((line) & 0x3)
111 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
112 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
113
114 static inline void rfcomm_schedule(uint event)
115 {
116 if (!rfcomm_thread)
117 return;
118 //set_bit(event, &rfcomm_event);
119 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
120 wake_up_process(rfcomm_thread);
121 }
122
123 static inline void rfcomm_session_put(struct rfcomm_session *s)
124 {
125 if (atomic_dec_and_test(&s->refcnt))
126 rfcomm_session_del(s);
127 }
128
129 /* ---- RFCOMM FCS computation ---- */
130
131 /* reversed, 8-bit, poly=0x07 */
132 static unsigned char rfcomm_crc_table[256] = {
133 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
134 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
135 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
136 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
137
138 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
139 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
140 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
141 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
142
143 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
144 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
145 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
146 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
147
148 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
149 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
150 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
151 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
152
153 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
154 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
155 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
156 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
157
158 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
159 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
160 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
161 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
162
163 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
164 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
165 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
166 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
167
168 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
169 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
170 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
171 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
172 };
173
174 /* CRC on 2 bytes */
175 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
176
177 /* FCS on 2 bytes */
178 static inline u8 __fcs(u8 *data)
179 {
180 return (0xff - __crc(data));
181 }
182
183 /* FCS on 3 bytes */
184 static inline u8 __fcs2(u8 *data)
185 {
186 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
187 }
188
189 /* Check FCS */
190 static inline int __check_fcs(u8 *data, int type, u8 fcs)
191 {
192 u8 f = __crc(data);
193
194 if (type != RFCOMM_UIH)
195 f = rfcomm_crc_table[f ^ data[2]];
196
197 return rfcomm_crc_table[f ^ fcs] != 0xcf;
198 }
199
200 /* ---- L2CAP callbacks ---- */
201 static void rfcomm_l2state_change(struct sock *sk)
202 {
203 BT_DBG("%p state %d", sk, sk->sk_state);
204 rfcomm_schedule(RFCOMM_SCHED_STATE);
205 }
206
207 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
208 {
209 BT_DBG("%p bytes %d", sk, bytes);
210 rfcomm_schedule(RFCOMM_SCHED_RX);
211 }
212
213 static int rfcomm_l2sock_create(struct socket **sock)
214 {
215 int err;
216
217 BT_DBG("");
218
219 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
220 if (!err) {
221 struct sock *sk = (*sock)->sk;
222 sk->sk_data_ready = rfcomm_l2data_ready;
223 sk->sk_state_change = rfcomm_l2state_change;
224 }
225 return err;
226 }
227
228 /* ---- RFCOMM DLCs ---- */
229 static void rfcomm_dlc_timeout(unsigned long arg)
230 {
231 struct rfcomm_dlc *d = (void *) arg;
232
233 BT_DBG("dlc %p state %ld", d, d->state);
234
235 set_bit(RFCOMM_TIMED_OUT, &d->flags);
236 rfcomm_dlc_put(d);
237 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
238 }
239
240 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
241 {
242 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
243
244 if (!mod_timer(&d->timer, jiffies + timeout))
245 rfcomm_dlc_hold(d);
246 }
247
248 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
249 {
250 BT_DBG("dlc %p state %ld", d, d->state);
251
252 if (timer_pending(&d->timer) && del_timer(&d->timer))
253 rfcomm_dlc_put(d);
254 }
255
256 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
257 {
258 BT_DBG("%p", d);
259
260 d->state = BT_OPEN;
261 d->flags = 0;
262 d->mscex = 0;
263 d->mtu = RFCOMM_DEFAULT_MTU;
264 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
265
266 d->cfc = RFCOMM_CFC_DISABLED;
267 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
268 }
269
270 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
271 {
272 struct rfcomm_dlc *d = kmalloc(sizeof(*d), prio);
273 if (!d)
274 return NULL;
275 memset(d, 0, sizeof(*d));
276
277 init_timer(&d->timer);
278 d->timer.function = rfcomm_dlc_timeout;
279 d->timer.data = (unsigned long) d;
280
281 skb_queue_head_init(&d->tx_queue);
282 spin_lock_init(&d->lock);
283 atomic_set(&d->refcnt, 1);
284
285 rfcomm_dlc_clear_state(d);
286
287 BT_DBG("%p", d);
288 return d;
289 }
290
291 void rfcomm_dlc_free(struct rfcomm_dlc *d)
292 {
293 BT_DBG("%p", d);
294
295 skb_queue_purge(&d->tx_queue);
296 kfree(d);
297 }
298
299 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
300 {
301 BT_DBG("dlc %p session %p", d, s);
302
303 rfcomm_session_hold(s);
304
305 rfcomm_dlc_hold(d);
306 list_add(&d->list, &s->dlcs);
307 d->session = s;
308 }
309
310 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
311 {
312 struct rfcomm_session *s = d->session;
313
314 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
315
316 list_del(&d->list);
317 d->session = NULL;
318 rfcomm_dlc_put(d);
319
320 rfcomm_session_put(s);
321 }
322
323 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
324 {
325 struct rfcomm_dlc *d;
326 struct list_head *p;
327
328 list_for_each(p, &s->dlcs) {
329 d = list_entry(p, struct rfcomm_dlc, list);
330 if (d->dlci == dlci)
331 return d;
332 }
333 return NULL;
334 }
335
336 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
337 {
