sys/netgraph/bluetooth/socket/ng_btsocket_rfcomm.c

   1 /*
   2  * ng_btsocket_rfcomm.c
   3  */
   4
   5 /*-
   6  * Copyright (c) 2001-2003 Maksim Yevmenkin <m_evmenkin@yahoo.com>
   7  * All rights reserved.
   8  *
   9  * Redistribution and use in source and binary forms, with or without
  10  * modification, are permitted provided that the following conditions
  11  * are met:
  12  * 1. Redistributions of source code must retain the above copyright
  13  *    notice, this list of conditions and the following disclaimer.
  14  * 2. Redistributions in binary form must reproduce the above copyright
  15  *    notice, this list of conditions and the following disclaimer in the
  16  *    documentation and/or other materials provided with the distribution.
  17  *
  18  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  19  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  20  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  21  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  22  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  23  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  24  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  25  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  26  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  27  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  28  * SUCH DAMAGE.
  29  *
  30  * $Id: ng_btsocket_rfcomm.c,v 1.28 2003/09/14 23:29:06 max Exp $
  31  * $FreeBSD$
  32  */
  33
  34 #include <sys/param.h>
  35 #include <sys/systm.h>
  36 #include <sys/bitstring.h>
  37 #include <sys/domain.h>
  38 #include <sys/endian.h>
  39 #include <sys/errno.h>
  40 #include <sys/filedesc.h>
  41 #include <sys/ioccom.h>
  42 #include <sys/kernel.h>
  43 #include <sys/lock.h>
  44 #include <sys/malloc.h>
  45 #include <sys/mbuf.h>
  46 #include <sys/mutex.h>
  47 #include <sys/proc.h>
  48 #include <sys/protosw.h>
  49 #include <sys/queue.h>
  50 #include <sys/socket.h>
  51 #include <sys/socketvar.h>
  52 #include <sys/sysctl.h>
  53 #include <sys/taskqueue.h>
  54 #include <sys/uio.h>
  55
  56 #include <net/vnet.h>
  57
  58 #include <netgraph/ng_message.h>
  59 #include <netgraph/netgraph.h>
  60 #include <netgraph/bluetooth/include/ng_bluetooth.h>
  61 #include <netgraph/bluetooth/include/ng_hci.h>
  62 #include <netgraph/bluetooth/include/ng_l2cap.h>
  63 #include <netgraph/bluetooth/include/ng_btsocket.h>
  64 #include <netgraph/bluetooth/include/ng_btsocket_l2cap.h>
  65 #include <netgraph/bluetooth/include/ng_btsocket_rfcomm.h>
  66
  67 /* MALLOC define */
  68 #ifdef NG_SEPARATE_MALLOC
  69 static MALLOC_DEFINE(M_NETGRAPH_BTSOCKET_RFCOMM, "netgraph_btsocks_rfcomm",
  70                 "Netgraph Bluetooth RFCOMM sockets");
  71 #else
  72 #define M_NETGRAPH_BTSOCKET_RFCOMM M_NETGRAPH
  73 #endif /* NG_SEPARATE_MALLOC */
  74
  75 /* Debug */
  76 #define NG_BTSOCKET_RFCOMM_INFO \
  77         if (ng_btsocket_rfcomm_debug_level >= NG_BTSOCKET_INFO_LEVEL && \
  78             ppsratecheck(&ng_btsocket_rfcomm_lasttime, &ng_btsocket_rfcomm_curpps, 1)) \
  79                 printf
  80
  81 #define NG_BTSOCKET_RFCOMM_WARN \
  82         if (ng_btsocket_rfcomm_debug_level >= NG_BTSOCKET_WARN_LEVEL && \
  83             ppsratecheck(&ng_btsocket_rfcomm_lasttime, &ng_btsocket_rfcomm_curpps, 1)) \
  84                 printf
  85
  86 #define NG_BTSOCKET_RFCOMM_ERR \
  87         if (ng_btsocket_rfcomm_debug_level >= NG_BTSOCKET_ERR_LEVEL && \
  88             ppsratecheck(&ng_btsocket_rfcomm_lasttime, &ng_btsocket_rfcomm_curpps, 1)) \
  89                 printf
  90
  91 #define NG_BTSOCKET_RFCOMM_ALERT \
  92         if (ng_btsocket_rfcomm_debug_level >= NG_BTSOCKET_ALERT_LEVEL && \
  93             ppsratecheck(&ng_btsocket_rfcomm_lasttime, &ng_btsocket_rfcomm_curpps, 1)) \
  94                 printf
  95
  96 #define ALOT    0x7fff
  97
  98 /* Local prototypes */
  99 static int ng_btsocket_rfcomm_upcall
 100         (struct socket *so, void *arg, int waitflag);
 101 static void ng_btsocket_rfcomm_sessions_task
 102         (void *ctx, int pending);
 103 static void ng_btsocket_rfcomm_session_task
 104         (ng_btsocket_rfcomm_session_p s);
 105 #define ng_btsocket_rfcomm_task_wakeup() \
 106         taskqueue_enqueue(taskqueue_swi_giant, &ng_btsocket_rfcomm_task)
 107
 108 static ng_btsocket_rfcomm_pcb_p ng_btsocket_rfcomm_connect_ind
 109         (ng_btsocket_rfcomm_session_p s, int channel);
 110 static void ng_btsocket_rfcomm_connect_cfm
 111         (ng_btsocket_rfcomm_session_p s);
 112
 113 static int ng_btsocket_rfcomm_session_create
 114         (ng_btsocket_rfcomm_session_p *sp, struct socket *l2so,
 115          bdaddr_p src, bdaddr_p dst, struct thread *td);
 116 static int ng_btsocket_rfcomm_session_accept
 117         (ng_btsocket_rfcomm_session_p s0);
 118 static int ng_btsocket_rfcomm_session_connect
 119         (ng_btsocket_rfcomm_session_p s);
 120 static int ng_btsocket_rfcomm_session_receive
 121         (ng_btsocket_rfcomm_session_p s);
 122 static int ng_btsocket_rfcomm_session_send
 123         (ng_btsocket_rfcomm_session_p s);
 124 static void ng_btsocket_rfcomm_session_clean
 125         (ng_btsocket_rfcomm_session_p s);
 126 static void ng_btsocket_rfcomm_session_process_pcb
 127         (ng_btsocket_rfcomm_session_p s);
 128 static ng_btsocket_rfcomm_session_p ng_btsocket_rfcomm_session_by_addr
 129         (bdaddr_p src, bdaddr_p dst);
 130
 131 static int ng_btsocket_rfcomm_receive_frame
 132         (ng_btsocket_rfcomm_session_p s, struct mbuf *m0);
 133 static int ng_btsocket_rfcomm_receive_sabm
 134         (ng_btsocket_rfcomm_session_p s, int dlci);
 135 static int ng_btsocket_rfcomm_receive_disc
 136         (ng_btsocket_rfcomm_session_p s, int dlci);
 137 static int ng_btsocket_rfcomm_receive_ua
 138         (ng_btsocket_rfcomm_session_p s, int dlci);
 139 static int ng_btsocket_rfcomm_receive_dm
 140         (ng_btsocket_rfcomm_session_p s, int dlci);
 141 static int ng_btsocket_rfcomm_receive_uih
 142         (ng_btsocket_rfcomm_session_p s, int dlci, int pf, struct mbuf *m0);
 143 static int ng_btsocket_rfcomm_receive_mcc
 144         (ng_btsocket_rfcomm_session_p s, struct mbuf *m0);
 145 static int ng_btsocket_rfcomm_receive_test
 146         (ng_btsocket_rfcomm_session_p s, struct mbuf *m0);
 147 static int ng_btsocket_rfcomm_receive_fc
 148         (ng_btsocket_rfcomm_session_p s, struct mbuf *m0);
 149 static int ng_btsocket_rfcomm_receive_msc
 150         (ng_btsocket_rfcomm_session_p s, struct mbuf *m0);
 151 static int ng_btsocket_rfcomm_receive_rpn
 152         (ng_btsocket_rfcomm_session_p s, struct mbuf *m0);
 153 static int ng_btsocket_rfcomm_receive_rls
 154         (ng_btsocket_rfcomm_session_p s, struct mbuf *m0);
 155 static int ng_btsocket_rfcomm_receive_pn
 156         (ng_btsocket_rfcomm_session_p s, struct mbuf *m0);
 157 static void ng_btsocket_rfcomm_set_pn
 158         (ng_btsocket_rfcomm_pcb_p pcb, u_int8_t cr, u_int8_t flow_control,
 159          u_int8_t credits, u_int16_t mtu);
 160
 161 static int ng_btsocket_rfcomm_send_command
 162         (ng_btsocket_rfcomm_session_p s, u_int8_t type, u_int8_t dlci);
 163 static int ng_btsocket_rfcomm_send_uih
 164         (ng_btsocket_rfcomm_session_p s, u_int8_t address, u_int8_t pf,
 165          u_int8_t credits, struct mbuf *data);
 166 static int ng_btsocket_rfcomm_send_msc
 167         (ng_btsocket_rfcomm_pcb_p pcb);
 168 static int ng_btsocket_rfcomm_send_pn
 169         (ng_btsocket_rfcomm_pcb_p pcb);
 170 static int ng_btsocket_rfcomm_send_credits
 171         (ng_btsocket_rfcomm_pcb_p pcb);
 172
 173 static int ng_btsocket_rfcomm_pcb_send
 174         (ng_btsocket_rfcomm_pcb_p pcb, int limit);
 175 static void ng_btsocket_rfcomm_pcb_kill
 176         (ng_btsocket_rfcomm_pcb_p pcb, int error);
 177 static ng_btsocket_rfcomm_pcb_p ng_btsocket_rfcomm_pcb_by_dlci
 178         (ng_btsocket_rfcomm_session_p s, int dlci);
 179 static ng_btsocket_rfcomm_pcb_p ng_btsocket_rfcomm_pcb_listener
 180         (bdaddr_p src, int channel);
 181
 182 static void ng_btsocket_rfcomm_timeout
 183         (ng_btsocket_rfcomm_pcb_p pcb);
 184 static void ng_btsocket_rfcomm_untimeout
 185         (ng_btsocket_rfcomm_pcb_p pcb);
 186 static void ng_btsocket_rfcomm_process_timeout
 187         (void *xpcb);
 188
 189 static struct mbuf * ng_btsocket_rfcomm_prepare_packet
 190         (struct sockbuf *sb, int length);
 191
 192 /* Globals */
 193 extern int                                      ifqmaxlen;
 194 static u_int32_t                                ng_btsocket_rfcomm_debug_level;
 195 static u_int32_t                                ng_btsocket_rfcomm_timo;
 196 struct task                                     ng_btsocket_rfcomm_task;
 197 static LIST_HEAD(, ng_btsocket_rfcomm_session)  ng_btsocket_rfcomm_sessions;
 198 static struct mtx                               ng_btsocket_rfcomm_sessions_mtx;
 199 static LIST_HEAD(, ng_btsocket_rfcomm_pcb)      ng_btsocket_rfcomm_sockets;
 200 static struct mtx                               ng_btsocket_rfcomm_sockets_mtx;
 201 static struct timeval                           ng_btsocket_rfcomm_lasttime;
 202 static int                                      ng_btsocket_rfcomm_curpps;
 203
 204 /* Sysctl tree */
 205 SYSCTL_DECL(_net_bluetooth_rfcomm_sockets);
 206 static SYSCTL_NODE(_net_bluetooth_rfcomm_sockets, OID_AUTO, stream, CTLFLAG_RW,
 207         0, "Bluetooth STREAM RFCOMM sockets family");
 208 SYSCTL_UINT(_net_bluetooth_rfcomm_sockets_stream, OID_AUTO, debug_level,
 209         CTLFLAG_RW,
 210         &ng_btsocket_rfcomm_debug_level, NG_BTSOCKET_INFO_LEVEL,
 211         "Bluetooth STREAM RFCOMM sockets debug level");
 212 SYSCTL_UINT(_net_bluetooth_rfcomm_sockets_stream, OID_AUTO, timeout,
 213         CTLFLAG_RW,
 214         &ng_btsocket_rfcomm_timo, 60,
 215         "Bluetooth STREAM RFCOMM sockets timeout");
 216
 217 /*****************************************************************************
 218  *****************************************************************************
 219  **                              RFCOMM CRC
 220  *****************************************************************************
 221  *****************************************************************************/
 222
 223 static u_int8_t ng_btsocket_rfcomm_crc_table[256] = {
 224         0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
 225         0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
 226         0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
 227         0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
 228
 229         0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
 230         0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
 231         0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
 232         0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
 233
 234         0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
 235         0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
 236         0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
 237         0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
 238
 239         0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
 240         0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
 241         0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
 242         0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
 243
 244         0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
 245         0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
 246         0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
 247         0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
 248
 249         0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
 250         0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
 251         0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
 252         0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
 253
 254         0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
 255         0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
 256         0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
 257         0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
 258
 259         0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
 260         0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
 261         0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
 262         0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
 263 };
 264
 265 /* CRC */
 266 static u_int8_t
 267 ng_btsocket_rfcomm_crc(u_int8_t *data, int length)
 268 {
 269         u_int8_t        crc = 0xff;
 270
 271         while (length --)
 272                 crc = ng_btsocket_rfcomm_crc_table[crc ^ *data++];
 273
 274         return (crc);
 275 } /* ng_btsocket_rfcomm_crc */
 276
 277 /* FCS on 2 bytes */
 278 static u_int8_t
 279 ng_btsocket_rfcomm_fcs2(u_int8_t *data)
 280 {
 281         return (0xff - ng_btsocket_rfcomm_crc(data, 2));
 282 } /* ng_btsocket_rfcomm_fcs2 */
 283
 284 /* FCS on 3 bytes */
 285 static u_int8_t
 286 ng_btsocket_rfcomm_fcs3(u_int8_t *data)
 287 {
 288         return (0xff - ng_btsocket_rfcomm_crc(data, 3));
 289 } /* ng_btsocket_rfcomm_fcs3 */
 290
 291 /*
 292  * Check FCS
 293  *
 294  * From Bluetooth spec
 295  *
 296  * "... In 07.10, the frame check sequence (FCS) is calculated on different
 297  * sets of fields for different frame types. These are the fields that the
 298  * FCS are calculated on:
 299  *
 300  * For SABM, DISC, UA, DM frames: on Address, Control and length field.
