[Bluetooth] Use real devices for host controllers
[linux-2.6.git] / net / bluetooth / rfcomm / core.c
1 /* 
2    RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3    Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4    Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License version 2 as
8    published by the Free Software Foundation;
9
10    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 
15    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 
16    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 
17    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 
20    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 
21    SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25  * Bluetooth RFCOMM core.
26  *
27  * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $
28  */
29
30 #include <linux/module.h>
31 #include <linux/errno.h>
32 #include <linux/kernel.h>
33 #include <linux/sched.h>
34 #include <linux/signal.h>
35 #include <linux/init.h>
36 #include <linux/wait.h>
37 #include <linux/device.h>
38 #include <linux/net.h>
39 #include <linux/mutex.h>
40
41 #include <net/sock.h>
42 #include <asm/uaccess.h>
43 #include <asm/unaligned.h>
44
45 #include <net/bluetooth/bluetooth.h>
46 #include <net/bluetooth/hci_core.h>
47 #include <net/bluetooth/l2cap.h>
48 #include <net/bluetooth/rfcomm.h>
49
50 #ifndef CONFIG_BT_RFCOMM_DEBUG
51 #undef  BT_DBG
52 #define BT_DBG(D...)
53 #endif
54
55 #define VERSION "1.7"
56
57 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
58
59 static struct task_struct *rfcomm_thread;
60
61 static DEFINE_MUTEX(rfcomm_mutex);
62 #define rfcomm_lock()   mutex_lock(&rfcomm_mutex)
63 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
64
65 static unsigned long rfcomm_event;
66
67 static LIST_HEAD(session_list);
68 static atomic_t terminate, running;
69
70 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
71 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
72 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
73 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
74 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
75 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
76 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
77 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
78 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
79 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
80
81 static void rfcomm_process_connect(struct rfcomm_session *s);
82
83 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
84 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
85 static void rfcomm_session_del(struct rfcomm_session *s);
86
87 /* ---- RFCOMM frame parsing macros ---- */
88 #define __get_dlci(b)     ((b & 0xfc) >> 2)
89 #define __get_channel(b)  ((b & 0xf8) >> 3)
90 #define __get_dir(b)      ((b & 0x04) >> 2)
91 #define __get_type(b)     ((b & 0xef))
92
93 #define __test_ea(b)      ((b & 0x01))
94 #define __test_cr(b)      ((b & 0x02))
95 #define __test_pf(b)      ((b & 0x10))
96
97 #define __addr(cr, dlci)       (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
98 #define __ctrl(type, pf)       (((type & 0xef) | (pf << 4)))
99 #define __dlci(dir, chn)       (((chn & 0x1f) << 1) | dir)
100 #define __srv_channel(dlci)    (dlci >> 1)
101 #define __dir(dlci)            (dlci & 0x01)
102
103 #define __len8(len)       (((len) << 1) | 1)
104 #define __len16(len)      ((len) << 1)
105
106 /* MCC macros */
107 #define __mcc_type(cr, type)   (((type << 2) | (cr << 1) | 0x01))
108 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
109 #define __get_mcc_len(b)  ((b & 0xfe) >> 1)
110
111 /* RPN macros */
112 #define __rpn_line_settings(data, stop, parity)  ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
113 #define __get_rpn_data_bits(line) ((line) & 0x3)
114 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
115 #define __get_rpn_parity(line)    (((line) >> 3) & 0x7)
116
117 static inline void rfcomm_schedule(uint event)
118 {
119         if (!rfcomm_thread)
120                 return;
121         //set_bit(event, &rfcomm_event);
122         set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
123         wake_up_process(rfcomm_thread);
124 }
125
126 static inline void rfcomm_session_put(struct rfcomm_session *s)
127 {
128         if (atomic_dec_and_test(&s->refcnt))
129                 rfcomm_session_del(s);
130 }
131
132 /* ---- RFCOMM FCS computation ---- */
133
134 /* reversed, 8-bit, poly=0x07 */
135 static unsigned char rfcomm_crc_table[256] = { 
136         0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
137         0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
138         0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
139         0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
140
141         0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
142         0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
143         0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
144         0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
145
146         0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
147         0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
148         0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
149         0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
150
151         0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
152         0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
153         0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
154         0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
155
156         0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
157         0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
158         0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
159         0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
160
161         0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
162         0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
163         0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
164         0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
165
166         0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
167         0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
168         0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
169         0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
170
171         0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
172         0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
173         0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
174         0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
175 };
176
177 /* CRC on 2 bytes */
178 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
179
180 /* FCS on 2 bytes */ 
181 static inline u8 __fcs(u8 *data)
182 {
183         return (0xff - __crc(data));
184 }
185
186 /* FCS on 3 bytes */ 
187 static inline u8 __fcs2(u8 *data)
188 {
189         return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
190 }
191
192 /* Check FCS */
193 static inline int __check_fcs(u8 *data, int type, u8 fcs)
194 {
195         u8 f = __crc(data);
196
197         if (type != RFCOMM_UIH)
198                 f = rfcomm_crc_table[f ^ data[2]];
199
200         return rfcomm_crc_table[f ^ fcs] != 0xcf;
201 }
202
203 /* ---- L2CAP callbacks ---- */
204 static void rfcomm_l2state_change(struct sock *sk)
205 {
206         BT_DBG("%p state %d", sk, sk->sk_state);
207         rfcomm_schedule(RFCOMM_SCHED_STATE);
208 }
209
210 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
211 {
212         BT_DBG("%p bytes %d", sk, bytes);
213         rfcomm_schedule(RFCOMM_SCHED_RX);
214 }
215
216 static int rfcomm_l2sock_create(struct socket **sock)
217 {
218         int err;
219
220         BT_DBG("");
221
222         err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
223         if (!err) {
224                 struct sock *sk = (*sock)->sk;
225                 sk->sk_data_ready   = rfcomm_l2data_ready;
226                 sk->sk_state_change = rfcomm_l2state_change;
227         }
228         return err;
229 }
230
231 /* ---- RFCOMM DLCs ---- */
232 static void rfcomm_dlc_timeout(unsigned long arg)
233 {
234         struct rfcomm_dlc *d = (void *) arg;
235
236         BT_DBG("dlc %p state %ld", d, d->state);
237
238         set_bit(RFCOMM_TIMED_OUT, &d->flags);
239         rfcomm_dlc_put(d);
240         rfcomm_schedule(RFCOMM_SCHED_TIMEO);
241 }
242
243 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
