5b4253c61f628d2c7256f5ac5f196bd20b40f5ce
[linux-2.6.git] / net / bluetooth / rfcomm / core.c
1 /* 
2    RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3    Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4    Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License version 2 as
8    published by the Free Software Foundation;
9
10    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 
15    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 
16    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 
17    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 
20    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 
21    SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25  * Bluetooth RFCOMM core.
26  *
27  * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $
28  */
29
30 #include <linux/config.h>
31 #include <linux/module.h>
32 #include <linux/errno.h>
33 #include <linux/kernel.h>
34 #include <linux/sched.h>
35 #include <linux/signal.h>
36 #include <linux/init.h>
37 #include <linux/wait.h>
38 #include <linux/device.h>
39 #include <linux/net.h>
40 #include <net/sock.h>
41 #include <asm/uaccess.h>
42 #include <asm/unaligned.h>
43
44 #include <net/bluetooth/bluetooth.h>
45 #include <net/bluetooth/hci_core.h>
46 #include <net/bluetooth/l2cap.h>
47 #include <net/bluetooth/rfcomm.h>
48
49 #ifndef CONFIG_BT_RFCOMM_DEBUG
50 #undef  BT_DBG
51 #define BT_DBG(D...)
52 #endif
53
54 #define VERSION "1.7"
55
56 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
57
58 static struct task_struct *rfcomm_thread;
59
60 static DECLARE_MUTEX(rfcomm_sem);
61 #define rfcomm_lock()   down(&rfcomm_sem);
62 #define rfcomm_unlock() up(&rfcomm_sem);
63
64 static unsigned long rfcomm_event;
65
66 static LIST_HEAD(session_list);
67 static atomic_t terminate, running;
68
69 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
70 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
71 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
72 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
73 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
74 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
75 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
76 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
77 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
78 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
79
80 static void rfcomm_process_connect(struct rfcomm_session *s);
81
82 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
83 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
84 static void rfcomm_session_del(struct rfcomm_session *s);
85
86 /* ---- RFCOMM frame parsing macros ---- */
87 #define __get_dlci(b)     ((b & 0xfc) >> 2)
88 #define __get_channel(b)  ((b & 0xf8) >> 3)
89 #define __get_dir(b)      ((b & 0x04) >> 2)
90 #define __get_type(b)     ((b & 0xef))
91
92 #define __test_ea(b)      ((b & 0x01))
93 #define __test_cr(b)      ((b & 0x02))
94 #define __test_pf(b)      ((b & 0x10))
95
96 #define __addr(cr, dlci)       (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
97 #define __ctrl(type, pf)       (((type & 0xef) | (pf << 4)))
98 #define __dlci(dir, chn)       (((chn & 0x1f) << 1) | dir)
99 #define __srv_channel(dlci)    (dlci >> 1)
100 #define __dir(dlci)            (dlci & 0x01)
101
102 #define __len8(len)       (((len) << 1) | 1)
103 #define __len16(len)      ((len) << 1)
104
105 /* MCC macros */
106 #define __mcc_type(cr, type)   (((type << 2) | (cr << 1) | 0x01))
107 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
108 #define __get_mcc_len(b)  ((b & 0xfe) >> 1)
109
110 /* RPN macros */
111 #define __rpn_line_settings(data, stop, parity)  ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
112 #define __get_rpn_data_bits(line) ((line) & 0x3)
113 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
114 #define __get_rpn_parity(line)    (((line) >> 3) & 0x7)
115
116 static inline void rfcomm_schedule(uint event)
117 {
118         if (!rfcomm_thread)
119                 return;
120         //set_bit(event, &rfcomm_event);
121         set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
122         wake_up_process(rfcomm_thread);
123 }
124
125 static inline void rfcomm_session_put(struct rfcomm_session *s)
126 {
127         if (atomic_dec_and_test(&s->refcnt))
128                 rfcomm_session_del(s);
129 }
130
131 /* ---- RFCOMM FCS computation ---- */
132
133 /* reversed, 8-bit, poly=0x07 */
134 static unsigned char rfcomm_crc_table[256] = { 
135         0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
136         0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
137         0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
138         0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
139
140         0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
141         0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
142         0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
143         0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
144
145         0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
146         0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
147         0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
148         0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
149
150         0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
151         0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
152         0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
153         0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
154
155         0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
156         0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
157         0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
158         0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
159
160         0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
161         0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
162         0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
163         0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
164
165         0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
166         0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
167         0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
168         0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
169
170         0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
171         0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
172         0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
173         0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
174 };
175
176 /* CRC on 2 bytes */
177 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
178
179 /* FCS on 2 bytes */ 
180 static inline u8 __fcs(u8 *data)
181 {
182         return (0xff - __crc(data));
183 }
184
185 /* FCS on 3 bytes */ 
186 static inline u8 __fcs2(u8 *data)
187 {
188         return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
189 }
190
191 /* Check FCS */
192 static inline int __check_fcs(u8 *data, int type, u8 fcs)
193 {
194         u8 f = __crc(data);
195
196         if (type != RFCOMM_UIH)
197                 f = rfcomm_crc_table[f ^ data[2]];
198
199         return rfcomm_crc_table[f ^ fcs] != 0xcf;
200 }
201
202 /* ---- L2CAP callbacks ---- */
203 static void rfcomm_l2state_change(struct sock *sk)
204 {
205         BT_DBG("%p state %d", sk, sk->sk_state);
206         rfcomm_schedule(RFCOMM_SCHED_STATE);
207 }
208
209 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
210 {
211         BT_DBG("%p bytes %d", sk, bytes);
212         rfcomm_schedule(RFCOMM_SCHED_RX);
213 }
214
215 static int rfcomm_l2sock_create(struct socket **sock)
216 {
217         int err;
218
219         BT_DBG("");
220
221         err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
222         if (!err) {
223                 struct sock *sk = (*sock)->sk;
224                 sk->sk_data_ready   = rfcomm_l2data_ready;
225                 sk->sk_state_change = rfcomm_l2state_change;
226         }
227         return err;
228 }
229
230 /* ---- RFCOMM DLCs ---- */
231 static void rfcomm_dlc_timeout(unsigned long arg)
232 {
233         struct rfcomm_dlc *d = (void *) arg;
234
235         BT_DBG("dlc %p state %ld", d, d->state);
236
237         set_bit(RFCOMM_TIMED_OUT, &d->flags);
238         rfcomm_dlc_put(d);
239         rfcomm_schedule(RFCOMM_SCHED_TIMEO);
240 }
241
242 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
243 {