 301  * For UIH frames: on Address and Control field.
 302  *
 303  * (This is stated here for clarification, and to set the standard for RFCOMM;
 304  * the fields included in FCS calculation have actually changed in version
 305  * 7.0.0 of TS 07.10, but RFCOMM will not change the FCS calculation scheme
 306  * from the one above.) ..."
 307  */
 308
 309 static int
 310 ng_btsocket_rfcomm_check_fcs(u_int8_t *data, int type, u_int8_t fcs)
 311 {
 312         if (type != RFCOMM_FRAME_UIH)
 313                 return (ng_btsocket_rfcomm_fcs3(data) != fcs);
 314
 315         return (ng_btsocket_rfcomm_fcs2(data) != fcs);
 316 } /* ng_btsocket_rfcomm_check_fcs */
 317
 318 /*****************************************************************************
 319  *****************************************************************************
 320  **                              Socket interface
 321  *****************************************************************************
 322  *****************************************************************************/
 323
 324 /*
 325  * Initialize everything
 326  */
 327
 328 void
 329 ng_btsocket_rfcomm_init(void)
 330 {
 331
 332         /* Skip initialization of globals for non-default instances. */
 333         if (!IS_DEFAULT_VNET(curvnet))
 334                 return;
 335
 336         ng_btsocket_rfcomm_debug_level = NG_BTSOCKET_WARN_LEVEL;
 337         ng_btsocket_rfcomm_timo = 60;
 338
 339         /* RFCOMM task */
 340         TASK_INIT(&ng_btsocket_rfcomm_task, 0,
 341                 ng_btsocket_rfcomm_sessions_task, NULL);
 342
 343         /* RFCOMM sessions list */
 344         LIST_INIT(&ng_btsocket_rfcomm_sessions);
 345         mtx_init(&ng_btsocket_rfcomm_sessions_mtx,
 346                 "btsocks_rfcomm_sessions_mtx", NULL, MTX_DEF);
 347
 348         /* RFCOMM sockets list */
 349         LIST_INIT(&ng_btsocket_rfcomm_sockets);
 350         mtx_init(&ng_btsocket_rfcomm_sockets_mtx,
 351                 "btsocks_rfcomm_sockets_mtx", NULL, MTX_DEF);
 352 } /* ng_btsocket_rfcomm_init */
 353
 354 /*
 355  * Abort connection on socket
 356  */
 357
 358 void
 359 ng_btsocket_rfcomm_abort(struct socket *so)
 360 {
 361
 362         so->so_error = ECONNABORTED;
 363         (void)ng_btsocket_rfcomm_disconnect(so);
 364 } /* ng_btsocket_rfcomm_abort */
 365
 366 void
 367 ng_btsocket_rfcomm_close(struct socket *so)
 368 {
 369
 370         (void)ng_btsocket_rfcomm_disconnect(so);
 371 } /* ng_btsocket_rfcomm_close */
 372
 373 /*
 374  * Accept connection on socket. Nothing to do here, socket must be connected
 375  * and ready, so just return peer address and be done with it.
 376  */
 377
 378 int
 379 ng_btsocket_rfcomm_accept(struct socket *so, struct sockaddr **nam)
 380 {
 381         return (ng_btsocket_rfcomm_peeraddr(so, nam));
 382 } /* ng_btsocket_rfcomm_accept */
 383
 384 /*
 385  * Create and attach new socket
 386  */
 387
 388 int
 389 ng_btsocket_rfcomm_attach(struct socket *so, int proto, struct thread *td)
 390 {
 391         ng_btsocket_rfcomm_pcb_p        pcb = so2rfcomm_pcb(so);
 392         int                             error;
 393
 394         /* Check socket and protocol */
 395         if (so->so_type != SOCK_STREAM)
 396                 return (ESOCKTNOSUPPORT);
 397
 398 #if 0 /* XXX sonewconn() calls "pru_attach" with proto == 0 */
 399         if (proto != 0)
 400                 if (proto != BLUETOOTH_PROTO_RFCOMM)
 401                         return (EPROTONOSUPPORT);
 402 #endif /* XXX */
 403
 404         if (pcb != NULL)
 405                 return (EISCONN);
 406
 407         /* Reserve send and receive space if it is not reserved yet */
 408         if ((so->so_snd.sb_hiwat == 0) || (so->so_rcv.sb_hiwat == 0)) {
 409                 error = soreserve(so, NG_BTSOCKET_RFCOMM_SENDSPACE,
 410                                         NG_BTSOCKET_RFCOMM_RECVSPACE);
 411                 if (error != 0)
 412                         return (error);
 413         }
 414
 415         /* Allocate the PCB */
 416         pcb = malloc(sizeof(*pcb),
 417                 M_NETGRAPH_BTSOCKET_RFCOMM, M_NOWAIT | M_ZERO);
 418         if (pcb == NULL)
 419                 return (ENOMEM);
 420
 421         /* Link the PCB and the socket */
 422         so->so_pcb = (caddr_t) pcb;
 423         pcb->so = so;
 424
 425         /* Initialize PCB */
 426         pcb->state = NG_BTSOCKET_RFCOMM_DLC_CLOSED;
 427         pcb->flags = NG_BTSOCKET_RFCOMM_DLC_CFC;
 428
 429         pcb->lmodem =
 430         pcb->rmodem = (RFCOMM_MODEM_RTC | RFCOMM_MODEM_RTR | RFCOMM_MODEM_DV);
 431
 432         pcb->mtu = RFCOMM_DEFAULT_MTU;
 433         pcb->tx_cred = 0;
 434         pcb->rx_cred = RFCOMM_DEFAULT_CREDITS;
 435
 436         mtx_init(&pcb->pcb_mtx, "btsocks_rfcomm_pcb_mtx", NULL, MTX_DEF);
 437         callout_init_mtx(&pcb->timo, &pcb->pcb_mtx, 0);
 438
 439         /* Add the PCB to the list */
 440         mtx_lock(&ng_btsocket_rfcomm_sockets_mtx);
 441         LIST_INSERT_HEAD(&ng_btsocket_rfcomm_sockets, pcb, next);
 442         mtx_unlock(&ng_btsocket_rfcomm_sockets_mtx);
 443
 444         return (0);
 445 } /* ng_btsocket_rfcomm_attach */
 446
 447 /*
 448  * Bind socket
 449  */
 450
 451 int
 452 ng_btsocket_rfcomm_bind(struct socket *so, struct sockaddr *nam,
 453                 struct thread *td)
 454 {
 455         ng_btsocket_rfcomm_pcb_t        *pcb = so2rfcomm_pcb(so), *pcb1;
 456         struct sockaddr_rfcomm          *sa = (struct sockaddr_rfcomm *) nam;
 457
 458         if (pcb == NULL)
 459                 return (EINVAL);
 460
 461         /* Verify address */
 462         if (sa == NULL)
 463                 return (EINVAL);
 464         if (sa->rfcomm_family != AF_BLUETOOTH)
 465                 return (EAFNOSUPPORT);
 466         if (sa->rfcomm_len != sizeof(*sa))
 467                 return (EINVAL);
 468         if (sa->rfcomm_channel > 30)
 469                 return (EINVAL);
 470
 471         mtx_lock(&pcb->pcb_mtx);
 472
 473         if (sa->rfcomm_channel != 0) {
 474                 mtx_lock(&ng_btsocket_rfcomm_sockets_mtx);
 475
 476                 LIST_FOREACH(pcb1, &ng_btsocket_rfcomm_sockets, next) {
 477                         if (pcb1->channel == sa->rfcomm_channel &&
 478                             bcmp(&pcb1->src, &sa->rfcomm_bdaddr,
 479                                         sizeof(pcb1->src)) == 0) {
 480                                 mtx_unlock(&ng_btsocket_rfcomm_sockets_mtx);
 481                                 mtx_unlock(&pcb->pcb_mtx);
 482
 483                                 return (EADDRINUSE);
 484                         }
 485                 }
 486
 487                 mtx_unlock(&ng_btsocket_rfcomm_sockets_mtx);
 488         }
 489
 490         bcopy(&sa->rfcomm_bdaddr, &pcb->src, sizeof(pcb->src));
 491         pcb->channel = sa->rfcomm_channel;
 492
 493         mtx_unlock(&pcb->pcb_mtx);
 494
 495         return (0);
 496 } /* ng_btsocket_rfcomm_bind */
 497
 498 /*
 499  * Connect socket
 500  */
 501
 502 int
 503 ng_btsocket_rfcomm_connect(struct socket *so, struct sockaddr *nam,
 504                 struct thread *td)
 505 {
 506         ng_btsocket_rfcomm_pcb_t        *pcb = so2rfcomm_pcb(so);
 507         struct sockaddr_rfcomm          *sa = (struct sockaddr_rfcomm *) nam;
 508         ng_btsocket_rfcomm_session_t    *s = NULL;
 509         struct socket                   *l2so = NULL;
 510         int                              dlci, error = 0;
 511
 512         if (pcb == NULL)
 513                 return (EINVAL);
 514
 515         /* Verify address */
 516         if (sa == NULL)
 517                 return (EINVAL);
 518         if (sa->rfcomm_family != AF_BLUETOOTH)
 519                 return (EAFNOSUPPORT);
 520         if (sa->rfcomm_len != sizeof(*sa))
 521                 return (EINVAL);
 522         if (sa->rfcomm_channel > 30)
 523                 return (EINVAL);
 524         if (sa->rfcomm_channel == 0 ||
 525             bcmp(&sa->rfcomm_bdaddr, NG_HCI_BDADDR_ANY, sizeof(bdaddr_t)) == 0)
 526                 return (EDESTADDRREQ);
 527
 528         /*
 529          * Note that we will not check for errors in socreate() because
 530          * if we failed to create L2CAP socket at this point we still
 531          * might have already open session.