338 struct rfcomm_session *s;
339 int err = 0;
340 u8 dlci;
341
342 BT_DBG("dlc %p state %ld %s %s channel %d",
343 d, d->state, batostr(src), batostr(dst), channel);
344
345 if (channel < 1 || channel > 30)
346 return -EINVAL;
347
348 if (d->state != BT_OPEN && d->state != BT_CLOSED)
349 return 0;
350
351 s = rfcomm_session_get(src, dst);
352 if (!s) {
353 s = rfcomm_session_create(src, dst, &err);
354 if (!s)
355 return err;
356 }
357
358 dlci = __dlci(!s->initiator, channel);
359
360 /* Check if DLCI already exists */
361 if (rfcomm_dlc_get(s, dlci))
362 return -EBUSY;
363
364 rfcomm_dlc_clear_state(d);
365
366 d->dlci = dlci;
367 d->addr = __addr(s->initiator, dlci);
368 d->priority = 7;
369
370 d->state = BT_CONFIG;
371 rfcomm_dlc_link(s, d);
372
373 d->mtu = s->mtu;
374 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
375
376 if (s->state == BT_CONNECTED)
377 rfcomm_send_pn(s, 1, d);
378 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
379 return 0;
380 }
381
382 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
383 {
384 int r;
385
386 rfcomm_lock();
387
388 r = __rfcomm_dlc_open(d, src, dst, channel);
389
390 rfcomm_unlock();
391 return r;
392 }
393
394 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
395 {
396 struct rfcomm_session *s = d->session;
397 if (!s)
398 return 0;
399
400 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
401 d, d->state, d->dlci, err, s);
402
403 switch (d->state) {
404 case BT_CONNECTED:
405 case BT_CONFIG:
406 case BT_CONNECT:
407 d->state = BT_DISCONN;
408 if (skb_queue_empty(&d->tx_queue)) {
409 rfcomm_send_disc(s, d->dlci);
410 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
411 } else {
412 rfcomm_queue_disc(d);
413 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
414 }
415 break;
416
417 default:
418 rfcomm_dlc_clear_timer(d);
419
420 rfcomm_dlc_lock(d);
421 d->state = BT_CLOSED;
422 d->state_change(d, err);
423 rfcomm_dlc_unlock(d);
424
425 skb_queue_purge(&d->tx_queue);
426 rfcomm_dlc_unlink(d);
427 }
428
429 return 0;
430 }
431
432 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
433 {
434 int r;
435
436 rfcomm_lock();
437
438 r = __rfcomm_dlc_close(d, err);
439
440 rfcomm_unlock();
441 return r;
442 }
443
444 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
445 {
446 int len = skb->len;
447
448 if (d->state != BT_CONNECTED)
449 return -ENOTCONN;
450
451 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
452
453 if (len > d->mtu)
454 return -EINVAL;
455
456 rfcomm_make_uih(skb, d->addr);
457 skb_queue_tail(&d->tx_queue, skb);
458
459 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
460 rfcomm_schedule(RFCOMM_SCHED_TX);
461 return len;
462 }
463
464 void fastcall __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
465 {
466 BT_DBG("dlc %p state %ld", d, d->state);
467
468 if (!d->cfc) {
469 d->v24_sig |= RFCOMM_V24_FC;
470 set_bit(RFCOMM_MSC_PENDING, &d->flags);
471 }
472 rfcomm_schedule(RFCOMM_SCHED_TX);
473 }
474
475 void fastcall __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
476 {
477 BT_DBG("dlc %p state %ld", d, d->state);
478
479 if (!d->cfc) {
480 d->v24_sig &= ~RFCOMM_V24_FC;
481 set_bit(RFCOMM_MSC_PENDING, &d->flags);
482 }
483 rfcomm_schedule(RFCOMM_SCHED_TX);
484 }
485
486 /*
487 Set/get modem status functions use _local_ status i.e. what we report
488 to the other side.
489 Remote status is provided by dlc->modem_status() callback.
490 */
491 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
492 {
493 BT_DBG("dlc %p state %ld v24_sig 0x%x",
494 d, d->state, v24_sig);
495
496 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
497 v24_sig |= RFCOMM_V24_FC;
498 else
499 v24_sig &= ~RFCOMM_V24_FC;
500
501 d->v24_sig = v24_sig;
502
503 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
504 rfcomm_schedule(RFCOMM_SCHED_TX);
505
506 return 0;
507 }
508
509 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
510 {
511 BT_DBG("dlc %p state %ld v24_sig 0x%x",
512 d, d->state, d->v24_sig);
513
514 *v24_sig = d->v24_sig;
515 return 0;
516 }
517
518 /* ---- RFCOMM sessions ---- */
519 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
520 {
521 struct rfcomm_session *s = kmalloc(sizeof(*s), GFP_KERNEL);
522 if (!s)
523 return NULL;
524 memset(s, 0, sizeof(*s));
525
526 BT_DBG("session %p sock %p", s, sock);
527
528 INIT_LIST_HEAD(&s->dlcs);
529 s->state = state;
530 s->sock = sock;
531
532 s->mtu = RFCOMM_DEFAULT_MTU;
533 s->cfc = RFCOMM_CFC_UNKNOWN;
534
535 /* Do not increment module usage count for listening sessions.
536 * Otherwise we won't be able to unload the module. */
537 if (state != BT_LISTEN)
538 if (!try_module_get(THIS_MODULE)) {
539 kfree(s);
540 return NULL;
541 }
542
543 list_add(&s->list, &session_list);
544
545 return s;
546 }
547
548 static void rfcomm_session_del(struct rfcomm_session *s)
549 {
550 int state = s->state;
551
552 BT_DBG("session %p state %ld", s, s->state);
553
554 list_del(&s->list);
555
556 if (state == BT_CONNECTED)
557 rfcomm_send_disc(s, 0);
558
559 sock_release(s->sock);
560 kfree(s);
561
562 if (state != BT_LISTEN)
563 module_put(THIS_MODULE);
564 }
565
566 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
567 {
568 struct rfcomm_session *s;
569 struct list_head *p, *n;
570 struct bt_sock *sk;
571 list_for_each_safe(p, n, &session_list) {
572 s = list_entry(p, struct rfcomm_session, list);
573 sk = bt_sk(s->sock->sk);
574
575 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
576 !bacmp(&sk->dst, dst))
577 return s;
578 }
579 return NULL;
580 }
581
582 static void rfcomm_session_close(struct rfcomm_session *s, int err)
583 {
584 struct rfcomm_dlc *d;
585 struct list_head *p, *n;
586
587 BT_DBG("session %p state %ld err %d", s, s->state, err);
588
589 rfcomm_session_hold(s);
590
591 s->state = BT_CLOSED;
592
593 /* Close all dlcs */
594 list_for_each_safe(p, n, &s->dlcs) {
595 d = list_entry(p, struct rfcomm_dlc, list);
596 d->state = BT_CLOSED;
597 __rfcomm_dlc_close(d, err);
598 }
599
600 rfcomm_session_put(s);
601 }
602
603 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
604 {
605 struct rfcomm_session *s = NULL;
606 struct sockaddr_l2 addr;
607 struct socket *sock;
608 struct sock *sk;
609
610 BT_DBG("%s %s", batostr(src), batostr(dst));
611
612 *err = rfcomm_l2sock_create(&sock);
613 if (*err < 0)
614 return NULL;
615
616 bacpy(&addr.l2_bdaddr, src);
