OpenCores
URL https://opencores.org/ocsvn/or1k_soc_on_altera_embedded_dev_kit/or1k_soc_on_altera_embedded_dev_kit/trunk

Subversion Repositories or1k_soc_on_altera_embedded_dev_kit

[/] [or1k_soc_on_altera_embedded_dev_kit/] [trunk/] [linux-2.6/] [linux-2.6.24/] [net/] [bluetooth/] [rfcomm/] [core.c] - Blame information for rev 3

Details | Compare with Previous | View Log

Line No. Rev Author Line
1 3 xianfeng 
/*
2 
   RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 
   Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 
   Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5 
 
6 
   This program is free software; you can redistribute it and/or modify
7 
   it under the terms of the GNU General Public License version 2 as
8 
   published by the Free Software Foundation;
9 
 
10 
   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 
   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 
   IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 
   CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 
   WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 
   ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 
   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 
 
19 
   ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 
   COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 
   SOFTWARE IS DISCLAIMED.
22 
*/
23 
 
24 
/*
25 
 * Bluetooth RFCOMM core.
26 
 *
27 
 * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $
28 
 */
29 
 
30 
#include <linux/module.h>
31 
#include <linux/errno.h>
32 
#include <linux/kernel.h>
33 
#include <linux/sched.h>
34 
#include <linux/signal.h>
35 
#include <linux/init.h>
36 
#include <linux/wait.h>
37 
#include <linux/device.h>
38 
#include <linux/net.h>
39 
#include <linux/mutex.h>
40 
#include <linux/kthread.h>
41 
 
42 
#include <net/sock.h>
43 
#include <asm/uaccess.h>
44 
#include <asm/unaligned.h>
45 
 
46 
#include <net/bluetooth/bluetooth.h>
47 
#include <net/bluetooth/hci_core.h>
48 
#include <net/bluetooth/l2cap.h>
49 
#include <net/bluetooth/rfcomm.h>
50 
 
51 
#ifndef CONFIG_BT_RFCOMM_DEBUG
52 
#undef  BT_DBG
53 
#define BT_DBG(D...)
54 
#endif
55 
 
56 
#define VERSION "1.8"
57 
 
58 
static int disable_cfc = 0;
59 
static int channel_mtu = -1;
60 
static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
61 
 
62 
static struct task_struct *rfcomm_thread;
63 
 
64 
static DEFINE_MUTEX(rfcomm_mutex);
65 
#define rfcomm_lock()   mutex_lock(&rfcomm_mutex)
66 
#define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
67 
 
68 
static unsigned long rfcomm_event;
69 
 
70 
static LIST_HEAD(session_list);
71 
 
72 
static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
73 
static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
74 
static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
75 
static int rfcomm_queue_disc(struct rfcomm_dlc *d);
76 
static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
77 
static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
78 
static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
79 
static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
80 
static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
81 
static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
82 
 
83 
static void rfcomm_process_connect(struct rfcomm_session *s);
84 
 
85 
static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
86 
static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
87 
static void rfcomm_session_del(struct rfcomm_session *s);
88 
 
89 
/* ---- RFCOMM frame parsing macros ---- */
90 
#define __get_dlci(b)     ((b & 0xfc) >> 2)
91 
#define __get_channel(b)  ((b & 0xf8) >> 3)
92 
#define __get_dir(b)      ((b & 0x04) >> 2)
93 
#define __get_type(b)     ((b & 0xef))
94 
 
95 
#define __test_ea(b)      ((b & 0x01))
96 
#define __test_cr(b)      ((b & 0x02))
97 
#define __test_pf(b)      ((b & 0x10))
98 
 
99 
#define __addr(cr, dlci)       (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
100 
#define __ctrl(type, pf)       (((type & 0xef) | (pf << 4)))
101 
#define __dlci(dir, chn)       (((chn & 0x1f) << 1) | dir)
102 
#define __srv_channel(dlci)    (dlci >> 1)
103 
#define __dir(dlci)            (dlci & 0x01)
104 
 
105 
#define __len8(len)       (((len) << 1) | 1)
106 
#define __len16(len)      ((len) << 1)
107 
 
108 
/* MCC macros */
109 
#define __mcc_type(cr, type)   (((type << 2) | (cr << 1) | 0x01))
110 
#define __get_mcc_type(b) ((b & 0xfc) >> 2)
111 
#define __get_mcc_len(b)  ((b & 0xfe) >> 1)
112 
 
113 
/* RPN macros */
114 
#define __rpn_line_settings(data, stop, parity)  ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
115 
#define __get_rpn_data_bits(line) ((line) & 0x3)
116 
#define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
117 
#define __get_rpn_parity(line)    (((line) >> 3) & 0x7)
118 
 
119 
static inline void rfcomm_schedule(uint event)
120 
{
121 
        if (!rfcomm_thread)
122 
                return;
123 
        //set_bit(event, &rfcomm_event);
124 
        set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
125 
        wake_up_process(rfcomm_thread);
126 
}
127 
 
128 
static inline void rfcomm_session_put(struct rfcomm_session *s)
129 
{
130 
        if (atomic_dec_and_test(&s->refcnt))
131 
                rfcomm_session_del(s);
132 
}
133 
 
134 
/* ---- RFCOMM FCS computation ---- */
135 
 
136 
/* reversed, 8-bit, poly=0x07 */
137 
static unsigned char rfcomm_crc_table[256] = {
138 
        0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
139 
        0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
140 
        0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
141 
        0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
142 
 
143 
        0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
144 
        0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
145 
        0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
146 
        0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
147 
 
148 
        0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
149 
        0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
150 
        0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
151 
        0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
152 
 
153 
        0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
154 
        0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
155 
        0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
156 
        0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
157 
 
158 
        0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
159 
        0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
160 
        0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
161 
        0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
162 
 
163 
        0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
164 
        0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
165 
        0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
166 
        0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
167 
 
168 
        0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
169 
        0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
170 
        0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
171 
        0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
172 
 
173 
        0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
174 
        0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
175 
        0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
176 
        0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
177 
};
178 
 
179 
/* CRC on 2 bytes */
180 
#define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
181 
 
182 
/* FCS on 2 bytes */
183 
static inline u8 __fcs(u8 *data)
184 
{
185 
        return (0xff - __crc(data));
186 
}
187 
 
188 
/* FCS on 3 bytes */
189 
static inline u8 __fcs2(u8 *data)
190 
{
191 
        return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
192 
}
193 
 
194 
/* Check FCS */
195 
static inline int __check_fcs(u8 *data, int type, u8 fcs)
196 
{
197 
        u8 f = __crc(data);
198 
 
199 
        if (type != RFCOMM_UIH)
200 
                f = rfcomm_crc_table[f ^ data[2]];
201 
 
202 
        return rfcomm_crc_table[f ^ fcs] != 0xcf;
203 
}
204 
 
205 
/* ---- L2CAP callbacks ---- */
206 
static void rfcomm_l2state_change(struct sock *sk)
207 
{
208 
        BT_DBG("%p state %d", sk, sk->sk_state);
209 
        rfcomm_schedule(RFCOMM_SCHED_STATE);
210 
}
211 
 
212 
static void rfcomm_l2data_ready(struct sock *sk, int bytes)
213 
{
214 
        BT_DBG("%p bytes %d", sk, bytes);
215 
        rfcomm_schedule(RFCOMM_SCHED_RX);
216 
}
217 
 
218 
static int rfcomm_l2sock_create(struct socket **sock)
219 
{
220 
        int err;
221 
 
222 
        BT_DBG("");
223 
 
224 
        err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
225 
        if (!err) {
226 
                struct sock *sk = (*sock)->sk;
227 
                sk->sk_data_ready   = rfcomm_l2data_ready;
228 
                sk->sk_state_change = rfcomm_l2state_change;
229 
        }
230 
        return err;
231 
}
232 
 
233 
/* ---- RFCOMM DLCs ---- */
234 
static void rfcomm_dlc_timeout(unsigned long arg)
235 
{
236 
        struct rfcomm_dlc *d = (void *) arg;
237 
 
238 
        BT_DBG("dlc %p state %ld", d, d->state);
239 
 
240 
        set_bit(RFCOMM_TIMED_OUT, &d->flags);
241 
        rfcomm_dlc_put(d);
242 
        rfcomm_schedule(RFCOMM_SCHED_TIMEO);
243 
}
244 
 
245 
static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
246 
{
247 
        BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
248 
 
249 
        if (!mod_timer(&d->timer, jiffies + timeout))
250 
                rfcomm_dlc_hold(d);
251 
}
252 
 
253 
static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
254 
{
255 
        BT_DBG("dlc %p state %ld", d, d->state);
256 
 
257 
        if (timer_pending(&d->timer) && del_timer(&d->timer))
258 
                rfcomm_dlc_put(d);
259 
}
260 
 
261 
static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
262 
{
263 
        BT_DBG("%p", d);
264 
 
