mm-only debug patch...
[mmotm.git] / net / bluetooth / rfcomm / core.c
blob25692bc0a3423bb78058a9bde2b8e2479eee5b3e
1 /*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
25 * Bluetooth RFCOMM core.
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/kernel.h>
31 #include <linux/sched.h>
32 #include <linux/signal.h>
33 #include <linux/init.h>
34 #include <linux/wait.h>
35 #include <linux/device.h>
36 #include <linux/net.h>
37 #include <linux/mutex.h>
38 #include <linux/kthread.h>
40 #include <net/sock.h>
41 #include <asm/uaccess.h>
42 #include <asm/unaligned.h>
44 #include <net/bluetooth/bluetooth.h>
45 #include <net/bluetooth/hci_core.h>
46 #include <net/bluetooth/l2cap.h>
47 #include <net/bluetooth/rfcomm.h>
49 #define VERSION "1.11"
51 static int disable_cfc = 0;
52 static int channel_mtu = -1;
53 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
55 static struct task_struct *rfcomm_thread;
57 static DEFINE_MUTEX(rfcomm_mutex);
58 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
59 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
61 static unsigned long rfcomm_event;
63 static LIST_HEAD(session_list);
65 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
66 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
67 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
68 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
69 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
70 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
71 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
72 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
73 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
74 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
76 static void rfcomm_process_connect(struct rfcomm_session *s);
78 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
79 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
80 static void rfcomm_session_del(struct rfcomm_session *s);
82 /* ---- RFCOMM frame parsing macros ---- */
83 #define __get_dlci(b) ((b & 0xfc) >> 2)
84 #define __get_channel(b) ((b & 0xf8) >> 3)
85 #define __get_dir(b) ((b & 0x04) >> 2)
86 #define __get_type(b) ((b & 0xef))
88 #define __test_ea(b) ((b & 0x01))
89 #define __test_cr(b) ((b & 0x02))
90 #define __test_pf(b) ((b & 0x10))
92 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
93 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
94 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
95 #define __srv_channel(dlci) (dlci >> 1)
96 #define __dir(dlci) (dlci & 0x01)
98 #define __len8(len) (((len) << 1) | 1)
99 #define __len16(len) ((len) << 1)
101 /* MCC macros */
102 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
103 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
104 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
106 /* RPN macros */
107 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
108 #define __get_rpn_data_bits(line) ((line) & 0x3)
109 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
110 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
112 static inline void rfcomm_schedule(uint event)
114 if (!rfcomm_thread)
115 return;
116 //set_bit(event, &rfcomm_event);
117 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
118 wake_up_process(rfcomm_thread);
121 static inline void rfcomm_session_put(struct rfcomm_session *s)
123 if (atomic_dec_and_test(&s->refcnt))
124 rfcomm_session_del(s);
127 /* ---- RFCOMM FCS computation ---- */
129 /* reversed, 8-bit, poly=0x07 */
130 static unsigned char rfcomm_crc_table[256] = {
131 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
132 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
133 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
134 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
136 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
137 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
138 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
139 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
141 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
142 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
143 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
144 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
146 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
147 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
148 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
149 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
151 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
152 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
153 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
154 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
156 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
157 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
158 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
159 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
161 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
162 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
163 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
164 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
166 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
167 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
168 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
169 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
172 /* CRC on 2 bytes */
173 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
175 /* FCS on 2 bytes */
176 static inline u8 __fcs(u8 *data)
178 return (0xff - __crc(data));
181 /* FCS on 3 bytes */
182 static inline u8 __fcs2(u8 *data)
184 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
187 /* Check FCS */
188 static inline int __check_fcs(u8 *data, int type, u8 fcs)
190 u8 f = __crc(data);
192 if (type != RFCOMM_UIH)
193 f = rfcomm_crc_table[f ^ data[2]];
195 return rfcomm_crc_table[f ^ fcs] != 0xcf;
198 /* ---- L2CAP callbacks ---- */
199 static void rfcomm_l2state_change(struct sock *sk)
201 BT_DBG("%p state %d", sk, sk->sk_state);
202 rfcomm_schedule(RFCOMM_SCHED_STATE);
205 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
207 BT_DBG("%p bytes %d", sk, bytes);
208 rfcomm_schedule(RFCOMM_SCHED_RX);
211 static int rfcomm_l2sock_create(struct socket **sock)
213 int err;
215 BT_DBG("");
217 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
218 if (!err) {
219 struct sock *sk = (*sock)->sk;
220 sk->sk_data_ready = rfcomm_l2data_ready;
221 sk->sk_state_change = rfcomm_l2state_change;
223 return err;
226 static inline int rfcomm_check_security(struct rfcomm_dlc *d)
228 struct sock *sk = d->session->sock->sk;
229 __u8 auth_type;
231 switch (d->sec_level) {
232 case BT_SECURITY_HIGH:
233 auth_type = HCI_AT_GENERAL_BONDING_MITM;
234 break;
235 case BT_SECURITY_MEDIUM:
236 auth_type = HCI_AT_GENERAL_BONDING;
237 break;
238 default:
239 auth_type = HCI_AT_NO_BONDING;
240 break;
243 return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level,
244 auth_type);
247 static void rfcomm_session_timeout(unsigned long arg)
249 struct rfcomm_session *s = (void *) arg;
251 BT_DBG("session %p state %ld", s, s->state);
253 set_bit(RFCOMM_TIMED_OUT, &s->flags);
254 rfcomm_session_put(s);
255 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
258 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
260 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
