Merge master.kernel.org:/pub/scm/linux/kernel/git/holtmann/bluetooth-2.6
[linux-3.10.git] / net / bluetooth / rfcomm / core.c
1 /* 
2    RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3    Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4    Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License version 2 as
8    published by the Free Software Foundation;
9
10    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 
15    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 
16    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 
17    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 
20    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 
21    SOFTWARE IS DISCLAIMED.
22 */
23
24 /* 
25    RPN support    -    Dirk Husemann <hud@zurich.ibm.com>
26 */
27
28 /*
29  * Bluetooth RFCOMM core.
30  *
31  * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $
32  */
33
34 #include <linux/config.h>
35 #include <linux/module.h>
36 #include <linux/errno.h>
37 #include <linux/kernel.h>
38 #include <linux/sched.h>
39 #include <linux/signal.h>
40 #include <linux/init.h>
41 #include <linux/wait.h>
42 #include <linux/net.h>
43 #include <linux/proc_fs.h>
44 #include <linux/seq_file.h>
45 #include <net/sock.h>
46 #include <asm/uaccess.h>
47 #include <asm/unaligned.h>
48
49 #include <net/bluetooth/bluetooth.h>
50 #include <net/bluetooth/hci_core.h>
51 #include <net/bluetooth/l2cap.h>
52 #include <net/bluetooth/rfcomm.h>
53
54 #define VERSION "1.5"
55
56 #ifndef CONFIG_BT_RFCOMM_DEBUG
57 #undef  BT_DBG
58 #define BT_DBG(D...)
59 #endif
60
61 #ifdef CONFIG_PROC_FS
62 struct proc_dir_entry *proc_bt_rfcomm;
63 #endif
64
65 static struct task_struct *rfcomm_thread;
66
67 static DECLARE_MUTEX(rfcomm_sem);
68 #define rfcomm_lock()   down(&rfcomm_sem);
69 #define rfcomm_unlock() up(&rfcomm_sem);
70
71 static unsigned long rfcomm_event;
72
73 static LIST_HEAD(session_list);
74 static atomic_t terminate, running;
75
76 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
77 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
78 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
79 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
80 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
81 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
82 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
83 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
84 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
85 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
86
87 static void rfcomm_process_connect(struct rfcomm_session *s);
88
89 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
90 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
91 static void rfcomm_session_del(struct rfcomm_session *s);
92
93 /* ---- RFCOMM frame parsing macros ---- */
94 #define __get_dlci(b)     ((b & 0xfc) >> 2)
95 #define __get_channel(b)  ((b & 0xf8) >> 3)
96 #define __get_dir(b)      ((b & 0x04) >> 2)
97 #define __get_type(b)     ((b & 0xef))
98
99 #define __test_ea(b)      ((b & 0x01))
100 #define __test_cr(b)      ((b & 0x02))
101 #define __test_pf(b)      ((b & 0x10))
102
103 #define __addr(cr, dlci)       (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
104 #define __ctrl(type, pf)       (((type & 0xef) | (pf << 4)))
105 #define __dlci(dir, chn)       (((chn & 0x1f) << 1) | dir)
106 #define __srv_channel(dlci)    (dlci >> 1)
107 #define __dir(dlci)            (dlci & 0x01)
108
109 #define __len8(len)       (((len) << 1) | 1)
110 #define __len16(len)      ((len) << 1)
111
112 /* MCC macros */
113 #define __mcc_type(cr, type)   (((type << 2) | (cr << 1) | 0x01))
114 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
115 #define __get_mcc_len(b)  ((b & 0xfe) >> 1)
116
117 /* RPN macros */
118 #define __rpn_line_settings(data, stop, parity)  ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x3) << 3))
119 #define __get_rpn_data_bits(line) ((line) & 0x3)
120 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
121 #define __get_rpn_parity(line)    (((line) >> 3) & 0x3)
122
123 static inline void rfcomm_schedule(uint event)
124 {
125         if (!rfcomm_thread)
126                 return;
127         //set_bit(event, &rfcomm_event);
128         set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
129         wake_up_process(rfcomm_thread);
130 }
131
132 static inline void rfcomm_session_put(struct rfcomm_session *s)
133 {
134         if (atomic_dec_and_test(&s->refcnt))
135                 rfcomm_session_del(s);
136 }
137
138 /* ---- RFCOMM FCS computation ---- */
139
140 /* CRC on 2 bytes */
141 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
142
143 /* FCS on 2 bytes */ 
144 static inline u8 __fcs(u8 *data)
145 {
146         return (0xff - __crc(data));
147 }
148
149 /* FCS on 3 bytes */ 
150 static inline u8 __fcs2(u8 *data)
151 {
152         return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
153 }
154
155 /* Check FCS */
156 static inline int __check_fcs(u8 *data, int type, u8 fcs)
157 {
158         u8 f = __crc(data);
159
160         if (type != RFCOMM_UIH)
161                 f = rfcomm_crc_table[f ^ data[2]];
162
163         return rfcomm_crc_table[f ^ fcs] != 0xcf;
164 }
165
166 /* ---- L2CAP callbacks ---- */
167 static void rfcomm_l2state_change(struct sock *sk)
168 {
169         BT_DBG("%p state %d", sk, sk->sk_state);
170         rfcomm_schedule(RFCOMM_SCHED_STATE);
171 }
172
173 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
174 {
175         BT_DBG("%p bytes %d", sk, bytes);
176         rfcomm_schedule(RFCOMM_SCHED_RX);
177 }
178
179 static int rfcomm_l2sock_create(struct socket **sock)
180 {
181         int err;
182
183         BT_DBG("");
184
185         err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
186         if (!err) {
187                 struct sock *sk = (*sock)->sk;
188                 sk->sk_data_ready   = rfcomm_l2data_ready;
189                 sk->sk_state_change = rfcomm_l2state_change;
190         }
191         return err;
192 }
193
194 /* ---- RFCOMM DLCs ---- */
195 static void rfcomm_dlc_timeout(unsigned long arg)
196 {
197         struct rfcomm_dlc *d = (void *) arg;
198
199         BT_DBG("dlc %p state %ld", d, d->state);
200
201         set_bit(RFCOMM_TIMED_OUT, &d->flags);
202         rfcomm_dlc_put(d);
203         rfcomm_schedule(RFCOMM_SCHED_TIMEO);
204 }
205
206 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
207 {
208         BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
209
210         if (!mod_timer(&d->timer, jiffies + timeout))
211                 rfcomm_dlc_hold(d);
212 }
213
214 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
215 {
216         BT_DBG("dlc %p state %ld", d, d->state);
217
218         if (timer_pending(&d->timer) && del_timer(&d->timer))
219                 rfcomm_dlc_put(d);
220 }
221
222 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
223 {
224         BT_DBG("%p", d);
225
226         d->state      = BT_OPEN;
227         d->flags      = 0;
228         d->mscex      = 0;
229         d->mtu        = RFCOMM_DEFAULT_MTU;
230         d->v24_sig    = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
231
232         d->cfc        = RFCOMM_CFC_DISABLED;
233         d->rx_credits = RFCOMM_DEFAULT_CREDITS;
234 }
235
236 struct rfcomm_dlc *rfcomm_dlc_alloc(int prio)
237 {
238         struct rfcomm_dlc *d = kmalloc(sizeof(*d), prio);
239         if (!d)
240                 return NULL;
241         memset(d, 0, sizeof(*d));
