ppc: Export __handle_mm_fault for MOL
[linux-3.10.git] / net / bluetooth / rfcomm / core.c
1 /* 
2    RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3    Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4    Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License version 2 as
8    published by the Free Software Foundation;
9
10    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11    OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13    IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14    CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 
15    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 
16    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 
17    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19    ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 
20    COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 
21    SOFTWARE IS DISCLAIMED.
22 */
23
24 /* 
25    RPN support    -    Dirk Husemann <hud@zurich.ibm.com>
26 */
27
28 /*
29  * Bluetooth RFCOMM core.
30  *
31  * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $
32  */
33
34 #include <linux/config.h>
35 #include <linux/module.h>
36 #include <linux/errno.h>
37 #include <linux/kernel.h>
38 #include <linux/sched.h>
39 #include <linux/signal.h>
40 #include <linux/init.h>
41 #include <linux/wait.h>
42 #include <linux/net.h>
43 #include <linux/proc_fs.h>
44 #include <linux/seq_file.h>
45 #include <net/sock.h>
46 #include <asm/uaccess.h>
47 #include <asm/unaligned.h>
48
49 #include <net/bluetooth/bluetooth.h>
50 #include <net/bluetooth/hci_core.h>
51 #include <net/bluetooth/l2cap.h>
52 #include <net/bluetooth/rfcomm.h>
53
54 #define VERSION "1.5"
55
56 #ifndef CONFIG_BT_RFCOMM_DEBUG
57 #undef  BT_DBG
58 #define BT_DBG(D...)
59 #endif
60
61 #ifdef CONFIG_PROC_FS
62 struct proc_dir_entry *proc_bt_rfcomm;
63 #endif
64
65 static struct task_struct *rfcomm_thread;
66
67 static DECLARE_MUTEX(rfcomm_sem);
68 #define rfcomm_lock()   down(&rfcomm_sem);
69 #define rfcomm_unlock() up(&rfcomm_sem);
70
71 static unsigned long rfcomm_event;
72
73 static LIST_HEAD(session_list);
74 static atomic_t terminate, running;
75
76 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
77 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
78 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
79 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
80 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
81 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
82 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
83 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
84 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
85 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
86
87 static void rfcomm_process_connect(struct rfcomm_session *s);
88
89 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
90 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
91 static void rfcomm_session_del(struct rfcomm_session *s);
92
93 /* ---- RFCOMM frame parsing macros ---- */
94 #define __get_dlci(b)     ((b & 0xfc) >> 2)
95 #define __get_channel(b)  ((b & 0xf8) >> 3)
96 #define __get_dir(b)      ((b & 0x04) >> 2)
97 #define __get_type(b)     ((b & 0xef))
98
99 #define __test_ea(b)      ((b & 0x01))
100 #define __test_cr(b)      ((b & 0x02))
101 #define __test_pf(b)      ((b & 0x10))
102
103 #define __addr(cr, dlci)       (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
104 #define __ctrl(type, pf)       (((type & 0xef) | (pf << 4)))
105 #define __dlci(dir, chn)       (((chn & 0x1f) << 1) | dir)
106 #define __srv_channel(dlci)    (dlci >> 1)
107 #define __dir(dlci)            (dlci & 0x01)
108
109 #define __len8(len)       (((len) << 1) | 1)
110 #define __len16(len)      ((len) << 1)
111
112 /* MCC macros */
113 #define __mcc_type(cr, type)   (((type << 2) | (cr << 1) | 0x01))
114 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
115 #define __get_mcc_len(b)  ((b & 0xfe) >> 1)
116
117 /* RPN macros */
118 #define __rpn_line_settings(data, stop, parity)  ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x3) << 3))
119 #define __get_rpn_data_bits(line) ((line) & 0x3)
120 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
121 #define __get_rpn_parity(line)    (((line) >> 3) & 0x3)
122
123 static inline void rfcomm_schedule(uint event)
124 {
125         if (!rfcomm_thread)
126                 return;
127         //set_bit(event, &rfcomm_event);
128         set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
129         wake_up_process(rfcomm_thread);
130 }
131
132 static inline void rfcomm_session_put(struct rfcomm_session *s)
133 {
134         if (atomic_dec_and_test(&s->refcnt))
135                 rfcomm_session_del(s);
136 }
137
138 /* ---- RFCOMM FCS computation ---- */
139
140 /* CRC on 2 bytes */
141 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
142
143 /* FCS on 2 bytes */ 
144 static inline u8 __fcs(u8 *data)
145 {
146         return (0xff - __crc(data));
147 }
148
149 /* FCS on 3 bytes */ 
150 static inline u8 __fcs2(u8 *data)
151 {
152         return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
153 }
154
155 /* Check FCS */
156 static inline int __check_fcs(u8 *data, int type, u8 fcs)
157 {
158         u8 f = __crc(data);
159
160         if (type != RFCOMM_UIH)
161                 f = rfcomm_crc_table[f ^ data[2]];
162
163         return rfcomm_crc_table[f ^ fcs] != 0xcf;
164 }
165
166 /* ---- L2CAP callbacks ---- */
167 static void rfcomm_l2state_change(struct sock *sk)
168 {
169         BT_DBG("%p state %d", sk, sk->sk_state);
170         rfcomm_schedule(RFCOMM_SCHED_STATE);
171 }
172
173 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
174 {
175         BT_DBG("%p bytes %d", sk, bytes);
176         rfcomm_schedule(RFCOMM_SCHED_RX);
177 }
178
179 static int rfcomm_l2sock_create(struct socket **sock)
180 {
181         int err;
182
183         BT_DBG("");
184
185         err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
186         if (!err) {
187                 struct sock *sk = (*sock)->sk;
188                 sk->sk_data_ready   = rfcomm_l2data_ready;
189                 sk->sk_state_change = rfcomm_l2state_change;
190         }
191         return err;
192 }
193
194 /* ---- RFCOMM DLCs ---- */
195 static void rfcomm_dlc_timeout(unsigned long arg)
196 {
197         struct rfcomm_dlc *d = (void *) arg;
198
199         BT_DBG("dlc %p state %ld", d, d->state);
200
201         set_bit(RFCOMM_TIMED_OUT, &d->flags);
202         rfcomm_dlc_put(d);
203         rfcomm_schedule(RFCOMM_SCHED_TIMEO);
204 }
205
206 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
207 {
208         BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
209
210         if (!mod_timer(&d->timer, jiffies + timeout))
211                 rfcomm_dlc_hold(d);
212 }
213
214 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
215 {
216         BT_DBG("dlc %p state %ld", d, d->state);
217
218         if (timer_pending(&d->timer) && del_timer(&d->timer))
219                 rfcomm_dlc_put(d);
220 }
221
222 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
223 {
224         BT_DBG("%p", d);
225
226         d->state      = BT_OPEN;
227         d->flags      = 0;
228         d->mscex      = 0;
229         d->mtu        = RFCOMM_DEFAULT_MTU;
230         d->v24_sig    = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
231
232         d->cfc        = RFCOMM_CFC_DISABLED;
233         d->rx_credits = RFCOMM_DEFAULT_CREDITS;
234 }
235
236 struct rfcomm_dlc *rfcomm_dlc_alloc(int prio)
237 {
238         struct rfcomm_dlc *d = kmalloc(sizeof(*d), prio);