262 if (!mod_timer(&s->timer, jiffies + timeout))
263 rfcomm_session_hold(s);
266 static void rfcomm_session_clear_timer(struct rfcomm_session *s)
268 BT_DBG("session %p state %ld", s, s->state);
270 if (timer_pending(&s->timer) && del_timer(&s->timer))
271 rfcomm_session_put(s);
274 /* ---- RFCOMM DLCs ---- */
275 static void rfcomm_dlc_timeout(unsigned long arg)
277 struct rfcomm_dlc *d = (void *) arg;
279 BT_DBG("dlc %p state %ld", d, d->state);
281 set_bit(RFCOMM_TIMED_OUT, &d->flags);
282 rfcomm_dlc_put(d);
283 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
286 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
288 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
290 if (!mod_timer(&d->timer, jiffies + timeout))
291 rfcomm_dlc_hold(d);
294 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
296 BT_DBG("dlc %p state %ld", d, d->state);
298 if (timer_pending(&d->timer) && del_timer(&d->timer))
299 rfcomm_dlc_put(d);
302 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
304 BT_DBG("%p", d);
306 d->state = BT_OPEN;
307 d->flags = 0;
308 d->mscex = 0;
309 d->mtu = RFCOMM_DEFAULT_MTU;
310 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
312 d->cfc = RFCOMM_CFC_DISABLED;
313 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
316 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
318 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
320 if (!d)
321 return NULL;
323 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
325 skb_queue_head_init(&d->tx_queue);
326 spin_lock_init(&d->lock);
327 atomic_set(&d->refcnt, 1);
329 rfcomm_dlc_clear_state(d);
331 BT_DBG("%p", d);
333 return d;
336 void rfcomm_dlc_free(struct rfcomm_dlc *d)
338 BT_DBG("%p", d);
340 skb_queue_purge(&d->tx_queue);
341 kfree(d);
344 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
346 BT_DBG("dlc %p session %p", d, s);
348 rfcomm_session_hold(s);
350 rfcomm_session_clear_timer(s);
351 rfcomm_dlc_hold(d);
352 list_add(&d->list, &s->dlcs);
353 d->session = s;
356 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
358 struct rfcomm_session *s = d->session;
360 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
362 list_del(&d->list);
363 d->session = NULL;
364 rfcomm_dlc_put(d);
366 if (list_empty(&s->dlcs))
367 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
369 rfcomm_session_put(s);
372 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
374 struct rfcomm_dlc *d;
375 struct list_head *p;
377 list_for_each(p, &s->dlcs) {
378 d = list_entry(p, struct rfcomm_dlc, list);
379 if (d->dlci == dlci)
380 return d;
382 return NULL;
385 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
387 struct rfcomm_session *s;
388 int err = 0;
389 u8 dlci;
391 BT_DBG("dlc %p state %ld %s %s channel %d",
392 d, d->state, batostr(src), batostr(dst), channel);
394 if (channel < 1 || channel > 30)
395 return -EINVAL;
397 if (d->state != BT_OPEN && d->state != BT_CLOSED)
398 return 0;
400 s = rfcomm_session_get(src, dst);
401 if (!s) {
402 s = rfcomm_session_create(src, dst, &err);
403 if (!s)
404 return err;
407 dlci = __dlci(!s->initiator, channel);
409 /* Check if DLCI already exists */
410 if (rfcomm_dlc_get(s, dlci))
411 return -EBUSY;
413 rfcomm_dlc_clear_state(d);
415 d->dlci = dlci;
416 d->addr = __addr(s->initiator, dlci);
417 d->priority = 7;
419 d->state = BT_CONFIG;
420 rfcomm_dlc_link(s, d);
422 d->out = 1;
424 d->mtu = s->mtu;
425 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
427 if (s->state == BT_CONNECTED) {
428 if (rfcomm_check_security(d))
429 rfcomm_send_pn(s, 1, d);
430 else
431 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
434 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
436 return 0;
439 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
441 int r;
443 rfcomm_lock();
445 r = __rfcomm_dlc_open(d, src, dst, channel);
447 rfcomm_unlock();
448 return r;
451 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
453 struct rfcomm_session *s = d->session;
454 if (!s)
455 return 0;
457 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
458 d, d->state, d->dlci, err, s);
460 switch (d->state) {
461 case BT_CONNECT:
462 case BT_CONFIG:
463 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
464 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
465 rfcomm_schedule(RFCOMM_SCHED_AUTH);
466 break;
468 /* Fall through */
470 case BT_CONNECTED:
471 d->state = BT_DISCONN;
472 if (skb_queue_empty(&d->tx_queue)) {
473 rfcomm_send_disc(s, d->dlci);
474 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
475 } else {
476 rfcomm_queue_disc(d);
477 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
479 break;
481 case BT_OPEN:
482 case BT_CONNECT2:
483 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
484 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
485 rfcomm_schedule(RFCOMM_SCHED_AUTH);
486 break;
488 /* Fall through */
490 default:
491 rfcomm_dlc_clear_timer(d);
493 rfcomm_dlc_lock(d);
494 d->state = BT_CLOSED;
495 d->state_change(d, err);
496 rfcomm_dlc_unlock(d);
498 skb_queue_purge(&d->tx_queue);
499 rfcomm_dlc_unlink(d);
502 return 0;
505 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
507 int r;
509 rfcomm_lock();
511 r = __rfcomm_dlc_close(d, err);
513 rfcomm_unlock();
514 return r;
517 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
519 int len = skb->len;
521 if (d->state != BT_CONNECTED)
522 return -ENOTCONN;
524 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
526 if (len > d->mtu)
527 return -EINVAL;
529 rfcomm_make_uih(skb, d->addr);
530 skb_queue_tail(&d->tx_queue, skb);
532 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
533 rfcomm_schedule(RFCOMM_SCHED_TX);
534 return len;
537 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
539 BT_DBG("dlc %p state %ld", d, d->state);
541 if (!d->cfc) {
542 d->v24_sig |= RFCOMM_V24_FC;
543 set_bit(RFCOMM_MSC_PENDING, &d->flags);
545 rfcomm_schedule(RFCOMM_SCHED_TX);
548 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
550 BT_DBG("dlc %p state %ld", d, d->state);
552 if (!d->cfc) {
553 d->v24_sig &= ~RFCOMM_V24_FC;
554 set_bit(RFCOMM_MSC_PENDING, &d->flags);
556 rfcomm_schedule(RFCOMM_SCHED_TX);
560 Set/get modem status functions use _local_ status i.e. what we report
561 to the other side.
562 Remote status is provided by dlc->modem_status() callback.
564 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
566 BT_DBG("dlc %p state %ld v24_sig 0x%x",
567 d, d->state, v24_sig);
569 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
570 v24_sig |= RFCOMM_V24_FC;
571 else
572 v24_sig &= ~RFCOMM_V24_FC;
574 d->v24_sig = v24_sig;
576 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
577 rfcomm_schedule(RFCOMM_SCHED_TX);
579 return 0;
582 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
584 BT_DBG("dlc %p state %ld v24_sig 0x%x",
585 d, d->state, d->v24_sig);
587 *v24_sig = d->v24_sig;
588 return 0;
591 /* ---- RFCOMM sessions ---- */
592 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
594 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
596 if (!s)
597 return NULL;
599 BT_DBG("session %p sock %p", s, sock);
601 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
603 INIT_LIST_HEAD(&s->dlcs);
604 s->state = state;
605 s->sock = sock;
607 s->mtu = RFCOMM_DEFAULT_MTU;
608 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
610 /* Do not increment module usage count for listening sessions.