242
243         init_timer(&d->timer);
244         d->timer.function = rfcomm_dlc_timeout;
245         d->timer.data = (unsigned long) d;
246
247         skb_queue_head_init(&d->tx_queue);
248         spin_lock_init(&d->lock);
249         atomic_set(&d->refcnt, 1);
250
251         rfcomm_dlc_clear_state(d);
252         
253         BT_DBG("%p", d);
254         return d;
255 }
256
257 void rfcomm_dlc_free(struct rfcomm_dlc *d)
258 {
259         BT_DBG("%p", d);
260
261         skb_queue_purge(&d->tx_queue);
262         kfree(d);
263 }
264
265 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
266 {
267         BT_DBG("dlc %p session %p", d, s);
268
269         rfcomm_session_hold(s);
270
271         rfcomm_dlc_hold(d);
272         list_add(&d->list, &s->dlcs);
273         d->session = s;
274 }
275
276 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
277 {
278         struct rfcomm_session *s = d->session;
279
280         BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
281
282         list_del(&d->list);
283         d->session = NULL;
284         rfcomm_dlc_put(d);
285
286         rfcomm_session_put(s);
287 }
288
289 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
290 {
291         struct rfcomm_dlc *d;
292         struct list_head *p;
293
294         list_for_each(p, &s->dlcs) {
295                 d = list_entry(p, struct rfcomm_dlc, list);
296                 if (d->dlci == dlci)
297                         return d;
298         }
299         return NULL;
300 }
301
302 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
303 {
304         struct rfcomm_session *s;
305         int err = 0;
306         u8 dlci;
307
308         BT_DBG("dlc %p state %ld %s %s channel %d", 
309                         d, d->state, batostr(src), batostr(dst), channel);
310
311         if (channel < 1 || channel > 30)
312                 return -EINVAL;
313
314         if (d->state != BT_OPEN && d->state != BT_CLOSED)
315                 return 0;
316
317         s = rfcomm_session_get(src, dst);
318         if (!s) {
319                 s = rfcomm_session_create(src, dst, &err);
320                 if (!s)
321                         return err;
322         }
323
324         dlci = __dlci(!s->initiator, channel);
325
326         /* Check if DLCI already exists */
327         if (rfcomm_dlc_get(s, dlci))
328                 return -EBUSY;
329
330         rfcomm_dlc_clear_state(d);
331
332         d->dlci     = dlci;
333         d->addr     = __addr(s->initiator, dlci);
334         d->priority = 7;
335
336         d->state    = BT_CONFIG;
337         rfcomm_dlc_link(s, d);
338
339         d->mtu = s->mtu;
340         d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
341
342         if (s->state == BT_CONNECTED)
343                 rfcomm_send_pn(s, 1, d);
344         rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
345         return 0;
346 }
347
348 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
349 {
350         int r;
351
352         rfcomm_lock();
353
354         r = __rfcomm_dlc_open(d, src, dst, channel);
355
356         rfcomm_unlock();
357         return r;
358 }
359
360 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
361 {
362         struct rfcomm_session *s = d->session;
363         if (!s)
364                 return 0;
365
366         BT_DBG("dlc %p state %ld dlci %d err %d session %p",
367                         d, d->state, d->dlci, err, s);
368
369         switch (d->state) {
370         case BT_CONNECTED:
371         case BT_CONFIG:
372         case BT_CONNECT:
373                 d->state = BT_DISCONN;
374                 if (skb_queue_empty(&d->tx_queue)) {
375                         rfcomm_send_disc(s, d->dlci);
376                         rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
377                 } else {
378                         rfcomm_queue_disc(d);
379                         rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
380                 }
381                 break;
382
383         default:
384                 rfcomm_dlc_clear_timer(d);
385
386                 rfcomm_dlc_lock(d);
387                 d->state = BT_CLOSED;
388                 d->state_change(d, err);
389                 rfcomm_dlc_unlock(d);
390
391                 skb_queue_purge(&d->tx_queue);
392                 rfcomm_dlc_unlink(d);
393         }
394
395         return 0;
396 }
397
398 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
399 {
400         int r;
401
402         rfcomm_lock();
403
404         r = __rfcomm_dlc_close(d, err);
405
406         rfcomm_unlock();
407         return r;
408 }
409
410 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
411 {
412         int len = skb->len;
413
414         if (d->state != BT_CONNECTED)
415                 return -ENOTCONN;
416
417         BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
418
419         if (len > d->mtu)
420                 return -EINVAL;
421
422         rfcomm_make_uih(skb, d->addr);
423         skb_queue_tail(&d->tx_queue, skb);
424
425         if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
426                 rfcomm_schedule(RFCOMM_SCHED_TX);
427         return len;
428 }
429
430 void fastcall __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
431 {
432         BT_DBG("dlc %p state %ld", d, d->state);
433
434         if (!d->cfc) {
435                 d->v24_sig |= RFCOMM_V24_FC;
436                 set_bit(RFCOMM_MSC_PENDING, &d->flags);
437         }
438         rfcomm_schedule(RFCOMM_SCHED_TX);
439 }
440
441 void fastcall __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
442 {
443         BT_DBG("dlc %p state %ld", d, d->state);
444
445         if (!d->cfc) {
446                 d->v24_sig &= ~RFCOMM_V24_FC;
447                 set_bit(RFCOMM_MSC_PENDING, &d->flags);
448         }
449         rfcomm_schedule(RFCOMM_SCHED_TX);
450 }
451
452 /* 
453    Set/get modem status functions use _local_ status i.e. what we report
454    to the other side.
455    Remote status is provided by dlc->modem_status() callback.
456  */
457 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
458 {
459         BT_DBG("dlc %p state %ld v24_sig 0x%x", 
460                         d, d->state, v24_sig);
461
462         if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
463                 v24_sig |= RFCOMM_V24_FC;
464         else
465                 v24_sig &= ~RFCOMM_V24_FC;
466         
467         d->v24_sig = v24_sig;
468
469         if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
470                 rfcomm_schedule(RFCOMM_SCHED_TX);
471
472         return 0;
473 }
474
475 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
476 {
477         BT_DBG("dlc %p state %ld v24_sig 0x%x", 
478                         d, d->state, d->v24_sig);
479
480         *v24_sig = d->v24_sig;
481         return 0;
482 }
483
484 /* ---- RFCOMM sessions ---- */
485 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
486 {
487         struct rfcomm_session *s = kmalloc(sizeof(*s), GFP_KERNEL);
488         if (!s)
489                 return NULL;
490         memset(s, 0, sizeof(*s));
491
492         BT_DBG("session %p sock %p", s, sock);
493
494         INIT_LIST_HEAD(&s->dlcs);
495         s->state = state;
496         s->sock  = sock;
497
498         s->mtu = RFCOMM_DEFAULT_MTU;
499         s->cfc = RFCOMM_CFC_UNKNOWN;
500
501         /* Do not increment module usage count for listening sessions.