244 {
245         BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
246
247         if (!mod_timer(&d->timer, jiffies + timeout))
248                 rfcomm_dlc_hold(d);
249 }
250
251 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
252 {
253         BT_DBG("dlc %p state %ld", d, d->state);
254
255         if (timer_pending(&d->timer) && del_timer(&d->timer))
256                 rfcomm_dlc_put(d);
257 }
258
259 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
260 {
261         BT_DBG("%p", d);
262
263         d->state      = BT_OPEN;
264         d->flags      = 0;
265         d->mscex      = 0;
266         d->mtu        = RFCOMM_DEFAULT_MTU;
267         d->v24_sig    = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
268
269         d->cfc        = RFCOMM_CFC_DISABLED;
270         d->rx_credits = RFCOMM_DEFAULT_CREDITS;
271 }
272
273 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
274 {
275         struct rfcomm_dlc *d = kmalloc(sizeof(*d), prio);
276         if (!d)
277                 return NULL;
278         memset(d, 0, sizeof(*d));
279
280         init_timer(&d->timer);
281         d->timer.function = rfcomm_dlc_timeout;
282         d->timer.data = (unsigned long) d;
283
284         skb_queue_head_init(&d->tx_queue);
285         spin_lock_init(&d->lock);
286         atomic_set(&d->refcnt, 1);
287
288         rfcomm_dlc_clear_state(d);
289         
290         BT_DBG("%p", d);
291         return d;
292 }
293
294 void rfcomm_dlc_free(struct rfcomm_dlc *d)
295 {
296         BT_DBG("%p", d);
297
298         skb_queue_purge(&d->tx_queue);
299         kfree(d);
300 }
301
302 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
303 {
304         BT_DBG("dlc %p session %p", d, s);
305
306         rfcomm_session_hold(s);
307
308         rfcomm_dlc_hold(d);
309         list_add(&d->list, &s->dlcs);
310         d->session = s;
311 }
312
313 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
314 {
315         struct rfcomm_session *s = d->session;
316
317         BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
318
319         list_del(&d->list);
320         d->session = NULL;
321         rfcomm_dlc_put(d);
322
323         rfcomm_session_put(s);
324 }
325
326 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
327 {
328         struct rfcomm_dlc *d;
329         struct list_head *p;
330
331         list_for_each(p, &s->dlcs) {
332                 d = list_entry(p, struct rfcomm_dlc, list);
333                 if (d->dlci == dlci)
334                         return d;
335         }
336         return NULL;
337 }
338
339 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
340 {
341         struct rfcomm_session *s;
342         int err = 0;
343         u8 dlci;
344
345         BT_DBG("dlc %p state %ld %s %s channel %d", 
346                         d, d->state, batostr(src), batostr(dst), channel);
347
348         if (channel < 1 || channel > 30)
349                 return -EINVAL;
350
351         if (d->state != BT_OPEN && d->state != BT_CLOSED)
352                 return 0;
353
354         s = rfcomm_session_get(src, dst);
355         if (!s) {
356                 s = rfcomm_session_create(src, dst, &err);
357                 if (!s)
358                         return err;
359         }
360
361         dlci = __dlci(!s->initiator, channel);
362
363         /* Check if DLCI already exists */
364         if (rfcomm_dlc_get(s, dlci))
365                 return -EBUSY;
366
367         rfcomm_dlc_clear_state(d);
368
369         d->dlci     = dlci;
370         d->addr     = __addr(s->initiator, dlci);
371         d->priority = 7;
372
373         d->state    = BT_CONFIG;
374         rfcomm_dlc_link(s, d);
375
376         d->mtu = s->mtu;
377         d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
378
379         if (s->state == BT_CONNECTED)
380                 rfcomm_send_pn(s, 1, d);
381         rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
382         return 0;
383 }
384
385 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
386 {
387         int r;
388
389         rfcomm_lock();
390
391         r = __rfcomm_dlc_open(d, src, dst, channel);
392
393         rfcomm_unlock();
394         return r;
395 }
396
397 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
398 {
399         struct rfcomm_session *s = d->session;
400         if (!s)
401                 return 0;
402
403         BT_DBG("dlc %p state %ld dlci %d err %d session %p",
404                         d, d->state, d->dlci, err, s);
405
406         switch (d->state) {
407         case BT_CONNECTED:
408         case BT_CONFIG:
409         case BT_CONNECT:
410                 d->state = BT_DISCONN;
411                 if (skb_queue_empty(&d->tx_queue)) {
412                         rfcomm_send_disc(s, d->dlci);
413                         rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
414                 } else {
415                         rfcomm_queue_disc(d);
416                         rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
417                 }
418                 break;
419
420         default:
421                 rfcomm_dlc_clear_timer(d);
422
423                 rfcomm_dlc_lock(d);
424                 d->state = BT_CLOSED;
425                 d->state_change(d, err);
426                 rfcomm_dlc_unlock(d);
427
428                 skb_queue_purge(&d->tx_queue);
429                 rfcomm_dlc_unlink(d);
430         }
431
432         return 0;
433 }
434
435 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
436 {
437         int r;
438
439         rfcomm_lock();
440
441         r = __rfcomm_dlc_close(d, err);
442
443         rfcomm_unlock();
444         return r;
445 }
446
447 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
448 {
449         int len = skb->len;
450
451         if (d->state != BT_CONNECTED)
452                 return -ENOTCONN;
453
454         BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
455
456         if (len > d->mtu)
457                 return -EINVAL;
458
459         rfcomm_make_uih(skb, d->addr);
460         skb_queue_tail(&d->tx_queue, skb);
461
462         if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
463                 rfcomm_schedule(RFCOMM_SCHED_TX);
464         return len;
465 }
466
467 void fastcall __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
468 {
469         BT_DBG("dlc %p state %ld", d, d->state);
470
471         if (!d->cfc) {
472                 d->v24_sig |= RFCOMM_V24_FC;
473                 set_bit(RFCOMM_MSC_PENDING, &d->flags);
474         }
475         rfcomm_schedule(RFCOMM_SCHED_TX);
476 }
477
478 void fastcall __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
479 {
480         BT_DBG("dlc %p state %ld", d, d->state);
481
482         if (!d->cfc) {
483                 d->v24_sig &= ~RFCOMM_V24_FC;
484                 set_bit(RFCOMM_MSC_PENDING, &d->flags);
485         }
486         rfcomm_schedule(RFCOMM_SCHED_TX);
487 }
488
489 /* 
490    Set/get modem status functions use _local_ status i.e. what we report
491    to the other side.
492    Remote status is provided by dlc->modem_status() callback.
493  */
494 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
495 {
496         BT_DBG("dlc %p state %ld v24_sig 0x%x", 
497                         d, d->state, v24_sig);
498
499         if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
500                 v24_sig |= RFCOMM_V24_FC;
501         else
502                 v24_sig &= ~RFCOMM_V24_FC;
503         
504         d->v24_sig = v24_sig;
505
506         if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
507                 rfcomm_schedule(RFCOMM_SCHED_TX);
508
509         return 0;
510 }
511
512 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
513 {
514         BT_DBG("dlc %p state %ld v24_sig 0x%x", 
515                         d, d->state, d->v24_sig);
516
517         *v24_sig = d->v24_sig;
518         return 0;
519 }
520
521 /* ---- RFCOMM sessions ---- */
522 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
523 {
524         struct rfcomm_session *s = kmalloc(sizeof(*s), GFP_KERNEL);
525         if (!s)
526                 return NULL;
527         memset(s, 0, sizeof(*s));
528
529         BT_DBG("session %p sock %p", s, sock);
530
531         INIT_LIST_HEAD(&s->dlcs);
532         s->state = state;
533         s->sock  = sock;
534
535         s->mtu = RFCOMM_DEFAULT_MTU;
536         s->cfc = RFCOMM_CFC_UNKNOWN;
537
538         /* Do not increment module usage count for listening sessions.