611 * Otherwise we won't be able to unload the module. */
612 if (state != BT_LISTEN)
613 if (!try_module_get(THIS_MODULE)) {
614 kfree(s);
615 return NULL;
618 list_add(&s->list, &session_list);
620 return s;
623 static void rfcomm_session_del(struct rfcomm_session *s)
625 int state = s->state;
627 BT_DBG("session %p state %ld", s, s->state);
629 list_del(&s->list);
631 if (state == BT_CONNECTED)
632 rfcomm_send_disc(s, 0);
634 rfcomm_session_clear_timer(s);
635 sock_release(s->sock);
636 kfree(s);
638 if (state != BT_LISTEN)
639 module_put(THIS_MODULE);
642 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
644 struct rfcomm_session *s;
645 struct list_head *p, *n;
646 struct bt_sock *sk;
647 list_for_each_safe(p, n, &session_list) {
648 s = list_entry(p, struct rfcomm_session, list);
649 sk = bt_sk(s->sock->sk);
651 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
652 !bacmp(&sk->dst, dst))
653 return s;
655 return NULL;
658 static void rfcomm_session_close(struct rfcomm_session *s, int err)
660 struct rfcomm_dlc *d;
661 struct list_head *p, *n;
663 BT_DBG("session %p state %ld err %d", s, s->state, err);
665 rfcomm_session_hold(s);
667 s->state = BT_CLOSED;
669 /* Close all dlcs */
670 list_for_each_safe(p, n, &s->dlcs) {
671 d = list_entry(p, struct rfcomm_dlc, list);
672 d->state = BT_CLOSED;
673 __rfcomm_dlc_close(d, err);
676 rfcomm_session_clear_timer(s);
677 rfcomm_session_put(s);
680 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
682 struct rfcomm_session *s = NULL;
683 struct sockaddr_l2 addr;
684 struct socket *sock;
685 struct sock *sk;
687 BT_DBG("%s %s", batostr(src), batostr(dst));
689 *err = rfcomm_l2sock_create(&sock);
690 if (*err < 0)
691 return NULL;
693 bacpy(&addr.l2_bdaddr, src);
694 addr.l2_family = AF_BLUETOOTH;
695 addr.l2_psm = 0;
696 addr.l2_cid = 0;
697 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
698 if (*err < 0)
699 goto failed;
701 /* Set L2CAP options */
702 sk = sock->sk;
703 lock_sock(sk);
704 l2cap_pi(sk)->imtu = l2cap_mtu;
705 release_sock(sk);
707 s = rfcomm_session_add(sock, BT_BOUND);
708 if (!s) {
709 *err = -ENOMEM;
710 goto failed;
713 s->initiator = 1;
715 bacpy(&addr.l2_bdaddr, dst);
716 addr.l2_family = AF_BLUETOOTH;
717 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
718 addr.l2_cid = 0;
719 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
720 if (*err == 0 || *err == -EINPROGRESS)
721 return s;
723 rfcomm_session_del(s);
724 return NULL;
726 failed:
727 sock_release(sock);
728 return NULL;
731 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
733 struct sock *sk = s->sock->sk;
734 if (src)
735 bacpy(src, &bt_sk(sk)->src);
736 if (dst)
737 bacpy(dst, &bt_sk(sk)->dst);
740 /* ---- RFCOMM frame sending ---- */
741 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
743 struct socket *sock = s->sock;
744 struct kvec iv = { data, len };
745 struct msghdr msg;
747 BT_DBG("session %p len %d", s, len);
749 memset(&msg, 0, sizeof(msg));
751 return kernel_sendmsg(sock, &msg, &iv, 1, len);
754 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
756 struct rfcomm_cmd cmd;
758 BT_DBG("%p dlci %d", s, dlci);
760 cmd.addr = __addr(s->initiator, dlci);
761 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
762 cmd.len = __len8(0);
763 cmd.fcs = __fcs2((u8 *) &cmd);
765 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
768 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
770 struct rfcomm_cmd cmd;
772 BT_DBG("%p dlci %d", s, dlci);
774 cmd.addr = __addr(!s->initiator, dlci);
775 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
776 cmd.len = __len8(0);
777 cmd.fcs = __fcs2((u8 *) &cmd);
779 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
782 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
784 struct rfcomm_cmd cmd;
786 BT_DBG("%p dlci %d", s, dlci);
788 cmd.addr = __addr(s->initiator, dlci);
789 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
790 cmd.len = __len8(0);
791 cmd.fcs = __fcs2((u8 *) &cmd);
793 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
796 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
798 struct rfcomm_cmd *cmd;
799 struct sk_buff *skb;
801 BT_DBG("dlc %p dlci %d", d, d->dlci);
803 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
804 if (!skb)
805 return -ENOMEM;
807 cmd = (void *) __skb_put(skb, sizeof(*cmd));
808 cmd->addr = d->addr;
809 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
810 cmd->len = __len8(0);
811 cmd->fcs = __fcs2((u8 *) cmd);
813 skb_queue_tail(&d->tx_queue, skb);
814 rfcomm_schedule(RFCOMM_SCHED_TX);
815 return 0;
818 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
820 struct rfcomm_cmd cmd;
822 BT_DBG("%p dlci %d", s, dlci);
824 cmd.addr = __addr(!s->initiator, dlci);
825 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
826 cmd.len = __len8(0);
827 cmd.fcs = __fcs2((u8 *) &cmd);
829 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
832 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
834 struct rfcomm_hdr *hdr;
835 struct rfcomm_mcc *mcc;
836 u8 buf[16], *ptr = buf;
838 BT_DBG("%p cr %d type %d", s, cr, type);
840 hdr = (void *) ptr; ptr += sizeof(*hdr);
841 hdr->addr = __addr(s->initiator, 0);
842 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
843 hdr->len = __len8(sizeof(*mcc) + 1);
845 mcc = (void *) ptr; ptr += sizeof(*mcc);
846 mcc->type = __mcc_type(cr, RFCOMM_NSC);
847 mcc->len = __len8(1);
849 /* Type that we didn't like */
850 *ptr = __mcc_type(cr, type); ptr++;
852 *ptr = __fcs(buf); ptr++;
854 return rfcomm_send_frame(s, buf, ptr - buf);
857 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
859 struct rfcomm_hdr *hdr;
860 struct rfcomm_mcc *mcc;
861 struct rfcomm_pn *pn;
862 u8 buf[16], *ptr = buf;
864 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
866 hdr = (void *) ptr; ptr += sizeof(*hdr);
867 hdr->addr = __addr(s->initiator, 0);