502          * Otherwise we won't be able to unload the module. */
503         if (state != BT_LISTEN)
504                 if (!try_module_get(THIS_MODULE)) {
505                         kfree(s);
506                         return NULL;
507                 }
508
509         list_add(&s->list, &session_list);
510
511         return s;
512 }
513
514 static void rfcomm_session_del(struct rfcomm_session *s)
515 {
516         int state = s->state;
517
518         BT_DBG("session %p state %ld", s, s->state);
519
520         list_del(&s->list);
521
522         if (state == BT_CONNECTED)
523                 rfcomm_send_disc(s, 0);
524
525         sock_release(s->sock);
526         kfree(s);
527
528         if (state != BT_LISTEN)
529                 module_put(THIS_MODULE);
530 }
531
532 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
533 {
534         struct rfcomm_session *s;
535         struct list_head *p, *n;
536         struct bt_sock *sk;
537         list_for_each_safe(p, n, &session_list) {
538                 s = list_entry(p, struct rfcomm_session, list);
539                 sk = bt_sk(s->sock->sk); 
540
541                 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
542                                 !bacmp(&sk->dst, dst))
543                         return s;
544         }
545         return NULL;
546 }
547
548 static void rfcomm_session_close(struct rfcomm_session *s, int err)
549 {
550         struct rfcomm_dlc *d;
551         struct list_head *p, *n;
552
553         BT_DBG("session %p state %ld err %d", s, s->state, err);
554
555         rfcomm_session_hold(s);
556
557         s->state = BT_CLOSED;
558
559         /* Close all dlcs */
560         list_for_each_safe(p, n, &s->dlcs) {
561                 d = list_entry(p, struct rfcomm_dlc, list);
562                 d->state = BT_CLOSED;
563                 __rfcomm_dlc_close(d, err);
564         }
565
566         rfcomm_session_put(s);
567 }
568
569 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
570 {
571         struct rfcomm_session *s = NULL;
572         struct sockaddr_l2 addr;
573         struct socket *sock;
574         struct sock *sk;
575
576         BT_DBG("%s %s", batostr(src), batostr(dst));
577
578         *err = rfcomm_l2sock_create(&sock);
579         if (*err < 0)
580                 return NULL;
581
582         bacpy(&addr.l2_bdaddr, src);
583         addr.l2_family = AF_BLUETOOTH;
584         addr.l2_psm    = 0;
585         *err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
586         if (*err < 0)
587                 goto failed;
588
589         /* Set L2CAP options */
590         sk = sock->sk;
591         lock_sock(sk);
592         l2cap_pi(sk)->imtu = RFCOMM_MAX_L2CAP_MTU;
593         release_sock(sk);
594
595         s = rfcomm_session_add(sock, BT_BOUND);
596         if (!s) {
597                 *err = -ENOMEM;
598                 goto failed;
599         }
600
601         s->initiator = 1;
602
603         bacpy(&addr.l2_bdaddr, dst);
604         addr.l2_family = AF_BLUETOOTH;
605         addr.l2_psm    = htobs(RFCOMM_PSM);
606         *err = sock->ops->connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
607         if (*err == 0 || *err == -EAGAIN)
608                 return s;
609
610         rfcomm_session_del(s);
611         return NULL;
612
613 failed:
614         sock_release(sock);
615         return NULL;
616 }
617
618 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
619 {
620         struct sock *sk = s->sock->sk;
621         if (src)
622                 bacpy(src, &bt_sk(sk)->src);
623         if (dst)
624                 bacpy(dst, &bt_sk(sk)->dst);
625 }
626
627 /* ---- RFCOMM frame sending ---- */
628 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
629 {
630         struct socket *sock = s->sock;
631         struct kvec iv = { data, len };
632         struct msghdr msg;
633
634         BT_DBG("session %p len %d", s, len);
635
636         memset(&msg, 0, sizeof(msg));
637
638         return kernel_sendmsg(sock, &msg, &iv, 1, len);
639 }
640
641 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
642 {
643         struct rfcomm_cmd cmd;
644
645         BT_DBG("%p dlci %d", s, dlci);
646
647         cmd.addr = __addr(s->initiator, dlci);
648         cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
649         cmd.len  = __len8(0);
650         cmd.fcs  = __fcs2((u8 *) &cmd);
651
652         return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
653 }
654
655 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
656 {
657         struct rfcomm_cmd cmd;
658
659         BT_DBG("%p dlci %d", s, dlci);
660
661         cmd.addr = __addr(!s->initiator, dlci);
662         cmd.ctrl = __ctrl(RFCOMM_UA, 1);
663         cmd.len  = __len8(0);
664         cmd.fcs  = __fcs2((u8 *) &cmd);
665
666         return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
667 }
668
669 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
670 {
671         struct rfcomm_cmd cmd;
672
673         BT_DBG("%p dlci %d", s, dlci);
674
675         cmd.addr = __addr(s->initiator, dlci);
676         cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
677         cmd.len  = __len8(0);
678         cmd.fcs  = __fcs2((u8 *) &cmd);
679
680         return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
681 }
682
683 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
684 {
685         struct rfcomm_cmd *cmd;
686         struct sk_buff *skb;
687
688         BT_DBG("dlc %p dlci %d", d, d->dlci);
689
690         skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
691         if (!skb)
692                 return -ENOMEM;
693
694         cmd = (void *) __skb_put(skb, sizeof(*cmd));
695         cmd->addr = d->addr;
696         cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
697         cmd->len  = __len8(0);
698         cmd->fcs  = __fcs2((u8 *) cmd);
699
700         skb_queue_tail(&d->tx_queue, skb);
701         rfcomm_schedule(RFCOMM_SCHED_TX);
702         return 0;
703 }
704
705 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
706 {
707         struct rfcomm_cmd cmd;
708
709         BT_DBG("%p dlci %d", s, dlci);
710
711         cmd.addr = __addr(!s->initiator, dlci);
712         cmd.ctrl = __ctrl(RFCOMM_DM, 1);
713         cmd.len  = __len8(0);
714         cmd.fcs  = __fcs2((u8 *) &cmd);
715
716         return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
717 }
718
719 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
720 {
721         struct rfcomm_hdr *hdr;
722         struct rfcomm_mcc *mcc;
723         u8 buf[16], *ptr = buf;
724
725         BT_DBG("%p cr %d type %d", s, cr, type);
726
727         hdr = (void *) ptr; ptr += sizeof(*hdr);
728         hdr->addr = __addr(s->initiator, 0);
729         hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
730         hdr->len  = __len8(sizeof(*mcc) + 1);
731
732         mcc = (void *) ptr; ptr += sizeof(*mcc);
733         mcc->type = __mcc_type(cr, RFCOMM_NSC);
734         mcc->len  = __len8(1);
735
736         /* Type that we didn't like */
737         *ptr = __mcc_type(cr, type); ptr++;
738
739         *ptr = __fcs(buf); ptr++;
740
741         return rfcomm_send_frame(s, buf, ptr - buf);
742 }
743
744 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
745 {
746         struct rfcomm_hdr *hdr;
747         struct rfcomm_mcc *mcc;
748         struct rfcomm_pn  *pn;
749         u8 buf[16], *ptr = buf;
750
751         BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
752
753         hdr = (void *) ptr; ptr += sizeof(*hdr);
754         hdr->addr = __addr(s->initiator, 0);
755         hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
756         hdr->len  = __len8(sizeof(*mcc) + sizeof(*pn));
757
758         mcc = (void *) ptr; ptr += sizeof(*mcc);
759         mcc->type = __mcc_type(cr, RFCOMM_PN);
760         mcc->len  = __len8(sizeof(*pn));
761
762         pn = (void *) ptr; ptr += sizeof(*pn);
763         pn->dlci        = d->dlci;
764         pn->priority    = d->priority;
765         pn->ack_timer   = 0;
766         pn->max_retrans = 0;
767
768         if (s->cfc) {
769                 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
770                 pn->credits = RFCOMM_DEFAULT_CREDITS;
771         } else {
772                 pn->flow_ctrl = 0;
773                 pn->credits   = 0;
774         }
775
776         pn->mtu = htobs(d->mtu);
777
778         *ptr = __fcs(buf); ptr++;
779
780         return rfcomm_send_frame(s, buf, ptr - buf);
781 }
782
783 static int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
784                            u8 bit_rate, u8 data_bits, u8 stop_bits,
785                            u8 parity, u8 flow_ctrl_settings, 
786                            u8 xon_char, u8 xoff_char, u16 param_mask)
787 {
788         struct rfcomm_hdr *hdr;
789         struct rfcomm_mcc *mcc;
790         struct rfcomm_rpn *rpn;
791         u8 buf[16], *ptr = buf;
792
793         BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
794                "flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x", 
795                         s, cr, dlci, bit_rate, data_bits, stop_bits, parity, 
796                         flow_ctrl_settings, xon_char, xoff_char, param_mask);
797
798         hdr = (void *) ptr; ptr += sizeof(*hdr);