244         BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
245
246         if (!mod_timer(&d->timer, jiffies + timeout))
247                 rfcomm_dlc_hold(d);
248 }
249
250 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
251 {
252         BT_DBG("dlc %p state %ld", d, d->state);
253
254         if (timer_pending(&d->timer) && del_timer(&d->timer))
255                 rfcomm_dlc_put(d);
256 }
257
258 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
259 {
260         BT_DBG("%p", d);
261
262         d->state      = BT_OPEN;
263         d->flags      = 0;
264         d->mscex      = 0;
265         d->mtu        = RFCOMM_DEFAULT_MTU;
266         d->v24_sig    = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
267
268         d->cfc        = RFCOMM_CFC_DISABLED;
269         d->rx_credits = RFCOMM_DEFAULT_CREDITS;
270 }
271
272 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
273 {
274         struct rfcomm_dlc *d = kmalloc(sizeof(*d), prio);
275         if (!d)
276                 return NULL;
277         memset(d, 0, sizeof(*d));
278
279         init_timer(&d->timer);
280         d->timer.function = rfcomm_dlc_timeout;
281         d->timer.data = (unsigned long) d;
282
283         skb_queue_head_init(&d->tx_queue);
284         spin_lock_init(&d->lock);
285         atomic_set(&d->refcnt, 1);
286
287         rfcomm_dlc_clear_state(d);
288         
289         BT_DBG("%p", d);
290         return d;
291 }
292
293 void rfcomm_dlc_free(struct rfcomm_dlc *d)
294 {
295         BT_DBG("%p", d);
296
297         skb_queue_purge(&d->tx_queue);
298         kfree(d);
299 }
300
301 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
302 {
303         BT_DBG("dlc %p session %p", d, s);
304
305         rfcomm_session_hold(s);
306
307         rfcomm_dlc_hold(d);
308         list_add(&d->list, &s->dlcs);
309         d->session = s;
310 }
311
312 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
313 {
314         struct rfcomm_session *s = d->session;
315
316         BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
317
318         list_del(&d->list);
319         d->session = NULL;
320         rfcomm_dlc_put(d);
321
322         rfcomm_session_put(s);
323 }
324
325 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
326 {
327         struct rfcomm_dlc *d;
328         struct list_head *p;
329
330         list_for_each(p, &s->dlcs) {
331                 d = list_entry(p, struct rfcomm_dlc, list);
332                 if (d->dlci == dlci)
333                         return d;
334         }
335         return NULL;
336 }
337
338 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
339 {
340         struct rfcomm_session *s;
341         int err = 0;
342         u8 dlci;
343
344         BT_DBG("dlc %p state %ld %s %s channel %d", 
345                         d, d->state, batostr(src), batostr(dst), channel);
346
347         if (channel < 1 || channel > 30)
348                 return -EINVAL;
349
350         if (d->state != BT_OPEN && d->state != BT_CLOSED)
351                 return 0;
352
353         s = rfcomm_session_get(src, dst);
354         if (!s) {
355                 s = rfcomm_session_create(src, dst, &err);
356                 if (!s)
357                         return err;
358         }
359
360         dlci = __dlci(!s->initiator, channel);
361
362         /* Check if DLCI already exists */
363         if (rfcomm_dlc_get(s, dlci))
364                 return -EBUSY;
365
366         rfcomm_dlc_clear_state(d);
367
368         d->dlci     = dlci;
369         d->addr     = __addr(s->initiator, dlci);
370         d->priority = 7;
371
372         d->state    = BT_CONFIG;
373         rfcomm_dlc_link(s, d);
374
375         d->mtu = s->mtu;
376         d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
377
378         if (s->state == BT_CONNECTED)
379                 rfcomm_send_pn(s, 1, d);
380         rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
381         return 0;
382 }
383
384 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
385 {
386         int r;
387
388         rfcomm_lock();
389
390         r = __rfcomm_dlc_open(d, src, dst, channel);
391
392         rfcomm_unlock();
393         return r;
394 }
395
396 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
397 {
398         struct rfcomm_session *s = d->session;
399         if (!s)
400                 return 0;
401
402         BT_DBG("dlc %p state %ld dlci %d err %d session %p",
403                         d, d->state, d->dlci, err, s);
404
405         switch (d->state) {
406         case BT_CONNECTED:
407         case BT_CONFIG:
408         case BT_CONNECT:
409                 d->state = BT_DISCONN;
410                 if (skb_queue_empty(&d->tx_queue)) {
411                         rfcomm_send_disc(s, d->dlci);
412                         rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
413                 } else {
414                         rfcomm_queue_disc(d);
415                         rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
416                 }
417                 break;
418
419         default:
420                 rfcomm_dlc_clear_timer(d);
421
422                 rfcomm_dlc_lock(d);
423                 d->state = BT_CLOSED;
424                 d->state_change(d, err);
425                 rfcomm_dlc_unlock(d);
426
427                 skb_queue_purge(&d->tx_queue);
428                 rfcomm_dlc_unlink(d);
429         }
430
431         return 0;
432 }
433
434 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
435 {
436         int r;
437
438         rfcomm_lock();
439
440         r = __rfcomm_dlc_close(d, err);
441
442         rfcomm_unlock();
443         return r;
444 }
445
446 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
447 {
448         int len = skb->len;
449
450         if (d->state != BT_CONNECTED)
451                 return -ENOTCONN;
452
453         BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
454
455         if (len > d->mtu)
456                 return -EINVAL;
457
458         rfcomm_make_uih(skb, d->addr);
459         skb_queue_tail(&d->tx_queue, skb);
460
461         if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
462                 rfcomm_schedule(RFCOMM_SCHED_TX);
463         return len;
464 }
465
466 void fastcall __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
467 {
468         BT_DBG("dlc %p state %ld", d, d->state);
469
470         if (!d->cfc) {
471                 d->v24_sig |= RFCOMM_V24_FC;
472                 set_bit(RFCOMM_MSC_PENDING, &d->flags);
473         }
474         rfcomm_schedule(RFCOMM_SCHED_TX);
475 }
476
477 void fastcall __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
478 {
479         BT_DBG("dlc %p state %ld", d, d->state);
480
481         if (!d->cfc) {
482                 d->v24_sig &= ~RFCOMM_V24_FC;
483                 set_bit(RFCOMM_MSC_PENDING, &d->flags);
484         }
485         rfcomm_schedule(RFCOMM_SCHED_TX);
486 }
487
488 /* 
489    Set/get modem status functions use _local_ status i.e. what we report
490    to the other side.
491    Remote status is provided by dlc->modem_status() callback.
492  */
493 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
494 {
495         BT_DBG("dlc %p state %ld v24_sig 0x%x", 
496                         d, d->state, v24_sig);
497
498         if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
499                 v24_sig |= RFCOMM_V24_FC;
500         else
501                 v24_sig &= ~RFCOMM_V24_FC;
502         
503         d->v24_sig = v24_sig;
504
505         if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
506                 rfcomm_schedule(RFCOMM_SCHED_TX);
507
508         return 0;
509 }
510
511 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
512 {
513         BT_DBG("dlc %p state %ld v24_sig 0x%x", 
514                         d, d->state, d->v24_sig);
515
516         *v24_sig = d->v24_sig;
517         return 0;
518 }
519
520 /* ---- RFCOMM sessions ---- */
521 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
522 {
523         struct rfcomm_session *s = kmalloc(sizeof(*s), GFP_KERNEL);
524         if (!s)
525                 return NULL;
526         memset(s, 0, sizeof(*s));
527
528         BT_DBG("session %p sock %p", s, sock);
529
530         INIT_LIST_HEAD(&s->dlcs);
531         s->state = state;
532         s->sock  = sock;
533
534         s->mtu = RFCOMM_DEFAULT_MTU;
535         s->cfc = RFCOMM_CFC_UNKNOWN;
536
537         /* Do not increment module usage count for listening sessions.