868 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
869 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
871 mcc = (void *) ptr; ptr += sizeof(*mcc);
872 mcc->type = __mcc_type(cr, RFCOMM_PN);
873 mcc->len = __len8(sizeof(*pn));
875 pn = (void *) ptr; ptr += sizeof(*pn);
876 pn->dlci = d->dlci;
877 pn->priority = d->priority;
878 pn->ack_timer = 0;
879 pn->max_retrans = 0;
881 if (s->cfc) {
882 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
883 pn->credits = RFCOMM_DEFAULT_CREDITS;
884 } else {
885 pn->flow_ctrl = 0;
886 pn->credits = 0;
889 if (cr && channel_mtu >= 0)
890 pn->mtu = cpu_to_le16(channel_mtu);
891 else
892 pn->mtu = cpu_to_le16(d->mtu);
894 *ptr = __fcs(buf); ptr++;
896 return rfcomm_send_frame(s, buf, ptr - buf);
899 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
900 u8 bit_rate, u8 data_bits, u8 stop_bits,
901 u8 parity, u8 flow_ctrl_settings,
902 u8 xon_char, u8 xoff_char, u16 param_mask)
904 struct rfcomm_hdr *hdr;
905 struct rfcomm_mcc *mcc;
906 struct rfcomm_rpn *rpn;
907 u8 buf[16], *ptr = buf;
909 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
910 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
911 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
912 flow_ctrl_settings, xon_char, xoff_char, param_mask);
914 hdr = (void *) ptr; ptr += sizeof(*hdr);
915 hdr->addr = __addr(s->initiator, 0);
916 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
917 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
919 mcc = (void *) ptr; ptr += sizeof(*mcc);
920 mcc->type = __mcc_type(cr, RFCOMM_RPN);
921 mcc->len = __len8(sizeof(*rpn));
923 rpn = (void *) ptr; ptr += sizeof(*rpn);
924 rpn->dlci = __addr(1, dlci);
925 rpn->bit_rate = bit_rate;
926 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
927 rpn->flow_ctrl = flow_ctrl_settings;
928 rpn->xon_char = xon_char;
929 rpn->xoff_char = xoff_char;
930 rpn->param_mask = cpu_to_le16(param_mask);
932 *ptr = __fcs(buf); ptr++;
934 return rfcomm_send_frame(s, buf, ptr - buf);
937 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
939 struct rfcomm_hdr *hdr;
940 struct rfcomm_mcc *mcc;
941 struct rfcomm_rls *rls;
942 u8 buf[16], *ptr = buf;
944 BT_DBG("%p cr %d status 0x%x", s, cr, status);
946 hdr = (void *) ptr; ptr += sizeof(*hdr);
947 hdr->addr = __addr(s->initiator, 0);
948 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
949 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
951 mcc = (void *) ptr; ptr += sizeof(*mcc);
952 mcc->type = __mcc_type(cr, RFCOMM_RLS);
953 mcc->len = __len8(sizeof(*rls));
955 rls = (void *) ptr; ptr += sizeof(*rls);
956 rls->dlci = __addr(1, dlci);
957 rls->status = status;
959 *ptr = __fcs(buf); ptr++;
961 return rfcomm_send_frame(s, buf, ptr - buf);
964 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
966 struct rfcomm_hdr *hdr;
967 struct rfcomm_mcc *mcc;
968 struct rfcomm_msc *msc;
969 u8 buf[16], *ptr = buf;
971 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
973 hdr = (void *) ptr; ptr += sizeof(*hdr);
974 hdr->addr = __addr(s->initiator, 0);
975 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
976 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
978 mcc = (void *) ptr; ptr += sizeof(*mcc);
979 mcc->type = __mcc_type(cr, RFCOMM_MSC);
980 mcc->len = __len8(sizeof(*msc));
982 msc = (void *) ptr; ptr += sizeof(*msc);
983 msc->dlci = __addr(1, dlci);
984 msc->v24_sig = v24_sig | 0x01;
986 *ptr = __fcs(buf); ptr++;
988 return rfcomm_send_frame(s, buf, ptr - buf);
991 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
993 struct rfcomm_hdr *hdr;
994 struct rfcomm_mcc *mcc;
995 u8 buf[16], *ptr = buf;
997 BT_DBG("%p cr %d", s, cr);
999 hdr = (void *) ptr; ptr += sizeof(*hdr);
1000 hdr->addr = __addr(s->initiator, 0);
1001 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1002 hdr->len = __len8(sizeof(*mcc));
1004 mcc = (void *) ptr; ptr += sizeof(*mcc);
1005 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1006 mcc->len = __len8(0);
1008 *ptr = __fcs(buf); ptr++;
1010 return rfcomm_send_frame(s, buf, ptr - buf);
1013 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1015 struct rfcomm_hdr *hdr;
1016 struct rfcomm_mcc *mcc;
1017 u8 buf[16], *ptr = buf;
1019 BT_DBG("%p cr %d", s, cr);
1021 hdr = (void *) ptr; ptr += sizeof(*hdr);
1022 hdr->addr = __addr(s->initiator, 0);
1023 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1024 hdr->len = __len8(sizeof(*mcc));
1026 mcc = (void *) ptr; ptr += sizeof(*mcc);
1027 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1028 mcc->len = __len8(0);
1030 *ptr = __fcs(buf); ptr++;
1032 return rfcomm_send_frame(s, buf, ptr - buf);
1035 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1037 struct socket *sock = s->sock;
1038 struct kvec iv[3];
1039 struct msghdr msg;
1040 unsigned char hdr[5], crc[1];
1042 if (len > 125)
1043 return -EINVAL;
1045 BT_DBG("%p cr %d", s, cr);
1047 hdr[0] = __addr(s->initiator, 0);
1048 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1049 hdr[2] = 0x01 | ((len + 2) << 1);
1050 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1051 hdr[4] = 0x01 | (len << 1);
1053 crc[0] = __fcs(hdr);
1055 iv[0].iov_base = hdr;
1056 iv[0].iov_len = 5;
1057 iv[1].iov_base = pattern;
1058 iv[1].iov_len = len;
1059 iv[2].iov_base = crc;
1060 iv[2].iov_len = 1;
1062 memset(&msg, 0, sizeof(msg));
1064 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1067 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1069 struct rfcomm_hdr *hdr;
1070 u8 buf[16], *ptr = buf;
1072 BT_DBG("%p addr %d credits %d", s, addr, credits);
1074 hdr = (void *) ptr; ptr += sizeof(*hdr);
1075 hdr->addr = addr;
1076 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1077 hdr->len = __len8(0);
1079 *ptr = credits; ptr++;
1081 *ptr = __fcs(buf); ptr++;
1083 return rfcomm_send_frame(s, buf, ptr - buf);
1086 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1088 struct rfcomm_hdr *hdr;