265 
        d->state      = BT_OPEN;
266 
        d->flags      = 0;
267 
        d->mscex      = 0;
268 
        d->mtu        = RFCOMM_DEFAULT_MTU;
269 
        d->v24_sig    = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
270 
 
271 
        d->cfc        = RFCOMM_CFC_DISABLED;
272 
        d->rx_credits = RFCOMM_DEFAULT_CREDITS;
273 
}
274 
 
275 
struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
276 
{
277 
        struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
278 
 
279 
        if (!d)
280 
                return NULL;
281 
 
282 
        init_timer(&d->timer);
283 
        d->timer.function = rfcomm_dlc_timeout;
284 
        d->timer.data = (unsigned long) d;
285 
 
286 
        skb_queue_head_init(&d->tx_queue);
287 
        spin_lock_init(&d->lock);
288 
        atomic_set(&d->refcnt, 1);
289 
 
290 
        rfcomm_dlc_clear_state(d);
291 
 
292 
        BT_DBG("%p", d);
293 
 
294 
        return d;
295 
}
296 
 
297 
void rfcomm_dlc_free(struct rfcomm_dlc *d)
298 
{
299 
        BT_DBG("%p", d);
300 
 
301 
        skb_queue_purge(&d->tx_queue);
302 
        kfree(d);
303 
}
304 
 
305 
static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
306 
{
307 
        BT_DBG("dlc %p session %p", d, s);
308 
 
309 
        rfcomm_session_hold(s);
310 
 
311 
        rfcomm_dlc_hold(d);
312 
        list_add(&d->list, &s->dlcs);
313 
        d->session = s;
314 
}
315 
 
316 
static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
317 
{
318 
        struct rfcomm_session *s = d->session;
319 
 
320 
        BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
321 
 
322 
        list_del(&d->list);
323 
        d->session = NULL;
324 
        rfcomm_dlc_put(d);
325 
 
326 
        rfcomm_session_put(s);
327 
}
328 
 
329 
static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
330 
{
331 
        struct rfcomm_dlc *d;
332 
        struct list_head *p;
333 
 
334 
        list_for_each(p, &s->dlcs) {
335 
                d = list_entry(p, struct rfcomm_dlc, list);
336 
                if (d->dlci == dlci)
337 
                        return d;
338 
        }
339 
        return NULL;
340 
}
341 
 
342 
static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
343 
{
344 
        struct rfcomm_session *s;
345 
        int err = 0;
346 
        u8 dlci;
347 
 
348 
        BT_DBG("dlc %p state %ld %s %s channel %d",
349 
                        d, d->state, batostr(src), batostr(dst), channel);
350 
 
351 
        if (channel < 1 || channel > 30)
352 
                return -EINVAL;
353 
 
354 
        if (d->state != BT_OPEN && d->state != BT_CLOSED)
355 
                return 0;
356 
 
357 
        s = rfcomm_session_get(src, dst);
358 
        if (!s) {
359 
                s = rfcomm_session_create(src, dst, &err);
360 
                if (!s)
361 
                        return err;
362 
        }
363 
 
364 
        dlci = __dlci(!s->initiator, channel);
365 
 
366 
        /* Check if DLCI already exists */
367 
        if (rfcomm_dlc_get(s, dlci))
368 
                return -EBUSY;
369 
 
370 
        rfcomm_dlc_clear_state(d);
371 
 
372 
        d->dlci     = dlci;
373 
        d->addr     = __addr(s->initiator, dlci);
374 
        d->priority = 7;
375 
 
376 
        d->state    = BT_CONFIG;
377 
        rfcomm_dlc_link(s, d);
378 
 
379 
        d->mtu = s->mtu;
380 
        d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
381 
 
382 
        if (s->state == BT_CONNECTED)
383 
                rfcomm_send_pn(s, 1, d);
384 
        rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
385 
        return 0;
386 
}
387 
 
388 
int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
389 
{
390 
        int r;
391 
 
392 
        rfcomm_lock();
393 
 
394 
        r = __rfcomm_dlc_open(d, src, dst, channel);
395 
 
396 
        rfcomm_unlock();
397 
        return r;
398 
}
399 
 
400 
static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
401 
{
402 
        struct rfcomm_session *s = d->session;
403 
        if (!s)
404 
                return 0;
405 
 
406 
        BT_DBG("dlc %p state %ld dlci %d err %d session %p",
407 
                        d, d->state, d->dlci, err, s);
408 
 
409 
        switch (d->state) {
410 
        case BT_CONNECTED:
411 
        case BT_CONFIG:
412 
        case BT_CONNECT:
413 
                d->state = BT_DISCONN;
414 
                if (skb_queue_empty(&d->tx_queue)) {
415 
                        rfcomm_send_disc(s, d->dlci);
416 
                        rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
417 
                } else {
418 
                        rfcomm_queue_disc(d);
419 
                        rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
420 
                }
421 
                break;
422 
 
423 
        default:
424 
                rfcomm_dlc_clear_timer(d);
425 
 
426 
                rfcomm_dlc_lock(d);
427 
                d->state = BT_CLOSED;
428 
                d->state_change(d, err);
429 
                rfcomm_dlc_unlock(d);
430 
 
431 
                skb_queue_purge(&d->tx_queue);
432 
                rfcomm_dlc_unlink(d);
433 
        }
434 
 
435 
        return 0;
436 
}
437 
 
438 
int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
439 
{
440 
        int r;
441 
 
442 
        rfcomm_lock();
443 
 
444 
        r = __rfcomm_dlc_close(d, err);
445 
 
446 
        rfcomm_unlock();
447 
        return r;
448 
}
449 
 
450 
int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
451 
{
452 
        int len = skb->len;
453 
 
454 
        if (d->state != BT_CONNECTED)
455 
                return -ENOTCONN;
456 
 
457 
        BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
458 
 
459 
        if (len > d->mtu)
460 
                return -EINVAL;
461 
 
462 
        rfcomm_make_uih(skb, d->addr);
463 
        skb_queue_tail(&d->tx_queue, skb);
464 
 
465 
        if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
466 
                rfcomm_schedule(RFCOMM_SCHED_TX);
467 
        return len;
468 
}
469 
 
470 
void fastcall __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
471 
{
472 
        BT_DBG("dlc %p state %ld", d, d->state);
473 
 
474 
        if (!d->cfc) {
475 
                d->v24_sig |= RFCOMM_V24_FC;
476 
                set_bit(RFCOMM_MSC_PENDING, &d->flags);
477 
        }
478 
        rfcomm_schedule(RFCOMM_SCHED_TX);
479 
}
480 
 
481 
void fastcall __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
482 
{
483 
        BT_DBG("dlc %p state %ld", d, d->state);
484 
 
485 
        if (!d->cfc) {
486 
                d->v24_sig &= ~RFCOMM_V24_FC;
487 
                set_bit(RFCOMM_MSC_PENDING, &d->flags);
488 
        }
489 
        rfcomm_schedule(RFCOMM_SCHED_TX);
490 
}
491 
 
492 
/*
493 
   Set/get modem status functions use _local_ status i.e. what we report
494 
   to the other side.
495 
   Remote status is provided by dlc->modem_status() callback.
496 
 */
497 
int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
498 
{
499 
        BT_DBG("dlc %p state %ld v24_sig 0x%x",
500 
                        d, d->state, v24_sig);
501 
 
502 
        if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
503 
                v24_sig |= RFCOMM_V24_FC;
504 
        else
505 
                v24_sig &= ~RFCOMM_V24_FC;
506 
 
507 
        d->v24_sig = v24_sig;
508 
 
509 
        if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
510 
                rfcomm_schedule(RFCOMM_SCHED_TX);
511 
 
512 
        return 0;
513 
}
514 
 
515 
int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
516 
{
517 
        BT_DBG("dlc %p state %ld v24_sig 0x%x",
518 
                        d, d->state, d->v24_sig);
519 
 
520 
        *v24_sig = d->v24_sig;
521 
        return 0;
522 
}
523 
 
524 
/* ---- RFCOMM sessions ---- */
525 
static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
526 
{
527 
        struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
528 
 
529 
        if (!s)
530 
                return NULL;
531 
 
532 
        BT_DBG("session %p sock %p", s, sock);
533 
 
534 
        INIT_LIST_HEAD(&s->dlcs);
535 
        s->state = state;
536 
        s->sock  = sock;
537 
 
538 
        s->mtu = RFCOMM_DEFAULT_MTU;
539 
        s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
540 
 
541 
        /* Do not increment module usage count for listening sessions.
542 
         * Otherwise we won't be able to unload the module. */
543 
        if (state != BT_LISTEN)
544 
                if (!try_module_get(THIS_MODULE)) {
545 
                        kfree(s);
546 
                        return NULL;
547 
                }
548 
 