 532          */
 533
 534         error = socreate(PF_BLUETOOTH, &l2so, SOCK_SEQPACKET,
 535                         BLUETOOTH_PROTO_L2CAP, td->td_ucred, td);
 536
 537         /*
 538          * Look for session between "pcb->src" and "sa->rfcomm_bdaddr" (dst)
 539          */
 540
 541         mtx_lock(&ng_btsocket_rfcomm_sessions_mtx);
 542
 543         s = ng_btsocket_rfcomm_session_by_addr(&pcb->src, &sa->rfcomm_bdaddr);
 544         if (s == NULL) {
 545                 /*
 546                  * We need to create new RFCOMM session. Check if we have L2CAP
 547                  * socket. If l2so == NULL then error has the error code from
 548                  * socreate()
 549                  */
 550
 551                 if (l2so == NULL) {
 552                         mtx_unlock(&ng_btsocket_rfcomm_sessions_mtx);
 553                         return (error);
 554                 }
 555
 556                 error = ng_btsocket_rfcomm_session_create(&s, l2so,
 557                                 &pcb->src, &sa->rfcomm_bdaddr, td);
 558                 if (error != 0) {
 559                         mtx_unlock(&ng_btsocket_rfcomm_sessions_mtx);
 560                         soclose(l2so);
 561
 562                         return (error);
 563                 }
 564         } else if (l2so != NULL)
 565                 soclose(l2so); /* we don't need new L2CAP socket */
 566
 567         /*
 568          * Check if we already have the same DLCI the same session
 569          */
 570
 571         mtx_lock(&s->session_mtx);
 572         mtx_lock(&pcb->pcb_mtx);
 573
 574         dlci = RFCOMM_MKDLCI(!INITIATOR(s), sa->rfcomm_channel);
 575
 576         if (ng_btsocket_rfcomm_pcb_by_dlci(s, dlci) != NULL) {
 577                 mtx_unlock(&pcb->pcb_mtx);
 578                 mtx_unlock(&s->session_mtx);
 579                 mtx_unlock(&ng_btsocket_rfcomm_sessions_mtx);
 580
 581                 return (EBUSY);
 582         }
 583
 584         /*
 585          * Check session state and if its not acceptable then refuse connection
 586          */
 587
 588         switch (s->state) {
 589         case NG_BTSOCKET_RFCOMM_SESSION_CONNECTING:
 590         case NG_BTSOCKET_RFCOMM_SESSION_CONNECTED:
 591         case NG_BTSOCKET_RFCOMM_SESSION_OPEN:
 592                 /*
 593                  * Update destination address and channel and attach
 594                  * DLC to the session
 595                  */
 596
 597                 bcopy(&sa->rfcomm_bdaddr, &pcb->dst, sizeof(pcb->dst));
 598                 pcb->channel = sa->rfcomm_channel;
 599                 pcb->dlci = dlci;
 600
 601                 LIST_INSERT_HEAD(&s->dlcs, pcb, session_next);
 602                 pcb->session = s;
 603
 604                 ng_btsocket_rfcomm_timeout(pcb);
 605                 soisconnecting(pcb->so);
 606
 607                 if (s->state == NG_BTSOCKET_RFCOMM_SESSION_OPEN) {
 608                         pcb->mtu = s->mtu;
 609                         bcopy(&so2l2cap_pcb(s->l2so)->src, &pcb->src,
 610                                 sizeof(pcb->src));
 611
 612                         pcb->state = NG_BTSOCKET_RFCOMM_DLC_CONFIGURING;
 613
 614                         error = ng_btsocket_rfcomm_send_pn(pcb);
 615                         if (error == 0)
 616                                 error = ng_btsocket_rfcomm_task_wakeup();
 617                 } else
 618                         pcb->state = NG_BTSOCKET_RFCOMM_DLC_W4_CONNECT;
 619                 break;
 620
 621         default:
 622                 error = ECONNRESET;
 623                 break;
 624         }
 625
 626         mtx_unlock(&pcb->pcb_mtx);
 627         mtx_unlock(&s->session_mtx);
 628         mtx_unlock(&ng_btsocket_rfcomm_sessions_mtx);
 629
 630         return (error);
 631 } /* ng_btsocket_rfcomm_connect */
 632
 633 /*
 634  * Process ioctl's calls on socket.
 635  * XXX FIXME this should provide interface to the RFCOMM multiplexor channel
 636  */
 637
 638 int
 639 ng_btsocket_rfcomm_control(struct socket *so, u_long cmd, caddr_t data,
 640                 struct ifnet *ifp, struct thread *td)
 641 {
 642         return (EINVAL);
 643 } /* ng_btsocket_rfcomm_control */
 644
 645 /*
 646  * Process getsockopt/setsockopt system calls
 647  */
 648
 649 int
 650 ng_btsocket_rfcomm_ctloutput(struct socket *so, struct sockopt *sopt)
 651 {
 652         ng_btsocket_rfcomm_pcb_p                pcb = so2rfcomm_pcb(so);
 653         struct ng_btsocket_rfcomm_fc_info       fcinfo;
 654         int                                     error = 0;
 655
 656         if (pcb == NULL)
 657                 return (EINVAL);
 658         if (sopt->sopt_level != SOL_RFCOMM)
 659                 return (0);
 660
 661         mtx_lock(&pcb->pcb_mtx);
 662
 663         switch (sopt->sopt_dir) {
 664         case SOPT_GET:
 665                 switch (sopt->sopt_name) {
 666                 case SO_RFCOMM_MTU:
 667                         error = sooptcopyout(sopt, &pcb->mtu, sizeof(pcb->mtu));
 668                         break;
 669
 670                 case SO_RFCOMM_FC_INFO:
 671                         fcinfo.lmodem = pcb->lmodem;
 672                         fcinfo.rmodem = pcb->rmodem;
 673                         fcinfo.tx_cred = pcb->tx_cred;
 674                         fcinfo.rx_cred = pcb->rx_cred;
 675                         fcinfo.cfc = (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_CFC)?
 676                                 1 : 0;
 677                         fcinfo.reserved = 0;
 678
 679                         error = sooptcopyout(sopt, &fcinfo, sizeof(fcinfo));
 680                         break;
 681
 682                 default:
 683                         error = ENOPROTOOPT;
 684                         break;
 685                 }
 686                 break;
 687
 688         case SOPT_SET:
 689                 switch (sopt->sopt_name) {
 690                 default:
 691                         error = ENOPROTOOPT;
 692                         break;
 693                 }
 694                 break;
 695
 696         default:
 697                 error = EINVAL;
 698                 break;
 699         }
 700
 701         mtx_unlock(&pcb->pcb_mtx);
 702
 703         return (error);
 704 } /* ng_btsocket_rfcomm_ctloutput */
 705
 706 /*
 707  * Detach and destroy socket
 708  */
 709
 710 void
 711 ng_btsocket_rfcomm_detach(struct socket *so)
 712 {
 713         ng_btsocket_rfcomm_pcb_p        pcb = so2rfcomm_pcb(so);
 714
 715         KASSERT(pcb != NULL, ("ng_btsocket_rfcomm_detach: pcb == NULL"));
 716
 717         mtx_lock(&pcb->pcb_mtx);
 718
 719         switch (pcb->state) {
 720         case NG_BTSOCKET_RFCOMM_DLC_W4_CONNECT:
 721         case NG_BTSOCKET_RFCOMM_DLC_CONFIGURING:
 722         case NG_BTSOCKET_RFCOMM_DLC_CONNECTING:
 723         case NG_BTSOCKET_RFCOMM_DLC_CONNECTED:
 724                 /* XXX What to do with pending request? */
 725                 if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_TIMO)
 726                         ng_btsocket_rfcomm_untimeout(pcb);
 727
 728                 if (pcb->state == NG_BTSOCKET_RFCOMM_DLC_W4_CONNECT)
 729                         pcb->flags |= NG_BTSOCKET_RFCOMM_DLC_DETACHED;
 730                 else
 731                         pcb->state = NG_BTSOCKET_RFCOMM_DLC_DISCONNECTING;
 732
 733                 ng_btsocket_rfcomm_task_wakeup();
 734                 break;
 735
 736         case NG_BTSOCKET_RFCOMM_DLC_DISCONNECTING:
 737                 ng_btsocket_rfcomm_task_wakeup();
 738                 break;
 739         }
 740
 741         while (pcb->state != NG_BTSOCKET_RFCOMM_DLC_CLOSED)
 742                 msleep(&pcb->state, &pcb->pcb_mtx, PZERO, "rf_det", 0);
 743
 744         if (pcb->session != NULL)
 745                 panic("%s: pcb->session != NULL\n", __func__);
 746         if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_TIMO)
 747                 panic("%s: timeout on closed DLC, flags=%#x\n",
 748                         __func__, pcb->flags);
 749
 750         mtx_lock(&ng_btsocket_rfcomm_sockets_mtx);
 751         LIST_REMOVE(pcb, next);
 752         mtx_unlock(&ng_btsocket_rfcomm_sockets_mtx);
 753
 754         mtx_unlock(&pcb->pcb_mtx);
 755
 756         mtx_destroy(&pcb->pcb_mtx);
 757         bzero(pcb, sizeof(*pcb));
 758         free(pcb, M_NETGRAPH_BTSOCKET_RFCOMM);
 759
 760         soisdisconnected(so);
 761         so->so_pcb = NULL;
 762 } /* ng_btsocket_rfcomm_detach */
 763
 764 /*
 765  * Disconnect socket
 766  */
 767
 768 int
 769 ng_btsocket_rfcomm_disconnect(struct socket *so)
 770 {
 771         ng_btsocket_rfcomm_pcb_p        pcb = so2rfcomm_pcb(so);
 772
 773         if (pcb == NULL)
 774                 return (EINVAL);
 775
 776         mtx_lock(&pcb->pcb_mtx);
 777
 778         if (pcb->state == NG_BTSOCKET_RFCOMM_DLC_DISCONNECTING) {
 779                 mtx_unlock(&pcb->pcb_mtx);
 780                 return (EINPROGRESS);
 781         }
 782
 783         /* XXX What to do with pending request? */
 784         if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_TIMO)
 785                 ng_btsocket_rfcomm_untimeout(pcb);
 786
 787         switch (pcb->state) {
 788         case NG_BTSOCKET_RFCOMM_DLC_CONFIGURING: /* XXX can we get here? */
 789         case NG_BTSOCKET_RFCOMM_DLC_CONNECTING: /* XXX can we get here? */
 790         case NG_BTSOCKET_RFCOMM_DLC_CONNECTED:
 791
 792                 /*
 793                  * Just change DLC state and enqueue RFCOMM task. It will
 794                  * queue and send DISC on the DLC.
 795                  */
 796
 797                 pcb->state = NG_BTSOCKET_RFCOMM_DLC_DISCONNECTING;
 798                 soisdisconnecting(so);
 799
 800                 ng_btsocket_rfcomm_task_wakeup();
 801                 break;
 802
 803         case NG_BTSOCKET_RFCOMM_DLC_CLOSED:
 804         case NG_BTSOCKET_RFCOMM_DLC_W4_CONNECT:
 805                 break;
 806
 807         default:
 808                 panic("%s: Invalid DLC state=%d, flags=%#x\n",
 809                         __func__, pcb->state, pcb->flags);
 810                 break;
 811         }
 812
 813         mtx_unlock(&pcb->pcb_mtx);
 814
 815         return (0);
 816 } /* ng_btsocket_rfcomm_disconnect */
 817
 818 /*
 819  * Listen on socket. First call to listen() will create listening RFCOMM session
 820  */
 821
 822 int
 823 ng_btsocket_rfcomm_listen(struct socket *so, int backlog, struct thread *td)
 824 {
 825         ng_btsocket_rfcomm_pcb_p         pcb = so2rfcomm_pcb(so), pcb1;
 826         ng_btsocket_rfcomm_session_p     s = NULL;
 827         struct socket                   *l2so = NULL;
 828         int                              error, socreate_error, usedchannels;
 829
 830         if (pcb == NULL)
 831                 return (EINVAL);
 832         if (pcb->channel > 30)
 833                 return (EADDRNOTAVAIL);
 834
 835         usedchannels = 0;
 836
 837         mtx_lock(&pcb->pcb_mtx);
 838
 839         if (pcb->channel == 0) {
 840                 mtx_lock(&ng_btsocket_rfcomm_sockets_mtx);
 841
 842                 LIST_FOREACH(pcb1, &ng_btsocket_rfcomm_sockets, next)
 843                         if (pcb1->channel != 0 &&
 844                             bcmp(&pcb1->src, &pcb->src, sizeof(pcb->src)) == 0)
 845                                 usedchannels |= (1 << (pcb1->channel - 1));
 846
 847                 for (pcb->channel = 30; pcb->channel > 0; pcb->channel --)
 848                         if (!(usedchannels & (1 << (pcb->channel - 1))))
 849                                 break;
 850
 851                 if (pcb->channel == 0) {
 852                         mtx_unlock(&ng_btsocket_rfcomm_sockets_mtx);
 853                         mtx_unlock(&pcb->pcb_mtx);
 854
 855                         return (EADDRNOTAVAIL);
 856                 }
 857
 858                 mtx_unlock(&ng_btsocket_rfcomm_sockets_mtx);
 859         }
 860
 861         mtx_unlock(&pcb->pcb_mtx);
 862
 863         /*
 864          * Note that we will not check for errors in socreate() because
 865          * if we failed to create L2CAP socket at this point we still
 866          * might have already open session.