1089 int len = skb->len;
1090 u8 *crc;
1092 if (len > 127) {
1093 hdr = (void *) skb_push(skb, 4);
1094 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1095 } else {
1096 hdr = (void *) skb_push(skb, 3);
1097 hdr->len = __len8(len);
1099 hdr->addr = addr;
1100 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1102 crc = skb_put(skb, 1);
1103 *crc = __fcs((void *) hdr);
1106 /* ---- RFCOMM frame reception ---- */
1107 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1109 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1111 if (dlci) {
1112 /* Data channel */
1113 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1114 if (!d) {
1115 rfcomm_send_dm(s, dlci);
1116 return 0;
1119 switch (d->state) {
1120 case BT_CONNECT:
1121 rfcomm_dlc_clear_timer(d);
1123 rfcomm_dlc_lock(d);
1124 d->state = BT_CONNECTED;
1125 d->state_change(d, 0);
1126 rfcomm_dlc_unlock(d);
1128 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1129 break;
1131 case BT_DISCONN:
1132 d->state = BT_CLOSED;
1133 __rfcomm_dlc_close(d, 0);
1135 if (list_empty(&s->dlcs)) {
1136 s->state = BT_DISCONN;
1137 rfcomm_send_disc(s, 0);
1140 break;
1142 } else {
1143 /* Control channel */
1144 switch (s->state) {
1145 case BT_CONNECT:
1146 s->state = BT_CONNECTED;
1147 rfcomm_process_connect(s);
1148 break;
1150 case BT_DISCONN:
1151 rfcomm_session_put(s);
1152 break;
1155 return 0;
1158 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1160 int err = 0;
1162 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1164 if (dlci) {
1165 /* Data DLC */
1166 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1167 if (d) {
1168 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1169 err = ECONNREFUSED;
1170 else
1171 err = ECONNRESET;
1173 d->state = BT_CLOSED;
1174 __rfcomm_dlc_close(d, err);
1176 } else {
1177 if (s->state == BT_CONNECT)
1178 err = ECONNREFUSED;
1179 else
1180 err = ECONNRESET;
1182 s->state = BT_CLOSED;
1183 rfcomm_session_close(s, err);
1185 return 0;
1188 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1190 int err = 0;
1192 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1194 if (dlci) {
1195 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1196 if (d) {
1197 rfcomm_send_ua(s, dlci);
1199 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1200 err = ECONNREFUSED;
1201 else
1202 err = ECONNRESET;
1204 d->state = BT_CLOSED;
1205 __rfcomm_dlc_close(d, err);
1206 } else
1207 rfcomm_send_dm(s, dlci);
1209 } else {
1210 rfcomm_send_ua(s, 0);
1212 if (s->state == BT_CONNECT)
1213 err = ECONNREFUSED;
1214 else
1215 err = ECONNRESET;
1217 s->state = BT_CLOSED;
1218 rfcomm_session_close(s, err);
1221 return 0;
1224 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1226 struct sock *sk = d->session->sock->sk;
1228 BT_DBG("dlc %p", d);
1230 rfcomm_send_ua(d->session, d->dlci);
1232 rfcomm_dlc_clear_timer(d);
1234 rfcomm_dlc_lock(d);
1235 d->state = BT_CONNECTED;
1236 d->state_change(d, 0);
1237 rfcomm_dlc_unlock(d);
1239 if (d->role_switch)
1240 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);
1242 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1245 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1247 if (rfcomm_check_security(d)) {
1248 if (d->defer_setup) {
1249 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1250 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1252 rfcomm_dlc_lock(d);
1253 d->state = BT_CONNECT2;
1254 d->state_change(d, 0);
1255 rfcomm_dlc_unlock(d);
1256 } else
1257 rfcomm_dlc_accept(d);
1258 } else {
1259 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1260 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1264 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1266 struct rfcomm_dlc *d;
1267 u8 channel;
1269 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1271 if (!dlci) {
1272 rfcomm_send_ua(s, 0);
1274 if (s->state == BT_OPEN) {
1275 s->state = BT_CONNECTED;
1276 rfcomm_process_connect(s);
1278 return 0;
1281 /* Check if DLC exists */
1282 d = rfcomm_dlc_get(s, dlci);
1283 if (d) {
1284 if (d->state == BT_OPEN) {
1285 /* DLC was previously opened by PN request */
1286 rfcomm_check_accept(d);
1288 return 0;
1291 /* Notify socket layer about incoming connection */
1292 channel = __srv_channel(dlci);
1293 if (rfcomm_connect_ind(s, channel, &d)) {
1294 d->dlci = dlci;
1295 d->addr = __addr(s->initiator, dlci);
1296 rfcomm_dlc_link(s, d);
1298 rfcomm_check_accept(d);
1299 } else {
1300 rfcomm_send_dm(s, dlci);
1303 return 0;
1306 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1308 struct rfcomm_session *s = d->session;
1310 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1311 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1313 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1314 pn->flow_ctrl == 0xe0) {
1315 d->cfc = RFCOMM_CFC_ENABLED;
1316 d->tx_credits = pn->credits;
1317 } else {
1318 d->cfc = RFCOMM_CFC_DISABLED;
1319 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1322 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1323 s->cfc = d->cfc;
1325 d->priority = pn->priority;
1327 d->mtu = __le16_to_cpu(pn->mtu);
1329 if (cr && d->mtu > s->mtu)
1330 d->mtu = s->mtu;
1332 return 0;
1335 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1337 struct rfcomm_pn *pn = (void *) skb->data;
1338 struct rfcomm_dlc *d;
1339 u8 dlci = pn->dlci;
1341 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1343 if (!dlci)
1344 return 0;
1346 d = rfcomm_dlc_get(s, dlci);
1347 if (d) {
1348 if (cr) {
1349 /* PN request */
1350 rfcomm_apply_pn(d, cr, pn);
1351 rfcomm_send_pn(s, 0, d);
1352 } else {
1353 /* PN response */
1354 switch (d->state) {
1355 case BT_CONFIG:
1356 rfcomm_apply_pn(d, cr, pn);
1358 d->state = BT_CONNECT;
1359 rfcomm_send_sabm(s, d->dlci);
1360 break;
1363 } else {
1364 u8 channel = __srv_channel(dlci);
1366 if (!cr)
1367 return 0;
1369 /* PN request for non existing DLC.