549 
        list_add(&s->list, &session_list);
550 
 
551 
        return s;
552 
}
553 
 
554 
static void rfcomm_session_del(struct rfcomm_session *s)
555 
{
556 
        int state = s->state;
557 
 
558 
        BT_DBG("session %p state %ld", s, s->state);
559 
 
560 
        list_del(&s->list);
561 
 
562 
        if (state == BT_CONNECTED)
563 
                rfcomm_send_disc(s, 0);
564 
 
565 
        sock_release(s->sock);
566 
        kfree(s);
567 
 
568 
        if (state != BT_LISTEN)
569 
                module_put(THIS_MODULE);
570 
}
571 
 
572 
static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
573 
{
574 
        struct rfcomm_session *s;
575 
        struct list_head *p, *n;
576 
        struct bt_sock *sk;
577 
        list_for_each_safe(p, n, &session_list) {
578 
                s = list_entry(p, struct rfcomm_session, list);
579 
                sk = bt_sk(s->sock->sk);
580 
 
581 
                if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
582 
                                !bacmp(&sk->dst, dst))
583 
                        return s;
584 
        }
585 
        return NULL;
586 
}
587 
 
588 
static void rfcomm_session_close(struct rfcomm_session *s, int err)
589 
{
590 
        struct rfcomm_dlc *d;
591 
        struct list_head *p, *n;
592 
 
593 
        BT_DBG("session %p state %ld err %d", s, s->state, err);
594 
 
595 
        rfcomm_session_hold(s);
596 
 
597 
        s->state = BT_CLOSED;
598 
 
599 
        /* Close all dlcs */
600 
        list_for_each_safe(p, n, &s->dlcs) {
601 
                d = list_entry(p, struct rfcomm_dlc, list);
602 
                d->state = BT_CLOSED;
603 
                __rfcomm_dlc_close(d, err);
604 
        }
605 
 
606 
        rfcomm_session_put(s);
607 
}
608 
 
609 
static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
610 
{
611 
        struct rfcomm_session *s = NULL;
612 
        struct sockaddr_l2 addr;
613 
        struct socket *sock;
614 
        struct sock *sk;
615 
 
616 
        BT_DBG("%s %s", batostr(src), batostr(dst));
617 
 
618 
        *err = rfcomm_l2sock_create(&sock);
619 
        if (*err < 0)
620 
                return NULL;
621 
 
622 
        bacpy(&addr.l2_bdaddr, src);
623 
        addr.l2_family = AF_BLUETOOTH;
624 
        addr.l2_psm    = 0;
625 
        *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
626 
        if (*err < 0)
627 
                goto failed;
628 
 
629 
        /* Set L2CAP options */
630 
        sk = sock->sk;
631 
        lock_sock(sk);
632 
        l2cap_pi(sk)->imtu = l2cap_mtu;
633 
        release_sock(sk);
634 
 
635 
        s = rfcomm_session_add(sock, BT_BOUND);
636 
        if (!s) {
637 
                *err = -ENOMEM;
638 
                goto failed;
639 
        }
640 
 
641 
        s->initiator = 1;
642 
 
643 
        bacpy(&addr.l2_bdaddr, dst);
644 
        addr.l2_family = AF_BLUETOOTH;
645 
        addr.l2_psm    = htobs(RFCOMM_PSM);
646 
        *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
647 
        if (*err == 0 || *err == -EINPROGRESS)
648 
                return s;
649 
 
650 
        rfcomm_session_del(s);
651 
        return NULL;
652 
 
653 
failed:
654 
        sock_release(sock);
655 
        return NULL;
656 
}
657 
 
658 
void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
659 
{
660 
        struct sock *sk = s->sock->sk;
661 
        if (src)
662 
                bacpy(src, &bt_sk(sk)->src);
663 
        if (dst)
664 
                bacpy(dst, &bt_sk(sk)->dst);
665 
}
666 
 
667 
/* ---- RFCOMM frame sending ---- */
668 
static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
669 
{
670 
        struct socket *sock = s->sock;
671 
        struct kvec iv = { data, len };
672 
        struct msghdr msg;
673 
 
674 
        BT_DBG("session %p len %d", s, len);
675 
 
676 
        memset(&msg, 0, sizeof(msg));
677 
 
678 
        return kernel_sendmsg(sock, &msg, &iv, 1, len);
679 
}
680 
 
681 
static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
682 
{
683 
        struct rfcomm_cmd cmd;
684 
 
685 
        BT_DBG("%p dlci %d", s, dlci);
686 
 
687 
        cmd.addr = __addr(s->initiator, dlci);
688 
        cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
689 
        cmd.len  = __len8(0);
690 
        cmd.fcs  = __fcs2((u8 *) &cmd);
691 
 
692 
        return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
693 
}
694 
 
695 
static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
696 
{
697 
        struct rfcomm_cmd cmd;
698 
 
699 
        BT_DBG("%p dlci %d", s, dlci);
700 
 
701 
        cmd.addr = __addr(!s->initiator, dlci);
702 
        cmd.ctrl = __ctrl(RFCOMM_UA, 1);
703 
        cmd.len  = __len8(0);
704 
        cmd.fcs  = __fcs2((u8 *) &cmd);
705 
 
706 
        return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
707 
}
708 
 
709 
static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
710 
{
711 
        struct rfcomm_cmd cmd;
712 
 
713 
        BT_DBG("%p dlci %d", s, dlci);
714 
 
715 
        cmd.addr = __addr(s->initiator, dlci);
716 
        cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
717 
        cmd.len  = __len8(0);
718 
        cmd.fcs  = __fcs2((u8 *) &cmd);
719 
 
720 
        return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
721 
}
722 
 
723 
static int rfcomm_queue_disc(struct rfcomm_dlc *d)
724 
{
725 
        struct rfcomm_cmd *cmd;
726 
        struct sk_buff *skb;
727 
 
728 
        BT_DBG("dlc %p dlci %d", d, d->dlci);
729 
 
730 
        skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
731 
        if (!skb)
732 
                return -ENOMEM;
733 
 
734 
        cmd = (void *) __skb_put(skb, sizeof(*cmd));
735 
        cmd->addr = d->addr;
736 
        cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
737 
        cmd->len  = __len8(0);
738 
        cmd->fcs  = __fcs2((u8 *) cmd);
739 
 
740 
        skb_queue_tail(&d->tx_queue, skb);
741 
        rfcomm_schedule(RFCOMM_SCHED_TX);
742 
        return 0;
743 
}
744 
 
745 
static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
746 
{
747 
        struct rfcomm_cmd cmd;
748 
 
749 
        BT_DBG("%p dlci %d", s, dlci);
750 
 
751 
        cmd.addr = __addr(!s->initiator, dlci);
752 
        cmd.ctrl = __ctrl(RFCOMM_DM, 1);
753 
        cmd.len  = __len8(0);
754 
        cmd.fcs  = __fcs2((u8 *) &cmd);
755 
 
756 
        return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
757 
}
758 
 
759 
static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
760 
{
761 
        struct rfcomm_hdr *hdr;
762 
        struct rfcomm_mcc *mcc;
763 
        u8 buf[16], *ptr = buf;
764 
 
765 
        BT_DBG("%p cr %d type %d", s, cr, type);
766 
 
767 
        hdr = (void *) ptr; ptr += sizeof(*hdr);
768 
        hdr->addr = __addr(s->initiator, 0);
769 
        hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
770 
        hdr->len  = __len8(sizeof(*mcc) + 1);
771 
 
772 
        mcc = (void *) ptr; ptr += sizeof(*mcc);
773 
        mcc->type = __mcc_type(cr, RFCOMM_NSC);
774 
        mcc->len  = __len8(1);
775 
 
776 
        /* Type that we didn't like */
777 
        *ptr = __mcc_type(cr, type); ptr++;
778 
 
779 
        *ptr = __fcs(buf); ptr++;
780 
 
781 
        return rfcomm_send_frame(s, buf, ptr - buf);
782 
}
783 
 
784 
static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
785 
{
786 
        struct rfcomm_hdr *hdr;
787 
        struct rfcomm_mcc *mcc;
788 
        struct rfcomm_pn  *pn;
789 
        u8 buf[16], *ptr = buf;
790 
 
791 
        BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
792 
 
793 
        hdr = (void *) ptr; ptr += sizeof(*hdr);
794 
        hdr->addr = __addr(s->initiator, 0);
795 
        hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
796 
        hdr->len  = __len8(sizeof(*mcc) + sizeof(*pn));
797 
 
798 
        mcc = (void *) ptr; ptr += sizeof(*mcc);
799 
        mcc->type = __mcc_type(cr, RFCOMM_PN);
800 
        mcc->len  = __len8(sizeof(*pn));
801 
 
802 
        pn = (void *) ptr; ptr += sizeof(*pn);
803 
        pn->dlci        = d->dlci;
804 
        pn->priority    = d->priority;
805 
        pn->ack_timer   = 0;
806 
        pn->max_retrans = 0;
807 
 