 867          */
 868
 869         socreate_error = socreate(PF_BLUETOOTH, &l2so, SOCK_SEQPACKET,
 870                         BLUETOOTH_PROTO_L2CAP, td->td_ucred, td);
 871
 872         /*
 873          * Transition the socket and session into the LISTENING state.  Check
 874          * for collisions first, as there can only be one.
 875          */
 876         mtx_lock(&ng_btsocket_rfcomm_sessions_mtx);
 877         SOCK_LOCK(so);
 878         error = solisten_proto_check(so);
 879         SOCK_UNLOCK(so);
 880         if (error != 0)
 881                 goto out;
 882
 883         LIST_FOREACH(s, &ng_btsocket_rfcomm_sessions, next)
 884                 if (s->state == NG_BTSOCKET_RFCOMM_SESSION_LISTENING)
 885                         break;
 886
 887         if (s == NULL) {
 888                 /*
 889                  * We need to create default RFCOMM session. Check if we have
 890                  * L2CAP socket. If l2so == NULL then error has the error code
 891                  * from socreate()
 892                  */
 893                 if (l2so == NULL) {
 894                         error = socreate_error;
 895                         goto out;
 896                 }
 897
 898                 /*
 899                  * Create default listen RFCOMM session. The default RFCOMM
 900                  * session will listen on ANY address.
 901                  *
 902                  * XXX FIXME Note that currently there is no way to adjust MTU
 903                  * for the default session.
 904                  */
 905                 error = ng_btsocket_rfcomm_session_create(&s, l2so,
 906                                         NG_HCI_BDADDR_ANY, NULL, td);
 907                 if (error != 0)
 908                         goto out;
 909                 l2so = NULL;
 910         }
 911         SOCK_LOCK(so);
 912         solisten_proto(so, backlog);
 913         SOCK_UNLOCK(so);
 914 out:
 915         mtx_unlock(&ng_btsocket_rfcomm_sessions_mtx);
 916         /*
 917          * If we still have an l2so reference here, it's unneeded, so release
 918          * it.
 919          */
 920         if (l2so != NULL)
 921                 soclose(l2so);
 922         return (error);
 923 } /* ng_btsocket_listen */
 924
 925 /*
 926  * Get peer address
 927  */
 928
 929 int
 930 ng_btsocket_rfcomm_peeraddr(struct socket *so, struct sockaddr **nam)
 931 {
 932         ng_btsocket_rfcomm_pcb_p        pcb = so2rfcomm_pcb(so);
 933         struct sockaddr_rfcomm          sa;
 934
 935         if (pcb == NULL)
 936                 return (EINVAL);
 937
 938         bcopy(&pcb->dst, &sa.rfcomm_bdaddr, sizeof(sa.rfcomm_bdaddr));
 939         sa.rfcomm_channel = pcb->channel;
 940         sa.rfcomm_len = sizeof(sa);
 941         sa.rfcomm_family = AF_BLUETOOTH;
 942
 943         *nam = sodupsockaddr((struct sockaddr *) &sa, M_NOWAIT);
 944
 945         return ((*nam == NULL)? ENOMEM : 0);
 946 } /* ng_btsocket_rfcomm_peeraddr */
 947
 948 /*
 949  * Send data to socket
 950  */
 951
 952 int
 953 ng_btsocket_rfcomm_send(struct socket *so, int flags, struct mbuf *m,
 954                 struct sockaddr *nam, struct mbuf *control, struct thread *td)
 955 {
 956         ng_btsocket_rfcomm_pcb_t        *pcb = so2rfcomm_pcb(so);
 957         int                              error = 0;
 958
 959         /* Check socket and input */
 960         if (pcb == NULL || m == NULL || control != NULL) {
 961                 error = EINVAL;
 962                 goto drop;
 963         }
 964
 965         mtx_lock(&pcb->pcb_mtx);
 966
 967         /* Make sure DLC is connected */
 968         if (pcb->state != NG_BTSOCKET_RFCOMM_DLC_CONNECTED) {
 969                 mtx_unlock(&pcb->pcb_mtx);
 970                 error = ENOTCONN;
 971                 goto drop;
 972         }
 973
 974         /* Put the packet on the socket's send queue and wakeup RFCOMM task */
 975         sbappend(&pcb->so->so_snd, m, flags);
 976         m = NULL;
 977
 978         if (!(pcb->flags & NG_BTSOCKET_RFCOMM_DLC_SENDING)) {
 979                 pcb->flags |= NG_BTSOCKET_RFCOMM_DLC_SENDING;
 980                 error = ng_btsocket_rfcomm_task_wakeup();
 981         }
 982
 983         mtx_unlock(&pcb->pcb_mtx);
 984 drop:
 985         NG_FREE_M(m); /* checks for != NULL */
 986         NG_FREE_M(control);
 987
 988         return (error);
 989 } /* ng_btsocket_rfcomm_send */
 990
 991 /*
 992  * Get socket address
 993  */
 994
 995 int
 996 ng_btsocket_rfcomm_sockaddr(struct socket *so, struct sockaddr **nam)
 997 {
 998         ng_btsocket_rfcomm_pcb_p        pcb = so2rfcomm_pcb(so);
 999         struct sockaddr_rfcomm          sa;
1000
1001         if (pcb == NULL)
1002                 return (EINVAL);
1003
1004         bcopy(&pcb->src, &sa.rfcomm_bdaddr, sizeof(sa.rfcomm_bdaddr));
1005         sa.rfcomm_channel = pcb->channel;
1006         sa.rfcomm_len = sizeof(sa);
1007         sa.rfcomm_family = AF_BLUETOOTH;
1008
1009         *nam = sodupsockaddr((struct sockaddr *) &sa, M_NOWAIT);
1010
1011         return ((*nam == NULL)? ENOMEM : 0);
1012 } /* ng_btsocket_rfcomm_sockaddr */
1013
1014 /*
1015  * Upcall function for L2CAP sockets. Enqueue RFCOMM task.
1016  */
1017
1018 static int
1019 ng_btsocket_rfcomm_upcall(struct socket *so, void *arg, int waitflag)
1020 {
1021         int     error;
1022
1023         if (so == NULL)
1024                 panic("%s: so == NULL\n", __func__);
1025
1026         if ((error = ng_btsocket_rfcomm_task_wakeup()) != 0)
1027                 NG_BTSOCKET_RFCOMM_ALERT(
1028 "%s: Could not enqueue RFCOMM task, error=%d\n", __func__, error);
1029         return (SU_OK);
1030 } /* ng_btsocket_rfcomm_upcall */
1031
1032 /*
1033  * RFCOMM task. Will handle all RFCOMM sessions in one pass.
1034  * XXX FIXME does not scale very well
1035  */
1036
1037 static void
1038 ng_btsocket_rfcomm_sessions_task(void *ctx, int pending)
1039 {
1040         ng_btsocket_rfcomm_session_p    s = NULL, s_next = NULL;
1041
1042         mtx_lock(&ng_btsocket_rfcomm_sessions_mtx);
1043
1044         for (s = LIST_FIRST(&ng_btsocket_rfcomm_sessions); s != NULL; ) {
1045                 mtx_lock(&s->session_mtx);
1046                 s_next = LIST_NEXT(s, next);
1047
1048                 ng_btsocket_rfcomm_session_task(s);
1049
1050                 if (s->state == NG_BTSOCKET_RFCOMM_SESSION_CLOSED) {
1051                         /* Unlink and clean the session */
1052                         LIST_REMOVE(s, next);
1053
1054                         NG_BT_MBUFQ_DRAIN(&s->outq);
1055                         if (!LIST_EMPTY(&s->dlcs))
1056                                 panic("%s: DLC list is not empty\n", __func__);
1057
1058                         /* Close L2CAP socket */
1059                         SOCKBUF_LOCK(&s->l2so->so_rcv);
1060                         soupcall_clear(s->l2so, SO_RCV);
1061                         SOCKBUF_UNLOCK(&s->l2so->so_rcv);
1062                         SOCKBUF_LOCK(&s->l2so->so_snd);
1063                         soupcall_clear(s->l2so, SO_SND);
1064                         SOCKBUF_UNLOCK(&s->l2so->so_snd);
1065                         soclose(s->l2so);
1066
1067                         mtx_unlock(&s->session_mtx);
1068
1069                         mtx_destroy(&s->session_mtx);
1070                         bzero(s, sizeof(*s));
1071                         free(s, M_NETGRAPH_BTSOCKET_RFCOMM);
1072                 } else
1073                         mtx_unlock(&s->session_mtx);
1074
1075                 s = s_next;
1076         }
1077
1078         mtx_unlock(&ng_btsocket_rfcomm_sessions_mtx);
1079 } /* ng_btsocket_rfcomm_sessions_task */
1080
1081 /*
1082  * Process RFCOMM session. Will handle all RFCOMM sockets in one pass.
1083  */
1084
1085 static void
1086 ng_btsocket_rfcomm_session_task(ng_btsocket_rfcomm_session_p s)
1087 {
1088         mtx_assert(&s->session_mtx, MA_OWNED);
1089
1090         if (s->l2so->so_rcv.sb_state & SBS_CANTRCVMORE) {
1091                 NG_BTSOCKET_RFCOMM_INFO(
1092 "%s: L2CAP connection has been terminated, so=%p, so_state=%#x, so_count=%d, " \
1093 "state=%d, flags=%#x\n", __func__, s->l2so, s->l2so->so_state,
1094                         s->l2so->so_count, s->state, s->flags);
1095
1096                 s->state = NG_BTSOCKET_RFCOMM_SESSION_CLOSED;
1097                 ng_btsocket_rfcomm_session_clean(s);
1098         }
1099
1100         /* Now process upcall */
1101         switch (s->state) {
1102         /* Try to accept new L2CAP connection(s) */
1103         case NG_BTSOCKET_RFCOMM_SESSION_LISTENING:
1104                 while (ng_btsocket_rfcomm_session_accept(s) == 0)
1105                         ;
1106                 break;
1107
1108         /* Process the results of the L2CAP connect */
1109         case NG_BTSOCKET_RFCOMM_SESSION_CONNECTING:
1110                 ng_btsocket_rfcomm_session_process_pcb(s);
1111
1112                 if (ng_btsocket_rfcomm_session_connect(s) != 0) {
1113                         s->state = NG_BTSOCKET_RFCOMM_SESSION_CLOSED;
1114                         ng_btsocket_rfcomm_session_clean(s);
1115                 }
1116                 break;
1117
1118         /* Try to receive/send more data */
1119         case NG_BTSOCKET_RFCOMM_SESSION_CONNECTED:
1120         case NG_BTSOCKET_RFCOMM_SESSION_OPEN:
1121         case NG_BTSOCKET_RFCOMM_SESSION_DISCONNECTING:
1122                 ng_btsocket_rfcomm_session_process_pcb(s);
1123
1124                 if (ng_btsocket_rfcomm_session_receive(s) != 0) {
1125                         s->state = NG_BTSOCKET_RFCOMM_SESSION_CLOSED;
1126                         ng_btsocket_rfcomm_session_clean(s);
1127                 } else if (ng_btsocket_rfcomm_session_send(s) != 0) {
1128                         s->state = NG_BTSOCKET_RFCOMM_SESSION_CLOSED;
1129                         ng_btsocket_rfcomm_session_clean(s);
1130                 }
1131                 break;
1132
1133         case NG_BTSOCKET_RFCOMM_SESSION_CLOSED:
1134                 break;
1135
1136         default:
1137                 panic("%s: Invalid session state=%d, flags=%#x\n",
1138                         __func__, s->state, s->flags);
1139                 break;
1140         }
1141 } /* ng_btsocket_rfcomm_session_task */
1142
1143 /*
1144  * Process RFCOMM connection indicator. Caller must hold s->session_mtx
1145  */
1146
1147 static ng_btsocket_rfcomm_pcb_p
1148 ng_btsocket_rfcomm_connect_ind(ng_btsocket_rfcomm_session_p s, int channel)
1149 {
1150         ng_btsocket_rfcomm_pcb_p         pcb = NULL, pcb1 = NULL;
1151         ng_btsocket_l2cap_pcb_p          l2pcb = NULL;
1152         struct socket                   *so1 = NULL;
1153
1154         mtx_assert(&s->session_mtx, MA_OWNED);
1155
1156         /*
1157          * Try to find RFCOMM socket that listens on given source address
1158          * and channel. This will return the best possible match.