617 addr.l2_family = AF_BLUETOOTH;
618 addr.l2_psm = 0;
619 *err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
620 if (*err < 0)
621 goto failed;
622
623 /* Set L2CAP options */
624 sk = sock->sk;
625 lock_sock(sk);
626 l2cap_pi(sk)->imtu = RFCOMM_MAX_L2CAP_MTU;
627 release_sock(sk);
628
629 s = rfcomm_session_add(sock, BT_BOUND);
630 if (!s) {
631 *err = -ENOMEM;
632 goto failed;
633 }
634
635 s->initiator = 1;
636
637 bacpy(&addr.l2_bdaddr, dst);
638 addr.l2_family = AF_BLUETOOTH;
639 addr.l2_psm = htobs(RFCOMM_PSM);
640 *err = sock->ops->connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
641 if (*err == 0 || *err == -EAGAIN)
642 return s;
643
644 rfcomm_session_del(s);
645 return NULL;
646
647 failed:
648 sock_release(sock);
649 return NULL;
650 }
651
652 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
653 {
654 struct sock *sk = s->sock->sk;
655 if (src)
656 bacpy(src, &bt_sk(sk)->src);
657 if (dst)
658 bacpy(dst, &bt_sk(sk)->dst);
659 }
660
661 /* ---- RFCOMM frame sending ---- */
662 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
663 {
664 struct socket *sock = s->sock;
665 struct kvec iv = { data, len };
666 struct msghdr msg;
667
668 BT_DBG("session %p len %d", s, len);
669
670 memset(&msg, 0, sizeof(msg));
671
672 return kernel_sendmsg(sock, &msg, &iv, 1, len);
673 }
674
675 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
676 {
677 struct rfcomm_cmd cmd;
678
679 BT_DBG("%p dlci %d", s, dlci);
680
681 cmd.addr = __addr(s->initiator, dlci);
682 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
683 cmd.len = __len8(0);
684 cmd.fcs = __fcs2((u8 *) &cmd);
685
686 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
687 }
688
689 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
690 {
691 struct rfcomm_cmd cmd;
692
693 BT_DBG("%p dlci %d", s, dlci);
694
695 cmd.addr = __addr(!s->initiator, dlci);
696 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
697 cmd.len = __len8(0);
698 cmd.fcs = __fcs2((u8 *) &cmd);
699
700 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
701 }
702
703 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
704 {
705 struct rfcomm_cmd cmd;
706
707 BT_DBG("%p dlci %d", s, dlci);
708
709 cmd.addr = __addr(s->initiator, dlci);
710 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
711 cmd.len = __len8(0);
712 cmd.fcs = __fcs2((u8 *) &cmd);
713
714 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
715 }
716
717 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
718 {
719 struct rfcomm_cmd *cmd;
720 struct sk_buff *skb;
721
722 BT_DBG("dlc %p dlci %d", d, d->dlci);
723
724 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
725 if (!skb)
726 return -ENOMEM;
727
728 cmd = (void *) __skb_put(skb, sizeof(*cmd));
729 cmd->addr = d->addr;
730 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
731 cmd->len = __len8(0);
732 cmd->fcs = __fcs2((u8 *) cmd);
733
734 skb_queue_tail(&d->tx_queue, skb);
735 rfcomm_schedule(RFCOMM_SCHED_TX);
736 return 0;
737 }
738
739 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
740 {
741 struct rfcomm_cmd cmd;
742
743 BT_DBG("%p dlci %d", s, dlci);
744
745 cmd.addr = __addr(!s->initiator, dlci);
746 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
747 cmd.len = __len8(0);
748 cmd.fcs = __fcs2((u8 *) &cmd);
749
750 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
751 }
752
753 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
754 {
755 struct rfcomm_hdr *hdr;
756 struct rfcomm_mcc *mcc;
757 u8 buf[16], *ptr = buf;
758
759 BT_DBG("%p cr %d type %d", s, cr, type);
760
761 hdr = (void *) ptr; ptr += sizeof(*hdr);
762 hdr->addr = __addr(s->initiator, 0);
763 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
764 hdr->len = __len8(sizeof(*mcc) + 1);
765
766 mcc = (void *) ptr; ptr += sizeof(*mcc);
767 mcc->type = __mcc_type(cr, RFCOMM_NSC);
768 mcc->len = __len8(1);
769
770 /* Type that we didn't like */
771 *ptr = __mcc_type(cr, type); ptr++;
772
773 *ptr = __fcs(buf); ptr++;
774
775 return rfcomm_send_frame(s, buf, ptr - buf);
776 }
777
778 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
779 {
780 struct rfcomm_hdr *hdr;
781 struct rfcomm_mcc *mcc;
782 struct rfcomm_pn *pn;
783 u8 buf[16], *ptr = buf;
784
785 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
786
787 hdr = (void *) ptr; ptr += sizeof(*hdr);
788 hdr->addr = __addr(s->initiator, 0);
789 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
790 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
791
792 mcc = (void *) ptr; ptr += sizeof(*mcc);
793 mcc->type = __mcc_type(cr, RFCOMM_PN);
794 mcc->len = __len8(sizeof(*pn));
795
796 pn = (void *) ptr; ptr += sizeof(*pn);
797 pn->dlci = d->dlci;
798 pn->priority = d->priority;
799 pn->ack_timer = 0;
800 pn->max_retrans = 0;
801
802 if (s->cfc) {
803 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
804 pn->credits = RFCOMM_DEFAULT_CREDITS;
805 } else {
806 pn->flow_ctrl = 0;
807 pn->credits = 0;
808 }
809
810 pn->mtu = htobs(d->mtu);
811
812 *ptr = __fcs(buf); ptr++;
813
814 return rfcomm_send_frame(s, buf, ptr - buf);
815 }
816
817 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
818 u8 bit_rate, u8 data_bits, u8 stop_bits,
819 u8 parity, u8 flow_ctrl_settings,
820 u8 xon_char, u8 xoff_char, u16 param_mask)
821 {
822 struct rfcomm_hdr *hdr;
823 struct rfcomm_mcc *mcc;
824 struct rfcomm_rpn *rpn;
825 u8 buf[16], *ptr = buf;
826
827 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
828 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
829 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
830 flow_ctrl_settings, xon_char, xoff_char, param_mask);
831
832 hdr = (void *) ptr; ptr += sizeof(*hdr);
833 hdr->addr = __addr(s->initiator, 0);
834 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
835 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
836
837 mcc = (void *) ptr; ptr += sizeof(*mcc);
838 mcc->type = __mcc_type(cr, RFCOMM_RPN);
839 mcc->len = __len8(sizeof(*rpn));
840
841 rpn = (void *) ptr; ptr += sizeof(*rpn);
842 rpn->dlci = __addr(1, dlci);
843 rpn->bit_rate = bit_rate;
844 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
845 rpn->flow_ctrl = flow_ctrl_settings;
846 rpn->xon_char = xon_char;
847 rpn->xoff_char = xoff_char;
848 rpn->param_mask = param_mask;
849
850 *ptr = __fcs(buf); ptr++;
851
852 return rfcomm_send_frame(s, buf, ptr - buf);
853 }