538          * Otherwise we won't be able to unload the module. */
539         if (state != BT_LISTEN)
540                 if (!try_module_get(THIS_MODULE)) {
541                         kfree(s);
542                         return NULL;
543                 }
544
545         list_add(&s->list, &session_list);
546
547         return s;
548 }
549
550 static void rfcomm_session_del(struct rfcomm_session *s)
551 {
552         int state = s->state;
553
554         BT_DBG("session %p state %ld", s, s->state);
555
556         list_del(&s->list);
557
558         if (state == BT_CONNECTED)
559                 rfcomm_send_disc(s, 0);
560
561         sock_release(s->sock);
562         kfree(s);
563
564         if (state != BT_LISTEN)
565                 module_put(THIS_MODULE);
566 }
567
568 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
569 {
570         struct rfcomm_session *s;
571         struct list_head *p, *n;
572         struct bt_sock *sk;
573         list_for_each_safe(p, n, &session_list) {
574                 s = list_entry(p, struct rfcomm_session, list);
575                 sk = bt_sk(s->sock->sk); 
576
577                 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
578                                 !bacmp(&sk->dst, dst))
579                         return s;
580         }
581         return NULL;
582 }
583
584 static void rfcomm_session_close(struct rfcomm_session *s, int err)
585 {
586         struct rfcomm_dlc *d;
587         struct list_head *p, *n;
588
589         BT_DBG("session %p state %ld err %d", s, s->state, err);
590
591         rfcomm_session_hold(s);
592
593         s->state = BT_CLOSED;
594
595         /* Close all dlcs */
596         list_for_each_safe(p, n, &s->dlcs) {
597                 d = list_entry(p, struct rfcomm_dlc, list);
598                 d->state = BT_CLOSED;
599                 __rfcomm_dlc_close(d, err);
600         }
601
602         rfcomm_session_put(s);
603 }
604
605 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
606 {
607         struct rfcomm_session *s = NULL;
608         struct sockaddr_l2 addr;
609         struct socket *sock;
610         struct sock *sk;
611
612         BT_DBG("%s %s", batostr(src), batostr(dst));
613
614         *err = rfcomm_l2sock_create(&sock);
615         if (*err < 0)
616                 return NULL;
617
618         bacpy(&addr.l2_bdaddr, src);
619         addr.l2_family = AF_BLUETOOTH;
620         addr.l2_psm    = 0;
621         *err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
622         if (*err < 0)
623                 goto failed;
624
625         /* Set L2CAP options */
626         sk = sock->sk;
627         lock_sock(sk);
628         l2cap_pi(sk)->imtu = l2cap_mtu;
629         release_sock(sk);
630
631         s = rfcomm_session_add(sock, BT_BOUND);
632         if (!s) {
633                 *err = -ENOMEM;
634                 goto failed;
635         }
636
637         s->initiator = 1;
638
639         bacpy(&addr.l2_bdaddr, dst);
640         addr.l2_family = AF_BLUETOOTH;
641         addr.l2_psm    = htobs(RFCOMM_PSM);
642         *err = sock->ops->connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
643         if (*err == 0 || *err == -EAGAIN)
644                 return s;
645
646         rfcomm_session_del(s);
647         return NULL;
648
649 failed:
650         sock_release(sock);
651         return NULL;
652 }
653
654 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
655 {
656         struct sock *sk = s->sock->sk;
657         if (src)
658                 bacpy(src, &bt_sk(sk)->src);
659         if (dst)
660                 bacpy(dst, &bt_sk(sk)->dst);
661 }
662
663 /* ---- RFCOMM frame sending ---- */
664 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
665 {
666         struct socket *sock = s->sock;
667         struct kvec iv = { data, len };
668         struct msghdr msg;
669
670         BT_DBG("session %p len %d", s, len);
671
672         memset(&msg, 0, sizeof(msg));
673
674         return kernel_sendmsg(sock, &msg, &iv, 1, len);
675 }
676
677 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
678 {
679         struct rfcomm_cmd cmd;
680
681         BT_DBG("%p dlci %d", s, dlci);
682
683         cmd.addr = __addr(s->initiator, dlci);
684         cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
685         cmd.len  = __len8(0);
686         cmd.fcs  = __fcs2((u8 *) &cmd);
687
688         return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
689 }
690
691 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
692 {
693         struct rfcomm_cmd cmd;
694
695         BT_DBG("%p dlci %d", s, dlci);
696
697         cmd.addr = __addr(!s->initiator, dlci);
698         cmd.ctrl = __ctrl(RFCOMM_UA, 1);
699         cmd.len  = __len8(0);
700         cmd.fcs  = __fcs2((u8 *) &cmd);
701
702         return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
703 }
704
705 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
706 {
707         struct rfcomm_cmd cmd;
708
709         BT_DBG("%p dlci %d", s, dlci);
710
711         cmd.addr = __addr(s->initiator, dlci);
712         cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
713         cmd.len  = __len8(0);
714         cmd.fcs  = __fcs2((u8 *) &cmd);
715
716         return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
717 }
718
719 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
720 {
721         struct rfcomm_cmd *cmd;
722         struct sk_buff *skb;
723
724         BT_DBG("dlc %p dlci %d", d, d->dlci);
725
726         skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
727         if (!skb)
728                 return -ENOMEM;
729
730         cmd = (void *) __skb_put(skb, sizeof(*cmd));
731         cmd->addr = d->addr;
732         cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
733         cmd->len  = __len8(0);
734         cmd->fcs  = __fcs2((u8 *) cmd);
735
736         skb_queue_tail(&d->tx_queue, skb);
737         rfcomm_schedule(RFCOMM_SCHED_TX);
738         return 0;
739 }
740
741 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
742 {
743         struct rfcomm_cmd cmd;
744
745         BT_DBG("%p dlci %d", s, dlci);
746
747         cmd.addr = __addr(!s->initiator, dlci);
748         cmd.ctrl = __ctrl(RFCOMM_DM, 1);
749         cmd.len  = __len8(0);
750         cmd.fcs  = __fcs2((u8 *) &cmd);
751
752         return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
753 }
754
755 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
756 {
757         struct rfcomm_hdr *hdr;
758         struct rfcomm_mcc *mcc;
759         u8 buf[16], *ptr = buf;
760
761         BT_DBG("%p cr %d type %d", s, cr, type);
762
763         hdr = (void *) ptr; ptr += sizeof(*hdr);
764         hdr->addr = __addr(s->initiator, 0);
765         hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
766         hdr->len  = __len8(sizeof(*mcc) + 1);
767
768         mcc = (void *) ptr; ptr += sizeof(*mcc);
769         mcc->type = __mcc_type(cr, RFCOMM_NSC);
770         mcc->len  = __len8(1);
771
772         /* Type that we didn't like */
773         *ptr = __mcc_type(cr, type); ptr++;
774
775         *ptr = __fcs(buf); ptr++;
776
777         return rfcomm_send_frame(s, buf, ptr - buf);
778 }
779
780 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
781 {
782         struct rfcomm_hdr *hdr;
783         struct rfcomm_mcc *mcc;
784         struct rfcomm_pn  *pn;
785         u8 buf[16], *ptr = buf;
786
787         BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
788
789         hdr = (void *) ptr; ptr += sizeof(*hdr);
790         hdr->addr = __addr(s->initiator, 0);
791         hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
792         hdr->len  = __len8(sizeof(*mcc) + sizeof(*pn));
793
794         mcc = (void *) ptr; ptr += sizeof(*mcc);
795         mcc->type = __mcc_type(cr, RFCOMM_PN);
796         mcc->len  = __len8(sizeof(*pn));
797
798         pn = (void *) ptr; ptr += sizeof(*pn);
799         pn->dlci        = d->dlci;
800         pn->priority    = d->priority;
801         pn->ack_timer   = 0;