539          * Otherwise we won't be able to unload the module. */
540         if (state != BT_LISTEN)
541                 if (!try_module_get(THIS_MODULE)) {
542                         kfree(s);
543                         return NULL;
544                 }
545
546         list_add(&s->list, &session_list);
547
548         return s;
549 }
550
551 static void rfcomm_session_del(struct rfcomm_session *s)
552 {
553         int state = s->state;
554
555         BT_DBG("session %p state %ld", s, s->state);
556
557         list_del(&s->list);
558
559         if (state == BT_CONNECTED)
560                 rfcomm_send_disc(s, 0);
561
562         sock_release(s->sock);
563         kfree(s);
564
565         if (state != BT_LISTEN)
566                 module_put(THIS_MODULE);
567 }
568
569 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
570 {
571         struct rfcomm_session *s;
572         struct list_head *p, *n;
573         struct bt_sock *sk;
574         list_for_each_safe(p, n, &session_list) {
575                 s = list_entry(p, struct rfcomm_session, list);
576                 sk = bt_sk(s->sock->sk); 
577
578                 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
579                                 !bacmp(&sk->dst, dst))
580                         return s;
581         }
582         return NULL;
583 }
584
585 static void rfcomm_session_close(struct rfcomm_session *s, int err)
586 {
587         struct rfcomm_dlc *d;
588         struct list_head *p, *n;
589
590         BT_DBG("session %p state %ld err %d", s, s->state, err);
591
592         rfcomm_session_hold(s);
593
594         s->state = BT_CLOSED;
595
596         /* Close all dlcs */
597         list_for_each_safe(p, n, &s->dlcs) {
598                 d = list_entry(p, struct rfcomm_dlc, list);
599                 d->state = BT_CLOSED;
600                 __rfcomm_dlc_close(d, err);
601         }
602
603         rfcomm_session_put(s);
604 }
605
606 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
607 {
608         struct rfcomm_session *s = NULL;
609         struct sockaddr_l2 addr;
610         struct socket *sock;
611         struct sock *sk;
612
613         BT_DBG("%s %s", batostr(src), batostr(dst));
614
615         *err = rfcomm_l2sock_create(&sock);
616         if (*err < 0)
617                 return NULL;
618
619         bacpy(&addr.l2_bdaddr, src);
620         addr.l2_family = AF_BLUETOOTH;
621         addr.l2_psm    = 0;
622         *err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
623         if (*err < 0)
624                 goto failed;
625
626         /* Set L2CAP options */
627         sk = sock->sk;
628         lock_sock(sk);
629         l2cap_pi(sk)->imtu = l2cap_mtu;
630         release_sock(sk);
631
632         s = rfcomm_session_add(sock, BT_BOUND);
633         if (!s) {
634                 *err = -ENOMEM;
635                 goto failed;
636         }
637
638         s->initiator = 1;
639
640         bacpy(&addr.l2_bdaddr, dst);
641         addr.l2_family = AF_BLUETOOTH;
642         addr.l2_psm    = htobs(RFCOMM_PSM);
643         *err = sock->ops->connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
644         if (*err == 0 || *err == -EAGAIN)
645                 return s;
646
647         rfcomm_session_del(s);
648         return NULL;
649
650 failed:
651         sock_release(sock);
652         return NULL;
653 }
654
655 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
656 {
657         struct sock *sk = s->sock->sk;
658         if (src)
659                 bacpy(src, &bt_sk(sk)->src);
660         if (dst)
661                 bacpy(dst, &bt_sk(sk)->dst);
662 }
663
664 /* ---- RFCOMM frame sending ---- */
665 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
666 {
667         struct socket *sock = s->sock;
668         struct kvec iv = { data, len };
669         struct msghdr msg;
670
671         BT_DBG("session %p len %d", s, len);
672
673         memset(&msg, 0, sizeof(msg));
674
675         return kernel_sendmsg(sock, &msg, &iv, 1, len);
676 }
677
678 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
679 {
680         struct rfcomm_cmd cmd;
681
682         BT_DBG("%p dlci %d", s, dlci);
683
684         cmd.addr = __addr(s->initiator, dlci);
685         cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
686         cmd.len  = __len8(0);
687         cmd.fcs  = __fcs2((u8 *) &cmd);
688
689         return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
690 }
691
692 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
693 {
694         struct rfcomm_cmd cmd;
695
696         BT_DBG("%p dlci %d", s, dlci);
697
698         cmd.addr = __addr(!s->initiator, dlci);
699         cmd.ctrl = __ctrl(RFCOMM_UA, 1);
700         cmd.len  = __len8(0);
701         cmd.fcs  = __fcs2((u8 *) &cmd);
702
703         return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
704 }
705
706 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
707 {
708         struct rfcomm_cmd cmd;
709
710         BT_DBG("%p dlci %d", s, dlci);
711
712         cmd.addr = __addr(s->initiator, dlci);
713         cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
714         cmd.len  = __len8(0);
715         cmd.fcs  = __fcs2((u8 *) &cmd);
716
717         return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
718 }
719
720 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
721 {
722         struct rfcomm_cmd *cmd;
723         struct sk_buff *skb;
724
725         BT_DBG("dlc %p dlci %d", d, d->dlci);
726
727         skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
728         if (!skb)
729                 return -ENOMEM;
730
731         cmd = (void *) __skb_put(skb, sizeof(*cmd));
732         cmd->addr = d->addr;
733         cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
734         cmd->len  = __len8(0);
735         cmd->fcs  = __fcs2((u8 *) cmd);
736
737         skb_queue_tail(&d->tx_queue, skb);
738         rfcomm_schedule(RFCOMM_SCHED_TX);
739         return 0;
740 }
741
742 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
743 {
744         struct rfcomm_cmd cmd;
745
746         BT_DBG("%p dlci %d", s, dlci);
747
748         cmd.addr = __addr(!s->initiator, dlci);
749         cmd.ctrl = __ctrl(RFCOMM_DM, 1);
750         cmd.len  = __len8(0);
751         cmd.fcs  = __fcs2((u8 *) &cmd);
752
753         return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
754 }
755
756 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
757 {
758         struct rfcomm_hdr *hdr;
759         struct rfcomm_mcc *mcc;
760         u8 buf[16], *ptr = buf;
761
762         BT_DBG("%p cr %d type %d", s, cr, type);
763
764         hdr = (void *) ptr; ptr += sizeof(*hdr);
765         hdr->addr = __addr(s->initiator, 0);
766         hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
767         hdr->len  = __len8(sizeof(*mcc) + 1);
768
769         mcc = (void *) ptr; ptr += sizeof(*mcc);
770         mcc->type = __mcc_type(cr, RFCOMM_NSC);
771         mcc->len  = __len8(1);
772
773         /* Type that we didn't like */
774         *ptr = __mcc_type(cr, type); ptr++;
775
776         *ptr = __fcs(buf); ptr++;
777
778         return rfcomm_send_frame(s, buf, ptr - buf);
779 }
780
781 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
782 {
783         struct rfcomm_hdr *hdr;
784         struct rfcomm_mcc *mcc;
785         struct rfcomm_pn  *pn;
786         u8 buf[16], *ptr = buf;
787
788         BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
789
790         hdr = (void *) ptr; ptr += sizeof(*hdr);
791         hdr->addr = __addr(s->initiator, 0);
792         hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
793         hdr->len  = __len8(sizeof(*mcc) + sizeof(*pn));
794
795         mcc = (void *) ptr; ptr += sizeof(*mcc);
796         mcc->type = __mcc_type(cr, RFCOMM_PN);
797         mcc->len  = __len8(sizeof(*pn));
798
799         pn = (void *) ptr; ptr += sizeof(*pn);
800         pn->dlci        = d->dlci;
801         pn->priority    = d->priority;
802         pn->ack_timer   = 0;