239         if (!d)
240                 return NULL;
241         memset(d, 0, sizeof(*d));
242
243         init_timer(&d->timer);
244         d->timer.function = rfcomm_dlc_timeout;
245         d->timer.data = (unsigned long) d;
246
247         skb_queue_head_init(&d->tx_queue);
248         spin_lock_init(&d->lock);
249         atomic_set(&d->refcnt, 1);
250
251         rfcomm_dlc_clear_state(d);
252         
253         BT_DBG("%p", d);
254         return d;
255 }
256
257 void rfcomm_dlc_free(struct rfcomm_dlc *d)
258 {
259         BT_DBG("%p", d);
260
261         skb_queue_purge(&d->tx_queue);
262         kfree(d);
263 }
264
265 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
266 {
267         BT_DBG("dlc %p session %p", d, s);
268
269         rfcomm_session_hold(s);
270
271         rfcomm_dlc_hold(d);
272         list_add(&d->list, &s->dlcs);
273         d->session = s;
274 }
275
276 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
277 {
278         struct rfcomm_session *s = d->session;
279
280         BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
281
282         list_del(&d->list);
283         d->session = NULL;
284         rfcomm_dlc_put(d);
285
286         rfcomm_session_put(s);
287 }
288
289 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
290 {
291         struct rfcomm_dlc *d;
292         struct list_head *p;
293
294         list_for_each(p, &s->dlcs) {
295                 d = list_entry(p, struct rfcomm_dlc, list);
296                 if (d->dlci == dlci)
297                         return d;
298         }
299         return NULL;
300 }
301
302 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
303 {
304         struct rfcomm_session *s;
305         int err = 0;
306         u8 dlci;
307
308         BT_DBG("dlc %p state %ld %s %s channel %d", 
309                         d, d->state, batostr(src), batostr(dst), channel);
310
311         if (channel < 1 || channel > 30)
312                 return -EINVAL;
313
314         if (d->state != BT_OPEN && d->state != BT_CLOSED)
315                 return 0;
316
317         s = rfcomm_session_get(src, dst);
318         if (!s) {
319                 s = rfcomm_session_create(src, dst, &err);
320                 if (!s)
321                         return err;
322         }
323
324         dlci = __dlci(!s->initiator, channel);
325
326         /* Check if DLCI already exists */
327         if (rfcomm_dlc_get(s, dlci))
328                 return -EBUSY;
329
330         rfcomm_dlc_clear_state(d);
331
332         d->dlci     = dlci;
333         d->addr     = __addr(s->initiator, dlci);
334         d->priority = 7;
335
336         d->state    = BT_CONFIG;
337         rfcomm_dlc_link(s, d);
338
339         d->mtu = s->mtu;
340         d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
341
342         if (s->state == BT_CONNECTED)
343                 rfcomm_send_pn(s, 1, d);
344         rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
345         return 0;
346 }
347
348 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
349 {
350         int r;
351
352         rfcomm_lock();
353
354         r = __rfcomm_dlc_open(d, src, dst, channel);
355
356         rfcomm_unlock();
357         return r;
358 }
359
360 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
361 {
362         struct rfcomm_session *s = d->session;
363         if (!s)
364                 return 0;
365
366         BT_DBG("dlc %p state %ld dlci %d err %d session %p",
367                         d, d->state, d->dlci, err, s);
368
369         switch (d->state) {
370         case BT_CONNECTED:
371         case BT_CONFIG:
372         case BT_CONNECT:
373                 d->state = BT_DISCONN;
374                 if (skb_queue_empty(&d->tx_queue)) {
375                         rfcomm_send_disc(s, d->dlci);
376                         rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
377                 } else {
378                         rfcomm_queue_disc(d);
379                         rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
380                 }
381                 break;
382
383         default:
384                 rfcomm_dlc_clear_timer(d);
385
386                 rfcomm_dlc_lock(d);
387                 d->state = BT_CLOSED;
388                 d->state_change(d, err);
389                 rfcomm_dlc_unlock(d);
390
391                 skb_queue_purge(&d->tx_queue);
392                 rfcomm_session_put(s);
393
394                 rfcomm_dlc_unlink(d);
395         }
396
397         return 0;
398 }
399
400 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
401 {
402         int r;
403
404         rfcomm_lock();
405
406         r = __rfcomm_dlc_close(d, err);
407
408         rfcomm_unlock();
409         return r;
410 }
411
412 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
413 {
414         int len = skb->len;
415
416         if (d->state != BT_CONNECTED)
417                 return -ENOTCONN;
418
419         BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
420
421         if (len > d->mtu)
422                 return -EINVAL;
423
424         rfcomm_make_uih(skb, d->addr);
425         skb_queue_tail(&d->tx_queue, skb);
426
427         if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
428                 rfcomm_schedule(RFCOMM_SCHED_TX);
429         return len;
430 }
431
432 void fastcall __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
433 {
434         BT_DBG("dlc %p state %ld", d, d->state);
435
436         if (!d->cfc) {
437                 d->v24_sig |= RFCOMM_V24_FC;
438                 set_bit(RFCOMM_MSC_PENDING, &d->flags);
439         }
440         rfcomm_schedule(RFCOMM_SCHED_TX);
441 }
442
443 void fastcall __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
444 {
445         BT_DBG("dlc %p state %ld", d, d->state);
446
447         if (!d->cfc) {
448                 d->v24_sig &= ~RFCOMM_V24_FC;
449                 set_bit(RFCOMM_MSC_PENDING, &d->flags);
450         }
451         rfcomm_schedule(RFCOMM_SCHED_TX);
452 }
453
454 /* 
455    Set/get modem status functions use _local_ status i.e. what we report
456    to the other side.
457    Remote status is provided by dlc->modem_status() callback.
458  */
459 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
460 {
461         BT_DBG("dlc %p state %ld v24_sig 0x%x", 
462                         d, d->state, v24_sig);
463
464         if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
465                 v24_sig |= RFCOMM_V24_FC;
466         else
467                 v24_sig &= ~RFCOMM_V24_FC;
468         
469         d->v24_sig = v24_sig;
470
471         if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
472                 rfcomm_schedule(RFCOMM_SCHED_TX);
473
474         return 0;
475 }
476
477 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
478 {
479         BT_DBG("dlc %p state %ld v24_sig 0x%x", 
480                         d, d->state, d->v24_sig);
481
482         *v24_sig = d->v24_sig;
483         return 0;
484 }
485
486 /* ---- RFCOMM sessions ---- */
487 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
488 {
489         struct rfcomm_session *s = kmalloc(sizeof(*s), GFP_KERNEL);
490         if (!s)
491                 return NULL;
492         memset(s, 0, sizeof(*s));
493
494         BT_DBG("session %p sock %p", s, sock);
495
496         INIT_LIST_HEAD(&s->dlcs);
497         s->state = state;
498         s->sock  = sock;
499
500         s->mtu = RFCOMM_DEFAULT_MTU;
501         s->cfc = RFCOMM_CFC_UNKNOWN;
502
503         /* Do not increment module usage count for listening sessions.