802         pn->max_retrans = 0;
803
804         if (s->cfc) {
805                 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
806                 pn->credits = RFCOMM_DEFAULT_CREDITS;
807         } else {
808                 pn->flow_ctrl = 0;
809                 pn->credits   = 0;
810         }
811
812         pn->mtu = htobs(d->mtu);
813
814         *ptr = __fcs(buf); ptr++;
815
816         return rfcomm_send_frame(s, buf, ptr - buf);
817 }
818
819 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
820                         u8 bit_rate, u8 data_bits, u8 stop_bits,
821                         u8 parity, u8 flow_ctrl_settings, 
822                         u8 xon_char, u8 xoff_char, u16 param_mask)
823 {
824         struct rfcomm_hdr *hdr;
825         struct rfcomm_mcc *mcc;
826         struct rfcomm_rpn *rpn;
827         u8 buf[16], *ptr = buf;
828
829         BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
830                         " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x", 
831                 s, cr, dlci, bit_rate, data_bits, stop_bits, parity, 
832                 flow_ctrl_settings, xon_char, xoff_char, param_mask);
833
834         hdr = (void *) ptr; ptr += sizeof(*hdr);
835         hdr->addr = __addr(s->initiator, 0);
836         hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
837         hdr->len  = __len8(sizeof(*mcc) + sizeof(*rpn));
838
839         mcc = (void *) ptr; ptr += sizeof(*mcc);
840         mcc->type = __mcc_type(cr, RFCOMM_RPN);
841         mcc->len  = __len8(sizeof(*rpn));
842
843         rpn = (void *) ptr; ptr += sizeof(*rpn);
844         rpn->dlci          = __addr(1, dlci);
845         rpn->bit_rate      = bit_rate;
846         rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
847         rpn->flow_ctrl     = flow_ctrl_settings;
848         rpn->xon_char      = xon_char;
849         rpn->xoff_char     = xoff_char;
850         rpn->param_mask    = param_mask;
851
852         *ptr = __fcs(buf); ptr++;
853
854         return rfcomm_send_frame(s, buf, ptr - buf);
855 }
856
857 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
858 {
859         struct rfcomm_hdr *hdr;
860         struct rfcomm_mcc *mcc;
861         struct rfcomm_rls *rls;
862         u8 buf[16], *ptr = buf;
863
864         BT_DBG("%p cr %d status 0x%x", s, cr, status);
865
866         hdr = (void *) ptr; ptr += sizeof(*hdr);
867         hdr->addr = __addr(s->initiator, 0);
868         hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
869         hdr->len  = __len8(sizeof(*mcc) + sizeof(*rls));
870
871         mcc = (void *) ptr; ptr += sizeof(*mcc);
872         mcc->type = __mcc_type(cr, RFCOMM_RLS);
873         mcc->len  = __len8(sizeof(*rls));
874
875         rls = (void *) ptr; ptr += sizeof(*rls);
876         rls->dlci   = __addr(1, dlci);
877         rls->status = status;
878
879         *ptr = __fcs(buf); ptr++;
880
881         return rfcomm_send_frame(s, buf, ptr - buf);
882 }
883
884 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
885 {
886         struct rfcomm_hdr *hdr;
887         struct rfcomm_mcc *mcc;
888         struct rfcomm_msc *msc;
889         u8 buf[16], *ptr = buf;
890
891         BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
892
893         hdr = (void *) ptr; ptr += sizeof(*hdr);
894         hdr->addr = __addr(s->initiator, 0);
895         hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
896         hdr->len  = __len8(sizeof(*mcc) + sizeof(*msc));
897
898         mcc = (void *) ptr; ptr += sizeof(*mcc);
899         mcc->type = __mcc_type(cr, RFCOMM_MSC);
900         mcc->len  = __len8(sizeof(*msc));
901
902         msc = (void *) ptr; ptr += sizeof(*msc);
903         msc->dlci    = __addr(1, dlci);
904         msc->v24_sig = v24_sig | 0x01;
905
906         *ptr = __fcs(buf); ptr++;
907
908         return rfcomm_send_frame(s, buf, ptr - buf);
909 }
910
911 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
912 {
913         struct rfcomm_hdr *hdr;
914         struct rfcomm_mcc *mcc;
915         u8 buf[16], *ptr = buf;
916
917         BT_DBG("%p cr %d", s, cr);
918
919         hdr = (void *) ptr; ptr += sizeof(*hdr);
920         hdr->addr = __addr(s->initiator, 0);
921         hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
922         hdr->len  = __len8(sizeof(*mcc));
923
924         mcc = (void *) ptr; ptr += sizeof(*mcc);
925         mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
926         mcc->len  = __len8(0);
927
928         *ptr = __fcs(buf); ptr++;
929
930         return rfcomm_send_frame(s, buf, ptr - buf);
931 }
932
933 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
934 {
935         struct rfcomm_hdr *hdr;
936         struct rfcomm_mcc *mcc;
937         u8 buf[16], *ptr = buf;
938
939         BT_DBG("%p cr %d", s, cr);
940
941         hdr = (void *) ptr; ptr += sizeof(*hdr);
942         hdr->addr = __addr(s->initiator, 0);
943         hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
944         hdr->len  = __len8(sizeof(*mcc));
945
946         mcc = (void *) ptr; ptr += sizeof(*mcc);
947         mcc->type = __mcc_type(cr, RFCOMM_FCON);
948         mcc->len  = __len8(0);
949
950         *ptr = __fcs(buf); ptr++;
951
952         return rfcomm_send_frame(s, buf, ptr - buf);
953 }
954
955 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
956 {
957         struct socket *sock = s->sock;
958         struct kvec iv[3];
959         struct msghdr msg;
960         unsigned char hdr[5], crc[1];
961
962         if (len > 125)
963                 return -EINVAL;
964
965         BT_DBG("%p cr %d", s, cr);
966
967         hdr[0] = __addr(s->initiator, 0);
968         hdr[1] = __ctrl(RFCOMM_UIH, 0);
969         hdr[2] = 0x01 | ((len + 2) << 1);
970         hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
971         hdr[4] = 0x01 | (len << 1);
972
973         crc[0] = __fcs(hdr);
974
975         iv[0].iov_base = hdr;
976         iv[0].iov_len  = 5;
977         iv[1].iov_base = pattern;
978         iv[1].iov_len  = len;
979         iv[2].iov_base = crc;
980         iv[2].iov_len  = 1;
981
982         memset(&msg, 0, sizeof(msg));
983
984         return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
985 }
986
987 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
988 {
989         struct rfcomm_hdr *hdr;
990         u8 buf[16], *ptr = buf;
991
992         BT_DBG("%p addr %d credits %d", s, addr, credits);
993
994         hdr = (void *) ptr; ptr += sizeof(*hdr);
995         hdr->addr = addr;
996         hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
997         hdr->len  = __len8(0);
998
999         *ptr = credits; ptr++;
1000
1001         *ptr = __fcs(buf); ptr++;
1002
1003         return rfcomm_send_frame(s, buf, ptr - buf);
1004 }
1005
1006 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1007 {
1008         struct rfcomm_hdr *hdr;
1009         int len = skb->len;
1010         u8 *crc;
1011
1012         if (len > 127) {
1013                 hdr = (void *) skb_push(skb, 4);
1014                 put_unaligned(htobs(__len16(len)), (u16 *) &hdr->len);
1015         } else {
1016                 hdr = (void *) skb_push(skb, 3);
1017                 hdr->len = __len8(len);
1018         }
1019         hdr->addr = addr;
1020         hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1021
1022         crc = skb_put(skb, 1);
1023         *crc = __fcs((void *) hdr);
1024 }
1025
1026 /* ---- RFCOMM frame reception ---- */
1027 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1028 {
1029         BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1030
1031         if (dlci) {
1032                 /* Data channel */
1033                 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1034                 if (!d) {
1035                         rfcomm_send_dm(s, dlci);
1036                         return 0;
1037                 }
1038
1039                 switch (d->state) {
1040                 case BT_CONNECT:
1041                         rfcomm_dlc_clear_timer(d);