803         pn->max_retrans = 0;
804
805         if (s->cfc) {
806                 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
807                 pn->credits = RFCOMM_DEFAULT_CREDITS;
808         } else {
809                 pn->flow_ctrl = 0;
810                 pn->credits   = 0;
811         }
812
813         pn->mtu = htobs(d->mtu);
814
815         *ptr = __fcs(buf); ptr++;
816
817         return rfcomm_send_frame(s, buf, ptr - buf);
818 }
819
820 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
821                         u8 bit_rate, u8 data_bits, u8 stop_bits,
822                         u8 parity, u8 flow_ctrl_settings, 
823                         u8 xon_char, u8 xoff_char, u16 param_mask)
824 {
825         struct rfcomm_hdr *hdr;
826         struct rfcomm_mcc *mcc;
827         struct rfcomm_rpn *rpn;
828         u8 buf[16], *ptr = buf;
829
830         BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
831                         " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x", 
832                 s, cr, dlci, bit_rate, data_bits, stop_bits, parity, 
833                 flow_ctrl_settings, xon_char, xoff_char, param_mask);
834
835         hdr = (void *) ptr; ptr += sizeof(*hdr);
836         hdr->addr = __addr(s->initiator, 0);
837         hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
838         hdr->len  = __len8(sizeof(*mcc) + sizeof(*rpn));
839
840         mcc = (void *) ptr; ptr += sizeof(*mcc);
841         mcc->type = __mcc_type(cr, RFCOMM_RPN);
842         mcc->len  = __len8(sizeof(*rpn));
843
844         rpn = (void *) ptr; ptr += sizeof(*rpn);
845         rpn->dlci          = __addr(1, dlci);
846         rpn->bit_rate      = bit_rate;
847         rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
848         rpn->flow_ctrl     = flow_ctrl_settings;
849         rpn->xon_char      = xon_char;
850         rpn->xoff_char     = xoff_char;
851         rpn->param_mask    = param_mask;
852
853         *ptr = __fcs(buf); ptr++;
854
855         return rfcomm_send_frame(s, buf, ptr - buf);
856 }
857
858 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
859 {
860         struct rfcomm_hdr *hdr;
861         struct rfcomm_mcc *mcc;
862         struct rfcomm_rls *rls;
863         u8 buf[16], *ptr = buf;
864
865         BT_DBG("%p cr %d status 0x%x", s, cr, status);
866
867         hdr = (void *) ptr; ptr += sizeof(*hdr);
868         hdr->addr = __addr(s->initiator, 0);
869         hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
870         hdr->len  = __len8(sizeof(*mcc) + sizeof(*rls));
871
872         mcc = (void *) ptr; ptr += sizeof(*mcc);
873         mcc->type = __mcc_type(cr, RFCOMM_RLS);
874         mcc->len  = __len8(sizeof(*rls));
875
876         rls = (void *) ptr; ptr += sizeof(*rls);
877         rls->dlci   = __addr(1, dlci);
878         rls->status = status;
879
880         *ptr = __fcs(buf); ptr++;
881
882         return rfcomm_send_frame(s, buf, ptr - buf);
883 }
884
885 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
886 {
887         struct rfcomm_hdr *hdr;
888         struct rfcomm_mcc *mcc;
889         struct rfcomm_msc *msc;
890         u8 buf[16], *ptr = buf;
891
892         BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
893
894         hdr = (void *) ptr; ptr += sizeof(*hdr);
895         hdr->addr = __addr(s->initiator, 0);
896         hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
897         hdr->len  = __len8(sizeof(*mcc) + sizeof(*msc));
898
899         mcc = (void *) ptr; ptr += sizeof(*mcc);
900         mcc->type = __mcc_type(cr, RFCOMM_MSC);
901         mcc->len  = __len8(sizeof(*msc));
902
903         msc = (void *) ptr; ptr += sizeof(*msc);
904         msc->dlci    = __addr(1, dlci);
905         msc->v24_sig = v24_sig | 0x01;
906
907         *ptr = __fcs(buf); ptr++;
908
909         return rfcomm_send_frame(s, buf, ptr - buf);
910 }
911
912 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
913 {
914         struct rfcomm_hdr *hdr;
915         struct rfcomm_mcc *mcc;
916         u8 buf[16], *ptr = buf;
917
918         BT_DBG("%p cr %d", s, cr);
919
920         hdr = (void *) ptr; ptr += sizeof(*hdr);
921         hdr->addr = __addr(s->initiator, 0);
922         hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
923         hdr->len  = __len8(sizeof(*mcc));
924
925         mcc = (void *) ptr; ptr += sizeof(*mcc);
926         mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
927         mcc->len  = __len8(0);
928
929         *ptr = __fcs(buf); ptr++;
930
931         return rfcomm_send_frame(s, buf, ptr - buf);
932 }
933
934 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
935 {
936         struct rfcomm_hdr *hdr;
937         struct rfcomm_mcc *mcc;
938         u8 buf[16], *ptr = buf;
939
940         BT_DBG("%p cr %d", s, cr);
941
942         hdr = (void *) ptr; ptr += sizeof(*hdr);
943         hdr->addr = __addr(s->initiator, 0);
944         hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
945         hdr->len  = __len8(sizeof(*mcc));
946
947         mcc = (void *) ptr; ptr += sizeof(*mcc);
948         mcc->type = __mcc_type(cr, RFCOMM_FCON);
949         mcc->len  = __len8(0);
950
951         *ptr = __fcs(buf); ptr++;
952
953         return rfcomm_send_frame(s, buf, ptr - buf);
954 }
955
956 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
957 {
958         struct socket *sock = s->sock;
959         struct kvec iv[3];
960         struct msghdr msg;
961         unsigned char hdr[5], crc[1];
962
963         if (len > 125)
964                 return -EINVAL;
965
966         BT_DBG("%p cr %d", s, cr);
967
968         hdr[0] = __addr(s->initiator, 0);
969         hdr[1] = __ctrl(RFCOMM_UIH, 0);
970         hdr[2] = 0x01 | ((len + 2) << 1);
971         hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
972         hdr[4] = 0x01 | (len << 1);
973
974         crc[0] = __fcs(hdr);
975
976         iv[0].iov_base = hdr;
977         iv[0].iov_len  = 5;
978         iv[1].iov_base = pattern;
979         iv[1].iov_len  = len;
980         iv[2].iov_base = crc;
981         iv[2].iov_len  = 1;
982
983         memset(&msg, 0, sizeof(msg));
984
985         return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
986 }
987
988 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
989 {
990         struct rfcomm_hdr *hdr;
991         u8 buf[16], *ptr = buf;
992
993         BT_DBG("%p addr %d credits %d", s, addr, credits);
994
995         hdr = (void *) ptr; ptr += sizeof(*hdr);
996         hdr->addr = addr;
997         hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
998         hdr->len  = __len8(0);
999
1000         *ptr = credits; ptr++;
1001
1002         *ptr = __fcs(buf); ptr++;
1003
1004         return rfcomm_send_frame(s, buf, ptr - buf);
1005 }
1006
1007 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1008 {
1009         struct rfcomm_hdr *hdr;
1010         int len = skb->len;
1011         u8 *crc;
1012
1013         if (len > 127) {
1014                 hdr = (void *) skb_push(skb, 4);
1015                 put_unaligned(htobs(__len16(len)), (u16 *) &hdr->len);
1016         } else {
1017                 hdr = (void *) skb_push(skb, 3);
1018                 hdr->len = __len8(len);
1019         }
1020         hdr->addr = addr;
1021         hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1022
1023         crc = skb_put(skb, 1);
1024         *crc = __fcs((void *) hdr);
1025 }
1026
1027 /* ---- RFCOMM frame reception ---- */
1028 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1029 {
1030         BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1031
1032         if (dlci) {
1033                 /* Data channel */
1034                 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1035                 if (!d) {
1036                         rfcomm_send_dm(s, dlci);
1037                         return 0;
1038                 }
1039
1040                 switch (d->state) {
1041                 case BT_CONNECT:
1042                         rfcomm_dlc_clear_timer(d);