1370 * Assume incoming connection. */
1371 if (rfcomm_connect_ind(s, channel, &d)) {
1372 d->dlci = dlci;
1373 d->addr = __addr(s->initiator, dlci);
1374 rfcomm_dlc_link(s, d);
1376 rfcomm_apply_pn(d, cr, pn);
1378 d->state = BT_OPEN;
1379 rfcomm_send_pn(s, 0, d);
1380 } else {
1381 rfcomm_send_dm(s, dlci);
1384 return 0;
1387 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1389 struct rfcomm_rpn *rpn = (void *) skb->data;
1390 u8 dlci = __get_dlci(rpn->dlci);
1392 u8 bit_rate = 0;
1393 u8 data_bits = 0;
1394 u8 stop_bits = 0;
1395 u8 parity = 0;
1396 u8 flow_ctrl = 0;
1397 u8 xon_char = 0;
1398 u8 xoff_char = 0;
1399 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1401 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1402 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1403 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1405 if (!cr)
1406 return 0;
1408 if (len == 1) {
1409 /* This is a request, return default settings */
1410 bit_rate = RFCOMM_RPN_BR_115200;
1411 data_bits = RFCOMM_RPN_DATA_8;
1412 stop_bits = RFCOMM_RPN_STOP_1;
1413 parity = RFCOMM_RPN_PARITY_NONE;
1414 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1415 xon_char = RFCOMM_RPN_XON_CHAR;
1416 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1417 goto rpn_out;
1420 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1421 * no parity, no flow control lines, normal XON/XOFF chars */
1423 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1424 bit_rate = rpn->bit_rate;
1425 if (bit_rate != RFCOMM_RPN_BR_115200) {
1426 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1427 bit_rate = RFCOMM_RPN_BR_115200;
1428 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1432 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1433 data_bits = __get_rpn_data_bits(rpn->line_settings);
1434 if (data_bits != RFCOMM_RPN_DATA_8) {
1435 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1436 data_bits = RFCOMM_RPN_DATA_8;
1437 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1441 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1442 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1443 if (stop_bits != RFCOMM_RPN_STOP_1) {
1444 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1445 stop_bits = RFCOMM_RPN_STOP_1;
1446 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1450 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1451 parity = __get_rpn_parity(rpn->line_settings);
1452 if (parity != RFCOMM_RPN_PARITY_NONE) {
1453 BT_DBG("RPN parity mismatch 0x%x", parity);
1454 parity = RFCOMM_RPN_PARITY_NONE;
1455 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1459 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1460 flow_ctrl = rpn->flow_ctrl;
1461 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1462 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1463 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1464 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1468 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1469 xon_char = rpn->xon_char;
1470 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1471 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1472 xon_char = RFCOMM_RPN_XON_CHAR;
1473 rpn_mask ^= RFCOMM_RPN_PM_XON;
1477 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1478 xoff_char = rpn->xoff_char;
1479 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1480 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1481 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1482 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1486 rpn_out:
1487 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1488 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1490 return 0;
1493 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1495 struct rfcomm_rls *rls = (void *) skb->data;
1496 u8 dlci = __get_dlci(rls->dlci);
1498 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1500 if (!cr)
1501 return 0;
1503 /* We should probably do something with this information here. But
1504 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1505 * mandatory to recognise and respond to RLS */
1507 rfcomm_send_rls(s, 0, dlci, rls->status);
1509 return 0;
1512 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1514 struct rfcomm_msc *msc = (void *) skb->data;
1515 struct rfcomm_dlc *d;
1516 u8 dlci = __get_dlci(msc->dlci);
1518 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1520 d = rfcomm_dlc_get(s, dlci);
1521 if (!d)
1522 return 0;
1524 if (cr) {
1525 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1526 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1527 else
1528 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1530 rfcomm_dlc_lock(d);
1532 d->remote_v24_sig = msc->v24_sig;
1534 if (d->modem_status)
1535 d->modem_status(d, msc->v24_sig);
1537 rfcomm_dlc_unlock(d);
1539 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1541 d->mscex |= RFCOMM_MSCEX_RX;
1542 } else
1543 d->mscex |= RFCOMM_MSCEX_TX;
1545 return 0;
1548 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1550 struct rfcomm_mcc *mcc = (void *) skb->data;
1551 u8 type, cr, len;
1553 cr = __test_cr(mcc->type);
1554 type = __get_mcc_type(mcc->type);
1555 len = __get_mcc_len(mcc->len);
1557 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1559 skb_pull(skb, 2);
1561 switch (type) {
1562 case RFCOMM_PN:
1563 rfcomm_recv_pn(s, cr, skb);
1564 break;
1566 case RFCOMM_RPN:
1567 rfcomm_recv_rpn(s, cr, len, skb);
1568 break;
1570 case RFCOMM_RLS:
1571 rfcomm_recv_rls(s, cr, skb);
1572 break;
1574 case RFCOMM_MSC:
1575 rfcomm_recv_msc(s, cr, skb);
1576 break;
1578 case RFCOMM_FCOFF:
1579 if (cr) {
1580 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1581 rfcomm_send_fcoff(s, 0);
1583 break;
1585 case RFCOMM_FCON:
1586 if (cr) {
1587 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1588 rfcomm_send_fcon(s, 0);
1590 break;
1592 case RFCOMM_TEST:
1593 if (cr)
1594 rfcomm_send_test(s, 0, skb->data, skb->len);
1595 break;
1597 case RFCOMM_NSC:
1598 break;
1600 default:
1601 BT_ERR("Unknown control type 0x%02x", type);
1602 rfcomm_send_nsc(s, cr, type);
1603 break;
1605 return 0;
1608 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1610 struct rfcomm_dlc *d;
1612 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1614 d = rfcomm_dlc_get(s, dlci);
1615 if (!d) {
1616 rfcomm_send_dm(s, dlci);
1617 goto drop;
1620 if (pf && d->cfc) {
1621 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1623 d->tx_credits += credits;