1042
1043                         rfcomm_dlc_lock(d);
1044                         d->state = BT_CONNECTED;
1045                         d->state_change(d, 0);
1046                         rfcomm_dlc_unlock(d);
1047
1048                         rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1049                         break;
1050
1051                 case BT_DISCONN:
1052                         d->state = BT_CLOSED;
1053                         __rfcomm_dlc_close(d, 0);
1054                         break;
1055                 }
1056         } else {
1057                 /* Control channel */
1058                 switch (s->state) {
1059                 case BT_CONNECT:
1060                         s->state = BT_CONNECTED;
1061                         rfcomm_process_connect(s);
1062                         break;
1063                 }
1064         }
1065         return 0;
1066 }
1067
1068 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1069 {
1070         int err = 0;
1071
1072         BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1073
1074         if (dlci) {
1075                 /* Data DLC */
1076                 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1077                 if (d) {
1078                         if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1079                                 err = ECONNREFUSED;
1080                         else
1081                                 err = ECONNRESET;
1082
1083                         d->state = BT_CLOSED;
1084                         __rfcomm_dlc_close(d, err);
1085                 }
1086         } else {
1087                 if (s->state == BT_CONNECT)
1088                         err = ECONNREFUSED;
1089                 else
1090                         err = ECONNRESET;
1091
1092                 s->state = BT_CLOSED;
1093                 rfcomm_session_close(s, err);
1094         }
1095         return 0;
1096 }
1097
1098 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1099 {
1100         int err = 0;
1101
1102         BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1103
1104         if (dlci) {
1105                 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1106                 if (d) {
1107                         rfcomm_send_ua(s, dlci);
1108
1109                         if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1110                                 err = ECONNREFUSED;
1111                         else
1112                                 err = ECONNRESET;
1113
1114                         d->state = BT_CLOSED;
1115                         __rfcomm_dlc_close(d, err);
1116                 } else 
1117                         rfcomm_send_dm(s, dlci);
1118                         
1119         } else {
1120                 rfcomm_send_ua(s, 0);
1121
1122                 if (s->state == BT_CONNECT)
1123                         err = ECONNREFUSED;
1124                 else
1125                         err = ECONNRESET;
1126
1127                 s->state = BT_CLOSED;
1128                 rfcomm_session_close(s, err);
1129         }
1130
1131         return 0;
1132 }
1133
1134 static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
1135 {
1136         struct sock *sk = d->session->sock->sk;
1137
1138         if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
1139                 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
1140                         return 1;
1141         } else if (d->link_mode & RFCOMM_LM_AUTH) {
1142                 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
1143                         return 1;
1144         }
1145
1146         return 0;
1147 }
1148
1149 static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1150 {
1151         BT_DBG("dlc %p", d);
1152
1153         rfcomm_send_ua(d->session, d->dlci);
1154
1155         rfcomm_dlc_lock(d);
1156         d->state = BT_CONNECTED;
1157         d->state_change(d, 0);
1158         rfcomm_dlc_unlock(d);
1159
1160         rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1161 }
1162
1163 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1164 {
1165         struct rfcomm_dlc *d;
1166         u8 channel;
1167
1168         BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1169
1170         if (!dlci) {
1171                 rfcomm_send_ua(s, 0);
1172
1173                 if (s->state == BT_OPEN) {
1174                         s->state = BT_CONNECTED;
1175                         rfcomm_process_connect(s);
1176                 }
1177                 return 0;
1178         }
1179
1180         /* Check if DLC exists */
1181         d = rfcomm_dlc_get(s, dlci);
1182         if (d) {
1183                 if (d->state == BT_OPEN) {
1184                         /* DLC was previously opened by PN request */
1185                         if (rfcomm_check_link_mode(d)) {
1186                                 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1187                                 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1188                                 return 0;
1189                         }
1190
1191                         rfcomm_dlc_accept(d);
1192                 }
1193                 return 0;
1194         }
1195
1196         /* Notify socket layer about incoming connection */
1197         channel = __srv_channel(dlci);
1198         if (rfcomm_connect_ind(s, channel, &d)) {
1199                 d->dlci = dlci;
1200                 d->addr = __addr(s->initiator, dlci);
1201                 rfcomm_dlc_link(s, d);
1202
1203                 if (rfcomm_check_link_mode(d)) {
1204                         set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1205                         rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1206                         return 0;
1207                 }
1208
1209                 rfcomm_dlc_accept(d);
1210         } else {
1211                 rfcomm_send_dm(s, dlci);
1212         }
1213
1214         return 0;
1215 }
1216
1217 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1218 {
1219         struct rfcomm_session *s = d->session;
1220
1221         BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d", 
1222                         d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1223
1224         if (pn->flow_ctrl == 0xf0 || pn->flow_ctrl == 0xe0) {
1225                 d->cfc = s->cfc = RFCOMM_CFC_ENABLED;
1226                 d->tx_credits = pn->credits;
1227         } else {
1228                 d->cfc = s->cfc = RFCOMM_CFC_DISABLED;
1229                 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1230         }
1231
1232         d->priority = pn->priority;
1233
1234         d->mtu = s->mtu = btohs(pn->mtu);
1235
1236         return 0;
1237 }
1238
1239 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1240 {
1241         struct rfcomm_pn *pn = (void *) skb->data;
1242         struct rfcomm_dlc *d;
1243         u8 dlci = pn->dlci;
1244
1245         BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1246
1247         if (!dlci)
1248                 return 0;
1249
1250         d = rfcomm_dlc_get(s, dlci);
1251         if (d) {
1252                 if (cr) {
1253                         /* PN request */
1254                         rfcomm_apply_pn(d, cr, pn);
1255                         rfcomm_send_pn(s, 0, d);
1256                 } else {
1257                         /* PN response */
1258                         switch (d->state) {
1259                         case BT_CONFIG:
1260                                 rfcomm_apply_pn(d, cr, pn);
1261
1262                                 d->state = BT_CONNECT;
1263                                 rfcomm_send_sabm(s, d->dlci);
1264                                 break;
1265                         }
1266                 }
1267         } else {
1268                 u8 channel = __srv_channel(dlci);
1269
1270                 if (!cr)
1271                         return 0;
1272
1273                 /* PN request for non existing DLC.