1043
1044                         rfcomm_dlc_lock(d);
1045                         d->state = BT_CONNECTED;
1046                         d->state_change(d, 0);
1047                         rfcomm_dlc_unlock(d);
1048
1049                         rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1050                         break;
1051
1052                 case BT_DISCONN:
1053                         d->state = BT_CLOSED;
1054                         __rfcomm_dlc_close(d, 0);
1055                         break;
1056                 }
1057         } else {
1058                 /* Control channel */
1059                 switch (s->state) {
1060                 case BT_CONNECT:
1061                         s->state = BT_CONNECTED;
1062                         rfcomm_process_connect(s);
1063                         break;
1064                 }
1065         }
1066         return 0;
1067 }
1068
1069 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1070 {
1071         int err = 0;
1072
1073         BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1074
1075         if (dlci) {
1076                 /* Data DLC */
1077                 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1078                 if (d) {
1079                         if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1080                                 err = ECONNREFUSED;
1081                         else
1082                                 err = ECONNRESET;
1083
1084                         d->state = BT_CLOSED;
1085                         __rfcomm_dlc_close(d, err);
1086                 }
1087         } else {
1088                 if (s->state == BT_CONNECT)
1089                         err = ECONNREFUSED;
1090                 else
1091                         err = ECONNRESET;
1092
1093                 s->state = BT_CLOSED;
1094                 rfcomm_session_close(s, err);
1095         }
1096         return 0;
1097 }
1098
1099 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1100 {
1101         int err = 0;
1102
1103         BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1104
1105         if (dlci) {
1106                 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1107                 if (d) {
1108                         rfcomm_send_ua(s, dlci);
1109
1110                         if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1111                                 err = ECONNREFUSED;
1112                         else
1113                                 err = ECONNRESET;
1114
1115                         d->state = BT_CLOSED;
1116                         __rfcomm_dlc_close(d, err);
1117                 } else 
1118                         rfcomm_send_dm(s, dlci);
1119                         
1120         } else {
1121                 rfcomm_send_ua(s, 0);
1122
1123                 if (s->state == BT_CONNECT)
1124                         err = ECONNREFUSED;
1125                 else
1126                         err = ECONNRESET;
1127
1128                 s->state = BT_CLOSED;
1129                 rfcomm_session_close(s, err);
1130         }
1131
1132         return 0;
1133 }
1134
1135 static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
1136 {
1137         struct sock *sk = d->session->sock->sk;
1138
1139         if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
1140                 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
1141                         return 1;
1142         } else if (d->link_mode & RFCOMM_LM_AUTH) {
1143                 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
1144                         return 1;
1145         }
1146
1147         return 0;
1148 }
1149
1150 static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1151 {
1152         BT_DBG("dlc %p", d);
1153
1154         rfcomm_send_ua(d->session, d->dlci);
1155
1156         rfcomm_dlc_lock(d);
1157         d->state = BT_CONNECTED;
1158         d->state_change(d, 0);
1159         rfcomm_dlc_unlock(d);
1160
1161         rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1162 }
1163
1164 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1165 {
1166         struct rfcomm_dlc *d;
1167         u8 channel;
1168
1169         BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1170
1171         if (!dlci) {
1172                 rfcomm_send_ua(s, 0);
1173
1174                 if (s->state == BT_OPEN) {
1175                         s->state = BT_CONNECTED;
1176                         rfcomm_process_connect(s);
1177                 }
1178                 return 0;
1179         }
1180
1181         /* Check if DLC exists */
1182         d = rfcomm_dlc_get(s, dlci);
1183         if (d) {
1184                 if (d->state == BT_OPEN) {
1185                         /* DLC was previously opened by PN request */
1186                         if (rfcomm_check_link_mode(d)) {
1187                                 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1188                                 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1189                                 return 0;
1190                         }
1191
1192                         rfcomm_dlc_accept(d);
1193                 }
1194                 return 0;
1195         }
1196
1197         /* Notify socket layer about incoming connection */
1198         channel = __srv_channel(dlci);
1199         if (rfcomm_connect_ind(s, channel, &d)) {
1200                 d->dlci = dlci;
1201                 d->addr = __addr(s->initiator, dlci);
1202                 rfcomm_dlc_link(s, d);
1203
1204                 if (rfcomm_check_link_mode(d)) {
1205                         set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1206                         rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1207                         return 0;
1208                 }
1209
1210                 rfcomm_dlc_accept(d);
1211         } else {
1212                 rfcomm_send_dm(s, dlci);
1213         }
1214
1215         return 0;
1216 }
1217
1218 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1219 {
1220         struct rfcomm_session *s = d->session;
1221
1222         BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d", 
1223                         d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1224
1225         if (pn->flow_ctrl == 0xf0 || pn->flow_ctrl == 0xe0) {
1226                 d->cfc = s->cfc = RFCOMM_CFC_ENABLED;
1227                 d->tx_credits = pn->credits;
1228         } else {
1229                 d->cfc = s->cfc = RFCOMM_CFC_DISABLED;
1230                 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1231         }
1232
1233         d->priority = pn->priority;
1234
1235         d->mtu = s->mtu = btohs(pn->mtu);
1236
1237         return 0;
1238 }
1239
1240 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1241 {
1242         struct rfcomm_pn *pn = (void *) skb->data;
1243         struct rfcomm_dlc *d;
1244         u8 dlci = pn->dlci;
1245
1246         BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1247
1248         if (!dlci)
1249                 return 0;
1250
1251         d = rfcomm_dlc_get(s, dlci);
1252         if (d) {
1253                 if (cr) {
1254                         /* PN request */
1255                         rfcomm_apply_pn(d, cr, pn);
1256                         rfcomm_send_pn(s, 0, d);
1257                 } else {
1258                         /* PN response */
1259                         switch (d->state) {
1260                         case BT_CONFIG:
1261                                 rfcomm_apply_pn(d, cr, pn);
1262
1263                                 d->state = BT_CONNECT;
1264                                 rfcomm_send_sabm(s, d->dlci);
1265                                 break;
1266                         }
1267                 }
1268         } else {
1269                 u8 channel = __srv_channel(dlci);
1270
1271                 if (!cr)
1272                         return 0;
1273
1274                 /* PN request for non existing DLC.