799         hdr->addr = __addr(s->initiator, 0);
800         hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
801         hdr->len  = __len8(sizeof(*mcc) + sizeof(*rpn));
802
803         mcc = (void *) ptr; ptr += sizeof(*mcc);
804         mcc->type = __mcc_type(cr, RFCOMM_RPN);
805         mcc->len  = __len8(sizeof(*rpn));
806
807         rpn = (void *) ptr; ptr += sizeof(*rpn);
808         rpn->dlci          = __addr(1, dlci);
809         rpn->bit_rate      = bit_rate;
810         rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
811         rpn->flow_ctrl     = flow_ctrl_settings;
812         rpn->xon_char      = xon_char;
813         rpn->xoff_char     = xoff_char;
814         rpn->param_mask    = param_mask;
815
816         *ptr = __fcs(buf); ptr++;
817
818         return rfcomm_send_frame(s, buf, ptr - buf);
819 }
820
821 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
822 {
823         struct rfcomm_hdr *hdr;
824         struct rfcomm_mcc *mcc;
825         struct rfcomm_rls *rls;
826         u8 buf[16], *ptr = buf;
827
828         BT_DBG("%p cr %d status 0x%x", s, cr, status);
829
830         hdr = (void *) ptr; ptr += sizeof(*hdr);
831         hdr->addr = __addr(s->initiator, 0);
832         hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
833         hdr->len  = __len8(sizeof(*mcc) + sizeof(*rls));
834
835         mcc = (void *) ptr; ptr += sizeof(*mcc);
836         mcc->type = __mcc_type(cr, RFCOMM_RLS);
837         mcc->len  = __len8(sizeof(*rls));
838
839         rls = (void *) ptr; ptr += sizeof(*rls);
840         rls->dlci   = __addr(1, dlci);
841         rls->status = status;
842
843         *ptr = __fcs(buf); ptr++;
844
845         return rfcomm_send_frame(s, buf, ptr - buf);
846 }
847
848 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
849 {
850         struct rfcomm_hdr *hdr;
851         struct rfcomm_mcc *mcc;
852         struct rfcomm_msc *msc;
853         u8 buf[16], *ptr = buf;
854
855         BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
856
857         hdr = (void *) ptr; ptr += sizeof(*hdr);
858         hdr->addr = __addr(s->initiator, 0);
859         hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
860         hdr->len  = __len8(sizeof(*mcc) + sizeof(*msc));
861
862         mcc = (void *) ptr; ptr += sizeof(*mcc);
863         mcc->type = __mcc_type(cr, RFCOMM_MSC);
864         mcc->len  = __len8(sizeof(*msc));
865
866         msc = (void *) ptr; ptr += sizeof(*msc);
867         msc->dlci    = __addr(1, dlci);
868         msc->v24_sig = v24_sig | 0x01;
869
870         *ptr = __fcs(buf); ptr++;
871
872         return rfcomm_send_frame(s, buf, ptr - buf);
873 }
874
875 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
876 {
877         struct rfcomm_hdr *hdr;
878         struct rfcomm_mcc *mcc;
879         u8 buf[16], *ptr = buf;
880
881         BT_DBG("%p cr %d", s, cr);
882
883         hdr = (void *) ptr; ptr += sizeof(*hdr);
884         hdr->addr = __addr(s->initiator, 0);
885         hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
886         hdr->len  = __len8(sizeof(*mcc));
887
888         mcc = (void *) ptr; ptr += sizeof(*mcc);
889         mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
890         mcc->len  = __len8(0);
891
892         *ptr = __fcs(buf); ptr++;
893
894         return rfcomm_send_frame(s, buf, ptr - buf);
895 }
896
897 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
898 {
899         struct rfcomm_hdr *hdr;
900         struct rfcomm_mcc *mcc;
901         u8 buf[16], *ptr = buf;
902
903         BT_DBG("%p cr %d", s, cr);
904
905         hdr = (void *) ptr; ptr += sizeof(*hdr);
906         hdr->addr = __addr(s->initiator, 0);
907         hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
908         hdr->len  = __len8(sizeof(*mcc));
909
910         mcc = (void *) ptr; ptr += sizeof(*mcc);
911         mcc->type = __mcc_type(cr, RFCOMM_FCON);
912         mcc->len  = __len8(0);
913
914         *ptr = __fcs(buf); ptr++;
915
916         return rfcomm_send_frame(s, buf, ptr - buf);
917 }
918
919 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
920 {
921         struct socket *sock = s->sock;
922         struct kvec iv[3];
923         struct msghdr msg;
924         unsigned char hdr[5], crc[1];
925
926         if (len > 125)
927                 return -EINVAL;
928
929         BT_DBG("%p cr %d", s, cr);
930
931         hdr[0] = __addr(s->initiator, 0);
932         hdr[1] = __ctrl(RFCOMM_UIH, 0);
933         hdr[2] = 0x01 | ((len + 2) << 1);
934         hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
935         hdr[4] = 0x01 | (len << 1);
936
937         crc[0] = __fcs(hdr);
938
939         iv[0].iov_base = hdr;
940         iv[0].iov_len  = 5;
941         iv[1].iov_base = pattern;
942         iv[1].iov_len  = len;
943         iv[2].iov_base = crc;
944         iv[2].iov_len  = 1;
945
946         memset(&msg, 0, sizeof(msg));
947
948         return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
949 }
950
951 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
952 {
953         struct rfcomm_hdr *hdr;
954         u8 buf[16], *ptr = buf;
955
956         BT_DBG("%p addr %d credits %d", s, addr, credits);
957
958         hdr = (void *) ptr; ptr += sizeof(*hdr);
959         hdr->addr = addr;
960         hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
961         hdr->len  = __len8(0);
962
963         *ptr = credits; ptr++;
964
965         *ptr = __fcs(buf); ptr++;
966
967         return rfcomm_send_frame(s, buf, ptr - buf);
968 }
969
970 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
971 {
972         struct rfcomm_hdr *hdr;
973         int len = skb->len;
974         u8 *crc;
975
976         if (len > 127) {
977                 hdr = (void *) skb_push(skb, 4);
978                 put_unaligned(htobs(__len16(len)), (u16 *) &hdr->len);
979         } else {
980                 hdr = (void *) skb_push(skb, 3);
981                 hdr->len = __len8(len);
982         }
983         hdr->addr = addr;
984         hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
985
986         crc = skb_put(skb, 1);
987         *crc = __fcs((void *) hdr);
988 }
989
990 /* ---- RFCOMM frame reception ---- */
991 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
992 {
993         BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
994
995         if (dlci) {
996                 /* Data channel */
997                 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
998                 if (!d) {
999                         rfcomm_send_dm(s, dlci);
1000                         return 0;
1001                 }
1002
1003                 switch (d->state) {
1004                 case BT_CONNECT:
1005                         rfcomm_dlc_clear_timer(d);
1006
1007                         rfcomm_dlc_lock(d);
1008                         d->state = BT_CONNECTED;
1009                         d->state_change(d, 0);
1010                         rfcomm_dlc_unlock(d);
1011
1012                         rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1013                         break;
1014
1015                 case BT_DISCONN:
1016                         d->state = BT_CLOSED;
1017                         __rfcomm_dlc_close(d, 0);
1018                         break;
1019                 }
1020         } else {
1021                 /* Control channel */
1022                 switch (s->state) {
1023                 case BT_CONNECT:
1024                         s->state = BT_CONNECTED;
1025                         rfcomm_process_connect(s);
1026                         break;
1027                 }
1028         }
1029         return 0;
1030 }
1031
1032 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1033 {
1034         int err = 0;
1035
1036         BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1037
1038         if (dlci) {
1039                 /* Data DLC */
1040                 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1041                 if (d) {
1042                         if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1043                                 err = ECONNREFUSED;
1044                         else
1045                                 err = ECONNRESET;
1046
1047                         d->state = BT_CLOSED;
1048                         __rfcomm_dlc_close(d, err);
1049                 }
1050         } else {
1051                 if (s->state == BT_CONNECT)
1052                         err = ECONNREFUSED;
1053                 else
1054                         err = ECONNRESET;
1055
1056                 s->state = BT_CLOSED;
1057                 rfcomm_session_close(s, err);
1058         }
1059         return 0;
1060 }
1061
1062 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1063 {
1064         int err = 0;
1065
1066         BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1067
1068         if (dlci) {
1069                 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1070                 if (d) {
1071                         rfcomm_send_ua(s, dlci);
1072
1073                         if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1074                                 err = ECONNREFUSED;
1075                         else