504          * Otherwise we won't be able to unload the module. */
505         if (state != BT_LISTEN)
506                 if (!try_module_get(THIS_MODULE)) {
507                         kfree(s);
508                         return NULL;
509                 }
510
511         list_add(&s->list, &session_list);
512
513         return s;
514 }
515
516 static void rfcomm_session_del(struct rfcomm_session *s)
517 {
518         int state = s->state;
519
520         BT_DBG("session %p state %ld", s, s->state);
521
522         list_del(&s->list);
523
524         if (state == BT_CONNECTED)
525                 rfcomm_send_disc(s, 0);
526
527         sock_release(s->sock);
528         kfree(s);
529
530         if (state != BT_LISTEN)
531                 module_put(THIS_MODULE);
532 }
533
534 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
535 {
536         struct rfcomm_session *s;
537         struct list_head *p, *n;
538         struct bt_sock *sk;
539         list_for_each_safe(p, n, &session_list) {
540                 s = list_entry(p, struct rfcomm_session, list);
541                 sk = bt_sk(s->sock->sk); 
542
543                 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
544                                 !bacmp(&sk->dst, dst))
545                         return s;
546         }
547         return NULL;
548 }
549
550 static void rfcomm_session_close(struct rfcomm_session *s, int err)
551 {
552         struct rfcomm_dlc *d;
553         struct list_head *p, *n;
554
555         BT_DBG("session %p state %ld err %d", s, s->state, err);
556
557         rfcomm_session_hold(s);
558
559         s->state = BT_CLOSED;
560
561         /* Close all dlcs */
562         list_for_each_safe(p, n, &s->dlcs) {
563                 d = list_entry(p, struct rfcomm_dlc, list);
564                 d->state = BT_CLOSED;
565                 __rfcomm_dlc_close(d, err);
566         }
567
568         rfcomm_session_put(s);
569 }
570
571 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
572 {
573         struct rfcomm_session *s = NULL;
574         struct sockaddr_l2 addr;
575         struct socket *sock;
576         struct sock *sk;
577
578         BT_DBG("%s %s", batostr(src), batostr(dst));
579
580         *err = rfcomm_l2sock_create(&sock);
581         if (*err < 0)
582                 return NULL;
583
584         bacpy(&addr.l2_bdaddr, src);
585         addr.l2_family = AF_BLUETOOTH;
586         addr.l2_psm    = 0;
587         *err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
588         if (*err < 0)
589                 goto failed;
590
591         /* Set L2CAP options */
592         sk = sock->sk;
593         lock_sock(sk);
594         l2cap_pi(sk)->imtu = RFCOMM_MAX_L2CAP_MTU;
595         release_sock(sk);
596
597         s = rfcomm_session_add(sock, BT_BOUND);
598         if (!s) {
599                 *err = -ENOMEM;
600                 goto failed;
601         }
602
603         rfcomm_session_hold(s);
604
605         s->initiator = 1;
606
607         bacpy(&addr.l2_bdaddr, dst);
608         addr.l2_family = AF_BLUETOOTH;
609         addr.l2_psm    = htobs(RFCOMM_PSM);
610         *err = sock->ops->connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
611         if (*err == 0 || *err == -EAGAIN)
612                 return s;
613
614         rfcomm_session_del(s);
615         return NULL;
616
617 failed:
618         sock_release(sock);
619         return NULL;
620 }
621
622 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
623 {
624         struct sock *sk = s->sock->sk;
625         if (src)
626                 bacpy(src, &bt_sk(sk)->src);
627         if (dst)
628                 bacpy(dst, &bt_sk(sk)->dst);
629 }
630
631 /* ---- RFCOMM frame sending ---- */
632 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
633 {
634         struct socket *sock = s->sock;
635         struct kvec iv = { data, len };
636         struct msghdr msg;
637
638         BT_DBG("session %p len %d", s, len);
639
640         memset(&msg, 0, sizeof(msg));
641
642         return kernel_sendmsg(sock, &msg, &iv, 1, len);
643 }
644
645 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
646 {
647         struct rfcomm_cmd cmd;
648
649         BT_DBG("%p dlci %d", s, dlci);
650
651         cmd.addr = __addr(s->initiator, dlci);
652         cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
653         cmd.len  = __len8(0);
654         cmd.fcs  = __fcs2((u8 *) &cmd);
655
656         return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
657 }
658
659 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
660 {
661         struct rfcomm_cmd cmd;
662
663         BT_DBG("%p dlci %d", s, dlci);
664
665         cmd.addr = __addr(!s->initiator, dlci);
666         cmd.ctrl = __ctrl(RFCOMM_UA, 1);
667         cmd.len  = __len8(0);
668         cmd.fcs  = __fcs2((u8 *) &cmd);
669
670         return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
671 }
672
673 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
674 {
675         struct rfcomm_cmd cmd;
676
677         BT_DBG("%p dlci %d", s, dlci);
678
679         cmd.addr = __addr(s->initiator, dlci);
680         cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
681         cmd.len  = __len8(0);
682         cmd.fcs  = __fcs2((u8 *) &cmd);
683
684         return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
685 }
686
687 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
688 {
689         struct rfcomm_cmd *cmd;
690         struct sk_buff *skb;
691
692         BT_DBG("dlc %p dlci %d", d, d->dlci);
693
694         skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
695         if (!skb)
696                 return -ENOMEM;
697
698         cmd = (void *) __skb_put(skb, sizeof(*cmd));
699         cmd->addr = d->addr;
700         cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
701         cmd->len  = __len8(0);
702         cmd->fcs  = __fcs2((u8 *) cmd);
703
704         skb_queue_tail(&d->tx_queue, skb);
705         rfcomm_schedule(RFCOMM_SCHED_TX);
706         return 0;
707 }
708
709 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
710 {
711         struct rfcomm_cmd cmd;
712
713         BT_DBG("%p dlci %d", s, dlci);
714
715         cmd.addr = __addr(!s->initiator, dlci);
716         cmd.ctrl = __ctrl(RFCOMM_DM, 1);
717         cmd.len  = __len8(0);
718         cmd.fcs  = __fcs2((u8 *) &cmd);
719
720         return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
721 }
722
723 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
724 {
725         struct rfcomm_hdr *hdr;
726         struct rfcomm_mcc *mcc;
727         u8 buf[16], *ptr = buf;
728
729         BT_DBG("%p cr %d type %d", s, cr, type);
730
731         hdr = (void *) ptr; ptr += sizeof(*hdr);
732         hdr->addr = __addr(s->initiator, 0);
733         hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
734         hdr->len  = __len8(sizeof(*mcc) + 1);
735
736         mcc = (void *) ptr; ptr += sizeof(*mcc);
737         mcc->type = __mcc_type(cr, RFCOMM_NSC);
738         mcc->len  = __len8(1);
739
740         /* Type that we didn't like */
741         *ptr = __mcc_type(cr, type); ptr++;
742
743         *ptr = __fcs(buf); ptr++;
744
745         return rfcomm_send_frame(s, buf, ptr - buf);
746 }
747
748 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
749 {
750         struct rfcomm_hdr *hdr;
751         struct rfcomm_mcc *mcc;
752         struct rfcomm_pn  *pn;
753         u8 buf[16], *ptr = buf;
754
755         BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
756
757         hdr = (void *) ptr; ptr += sizeof(*hdr);
758         hdr->addr = __addr(s->initiator, 0);
759         hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
760         hdr->len  = __len8(sizeof(*mcc) + sizeof(*pn));
761
762         mcc = (void *) ptr; ptr += sizeof(*mcc);
763         mcc->type = __mcc_type(cr, RFCOMM_PN);
764         mcc->len  = __len8(sizeof(*pn));
765
766         pn = (void *) ptr; ptr += sizeof(*pn);
767         pn->dlci        = d->dlci;
768         pn->priority    = d->priority;
769         pn->ack_timer   = 0;
770         pn->max_retrans = 0;
771
772         if (s->cfc) {
773                 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
774                 pn->credits = RFCOMM_DEFAULT_CREDITS;
775         } else {
776                 pn->flow_ctrl = 0;
777                 pn->credits   = 0;
778         }
779
780         pn->mtu = htobs(d->mtu);
781
782         *ptr = __fcs(buf); ptr++;
783
784         return rfcomm_send_frame(s, buf, ptr - buf);
785 }
786
787 static int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
788                            u8 bit_rate, u8 data_bits, u8 stop_bits,
789                            u8 parity, u8 flow_ctrl_settings, 
790                            u8 xon_char, u8 xoff_char, u16 param_mask)
791 {
792         struct rfcomm_hdr *hdr;
793         struct rfcomm_mcc *mcc;
794         struct rfcomm_rpn *rpn;
795         u8 buf[16], *ptr = buf;
796
797         BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
798                "flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x", 
799                         s, cr, dlci, bit_rate, data_bits, stop_bits, parity, 
800                         flow_ctrl_settings, xon_char, xoff_char, param_mask);
801