854
855 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
856 {
857 struct rfcomm_hdr *hdr;
858 struct rfcomm_mcc *mcc;
859 struct rfcomm_rls *rls;
860 u8 buf[16], *ptr = buf;
861
862 BT_DBG("%p cr %d status 0x%x", s, cr, status);
863
864 hdr = (void *) ptr; ptr += sizeof(*hdr);
865 hdr->addr = __addr(s->initiator, 0);
866 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
867 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
868
869 mcc = (void *) ptr; ptr += sizeof(*mcc);
870 mcc->type = __mcc_type(cr, RFCOMM_RLS);
871 mcc->len = __len8(sizeof(*rls));
872
873 rls = (void *) ptr; ptr += sizeof(*rls);
874 rls->dlci = __addr(1, dlci);
875 rls->status = status;
876
877 *ptr = __fcs(buf); ptr++;
878
879 return rfcomm_send_frame(s, buf, ptr - buf);
880 }
881
882 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
883 {
884 struct rfcomm_hdr *hdr;
885 struct rfcomm_mcc *mcc;
886 struct rfcomm_msc *msc;
887 u8 buf[16], *ptr = buf;
888
889 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
890
891 hdr = (void *) ptr; ptr += sizeof(*hdr);
892 hdr->addr = __addr(s->initiator, 0);
893 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
894 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
895
896 mcc = (void *) ptr; ptr += sizeof(*mcc);
897 mcc->type = __mcc_type(cr, RFCOMM_MSC);
898 mcc->len = __len8(sizeof(*msc));
899
900 msc = (void *) ptr; ptr += sizeof(*msc);
901 msc->dlci = __addr(1, dlci);
902 msc->v24_sig = v24_sig | 0x01;
903
904 *ptr = __fcs(buf); ptr++;
905
906 return rfcomm_send_frame(s, buf, ptr - buf);
907 }
908
909 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
910 {
911 struct rfcomm_hdr *hdr;
912 struct rfcomm_mcc *mcc;
913 u8 buf[16], *ptr = buf;
914
915 BT_DBG("%p cr %d", s, cr);
916
917 hdr = (void *) ptr; ptr += sizeof(*hdr);
918 hdr->addr = __addr(s->initiator, 0);
919 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
920 hdr->len = __len8(sizeof(*mcc));
921
922 mcc = (void *) ptr; ptr += sizeof(*mcc);
923 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
924 mcc->len = __len8(0);
925
926 *ptr = __fcs(buf); ptr++;
927
928 return rfcomm_send_frame(s, buf, ptr - buf);
929 }
930
931 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
932 {
933 struct rfcomm_hdr *hdr;
934 struct rfcomm_mcc *mcc;
935 u8 buf[16], *ptr = buf;
936
937 BT_DBG("%p cr %d", s, cr);
938
939 hdr = (void *) ptr; ptr += sizeof(*hdr);
940 hdr->addr = __addr(s->initiator, 0);
941 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
942 hdr->len = __len8(sizeof(*mcc));
943
944 mcc = (void *) ptr; ptr += sizeof(*mcc);
945 mcc->type = __mcc_type(cr, RFCOMM_FCON);
946 mcc->len = __len8(0);
947
948 *ptr = __fcs(buf); ptr++;
949
950 return rfcomm_send_frame(s, buf, ptr - buf);
951 }
952
953 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
954 {
955 struct socket *sock = s->sock;
956 struct kvec iv[3];
957 struct msghdr msg;
958 unsigned char hdr[5], crc[1];
959
960 if (len > 125)
961 return -EINVAL;
962
963 BT_DBG("%p cr %d", s, cr);
964
965 hdr[0] = __addr(s->initiator, 0);
966 hdr[1] = __ctrl(RFCOMM_UIH, 0);
967 hdr[2] = 0x01 | ((len + 2) << 1);
968 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
969 hdr[4] = 0x01 | (len << 1);
970
971 crc[0] = __fcs(hdr);
972
973 iv[0].iov_base = hdr;
974 iv[0].iov_len = 5;
975 iv[1].iov_base = pattern;
976 iv[1].iov_len = len;
977 iv[2].iov_base = crc;
978 iv[2].iov_len = 1;
979
980 memset(&msg, 0, sizeof(msg));
981
982 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
983 }
984
985 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
986 {
987 struct rfcomm_hdr *hdr;
988 u8 buf[16], *ptr = buf;
989
990 BT_DBG("%p addr %d credits %d", s, addr, credits);
991
992 hdr = (void *) ptr; ptr += sizeof(*hdr);
993 hdr->addr = addr;
994 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
995 hdr->len = __len8(0);
996
997 *ptr = credits; ptr++;
998
999 *ptr = __fcs(buf); ptr++;
1000
1001 return rfcomm_send_frame(s, buf, ptr - buf);
1002 }
1003
1004 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1005 {
1006 struct rfcomm_hdr *hdr;
1007 int len = skb->len;
1008 u8 *crc;
1009
1010 if (len > 127) {
1011 hdr = (void *) skb_push(skb, 4);
1012 put_unaligned(htobs(__len16(len)), (u16 *) &hdr->len);
1013 } else {
1014 hdr = (void *) skb_push(skb, 3);
1015 hdr->len = __len8(len);
1016 }
1017 hdr->addr = addr;
1018 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1019
1020 crc = skb_put(skb, 1);
1021 *crc = __fcs((void *) hdr);
1022 }
1023
1024 /* ---- RFCOMM frame reception ---- */
1025 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1026 {
1027 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1028
1029 if (dlci) {
1030 /* Data channel */
1031 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1032 if (!d) {
1033 rfcomm_send_dm(s, dlci);
1034 return 0;
1035 }
1036
1037 switch (d->state) {
1038 case BT_CONNECT:
1039 rfcomm_dlc_clear_timer(d);
1040
1041 rfcomm_dlc_lock(d);
1042 d->state = BT_CONNECTED;
1043 d->state_change(d, 0);
1044 rfcomm_dlc_unlock(d);
1045
1046 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1047 break;
1048
1049 case BT_DISCONN:
1050 d->state = BT_CLOSED;
1051 __rfcomm_dlc_close(d, 0);
1052 break;
1053 }
1054 } else {
1055 /* Control channel */
1056 switch (s->state) {
1057 case BT_CONNECT:
1058 s->state = BT_CONNECTED;
1059 rfcomm_process_connect(s);
1060 break;
1061 }
1062 }
1063 return 0;
1064 }
1065
1066 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1067 {
1068 int err = 0;
1069
1070 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1071
1072 if (dlci) {
1073 /* Data DLC */
1074 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1075 if (d) {
1076 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1077 err = ECONNREFUSED;
1078 else
1079 err = ECONNRESET;
1080
1081 d->state = BT_CLOSED;
1082 __rfcomm_dlc_close(d, err);
1083 }
1084 } else {
1085 if (s->state == BT_CONNECT)
1086 err = ECONNREFUSED;
1087 else
1088 err = ECONNRESET;
1089
1090 s->state = BT_CLOSED;
1091 rfcomm_session_close(s, err);
1092 }
1093 return 0;
1094 }
1095
1096 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1097 {
1098 int err = 0;
1099
1100 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1101
1102 if (dlci) {
1103 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1104 if (d) {
1105 rfcomm_send_ua(s, dlci);
1106