1159          */
1160
1161         l2pcb = so2l2cap_pcb(s->l2so);
1162         pcb = ng_btsocket_rfcomm_pcb_listener(&l2pcb->src, channel);
1163         if (pcb == NULL)
1164                 return (NULL);
1165
1166         /*
1167          * Check the pending connections queue and if we have space then
1168          * create new socket and set proper source and destination address,
1169          * and channel.
1170          */
1171
1172         mtx_lock(&pcb->pcb_mtx);
1173
1174         if (pcb->so->so_qlen <= pcb->so->so_qlimit) {
1175                 CURVNET_SET(pcb->so->so_vnet);
1176                 so1 = sonewconn(pcb->so, 0);
1177                 CURVNET_RESTORE();
1178         }
1179
1180         mtx_unlock(&pcb->pcb_mtx);
1181
1182         if (so1 == NULL)
1183                 return (NULL);
1184
1185         /*
1186          * If we got here than we have created new socket. So complete the
1187          * connection. Set source and destination address from the session.
1188          */
1189
1190         pcb1 = so2rfcomm_pcb(so1);
1191         if (pcb1 == NULL)
1192                 panic("%s: pcb1 == NULL\n", __func__);
1193
1194         mtx_lock(&pcb1->pcb_mtx);
1195
1196         bcopy(&l2pcb->src, &pcb1->src, sizeof(pcb1->src));
1197         bcopy(&l2pcb->dst, &pcb1->dst, sizeof(pcb1->dst));
1198         pcb1->channel = channel;
1199
1200         /* Link new DLC to the session. We already hold s->session_mtx */
1201         LIST_INSERT_HEAD(&s->dlcs, pcb1, session_next);
1202         pcb1->session = s;
1203
1204         mtx_unlock(&pcb1->pcb_mtx);
1205
1206         return (pcb1);
1207 } /* ng_btsocket_rfcomm_connect_ind */
1208
1209 /*
1210  * Process RFCOMM connect confirmation. Caller must hold s->session_mtx.
1211  */
1212
1213 static void
1214 ng_btsocket_rfcomm_connect_cfm(ng_btsocket_rfcomm_session_p s)
1215 {
1216         ng_btsocket_rfcomm_pcb_p        pcb = NULL, pcb_next = NULL;
1217         int                             error;
1218
1219         mtx_assert(&s->session_mtx, MA_OWNED);
1220
1221         /*
1222          * Wake up all waiting sockets and send PN request for each of them.
1223          * Note that timeout already been set in ng_btsocket_rfcomm_connect()
1224          *
1225          * Note: cannot use LIST_FOREACH because ng_btsocket_rfcomm_pcb_kill
1226          * will unlink DLC from the session
1227          */
1228
1229         for (pcb = LIST_FIRST(&s->dlcs); pcb != NULL; ) {
1230                 mtx_lock(&pcb->pcb_mtx);
1231                 pcb_next = LIST_NEXT(pcb, session_next);
1232
1233                 if (pcb->state == NG_BTSOCKET_RFCOMM_DLC_W4_CONNECT) {
1234                         pcb->mtu = s->mtu;
1235                         bcopy(&so2l2cap_pcb(s->l2so)->src, &pcb->src,
1236                                 sizeof(pcb->src));
1237
1238                         error = ng_btsocket_rfcomm_send_pn(pcb);
1239                         if (error == 0)
1240                                 pcb->state = NG_BTSOCKET_RFCOMM_DLC_CONFIGURING;
1241                         else
1242                                 ng_btsocket_rfcomm_pcb_kill(pcb, error);
1243                 }
1244
1245                 mtx_unlock(&pcb->pcb_mtx);
1246                 pcb = pcb_next;
1247         }
1248 } /* ng_btsocket_rfcomm_connect_cfm */
1249
1250 /*****************************************************************************
1251  *****************************************************************************
1252  **                              RFCOMM sessions
1253  *****************************************************************************
1254  *****************************************************************************/
1255
1256 /*
1257  * Create new RFCOMM session. That function WILL NOT take ownership over l2so.
1258  * Caller MUST free l2so if function failed.
1259  */
1260
1261 static int
1262 ng_btsocket_rfcomm_session_create(ng_btsocket_rfcomm_session_p *sp,
1263                 struct socket *l2so, bdaddr_p src, bdaddr_p dst,
1264                 struct thread *td)
1265 {
1266         ng_btsocket_rfcomm_session_p    s = NULL;
1267         struct sockaddr_l2cap           l2sa;
1268         struct sockopt                  l2sopt;
1269         int                             error;
1270         u_int16_t                       mtu;
1271
1272         mtx_assert(&ng_btsocket_rfcomm_sessions_mtx, MA_OWNED);
1273
1274         /* Allocate the RFCOMM session */
1275         s = malloc(sizeof(*s),
1276                 M_NETGRAPH_BTSOCKET_RFCOMM, M_NOWAIT | M_ZERO);
1277         if (s == NULL)
1278                 return (ENOMEM);
1279
1280         /* Set defaults */
1281         s->mtu = RFCOMM_DEFAULT_MTU;
1282         s->flags = 0;
1283         s->state = NG_BTSOCKET_RFCOMM_SESSION_CLOSED;
1284         NG_BT_MBUFQ_INIT(&s->outq, ifqmaxlen);
1285
1286         /*
1287          * XXX Mark session mutex as DUPOK to prevent "duplicated lock of
1288          * the same type" message. When accepting new L2CAP connection
1289          * ng_btsocket_rfcomm_session_accept() holds both session mutexes
1290          * for "old" (accepting) session and "new" (created) session.
1291          */
1292
1293         mtx_init(&s->session_mtx, "btsocks_rfcomm_session_mtx", NULL,
1294                 MTX_DEF|MTX_DUPOK);
1295
1296         LIST_INIT(&s->dlcs);
1297
1298         /* Prepare L2CAP socket */
1299         SOCKBUF_LOCK(&l2so->so_rcv);
1300         soupcall_set(l2so, SO_RCV, ng_btsocket_rfcomm_upcall, NULL);
1301         SOCKBUF_UNLOCK(&l2so->so_rcv);
1302         SOCKBUF_LOCK(&l2so->so_snd);
1303         soupcall_set(l2so, SO_SND, ng_btsocket_rfcomm_upcall, NULL);
1304         SOCKBUF_UNLOCK(&l2so->so_snd);
1305         l2so->so_state |= SS_NBIO;
1306         s->l2so = l2so;
1307
1308         mtx_lock(&s->session_mtx);
1309
1310         /*
1311          * "src" == NULL and "dst" == NULL means just create session.
1312          * caller must do the rest
1313          */
1314
1315         if (src == NULL && dst == NULL)
1316                 goto done;
1317
1318         /*
1319          * Set incoming MTU on L2CAP socket. It is RFCOMM session default MTU
1320          * plus 5 bytes: RFCOMM frame header, one extra byte for length and one
1321          * extra byte for credits.
1322          */
1323
1324         mtu = s->mtu + sizeof(struct rfcomm_frame_hdr) + 1 + 1;
1325
1326         l2sopt.sopt_dir = SOPT_SET;
1327         l2sopt.sopt_level = SOL_L2CAP;
1328         l2sopt.sopt_name = SO_L2CAP_IMTU;
1329         l2sopt.sopt_val = (void *) &mtu;
1330         l2sopt.sopt_valsize = sizeof(mtu);
1331         l2sopt.sopt_td = NULL;
1332
1333         error = sosetopt(s->l2so, &l2sopt);
1334         if (error != 0)
1335                 goto bad;
1336
1337         /* Bind socket to "src" address */
1338         l2sa.l2cap_len = sizeof(l2sa);
1339         l2sa.l2cap_family = AF_BLUETOOTH;
1340         l2sa.l2cap_psm = (dst == NULL)? htole16(NG_L2CAP_PSM_RFCOMM) : 0;
1341         bcopy(src, &l2sa.l2cap_bdaddr, sizeof(l2sa.l2cap_bdaddr));
1342         l2sa.l2cap_cid = 0;
1343         l2sa.l2cap_bdaddr_type = BDADDR_BREDR;
1344
1345         error = sobind(s->l2so, (struct sockaddr *) &l2sa, td);
1346         if (error != 0)
1347                 goto bad;
1348
1349         /* If "dst" is not NULL then initiate connect(), otherwise listen() */
1350         if (dst == NULL) {
1351                 s->flags = 0;
1352                 s->state = NG_BTSOCKET_RFCOMM_SESSION_LISTENING;
1353
1354                 error = solisten(s->l2so, 10, td);
1355                 if (error != 0)
1356                         goto bad;
1357         } else {
1358                 s->flags = NG_BTSOCKET_RFCOMM_SESSION_INITIATOR;
1359                 s->state = NG_BTSOCKET_RFCOMM_SESSION_CONNECTING;
1360
1361                 l2sa.l2cap_len = sizeof(l2sa);
1362                 l2sa.l2cap_family = AF_BLUETOOTH;
1363                 l2sa.l2cap_psm = htole16(NG_L2CAP_PSM_RFCOMM);
1364                 bcopy(dst, &l2sa.l2cap_bdaddr, sizeof(l2sa.l2cap_bdaddr));
1365                 l2sa.l2cap_cid = 0;
1366                 l2sa.l2cap_bdaddr_type = BDADDR_BREDR;
1367
1368                 error = soconnect(s->l2so, (struct sockaddr *) &l2sa, td);
1369                 if (error != 0)
1370                         goto bad;
1371         }
1372
1373 done:
1374         LIST_INSERT_HEAD(&ng_btsocket_rfcomm_sessions, s, next);
1375         *sp = s;
1376
1377         mtx_unlock(&s->session_mtx);
1378
1379         return (0);
1380
1381 bad:
1382         mtx_unlock(&s->session_mtx);
1383
1384         /* Return L2CAP socket back to its original state */
1385         SOCKBUF_LOCK(&l2so->so_rcv);
1386         soupcall_clear(s->l2so, SO_RCV);
1387         SOCKBUF_UNLOCK(&l2so->so_rcv);
1388         SOCKBUF_LOCK(&l2so->so_snd);
1389         soupcall_clear(s->l2so, SO_SND);
1390         SOCKBUF_UNLOCK(&l2so->so_snd);
1391         l2so->so_state &= ~SS_NBIO;
1392
1393         mtx_destroy(&s->session_mtx);
1394         bzero(s, sizeof(*s));
1395         free(s, M_NETGRAPH_BTSOCKET_RFCOMM);
1396
1397         return (error);
1398 } /* ng_btsocket_rfcomm_session_create */
1399
1400 /*
1401  * Process accept() on RFCOMM session
1402  * XXX FIXME locking for "l2so"?