802         hdr = (void *) ptr; ptr += sizeof(*hdr);
803         hdr->addr = __addr(s->initiator, 0);
804         hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
805         hdr->len  = __len8(sizeof(*mcc) + sizeof(*rpn));
806
807         mcc = (void *) ptr; ptr += sizeof(*mcc);
808         mcc->type = __mcc_type(cr, RFCOMM_RPN);
809         mcc->len  = __len8(sizeof(*rpn));
810
811         rpn = (void *) ptr; ptr += sizeof(*rpn);
812         rpn->dlci          = __addr(1, dlci);
813         rpn->bit_rate      = bit_rate;
814         rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
815         rpn->flow_ctrl     = flow_ctrl_settings;
816         rpn->xon_char      = xon_char;
817         rpn->xoff_char     = xoff_char;
818         rpn->param_mask    = param_mask;
819
820         *ptr = __fcs(buf); ptr++;
821
822         return rfcomm_send_frame(s, buf, ptr - buf);
823 }
824
825 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
826 {
827         struct rfcomm_hdr *hdr;
828         struct rfcomm_mcc *mcc;
829         struct rfcomm_rls *rls;
830         u8 buf[16], *ptr = buf;
831
832         BT_DBG("%p cr %d status 0x%x", s, cr, status);
833
834         hdr = (void *) ptr; ptr += sizeof(*hdr);
835         hdr->addr = __addr(s->initiator, 0);
836         hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
837         hdr->len  = __len8(sizeof(*mcc) + sizeof(*rls));
838
839         mcc = (void *) ptr; ptr += sizeof(*mcc);
840         mcc->type = __mcc_type(cr, RFCOMM_RLS);
841         mcc->len  = __len8(sizeof(*rls));
842
843         rls = (void *) ptr; ptr += sizeof(*rls);
844         rls->dlci   = __addr(1, dlci);
845         rls->status = status;
846
847         *ptr = __fcs(buf); ptr++;
848
849         return rfcomm_send_frame(s, buf, ptr - buf);
850 }
851
852 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
853 {
854         struct rfcomm_hdr *hdr;
855         struct rfcomm_mcc *mcc;
856         struct rfcomm_msc *msc;
857         u8 buf[16], *ptr = buf;
858
859         BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
860
861         hdr = (void *) ptr; ptr += sizeof(*hdr);
862         hdr->addr = __addr(s->initiator, 0);
863         hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
864         hdr->len  = __len8(sizeof(*mcc) + sizeof(*msc));
865
866         mcc = (void *) ptr; ptr += sizeof(*mcc);
867         mcc->type = __mcc_type(cr, RFCOMM_MSC);
868         mcc->len  = __len8(sizeof(*msc));
869
870         msc = (void *) ptr; ptr += sizeof(*msc);
871         msc->dlci    = __addr(1, dlci);
872         msc->v24_sig = v24_sig | 0x01;
873
874         *ptr = __fcs(buf); ptr++;
875
876         return rfcomm_send_frame(s, buf, ptr - buf);
877 }
878
879 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
880 {
881         struct rfcomm_hdr *hdr;
882         struct rfcomm_mcc *mcc;
883         u8 buf[16], *ptr = buf;
884
885         BT_DBG("%p cr %d", s, cr);
886
887         hdr = (void *) ptr; ptr += sizeof(*hdr);
888         hdr->addr = __addr(s->initiator, 0);
889         hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
890         hdr->len  = __len8(sizeof(*mcc));
891
892         mcc = (void *) ptr; ptr += sizeof(*mcc);
893         mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
894         mcc->len  = __len8(0);
895
896         *ptr = __fcs(buf); ptr++;
897
898         return rfcomm_send_frame(s, buf, ptr - buf);
899 }
900
901 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
902 {
903         struct rfcomm_hdr *hdr;
904         struct rfcomm_mcc *mcc;
905         u8 buf[16], *ptr = buf;
906
907         BT_DBG("%p cr %d", s, cr);
908
909         hdr = (void *) ptr; ptr += sizeof(*hdr);
910         hdr->addr = __addr(s->initiator, 0);
911         hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
912         hdr->len  = __len8(sizeof(*mcc));
913
914         mcc = (void *) ptr; ptr += sizeof(*mcc);
915         mcc->type = __mcc_type(cr, RFCOMM_FCON);
916         mcc->len  = __len8(0);
917
918         *ptr = __fcs(buf); ptr++;
919
920         return rfcomm_send_frame(s, buf, ptr - buf);
921 }
922
923 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
924 {
925         struct socket *sock = s->sock;
926         struct kvec iv[3];
927         struct msghdr msg;
928         unsigned char hdr[5], crc[1];
929
930         if (len > 125)
931                 return -EINVAL;
932
933         BT_DBG("%p cr %d", s, cr);
934
935         hdr[0] = __addr(s->initiator, 0);
936         hdr[1] = __ctrl(RFCOMM_UIH, 0);
937         hdr[2] = 0x01 | ((len + 2) << 1);
938         hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
939         hdr[4] = 0x01 | (len << 1);
940
941         crc[0] = __fcs(hdr);
942
943         iv[0].iov_base = hdr;
944         iv[0].iov_len  = 5;
945         iv[1].iov_base = pattern;
946         iv[1].iov_len  = len;
947         iv[2].iov_base = crc;
948         iv[2].iov_len  = 1;
949
950         memset(&msg, 0, sizeof(msg));
951
952         return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
953 }
954
955 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
956 {
957         struct rfcomm_hdr *hdr;
958         u8 buf[16], *ptr = buf;
959
960         BT_DBG("%p addr %d credits %d", s, addr, credits);
961
962         hdr = (void *) ptr; ptr += sizeof(*hdr);
963         hdr->addr = addr;
964         hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
965         hdr->len  = __len8(0);
966
967         *ptr = credits; ptr++;
968
969         *ptr = __fcs(buf); ptr++;
970
971         return rfcomm_send_frame(s, buf, ptr - buf);
972 }
973
974 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
975 {
976         struct rfcomm_hdr *hdr;
977         int len = skb->len;
978         u8 *crc;
979
980         if (len > 127) {
981                 hdr = (void *) skb_push(skb, 4);
982                 put_unaligned(htobs(__len16(len)), (u16 *) &hdr->len);
983         } else {
984                 hdr = (void *) skb_push(skb, 3);
985                 hdr->len = __len8(len);
986         }
987         hdr->addr = addr;
988         hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
989
990         crc = skb_put(skb, 1);
991         *crc = __fcs((void *) hdr);
992 }
993
994 /* ---- RFCOMM frame reception ---- */
995 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
996 {
997         BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
998
999         if (dlci) {
1000                 /* Data channel */
1001                 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1002                 if (!d) {
1003                         rfcomm_send_dm(s, dlci);
1004                         return 0;
1005                 }
1006
1007                 switch (d->state) {
1008                 case BT_CONNECT:
1009                         rfcomm_dlc_clear_timer(d);
1010
1011                         rfcomm_dlc_lock(d);
1012                         d->state = BT_CONNECTED;
1013                         d->state_change(d, 0);
1014                         rfcomm_dlc_unlock(d);
1015
1016                         rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1017                         break;
1018
1019                 case BT_DISCONN:
1020                         d->state = BT_CLOSED;
1021                         __rfcomm_dlc_close(d, 0);
1022                         break;
1023                 }
1024         } else {
1025                 /* Control channel */
1026                 switch (s->state) {
1027                 case BT_CONNECT:
1028                         s->state = BT_CONNECTED;
1029                         rfcomm_process_connect(s);
1030                         break;
1031                 }
1032         }
1033         return 0;
1034 }
1035
1036 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1037 {
1038         int err = 0;
1039
1040         BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1041
1042         if (dlci) {
1043                 /* Data DLC */
1044                 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1045                 if (d) {
1046                         if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1047                                 err = ECONNREFUSED;
1048                         else
1049                                 err = ECONNRESET;
1050
1051                         d->state = BT_CLOSED;
1052                         __rfcomm_dlc_close(d, err);
1053                 }
1054         } else {
1055                 if (s->state == BT_CONNECT)
1056                         err = ECONNREFUSED;
1057                 else
1058                         err = ECONNRESET;
1059
1060                 s->state = BT_CLOSED;
1061                 rfcomm_session_close(s, err);
1062         }
1063         return 0;
1064 }
1065
1066 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1067 {
1068         int err = 0;
1069
1070         BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1071
1072         if (dlci) {
1073                 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1074                 if (d) {
1075                         rfcomm_send_ua(s, dlci);
1076
1077                         if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1078                                 err = ECONNREFUSED;
1079                         else