1275                  * Assume incoming connection. */
1276                 if (rfcomm_connect_ind(s, channel, &d)) {
1277                         d->dlci = dlci;
1278                         d->addr = __addr(s->initiator, dlci);
1279                         rfcomm_dlc_link(s, d);
1280
1281                         rfcomm_apply_pn(d, cr, pn);
1282
1283                         d->state = BT_OPEN;
1284                         rfcomm_send_pn(s, 0, d);
1285                 } else {
1286                         rfcomm_send_dm(s, dlci);
1287                 }
1288         }
1289         return 0;
1290 }
1291
1292 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1293 {
1294         struct rfcomm_rpn *rpn = (void *) skb->data;
1295         u8 dlci = __get_dlci(rpn->dlci);
1296
1297         u8 bit_rate  = 0;
1298         u8 data_bits = 0;
1299         u8 stop_bits = 0;
1300         u8 parity    = 0;
1301         u8 flow_ctrl = 0;
1302         u8 xon_char  = 0;
1303         u8 xoff_char = 0;
1304         u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1305
1306         BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1307                 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1308                 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1309
1310         if (!cr)
1311                 return 0;
1312
1313         if (len == 1) {
1314                 /* This is a request, return default settings */
1315                 bit_rate  = RFCOMM_RPN_BR_115200;
1316                 data_bits = RFCOMM_RPN_DATA_8;
1317                 stop_bits = RFCOMM_RPN_STOP_1;
1318                 parity    = RFCOMM_RPN_PARITY_NONE;
1319                 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1320                 xon_char  = RFCOMM_RPN_XON_CHAR;
1321                 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1322                 goto rpn_out;
1323         }
1324
1325         /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1326          * no parity, no flow control lines, normal XON/XOFF chars */
1327
1328         if (rpn->param_mask & RFCOMM_RPN_PM_BITRATE) {
1329                 bit_rate = rpn->bit_rate;
1330                 if (bit_rate != RFCOMM_RPN_BR_115200) {
1331                         BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1332                         bit_rate = RFCOMM_RPN_BR_115200;
1333                         rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1334                 }
1335         }
1336
1337         if (rpn->param_mask & RFCOMM_RPN_PM_DATA) {
1338                 data_bits = __get_rpn_data_bits(rpn->line_settings);
1339                 if (data_bits != RFCOMM_RPN_DATA_8) {
1340                         BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1341                         data_bits = RFCOMM_RPN_DATA_8;
1342                         rpn_mask ^= RFCOMM_RPN_PM_DATA;
1343                 }
1344         }
1345
1346         if (rpn->param_mask & RFCOMM_RPN_PM_STOP) {
1347                 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1348                 if (stop_bits != RFCOMM_RPN_STOP_1) {
1349                         BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1350                         stop_bits = RFCOMM_RPN_STOP_1;
1351                         rpn_mask ^= RFCOMM_RPN_PM_STOP;
1352                 }
1353         }
1354
1355         if (rpn->param_mask & RFCOMM_RPN_PM_PARITY) {
1356                 parity = __get_rpn_parity(rpn->line_settings);
1357                 if (parity != RFCOMM_RPN_PARITY_NONE) {
1358                         BT_DBG("RPN parity mismatch 0x%x", parity);
1359                         parity = RFCOMM_RPN_PARITY_NONE;
1360                         rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1361                 }
1362         }
1363
1364         if (rpn->param_mask & RFCOMM_RPN_PM_FLOW) {
1365                 flow_ctrl = rpn->flow_ctrl;
1366                 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1367                         BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1368                         flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1369                         rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1370                 }
1371         }
1372
1373         if (rpn->param_mask & RFCOMM_RPN_PM_XON) {
1374                 xon_char = rpn->xon_char;
1375                 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1376                         BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1377                         xon_char = RFCOMM_RPN_XON_CHAR;
1378                         rpn_mask ^= RFCOMM_RPN_PM_XON;
1379                 }
1380         }
1381
1382         if (rpn->param_mask & RFCOMM_RPN_PM_XOFF) {
1383                 xoff_char = rpn->xoff_char;
1384                 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1385                         BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1386                         xoff_char = RFCOMM_RPN_XOFF_CHAR;
1387                         rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1388                 }
1389         }
1390
1391 rpn_out:
1392         rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1393                         parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1394
1395         return 0;
1396 }
1397
1398 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1399 {
1400         struct rfcomm_rls *rls = (void *) skb->data;
1401         u8 dlci = __get_dlci(rls->dlci);
1402
1403         BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1404
1405         if (!cr)
1406                 return 0;
1407
1408         /* We should probably do something with this information here. But
1409          * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1410          * mandatory to recognise and respond to RLS */
1411
1412         rfcomm_send_rls(s, 0, dlci, rls->status);
1413
1414         return 0;
1415 }
1416
1417 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1418 {
1419         struct rfcomm_msc *msc = (void *) skb->data;
1420         struct rfcomm_dlc *d;
1421         u8 dlci = __get_dlci(msc->dlci);
1422
1423         BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1424
1425         d = rfcomm_dlc_get(s, dlci);
1426         if (!d)
1427                 return 0;
1428
1429         if (cr) {
1430                 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1431                         set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1432                 else
1433                         clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1434
1435                 rfcomm_dlc_lock(d);
1436                 if (d->modem_status)
1437                         d->modem_status(d, msc->v24_sig);
1438                 rfcomm_dlc_unlock(d);
1439                 
1440                 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1441
1442                 d->mscex |= RFCOMM_MSCEX_RX;
1443         } else
1444                 d->mscex |= RFCOMM_MSCEX_TX;
1445
1446         return 0;
1447 }
1448
1449 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1450 {
1451         struct rfcomm_mcc *mcc = (void *) skb->data;
1452         u8 type, cr, len;
1453
1454         cr   = __test_cr(mcc->type);
1455         type = __get_mcc_type(mcc->type);
1456         len  = __get_mcc_len(mcc->len);
1457
1458         BT_DBG("%p type 0x%x cr %d", s, type, cr);
1459
1460         skb_pull(skb, 2);
1461
1462         switch (type) {
1463         case RFCOMM_PN:
1464                 rfcomm_recv_pn(s, cr, skb);
1465                 break;
1466
1467         case RFCOMM_RPN:
1468                 rfcomm_recv_rpn(s, cr, len, skb);
1469                 break;
1470
1471         case RFCOMM_RLS:
1472                 rfcomm_recv_rls(s, cr, skb);
1473                 break;
1474
1475         case RFCOMM_MSC:
1476                 rfcomm_recv_msc(s, cr, skb);
1477                 break;
1478
1479         case RFCOMM_FCOFF:
1480                 if (cr) {
1481                         set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1482                         rfcomm_send_fcoff(s, 0);
1483                 }
1484                 break;
1485
1486         case RFCOMM_FCON:
1487                 if (cr) {
1488                         clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1489                         rfcomm_send_fcon(s, 0);
1490                 }
1491                 break;
1492
1493         case RFCOMM_TEST:
1494                 if (cr)
1495                         rfcomm_send_test(s, 0, skb->data, skb->len);
1496                 break;
1497
1498         case RFCOMM_NSC:
1499                 break;
1500
1501         default:
1502                 BT_ERR("Unknown control type 0x%02x", type);
1503                 rfcomm_send_nsc(s, cr, type);
1504                 break;
1505         }
1506         return 0;
1507 }
1508
1509 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1510 {
1511         struct rfcomm_dlc *d;
1512
1513         BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1514
1515         d = rfcomm_dlc_get(s, dlci);
1516         if (!d) {
1517                 rfcomm_send_dm(s, dlci);
1518                 goto drop;
1519         }
1520
1521         if (pf && d->cfc) {
1522                 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1523
1524                 d->tx_credits += credits;
1525                 if (d->tx_credits)
1526                         clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1527         }
1528
1529         if (skb->len && d->state == BT_CONNECTED) {
1530                 rfcomm_dlc_lock(d);
1531                 d->rx_credits--;
1532                 d->data_ready(d, skb);
1533                 rfcomm_dlc_unlock(d);
1534                 return 0;
1535         }
1536
1537 drop:
1538         kfree_skb(skb);
1539         return 0;
1540 }
1541
1542 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1543 {
1544         struct rfcomm_hdr *hdr = (void *) skb->data;
1545         u8 type, dlci, fcs;
1546
1547         dlci = __get_dlci(hdr->addr);
1548         type = __get_type(hdr->ctrl);
1549
1550         /* Trim FCS */
1551         skb->len--; skb->tail--;
1552         fcs = *(u8 *) skb->tail;
1553
1554         if (__check_fcs(skb->data, type, fcs)) {
1555                 BT_ERR("bad checksum in packet");
1556                 kfree_skb(skb);
1557                 return -EILSEQ;
1558         }
1559
1560         if (__test_ea(hdr->len))
1561                 skb_pull(skb, 3);
1562         else
1563                 skb_pull(skb, 4);
1564
1565         switch (type) {
1566         case RFCOMM_SABM:
1567                 if (__test_pf(hdr->ctrl))
1568                         rfcomm_recv_sabm(s, dlci);
1569                 break;
1570
1571         case RFCOMM_DISC:
1572                 if (__test_pf(hdr->ctrl))
1573                         rfcomm_recv_disc(s, dlci);
1574                 break;
1575
1576         case RFCOMM_UA:
1577                 if (__test_pf(hdr->ctrl))
1578                         rfcomm_recv_ua(s, dlci);
1579                 break;
1580
1581         case RFCOMM_DM:
1582                 rfcomm_recv_dm(s, dlci);
1583                 break;
1584
1585         case RFCOMM_UIH:
1586                 if (dlci)
1587                         return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1588
1589                 rfcomm_recv_mcc(s, skb);
1590                 break;
1591
1592         default:
1593                 BT_ERR("Unknown packet type 0x%02x\n", type);
1594                 break;
1595         }
1596         kfree_skb(skb);
1597         return 0;
1598 }
1599
1600 /* ---- Connection and data processing ---- */
1601
1602 static void rfcomm_process_connect(struct rfcomm_session *s)
1603 {
1604         struct rfcomm_dlc *d;
1605         struct list_head *p, *n;
1606
1607         BT_DBG("session %p state %ld", s, s->state);
1608
1609         list_for_each_safe(p, n, &s->dlcs) {
1610                 d = list_entry(p, struct rfcomm_dlc, list);
1611                 if (d->state == BT_CONFIG) {
1612                         d->mtu = s->mtu;
1613                         rfcomm_send_pn(s, 1, d);
1614                 }
1615         }
1616 }
1617
1618 /* Send data queued for the DLC.