1403  */
1404
1405 static int
1406 ng_btsocket_rfcomm_session_accept(ng_btsocket_rfcomm_session_p s0)
1407 {
1408         struct socket                   *l2so = NULL;
1409         struct sockaddr_l2cap           *l2sa = NULL;
1410         ng_btsocket_l2cap_pcb_t         *l2pcb = NULL;
1411         ng_btsocket_rfcomm_session_p     s = NULL;
1412         int                              error = 0;
1413
1414         mtx_assert(&ng_btsocket_rfcomm_sessions_mtx, MA_OWNED);
1415         mtx_assert(&s0->session_mtx, MA_OWNED);
1416
1417         /* Check if there is a complete L2CAP connection in the queue */
1418         if ((error = s0->l2so->so_error) != 0) {
1419                 NG_BTSOCKET_RFCOMM_ERR(
1420 "%s: Could not accept connection on L2CAP socket, error=%d\n", __func__, error);
1421                 s0->l2so->so_error = 0;
1422
1423                 return (error);
1424         }
1425
1426         ACCEPT_LOCK();
1427         if (TAILQ_EMPTY(&s0->l2so->so_comp)) {
1428                 ACCEPT_UNLOCK();
1429                 if (s0->l2so->so_rcv.sb_state & SBS_CANTRCVMORE)
1430                         return (ECONNABORTED);
1431                 return (EWOULDBLOCK);
1432         }
1433
1434         /* Accept incoming L2CAP connection */
1435         l2so = TAILQ_FIRST(&s0->l2so->so_comp);
1436         if (l2so == NULL)
1437                 panic("%s: l2so == NULL\n", __func__);
1438
1439         TAILQ_REMOVE(&s0->l2so->so_comp, l2so, so_list);
1440         s0->l2so->so_qlen --;
1441         l2so->so_qstate &= ~SQ_COMP;
1442         l2so->so_head = NULL;
1443         SOCK_LOCK(l2so);
1444         soref(l2so);
1445         l2so->so_state |= SS_NBIO;
1446         SOCK_UNLOCK(l2so);
1447         ACCEPT_UNLOCK();
1448
1449         error = soaccept(l2so, (struct sockaddr **) &l2sa);
1450         if (error != 0) {
1451                 NG_BTSOCKET_RFCOMM_ERR(
1452 "%s: soaccept() on L2CAP socket failed, error=%d\n", __func__, error);
1453                 soclose(l2so);
1454
1455                 return (error);
1456         }
1457
1458         /*
1459          * Check if there is already active RFCOMM session between two devices.
1460          * If so then close L2CAP connection. We only support one RFCOMM session
1461          * between each pair of devices. Note that here we assume session in any
1462          * state. The session even could be in the middle of disconnecting.
1463          */
1464
1465         l2pcb = so2l2cap_pcb(l2so);
1466         s = ng_btsocket_rfcomm_session_by_addr(&l2pcb->src, &l2pcb->dst);
1467         if (s == NULL) {
1468                 /* Create a new RFCOMM session */
1469                 error = ng_btsocket_rfcomm_session_create(&s, l2so, NULL, NULL,
1470                                 curthread /* XXX */);
1471                 if (error == 0) {
1472                         mtx_lock(&s->session_mtx);
1473
1474                         s->flags = 0;
1475                         s->state = NG_BTSOCKET_RFCOMM_SESSION_CONNECTED;
1476
1477                         /*
1478                          * Adjust MTU on incoming connection. Reserve 5 bytes:
1479                          * RFCOMM frame header, one extra byte for length and
1480                          * one extra byte for credits.
1481                          */
1482
1483                         s->mtu = min(l2pcb->imtu, l2pcb->omtu) -
1484                                         sizeof(struct rfcomm_frame_hdr) - 1 - 1;
1485
1486                         mtx_unlock(&s->session_mtx);
1487                 } else {
1488                         NG_BTSOCKET_RFCOMM_ALERT(
1489 "%s: Failed to create new RFCOMM session, error=%d\n", __func__, error);
1490
1491                         soclose(l2so);
1492                 }
1493         } else {
1494                 NG_BTSOCKET_RFCOMM_WARN(
1495 "%s: Rejecting duplicating RFCOMM session between src=%x:%x:%x:%x:%x:%x and " \
1496 "dst=%x:%x:%x:%x:%x:%x, state=%d, flags=%#x\n", __func__,
1497                         l2pcb->src.b[5], l2pcb->src.b[4], l2pcb->src.b[3],
1498                         l2pcb->src.b[2], l2pcb->src.b[1], l2pcb->src.b[0],
1499                         l2pcb->dst.b[5], l2pcb->dst.b[4], l2pcb->dst.b[3],
1500                         l2pcb->dst.b[2], l2pcb->dst.b[1], l2pcb->dst.b[0],
1501                         s->state, s->flags);
1502
1503                 error = EBUSY;
1504                 soclose(l2so);
1505         }
1506
1507         return (error);
1508 } /* ng_btsocket_rfcomm_session_accept */
1509
1510 /*
1511  * Process connect() on RFCOMM session
1512  * XXX FIXME locking for "l2so"?
1513  */
1514
1515 static int
1516 ng_btsocket_rfcomm_session_connect(ng_btsocket_rfcomm_session_p s)
1517 {
1518         ng_btsocket_l2cap_pcb_p l2pcb = so2l2cap_pcb(s->l2so);
1519         int                     error;
1520
1521         mtx_assert(&s->session_mtx, MA_OWNED);
1522
1523         /* First check if connection has failed */
1524         if ((error = s->l2so->so_error) != 0) {
1525                 s->l2so->so_error = 0;
1526
1527                 NG_BTSOCKET_RFCOMM_ERR(
1528 "%s: Could not connect RFCOMM session, error=%d, state=%d, flags=%#x\n",
1529                         __func__, error, s->state, s->flags);
1530
1531                 return (error);
1532         }
1533
1534         /* Is connection still in progress? */
1535         if (s->l2so->so_state & SS_ISCONNECTING)
1536                 return (0);
1537
1538         /*
1539          * If we got here then we are connected. Send SABM on DLCI 0 to
1540          * open multiplexor channel.
1541          */
1542
1543         if (error == 0) {
1544                 s->state = NG_BTSOCKET_RFCOMM_SESSION_CONNECTED;
1545
1546                 /*
1547                  * Adjust MTU on outgoing connection. Reserve 5 bytes: RFCOMM
1548                  * frame header, one extra byte for length and one extra byte
1549                  * for credits.
1550                  */
1551
1552                 s->mtu = min(l2pcb->imtu, l2pcb->omtu) -
1553                                 sizeof(struct rfcomm_frame_hdr) - 1 - 1;
1554
1555                 error = ng_btsocket_rfcomm_send_command(s,RFCOMM_FRAME_SABM,0);
1556                 if (error == 0)
1557                         error = ng_btsocket_rfcomm_task_wakeup();
1558         }
1559
1560         return (error);
1561 }/* ng_btsocket_rfcomm_session_connect */
1562
1563 /*
1564  * Receive data on RFCOMM session
1565  * XXX FIXME locking for "l2so"?
1566  */
1567
1568 static int
1569 ng_btsocket_rfcomm_session_receive(ng_btsocket_rfcomm_session_p s)
1570 {
1571         struct mbuf     *m = NULL;
1572         struct uio       uio;
1573         int              more, flags, error;
1574
1575         mtx_assert(&s->session_mtx, MA_OWNED);
1576
1577         /* Can we read from the L2CAP socket? */
1578         if (!soreadable(s->l2so))
1579                 return (0);
1580
1581         /* First check for error on L2CAP socket */
1582         if ((error = s->l2so->so_error) != 0) {
1583                 s->l2so->so_error = 0;
1584
1585                 NG_BTSOCKET_RFCOMM_ERR(
1586 "%s: Could not receive data from L2CAP socket, error=%d, state=%d, flags=%#x\n",
1587                         __func__, error, s->state, s->flags);
1588
1589                 return (error);
1590         }
1591
1592         /*
1593          * Read all packets from the L2CAP socket.
1594          * XXX FIXME/VERIFY is that correct? For now use m->m_nextpkt as
1595          * indication that there is more packets on the socket's buffer.
1596          * Also what should we use in uio.uio_resid?
1597          * May be s->mtu + sizeof(struct rfcomm_frame_hdr) + 1 + 1?
1598          */
1599
1600         for (more = 1; more; ) {
1601                 /* Try to get next packet from socket */
1602                 bzero(&uio, sizeof(uio));
1603 /*              uio.uio_td = NULL; */
1604                 uio.uio_resid = 1000000000;
1605                 flags = MSG_DONTWAIT;
1606
1607                 m = NULL;
1608                 error = soreceive(s->l2so, NULL, &uio, &m,
1609                     (struct mbuf **) NULL, &flags);
1610                 if (error != 0) {
1611                         if (error == EWOULDBLOCK)
1612                                 return (0); /* XXX can happen? */
1613
1614                         NG_BTSOCKET_RFCOMM_ERR(
1615 "%s: Could not receive data from L2CAP socket, error=%d\n", __func__, error);
1616
1617                         return (error);
1618                 }
1619
1620                 more = (m->m_nextpkt != NULL);
1621                 m->m_nextpkt = NULL;
1622
1623                 ng_btsocket_rfcomm_receive_frame(s, m);
1624         }
1625
1626         return (0);
1627 } /* ng_btsocket_rfcomm_session_receive */
1628
1629 /*
1630  * Send data on RFCOMM session
1631  * XXX FIXME locking for "l2so"?
1632  */
1633
1634 static int
1635 ng_btsocket_rfcomm_session_send(ng_btsocket_rfcomm_session_p s)
1636 {
1637         struct mbuf     *m = NULL;
1638         int              error;
1639
1640         mtx_assert(&s->session_mtx, MA_OWNED);
1641
1642         /* Send as much as we can from the session queue */
1643         while (sowriteable(s->l2so)) {
1644                 /* Check if socket still OK */
1645                 if ((error = s->l2so->so_error) != 0) {
1646                         s->l2so->so_error = 0;
1647
1648                         NG_BTSOCKET_RFCOMM_ERR(
1649 "%s: Detected error=%d on L2CAP socket, state=%d, flags=%#x\n",
1650                                 __func__, error, s->state, s->flags);
1651
1652                         return (error);
1653                 }
1654
1655                 NG_BT_MBUFQ_DEQUEUE(&s->outq, m);
1656                 if (m == NULL)
1657                         return (0); /* we are done */
1658
1659                 /* Call send function on the L2CAP socket */
1660                 error = (*s->l2so->so_proto->pr_usrreqs->pru_send)(s->l2so,
1661                                 0, m, NULL, NULL, curthread /* XXX */);
1662                 if (error != 0) {
1663                         NG_BTSOCKET_RFCOMM_ERR(
1664 "%s: Could not send data to L2CAP socket, error=%d\n", __func__, error);
1665
1666                         return (error);
1667                 }
1668         }
1669
1670         return (0);
1671 } /* ng_btsocket_rfcomm_session_send */
1672
1673 /*
1674  * Close and disconnect all DLCs for the given session. Caller must hold
1675  * s->sesson_mtx. Will wakeup session.
1676  */
1677
1678 static void
1679 ng_btsocket_rfcomm_session_clean(ng_btsocket_rfcomm_session_p s)
1680 {
1681         ng_btsocket_rfcomm_pcb_p        pcb = NULL, pcb_next = NULL;
1682         int                             error;
1683
1684         mtx_assert(&s->session_mtx, MA_OWNED);
1685
1686         /*
1687          * Note: cannot use LIST_FOREACH because ng_btsocket_rfcomm_pcb_kill
1688          * will unlink DLC from the session
1689          */
1690
1691         for (pcb = LIST_FIRST(&s->dlcs); pcb != NULL; ) {
1692                 mtx_lock(&pcb->pcb_mtx);
1693                 pcb_next = LIST_NEXT(pcb, session_next);
1694
1695                 NG_BTSOCKET_RFCOMM_INFO(
1696 "%s: Disconnecting dlci=%d, state=%d, flags=%#x\n",
1697                         __func__, pcb->dlci, pcb->state, pcb->flags);
1698
1699                 if (pcb->state == NG_BTSOCKET_RFCOMM_DLC_CONNECTED)
1700                         error = ECONNRESET;
1701                 else
1702                         error = ECONNREFUSED;
1703
1704                 ng_btsocket_rfcomm_pcb_kill(pcb, error);
1705
1706                 mtx_unlock(&pcb->pcb_mtx);
1707                 pcb = pcb_next;
1708         }
1709 } /* ng_btsocket_rfcomm_session_clean */
1710
1711 /*
1712  * Process all DLCs on the session. Caller MUST hold s->session_mtx.