1076                                 err = ECONNRESET;
1077
1078                         d->state = BT_CLOSED;
1079                         __rfcomm_dlc_close(d, err);
1080                 } else 
1081                         rfcomm_send_dm(s, dlci);
1082                         
1083         } else {
1084                 rfcomm_send_ua(s, 0);
1085
1086                 if (s->state == BT_CONNECT)
1087                         err = ECONNREFUSED;
1088                 else
1089                         err = ECONNRESET;
1090
1091                 s->state = BT_CLOSED;
1092                 rfcomm_session_close(s, err);
1093         }
1094
1095         return 0;
1096 }
1097
1098 static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
1099 {
1100         struct sock *sk = d->session->sock->sk;
1101
1102         if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
1103                 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
1104                         return 1;
1105         } else if (d->link_mode & RFCOMM_LM_AUTH) {
1106                 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
1107                         return 1;
1108         }
1109
1110         return 0;
1111 }
1112
1113 static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1114 {
1115         BT_DBG("dlc %p", d);
1116
1117         rfcomm_send_ua(d->session, d->dlci);
1118
1119         rfcomm_dlc_lock(d);
1120         d->state = BT_CONNECTED;
1121         d->state_change(d, 0);
1122         rfcomm_dlc_unlock(d);
1123
1124         rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1125 }
1126
1127 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1128 {
1129         struct rfcomm_dlc *d;
1130         u8 channel;
1131
1132         BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1133
1134         if (!dlci) {
1135                 rfcomm_send_ua(s, 0);
1136
1137                 if (s->state == BT_OPEN) {
1138                         s->state = BT_CONNECTED;
1139                         rfcomm_process_connect(s);
1140                 }
1141                 return 0;
1142         }
1143
1144         /* Check if DLC exists */
1145         d = rfcomm_dlc_get(s, dlci);
1146         if (d) {
1147                 if (d->state == BT_OPEN) {
1148                         /* DLC was previously opened by PN request */
1149                         if (rfcomm_check_link_mode(d)) {
1150                                 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1151                                 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1152                                 return 0;
1153                         }
1154
1155                         rfcomm_dlc_accept(d);
1156                 }
1157                 return 0;
1158         }
1159
1160         /* Notify socket layer about incoming connection */
1161         channel = __srv_channel(dlci);
1162         if (rfcomm_connect_ind(s, channel, &d)) {
1163                 d->dlci = dlci;
1164                 d->addr = __addr(s->initiator, dlci);
1165                 rfcomm_dlc_link(s, d);
1166
1167                 if (rfcomm_check_link_mode(d)) {
1168                         set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1169                         rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1170                         return 0;
1171                 }
1172
1173                 rfcomm_dlc_accept(d);
1174         } else {
1175                 rfcomm_send_dm(s, dlci);
1176         }
1177
1178         return 0;
1179 }
1180
1181 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1182 {
1183         struct rfcomm_session *s = d->session;
1184
1185         BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d", 
1186                         d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1187
1188         if (pn->flow_ctrl == 0xf0 || pn->flow_ctrl == 0xe0) {
1189                 d->cfc = s->cfc = RFCOMM_CFC_ENABLED;
1190                 d->tx_credits = pn->credits;
1191         } else {
1192                 d->cfc = s->cfc = RFCOMM_CFC_DISABLED;
1193                 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1194         }
1195
1196         d->priority = pn->priority;
1197
1198         d->mtu = s->mtu = btohs(pn->mtu);
1199
1200         return 0;
1201 }
1202
1203 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1204 {
1205         struct rfcomm_pn *pn = (void *) skb->data;
1206         struct rfcomm_dlc *d;
1207         u8 dlci = pn->dlci;
1208
1209         BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1210
1211         if (!dlci)
1212                 return 0;
1213
1214         d = rfcomm_dlc_get(s, dlci);
1215         if (d) {
1216                 if (cr) {
1217                         /* PN request */
1218                         rfcomm_apply_pn(d, cr, pn);
1219                         rfcomm_send_pn(s, 0, d);
1220                 } else {
1221                         /* PN response */
1222                         switch (d->state) {
1223                         case BT_CONFIG:
1224                                 rfcomm_apply_pn(d, cr, pn);
1225
1226                                 d->state = BT_CONNECT;
1227                                 rfcomm_send_sabm(s, d->dlci);
1228                                 break;
1229                         }
1230                 }
1231         } else {
1232                 u8 channel = __srv_channel(dlci);
1233
1234                 if (!cr)
1235                         return 0;
1236
1237                 /* PN request for non existing DLC.
1238                  * Assume incoming connection. */
1239                 if (rfcomm_connect_ind(s, channel, &d)) {
1240                         d->dlci = dlci;
1241                         d->addr = __addr(s->initiator, dlci);
1242                         rfcomm_dlc_link(s, d);
1243
1244                         rfcomm_apply_pn(d, cr, pn);
1245
1246                         d->state = BT_OPEN;
1247                         rfcomm_send_pn(s, 0, d);
1248                 } else {
1249                         rfcomm_send_dm(s, dlci);
1250                 }
1251         }
1252         return 0;
1253 }
1254
1255 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1256 {
1257         struct rfcomm_rpn *rpn = (void *) skb->data;
1258         u8 dlci = __get_dlci(rpn->dlci);
1259
1260         u8 bit_rate  = 0;
1261         u8 data_bits = 0;
1262         u8 stop_bits = 0;
1263         u8 parity    = 0;
1264         u8 flow_ctrl = 0;
1265         u8 xon_char  = 0;
1266         u8 xoff_char = 0;
1267         u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1268         
1269         BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x", 
1270                dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1271                rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1272         
1273         if (!cr) 
1274                 return 0;
1275         
1276         if (len == 1) {
1277                 /* request: return default setting */
1278                 bit_rate  = RFCOMM_RPN_BR_115200;
1279                 data_bits = RFCOMM_RPN_DATA_8;
1280                 stop_bits = RFCOMM_RPN_STOP_1;
1281                 parity    = RFCOMM_RPN_PARITY_NONE;
1282                 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1283                 xon_char  = RFCOMM_RPN_XON_CHAR;
1284                 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1285
1286                 goto rpn_out;
1287         }
1288         /* check for sane values: ignore/accept bit_rate, 8 bits, 1 stop bit, no parity,
1289                                   no flow control lines, normal XON/XOFF chars */
1290         if (rpn->param_mask & RFCOMM_RPN_PM_BITRATE) {
1291                 bit_rate = rpn->bit_rate;
1292                 if (bit_rate != RFCOMM_RPN_BR_115200) {
1293                         BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1294                         bit_rate = RFCOMM_RPN_BR_115200;
1295                         rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1296                 }
1297         }
1298         if (rpn->param_mask & RFCOMM_RPN_PM_DATA) {
1299                 data_bits = __get_rpn_data_bits(rpn->line_settings);
1300                 if (data_bits != RFCOMM_RPN_DATA_8) {
1301                         BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1302                         data_bits = RFCOMM_RPN_DATA_8;
1303                         rpn_mask ^= RFCOMM_RPN_PM_DATA;
1304                 }
1305         }
1306         if (rpn->param_mask & RFCOMM_RPN_PM_STOP) {
1307                 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1308                 if (stop_bits != RFCOMM_RPN_STOP_1) {
1309                         BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1310                         stop_bits = RFCOMM_RPN_STOP_1;
1311                         rpn_mask ^= RFCOMM_RPN_PM_STOP;
1312                 }
1313         }
1314         if (rpn->param_mask & RFCOMM_RPN_PM_PARITY) {
1315                 parity = __get_rpn_parity(rpn->line_settings);
1316                 if (parity != RFCOMM_RPN_PARITY_NONE) {
1317                         BT_DBG("RPN parity mismatch 0x%x", parity);
1318                         parity = RFCOMM_RPN_PARITY_NONE;