808 
        if (s->cfc) {
809 
                pn->flow_ctrl = cr ? 0xf0 : 0xe0;
810 
                pn->credits = RFCOMM_DEFAULT_CREDITS;
811 
        } else {
812 
                pn->flow_ctrl = 0;
813 
                pn->credits   = 0;
814 
        }
815 
 
816 
        if (cr && channel_mtu >= 0)
817 
                pn->mtu = htobs(channel_mtu);
818 
        else
819 
                pn->mtu = htobs(d->mtu);
820 
 
821 
        *ptr = __fcs(buf); ptr++;
822 
 
823 
        return rfcomm_send_frame(s, buf, ptr - buf);
824 
}
825 
 
826 
int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
827 
                        u8 bit_rate, u8 data_bits, u8 stop_bits,
828 
                        u8 parity, u8 flow_ctrl_settings,
829 
                        u8 xon_char, u8 xoff_char, u16 param_mask)
830 
{
831 
        struct rfcomm_hdr *hdr;
832 
        struct rfcomm_mcc *mcc;
833 
        struct rfcomm_rpn *rpn;
834 
        u8 buf[16], *ptr = buf;
835 
 
836 
        BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
837 
                        " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
838 
                s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
839 
                flow_ctrl_settings, xon_char, xoff_char, param_mask);
840 
 
841 
        hdr = (void *) ptr; ptr += sizeof(*hdr);
842 
        hdr->addr = __addr(s->initiator, 0);
843 
        hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
844 
        hdr->len  = __len8(sizeof(*mcc) + sizeof(*rpn));
845 
 
846 
        mcc = (void *) ptr; ptr += sizeof(*mcc);
847 
        mcc->type = __mcc_type(cr, RFCOMM_RPN);
848 
        mcc->len  = __len8(sizeof(*rpn));
849 
 
850 
        rpn = (void *) ptr; ptr += sizeof(*rpn);
851 
        rpn->dlci          = __addr(1, dlci);
852 
        rpn->bit_rate      = bit_rate;
853 
        rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
854 
        rpn->flow_ctrl     = flow_ctrl_settings;
855 
        rpn->xon_char      = xon_char;
856 
        rpn->xoff_char     = xoff_char;
857 
        rpn->param_mask    = cpu_to_le16(param_mask);
858 
 
859 
        *ptr = __fcs(buf); ptr++;
860 
 
861 
        return rfcomm_send_frame(s, buf, ptr - buf);
862 
}
863 
 
864 
static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
865 
{
866 
        struct rfcomm_hdr *hdr;
867 
        struct rfcomm_mcc *mcc;
868 
        struct rfcomm_rls *rls;
869 
        u8 buf[16], *ptr = buf;
870 
 
871 
        BT_DBG("%p cr %d status 0x%x", s, cr, status);
872 
 
873 
        hdr = (void *) ptr; ptr += sizeof(*hdr);
874 
        hdr->addr = __addr(s->initiator, 0);
875 
        hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
876 
        hdr->len  = __len8(sizeof(*mcc) + sizeof(*rls));
877 
 
878 
        mcc = (void *) ptr; ptr += sizeof(*mcc);
879 
        mcc->type = __mcc_type(cr, RFCOMM_RLS);
880 
        mcc->len  = __len8(sizeof(*rls));
881 
 
882 
        rls = (void *) ptr; ptr += sizeof(*rls);
883 
        rls->dlci   = __addr(1, dlci);
884 
        rls->status = status;
885 
 
886 
        *ptr = __fcs(buf); ptr++;
887 
 
888 
        return rfcomm_send_frame(s, buf, ptr - buf);
889 
}
890 
 
891 
static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
892 
{
893 
        struct rfcomm_hdr *hdr;
894 
        struct rfcomm_mcc *mcc;
895 
        struct rfcomm_msc *msc;
896 
        u8 buf[16], *ptr = buf;
897 
 
898 
        BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
899 
 
900 
        hdr = (void *) ptr; ptr += sizeof(*hdr);
901 
        hdr->addr = __addr(s->initiator, 0);
902 
        hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
903 
        hdr->len  = __len8(sizeof(*mcc) + sizeof(*msc));
904 
 
905 
        mcc = (void *) ptr; ptr += sizeof(*mcc);
906 
        mcc->type = __mcc_type(cr, RFCOMM_MSC);
907 
        mcc->len  = __len8(sizeof(*msc));
908 
 
909 
        msc = (void *) ptr; ptr += sizeof(*msc);
910 
        msc->dlci    = __addr(1, dlci);
911 
        msc->v24_sig = v24_sig | 0x01;
912 
 
913 
        *ptr = __fcs(buf); ptr++;
914 
 
915 
        return rfcomm_send_frame(s, buf, ptr - buf);
916 
}
917 
 
918 
static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
919 
{
920 
        struct rfcomm_hdr *hdr;
921 
        struct rfcomm_mcc *mcc;
922 
        u8 buf[16], *ptr = buf;
923 
 
924 
        BT_DBG("%p cr %d", s, cr);
925 
 
926 
        hdr = (void *) ptr; ptr += sizeof(*hdr);
927 
        hdr->addr = __addr(s->initiator, 0);
928 
        hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
929 
        hdr->len  = __len8(sizeof(*mcc));
930 
 
931 
        mcc = (void *) ptr; ptr += sizeof(*mcc);
932 
        mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
933 
        mcc->len  = __len8(0);
934 
 
935 
        *ptr = __fcs(buf); ptr++;
936 
 
937 
        return rfcomm_send_frame(s, buf, ptr - buf);
938 
}
939 
 
940 
static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
941 
{
942 
        struct rfcomm_hdr *hdr;
943 
        struct rfcomm_mcc *mcc;
944 
        u8 buf[16], *ptr = buf;
945 
 
946 
        BT_DBG("%p cr %d", s, cr);
947 
 
948 
        hdr = (void *) ptr; ptr += sizeof(*hdr);
949 
        hdr->addr = __addr(s->initiator, 0);
950 
        hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
951 
        hdr->len  = __len8(sizeof(*mcc));
952 
 
953 
        mcc = (void *) ptr; ptr += sizeof(*mcc);
954 
        mcc->type = __mcc_type(cr, RFCOMM_FCON);
955 
        mcc->len  = __len8(0);
956 
 
957 
        *ptr = __fcs(buf); ptr++;
958 
 
959 
        return rfcomm_send_frame(s, buf, ptr - buf);
960 
}
961 
 
962 
static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
963 
{
964 
        struct socket *sock = s->sock;
965 
        struct kvec iv[3];
966 
        struct msghdr msg;
967 
        unsigned char hdr[5], crc[1];
968 
 
969 
        if (len > 125)
970 
                return -EINVAL;
971 
 
972 
        BT_DBG("%p cr %d", s, cr);
973 
 
974 
        hdr[0] = __addr(s->initiator, 0);
975 
        hdr[1] = __ctrl(RFCOMM_UIH, 0);
976 
        hdr[2] = 0x01 | ((len + 2) << 1);
977 
        hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
978 
        hdr[4] = 0x01 | (len << 1);
979 
 
980 
        crc[0] = __fcs(hdr);
981 
 
982 
        iv[0].iov_base = hdr;
983 
        iv[0].iov_len  = 5;
984 
        iv[1].iov_base = pattern;
985 
        iv[1].iov_len  = len;
986 
        iv[2].iov_base = crc;
987 
        iv[2].iov_len  = 1;
988 
 
989 
        memset(&msg, 0, sizeof(msg));
990 
 
991 
        return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
992 
}
993 
 
994 
static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
995 
{
996 
        struct rfcomm_hdr *hdr;
997 
        u8 buf[16], *ptr = buf;
998 
 
999 
        BT_DBG("%p addr %d credits %d", s, addr, credits);
1000 
 
1001 
        hdr = (void *) ptr; ptr += sizeof(*hdr);
1002 
        hdr->addr = addr;
1003 
        hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1004 
        hdr->len  = __len8(0);
1005 
 
1006 
        *ptr = credits; ptr++;
1007 
 
1008 
        *ptr = __fcs(buf); ptr++;
1009 
 
1010 
        return rfcomm_send_frame(s, buf, ptr - buf);
1011 
}
1012 
 
1013 
static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1014 
{
1015 
        struct rfcomm_hdr *hdr;
1016 
        int len = skb->len;
1017 
        u8 *crc;
1018 
 
1019 
        if (len > 127) {
1020 
                hdr = (void *) skb_push(skb, 4);
1021 
                put_unaligned(htobs(__len16(len)), (__le16 *) &hdr->len);
1022 
        } else {
1023 
                hdr = (void *) skb_push(skb, 3);
1024 
                hdr->len = __len8(len);
1025 
        }
1026 
        hdr->addr = addr;
1027 
        hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1028 
 