1713  */
1714
1715 static void
1716 ng_btsocket_rfcomm_session_process_pcb(ng_btsocket_rfcomm_session_p s)
1717 {
1718         ng_btsocket_rfcomm_pcb_p        pcb = NULL, pcb_next = NULL;
1719         int                             error;
1720
1721         mtx_assert(&s->session_mtx, MA_OWNED);
1722
1723         /*
1724          * Note: cannot use LIST_FOREACH because ng_btsocket_rfcomm_pcb_kill
1725          * will unlink DLC from the session
1726          */
1727
1728         for (pcb = LIST_FIRST(&s->dlcs); pcb != NULL; ) {
1729                 mtx_lock(&pcb->pcb_mtx);
1730                 pcb_next = LIST_NEXT(pcb, session_next);
1731
1732                 switch (pcb->state) {
1733
1734                 /*
1735                  * If DLC in W4_CONNECT state then we should check for both
1736                  * timeout and detach.
1737                  */
1738
1739                 case NG_BTSOCKET_RFCOMM_DLC_W4_CONNECT:
1740                         if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_DETACHED)
1741                                 ng_btsocket_rfcomm_pcb_kill(pcb, 0);
1742                         else if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_TIMEDOUT)
1743                                 ng_btsocket_rfcomm_pcb_kill(pcb, ETIMEDOUT);
1744                         break;
1745
1746                 /*
1747                  * If DLC in CONFIGURING or CONNECTING state then we only
1748                  * should check for timeout. If detach() was called then
1749                  * DLC will be moved into DISCONNECTING state.
1750                  */
1751
1752                 case NG_BTSOCKET_RFCOMM_DLC_CONFIGURING:
1753                 case NG_BTSOCKET_RFCOMM_DLC_CONNECTING:
1754                         if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_TIMEDOUT)
1755                                 ng_btsocket_rfcomm_pcb_kill(pcb, ETIMEDOUT);
1756                         break;
1757
1758                 /*
1759                  * If DLC in CONNECTED state then we need to send data (if any)
1760                  * from the socket's send queue. Note that we will send data
1761                  * from either all sockets or none. This may overload session's
1762                  * outgoing queue (but we do not check for that).
1763                  *
1764                  * XXX FIXME need scheduler for RFCOMM sockets
1765                  */
1766
1767                 case NG_BTSOCKET_RFCOMM_DLC_CONNECTED:
1768                         error = ng_btsocket_rfcomm_pcb_send(pcb, ALOT);
1769                         if (error != 0)
1770                                 ng_btsocket_rfcomm_pcb_kill(pcb, error);
1771                         break;
1772
1773                 /*
1774                  * If DLC in DISCONNECTING state then we must send DISC frame.
1775                  * Note that if DLC has timeout set then we do not need to
1776                  * resend DISC frame.
1777                  *
1778                  * XXX FIXME need to drain all data from the socket's queue
1779                  * if LINGER option was set
1780                  */
1781
1782                 case NG_BTSOCKET_RFCOMM_DLC_DISCONNECTING:
1783                         if (!(pcb->flags & NG_BTSOCKET_RFCOMM_DLC_TIMO)) {
1784                                 error = ng_btsocket_rfcomm_send_command(
1785                                                 pcb->session, RFCOMM_FRAME_DISC,
1786                                                 pcb->dlci);
1787                                 if (error == 0)
1788                                         ng_btsocket_rfcomm_timeout(pcb);
1789                                 else
1790                                         ng_btsocket_rfcomm_pcb_kill(pcb, error);
1791                         } else if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_TIMEDOUT)
1792                                 ng_btsocket_rfcomm_pcb_kill(pcb, ETIMEDOUT);
1793                         break;
1794
1795 /*              case NG_BTSOCKET_RFCOMM_DLC_CLOSED: */
1796                 default:
1797                         panic("%s: Invalid DLC state=%d, flags=%#x\n",
1798                                 __func__, pcb->state, pcb->flags);
1799                         break;
1800                 }
1801
1802                 mtx_unlock(&pcb->pcb_mtx);
1803                 pcb = pcb_next;
1804         }
1805 } /* ng_btsocket_rfcomm_session_process_pcb */
1806
1807 /*
1808  * Find RFCOMM session between "src" and "dst".
1809  * Caller MUST hold ng_btsocket_rfcomm_sessions_mtx.
1810  */
1811
1812 static ng_btsocket_rfcomm_session_p
1813 ng_btsocket_rfcomm_session_by_addr(bdaddr_p src, bdaddr_p dst)
1814 {
1815         ng_btsocket_rfcomm_session_p    s = NULL;
1816         ng_btsocket_l2cap_pcb_p         l2pcb = NULL;
1817         int                             any_src;
1818
1819         mtx_assert(&ng_btsocket_rfcomm_sessions_mtx, MA_OWNED);
1820
1821         any_src = (bcmp(src, NG_HCI_BDADDR_ANY, sizeof(*src)) == 0);
1822
1823         LIST_FOREACH(s, &ng_btsocket_rfcomm_sessions, next) {
1824                 l2pcb = so2l2cap_pcb(s->l2so);
1825
1826                 if ((any_src || bcmp(&l2pcb->src, src, sizeof(*src)) == 0) &&
1827                     bcmp(&l2pcb->dst, dst, sizeof(*dst)) == 0)
1828                         break;
1829         }
1830
1831         return (s);
1832 } /* ng_btsocket_rfcomm_session_by_addr */
1833
1834 /*****************************************************************************
1835  *****************************************************************************
1836  **                                  RFCOMM
1837  *****************************************************************************
1838  *****************************************************************************/
1839
1840 /*
1841  * Process incoming RFCOMM frame. Caller must hold s->session_mtx.
1842  * XXX FIXME check frame length
1843  */
1844
1845 static int
1846 ng_btsocket_rfcomm_receive_frame(ng_btsocket_rfcomm_session_p s,
1847                 struct mbuf *m0)
1848 {
1849         struct rfcomm_frame_hdr *hdr = NULL;
1850         struct mbuf             *m = NULL;
1851         u_int16_t                length;
1852         u_int8_t                 dlci, type;
1853         int                      error = 0;
1854
1855         mtx_assert(&s->session_mtx, MA_OWNED);
1856
1857         /* Pullup as much as we can into first mbuf (for direct access) */
1858         length = min(m0->m_pkthdr.len, MHLEN);
1859         if (m0->m_len < length) {
1860                 if ((m0 = m_pullup(m0, length)) == NULL) {
1861                         NG_BTSOCKET_RFCOMM_ALERT(
1862 "%s: m_pullup(%d) failed\n", __func__, length);
1863
1864                         return (ENOBUFS);
1865                 }
1866         }
1867
1868         hdr = mtod(m0, struct rfcomm_frame_hdr *);
1869         dlci = RFCOMM_DLCI(hdr->address);
1870         type = RFCOMM_TYPE(hdr->control);
1871
1872         /* Test EA bit in length. If not set then we have 2 bytes of length */
1873         if (!RFCOMM_EA(hdr->length)) {
1874                 bcopy(&hdr->length, &length, sizeof(length));
1875                 length = le16toh(length) >> 1;
1876                 m_adj(m0, sizeof(*hdr) + 1);
1877         } else {
1878                 length = hdr->length >> 1;
1879                 m_adj(m0, sizeof(*hdr));
1880         }
1881
1882         NG_BTSOCKET_RFCOMM_INFO(
1883 "%s: Got frame type=%#x, dlci=%d, length=%d, cr=%d, pf=%d, len=%d\n",
1884                 __func__, type, dlci, length, RFCOMM_CR(hdr->address),
1885                 RFCOMM_PF(hdr->control), m0->m_pkthdr.len);
1886
1887         /*
1888          * Get FCS (the last byte in the frame)
1889          * XXX this will not work if mbuf chain ends with empty mbuf.
1890          * XXX let's hope it never happens :)
1891          */
1892
1893         for (m = m0; m->m_next != NULL; m = m->m_next)
1894                 ;
1895         if (m->m_len <= 0)
1896                 panic("%s: Empty mbuf at the end of the chain, len=%d\n",
1897                         __func__, m->m_len);
1898
1899         /*
1900          * Check FCS. We only need to calculate FCS on first 2 or 3 bytes
1901          * and already m_pullup'ed mbuf chain, so it should be safe.
1902          */
1903
1904         if (ng_btsocket_rfcomm_check_fcs((u_int8_t *) hdr, type, m->m_data[m->m_len - 1])) {
1905                 NG_BTSOCKET_RFCOMM_ERR(
1906 "%s: Invalid RFCOMM packet. Bad checksum\n", __func__);
1907                 NG_FREE_M(m0);
1908
1909                 return (EINVAL);
1910         }
1911
1912         m_adj(m0, -1); /* Trim FCS byte */
1913
1914         /*
1915          * Process RFCOMM frame.
1916          *
1917          * From TS 07.10 spec
1918          *
1919          * "... In the case where a SABM or DISC command with the P bit set
1920          * to 0 is received then the received frame shall be discarded..."
1921          *
1922          * "... If a unsolicited DM response is received then the frame shall
1923          * be processed irrespective of the P/F setting... "
1924          *
1925          * "... The station may transmit response frames with the F bit set
1926          * to 0 at any opportunity on an asynchronous basis. However, in the
1927          * case where a UA response is received with the F bit set to 0 then
1928          * the received frame shall be discarded..."
1929          *
1930          * From Bluetooth spec
1931          *
1932          * "... When credit based flow control is being used, the meaning of
1933          * the P/F bit in the control field of the RFCOMM header is redefined
1934          * for UIH frames..."