1319                         rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1320                 }
1321         }
1322         if (rpn->param_mask & RFCOMM_RPN_PM_FLOW) {
1323                 flow_ctrl = rpn->flow_ctrl;
1324                 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1325                         BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1326                         flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1327                         rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1328                 }
1329         }
1330         if (rpn->param_mask & RFCOMM_RPN_PM_XON) {
1331                 xon_char = rpn->xon_char;
1332                 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1333                         BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1334                         xon_char = RFCOMM_RPN_XON_CHAR;
1335                         rpn_mask ^= RFCOMM_RPN_PM_XON;
1336                 }
1337         }
1338         if (rpn->param_mask & RFCOMM_RPN_PM_XOFF) {
1339                 xoff_char = rpn->xoff_char;
1340                 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1341                         BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1342                         xoff_char = RFCOMM_RPN_XOFF_CHAR;
1343                         rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1344                 }
1345         }
1346
1347 rpn_out:
1348         rfcomm_send_rpn(s, 0, dlci, 
1349                         bit_rate, data_bits, stop_bits, parity, flow_ctrl,
1350                         xon_char, xoff_char, rpn_mask);
1351
1352         return 0;
1353 }
1354
1355 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1356 {
1357         struct rfcomm_rls *rls = (void *) skb->data;
1358         u8 dlci = __get_dlci(rls->dlci);
1359
1360         BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1361         
1362         if (!cr)
1363                 return 0;
1364
1365         /* FIXME: We should probably do something with this
1366            information here. But for now it's sufficient just
1367            to reply -- Bluetooth 1.1 says it's mandatory to 
1368            recognise and respond to RLS */
1369
1370         rfcomm_send_rls(s, 0, dlci, rls->status);
1371
1372         return 0;
1373 }
1374
1375 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1376 {
1377         struct rfcomm_msc *msc = (void *) skb->data;
1378         struct rfcomm_dlc *d;
1379         u8 dlci = __get_dlci(msc->dlci);
1380
1381         BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1382
1383         d = rfcomm_dlc_get(s, dlci);
1384         if (!d) 
1385                 return 0;
1386
1387         if (cr) {
1388                 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1389                         set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1390                 else
1391                         clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1392                 
1393                 rfcomm_dlc_lock(d);
1394                 if (d->modem_status)
1395                         d->modem_status(d, msc->v24_sig);
1396                 rfcomm_dlc_unlock(d);
1397                 
1398                 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1399
1400                 d->mscex |= RFCOMM_MSCEX_RX;
1401         } else 
1402                 d->mscex |= RFCOMM_MSCEX_TX;
1403
1404         return 0;
1405 }
1406
1407 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1408 {
1409         struct rfcomm_mcc *mcc = (void *) skb->data;
1410         u8 type, cr, len;
1411
1412         cr   = __test_cr(mcc->type);
1413         type = __get_mcc_type(mcc->type);
1414         len  = __get_mcc_len(mcc->len);
1415
1416         BT_DBG("%p type 0x%x cr %d", s, type, cr);
1417
1418         skb_pull(skb, 2);
1419
1420         switch (type) {
1421         case RFCOMM_PN:
1422                 rfcomm_recv_pn(s, cr, skb);
1423                 break;
1424
1425         case RFCOMM_RPN:
1426                 rfcomm_recv_rpn(s, cr, len, skb);
1427                 break;
1428
1429         case RFCOMM_RLS:
1430                 rfcomm_recv_rls(s, cr, skb);
1431                 break;
1432
1433         case RFCOMM_MSC:
1434                 rfcomm_recv_msc(s, cr, skb);
1435                 break;
1436
1437         case RFCOMM_FCOFF:
1438                 if (cr) {
1439                         set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1440                         rfcomm_send_fcoff(s, 0);
1441                 }
1442                 break;
1443
1444         case RFCOMM_FCON:
1445                 if (cr) {
1446                         clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1447                         rfcomm_send_fcon(s, 0);
1448                 }
1449                 break;
1450
1451         case RFCOMM_TEST:
1452                 if (cr)
1453                         rfcomm_send_test(s, 0, skb->data, skb->len);
1454                 break;
1455
1456         case RFCOMM_NSC:
1457                 break;
1458
1459         default:
1460                 BT_ERR("Unknown control type 0x%02x", type);
1461                 rfcomm_send_nsc(s, cr, type);
1462                 break;
1463         }
1464         return 0;
1465 }
1466
1467 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1468 {
1469         struct rfcomm_dlc *d;
1470
1471         BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1472
1473         d = rfcomm_dlc_get(s, dlci);
1474         if (!d) {
1475                 rfcomm_send_dm(s, dlci);
1476                 goto drop;
1477         }
1478
1479         if (pf && d->cfc) {
1480                 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1481
1482                 d->tx_credits += credits;
1483                 if (d->tx_credits)
1484                         clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1485         }
1486
1487         if (skb->len && d->state == BT_CONNECTED) {
1488                 rfcomm_dlc_lock(d);
1489                 d->rx_credits--;
1490                 d->data_ready(d, skb);
1491                 rfcomm_dlc_unlock(d);
1492                 return 0;
1493         }
1494
1495 drop:
1496         kfree_skb(skb);
1497         return 0;
1498 }
1499
1500 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1501 {
1502         struct rfcomm_hdr *hdr = (void *) skb->data;
1503         u8 type, dlci, fcs;
1504
1505         dlci = __get_dlci(hdr->addr);
1506         type = __get_type(hdr->ctrl);
1507
1508         /* Trim FCS */
1509         skb->len--; skb->tail--;
1510         fcs = *(u8 *) skb->tail;
1511
1512         if (__check_fcs(skb->data, type, fcs)) {
1513                 BT_ERR("bad checksum in packet");
1514                 kfree_skb(skb);
1515                 return -EILSEQ;
1516         }
1517
1518         if (__test_ea(hdr->len))
1519                 skb_pull(skb, 3);
1520         else
1521                 skb_pull(skb, 4);
1522
1523         switch (type) {
1524         case RFCOMM_SABM:
1525                 if (__test_pf(hdr->ctrl))
1526                         rfcomm_recv_sabm(s, dlci);
1527                 break;
1528
1529         case RFCOMM_DISC:
1530                 if (__test_pf(hdr->ctrl))
1531                         rfcomm_recv_disc(s, dlci);
1532                 break;
1533
1534         case RFCOMM_UA:
1535                 if (__test_pf(hdr->ctrl))
1536                         rfcomm_recv_ua(s, dlci);
1537                 break;
1538
1539         case RFCOMM_DM:
1540                 rfcomm_recv_dm(s, dlci);
1541                 break;
1542
1543         case RFCOMM_UIH:
1544                 if (dlci)
1545                         return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1546
1547                 rfcomm_recv_mcc(s, skb);
1548                 break;
1549
1550         default:
1551                 BT_ERR("Unknown packet type 0x%02x\n", type);
1552                 break;
1553         }
1554         kfree_skb(skb);
1555         return 0;
1556 }
1557
1558 /* ---- Connection and data processing ---- */
1559
1560 static void rfcomm_process_connect(struct rfcomm_session *s)
1561 {
1562         struct rfcomm_dlc *d;
1563         struct list_head *p, *n;
1564
1565         BT_DBG("session %p state %ld", s, s->state);
1566
1567         list_for_each_safe(p, n, &s->dlcs) {
1568                 d = list_entry(p, struct rfcomm_dlc, list);
1569                 if (d->state == BT_CONFIG) {
1570                         d->mtu = s->mtu;
1571                         rfcomm_send_pn(s, 1, d);
1572                 }
1573         }
1574 }
1575
1576 /* Send data queued for the DLC.
1577  * Return number of frames left in the queue.
1578  */
1579 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1580 {
1581         struct sk_buff *skb;
1582         int err;
1583
1584         BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d", 
1585                         d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1586
1587         /* Send pending MSC */
1588         if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1589                 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 
1590
1591         if (d->cfc) {
1592                 /* CFC enabled. 