1107 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1108 err = ECONNREFUSED;
1109 else
1110 err = ECONNRESET;
1111
1112 d->state = BT_CLOSED;
1113 __rfcomm_dlc_close(d, err);
1114 } else
1115 rfcomm_send_dm(s, dlci);
1116
1117 } else {
1118 rfcomm_send_ua(s, 0);
1119
1120 if (s->state == BT_CONNECT)
1121 err = ECONNREFUSED;
1122 else
1123 err = ECONNRESET;
1124
1125 s->state = BT_CLOSED;
1126 rfcomm_session_close(s, err);
1127 }
1128
1129 return 0;
1130 }
1131
1132 static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
1133 {
1134 struct sock *sk = d->session->sock->sk;
1135
1136 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
1137 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
1138 return 1;
1139 } else if (d->link_mode & RFCOMM_LM_AUTH) {
1140 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
1141 return 1;
1142 }
1143
1144 return 0;
1145 }
1146
1147 static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1148 {
1149 BT_DBG("dlc %p", d);
1150
1151 rfcomm_send_ua(d->session, d->dlci);
1152
1153 rfcomm_dlc_lock(d);
1154 d->state = BT_CONNECTED;
1155 d->state_change(d, 0);
1156 rfcomm_dlc_unlock(d);
1157
1158 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1159 }
1160
1161 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1162 {
1163 struct rfcomm_dlc *d;
1164 u8 channel;
1165
1166 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1167
1168 if (!dlci) {
1169 rfcomm_send_ua(s, 0);
1170
1171 if (s->state == BT_OPEN) {
1172 s->state = BT_CONNECTED;
1173 rfcomm_process_connect(s);
1174 }
1175 return 0;
1176 }
1177
1178 /* Check if DLC exists */
1179 d = rfcomm_dlc_get(s, dlci);
1180 if (d) {
1181 if (d->state == BT_OPEN) {
1182 /* DLC was previously opened by PN request */
1183 if (rfcomm_check_link_mode(d)) {
1184 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1185 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1186 return 0;
1187 }
1188
1189 rfcomm_dlc_accept(d);
1190 }
1191 return 0;
1192 }
1193
1194 /* Notify socket layer about incoming connection */
1195 channel = __srv_channel(dlci);
1196 if (rfcomm_connect_ind(s, channel, &d)) {
1197 d->dlci = dlci;
1198 d->addr = __addr(s->initiator, dlci);
1199 rfcomm_dlc_link(s, d);
1200
1201 if (rfcomm_check_link_mode(d)) {
1202 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1203 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1204 return 0;
1205 }
1206
1207 rfcomm_dlc_accept(d);
1208 } else {
1209 rfcomm_send_dm(s, dlci);
1210 }
1211
1212 return 0;
1213 }
1214
1215 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1216 {
1217 struct rfcomm_session *s = d->session;
1218
1219 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1220 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1221
1222 if (pn->flow_ctrl == 0xf0 || pn->flow_ctrl == 0xe0) {
1223 d->cfc = s->cfc = RFCOMM_CFC_ENABLED;
1224 d->tx_credits = pn->credits;
1225 } else {
1226 d->cfc = s->cfc = RFCOMM_CFC_DISABLED;
1227 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1228 }
1229
1230 d->priority = pn->priority;
1231
1232 d->mtu = s->mtu = btohs(pn->mtu);
1233
1234 return 0;
1235 }
1236
1237 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1238 {
1239 struct rfcomm_pn *pn = (void *) skb->data;
1240 struct rfcomm_dlc *d;
1241 u8 dlci = pn->dlci;
1242
1243 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1244
1245 if (!dlci)
1246 return 0;
1247
1248 d = rfcomm_dlc_get(s, dlci);
1249 if (d) {
1250 if (cr) {
1251 /* PN request */
1252 rfcomm_apply_pn(d, cr, pn);
1253 rfcomm_send_pn(s, 0, d);
1254 } else {
1255 /* PN response */
1256 switch (d->state) {
1257 case BT_CONFIG:
1258 rfcomm_apply_pn(d, cr, pn);
1259
1260 d->state = BT_CONNECT;
1261 rfcomm_send_sabm(s, d->dlci);
1262 break;
1263 }
1264 }
1265 } else {
1266 u8 channel = __srv_channel(dlci);
1267
1268 if (!cr)
1269 return 0;
1270
1271 /* PN request for non existing DLC.
1272 * Assume incoming connection. */
1273 if (rfcomm_connect_ind(s, channel, &d)) {
1274 d->dlci = dlci;
1275 d->addr = __addr(s->initiator, dlci);
1276 rfcomm_dlc_link(s, d);
1277
1278 rfcomm_apply_pn(d, cr, pn);
1279
1280 d->state = BT_OPEN;
1281 rfcomm_send_pn(s, 0, d);
1282 } else {
1283 rfcomm_send_dm(s, dlci);
1284 }
1285 }
1286 return 0;
1287 }
1288
1289 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1290 {
1291 struct rfcomm_rpn *rpn = (void *) skb->data;
1292 u8 dlci = __get_dlci(rpn->dlci);
1293
1294 u8 bit_rate = 0;
1295 u8 data_bits = 0;
1296 u8 stop_bits = 0;
1297 u8 parity = 0;
1298 u8 flow_ctrl = 0;
1299 u8 xon_char = 0;
1300 u8 xoff_char = 0;
1301 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1302
1303 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1304 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1305 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1306
1307 if (!cr)
1308 return 0;
1309
1310 if (len == 1) {
1311 /* This is a request, return default settings */
1312 bit_rate = RFCOMM_RPN_BR_115200;
1313 data_bits = RFCOMM_RPN_DATA_8;
1314 stop_bits = RFCOMM_RPN_STOP_1;
1315 parity = RFCOMM_RPN_PARITY_NONE;
1316 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1317 xon_char = RFCOMM_RPN_XON_CHAR;
1318 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1319 goto rpn_out;
1320 }
1321
1322 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1323 * no parity, no flow control lines, normal XON/XOFF chars */
1324
1325 if (rpn->param_mask & RFCOMM_RPN_PM_BITRATE) {
1326 bit_rate = rpn->bit_rate;
1327 if (bit_rate != RFCOMM_RPN_BR_115200) {
1328 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1329 bit_rate = RFCOMM_RPN_BR_115200;
1330 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1331 }
1332 }
1333
1334 if (rpn->param_mask & RFCOMM_RPN_PM_DATA) {
1335 data_bits = __get_rpn_data_bits(rpn->line_settings);
1336 if (data_bits != RFCOMM_RPN_DATA_8) {
1337 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1338 data_bits = RFCOMM_RPN_DATA_8;
1339 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1340 }
1341 }
1342
1343 if (rpn->param_mask & RFCOMM_RPN_PM_STOP) {
1344 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1345 if (stop_bits != RFCOMM_RPN_STOP_1) {
1346 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1347 stop_bits = RFCOMM_RPN_STOP_1;
1348 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1349 }
1350 }
1351
1352 if (rpn->param_mask & RFCOMM_RPN_PM_PARITY) {