1029 
        crc = skb_put(skb, 1);
1030 
        *crc = __fcs((void *) hdr);
1031 
}
1032 
 
1033 
/* ---- RFCOMM frame reception ---- */
1034 
static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1035 
{
1036 
        BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1037 
 
1038 
        if (dlci) {
1039 
                /* Data channel */
1040 
                struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1041 
                if (!d) {
1042 
                        rfcomm_send_dm(s, dlci);
1043 
                        return 0;
1044 
                }
1045 
 
1046 
                switch (d->state) {
1047 
                case BT_CONNECT:
1048 
                        rfcomm_dlc_clear_timer(d);
1049 
 
1050 
                        rfcomm_dlc_lock(d);
1051 
                        d->state = BT_CONNECTED;
1052 
                        d->state_change(d, 0);
1053 
                        rfcomm_dlc_unlock(d);
1054 
 
1055 
                        rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1056 
                        break;
1057 
 
1058 
                case BT_DISCONN:
1059 
                        d->state = BT_CLOSED;
1060 
                        __rfcomm_dlc_close(d, 0);
1061 
 
1062 
                        if (list_empty(&s->dlcs)) {
1063 
                                s->state = BT_DISCONN;
1064 
                                rfcomm_send_disc(s, 0);
1065 
                        }
1066 
 
1067 
                        break;
1068 
                }
1069 
        } else {
1070 
                /* Control channel */
1071 
                switch (s->state) {
1072 
                case BT_CONNECT:
1073 
                        s->state = BT_CONNECTED;
1074 
                        rfcomm_process_connect(s);
1075 
                        break;
1076 
 
1077 
                case BT_DISCONN:
1078 
                        rfcomm_session_put(s);
1079 
                        break;
1080 
                }
1081 
        }
1082 
        return 0;
1083 
}
1084 
 
1085 
static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1086 
{
1087 
        int err = 0;
1088 
 
1089 
        BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1090 
 
1091 
        if (dlci) {
1092 
                /* Data DLC */
1093 
                struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1094 
                if (d) {
1095 
                        if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1096 
                                err = ECONNREFUSED;
1097 
                        else
1098 
                                err = ECONNRESET;
1099 
 
1100 
                        d->state = BT_CLOSED;
1101 
                        __rfcomm_dlc_close(d, err);
1102 
                }
1103 
        } else {
1104 
                if (s->state == BT_CONNECT)
1105 
                        err = ECONNREFUSED;
1106 
                else
1107 
                        err = ECONNRESET;
1108 
 
1109 
                s->state = BT_CLOSED;
1110 
                rfcomm_session_close(s, err);
1111 
        }
1112 
        return 0;
1113 
}
1114 
 
1115 
static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1116 
{
1117 
        int err = 0;
1118 
 
1119 
        BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1120 
 
1121 
        if (dlci) {
1122 
                struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1123 
                if (d) {
1124 
                        rfcomm_send_ua(s, dlci);
1125 
 
1126 
                        if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1127 
                                err = ECONNREFUSED;
1128 
                        else
1129 
                                err = ECONNRESET;
1130 
 
1131 
                        d->state = BT_CLOSED;
1132 
                        __rfcomm_dlc_close(d, err);
1133 
                } else
1134 
                        rfcomm_send_dm(s, dlci);
1135 
 
1136 
        } else {
1137 
                rfcomm_send_ua(s, 0);
1138 
 
1139 
                if (s->state == BT_CONNECT)
1140 
                        err = ECONNREFUSED;
1141 
                else
1142 
                        err = ECONNRESET;
1143 
 
1144 
                s->state = BT_CLOSED;
1145 
                rfcomm_session_close(s, err);
1146 
        }
1147 
 
1148 
        return 0;
1149 
}
1150 
 
1151 
static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
1152 
{
1153 
        struct sock *sk = d->session->sock->sk;
1154 
 
1155 
        if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
1156 
                if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
1157 
                        return 1;
1158 
        } else if (d->link_mode & RFCOMM_LM_AUTH) {
1159 
                if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
1160 
                        return 1;
1161 
        }
1162 
 
1163 
        return 0;
1164 
}
1165 
 
1166 
static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1167 
{
1168 
        struct sock *sk = d->session->sock->sk;
1169 
 
1170 
        BT_DBG("dlc %p", d);
1171 
 
1172 
        rfcomm_send_ua(d->session, d->dlci);
1173 
 
1174 
        rfcomm_dlc_lock(d);
1175 
        d->state = BT_CONNECTED;
1176 
        d->state_change(d, 0);
1177 
        rfcomm_dlc_unlock(d);
1178 
 
1179 
        if (d->link_mode & RFCOMM_LM_MASTER)
1180 
                hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);
1181 
 
1182 
        rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1183 
}
1184 
 
1185 
static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1186 
{
1187 
        struct rfcomm_dlc *d;
1188 
        u8 channel;
1189 
 
1190 
        BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1191 
 
1192 
        if (!dlci) {
1193 
                rfcomm_send_ua(s, 0);
1194 
 
1195 
                if (s->state == BT_OPEN) {
1196 
                        s->state = BT_CONNECTED;
1197 
                        rfcomm_process_connect(s);
1198 
                }
1199 
                return 0;
1200 
        }
1201 
 
1202 
        /* Check if DLC exists */
1203 
        d = rfcomm_dlc_get(s, dlci);
1204 
        if (d) {
1205 
                if (d->state == BT_OPEN) {
1206 
                        /* DLC was previously opened by PN request */
1207 
                        if (rfcomm_check_link_mode(d)) {
1208 
                                set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1209 
                                rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1210 
                                return 0;
1211 
                        }
1212 
 
1213 
                        rfcomm_dlc_accept(d);
1214 
                }
1215 
                return 0;
1216 
        }
1217 
 
1218 
        /* Notify socket layer about incoming connection */
1219 
        channel = __srv_channel(dlci);
1220 
        if (rfcomm_connect_ind(s, channel, &d)) {
1221 
                d->dlci = dlci;
1222 
                d->addr = __addr(s->initiator, dlci);
1223 
                rfcomm_dlc_link(s, d);
1224 
 
1225 
                if (rfcomm_check_link_mode(d)) {
1226 
                        set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1227 
                        rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1228 
                        return 0;
1229 
                }
1230 
 
1231 
                rfcomm_dlc_accept(d);
1232 
        } else {
1233 
                rfcomm_send_dm(s, dlci);
1234 
        }
1235 
 
1236 
        return 0;
1237 
}
1238 
 
1239 
static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1240 
{
1241 
        struct rfcomm_session *s = d->session;
1242 
 
1243 
        BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1244 
                        d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1245 
 
1246 
        if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1247 
                                                pn->flow_ctrl == 0xe0) {
1248 
                d->cfc = RFCOMM_CFC_ENABLED;
1249 
                d->tx_credits = pn->credits;
1250 
        } else {
1251 
                d->cfc = RFCOMM_CFC_DISABLED;
1252 
                set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1253 
        }
1254 
 
1255 
        if (s->cfc == RFCOMM_CFC_UNKNOWN)
1256 
                s->cfc = d->cfc;
1257 
 
1258 
        d->priority = pn->priority;
1259 
 
1260 
        d->mtu = btohs(pn->mtu);
1261 
 
1262 
        if (cr && d->mtu > s->mtu)
1263 
                d->mtu = s->mtu;
1264 
 
1265 
        return 0;
1266 
}
1267 
 
1268 
static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1269 
{
1270 
        struct rfcomm_pn *pn = (void *) skb->data;
1271 
        struct rfcomm_dlc *d;
1272 
        u8 dlci = pn->dlci;
1273 
 
1274 
        BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1275 
 
1276 
        if (!dlci)
1277 
                return 0;
1278 
 
1279 
        d = rfcomm_dlc_get(s, dlci);
1280 
        if (d) {
1281 
                if (cr) {
1282 
                        /* PN request */
1283 
                        rfcomm_apply_pn(d, cr, pn);
1284 
                        rfcomm_send_pn(s, 0, d);
1285 
                } else {
1286 
                        /* PN response */
1287 
                        switch (d->state) {
1288 
                        case BT_CONFIG:
1289 
                                rfcomm_apply_pn(d, cr, pn);
1290 
 
1291 
                                d->state = BT_CONNECT;
1292 
                                rfcomm_send_sabm(s, d->dlci);
1293 
                                break;
1294 
                        }
1295 
                }
1296 
        } else {
1297 
                u8 channel = __srv_channel(dlci);
1298 
 
1299 
                if (!cr)
1300 
                        return 0;
1301 
 
1302 
                /* PN request for non existing DLC.
1303 
                 * Assume incoming connection. */
1304 
                if (rfcomm_connect_ind(s, channel, &d)) {
1305 
                        d->dlci = dlci;
1306 
                        d->addr = __addr(s->initiator, dlci);
1307 
                        rfcomm_dlc_link(s, d);
1308 
 