1619  * Return number of frames left in the queue.
1620  */
1621 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1622 {
1623         struct sk_buff *skb;
1624         int err;
1625
1626         BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d", 
1627                         d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1628
1629         /* Send pending MSC */
1630         if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1631                 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 
1632
1633         if (d->cfc) {
1634                 /* CFC enabled. 
1635                  * Give them some credits */
1636                 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1637                                 d->rx_credits <= (d->cfc >> 2)) {
1638                         rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1639                         d->rx_credits = d->cfc;
1640                 }
1641         } else {
1642                 /* CFC disabled.
1643                  * Give ourselves some credits */
1644                 d->tx_credits = 5;
1645         }
1646
1647         if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1648                 return skb_queue_len(&d->tx_queue);
1649
1650         while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1651                 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1652                 if (err < 0) {
1653                         skb_queue_head(&d->tx_queue, skb);
1654                         break;
1655                 }
1656                 kfree_skb(skb);
1657                 d->tx_credits--;
1658         }
1659
1660         if (d->cfc && !d->tx_credits) {
1661                 /* We're out of TX credits.
1662                  * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1663                 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1664         }
1665
1666         return skb_queue_len(&d->tx_queue);
1667 }
1668
1669 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1670 {
1671         struct rfcomm_dlc *d;
1672         struct list_head *p, *n;
1673
1674         BT_DBG("session %p state %ld", s, s->state);
1675
1676         list_for_each_safe(p, n, &s->dlcs) {
1677                 d = list_entry(p, struct rfcomm_dlc, list);
1678
1679                 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1680                         __rfcomm_dlc_close(d, ETIMEDOUT);
1681                         continue;
1682                 }
1683
1684                 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1685                         rfcomm_dlc_clear_timer(d);
1686                         rfcomm_dlc_accept(d);
1687                         if (d->link_mode & RFCOMM_LM_SECURE) {
1688                                 struct sock *sk = s->sock->sk;
1689                                 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
1690                         }
1691                         continue;
1692                 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1693                         rfcomm_dlc_clear_timer(d);
1694                         rfcomm_send_dm(s, d->dlci);
1695                         __rfcomm_dlc_close(d, ECONNREFUSED);
1696                         continue;
1697                 }
1698
1699                 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1700                         continue;
1701
1702                 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1703                                 d->mscex == RFCOMM_MSCEX_OK)
1704                         rfcomm_process_tx(d);
1705         }
1706 }
1707
1708 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1709 {
1710         struct socket *sock = s->sock;
1711         struct sock *sk = sock->sk;
1712         struct sk_buff *skb;
1713
1714         BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1715
1716         /* Get data directly from socket receive queue without copying it. */
1717         while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1718                 skb_orphan(skb);
1719                 rfcomm_recv_frame(s, skb);
1720         }
1721
1722         if (sk->sk_state == BT_CLOSED) {
1723                 if (!s->initiator)
1724                         rfcomm_session_put(s);
1725
1726                 rfcomm_session_close(s, sk->sk_err);
1727         }
1728 }
1729
1730 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1731 {
1732         struct socket *sock = s->sock, *nsock;
1733         int err;
1734
1735         /* Fast check for a new connection.
1736          * Avoids unnesesary socket allocations. */
1737         if (list_empty(&bt_sk(sock->sk)->accept_q))
1738                 return;
1739
1740         BT_DBG("session %p", s);
1741
1742         if (sock_create_lite(PF_BLUETOOTH, sock->type, BTPROTO_L2CAP, &nsock))
1743                 return;
1744
1745         nsock->ops  = sock->ops;
1746
1747         __module_get(nsock->ops->owner);
1748
1749         err = sock->ops->accept(sock, nsock, O_NONBLOCK);
1750         if (err < 0) {
1751                 sock_release(nsock);
1752                 return;
1753         }
1754
1755         /* Set our callbacks */
1756         nsock->sk->sk_data_ready   = rfcomm_l2data_ready;
1757         nsock->sk->sk_state_change = rfcomm_l2state_change;
1758
1759         s = rfcomm_session_add(nsock, BT_OPEN);
1760         if (s) {
1761                 rfcomm_session_hold(s);
1762                 rfcomm_schedule(RFCOMM_SCHED_RX);
1763         } else
1764                 sock_release(nsock);
1765 }
1766
1767 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1768 {
1769         struct sock *sk = s->sock->sk;
1770
1771         BT_DBG("%p state %ld", s, s->state);
1772
1773         switch(sk->sk_state) {
1774         case BT_CONNECTED:
1775                 s->state = BT_CONNECT;
1776
1777                 /* We can adjust MTU on outgoing sessions.
1778                  * L2CAP MTU minus UIH header and FCS. */
1779                 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1780
1781                 rfcomm_send_sabm(s, 0);
1782                 break;
1783
1784         case BT_CLOSED:
1785                 s->state = BT_CLOSED;
1786                 rfcomm_session_close(s, sk->sk_err);
1787                 break;
1788         }
1789 }
1790
1791 static inline void rfcomm_process_sessions(void)
1792 {
1793         struct list_head *p, *n;
1794
1795         rfcomm_lock();
1796
1797         list_for_each_safe(p, n, &session_list) {
1798                 struct rfcomm_session *s;
1799                 s = list_entry(p, struct rfcomm_session, list);
1800
1801                 if (s->state == BT_LISTEN) {
1802                         rfcomm_accept_connection(s);
1803                         continue;
1804                 }
1805
1806                 rfcomm_session_hold(s);
1807
1808                 switch (s->state) {
1809                 case BT_BOUND:
1810                         rfcomm_check_connection(s);
1811                         break;
1812
1813                 default:
1814                         rfcomm_process_rx(s);
1815                         break;
1816                 }
1817
1818                 rfcomm_process_dlcs(s);
1819
1820                 rfcomm_session_put(s);
1821         }
1822
1823         rfcomm_unlock();
1824 }
1825
1826 static void rfcomm_worker(void)
1827 {
1828         BT_DBG("");
1829
1830         while (!atomic_read(&terminate)) {
1831                 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1832                         /* No pending events. Let's sleep.