1353 parity = __get_rpn_parity(rpn->line_settings);
1354 if (parity != RFCOMM_RPN_PARITY_NONE) {
1355 BT_DBG("RPN parity mismatch 0x%x", parity);
1356 parity = RFCOMM_RPN_PARITY_NONE;
1357 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1358 }
1359 }
1360
1361 if (rpn->param_mask & RFCOMM_RPN_PM_FLOW) {
1362 flow_ctrl = rpn->flow_ctrl;
1363 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1364 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1365 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1366 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1367 }
1368 }
1369
1370 if (rpn->param_mask & RFCOMM_RPN_PM_XON) {
1371 xon_char = rpn->xon_char;
1372 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1373 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1374 xon_char = RFCOMM_RPN_XON_CHAR;
1375 rpn_mask ^= RFCOMM_RPN_PM_XON;
1376 }
1377 }
1378
1379 if (rpn->param_mask & RFCOMM_RPN_PM_XOFF) {
1380 xoff_char = rpn->xoff_char;
1381 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1382 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1383 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1384 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1385 }
1386 }
1387
1388 rpn_out:
1389 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1390 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1391
1392 return 0;
1393 }
1394
1395 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1396 {
1397 struct rfcomm_rls *rls = (void *) skb->data;
1398 u8 dlci = __get_dlci(rls->dlci);
1399
1400 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1401
1402 if (!cr)
1403 return 0;
1404
1405 /* We should probably do something with this information here. But
1406 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1407 * mandatory to recognise and respond to RLS */
1408
1409 rfcomm_send_rls(s, 0, dlci, rls->status);
1410
1411 return 0;
1412 }
1413
1414 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1415 {
1416 struct rfcomm_msc *msc = (void *) skb->data;
1417 struct rfcomm_dlc *d;
1418 u8 dlci = __get_dlci(msc->dlci);
1419
1420 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1421
1422 d = rfcomm_dlc_get(s, dlci);
1423 if (!d)
1424 return 0;
1425
1426 if (cr) {
1427 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1428 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1429 else
1430 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1431
1432 rfcomm_dlc_lock(d);
1433 if (d->modem_status)
1434 d->modem_status(d, msc->v24_sig);
1435 rfcomm_dlc_unlock(d);
1436
1437 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1438
1439 d->mscex |= RFCOMM_MSCEX_RX;
1440 } else
1441 d->mscex |= RFCOMM_MSCEX_TX;
1442
1443 return 0;
1444 }
1445
1446 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1447 {
1448 struct rfcomm_mcc *mcc = (void *) skb->data;
1449 u8 type, cr, len;
1450
1451 cr = __test_cr(mcc->type);
1452 type = __get_mcc_type(mcc->type);
1453 len = __get_mcc_len(mcc->len);
1454
1455 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1456
1457 skb_pull(skb, 2);
1458
1459 switch (type) {
1460 case RFCOMM_PN:
1461 rfcomm_recv_pn(s, cr, skb);
1462 break;
1463
1464 case RFCOMM_RPN:
1465 rfcomm_recv_rpn(s, cr, len, skb);
1466 break;
1467
1468 case RFCOMM_RLS:
1469 rfcomm_recv_rls(s, cr, skb);
1470 break;
1471
1472 case RFCOMM_MSC:
1473 rfcomm_recv_msc(s, cr, skb);
1474 break;
1475
1476 case RFCOMM_FCOFF:
1477 if (cr) {
1478 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1479 rfcomm_send_fcoff(s, 0);
1480 }
1481 break;
1482
1483 case RFCOMM_FCON:
1484 if (cr) {
1485 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1486 rfcomm_send_fcon(s, 0);
1487 }
1488 break;
1489
1490 case RFCOMM_TEST:
1491 if (cr)
1492 rfcomm_send_test(s, 0, skb->data, skb->len);
1493 break;
1494
1495 case RFCOMM_NSC:
1496 break;
1497
1498 default:
1499 BT_ERR("Unknown control type 0x%02x", type);
1500 rfcomm_send_nsc(s, cr, type);
1501 break;
1502 }
1503 return 0;
1504 }
1505
1506 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1507 {
1508 struct rfcomm_dlc *d;
1509
1510 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1511
1512 d = rfcomm_dlc_get(s, dlci);
1513 if (!d) {
1514 rfcomm_send_dm(s, dlci);
1515 goto drop;
1516 }
1517
1518 if (pf && d->cfc) {
1519 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1520
1521 d->tx_credits += credits;
1522 if (d->tx_credits)
1523 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1524 }
1525
1526 if (skb->len && d->state == BT_CONNECTED) {
1527 rfcomm_dlc_lock(d);
1528 d->rx_credits--;
1529 d->data_ready(d, skb);
1530 rfcomm_dlc_unlock(d);
1531 return 0;
1532 }
1533
1534 drop:
1535 kfree_skb(skb);
1536 return 0;
1537 }
1538
1539 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1540 {
1541 struct rfcomm_hdr *hdr = (void *) skb->data;
1542 u8 type, dlci, fcs;
1543
1544 dlci = __get_dlci(hdr->addr);
1545 type = __get_type(hdr->ctrl);
1546
1547 /* Trim FCS */
1548 skb->len--; skb->tail--;
1549 fcs = *(u8 *) skb->tail;
1550
1551 if (__check_fcs(skb->data, type, fcs)) {
1552 BT_ERR("bad checksum in packet");
1553 kfree_skb(skb);
1554 return -EILSEQ;
1555 }
1556
1557 if (__test_ea(hdr->len))
1558 skb_pull(skb, 3);
1559 else
1560 skb_pull(skb, 4);
1561
1562 switch (type) {
1563 case RFCOMM_SABM:
1564 if (__test_pf(hdr->ctrl))
1565 rfcomm_recv_sabm(s, dlci);
1566 break;
1567
1568 case RFCOMM_DISC:
1569 if (__test_pf(hdr->ctrl))
1570 rfcomm_recv_disc(s, dlci);
1571 break;
1572
1573 case RFCOMM_UA:
1574 if (__test_pf(hdr->ctrl))
1575 rfcomm_recv_ua(s, dlci);
1576 break;
1577
1578 case RFCOMM_DM:
1579 rfcomm_recv_dm(s, dlci);
1580 break;
1581
1582 case RFCOMM_UIH:
1583 if (dlci)
1584 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1585
1586 rfcomm_recv_mcc(s, skb);
1587 break;
1588
1589 default:
1590 BT_ERR("Unknown packet type 0x%02x\n", type);
1591 break;
1592 }
1593 kfree_skb(skb);
1594 return 0;
1595 }
1596
1597 /* ---- Connection and data processing ---- */
1598
1599 static void rfcomm_process_connect(struct rfcomm_session *s)
1600 {
1601 struct rfcomm_dlc *d;
1602 struct list_head *p, *n;
1603
1604 BT_DBG("session %p state %ld", s, s->state);
1605
1606 list_for_each_safe(p, n, &s->dlcs) {
1607 d = list_entry(p, struct rfcomm_dlc, list);
1608 if (d->state == BT_CONFIG) {
1609 d->mtu = s->mtu;
1610 rfcomm_send_pn(s, 1, d);
1611 }
1612 }
1613 }
1614
1615 /* Send data queued for the DLC.