1309 
                        rfcomm_apply_pn(d, cr, pn);
1310 
 
1311 
                        d->state = BT_OPEN;
1312 
                        rfcomm_send_pn(s, 0, d);
1313 
                } else {
1314 
                        rfcomm_send_dm(s, dlci);
1315 
                }
1316 
        }
1317 
        return 0;
1318 
}
1319 
 
1320 
static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1321 
{
1322 
        struct rfcomm_rpn *rpn = (void *) skb->data;
1323 
        u8 dlci = __get_dlci(rpn->dlci);
1324 
 
1325 
        u8 bit_rate  = 0;
1326 
        u8 data_bits = 0;
1327 
        u8 stop_bits = 0;
1328 
        u8 parity    = 0;
1329 
        u8 flow_ctrl = 0;
1330 
        u8 xon_char  = 0;
1331 
        u8 xoff_char = 0;
1332 
        u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1333 
 
1334 
        BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1335 
                dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1336 
                rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1337 
 
1338 
        if (!cr)
1339 
                return 0;
1340 
 
1341 
        if (len == 1) {
1342 
                /* This is a request, return default settings */
1343 
                bit_rate  = RFCOMM_RPN_BR_115200;
1344 
                data_bits = RFCOMM_RPN_DATA_8;
1345 
                stop_bits = RFCOMM_RPN_STOP_1;
1346 
                parity    = RFCOMM_RPN_PARITY_NONE;
1347 
                flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1348 
                xon_char  = RFCOMM_RPN_XON_CHAR;
1349 
                xoff_char = RFCOMM_RPN_XOFF_CHAR;
1350 
                goto rpn_out;
1351 
        }
1352 
 
1353 
        /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1354 
         * no parity, no flow control lines, normal XON/XOFF chars */
1355 
 
1356 
        if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1357 
                bit_rate = rpn->bit_rate;
1358 
                if (bit_rate != RFCOMM_RPN_BR_115200) {
1359 
                        BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1360 
                        bit_rate = RFCOMM_RPN_BR_115200;
1361 
                        rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1362 
                }
1363 
        }
1364 
 
1365 
        if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1366 
                data_bits = __get_rpn_data_bits(rpn->line_settings);
1367 
                if (data_bits != RFCOMM_RPN_DATA_8) {
1368 
                        BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1369 
                        data_bits = RFCOMM_RPN_DATA_8;
1370 
                        rpn_mask ^= RFCOMM_RPN_PM_DATA;
1371 
                }
1372 
        }
1373 
 
1374 
        if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1375 
                stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1376 
                if (stop_bits != RFCOMM_RPN_STOP_1) {
1377 
                        BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1378 
                        stop_bits = RFCOMM_RPN_STOP_1;
1379 
                        rpn_mask ^= RFCOMM_RPN_PM_STOP;
1380 
                }
1381 
        }
1382 
 
1383 
        if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1384 
                parity = __get_rpn_parity(rpn->line_settings);
1385 
                if (parity != RFCOMM_RPN_PARITY_NONE) {
1386 
                        BT_DBG("RPN parity mismatch 0x%x", parity);
1387 
                        parity = RFCOMM_RPN_PARITY_NONE;
1388 
                        rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1389 
                }
1390 
        }
1391 
 
1392 
        if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1393 
                flow_ctrl = rpn->flow_ctrl;
1394 
                if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1395 
                        BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1396 
                        flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1397 
                        rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1398 
                }
1399 
        }
1400 
 
1401 
        if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1402 
                xon_char = rpn->xon_char;
1403 
                if (xon_char != RFCOMM_RPN_XON_CHAR) {
1404 
                        BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1405 
                        xon_char = RFCOMM_RPN_XON_CHAR;
1406 
                        rpn_mask ^= RFCOMM_RPN_PM_XON;
1407 
                }
1408 
        }
1409 
 
1410 
        if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1411 
                xoff_char = rpn->xoff_char;
1412 
                if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1413 
                        BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1414 
                        xoff_char = RFCOMM_RPN_XOFF_CHAR;
1415 
                        rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1416 
                }
1417 
        }
1418 
 
1419 
rpn_out:
1420 
        rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1421 
                        parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1422 
 
1423 
        return 0;
1424 
}
1425 
 
1426 
static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1427 
{
1428 
        struct rfcomm_rls *rls = (void *) skb->data;
1429 
        u8 dlci = __get_dlci(rls->dlci);
1430 
 
1431 
        BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1432 
 
1433 
        if (!cr)
1434 
                return 0;
1435 
 
1436 
        /* We should probably do something with this information here. But
1437 
         * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1438 
         * mandatory to recognise and respond to RLS */
1439 
 
1440 
        rfcomm_send_rls(s, 0, dlci, rls->status);
1441 
 
1442 
        return 0;
1443 
}
1444 
 
1445 
static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1446 
{
1447 
        struct rfcomm_msc *msc = (void *) skb->data;
1448 
        struct rfcomm_dlc *d;
1449 
        u8 dlci = __get_dlci(msc->dlci);
1450 
 
1451 
        BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1452 
 
1453 
        d = rfcomm_dlc_get(s, dlci);
1454 
        if (!d)
1455 
                return 0;
1456 
 
1457 
        if (cr) {
1458 
                if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1459 
                        set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1460 
                else
1461 
                        clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1462 
 
1463 
                rfcomm_dlc_lock(d);
1464 
                if (d->modem_status)
1465 
                        d->modem_status(d, msc->v24_sig);
1466 
                rfcomm_dlc_unlock(d);
1467 
 
1468 
                rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1469 
 
1470 
                d->mscex |= RFCOMM_MSCEX_RX;
1471 
        } else
1472 
                d->mscex |= RFCOMM_MSCEX_TX;
1473 
 
1474 
        return 0;
1475 
}
1476 
 
1477 
static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1478 
{
1479 
        struct rfcomm_mcc *mcc = (void *) skb->data;
1480 
        u8 type, cr, len;
1481 
 
1482 
        cr   = __test_cr(mcc->type);
1483 
        type = __get_mcc_type(mcc->type);
1484 
        len  = __get_mcc_len(mcc->len);
1485 
 
1486 
        BT_DBG("%p type 0x%x cr %d", s, type, cr);
1487 
 
1488 
        skb_pull(skb, 2);
1489 
 
1490 
        switch (type) {
1491 
        case RFCOMM_PN:
1492 
                rfcomm_recv_pn(s, cr, skb);
1493 
                break;
1494 
 
1495 
        case RFCOMM_RPN:
1496 
                rfcomm_recv_rpn(s, cr, len, skb);
1497 
                break;
1498 
 
1499 
        case RFCOMM_RLS:
1500 
                rfcomm_recv_rls(s, cr, skb);
1501 
                break;
1502 
 
1503 
        case RFCOMM_MSC:
1504 
                rfcomm_recv_msc(s, cr, skb);
1505 
                break;
1506 
 
1507 
        case RFCOMM_FCOFF:
1508 
                if (cr) {
1509 
                        set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1510 
                        rfcomm_send_fcoff(s, 0);
1511 
                }
1512 
                break;
1513 
 
1514 
        case RFCOMM_FCON:
1515 
                if (cr) {
1516 
                        clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1517 
                        rfcomm_send_fcon(s, 0);
1518 
                }
1519 
                break;
1520 
 
1521 
        case RFCOMM_TEST:
1522 
                if (cr)
1523 
                        rfcomm_send_test(s, 0, skb->data, skb->len);
1524 
                break;
1525 
 
1526 
        case RFCOMM_NSC:
1527 
                break;
1528 
 
1529 
        default:
1530 
                BT_ERR("Unknown control type 0x%02x", type);
1531 
                rfcomm_send_nsc(s, cr, type);
1532 
                break;
1533 
        }
1534 
        return 0;
1535 
}
1536 
 
1537 
static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1538 
{
1539 
        struct rfcomm_dlc *d;
1540 
 
1541 
        BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1542 
 
1543 
        d = rfcomm_dlc_get(s, dlci);
1544 
        if (!d) {
1545 
                rfcomm_send_dm(s, dlci);
1546 
                goto drop;
1547 
        }
1548 
 
1549 
        if (pf && d->cfc) {
1550 
                u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1551 
 
1552 
                d->tx_credits += credits;
1553 
                if (d->tx_credits)
1554 
                        clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1555 
        }
1556 
 
1557 
        if (skb->len && d->state == BT_CONNECTED) {
1558 
                rfcomm_dlc_lock(d);
1559 
                d->rx_credits--;
1560 
                d->data_ready(d, skb);
1561 
                rfcomm_dlc_unlock(d);
1562 
                return 0;
1563 
        }
1564 
 
1565 
drop:
1566 
        kfree_skb(skb);
1567 
        return 0;
1568 
}
1569 
 
1570 
static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1571 
{
1572 
        struct rfcomm_hdr *hdr = (void *) skb->data;
1573 
        u8 type, dlci, fcs;
1574 
 