1593                  * Give them some credits */
1594                 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1595                                 d->rx_credits <= (d->cfc >> 2)) {
1596                         rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1597                         d->rx_credits = d->cfc;
1598                 }
1599         } else {
1600                 /* CFC disabled.
1601                  * Give ourselves some credits */
1602                 d->tx_credits = 5;
1603         }
1604
1605         if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1606                 return skb_queue_len(&d->tx_queue);
1607
1608         while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1609                 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1610                 if (err < 0) {
1611                         skb_queue_head(&d->tx_queue, skb);
1612                         break;
1613                 }
1614                 kfree_skb(skb);
1615                 d->tx_credits--;
1616         }
1617
1618         if (d->cfc && !d->tx_credits) {
1619                 /* We're out of TX credits.
1620                  * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1621                 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1622         }
1623
1624         return skb_queue_len(&d->tx_queue);
1625 }
1626
1627 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1628 {
1629         struct rfcomm_dlc *d;
1630         struct list_head *p, *n;
1631
1632         BT_DBG("session %p state %ld", s, s->state);
1633
1634         list_for_each_safe(p, n, &s->dlcs) {
1635                 d = list_entry(p, struct rfcomm_dlc, list);
1636
1637                 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1638                         __rfcomm_dlc_close(d, ETIMEDOUT);
1639                         continue;
1640                 }
1641
1642                 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1643                         rfcomm_dlc_clear_timer(d);
1644                         rfcomm_dlc_accept(d);
1645                         if (d->link_mode & RFCOMM_LM_SECURE) {
1646                                 struct sock *sk = s->sock->sk;
1647                                 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
1648                         }
1649                         continue;
1650                 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1651                         rfcomm_dlc_clear_timer(d);
1652                         rfcomm_send_dm(s, d->dlci);
1653                         __rfcomm_dlc_close(d, ECONNREFUSED);
1654                         continue;
1655                 }
1656
1657                 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1658                         continue;
1659
1660                 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1661                                 d->mscex == RFCOMM_MSCEX_OK)
1662                         rfcomm_process_tx(d);
1663         }
1664 }
1665
1666 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1667 {
1668         struct socket *sock = s->sock;
1669         struct sock *sk = sock->sk;
1670         struct sk_buff *skb;
1671
1672         BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1673
1674         /* Get data directly from socket receive queue without copying it. */
1675         while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1676                 skb_orphan(skb);
1677                 rfcomm_recv_frame(s, skb);
1678         }
1679
1680         if (sk->sk_state == BT_CLOSED) {
1681                 if (!s->initiator)
1682                         rfcomm_session_put(s);
1683
1684                 rfcomm_session_close(s, sk->sk_err);
1685         }
1686 }
1687
1688 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1689 {
1690         struct socket *sock = s->sock, *nsock;
1691         int err;
1692
1693         /* Fast check for a new connection.
1694          * Avoids unnesesary socket allocations. */
1695         if (list_empty(&bt_sk(sock->sk)->accept_q))
1696                 return;
1697
1698         BT_DBG("session %p", s);
1699
1700         if (sock_create_lite(PF_BLUETOOTH, sock->type, BTPROTO_L2CAP, &nsock))
1701                 return;
1702
1703         nsock->ops  = sock->ops;
1704
1705         __module_get(nsock->ops->owner);
1706
1707         err = sock->ops->accept(sock, nsock, O_NONBLOCK);
1708         if (err < 0) {
1709                 sock_release(nsock);
1710                 return;
1711         }
1712
1713         /* Set our callbacks */
1714         nsock->sk->sk_data_ready   = rfcomm_l2data_ready;
1715         nsock->sk->sk_state_change = rfcomm_l2state_change;
1716
1717         s = rfcomm_session_add(nsock, BT_OPEN);
1718         if (s) {
1719                 rfcomm_session_hold(s);
1720                 rfcomm_schedule(RFCOMM_SCHED_RX);
1721         } else
1722                 sock_release(nsock);
1723 }
1724
1725 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1726 {
1727         struct sock *sk = s->sock->sk;
1728
1729         BT_DBG("%p state %ld", s, s->state);
1730
1731         switch(sk->sk_state) {
1732         case BT_CONNECTED:
1733                 s->state = BT_CONNECT;
1734
1735                 /* We can adjust MTU on outgoing sessions.
1736                  * L2CAP MTU minus UIH header and FCS. */
1737                 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1738
1739                 rfcomm_send_sabm(s, 0);
1740                 break;
1741
1742         case BT_CLOSED:
1743                 s->state = BT_CLOSED;
1744                 rfcomm_session_close(s, sk->sk_err);
1745                 break;
1746         }
1747 }
1748
1749 static inline void rfcomm_process_sessions(void)
1750 {
1751         struct list_head *p, *n;
1752
1753         rfcomm_lock();
1754
1755         list_for_each_safe(p, n, &session_list) {
1756                 struct rfcomm_session *s;
1757                 s = list_entry(p, struct rfcomm_session, list);
1758
1759                 if (s->state == BT_LISTEN) {
1760                         rfcomm_accept_connection(s);
1761                         continue;
1762                 }
1763
1764                 rfcomm_session_hold(s);
1765
1766                 switch (s->state) {
1767                 case BT_BOUND:
1768                         rfcomm_check_connection(s);
1769                         break;
1770
1771                 default:
1772                         rfcomm_process_rx(s);
1773                         break;
1774                 }
1775
1776                 rfcomm_process_dlcs(s);
1777
1778                 rfcomm_session_put(s);
1779         }
1780
1781         rfcomm_unlock();
1782 }
1783
1784 static void rfcomm_worker(void)
1785 {
1786         BT_DBG("");
1787
1788         while (!atomic_read(&terminate)) {
1789                 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1790                         /* No pending events. Let's sleep.