1624 if (d->tx_credits)
1625 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1628 if (skb->len && d->state == BT_CONNECTED) {
1629 rfcomm_dlc_lock(d);
1630 d->rx_credits--;
1631 d->data_ready(d, skb);
1632 rfcomm_dlc_unlock(d);
1633 return 0;
1636 drop:
1637 kfree_skb(skb);
1638 return 0;
1641 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1643 struct rfcomm_hdr *hdr = (void *) skb->data;
1644 u8 type, dlci, fcs;
1646 dlci = __get_dlci(hdr->addr);
1647 type = __get_type(hdr->ctrl);
1649 /* Trim FCS */
1650 skb->len--; skb->tail--;
1651 fcs = *(u8 *)skb_tail_pointer(skb);
1653 if (__check_fcs(skb->data, type, fcs)) {
1654 BT_ERR("bad checksum in packet");
1655 kfree_skb(skb);
1656 return -EILSEQ;
1659 if (__test_ea(hdr->len))
1660 skb_pull(skb, 3);
1661 else
1662 skb_pull(skb, 4);
1664 switch (type) {
1665 case RFCOMM_SABM:
1666 if (__test_pf(hdr->ctrl))
1667 rfcomm_recv_sabm(s, dlci);
1668 break;
1670 case RFCOMM_DISC:
1671 if (__test_pf(hdr->ctrl))
1672 rfcomm_recv_disc(s, dlci);
1673 break;
1675 case RFCOMM_UA:
1676 if (__test_pf(hdr->ctrl))
1677 rfcomm_recv_ua(s, dlci);
1678 break;
1680 case RFCOMM_DM:
1681 rfcomm_recv_dm(s, dlci);
1682 break;
1684 case RFCOMM_UIH:
1685 if (dlci)
1686 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1688 rfcomm_recv_mcc(s, skb);
1689 break;
1691 default:
1692 BT_ERR("Unknown packet type 0x%02x\n", type);
1693 break;
1695 kfree_skb(skb);
1696 return 0;
1699 /* ---- Connection and data processing ---- */
1701 static void rfcomm_process_connect(struct rfcomm_session *s)
1703 struct rfcomm_dlc *d;
1704 struct list_head *p, *n;
1706 BT_DBG("session %p state %ld", s, s->state);
1708 list_for_each_safe(p, n, &s->dlcs) {
1709 d = list_entry(p, struct rfcomm_dlc, list);
1710 if (d->state == BT_CONFIG) {
1711 d->mtu = s->mtu;
1712 if (rfcomm_check_security(d)) {
1713 rfcomm_send_pn(s, 1, d);
1714 } else {
1715 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1716 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1722 /* Send data queued for the DLC.
1723 * Return number of frames left in the queue.
1725 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1727 struct sk_buff *skb;
1728 int err;
1730 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1731 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1733 /* Send pending MSC */
1734 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1735 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1737 if (d->cfc) {
1738 /* CFC enabled.
1739 * Give them some credits */
1740 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1741 d->rx_credits <= (d->cfc >> 2)) {
1742 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1743 d->rx_credits = d->cfc;
1745 } else {
1746 /* CFC disabled.
1747 * Give ourselves some credits */
1748 d->tx_credits = 5;
1751 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1752 return skb_queue_len(&d->tx_queue);
1754 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1755 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1756 if (err < 0) {
1757 skb_queue_head(&d->tx_queue, skb);
1758 break;
1760 kfree_skb(skb);
1761 d->tx_credits--;
1764 if (d->cfc && !d->tx_credits) {
1765 /* We're out of TX credits.
1766 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1767 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1770 return skb_queue_len(&d->tx_queue);
1773 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1775 struct rfcomm_dlc *d;
1776 struct list_head *p, *n;
1778 BT_DBG("session %p state %ld", s, s->state);
1780 list_for_each_safe(p, n, &s->dlcs) {
1781 d = list_entry(p, struct rfcomm_dlc, list);
1783 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1784 __rfcomm_dlc_close(d, ETIMEDOUT);
1785 continue;
1788 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1789 rfcomm_dlc_clear_timer(d);
1790 if (d->out) {
1791 rfcomm_send_pn(s, 1, d);
1792 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1793 } else {
1794 if (d->defer_setup) {
1795 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1796 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1798 rfcomm_dlc_lock(d);
1799 d->state = BT_CONNECT2;
1800 d->state_change(d, 0);
1801 rfcomm_dlc_unlock(d);
1802 } else
1803 rfcomm_dlc_accept(d);
1805 continue;
1806 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1807 rfcomm_dlc_clear_timer(d);
1808 if (!d->out)
1809 rfcomm_send_dm(s, d->dlci);
1810 else
1811 d->state = BT_CLOSED;
1812 __rfcomm_dlc_close(d, ECONNREFUSED);
1813 continue;
1816 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1817 continue;
1819 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1820 continue;
1822 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1823 d->mscex == RFCOMM_MSCEX_OK)
1824 rfcomm_process_tx(d);
1828 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1830 struct socket *sock = s->sock;
1831 struct sock *sk = sock->sk;
1832 struct sk_buff *skb;
1834 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1836 /* Get data directly from socket receive queue without copying it. */
1837 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1838 skb_orphan(skb);
1839 rfcomm_recv_frame(s, skb);
1842 if (sk->sk_state == BT_CLOSED) {
1843 if (!s->initiator)
1844 rfcomm_session_put(s);
1846 rfcomm_session_close(s, sk->sk_err);
1850 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1852 struct socket *sock = s->sock, *nsock;
1853 int err;
1855 /* Fast check for a new connection.
1856 * Avoids unnesesary socket allocations. */
1857 if (list_empty(&bt_sk(sock->sk)->accept_q))
1858 return;
1860 BT_DBG("session %p", s);
1862 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1863 if (err < 0)
1864 return;
1866 /* Set our callbacks */
1867 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1868 nsock->sk->sk_state_change = rfcomm_l2state_change;
1870 s = rfcomm_session_add(nsock, BT_OPEN);
1871 if (s) {
1872 rfcomm_session_hold(s);
1874 /* We should adjust MTU on incoming sessions.
1875 * L2CAP MTU minus UIH header and FCS. */
1876 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5;
1878 rfcomm_schedule(RFCOMM_SCHED_RX);
1879 } else
1880 sock_release(nsock);
1883 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1885 struct sock *sk = s->sock->sk;
1887 BT_DBG("%p state %ld", s, s->state);
1889 switch(sk->sk_state) {
1890 case BT_CONNECTED:
1891 s->state = BT_CONNECT;
1893 /* We can adjust MTU on outgoing sessions.