1274                  * Assume incoming connection. */
1275                 if (rfcomm_connect_ind(s, channel, &d)) {
1276                         d->dlci = dlci;
1277                         d->addr = __addr(s->initiator, dlci);
1278                         rfcomm_dlc_link(s, d);
1279
1280                         rfcomm_apply_pn(d, cr, pn);
1281
1282                         d->state = BT_OPEN;
1283                         rfcomm_send_pn(s, 0, d);
1284                 } else {
1285                         rfcomm_send_dm(s, dlci);
1286                 }
1287         }
1288         return 0;
1289 }
1290
1291 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1292 {
1293         struct rfcomm_rpn *rpn = (void *) skb->data;
1294         u8 dlci = __get_dlci(rpn->dlci);
1295
1296         u8 bit_rate  = 0;
1297         u8 data_bits = 0;
1298         u8 stop_bits = 0;
1299         u8 parity    = 0;
1300         u8 flow_ctrl = 0;
1301         u8 xon_char  = 0;
1302         u8 xoff_char = 0;
1303         u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1304
1305         BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1306                 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1307                 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1308
1309         if (!cr)
1310                 return 0;
1311
1312         if (len == 1) {
1313                 /* This is a request, return default settings */
1314                 bit_rate  = RFCOMM_RPN_BR_115200;
1315                 data_bits = RFCOMM_RPN_DATA_8;
1316                 stop_bits = RFCOMM_RPN_STOP_1;
1317                 parity    = RFCOMM_RPN_PARITY_NONE;
1318                 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1319                 xon_char  = RFCOMM_RPN_XON_CHAR;
1320                 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1321                 goto rpn_out;
1322         }
1323
1324         /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1325          * no parity, no flow control lines, normal XON/XOFF chars */
1326
1327         if (rpn->param_mask & RFCOMM_RPN_PM_BITRATE) {
1328                 bit_rate = rpn->bit_rate;
1329                 if (bit_rate != RFCOMM_RPN_BR_115200) {
1330                         BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1331                         bit_rate = RFCOMM_RPN_BR_115200;
1332                         rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1333                 }
1334         }
1335
1336         if (rpn->param_mask & RFCOMM_RPN_PM_DATA) {
1337                 data_bits = __get_rpn_data_bits(rpn->line_settings);
1338                 if (data_bits != RFCOMM_RPN_DATA_8) {
1339                         BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1340                         data_bits = RFCOMM_RPN_DATA_8;
1341                         rpn_mask ^= RFCOMM_RPN_PM_DATA;
1342                 }
1343         }
1344
1345         if (rpn->param_mask & RFCOMM_RPN_PM_STOP) {
1346                 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1347                 if (stop_bits != RFCOMM_RPN_STOP_1) {
1348                         BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1349                         stop_bits = RFCOMM_RPN_STOP_1;
1350                         rpn_mask ^= RFCOMM_RPN_PM_STOP;
1351                 }
1352         }
1353
1354         if (rpn->param_mask & RFCOMM_RPN_PM_PARITY) {
1355                 parity = __get_rpn_parity(rpn->line_settings);
1356                 if (parity != RFCOMM_RPN_PARITY_NONE) {
1357                         BT_DBG("RPN parity mismatch 0x%x", parity);
1358                         parity = RFCOMM_RPN_PARITY_NONE;
1359                         rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1360                 }
1361         }
1362
1363         if (rpn->param_mask & RFCOMM_RPN_PM_FLOW) {
1364                 flow_ctrl = rpn->flow_ctrl;
1365                 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1366                         BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1367                         flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1368                         rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1369                 }
1370         }
1371
1372         if (rpn->param_mask & RFCOMM_RPN_PM_XON) {
1373                 xon_char = rpn->xon_char;
1374                 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1375                         BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1376                         xon_char = RFCOMM_RPN_XON_CHAR;
1377                         rpn_mask ^= RFCOMM_RPN_PM_XON;
1378                 }
1379         }
1380
1381         if (rpn->param_mask & RFCOMM_RPN_PM_XOFF) {
1382                 xoff_char = rpn->xoff_char;
1383                 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1384                         BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1385                         xoff_char = RFCOMM_RPN_XOFF_CHAR;
1386                         rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1387                 }
1388         }
1389
1390 rpn_out:
1391         rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1392                         parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1393
1394         return 0;
1395 }
1396
1397 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1398 {
1399         struct rfcomm_rls *rls = (void *) skb->data;
1400         u8 dlci = __get_dlci(rls->dlci);
1401
1402         BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1403
1404         if (!cr)
1405                 return 0;
1406
1407         /* We should probably do something with this information here. But
1408          * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1409          * mandatory to recognise and respond to RLS */
1410
1411         rfcomm_send_rls(s, 0, dlci, rls->status);
1412
1413         return 0;
1414 }
1415
1416 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1417 {
1418         struct rfcomm_msc *msc = (void *) skb->data;
1419         struct rfcomm_dlc *d;
1420         u8 dlci = __get_dlci(msc->dlci);
1421
1422         BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1423
1424         d = rfcomm_dlc_get(s, dlci);
1425         if (!d)
1426                 return 0;
1427
1428         if (cr) {
1429                 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1430                         set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1431                 else
1432                         clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1433
1434                 rfcomm_dlc_lock(d);
1435                 if (d->modem_status)
1436                         d->modem_status(d, msc->v24_sig);
1437                 rfcomm_dlc_unlock(d);
1438                 
1439                 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1440
1441                 d->mscex |= RFCOMM_MSCEX_RX;
1442         } else
1443                 d->mscex |= RFCOMM_MSCEX_TX;
1444
1445         return 0;
1446 }
1447
1448 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1449 {
1450         struct rfcomm_mcc *mcc = (void *) skb->data;
1451         u8 type, cr, len;
1452
1453         cr   = __test_cr(mcc->type);
1454         type = __get_mcc_type(mcc->type);
1455         len  = __get_mcc_len(mcc->len);
1456
1457         BT_DBG("%p type 0x%x cr %d", s, type, cr);
1458
1459         skb_pull(skb, 2);
1460
1461         switch (type) {
1462         case RFCOMM_PN:
1463                 rfcomm_recv_pn(s, cr, skb);
1464                 break;
1465
1466         case RFCOMM_RPN:
1467                 rfcomm_recv_rpn(s, cr, len, skb);
1468                 break;
1469
1470         case RFCOMM_RLS:
1471                 rfcomm_recv_rls(s, cr, skb);
1472                 break;
1473
1474         case RFCOMM_MSC:
1475                 rfcomm_recv_msc(s, cr, skb);
1476                 break;
1477
1478         case RFCOMM_FCOFF:
1479                 if (cr) {
1480                         set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1481                         rfcomm_send_fcoff(s, 0);
1482                 }
1483                 break;
1484
1485         case RFCOMM_FCON:
1486                 if (cr) {
1487                         clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1488                         rfcomm_send_fcon(s, 0);
1489                 }
1490                 break;
1491
1492         case RFCOMM_TEST:
1493                 if (cr)
1494                         rfcomm_send_test(s, 0, skb->data, skb->len);
1495                 break;
1496
1497         case RFCOMM_NSC:
1498                 break;
1499
1500         default:
1501                 BT_ERR("Unknown control type 0x%02x", type);
1502                 rfcomm_send_nsc(s, cr, type);
1503                 break;
1504         }
1505         return 0;
1506 }
1507
1508 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1509 {
1510         struct rfcomm_dlc *d;
1511
1512         BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1513
1514         d = rfcomm_dlc_get(s, dlci);
1515         if (!d) {
1516                 rfcomm_send_dm(s, dlci);
1517                 goto drop;
1518         }
1519
1520         if (pf && d->cfc) {
1521                 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1522
1523                 d->tx_credits += credits;
1524                 if (d->tx_credits)
1525                         clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1526         }
1527
1528         if (skb->len && d->state == BT_CONNECTED) {
1529                 rfcomm_dlc_lock(d);
1530                 d->rx_credits--;
1531                 d->data_ready(d, skb);
1532                 rfcomm_dlc_unlock(d);
1533                 return 0;
1534         }
1535
1536 drop:
1537         kfree_skb(skb);
1538         return 0;
1539 }
1540
1541 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1542 {
1543         struct rfcomm_hdr *hdr = (void *) skb->data;
1544         u8 type, dlci, fcs;
1545
1546         dlci = __get_dlci(hdr->addr);
1547         type = __get_type(hdr->ctrl);
1548
1549         /* Trim FCS */
1550         skb->len--; skb->tail--;
1551         fcs = *(u8 *) skb->tail;
1552
1553         if (__check_fcs(skb->data, type, fcs)) {
1554                 BT_ERR("bad checksum in packet");
1555                 kfree_skb(skb);
1556                 return -EILSEQ;
1557         }
1558
1559         if (__test_ea(hdr->len))
1560                 skb_pull(skb, 3);
1561         else
1562                 skb_pull(skb, 4);
1563
1564         switch (type) {
1565         case RFCOMM_SABM:
1566                 if (__test_pf(hdr->ctrl))
1567                         rfcomm_recv_sabm(s, dlci);
1568                 break;
1569
1570         case RFCOMM_DISC:
1571                 if (__test_pf(hdr->ctrl))
1572                         rfcomm_recv_disc(s, dlci);
1573                 break;
1574
1575         case RFCOMM_UA:
1576                 if (__test_pf(hdr->ctrl))
1577                         rfcomm_recv_ua(s, dlci);
1578                 break;
1579
1580         case RFCOMM_DM:
1581                 rfcomm_recv_dm(s, dlci);
1582                 break;
1583
1584         case RFCOMM_UIH:
1585                 if (dlci)
1586                         return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1587
1588                 rfcomm_recv_mcc(s, skb);
1589                 break;
1590
1591         default:
1592                 BT_ERR("Unknown packet type 0x%02x\n", type);
1593                 break;
1594         }
1595         kfree_skb(skb);
1596         return 0;
1597 }
1598
1599 /* ---- Connection and data processing ---- */
1600
1601 static void rfcomm_process_connect(struct rfcomm_session *s)
1602 {
1603         struct rfcomm_dlc *d;
1604         struct list_head *p, *n;
1605
1606         BT_DBG("session %p state %ld", s, s->state);
1607
1608         list_for_each_safe(p, n, &s->dlcs) {
1609                 d = list_entry(p, struct rfcomm_dlc, list);
1610                 if (d->state == BT_CONFIG) {
1611                         d->mtu = s->mtu;
1612                         rfcomm_send_pn(s, 1, d);
1613                 }
1614         }
1615 }
1616
1617 /* Send data queued for the DLC.