1080                                 err = ECONNRESET;
1081
1082                         d->state = BT_CLOSED;
1083                         __rfcomm_dlc_close(d, err);
1084                 } else 
1085                         rfcomm_send_dm(s, dlci);
1086                         
1087         } else {
1088                 rfcomm_send_ua(s, 0);
1089
1090                 if (s->state == BT_CONNECT)
1091                         err = ECONNREFUSED;
1092                 else
1093                         err = ECONNRESET;
1094
1095                 s->state = BT_CLOSED;
1096                 rfcomm_session_close(s, err);
1097         }
1098
1099         return 0;
1100 }
1101
1102 static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
1103 {
1104         struct sock *sk = d->session->sock->sk;
1105
1106         if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
1107                 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
1108                         return 1;
1109         } else if (d->link_mode & RFCOMM_LM_AUTH) {
1110                 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
1111                         return 1;
1112         }
1113
1114         return 0;
1115 }
1116
1117 static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1118 {
1119         BT_DBG("dlc %p", d);
1120
1121         rfcomm_send_ua(d->session, d->dlci);
1122
1123         rfcomm_dlc_lock(d);
1124         d->state = BT_CONNECTED;
1125         d->state_change(d, 0);
1126         rfcomm_dlc_unlock(d);
1127
1128         rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1129 }
1130
1131 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1132 {
1133         struct rfcomm_dlc *d;
1134         u8 channel;
1135
1136         BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1137
1138         if (!dlci) {
1139                 rfcomm_send_ua(s, 0);
1140
1141                 if (s->state == BT_OPEN) {
1142                         s->state = BT_CONNECTED;
1143                         rfcomm_process_connect(s);
1144                 }
1145                 return 0;
1146         }
1147
1148         /* Check if DLC exists */
1149         d = rfcomm_dlc_get(s, dlci);
1150         if (d) {
1151                 if (d->state == BT_OPEN) {
1152                         /* DLC was previously opened by PN request */
1153                         if (rfcomm_check_link_mode(d)) {
1154                                 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1155                                 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1156                                 return 0;
1157                         }
1158
1159                         rfcomm_dlc_accept(d);
1160                 }
1161                 return 0;
1162         }
1163
1164         /* Notify socket layer about incoming connection */
1165         channel = __srv_channel(dlci);
1166         if (rfcomm_connect_ind(s, channel, &d)) {
1167                 d->dlci = dlci;
1168                 d->addr = __addr(s->initiator, dlci);
1169                 rfcomm_dlc_link(s, d);
1170
1171                 if (rfcomm_check_link_mode(d)) {
1172                         set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1173                         rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1174                         return 0;
1175                 }
1176
1177                 rfcomm_dlc_accept(d);
1178         } else {
1179                 rfcomm_send_dm(s, dlci);
1180         }
1181
1182         return 0;
1183 }
1184
1185 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1186 {
1187         struct rfcomm_session *s = d->session;
1188
1189         BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d", 
1190                         d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1191
1192         if (pn->flow_ctrl == 0xf0 || pn->flow_ctrl == 0xe0) {
1193                 d->cfc = s->cfc = RFCOMM_CFC_ENABLED;
1194                 d->tx_credits = pn->credits;
1195         } else {
1196                 d->cfc = s->cfc = RFCOMM_CFC_DISABLED;
1197                 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1198         }
1199
1200         d->priority = pn->priority;
1201
1202         d->mtu = s->mtu = btohs(pn->mtu);
1203
1204         return 0;
1205 }
1206
1207 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1208 {
1209         struct rfcomm_pn *pn = (void *) skb->data;
1210         struct rfcomm_dlc *d;
1211         u8 dlci = pn->dlci;
1212
1213         BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1214
1215         if (!dlci)
1216                 return 0;
1217
1218         d = rfcomm_dlc_get(s, dlci);
1219         if (d) {
1220                 if (cr) {
1221                         /* PN request */
1222                         rfcomm_apply_pn(d, cr, pn);
1223                         rfcomm_send_pn(s, 0, d);
1224                 } else {
1225                         /* PN response */
1226                         switch (d->state) {
1227                         case BT_CONFIG:
1228                                 rfcomm_apply_pn(d, cr, pn);
1229
1230                                 d->state = BT_CONNECT;
1231                                 rfcomm_send_sabm(s, d->dlci);
1232                                 break;
1233                         }
1234                 }
1235         } else {
1236                 u8 channel = __srv_channel(dlci);
1237
1238                 if (!cr)
1239                         return 0;
1240
1241                 /* PN request for non existing DLC.
1242                  * Assume incoming connection. */
1243                 if (rfcomm_connect_ind(s, channel, &d)) {
1244                         d->dlci = dlci;
1245                         d->addr = __addr(s->initiator, dlci);
1246                         rfcomm_dlc_link(s, d);
1247
1248                         rfcomm_apply_pn(d, cr, pn);
1249
1250                         d->state = BT_OPEN;
1251                         rfcomm_send_pn(s, 0, d);
1252                 } else {
1253                         rfcomm_send_dm(s, dlci);
1254                 }
1255         }
1256         return 0;
1257 }
1258
1259 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1260 {
1261         struct rfcomm_rpn *rpn = (void *) skb->data;
1262         u8 dlci = __get_dlci(rpn->dlci);
1263
1264         u8 bit_rate  = 0;
1265         u8 data_bits = 0;
1266         u8 stop_bits = 0;
1267         u8 parity    = 0;
1268         u8 flow_ctrl = 0;
1269         u8 xon_char  = 0;
1270         u8 xoff_char = 0;
1271         u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1272         
1273         BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x", 
1274                dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1275                rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1276         
1277         if (!cr) 
1278                 return 0;
1279         
1280         if (len == 1) {
1281                 /* request: return default setting */
1282                 bit_rate  = RFCOMM_RPN_BR_115200;
1283                 data_bits = RFCOMM_RPN_DATA_8;
1284                 stop_bits = RFCOMM_RPN_STOP_1;
1285                 parity    = RFCOMM_RPN_PARITY_NONE;
1286                 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1287                 xon_char  = RFCOMM_RPN_XON_CHAR;
1288                 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1289
1290                 goto rpn_out;
1291         }
1292         /* check for sane values: ignore/accept bit_rate, 8 bits, 1 stop bit, no parity,
1293                                   no flow control lines, normal XON/XOFF chars */
1294         if (rpn->param_mask & RFCOMM_RPN_PM_BITRATE) {
1295                 bit_rate = rpn->bit_rate;
1296                 if (bit_rate != RFCOMM_RPN_BR_115200) {
1297                         BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1298                         bit_rate = RFCOMM_RPN_BR_115200;
1299                         rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1300                 }
1301         }
1302         if (rpn->param_mask & RFCOMM_RPN_PM_DATA) {
1303                 data_bits = __get_rpn_data_bits(rpn->line_settings);
1304                 if (data_bits != RFCOMM_RPN_DATA_8) {
1305                         BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1306                         data_bits = RFCOMM_RPN_DATA_8;
1307                         rpn_mask ^= RFCOMM_RPN_PM_DATA;
1308                 }
1309         }
1310         if (rpn->param_mask & RFCOMM_RPN_PM_STOP) {
1311                 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1312                 if (stop_bits != RFCOMM_RPN_STOP_1) {
1313                         BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1314                         stop_bits = RFCOMM_RPN_STOP_1;
1315                         rpn_mask ^= RFCOMM_RPN_PM_STOP;
1316                 }
1317         }
1318         if (rpn->param_mask & RFCOMM_RPN_PM_PARITY) {
1319                 parity = __get_rpn_parity(rpn->line_settings);
1320                 if (parity != RFCOMM_RPN_PARITY_NONE) {
1321                         BT_DBG("RPN parity mismatch 0x%x", parity);
1322                         parity = RFCOMM_RPN_PARITY_NONE;