1894 * L2CAP MTU minus UIH header and FCS. */
1895 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1897 rfcomm_send_sabm(s, 0);
1898 break;
1900 case BT_CLOSED:
1901 s->state = BT_CLOSED;
1902 rfcomm_session_close(s, sk->sk_err);
1903 break;
1907 static inline void rfcomm_process_sessions(void)
1909 struct list_head *p, *n;
1911 rfcomm_lock();
1913 list_for_each_safe(p, n, &session_list) {
1914 struct rfcomm_session *s;
1915 s = list_entry(p, struct rfcomm_session, list);
1917 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1918 s->state = BT_DISCONN;
1919 rfcomm_send_disc(s, 0);
1920 continue;
1923 if (s->state == BT_LISTEN) {
1924 rfcomm_accept_connection(s);
1925 continue;
1928 rfcomm_session_hold(s);
1930 switch (s->state) {
1931 case BT_BOUND:
1932 rfcomm_check_connection(s);
1933 break;
1935 default:
1936 rfcomm_process_rx(s);
1937 break;
1940 rfcomm_process_dlcs(s);
1942 rfcomm_session_put(s);
1945 rfcomm_unlock();
1948 static int rfcomm_add_listener(bdaddr_t *ba)
1950 struct sockaddr_l2 addr;
1951 struct socket *sock;
1952 struct sock *sk;
1953 struct rfcomm_session *s;
1954 int err = 0;
1956 /* Create socket */
1957 err = rfcomm_l2sock_create(&sock);
1958 if (err < 0) {
1959 BT_ERR("Create socket failed %d", err);
1960 return err;
1963 /* Bind socket */
1964 bacpy(&addr.l2_bdaddr, ba);
1965 addr.l2_family = AF_BLUETOOTH;
1966 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
1967 addr.l2_cid = 0;
1968 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1969 if (err < 0) {
1970 BT_ERR("Bind failed %d", err);
1971 goto failed;
1974 /* Set L2CAP options */
1975 sk = sock->sk;
1976 lock_sock(sk);
1977 l2cap_pi(sk)->imtu = l2cap_mtu;
1978 release_sock(sk);
1980 /* Start listening on the socket */
1981 err = kernel_listen(sock, 10);
1982 if (err) {
1983 BT_ERR("Listen failed %d", err);
1984 goto failed;
1987 /* Add listening session */
1988 s = rfcomm_session_add(sock, BT_LISTEN);
1989 if (!s)
1990 goto failed;
1992 rfcomm_session_hold(s);
1993 return 0;
1994 failed:
1995 sock_release(sock);
1996 return err;
1999 static void rfcomm_kill_listener(void)
2001 struct rfcomm_session *s;
2002 struct list_head *p, *n;
2004 BT_DBG("");
2006 list_for_each_safe(p, n, &session_list) {
2007 s = list_entry(p, struct rfcomm_session, list);
2008 rfcomm_session_del(s);
2012 static int rfcomm_run(void *unused)
2014 BT_DBG("");
2016 set_user_nice(current, -10);
2018 rfcomm_add_listener(BDADDR_ANY);
2020 while (!kthread_should_stop()) {
2021 set_current_state(TASK_INTERRUPTIBLE);
2022 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
2023 /* No pending events. Let's sleep.
2024 * Incoming connections and data will wake us up. */
2025 schedule();
2027 set_current_state(TASK_RUNNING);
2029 /* Process stuff */
2030 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
2031 rfcomm_process_sessions();
2034 rfcomm_kill_listener();
2036 return 0;
2039 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2041 struct rfcomm_session *s;
2042 struct rfcomm_dlc *d;
2043 struct list_head *p, *n;
2045 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2047 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2048 if (!s)
2049 return;
2051 rfcomm_session_hold(s);
2053 list_for_each_safe(p, n, &s->dlcs) {
2054 d = list_entry(p, struct rfcomm_dlc, list);
2056 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2057 rfcomm_dlc_clear_timer(d);
2058 if (status || encrypt == 0x00) {
2059 __rfcomm_dlc_close(d, ECONNREFUSED);
2060 continue;
2064 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2065 if (d->sec_level == BT_SECURITY_MEDIUM) {
2066 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2067 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2068 continue;
2069 } else if (d->sec_level == BT_SECURITY_HIGH) {
2070 __rfcomm_dlc_close(d, ECONNREFUSED);
2071 continue;
2075 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2076 continue;
2078 if (!status)
2079 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2080 else
2081 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2084 rfcomm_session_put(s);
2086 rfcomm_schedule(RFCOMM_SCHED_AUTH);
2089 static struct hci_cb rfcomm_cb = {
2090 .name = "RFCOMM",
2091 .security_cfm = rfcomm_security_cfm
2094 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
2096 struct rfcomm_session *s;
2097 struct list_head *pp, *p;
2098 char *str = buf;
2100 rfcomm_lock();
2102 list_for_each(p, &session_list) {
2103 s = list_entry(p, struct rfcomm_session, list);
2104 list_for_each(pp, &s->dlcs) {
2105 struct sock *sk = s->sock->sk;
2106 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
2108 str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2109 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2110 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
2114 rfcomm_unlock();
2116 return (str - buf);
2119 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
2121 /* ---- Initialization ---- */
2122 static int __init rfcomm_init(void)
2124 int err;
2126 l2cap_load();
2128 hci_register_cb(&rfcomm_cb);
2130 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2131 if (IS_ERR(rfcomm_thread)) {
2132 err = PTR_ERR(rfcomm_thread);
2133 goto unregister;
2136 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0)
2137 BT_ERR("Failed to create RFCOMM info file");
2139 err = rfcomm_init_ttys();
2140 if (err < 0)
2141 goto stop;
2143 err = rfcomm_init_sockets();
2144 if (err < 0)
2145 goto cleanup;
2147 BT_INFO("RFCOMM ver %s", VERSION);
2149 return 0;
2151 cleanup:
2152 rfcomm_cleanup_ttys();
2154 stop:
2155 kthread_stop(rfcomm_thread);
2157 unregister:
2158 hci_unregister_cb(&rfcomm_cb);
2160 return err;
2163 static void __exit rfcomm_exit(void)
2165 class_remove_file(bt_class, &class_attr_rfcomm_dlc);
2167 hci_unregister_cb(&rfcomm_cb);
2169 kthread_stop(rfcomm_thread);
2171 rfcomm_cleanup_ttys();
2173 rfcomm_cleanup_sockets();
2176 module_init(rfcomm_init);
2177 module_exit(rfcomm_exit);
2179 module_param(disable_cfc, bool, 0644);
2180 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2182 module_param(channel_mtu, int, 0644);
2183 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2185 module_param(l2cap_mtu, uint, 0644);
2186 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2188 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2189 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2190 MODULE_VERSION(VERSION);
2191 MODULE_LICENSE("GPL");
2192 MODULE_ALIAS("bt-proto-3");