1791                          * Incoming connections and data will wake us up. */
1792                         set_current_state(TASK_INTERRUPTIBLE);
1793                         schedule();
1794                 }
1795
1796                 /* Process stuff */
1797                 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1798                 rfcomm_process_sessions();
1799         }
1800         set_current_state(TASK_RUNNING);
1801         return;
1802 }
1803
1804 static int rfcomm_add_listener(bdaddr_t *ba)
1805 {
1806         struct sockaddr_l2 addr;
1807         struct socket *sock;
1808         struct sock *sk;
1809         struct rfcomm_session *s;
1810         int    err = 0;
1811
1812         /* Create socket */
1813         err = rfcomm_l2sock_create(&sock);
1814         if (err < 0) { 
1815                 BT_ERR("Create socket failed %d", err);
1816                 return err;
1817         }
1818
1819         /* Bind socket */
1820         bacpy(&addr.l2_bdaddr, ba);
1821         addr.l2_family = AF_BLUETOOTH;
1822         addr.l2_psm    = htobs(RFCOMM_PSM);
1823         err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1824         if (err < 0) {
1825                 BT_ERR("Bind failed %d", err);
1826                 goto failed;
1827         }
1828
1829         /* Set L2CAP options */
1830         sk = sock->sk;
1831         lock_sock(sk);
1832         l2cap_pi(sk)->imtu = RFCOMM_MAX_L2CAP_MTU;
1833         release_sock(sk);
1834
1835         /* Start listening on the socket */
1836         err = sock->ops->listen(sock, 10);
1837         if (err) {
1838                 BT_ERR("Listen failed %d", err);
1839                 goto failed;
1840         }
1841
1842         /* Add listening session */
1843         s = rfcomm_session_add(sock, BT_LISTEN);
1844         if (!s)
1845                 goto failed;
1846
1847         rfcomm_session_hold(s);
1848         return 0;
1849 failed:
1850         sock_release(sock);
1851         return err;
1852 }
1853
1854 static void rfcomm_kill_listener(void)
1855 {
1856         struct rfcomm_session *s;
1857         struct list_head *p, *n;
1858
1859         BT_DBG("");
1860
1861         list_for_each_safe(p, n, &session_list) {
1862                 s = list_entry(p, struct rfcomm_session, list);
1863                 rfcomm_session_del(s);
1864         }
1865 }
1866
1867 static int rfcomm_run(void *unused)
1868 {
1869         rfcomm_thread = current;
1870
1871         atomic_inc(&running);
1872
1873         daemonize("krfcommd");
1874         set_user_nice(current, -10);
1875         current->flags |= PF_NOFREEZE;
1876
1877         BT_DBG("");
1878
1879         rfcomm_add_listener(BDADDR_ANY);
1880
1881         rfcomm_worker();
1882
1883         rfcomm_kill_listener();
1884
1885         atomic_dec(&running);
1886         return 0;
1887 }
1888
1889 static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
1890 {
1891         struct rfcomm_session *s;
1892         struct rfcomm_dlc *d;
1893         struct list_head *p, *n;
1894
1895         BT_DBG("conn %p status 0x%02x", conn, status);
1896
1897         s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1898         if (!s)
1899                 return;
1900
1901         rfcomm_session_hold(s);
1902
1903         list_for_each_safe(p, n, &s->dlcs) {
1904                 d = list_entry(p, struct rfcomm_dlc, list);
1905
1906                 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE))
1907                         continue;
1908
1909                 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1910                         continue;
1911
1912                 if (!status)
1913                         set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1914                 else
1915                         set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1916         }
1917
1918         rfcomm_session_put(s);
1919
1920         rfcomm_schedule(RFCOMM_SCHED_AUTH);
1921 }
1922
1923 static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1924 {
1925         struct rfcomm_session *s;
1926         struct rfcomm_dlc *d;
1927         struct list_head *p, *n;
1928
1929         BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
1930
1931         s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1932         if (!s)
1933                 return;
1934
1935         rfcomm_session_hold(s);
1936
1937         list_for_each_safe(p, n, &s->dlcs) {
1938                 d = list_entry(p, struct rfcomm_dlc, list);
1939
1940                 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1941                         continue;
1942
1943                 if (!status && encrypt)
1944                         set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1945                 else
1946                         set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1947         }
1948
1949         rfcomm_session_put(s);
1950
1951         rfcomm_schedule(RFCOMM_SCHED_AUTH);
1952 }
1953
1954 static struct hci_cb rfcomm_cb = {
1955         .name           = "RFCOMM",
1956         .auth_cfm       = rfcomm_auth_cfm,
1957         .encrypt_cfm    = rfcomm_encrypt_cfm
1958 };
1959
1960 /* ---- Proc fs support ---- */
1961 #ifdef CONFIG_PROC_FS
1962 static void *rfcomm_seq_start(struct seq_file *seq, loff_t *pos)
1963 {
1964         struct rfcomm_session *s;
1965         struct list_head *pp, *p;
1966         loff_t l = *pos;
1967
1968         rfcomm_lock();
1969
1970         list_for_each(p, &session_list) {
1971                 s = list_entry(p, struct rfcomm_session, list);
1972                 list_for_each(pp, &s->dlcs)
1973                         if (!l--) {
1974                                 seq->private = s;
1975                                 return pp;
1976                         }
1977         }
1978         return NULL;
1979 }
1980
1981 static void *rfcomm_seq_next(struct seq_file *seq, void *e, loff_t *pos)
1982 {
1983         struct rfcomm_session *s = seq->private;
1984         struct list_head *pp, *p = e;
1985         (*pos)++;
1986
1987         if (p->next != &s->dlcs)
1988                 return p->next;
1989
1990         list_for_each(p, &session_list) {
1991                 s = list_entry(p, struct rfcomm_session, list);
1992                 __list_for_each(pp, &s->dlcs) {
1993                         seq->private = s;
1994                         return pp;
1995                 }
1996         }
1997         return NULL;
1998 }
1999
2000 static void rfcomm_seq_stop(struct seq_file *seq, void *e)
2001 {
2002         rfcomm_unlock();
2003 }
2004
2005 static int  rfcomm_seq_show(struct seq_file *seq, void *e)
2006 {
2007         struct rfcomm_session *s = seq->private;
2008         struct sock *sk = s->sock->sk;
2009         struct rfcomm_dlc *d = list_entry(e, struct rfcomm_dlc, list);
2010
2011         seq_printf(seq, "%s %s %ld %d %d %d %d\n",
2012                         batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2013                         d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
2014         return 0;
2015 }
2016
2017 static struct seq_operations rfcomm_seq_ops = {
2018         .start  = rfcomm_seq_start,
2019         .next   = rfcomm_seq_next,
2020         .stop   = rfcomm_seq_stop,
2021         .show   = rfcomm_seq_show 
2022 };
2023
2024 static int rfcomm_seq_open(struct inode *inode, struct file *file)
2025 {
2026         return seq_open(file, &rfcomm_seq_ops);
2027 }
2028
2029 static struct file_operations rfcomm_seq_fops = {
2030         .owner   = THIS_MODULE,
2031         .open    = rfcomm_seq_open,
2032         .read    = seq_read,
2033         .llseek  = seq_lseek,
2034         .release = seq_release,
2035 };
2036
2037 static int  __init rfcomm_proc_init(void)
2038 {
2039         struct proc_dir_entry *p;
2040
2041         proc_bt_rfcomm = proc_mkdir("rfcomm", proc_bt);
2042         if (proc_bt_rfcomm) {
2043                 proc_bt_rfcomm->owner = THIS_MODULE;
2044
2045                 p = create_proc_entry("dlc", S_IRUGO, proc_bt_rfcomm);
2046                 if (p)
2047                         p->proc_fops = &rfcomm_seq_fops;
2048         }
2049         return 0;
2050 }
2051
2052 static void __exit rfcomm_proc_cleanup(void)
2053 {
2054         remove_proc_entry("dlc", proc_bt_rfcomm);
2055
2056         remove_proc_entry("rfcomm", proc_bt);
2057 }
2058
2059 #else /* CONFIG_PROC_FS */
2060
2061 static int  __init rfcomm_proc_init(void)
2062 {
2063         return 0;
2064 }
2065
2066 static void __exit rfcomm_proc_cleanup(void)
2067 {
2068         return;
2069 }
2070 #endif /* CONFIG_PROC_FS */
2071
2072 /* ---- Initialization ---- */
2073 static int __init rfcomm_init(void)
2074 {
2075         l2cap_load();
2076
2077         hci_register_cb(&rfcomm_cb);
2078
2079         kernel_thread(rfcomm_run, NULL, CLONE_KERNEL);
2080
2081         BT_INFO("RFCOMM ver %s", VERSION);
2082
2083         rfcomm_proc_init();
2084
2085         rfcomm_init_sockets();
2086
2087 #ifdef CONFIG_BT_RFCOMM_TTY
2088         rfcomm_init_ttys();
2089 #endif
2090
2091         return 0;
2092 }
2093
2094 static void __exit rfcomm_exit(void)
2095 {
2096         hci_unregister_cb(&rfcomm_cb);
2097
2098         /* Terminate working thread.
2099          * ie. Set terminate flag and wake it up */
2100         atomic_inc(&terminate);
2101         rfcomm_schedule(RFCOMM_SCHED_STATE);
2102
2103         /* Wait until thread is running */
2104         while (atomic_read(&running))
2105                 schedule();
2106
2107 #ifdef CONFIG_BT_RFCOMM_TTY
2108         rfcomm_cleanup_ttys();
2109 #endif
2110
2111         rfcomm_cleanup_sockets();
2112
2113         rfcomm_proc_cleanup();
2114 }
2115
2116 module_init(rfcomm_init);
2117 module_exit(rfcomm_exit);
2118
2119 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
2120 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2121 MODULE_VERSION(VERSION);
2122 MODULE_LICENSE("GPL");
2123 MODULE_ALIAS("bt-proto-3");