1323                         rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1324                 }
1325         }
1326         if (rpn->param_mask & RFCOMM_RPN_PM_FLOW) {
1327                 flow_ctrl = rpn->flow_ctrl;
1328                 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1329                         BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1330                         flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1331                         rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1332                 }
1333         }
1334         if (rpn->param_mask & RFCOMM_RPN_PM_XON) {
1335                 xon_char = rpn->xon_char;
1336                 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1337                         BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1338                         xon_char = RFCOMM_RPN_XON_CHAR;
1339                         rpn_mask ^= RFCOMM_RPN_PM_XON;
1340                 }
1341         }
1342         if (rpn->param_mask & RFCOMM_RPN_PM_XOFF) {
1343                 xoff_char = rpn->xoff_char;
1344                 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1345                         BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1346                         xoff_char = RFCOMM_RPN_XOFF_CHAR;
1347                         rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1348                 }
1349         }
1350
1351 rpn_out:
1352         rfcomm_send_rpn(s, 0, dlci, 
1353                         bit_rate, data_bits, stop_bits, parity, flow_ctrl,
1354                         xon_char, xoff_char, rpn_mask);
1355
1356         return 0;
1357 }
1358
1359 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1360 {
1361         struct rfcomm_rls *rls = (void *) skb->data;
1362         u8 dlci = __get_dlci(rls->dlci);
1363
1364         BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1365         
1366         if (!cr)
1367                 return 0;
1368
1369         /* FIXME: We should probably do something with this
1370            information here. But for now it's sufficient just
1371            to reply -- Bluetooth 1.1 says it's mandatory to 
1372            recognise and respond to RLS */
1373
1374         rfcomm_send_rls(s, 0, dlci, rls->status);
1375
1376         return 0;
1377 }
1378
1379 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1380 {
1381         struct rfcomm_msc *msc = (void *) skb->data;
1382         struct rfcomm_dlc *d;
1383         u8 dlci = __get_dlci(msc->dlci);
1384
1385         BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1386
1387         d = rfcomm_dlc_get(s, dlci);
1388         if (!d) 
1389                 return 0;
1390
1391         if (cr) {
1392                 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1393                         set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1394                 else
1395                         clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1396                 
1397                 rfcomm_dlc_lock(d);
1398                 if (d->modem_status)
1399                         d->modem_status(d, msc->v24_sig);
1400                 rfcomm_dlc_unlock(d);
1401                 
1402                 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1403
1404                 d->mscex |= RFCOMM_MSCEX_RX;
1405         } else 
1406                 d->mscex |= RFCOMM_MSCEX_TX;
1407
1408         return 0;
1409 }
1410
1411 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1412 {
1413         struct rfcomm_mcc *mcc = (void *) skb->data;
1414         u8 type, cr, len;
1415
1416         cr   = __test_cr(mcc->type);
1417         type = __get_mcc_type(mcc->type);
1418         len  = __get_mcc_len(mcc->len);
1419
1420         BT_DBG("%p type 0x%x cr %d", s, type, cr);
1421
1422         skb_pull(skb, 2);
1423
1424         switch (type) {
1425         case RFCOMM_PN:
1426                 rfcomm_recv_pn(s, cr, skb);
1427                 break;
1428
1429         case RFCOMM_RPN:
1430                 rfcomm_recv_rpn(s, cr, len, skb);
1431                 break;
1432
1433         case RFCOMM_RLS:
1434                 rfcomm_recv_rls(s, cr, skb);
1435                 break;
1436
1437         case RFCOMM_MSC:
1438                 rfcomm_recv_msc(s, cr, skb);
1439                 break;
1440
1441         case RFCOMM_FCOFF:
1442                 if (cr) {
1443                         set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1444                         rfcomm_send_fcoff(s, 0);
1445                 }
1446                 break;
1447
1448         case RFCOMM_FCON:
1449                 if (cr) {
1450                         clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1451                         rfcomm_send_fcon(s, 0);
1452                 }
1453                 break;
1454
1455         case RFCOMM_TEST:
1456                 if (cr)
1457                         rfcomm_send_test(s, 0, skb->data, skb->len);
1458                 break;
1459
1460         case RFCOMM_NSC:
1461                 break;
1462
1463         default:
1464                 BT_ERR("Unknown control type 0x%02x", type);
1465                 rfcomm_send_nsc(s, cr, type);
1466                 break;
1467         }
1468         return 0;
1469 }
1470
1471 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1472 {
1473         struct rfcomm_dlc *d;
1474
1475         BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1476
1477         d = rfcomm_dlc_get(s, dlci);
1478         if (!d) {
1479                 rfcomm_send_dm(s, dlci);
1480                 goto drop;
1481         }
1482
1483         if (pf && d->cfc) {
1484                 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1485
1486                 d->tx_credits += credits;
1487                 if (d->tx_credits)
1488                         clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1489         }
1490
1491         if (skb->len && d->state == BT_CONNECTED) {
1492                 rfcomm_dlc_lock(d);
1493                 d->rx_credits--;
1494                 d->data_ready(d, skb);
1495                 rfcomm_dlc_unlock(d);
1496                 return 0;
1497         }
1498
1499 drop:
1500         kfree_skb(skb);
1501         return 0;
1502 }
1503
1504 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1505 {
1506         struct rfcomm_hdr *hdr = (void *) skb->data;
1507         u8 type, dlci, fcs;
1508
1509         dlci = __get_dlci(hdr->addr);
1510         type = __get_type(hdr->ctrl);
1511
1512         /* Trim FCS */
1513         skb->len--; skb->tail--;
1514         fcs = *(u8 *) skb->tail;
1515
1516         if (__check_fcs(skb->data, type, fcs)) {
1517                 BT_ERR("bad checksum in packet");
1518                 kfree_skb(skb);
1519                 return -EILSEQ;
1520         }
1521
1522         if (__test_ea(hdr->len))
1523                 skb_pull(skb, 3);
1524         else
1525                 skb_pull(skb, 4);
1526
1527         switch (type) {
1528         case RFCOMM_SABM:
1529                 if (__test_pf(hdr->ctrl))
1530                         rfcomm_recv_sabm(s, dlci);
1531                 break;
1532
1533         case RFCOMM_DISC:
1534                 if (__test_pf(hdr->ctrl))
1535                         rfcomm_recv_disc(s, dlci);
1536                 break;
1537
1538         case RFCOMM_UA:
1539                 if (__test_pf(hdr->ctrl))
1540                         rfcomm_recv_ua(s, dlci);
1541                 break;
1542
1543         case RFCOMM_DM:
1544                 rfcomm_recv_dm(s, dlci);
1545                 break;
1546
1547         case RFCOMM_UIH:
1548                 if (dlci)
1549                         return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1550
1551                 rfcomm_recv_mcc(s, skb);
1552                 break;
1553
1554         default:
1555                 BT_ERR("Unknown packet type 0x%02x\n", type);
1556                 break;
1557         }
1558         kfree_skb(skb);
1559         return 0;
1560 }
1561
1562 /* ---- Connection and data processing ---- */
1563
1564 static void rfcomm_process_connect(struct rfcomm_session *s)
1565 {
1566         struct rfcomm_dlc *d;
1567         struct list_head *p, *n;
1568
1569         BT_DBG("session %p state %ld", s, s->state);
1570
1571         list_for_each_safe(p, n, &s->dlcs) {
1572                 d = list_entry(p, struct rfcomm_dlc, list);
1573                 if (d->state == BT_CONFIG) {
1574                         d->mtu = s->mtu;
1575                         rfcomm_send_pn(s, 1, d);
1576                 }
1577         }
1578 }
1579
1580 /* Send data queued for the DLC.
1581  * Return number of frames left in the queue.
1582  */
1583 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1584 {
1585         struct sk_buff *skb;
1586         int err;
1587
1588         BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d", 
1589                         d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1590
1591         /* Send pending MSC */
1592         if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1593                 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 
1594
1595         if (d->cfc) {
1596                 /* CFC enabled. 