1575 
        dlci = __get_dlci(hdr->addr);
1576 
        type = __get_type(hdr->ctrl);
1577 
 
1578 
        /* Trim FCS */
1579 
        skb->len--; skb->tail--;
1580 
        fcs = *(u8 *)skb_tail_pointer(skb);
1581 
 
1582 
        if (__check_fcs(skb->data, type, fcs)) {
1583 
                BT_ERR("bad checksum in packet");
1584 
                kfree_skb(skb);
1585 
                return -EILSEQ;
1586 
        }
1587 
 
1588 
        if (__test_ea(hdr->len))
1589 
                skb_pull(skb, 3);
1590 
        else
1591 
                skb_pull(skb, 4);
1592 
 
1593 
        switch (type) {
1594 
        case RFCOMM_SABM:
1595 
                if (__test_pf(hdr->ctrl))
1596 
                        rfcomm_recv_sabm(s, dlci);
1597 
                break;
1598 
 
1599 
        case RFCOMM_DISC:
1600 
                if (__test_pf(hdr->ctrl))
1601 
                        rfcomm_recv_disc(s, dlci);
1602 
                break;
1603 
 
1604 
        case RFCOMM_UA:
1605 
                if (__test_pf(hdr->ctrl))
1606 
                        rfcomm_recv_ua(s, dlci);
1607 
                break;
1608 
 
1609 
        case RFCOMM_DM:
1610 
                rfcomm_recv_dm(s, dlci);
1611 
                break;
1612 
 
1613 
        case RFCOMM_UIH:
1614 
                if (dlci)
1615 
                        return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1616 
 
1617 
                rfcomm_recv_mcc(s, skb);
1618 
                break;
1619 
 
1620 
        default:
1621 
                BT_ERR("Unknown packet type 0x%02x\n", type);
1622 
                break;
1623 
        }
1624 
        kfree_skb(skb);
1625 
        return 0;
1626 
}
1627 
 
1628 
/* ---- Connection and data processing ---- */
1629 
 
1630 
static void rfcomm_process_connect(struct rfcomm_session *s)
1631 
{
1632 
        struct rfcomm_dlc *d;
1633 
        struct list_head *p, *n;
1634 
 
1635 
        BT_DBG("session %p state %ld", s, s->state);
1636 
 
1637 
        list_for_each_safe(p, n, &s->dlcs) {
1638 
                d = list_entry(p, struct rfcomm_dlc, list);
1639 
                if (d->state == BT_CONFIG) {
1640 
                        d->mtu = s->mtu;
1641 
                        rfcomm_send_pn(s, 1, d);
1642 
                }
1643 
        }
1644 
}
1645 
 
1646 
/* Send data queued for the DLC.
1647 
 * Return number of frames left in the queue.
1648 
 */
1649 
static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1650 
{
1651 
        struct sk_buff *skb;
1652 
        int err;
1653 
 
1654 
        BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1655 
                        d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1656 
 
1657 
        /* Send pending MSC */
1658 
        if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1659 
                rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1660 
 
1661 
        if (d->cfc) {
1662 
                /* CFC enabled.
1663 
                 * Give them some credits */
1664 
                if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1665 
                                d->rx_credits <= (d->cfc >> 2)) {
1666 
                        rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1667 
                        d->rx_credits = d->cfc;
1668 
                }
1669 
        } else {
1670 
                /* CFC disabled.
1671 
                 * Give ourselves some credits */
1672 
                d->tx_credits = 5;
1673 
        }
1674 
 
1675 
        if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1676 
                return skb_queue_len(&d->tx_queue);
1677 
 
1678 
        while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1679 
                err = rfcomm_send_frame(d->session, skb->data, skb->len);
1680 
                if (err < 0) {
1681 
                        skb_queue_head(&d->tx_queue, skb);
1682 
                        break;
1683 
                }
1684 
                kfree_skb(skb);
1685 
                d->tx_credits--;
1686 
        }
1687 
 
1688 
        if (d->cfc && !d->tx_credits) {
1689 
                /* We're out of TX credits.
1690 
                 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1691 
                set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1692 
        }
1693 
 
1694 
        return skb_queue_len(&d->tx_queue);
1695 
}
1696 
 
1697 
static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1698 
{
1699 
        struct rfcomm_dlc *d;
1700 
        struct list_head *p, *n;
1701 
 
1702 
        BT_DBG("session %p state %ld", s, s->state);
1703 
 
1704 
        list_for_each_safe(p, n, &s->dlcs) {
1705 
                d = list_entry(p, struct rfcomm_dlc, list);
1706 
 
1707 
                if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1708 
                        __rfcomm_dlc_close(d, ETIMEDOUT);
1709 
                        continue;
1710 
                }
1711 
 
1712 
                if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1713 
                        rfcomm_dlc_clear_timer(d);
1714 
                        rfcomm_dlc_accept(d);
1715 
                        if (d->link_mode & RFCOMM_LM_SECURE) {
1716 
                                struct sock *sk = s->sock->sk;
1717 
                                hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
1718 
                        }
1719 
                        continue;
1720 
                } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1721 
                        rfcomm_dlc_clear_timer(d);
1722 
                        rfcomm_send_dm(s, d->dlci);
1723 
                        __rfcomm_dlc_close(d, ECONNREFUSED);
1724 
                        continue;
1725 
                }
1726 
 
1727 
                if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1728 
                        continue;
1729 
 
1730 
                if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1731 
                                d->mscex == RFCOMM_MSCEX_OK)
1732 
                        rfcomm_process_tx(d);
1733 
        }
1734 
}
1735 
 
1736 
static inline void rfcomm_process_rx(struct rfcomm_session *s)
1737 
{
1738 
        struct socket *sock = s->sock;
1739 
        struct sock *sk = sock->sk;
1740 
        struct sk_buff *skb;
1741 
 
1742 
        BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1743 
 
1744 
        /* Get data directly from socket receive queue without copying it. */
1745 
        while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1746 
                skb_orphan(skb);
1747 
                rfcomm_recv_frame(s, skb);
1748 
        }
1749 
 
1750 
        if (sk->sk_state == BT_CLOSED) {
1751 
                if (!s->initiator)
1752 
                        rfcomm_session_put(s);
1753 
 
1754 
                rfcomm_session_close(s, sk->sk_err);
1755 
        }
1756 
}
1757 
 
1758 
static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1759 
{
1760 
        struct socket *sock = s->sock, *nsock;
1761 
        int err;
1762 
 
1763 
        /* Fast check for a new connection.
1764 
         * Avoids unnesesary socket allocations. */
1765 
        if (list_empty(&bt_sk(sock->sk)->accept_q))
1766 
                return;
1767 
 
1768 
        BT_DBG("session %p", s);
1769 
 
1770 
        err = kernel_accept(sock, &nsock, O_NONBLOCK);
1771 
        if (err < 0)
1772 
                return;
1773 
 
1774 
        __module_get(nsock->ops->owner);
1775 
 
1776 
        /* Set our callbacks */
1777 
        nsock->sk->sk_data_ready   = rfcomm_l2data_ready;
1778 
        nsock->sk->sk_state_change = rfcomm_l2state_change;
1779 
 
1780 
        s = rfcomm_session_add(nsock, BT_OPEN);
1781 
        if (s) {
1782 
                rfcomm_session_hold(s);
1783 
 
1784 
                /* We should adjust MTU on incoming sessions.
1785 
                 * L2CAP MTU minus UIH header and FCS. */
1786 
                s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5;
1787 
 
1788 
                rfcomm_schedule(RFCOMM_SCHED_RX);
1789 
        } else
1790 
                sock_release(nsock);
1791 
}
1792 
 
1793 
static inline void rfcomm_check_connection(struct rfcomm_session *s)
1794 
{
1795 
        struct sock *sk = s->sock->sk;
1796 
 
1797 
        BT_DBG("%p state %ld", s, s->state);
1798 
 
1799 
        switch(sk->sk_state) {
1800 
        case BT_CONNECTED:
1801 
                s->state = BT_CONNECT;
1802 
 
1803 
                /* We can adjust MTU on outgoing sessions.
1804 
                 * L2CAP MTU minus UIH header and FCS. */
1805 
                s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1806 
 
1807 
                rfcomm_send_sabm(s, 0);
1808 
                break;
1809 
 
1810 
        case BT_CLOSED:
1811 
                s->state = BT_CLOSED;
1812 
                rfcomm_session_close(s, sk->sk_err);
1813 
                break;
1814 
        }
1815 
}
1816 
 
1817 
static inline void rfcomm_process_sessions(void)
1818 
{
1819 
        struct list_head *p, *n;
1820 
 
1821 
        rfcomm_lock();
1822 
 
1823 
        list_for_each_safe(p, n, &session_list) {
1824 
                struct rfcomm_session *s;
1825 
                s = list_entry(p, struct rfcomm_session, list);
1826 
 