1616 * Return number of frames left in the queue.
1617 */
1618 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1619 {
1620 struct sk_buff *skb;
1621 int err;
1622
1623 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1624 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1625
1626 /* Send pending MSC */
1627 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1628 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1629
1630 if (d->cfc) {
1631 /* CFC enabled.
1632 * Give them some credits */
1633 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1634 d->rx_credits <= (d->cfc >> 2)) {
1635 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1636 d->rx_credits = d->cfc;
1637 }
1638 } else {
1639 /* CFC disabled.
1640 * Give ourselves some credits */
1641 d->tx_credits = 5;
1642 }
1643
1644 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1645 return skb_queue_len(&d->tx_queue);
1646
1647 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1648 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1649 if (err < 0) {
1650 skb_queue_head(&d->tx_queue, skb);
1651 break;
1652 }
1653 kfree_skb(skb);
1654 d->tx_credits--;
1655 }
1656
1657 if (d->cfc && !d->tx_credits) {
1658 /* We're out of TX credits.
1659 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1660 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1661 }
1662
1663 return skb_queue_len(&d->tx_queue);
1664 }
1665
1666 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1667 {
1668 struct rfcomm_dlc *d;
1669 struct list_head *p, *n;
1670
1671 BT_DBG("session %p state %ld", s, s->state);
1672
1673 list_for_each_safe(p, n, &s->dlcs) {
1674 d = list_entry(p, struct rfcomm_dlc, list);
1675
1676 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1677 __rfcomm_dlc_close(d, ETIMEDOUT);
1678 continue;
1679 }
1680
1681 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1682 rfcomm_dlc_clear_timer(d);
1683 rfcomm_dlc_accept(d);
1684 if (d->link_mode & RFCOMM_LM_SECURE) {
1685 struct sock *sk = s->sock->sk;
1686 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
1687 }
1688 continue;
1689 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1690 rfcomm_dlc_clear_timer(d);
1691 rfcomm_send_dm(s, d->dlci);
1692 __rfcomm_dlc_close(d, ECONNREFUSED);
1693 continue;
1694 }
1695
1696 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1697 continue;
1698
1699 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1700 d->mscex == RFCOMM_MSCEX_OK)
1701 rfcomm_process_tx(d);
1702 }
1703 }
1704
1705 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1706 {
1707 struct socket *sock = s->sock;
1708 struct sock *sk = sock->sk;
1709 struct sk_buff *skb;
1710
1711 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1712
1713 /* Get data directly from socket receive queue without copying it. */
1714 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1715 skb_orphan(skb);
1716 rfcomm_recv_frame(s, skb);
1717 }
1718
1719 if (sk->sk_state == BT_CLOSED) {
1720 if (!s->initiator)
1721 rfcomm_session_put(s);
1722
1723 rfcomm_session_close(s, sk->sk_err);
1724 }
1725 }
1726
1727 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1728 {
1729 struct socket *sock = s->sock, *nsock;
1730 int err;
1731
1732 /* Fast check for a new connection.
1733 * Avoids unnesesary socket allocations. */
1734 if (list_empty(&bt_sk(sock->sk)->accept_q))
1735 return;
1736
1737 BT_DBG("session %p", s);
1738
1739 if (sock_create_lite(PF_BLUETOOTH, sock->type, BTPROTO_L2CAP, &nsock))
1740 return;
1741
1742 nsock->ops = sock->ops;
1743
1744 __module_get(nsock->ops->owner);
1745
1746 err = sock->ops->accept(sock, nsock, O_NONBLOCK);
1747 if (err < 0) {
1748 sock_release(nsock);
1749 return;
1750 }
1751
1752 /* Set our callbacks */
1753 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1754 nsock->sk->sk_state_change = rfcomm_l2state_change;
1755
1756 s = rfcomm_session_add(nsock, BT_OPEN);
1757 if (s) {
1758 rfcomm_session_hold(s);
1759 rfcomm_schedule(RFCOMM_SCHED_RX);
1760 } else
1761 sock_release(nsock);
1762 }
1763
1764 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1765 {
1766 struct sock *sk = s->sock->sk;
1767
1768 BT_DBG("%p state %ld", s, s->state);
1769
1770 switch(sk->sk_state) {
1771 case BT_CONNECTED:
1772 s->state = BT_CONNECT;
1773
1774 /* We can adjust MTU on outgoing sessions.
1775 * L2CAP MTU minus UIH header and FCS. */
1776 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1777
1778 rfcomm_send_sabm(s, 0);
1779 break;
1780
1781 case BT_CLOSED:
1782 s->state = BT_CLOSED;
1783 rfcomm_session_close(s, sk->sk_err);
1784 break;
1785 }
1786 }
1787
1788 static inline void rfcomm_process_sessions(void)
1789 {
1790 struct list_head *p, *n;
1791
1792 rfcomm_lock();
1793
1794 list_for_each_safe(p, n, &session_list) {
1795 struct rfcomm_session *s;
1796 s = list_entry(p, struct rfcomm_session, list);
1797
1798 if (s->state == BT_LISTEN) {
1799 rfcomm_accept_connection(s);
1800 continue;
1801 }
1802
1803 rfcomm_session_hold(s);
1804
1805 switch (s->state) {
1806 case BT_BOUND:
1807 rfcomm_check_connection(s);
1808 break;
1809
1810 default:
1811 rfcomm_process_rx(s);
1812 break;
1813 }
1814
1815 rfcomm_process_dlcs(s);
1816
1817 rfcomm_session_put(s);
1818 }
1819
1820 rfcomm_unlock();
1821 }
1822
1823 static void rfcomm_worker(void)
1824 {
1825 BT_DBG("");
1826
1827 while (!atomic_read(&terminate)) {
1828 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1829 /* No pending events. Let's sleep.