1597                  * Give them some credits */
1598                 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1599                                 d->rx_credits <= (d->cfc >> 2)) {
1600                         rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1601                         d->rx_credits = d->cfc;
1602                 }
1603         } else {
1604                 /* CFC disabled.
1605                  * Give ourselves some credits */
1606                 d->tx_credits = 5;
1607         }
1608
1609         if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1610                 return skb_queue_len(&d->tx_queue);
1611
1612         while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1613                 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1614                 if (err < 0) {
1615                         skb_queue_head(&d->tx_queue, skb);
1616                         break;
1617                 }
1618                 kfree_skb(skb);
1619                 d->tx_credits--;
1620         }
1621
1622         if (d->cfc && !d->tx_credits) {
1623                 /* We're out of TX credits.
1624                  * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1625                 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1626         }
1627
1628         return skb_queue_len(&d->tx_queue);
1629 }
1630
1631 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1632 {
1633         struct rfcomm_dlc *d;
1634         struct list_head *p, *n;
1635
1636         BT_DBG("session %p state %ld", s, s->state);
1637
1638         list_for_each_safe(p, n, &s->dlcs) {
1639                 d = list_entry(p, struct rfcomm_dlc, list);
1640
1641                 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1642                         __rfcomm_dlc_close(d, ETIMEDOUT);
1643                         continue;
1644                 }
1645
1646                 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1647                         rfcomm_dlc_clear_timer(d);
1648                         rfcomm_dlc_accept(d);
1649                         if (d->link_mode & RFCOMM_LM_SECURE) {
1650                                 struct sock *sk = s->sock->sk;
1651                                 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
1652                         }
1653                         continue;
1654                 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1655                         rfcomm_dlc_clear_timer(d);
1656                         rfcomm_send_dm(s, d->dlci);
1657                         __rfcomm_dlc_close(d, ECONNREFUSED);
1658                         continue;
1659                 }
1660
1661                 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1662                         continue;
1663
1664                 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1665                                 d->mscex == RFCOMM_MSCEX_OK)
1666                         rfcomm_process_tx(d);
1667         }
1668 }
1669
1670 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1671 {
1672         struct socket *sock = s->sock;
1673         struct sock *sk = sock->sk;
1674         struct sk_buff *skb;
1675
1676         BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1677
1678         /* Get data directly from socket receive queue without copying it. */
1679         while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1680                 skb_orphan(skb);
1681                 rfcomm_recv_frame(s, skb);
1682         }
1683
1684         if (sk->sk_state == BT_CLOSED) {
1685                 if (!s->initiator)
1686                         rfcomm_session_put(s);
1687
1688                 rfcomm_session_close(s, sk->sk_err);
1689         }
1690 }
1691
1692 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1693 {
1694         struct socket *sock = s->sock, *nsock;
1695         int err;
1696
1697         /* Fast check for a new connection.
1698          * Avoids unnesesary socket allocations. */
1699         if (list_empty(&bt_sk(sock->sk)->accept_q))
1700                 return;
1701
1702         BT_DBG("session %p", s);
1703
1704         if (sock_create_lite(PF_BLUETOOTH, sock->type, BTPROTO_L2CAP, &nsock))
1705                 return;
1706
1707         nsock->ops  = sock->ops;
1708
1709         __module_get(nsock->ops->owner);
1710
1711         err = sock->ops->accept(sock, nsock, O_NONBLOCK);
1712         if (err < 0) {
1713                 sock_release(nsock);
1714                 return;
1715         }
1716
1717         /* Set our callbacks */
1718         nsock->sk->sk_data_ready   = rfcomm_l2data_ready;
1719         nsock->sk->sk_state_change = rfcomm_l2state_change;
1720
1721         s = rfcomm_session_add(nsock, BT_OPEN);
1722         if (s) {
1723                 rfcomm_session_hold(s);
1724                 rfcomm_schedule(RFCOMM_SCHED_RX);
1725         } else
1726                 sock_release(nsock);
1727 }
1728
1729 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1730 {
1731         struct sock *sk = s->sock->sk;
1732
1733         BT_DBG("%p state %ld", s, s->state);
1734
1735         switch(sk->sk_state) {
1736         case BT_CONNECTED:
1737                 s->state = BT_CONNECT;
1738
1739                 /* We can adjust MTU on outgoing sessions.
1740                  * L2CAP MTU minus UIH header and FCS. */
1741                 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1742
1743                 rfcomm_send_sabm(s, 0);
1744                 break;
1745
1746         case BT_CLOSED:
1747                 s->state = BT_CLOSED;
1748                 rfcomm_session_close(s, sk->sk_err);
1749                 break;
1750         }
1751 }
1752
1753 static inline void rfcomm_process_sessions(void)
1754 {
1755         struct list_head *p, *n;
1756
1757         rfcomm_lock();
1758
1759         list_for_each_safe(p, n, &session_list) {
1760                 struct rfcomm_session *s;
1761                 s = list_entry(p, struct rfcomm_session, list);
1762
1763                 if (s->state == BT_LISTEN) {
1764                         rfcomm_accept_connection(s);
1765                         continue;
1766                 }
1767
1768                 rfcomm_session_hold(s);
1769
1770                 switch (s->state) {
1771                 case BT_BOUND:
1772                         rfcomm_check_connection(s);
1773                         break;
1774
1775                 default:
1776                         rfcomm_process_rx(s);
1777                         break;
1778                 }
1779
1780                 rfcomm_process_dlcs(s);
1781
1782                 rfcomm_session_put(s);
1783         }
1784
1785         rfcomm_unlock();
1786 }
1787
1788 static void rfcomm_worker(void)
1789 {
1790         BT_DBG("");
1791
1792         while (!atomic_read(&terminate)) {
1793                 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1794                         /* No pending events. Let's sleep.