1618  * Return number of frames left in the queue.
1619  */
1620 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1621 {
1622         struct sk_buff *skb;
1623         int err;
1624
1625         BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d", 
1626                         d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1627
1628         /* Send pending MSC */
1629         if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1630                 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 
1631
1632         if (d->cfc) {
1633                 /* CFC enabled. 
1634                  * Give them some credits */
1635                 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1636                                 d->rx_credits <= (d->cfc >> 2)) {
1637                         rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1638                         d->rx_credits = d->cfc;
1639                 }
1640         } else {
1641                 /* CFC disabled.
1642                  * Give ourselves some credits */
1643                 d->tx_credits = 5;
1644         }
1645
1646         if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1647                 return skb_queue_len(&d->tx_queue);
1648
1649         while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1650                 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1651                 if (err < 0) {
1652                         skb_queue_head(&d->tx_queue, skb);
1653                         break;
1654                 }
1655                 kfree_skb(skb);
1656                 d->tx_credits--;
1657         }
1658
1659         if (d->cfc && !d->tx_credits) {
1660                 /* We're out of TX credits.
1661                  * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1662                 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1663         }
1664
1665         return skb_queue_len(&d->tx_queue);
1666 }
1667
1668 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1669 {
1670         struct rfcomm_dlc *d;
1671         struct list_head *p, *n;
1672
1673         BT_DBG("session %p state %ld", s, s->state);
1674
1675         list_for_each_safe(p, n, &s->dlcs) {
1676                 d = list_entry(p, struct rfcomm_dlc, list);
1677
1678                 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1679                         __rfcomm_dlc_close(d, ETIMEDOUT);
1680                         continue;
1681                 }
1682
1683                 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1684                         rfcomm_dlc_clear_timer(d);
1685                         rfcomm_dlc_accept(d);
1686                         if (d->link_mode & RFCOMM_LM_SECURE) {
1687                                 struct sock *sk = s->sock->sk;
1688                                 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
1689                         }
1690                         continue;
1691                 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1692                         rfcomm_dlc_clear_timer(d);
1693                         rfcomm_send_dm(s, d->dlci);
1694                         __rfcomm_dlc_close(d, ECONNREFUSED);
1695                         continue;
1696                 }
1697
1698                 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1699                         continue;
1700
1701                 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1702                                 d->mscex == RFCOMM_MSCEX_OK)
1703                         rfcomm_process_tx(d);
1704         }
1705 }
1706
1707 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1708 {
1709         struct socket *sock = s->sock;
1710         struct sock *sk = sock->sk;
1711         struct sk_buff *skb;
1712
1713         BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1714
1715         /* Get data directly from socket receive queue without copying it. */
1716         while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1717                 skb_orphan(skb);
1718                 rfcomm_recv_frame(s, skb);
1719         }
1720
1721         if (sk->sk_state == BT_CLOSED) {
1722                 if (!s->initiator)
1723                         rfcomm_session_put(s);
1724
1725                 rfcomm_session_close(s, sk->sk_err);
1726         }
1727 }
1728
1729 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1730 {
1731         struct socket *sock = s->sock, *nsock;
1732         int err;
1733
1734         /* Fast check for a new connection.
1735          * Avoids unnesesary socket allocations. */
1736         if (list_empty(&bt_sk(sock->sk)->accept_q))
1737                 return;
1738
1739         BT_DBG("session %p", s);
1740
1741         if (sock_create_lite(PF_BLUETOOTH, sock->type, BTPROTO_L2CAP, &nsock))
1742                 return;
1743
1744         nsock->ops  = sock->ops;
1745
1746         __module_get(nsock->ops->owner);
1747
1748         err = sock->ops->accept(sock, nsock, O_NONBLOCK);
1749         if (err < 0) {
1750                 sock_release(nsock);
1751                 return;
1752         }
1753
1754         /* Set our callbacks */
1755         nsock->sk->sk_data_ready   = rfcomm_l2data_ready;
1756         nsock->sk->sk_state_change = rfcomm_l2state_change;
1757
1758         s = rfcomm_session_add(nsock, BT_OPEN);
1759         if (s) {
1760                 rfcomm_session_hold(s);
1761                 rfcomm_schedule(RFCOMM_SCHED_RX);
1762         } else
1763                 sock_release(nsock);
1764 }
1765
1766 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1767 {
1768         struct sock *sk = s->sock->sk;
1769
1770         BT_DBG("%p state %ld", s, s->state);
1771
1772         switch(sk->sk_state) {
1773         case BT_CONNECTED:
1774                 s->state = BT_CONNECT;
1775
1776                 /* We can adjust MTU on outgoing sessions.
1777                  * L2CAP MTU minus UIH header and FCS. */
1778                 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1779
1780                 rfcomm_send_sabm(s, 0);
1781                 break;
1782
1783         case BT_CLOSED:
1784                 s->state = BT_CLOSED;
1785                 rfcomm_session_close(s, sk->sk_err);
1786                 break;
1787         }
1788 }
1789
1790 static inline void rfcomm_process_sessions(void)
1791 {
1792         struct list_head *p, *n;
1793
1794         rfcomm_lock();
1795
1796         list_for_each_safe(p, n, &session_list) {
1797                 struct rfcomm_session *s;
1798                 s = list_entry(p, struct rfcomm_session, list);
1799
1800                 if (s->state == BT_LISTEN) {
1801                         rfcomm_accept_connection(s);
1802                         continue;
1803                 }
1804
1805                 rfcomm_session_hold(s);
1806
1807                 switch (s->state) {
1808                 case BT_BOUND:
1809                         rfcomm_check_connection(s);
1810                         break;
1811
1812                 default:
1813                         rfcomm_process_rx(s);
1814                         break;
1815                 }
1816
1817                 rfcomm_process_dlcs(s);
1818
1819                 rfcomm_session_put(s);
1820         }
1821
1822         rfcomm_unlock();
1823 }
1824
1825 static void rfcomm_worker(void)
1826 {
1827         BT_DBG("");
1828
1829         while (!atomic_read(&terminate)) {
1830                 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1831                         /* No pending events. Let's sleep.