1827 
                if (s->state == BT_LISTEN) {
1828 
                        rfcomm_accept_connection(s);
1829 
                        continue;
1830 
                }
1831 
 
1832 
                rfcomm_session_hold(s);
1833 
 
1834 
                switch (s->state) {
1835 
                case BT_BOUND:
1836 
                        rfcomm_check_connection(s);
1837 
                        break;
1838 
 
1839 
                default:
1840 
                        rfcomm_process_rx(s);
1841 
                        break;
1842 
                }
1843 
 
1844 
                rfcomm_process_dlcs(s);
1845 
 
1846 
                rfcomm_session_put(s);
1847 
        }
1848 
 
1849 
        rfcomm_unlock();
1850 
}
1851 
 
1852 
static int rfcomm_add_listener(bdaddr_t *ba)
1853 
{
1854 
        struct sockaddr_l2 addr;
1855 
        struct socket *sock;
1856 
        struct sock *sk;
1857 
        struct rfcomm_session *s;
1858 
        int    err = 0;
1859 
 
1860 
        /* Create socket */
1861 
        err = rfcomm_l2sock_create(&sock);
1862 
        if (err < 0) {
1863 
                BT_ERR("Create socket failed %d", err);
1864 
                return err;
1865 
        }
1866 
 
1867 
        /* Bind socket */
1868 
        bacpy(&addr.l2_bdaddr, ba);
1869 
        addr.l2_family = AF_BLUETOOTH;
1870 
        addr.l2_psm    = htobs(RFCOMM_PSM);
1871 
        err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1872 
        if (err < 0) {
1873 
                BT_ERR("Bind failed %d", err);
1874 
                goto failed;
1875 
        }
1876 
 
1877 
        /* Set L2CAP options */
1878 
        sk = sock->sk;
1879 
        lock_sock(sk);
1880 
        l2cap_pi(sk)->imtu = l2cap_mtu;
1881 
        release_sock(sk);
1882 
 
1883 
        /* Start listening on the socket */
1884 
        err = kernel_listen(sock, 10);
1885 
        if (err) {
1886 
                BT_ERR("Listen failed %d", err);
1887 
                goto failed;
1888 
        }
1889 
 
1890 
        /* Add listening session */
1891 
        s = rfcomm_session_add(sock, BT_LISTEN);
1892 
        if (!s)
1893 
                goto failed;
1894 
 
1895 
        rfcomm_session_hold(s);
1896 
        return 0;
1897 
failed:
1898 
        sock_release(sock);
1899 
        return err;
1900 
}
1901 
 
1902 
static void rfcomm_kill_listener(void)
1903 
{
1904 
        struct rfcomm_session *s;
1905 
        struct list_head *p, *n;
1906 
 
1907 
        BT_DBG("");
1908 
 
1909 
        list_for_each_safe(p, n, &session_list) {
1910 
                s = list_entry(p, struct rfcomm_session, list);
1911 
                rfcomm_session_del(s);
1912 
        }
1913 
}
1914 
 
1915 
static int rfcomm_run(void *unused)
1916 
{
1917 
        BT_DBG("");
1918 
 
1919 
        set_user_nice(current, -10);
1920 
 
1921 
        rfcomm_add_listener(BDADDR_ANY);
1922 
 
1923 
        while (!kthread_should_stop()) {
1924 
                set_current_state(TASK_INTERRUPTIBLE);
1925 
                if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1926 
                        /* No pending events. Let's sleep.
1927 
                         * Incoming connections and data will wake us up. */
1928 
                        schedule();
1929 
                }
1930 
                set_current_state(TASK_RUNNING);
1931 
 
1932 
                /* Process stuff */
1933 
                clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1934 
                rfcomm_process_sessions();
1935 
        }
1936 
 
1937 
        rfcomm_kill_listener();
1938 
 
1939 
        return 0;
1940 
}
1941 
 
1942 
static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
1943 
{
1944 
        struct rfcomm_session *s;
1945 
        struct rfcomm_dlc *d;
1946 
        struct list_head *p, *n;
1947 
 
1948 
        BT_DBG("conn %p status 0x%02x", conn, status);
1949 
 
1950 
        s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1951 
        if (!s)
1952 
                return;
1953 
 
1954 
        rfcomm_session_hold(s);
1955 
 
1956 
        list_for_each_safe(p, n, &s->dlcs) {
1957 
                d = list_entry(p, struct rfcomm_dlc, list);
1958 
 
1959 
                if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE))
1960 
                        continue;
1961 
 
1962 
                if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1963 
                        continue;
1964 
 
1965 
                if (!status)
1966 
                        set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1967 
                else
1968 
                        set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1969 
        }
1970 
 
1971 
        rfcomm_session_put(s);
1972 
 
1973 
        rfcomm_schedule(RFCOMM_SCHED_AUTH);
1974 
}
1975 
 
1976 
static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1977 
{
1978 
        struct rfcomm_session *s;
1979 
        struct rfcomm_dlc *d;
1980 
        struct list_head *p, *n;
1981 
 
1982 
        BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
1983 
 
1984 
        s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1985 
        if (!s)
1986 
                return;
1987 
 
1988 
        rfcomm_session_hold(s);
1989 
 
1990 
        list_for_each_safe(p, n, &s->dlcs) {
1991 
                d = list_entry(p, struct rfcomm_dlc, list);
1992 
 
1993 
                if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1994 
                        continue;
1995 
 
1996 
                if (!status && encrypt)
1997 
                        set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1998 
                else
1999 
                        set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2000 
        }
2001 
 
2002 
        rfcomm_session_put(s);
2003 
 
2004 
        rfcomm_schedule(RFCOMM_SCHED_AUTH);
2005 
}
2006 
 
2007 
static struct hci_cb rfcomm_cb = {
2008 
        .name           = "RFCOMM",
2009 
        .auth_cfm       = rfcomm_auth_cfm,
2010 
        .encrypt_cfm    = rfcomm_encrypt_cfm
2011 
};
2012 
 
2013 
static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
2014 
{
2015 
        struct rfcomm_session *s;
2016 
        struct list_head *pp, *p;
2017 
        char *str = buf;
2018 
 
2019 
        rfcomm_lock();
2020 
 
2021 
        list_for_each(p, &session_list) {
2022 
                s = list_entry(p, struct rfcomm_session, list);
2023 
                list_for_each(pp, &s->dlcs) {
2024 
                        struct sock *sk = s->sock->sk;
2025 
                        struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
2026 
 
2027 
                        str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2028 
                                        batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2029 
                                        d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
2030 
                }
2031 
        }
2032 
 
2033 
        rfcomm_unlock();
2034 
 
2035 
        return (str - buf);
2036 
}
2037 
 
2038 
static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
2039 
 
2040 
/* ---- Initialization ---- */
2041 
static int __init rfcomm_init(void)
2042 
{
2043 
        l2cap_load();
2044 
 
2045 
        hci_register_cb(&rfcomm_cb);
2046 
 
2047 
        rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2048 
        if (IS_ERR(rfcomm_thread)) {
2049 
                hci_unregister_cb(&rfcomm_cb);
2050 
                return PTR_ERR(rfcomm_thread);
2051 
        }
2052 
 
2053 
        if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0)
2054 
                BT_ERR("Failed to create RFCOMM info file");
2055 
 
2056 
        rfcomm_init_sockets();
2057 
 
2058 
#ifdef CONFIG_BT_RFCOMM_TTY
2059 
        rfcomm_init_ttys();
2060 
#endif
2061 
 
2062 
        BT_INFO("RFCOMM ver %s", VERSION);
2063 
 
2064 
        return 0;
2065 
}
2066 
 
2067 
static void __exit rfcomm_exit(void)
2068 
{
2069 
        class_remove_file(bt_class, &class_attr_rfcomm_dlc);
2070 
 
2071 
        hci_unregister_cb(&rfcomm_cb);
2072 
 
2073 
        kthread_stop(rfcomm_thread);
2074 
 
2075 
#ifdef CONFIG_BT_RFCOMM_TTY
2076 
        rfcomm_cleanup_ttys();
2077 
#endif
2078 
 
2079 
        rfcomm_cleanup_sockets();
2080 
}
2081 
 
2082 
module_init(rfcomm_init);
2083 
module_exit(rfcomm_exit);
2084 
 
2085 
module_param(disable_cfc, bool, 0644);
2086 
MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2087 
 
2088 
module_param(channel_mtu, int, 0644);
2089 
MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2090 
 
2091 
module_param(l2cap_mtu, uint, 0644);
2092 
MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2093 
 
2094 
MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
2095 
MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2096 
MODULE_VERSION(VERSION);
2097 
MODULE_LICENSE("GPL");
2098 
MODULE_ALIAS("bt-proto-3");

powered by: WebSVN 2.1.0

© copyright 1999-2024 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.