1795                          * Incoming connections and data will wake us up. */
1796                         set_current_state(TASK_INTERRUPTIBLE);
1797                         schedule();
1798                 }
1799
1800                 /* Process stuff */
1801                 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1802                 rfcomm_process_sessions();
1803         }
1804         set_current_state(TASK_RUNNING);
1805         return;
1806 }
1807
1808 static int rfcomm_add_listener(bdaddr_t *ba)
1809 {
1810         struct sockaddr_l2 addr;
1811         struct socket *sock;
1812         struct sock *sk;
1813         struct rfcomm_session *s;
1814         int    err = 0;
1815
1816         /* Create socket */
1817         err = rfcomm_l2sock_create(&sock);
1818         if (err < 0) { 
1819                 BT_ERR("Create socket failed %d", err);
1820                 return err;
1821         }
1822
1823         /* Bind socket */
1824         bacpy(&addr.l2_bdaddr, ba);
1825         addr.l2_family = AF_BLUETOOTH;
1826         addr.l2_psm    = htobs(RFCOMM_PSM);
1827         err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1828         if (err < 0) {
1829                 BT_ERR("Bind failed %d", err);
1830                 goto failed;
1831         }
1832
1833         /* Set L2CAP options */
1834         sk = sock->sk;
1835         lock_sock(sk);
1836         l2cap_pi(sk)->imtu = RFCOMM_MAX_L2CAP_MTU;
1837         release_sock(sk);
1838
1839         /* Start listening on the socket */
1840         err = sock->ops->listen(sock, 10);
1841         if (err) {
1842                 BT_ERR("Listen failed %d", err);
1843                 goto failed;
1844         }
1845
1846         /* Add listening session */
1847         s = rfcomm_session_add(sock, BT_LISTEN);
1848         if (!s)
1849                 goto failed;
1850
1851         rfcomm_session_hold(s);
1852         return 0;
1853 failed:
1854         sock_release(sock);
1855         return err;
1856 }
1857
1858 static void rfcomm_kill_listener(void)
1859 {
1860         struct rfcomm_session *s;
1861         struct list_head *p, *n;
1862
1863         BT_DBG("");
1864
1865         list_for_each_safe(p, n, &session_list) {
1866                 s = list_entry(p, struct rfcomm_session, list);
1867                 rfcomm_session_del(s);
1868         }
1869 }
1870
1871 static int rfcomm_run(void *unused)
1872 {
1873         rfcomm_thread = current;
1874
1875         atomic_inc(&running);
1876
1877         daemonize("krfcommd");
1878         set_user_nice(current, -10);
1879         current->flags |= PF_NOFREEZE;
1880
1881         BT_DBG("");
1882
1883         rfcomm_add_listener(BDADDR_ANY);
1884
1885         rfcomm_worker();
1886
1887         rfcomm_kill_listener();
1888
1889         atomic_dec(&running);
1890         return 0;
1891 }
1892
1893 static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
1894 {
1895         struct rfcomm_session *s;
1896         struct rfcomm_dlc *d;
1897         struct list_head *p, *n;
1898
1899         BT_DBG("conn %p status 0x%02x", conn, status);
1900
1901         s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1902         if (!s)
1903                 return;
1904
1905         rfcomm_session_hold(s);
1906
1907         list_for_each_safe(p, n, &s->dlcs) {
1908                 d = list_entry(p, struct rfcomm_dlc, list);
1909
1910                 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE))
1911                         continue;
1912
1913                 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1914                         continue;
1915
1916                 if (!status)
1917                         set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1918                 else
1919                         set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1920         }
1921
1922         rfcomm_session_put(s);
1923
1924         rfcomm_schedule(RFCOMM_SCHED_AUTH);
1925 }
1926
1927 static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1928 {
1929         struct rfcomm_session *s;
1930         struct rfcomm_dlc *d;
1931         struct list_head *p, *n;
1932
1933         BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
1934
1935         s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1936         if (!s)
1937                 return;
1938
1939         rfcomm_session_hold(s);
1940
1941         list_for_each_safe(p, n, &s->dlcs) {
1942                 d = list_entry(p, struct rfcomm_dlc, list);
1943
1944                 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1945                         continue;
1946
1947                 if (!status && encrypt)
1948                         set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1949                 else
1950                         set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1951         }
1952
1953         rfcomm_session_put(s);
1954
1955         rfcomm_schedule(RFCOMM_SCHED_AUTH);
1956 }
1957
1958 static struct hci_cb rfcomm_cb = {
1959         .name           = "RFCOMM",
1960         .auth_cfm       = rfcomm_auth_cfm,
1961         .encrypt_cfm    = rfcomm_encrypt_cfm
1962 };
1963
1964 /* ---- Proc fs support ---- */
1965 #ifdef CONFIG_PROC_FS
1966 static void *rfcomm_seq_start(struct seq_file *seq, loff_t *pos)
1967 {
1968         struct rfcomm_session *s;
1969         struct list_head *pp, *p;
1970         loff_t l = *pos;
1971
1972         rfcomm_lock();
1973
1974         list_for_each(p, &session_list) {
1975                 s = list_entry(p, struct rfcomm_session, list);
1976                 list_for_each(pp, &s->dlcs)
1977                         if (!l--) {
1978                                 seq->private = s;
1979                                 return pp;
1980                         }
1981         }
1982         return NULL;
1983 }
1984
1985 static void *rfcomm_seq_next(struct seq_file *seq, void *e, loff_t *pos)
1986 {
1987         struct rfcomm_session *s = seq->private;
1988         struct list_head *pp, *p = e;
1989         (*pos)++;
1990
1991         if (p->next != &s->dlcs)
1992                 return p->next;
1993
1994         list_for_each(p, &session_list) {
1995                 s = list_entry(p, struct rfcomm_session, list);
1996                 __list_for_each(pp, &s->dlcs) {
1997                         seq->private = s;
1998                         return pp;
1999                 }
2000         }
2001         return NULL;
2002 }
2003
2004 static void rfcomm_seq_stop(struct seq_file *seq, void *e)
2005 {
2006         rfcomm_unlock();
2007 }
2008
2009 static int  rfcomm_seq_show(struct seq_file *seq, void *e)
2010 {
2011         struct rfcomm_session *s = seq->private;
2012         struct sock *sk = s->sock->sk;
2013         struct rfcomm_dlc *d = list_entry(e, struct rfcomm_dlc, list);
2014
2015         seq_printf(seq, "%s %s %ld %d %d %d %d\n",
2016                         batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2017                         d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
2018         return 0;
2019 }
2020
2021 static struct seq_operations rfcomm_seq_ops = {
2022         .start  = rfcomm_seq_start,
2023         .next   = rfcomm_seq_next,
2024         .stop   = rfcomm_seq_stop,
2025         .show   = rfcomm_seq_show 
2026 };
2027
2028 static int rfcomm_seq_open(struct inode *inode, struct file *file)
2029 {
2030         return seq_open(file, &rfcomm_seq_ops);
2031 }
2032
2033 static struct file_operations rfcomm_seq_fops = {
2034         .owner   = THIS_MODULE,
2035         .open    = rfcomm_seq_open,
2036         .read    = seq_read,
2037         .llseek  = seq_lseek,
2038         .release = seq_release,
2039 };
2040
2041 static int  __init rfcomm_proc_init(void)
2042 {
2043         struct proc_dir_entry *p;
2044
2045         proc_bt_rfcomm = proc_mkdir("rfcomm", proc_bt);
2046         if (proc_bt_rfcomm) {
2047                 proc_bt_rfcomm->owner = THIS_MODULE;
2048
2049                 p = create_proc_entry("dlc", S_IRUGO, proc_bt_rfcomm);
2050                 if (p)
2051                         p->proc_fops = &rfcomm_seq_fops;
2052         }
2053         return 0;
2054 }
2055
2056 static void __exit rfcomm_proc_cleanup(void)
2057 {
2058         remove_proc_entry("dlc", proc_bt_rfcomm);
2059
2060         remove_proc_entry("rfcomm", proc_bt);
2061 }
2062
2063 #else /* CONFIG_PROC_FS */
2064
2065 static int  __init rfcomm_proc_init(void)
2066 {
2067         return 0;
2068 }
2069
2070 static void __exit rfcomm_proc_cleanup(void)
2071 {
2072         return;
2073 }
2074 #endif /* CONFIG_PROC_FS */
2075
2076 /* ---- Initialization ---- */
2077 static int __init rfcomm_init(void)
2078 {
2079         l2cap_load();
2080
2081         hci_register_cb(&rfcomm_cb);
2082
2083         kernel_thread(rfcomm_run, NULL, CLONE_KERNEL);
2084
2085         BT_INFO("RFCOMM ver %s", VERSION);
2086
2087         rfcomm_proc_init();
2088
2089         rfcomm_init_sockets();
2090
2091 #ifdef CONFIG_BT_RFCOMM_TTY
2092         rfcomm_init_ttys();
2093 #endif
2094
2095         return 0;
2096 }
2097
2098 static void __exit rfcomm_exit(void)
2099 {
2100         hci_unregister_cb(&rfcomm_cb);
2101
2102         /* Terminate working thread.
2103          * ie. Set terminate flag and wake it up */
2104         atomic_inc(&terminate);
2105         rfcomm_schedule(RFCOMM_SCHED_STATE);
2106
2107         /* Wait until thread is running */
2108         while (atomic_read(&running))
2109                 schedule();
2110
2111 #ifdef CONFIG_BT_RFCOMM_TTY
2112         rfcomm_cleanup_ttys();
2113 #endif
2114
2115         rfcomm_cleanup_sockets();
2116
2117         rfcomm_proc_cleanup();
2118 }
2119
2120 module_init(rfcomm_init);
2121 module_exit(rfcomm_exit);
2122
2123 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
2124 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2125 MODULE_VERSION(VERSION);
2126 MODULE_LICENSE("GPL");
2127 MODULE_ALIAS("bt-proto-3");