1830 * Incoming connections and data will wake us up. */
1831 set_current_state(TASK_INTERRUPTIBLE);
1832 schedule();
1833 }
1834
1835 /* Process stuff */
1836 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1837 rfcomm_process_sessions();
1838 }
1839 set_current_state(TASK_RUNNING);
1840 return;
1841 }
1842
1843 static int rfcomm_add_listener(bdaddr_t *ba)
1844 {
1845 struct sockaddr_l2 addr;
1846 struct socket *sock;
1847 struct sock *sk;
1848 struct rfcomm_session *s;
1849 int err = 0;
1850
1851 /* Create socket */
1852 err = rfcomm_l2sock_create(&sock);
1853 if (err < 0) {
1854 BT_ERR("Create socket failed %d", err);
1855 return err;
1856 }
1857
1858 /* Bind socket */
1859 bacpy(&addr.l2_bdaddr, ba);
1860 addr.l2_family = AF_BLUETOOTH;
1861 addr.l2_psm = htobs(RFCOMM_PSM);
1862 err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1863 if (err < 0) {
1864 BT_ERR("Bind failed %d", err);
1865 goto failed;
1866 }
1867
1868 /* Set L2CAP options */
1869 sk = sock->sk;
1870 lock_sock(sk);
1871 l2cap_pi(sk)->imtu = RFCOMM_MAX_L2CAP_MTU;
1872 release_sock(sk);
1873
1874 /* Start listening on the socket */
1875 err = sock->ops->listen(sock, 10);
1876 if (err) {
1877 BT_ERR("Listen failed %d", err);
1878 goto failed;
1879 }
1880
1881 /* Add listening session */
1882 s = rfcomm_session_add(sock, BT_LISTEN);
1883 if (!s)
1884 goto failed;
1885
1886 rfcomm_session_hold(s);
1887 return 0;
1888 failed:
1889 sock_release(sock);
1890 return err;
1891 }
1892
1893 static void rfcomm_kill_listener(void)
1894 {
1895 struct rfcomm_session *s;
1896 struct list_head *p, *n;
1897
1898 BT_DBG("");
1899
1900 list_for_each_safe(p, n, &session_list) {
1901 s = list_entry(p, struct rfcomm_session, list);
1902 rfcomm_session_del(s);
1903 }
1904 }
1905
1906 static int rfcomm_run(void *unused)
1907 {
1908 rfcomm_thread = current;
1909
1910 atomic_inc(&running);
1911
1912 daemonize("krfcommd");
1913 set_user_nice(current, -10);
1914 current->flags |= PF_NOFREEZE;
1915
1916 BT_DBG("");
1917
1918 rfcomm_add_listener(BDADDR_ANY);
1919
1920 rfcomm_worker();
1921
1922 rfcomm_kill_listener();
1923
1924 atomic_dec(&running);
1925 return 0;
1926 }
1927
1928 static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
1929 {
1930 struct rfcomm_session *s;
1931 struct rfcomm_dlc *d;
1932 struct list_head *p, *n;
1933
1934 BT_DBG("conn %p status 0x%02x", conn, status);
1935
1936 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1937 if (!s)
1938 return;
1939
1940 rfcomm_session_hold(s);
1941
1942 list_for_each_safe(p, n, &s->dlcs) {
1943 d = list_entry(p, struct rfcomm_dlc, list);
1944
1945 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE))
1946 continue;
1947
1948 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1949 continue;
1950
1951 if (!status)
1952 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1953 else
1954 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1955 }
1956
1957 rfcomm_session_put(s);
1958
1959 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1960 }
1961
1962 static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1963 {
1964 struct rfcomm_session *s;
1965 struct rfcomm_dlc *d;
1966 struct list_head *p, *n;
1967
1968 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
1969
1970 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1971 if (!s)
1972 return;
1973
1974 rfcomm_session_hold(s);
1975
1976 list_for_each_safe(p, n, &s->dlcs) {
1977 d = list_entry(p, struct rfcomm_dlc, list);
1978
1979 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1980 continue;
1981
1982 if (!status && encrypt)
1983 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1984 else
1985 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1986 }
1987
1988 rfcomm_session_put(s);
1989
1990 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1991 }
1992
1993 static struct hci_cb rfcomm_cb = {
1994 .name = "RFCOMM",
1995 .auth_cfm = rfcomm_auth_cfm,
1996 .encrypt_cfm = rfcomm_encrypt_cfm
1997 };
1998
1999 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
2000 {
2001 struct rfcomm_session *s;
2002 struct list_head *pp, *p;
2003 char *str = buf;
2004
2005 rfcomm_lock();
2006
2007 list_for_each(p, &session_list) {
2008 s = list_entry(p, struct rfcomm_session, list);
2009 list_for_each(pp, &s->dlcs) {
2010 struct sock *sk = s->sock->sk;
2011 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
2012
2013 str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2014 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2015 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
2016 }
2017 }
2018
2019 rfcomm_unlock();
2020
2021 return (str - buf);
2022 }
2023
2024 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
2025
2026 /* ---- Initialization ---- */
2027 static int __init rfcomm_init(void)
2028 {
2029 l2cap_load();
2030
2031 hci_register_cb(&rfcomm_cb);
2032
2033 kernel_thread(rfcomm_run, NULL, CLONE_KERNEL);
2034
2035 class_create_file(&bt_class, &class_attr_rfcomm_dlc);
2036
2037 rfcomm_init_sockets();
2038
2039 #ifdef CONFIG_BT_RFCOMM_TTY
2040 rfcomm_init_ttys();
2041 #endif
2042
2043 BT_INFO("RFCOMM ver %s", VERSION);
2044
2045 return 0;
2046 }
2047
2048 static void __exit rfcomm_exit(void)
2049 {
2050 class_remove_file(&bt_class, &class_attr_rfcomm_dlc);
2051
2052 hci_unregister_cb(&rfcomm_cb);
2053
2054 /* Terminate working thread.
2055 * ie. Set terminate flag and wake it up */
2056 atomic_inc(&terminate);
2057 rfcomm_schedule(RFCOMM_SCHED_STATE);
2058
2059 /* Wait until thread is running */
2060 while (atomic_read(&running))
2061 schedule();
2062
2063 #ifdef CONFIG_BT_RFCOMM_TTY
2064 rfcomm_cleanup_ttys();
2065 #endif
2066
2067 rfcomm_cleanup_sockets();
2068 }
2069
2070 module_init(rfcomm_init);
2071 module_exit(rfcomm_exit);
2072
2073 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
2074 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2075 MODULE_VERSION(VERSION);
2076 MODULE_LICENSE("GPL");
2077 MODULE_ALIAS("bt-proto-3");
linux v2.6.22.y-op