1832                          * Incoming connections and data will wake us up. */
1833                         set_current_state(TASK_INTERRUPTIBLE);
1834                         schedule();
1835                 }
1836
1837                 /* Process stuff */
1838                 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1839                 rfcomm_process_sessions();
1840         }
1841         set_current_state(TASK_RUNNING);
1842         return;
1843 }
1844
1845 static int rfcomm_add_listener(bdaddr_t *ba)
1846 {
1847         struct sockaddr_l2 addr;
1848         struct socket *sock;
1849         struct sock *sk;
1850         struct rfcomm_session *s;
1851         int    err = 0;
1852
1853         /* Create socket */
1854         err = rfcomm_l2sock_create(&sock);
1855         if (err < 0) { 
1856                 BT_ERR("Create socket failed %d", err);
1857                 return err;
1858         }
1859
1860         /* Bind socket */
1861         bacpy(&addr.l2_bdaddr, ba);
1862         addr.l2_family = AF_BLUETOOTH;
1863         addr.l2_psm    = htobs(RFCOMM_PSM);
1864         err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1865         if (err < 0) {
1866                 BT_ERR("Bind failed %d", err);
1867                 goto failed;
1868         }
1869
1870         /* Set L2CAP options */
1871         sk = sock->sk;
1872         lock_sock(sk);
1873         l2cap_pi(sk)->imtu = l2cap_mtu;
1874         release_sock(sk);
1875
1876         /* Start listening on the socket */
1877         err = sock->ops->listen(sock, 10);
1878         if (err) {
1879                 BT_ERR("Listen failed %d", err);
1880                 goto failed;
1881         }
1882
1883         /* Add listening session */
1884         s = rfcomm_session_add(sock, BT_LISTEN);
1885         if (!s)
1886                 goto failed;
1887
1888         rfcomm_session_hold(s);
1889         return 0;
1890 failed:
1891         sock_release(sock);
1892         return err;
1893 }
1894
1895 static void rfcomm_kill_listener(void)
1896 {
1897         struct rfcomm_session *s;
1898         struct list_head *p, *n;
1899
1900         BT_DBG("");
1901
1902         list_for_each_safe(p, n, &session_list) {
1903                 s = list_entry(p, struct rfcomm_session, list);
1904                 rfcomm_session_del(s);
1905         }
1906 }
1907
1908 static int rfcomm_run(void *unused)
1909 {
1910         rfcomm_thread = current;
1911
1912         atomic_inc(&running);
1913
1914         daemonize("krfcommd");
1915         set_user_nice(current, -10);
1916         current->flags |= PF_NOFREEZE;
1917
1918         BT_DBG("");
1919
1920         rfcomm_add_listener(BDADDR_ANY);
1921
1922         rfcomm_worker();
1923
1924         rfcomm_kill_listener();
1925
1926         atomic_dec(&running);
1927         return 0;
1928 }
1929
1930 static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
1931 {
1932         struct rfcomm_session *s;
1933         struct rfcomm_dlc *d;
1934         struct list_head *p, *n;
1935
1936         BT_DBG("conn %p status 0x%02x", conn, status);
1937
1938         s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1939         if (!s)
1940                 return;
1941
1942         rfcomm_session_hold(s);
1943
1944         list_for_each_safe(p, n, &s->dlcs) {
1945                 d = list_entry(p, struct rfcomm_dlc, list);
1946
1947                 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE))
1948                         continue;
1949
1950                 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1951                         continue;
1952
1953                 if (!status)
1954                         set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1955                 else
1956                         set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1957         }
1958
1959         rfcomm_session_put(s);
1960
1961         rfcomm_schedule(RFCOMM_SCHED_AUTH);
1962 }
1963
1964 static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1965 {
1966         struct rfcomm_session *s;
1967         struct rfcomm_dlc *d;
1968         struct list_head *p, *n;
1969
1970         BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
1971
1972         s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1973         if (!s)
1974                 return;
1975
1976         rfcomm_session_hold(s);
1977
1978         list_for_each_safe(p, n, &s->dlcs) {
1979                 d = list_entry(p, struct rfcomm_dlc, list);
1980
1981                 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1982                         continue;
1983
1984                 if (!status && encrypt)
1985                         set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1986                 else
1987                         set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1988         }
1989
1990         rfcomm_session_put(s);
1991
1992         rfcomm_schedule(RFCOMM_SCHED_AUTH);
1993 }
1994
1995 static struct hci_cb rfcomm_cb = {
1996         .name           = "RFCOMM",
1997         .auth_cfm       = rfcomm_auth_cfm,
1998         .encrypt_cfm    = rfcomm_encrypt_cfm
1999 };
2000
2001 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
2002 {
2003         struct rfcomm_session *s;
2004         struct list_head *pp, *p;
2005         char *str = buf;
2006
2007         rfcomm_lock();
2008
2009         list_for_each(p, &session_list) {
2010                 s = list_entry(p, struct rfcomm_session, list);
2011                 list_for_each(pp, &s->dlcs) {
2012                         struct sock *sk = s->sock->sk;
2013                         struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
2014
2015                         str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2016                                         batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2017                                         d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
2018                 }
2019         }
2020
2021         rfcomm_unlock();
2022
2023         return (str - buf);
2024 }
2025
2026 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
2027
2028 /* ---- Initialization ---- */
2029 static int __init rfcomm_init(void)
2030 {
2031         l2cap_load();
2032
2033         hci_register_cb(&rfcomm_cb);
2034
2035         kernel_thread(rfcomm_run, NULL, CLONE_KERNEL);
2036
2037         class_create_file(&bt_class, &class_attr_rfcomm_dlc);
2038
2039         rfcomm_init_sockets();
2040
2041 #ifdef CONFIG_BT_RFCOMM_TTY
2042         rfcomm_init_ttys();
2043 #endif
2044
2045         BT_INFO("RFCOMM ver %s", VERSION);
2046
2047         return 0;
2048 }
2049
2050 static void __exit rfcomm_exit(void)
2051 {
2052         class_remove_file(&bt_class, &class_attr_rfcomm_dlc);
2053
2054         hci_unregister_cb(&rfcomm_cb);
2055
2056         /* Terminate working thread.
2057          * ie. Set terminate flag and wake it up */
2058         atomic_inc(&terminate);
2059         rfcomm_schedule(RFCOMM_SCHED_STATE);
2060
2061         /* Wait until thread is running */
2062         while (atomic_read(&running))
2063                 schedule();
2064
2065 #ifdef CONFIG_BT_RFCOMM_TTY
2066         rfcomm_cleanup_ttys();
2067 #endif
2068
2069         rfcomm_cleanup_sockets();
2070 }
2071
2072 module_init(rfcomm_init);
2073 module_exit(rfcomm_exit);
2074
2075 module_param(l2cap_mtu, uint, 0644);
2076 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2077
2078 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
2079 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2080 MODULE_VERSION(VERSION);
2081 MODULE_LICENSE("GPL");
2082 MODULE_ALIAS("bt-proto-3");