1833                          * Incoming connections and data will wake us up. */
1834                         set_current_state(TASK_INTERRUPTIBLE);
1835                         schedule();
1836                 }
1837
1838                 /* Process stuff */
1839                 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1840                 rfcomm_process_sessions();
1841         }
1842         set_current_state(TASK_RUNNING);
1843         return;
1844 }
1845
1846 static int rfcomm_add_listener(bdaddr_t *ba)
1847 {
1848         struct sockaddr_l2 addr;
1849         struct socket *sock;
1850         struct sock *sk;
1851         struct rfcomm_session *s;
1852         int    err = 0;
1853
1854         /* Create socket */
1855         err = rfcomm_l2sock_create(&sock);
1856         if (err < 0) { 
1857                 BT_ERR("Create socket failed %d", err);
1858                 return err;
1859         }
1860
1861         /* Bind socket */
1862         bacpy(&addr.l2_bdaddr, ba);
1863         addr.l2_family = AF_BLUETOOTH;
1864         addr.l2_psm    = htobs(RFCOMM_PSM);
1865         err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1866         if (err < 0) {
1867                 BT_ERR("Bind failed %d", err);
1868                 goto failed;
1869         }
1870
1871         /* Set L2CAP options */
1872         sk = sock->sk;
1873         lock_sock(sk);
1874         l2cap_pi(sk)->imtu = l2cap_mtu;
1875         release_sock(sk);
1876
1877         /* Start listening on the socket */
1878         err = sock->ops->listen(sock, 10);
1879         if (err) {
1880                 BT_ERR("Listen failed %d", err);
1881                 goto failed;
1882         }
1883
1884         /* Add listening session */
1885         s = rfcomm_session_add(sock, BT_LISTEN);
1886         if (!s)
1887                 goto failed;
1888
1889         rfcomm_session_hold(s);
1890         return 0;
1891 failed:
1892         sock_release(sock);
1893         return err;
1894 }
1895
1896 static void rfcomm_kill_listener(void)
1897 {
1898         struct rfcomm_session *s;
1899         struct list_head *p, *n;
1900
1901         BT_DBG("");
1902
1903         list_for_each_safe(p, n, &session_list) {
1904                 s = list_entry(p, struct rfcomm_session, list);
1905                 rfcomm_session_del(s);
1906         }
1907 }
1908
1909 static int rfcomm_run(void *unused)
1910 {
1911         rfcomm_thread = current;
1912
1913         atomic_inc(&running);
1914
1915         daemonize("krfcommd");
1916         set_user_nice(current, -10);
1917         current->flags |= PF_NOFREEZE;
1918
1919         BT_DBG("");
1920
1921         rfcomm_add_listener(BDADDR_ANY);
1922
1923         rfcomm_worker();
1924
1925         rfcomm_kill_listener();
1926
1927         atomic_dec(&running);
1928         return 0;
1929 }
1930
1931 static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
1932 {
1933         struct rfcomm_session *s;
1934         struct rfcomm_dlc *d;
1935         struct list_head *p, *n;
1936
1937         BT_DBG("conn %p status 0x%02x", conn, status);
1938
1939         s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1940         if (!s)
1941                 return;
1942
1943         rfcomm_session_hold(s);
1944
1945         list_for_each_safe(p, n, &s->dlcs) {
1946                 d = list_entry(p, struct rfcomm_dlc, list);
1947
1948                 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE))
1949                         continue;
1950
1951                 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1952                         continue;
1953
1954                 if (!status)
1955                         set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1956                 else
1957                         set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1958         }
1959
1960         rfcomm_session_put(s);
1961
1962         rfcomm_schedule(RFCOMM_SCHED_AUTH);
1963 }
1964
1965 static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1966 {
1967         struct rfcomm_session *s;
1968         struct rfcomm_dlc *d;
1969         struct list_head *p, *n;
1970
1971         BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
1972
1973         s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1974         if (!s)
1975                 return;
1976
1977         rfcomm_session_hold(s);
1978
1979         list_for_each_safe(p, n, &s->dlcs) {
1980                 d = list_entry(p, struct rfcomm_dlc, list);
1981
1982                 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1983                         continue;
1984
1985                 if (!status && encrypt)
1986                         set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1987                 else
1988                         set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1989         }
1990
1991         rfcomm_session_put(s);
1992
1993         rfcomm_schedule(RFCOMM_SCHED_AUTH);
1994 }
1995
1996 static struct hci_cb rfcomm_cb = {
1997         .name           = "RFCOMM",
1998         .auth_cfm       = rfcomm_auth_cfm,
1999         .encrypt_cfm    = rfcomm_encrypt_cfm
2000 };
2001
2002 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
2003 {
2004         struct rfcomm_session *s;
2005         struct list_head *pp, *p;
2006         char *str = buf;
2007
2008         rfcomm_lock();
2009
2010         list_for_each(p, &session_list) {
2011                 s = list_entry(p, struct rfcomm_session, list);
2012                 list_for_each(pp, &s->dlcs) {
2013                         struct sock *sk = s->sock->sk;
2014                         struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
2015
2016                         str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2017                                         batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2018                                         d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
2019                 }
2020         }
2021
2022         rfcomm_unlock();
2023
2024         return (str - buf);
2025 }
2026
2027 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
2028
2029 /* ---- Initialization ---- */
2030 static int __init rfcomm_init(void)
2031 {
2032         l2cap_load();
2033
2034         hci_register_cb(&rfcomm_cb);
2035
2036         kernel_thread(rfcomm_run, NULL, CLONE_KERNEL);
2037
2038         class_create_file(bt_class, &class_attr_rfcomm_dlc);
2039
2040         rfcomm_init_sockets();
2041
2042 #ifdef CONFIG_BT_RFCOMM_TTY
2043         rfcomm_init_ttys();
2044 #endif
2045
2046         BT_INFO("RFCOMM ver %s", VERSION);
2047
2048         return 0;
2049 }
2050
2051 static void __exit rfcomm_exit(void)
2052 {
2053         class_remove_file(bt_class, &class_attr_rfcomm_dlc);
2054
2055         hci_unregister_cb(&rfcomm_cb);
2056
2057         /* Terminate working thread.
2058          * ie. Set terminate flag and wake it up */
2059         atomic_inc(&terminate);
2060         rfcomm_schedule(RFCOMM_SCHED_STATE);
2061
2062         /* Wait until thread is running */
2063         while (atomic_read(&running))
2064                 schedule();
2065
2066 #ifdef CONFIG_BT_RFCOMM_TTY
2067         rfcomm_cleanup_ttys();
2068 #endif
2069
2070         rfcomm_cleanup_sockets();
2071 }
2072
2073 module_init(rfcomm_init);
2074 module_exit(rfcomm_exit);
2075
2076 module_param(l2cap_mtu, uint, 0644);
2077 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2078
2079 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
2080 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2081 MODULE_VERSION(VERSION);
2082 MODULE_LICENSE("GPL");
2083 MODULE_ALIAS("bt-proto-3");