1935          */
1936
1937         switch (type) {
1938         case RFCOMM_FRAME_SABM:
1939                 if (RFCOMM_PF(hdr->control))
1940                         error = ng_btsocket_rfcomm_receive_sabm(s, dlci);
1941                 break;
1942
1943         case RFCOMM_FRAME_DISC:
1944                 if (RFCOMM_PF(hdr->control))
1945                         error = ng_btsocket_rfcomm_receive_disc(s, dlci);
1946                 break;
1947
1948         case RFCOMM_FRAME_UA:
1949                 if (RFCOMM_PF(hdr->control))
1950                         error = ng_btsocket_rfcomm_receive_ua(s, dlci);
1951                 break;
1952
1953         case RFCOMM_FRAME_DM:
1954                 error = ng_btsocket_rfcomm_receive_dm(s, dlci);
1955                 break;
1956
1957         case RFCOMM_FRAME_UIH:
1958                 if (dlci == 0)
1959                         error = ng_btsocket_rfcomm_receive_mcc(s, m0);
1960                 else
1961                         error = ng_btsocket_rfcomm_receive_uih(s, dlci,
1962                                         RFCOMM_PF(hdr->control), m0);
1963
1964                 return (error);
1965                 /* NOT REACHED */
1966
1967         default:
1968                 NG_BTSOCKET_RFCOMM_ERR(
1969 "%s: Invalid RFCOMM packet. Unknown type=%#x\n", __func__, type);
1970                 error = EINVAL;
1971                 break;
1972         }
1973
1974         NG_FREE_M(m0);
1975
1976         return (error);
1977 } /* ng_btsocket_rfcomm_receive_frame */
1978
1979 /*
1980  * Process RFCOMM SABM frame
1981  */
1982
1983 static int
1984 ng_btsocket_rfcomm_receive_sabm(ng_btsocket_rfcomm_session_p s, int dlci)
1985 {
1986         ng_btsocket_rfcomm_pcb_p        pcb = NULL;
1987         int                             error = 0;
1988
1989         mtx_assert(&s->session_mtx, MA_OWNED);
1990
1991         NG_BTSOCKET_RFCOMM_INFO(
1992 "%s: Got SABM, session state=%d, flags=%#x, mtu=%d, dlci=%d\n",
1993                 __func__, s->state, s->flags, s->mtu, dlci);
1994
1995         /* DLCI == 0 means open multiplexor channel */
1996         if (dlci == 0) {
1997                 switch (s->state) {
1998                 case NG_BTSOCKET_RFCOMM_SESSION_CONNECTED:
1999                 case NG_BTSOCKET_RFCOMM_SESSION_OPEN:
2000                         error = ng_btsocket_rfcomm_send_command(s,
2001                                         RFCOMM_FRAME_UA, dlci);
2002                         if (error == 0) {
2003                                 s->state = NG_BTSOCKET_RFCOMM_SESSION_OPEN;
2004                                 ng_btsocket_rfcomm_connect_cfm(s);
2005                         } else {
2006                                 s->state = NG_BTSOCKET_RFCOMM_SESSION_CLOSED;
2007                                 ng_btsocket_rfcomm_session_clean(s);
2008                         }
2009                         break;
2010
2011                 default:
2012                         NG_BTSOCKET_RFCOMM_WARN(
2013 "%s: Got SABM for session in invalid state state=%d, flags=%#x\n",
2014                                 __func__, s->state, s->flags);
2015                         error = EINVAL;
2016                         break;
2017                 }
2018
2019                 return (error);
2020         }
2021
2022         /* Make sure multiplexor channel is open */
2023         if (s->state != NG_BTSOCKET_RFCOMM_SESSION_OPEN) {
2024                 NG_BTSOCKET_RFCOMM_ERR(
2025 "%s: Got SABM for dlci=%d with mulitplexor channel closed, state=%d, " \
2026 "flags=%#x\n",          __func__, dlci, s->state, s->flags);
2027
2028                 return (EINVAL);
2029         }
2030
2031         /*
2032          * Check if we have this DLCI. This might happen when remote
2033          * peer uses PN command before actual open (SABM) happens.
2034          */
2035
2036         pcb = ng_btsocket_rfcomm_pcb_by_dlci(s, dlci);
2037         if (pcb != NULL) {
2038                 mtx_lock(&pcb->pcb_mtx);
2039
2040                 if (pcb->state != NG_BTSOCKET_RFCOMM_DLC_CONNECTING) {
2041                         NG_BTSOCKET_RFCOMM_ERR(
2042 "%s: Got SABM for dlci=%d in invalid state=%d, flags=%#x\n",
2043                                 __func__, dlci, pcb->state, pcb->flags);
2044                         mtx_unlock(&pcb->pcb_mtx);
2045
2046                         return (ENOENT);
2047                 }
2048
2049                 ng_btsocket_rfcomm_untimeout(pcb);
2050
2051                 error = ng_btsocket_rfcomm_send_command(s,RFCOMM_FRAME_UA,dlci);
2052                 if (error == 0)
2053                         error = ng_btsocket_rfcomm_send_msc(pcb);
2054
2055                 if (error == 0) {
2056                         pcb->state = NG_BTSOCKET_RFCOMM_DLC_CONNECTED;
2057                         soisconnected(pcb->so);
2058                 } else
2059                         ng_btsocket_rfcomm_pcb_kill(pcb, error);
2060
2061                 mtx_unlock(&pcb->pcb_mtx);
2062
2063                 return (error);
2064         }
2065
2066         /*
2067          * We do not have requested DLCI, so it must be an incoming connection
2068          * with default parameters. Try to accept it.
2069          */
2070
2071         pcb = ng_btsocket_rfcomm_connect_ind(s, RFCOMM_SRVCHANNEL(dlci));
2072         if (pcb != NULL) {
2073                 mtx_lock(&pcb->pcb_mtx);
2074
2075                 pcb->dlci = dlci;
2076
2077                 error = ng_btsocket_rfcomm_send_command(s,RFCOMM_FRAME_UA,dlci);
2078                 if (error == 0)
2079                         error = ng_btsocket_rfcomm_send_msc(pcb);
2080
2081                 if (error == 0) {
2082                         pcb->state = NG_BTSOCKET_RFCOMM_DLC_CONNECTED;
2083                         soisconnected(pcb->so);
2084                 } else
2085                         ng_btsocket_rfcomm_pcb_kill(pcb, error);
2086
2087                 mtx_unlock(&pcb->pcb_mtx);
2088         } else
2089                 /* Nobody is listen()ing on the requested DLCI */
2090                 error = ng_btsocket_rfcomm_send_command(s,RFCOMM_FRAME_DM,dlci);
2091
2092         return (error);
2093 } /* ng_btsocket_rfcomm_receive_sabm */
2094
2095 /*
2096  * Process RFCOMM DISC frame
2097  */
2098
2099 static int
2100 ng_btsocket_rfcomm_receive_disc(ng_btsocket_rfcomm_session_p s, int dlci)
2101 {
2102         ng_btsocket_rfcomm_pcb_p        pcb = NULL;
2103         int                             error = 0;
2104
2105         mtx_assert(&s->session_mtx, MA_OWNED);
2106
2107         NG_BTSOCKET_RFCOMM_INFO(
2108 "%s: Got DISC, session state=%d, flags=%#x, mtu=%d, dlci=%d\n",
2109                 __func__, s->state, s->flags, s->mtu, dlci);
2110
2111         /* DLCI == 0 means close multiplexor channel */
2112         if (dlci == 0) {
2113                 /* XXX FIXME assume that remote side will close the socket */
2114                 error = ng_btsocket_rfcomm_send_command(s, RFCOMM_FRAME_UA, 0);
2115                 if (error == 0) {
2116                         if (s->state == NG_BTSOCKET_RFCOMM_SESSION_DISCONNECTING)
2117                                 s->state = NG_BTSOCKET_RFCOMM_SESSION_CLOSED; /* XXX */
2118                         else
2119                                 s->state = NG_BTSOCKET_RFCOMM_SESSION_DISCONNECTING;
2120                 } else
2121                         s->state = NG_BTSOCKET_RFCOMM_SESSION_CLOSED; /* XXX */
2122
2123                 ng_btsocket_rfcomm_session_clean(s);
2124         } else {
2125                 pcb = ng_btsocket_rfcomm_pcb_by_dlci(s, dlci);
2126                 if (pcb != NULL) {
2127                         int     err;
2128
2129                         mtx_lock(&pcb->pcb_mtx);
2130
2131                         NG_BTSOCKET_RFCOMM_INFO(
2132 "%s: Got DISC for dlci=%d, state=%d, flags=%#x\n",
2133                                 __func__, dlci, pcb->state, pcb->flags);
2134
2135                         error = ng_btsocket_rfcomm_send_command(s,
2136                                         RFCOMM_FRAME_UA, dlci);
2137
2138                         if (pcb->state == NG_BTSOCKET_RFCOMM_DLC_CONNECTED)
2139                                 err = 0;
2140                         else
2141                                 err = ECONNREFUSED;
2142
2143                         ng_btsocket_rfcomm_pcb_kill(pcb, err);
2144
2145                         mtx_unlock(&pcb->pcb_mtx);
2146                 } else {
2147                         NG_BTSOCKET_RFCOMM_WARN(
2148 "%s: Got DISC for non-existing dlci=%d\n", __func__, dlci);
2149
2150                         error = ng_btsocket_rfcomm_send_command(s,
2151                                         RFCOMM_FRAME_DM, dlci);
2152                 }
2153         }
2154
2155         return (error);
2156 } /* ng_btsocket_rfcomm_receive_disc */
2157
2158 /*
2159  * Process RFCOMM UA frame
2160  */
2161
2162 static int
2163 ng_btsocket_rfcomm_receive_ua(ng_btsocket_rfcomm_session_p s, int dlci)
2164 {
2165         ng_btsocket_rfcomm_pcb_p        pcb = NULL;
2166         int                             error = 0;
2167
2168         mtx_assert(&s->session_mtx, MA_OWNED);
2169
2170         NG_BTSOCKET_RFCOMM_INFO(
2171 "%s: Got UA, session state=%d, flags=%#x, mtu=%d, dlci=%d\n",
2172                 __func__, s->state, s->flags, s->mtu, dlci);
2173
2174         /* dlci == 0 means multiplexor channel */
2175         if (dlci == 0) {
2176                 switch (s->state) {
2177                 case NG_BTSOCKET_RFCOMM_SESSION_CONNECTED:
2178                         s->state = NG_BTSOCKET_RFCOMM_SESSION_OPEN;
2179                         ng_btsocket_rfcomm_connect_cfm(s);
2180                         break;
2181
2182                 case NG_BTSOCKET_RFCOMM_SESSION_DISCONNECTING:
2183                         s->state = NG_BTSOCKET_RFCOMM_SESSION_CLOSED;
2184                         ng_btsocket_rfcomm_session_clean(s);
2185                         break;
2186
2187                 default:
2188                         NG_BTSOCKET_RFCOMM_WARN(
2189 "%s: Got UA for session in invalid state=%d(%d), flags=%#x, mtu=%d\n",
2190                                 __func__, s->state, INITIATOR(s), s->flags,
2191                                 s->mtu);
2192                         error = ENOENT;
2193                         break;
2194                 }
2195
2196                 return (error);
2197         }
2198
2199         /* Check if we have this DLCI */
2200         pcb = ng_btsocket_rfcomm_pcb_by_dlci(s, dlci);
2201         if (pcb != NULL) {
2202                 mtx_lock(&pcb->pcb_mtx);
2203
2204                 NG_BTSOCKET_RFCOMM_INFO(
2205 "%s: Got UA for dlci=%d, state=%d, flags=%#x\n",
2206                         __func__, dlci, pcb->state, pcb->flags);
2207
2208                 switch (pcb->state) {
2209                 case NG_BTSOCKET_RFCOMM_DLC_CONNECTING:
2210                         ng_btsocket_rfcomm_untimeout(pcb);
2211
2212                         error = ng_btsocket_rfcomm_send_msc(pcb);
2213                         if (error == 0) {
2214                                 pcb->state = NG_BTSOCKET_RFCOMM_DLC_CONNECTED;
2215                                 soisconnected(pcb->so);
2216                         }
2217                         break;
2218
2219                 case NG_BTSOCKET_RFCOMM_DLC_DISCONNECTING:
2220                         ng_btsocket_rfcomm_pcb_kill(pcb, 0);
2221                         break;
2222
2223                 default:
2224                         NG_BTSOCKET_RFCOMM_WARN(
2225 "%s: Got UA for dlci=%d in invalid state=%d, flags=%#x\n",
2226                                 __func__, dlci, pcb->state, pcb->flags);
2227                         error = ENOENT;
2228                         break;
2229                 }
2230
2231                 mtx_unlock(&pcb->pcb_mtx);
2232         } else {
2233                 NG_BTSOCKET_RFCOMM_WARN(
2234 "%s: Got UA for non-existing dlci=%d\n", __func__, dlci);
2235
2236                 error = ng_btsocket_rfcomm_send_command(s,RFCOMM_FRAME_DM,dlci);
2237         }
2238
2239         return (error);
2240 } /* ng_btsocket_rfcomm_receive_ua */
2241
2242 /*
2243  * Process RFCOMM DM frame
2244  */
2245
2246 static int
2247 ng_btsocket_rfcomm_receive_dm(ng_btsocket_rfcomm_session_p s, int dlci)
2248 {
2249         ng_btsocket_rfcomm_pcb_p        pcb = NULL;
2250         int                             error;
2251
2252         mtx_assert(&s->session_mtx, MA_OWNED);
2253
2254         NG_BTSOCKET_RFCOMM_INFO(
2255 "%s: Got DM, session state=%d, flags=%#x, mtu=%d, dlci=%d\n",
2256                 __func__, s->state, s->flags, s->mtu, dlci);
2257
2258         /* DLCI == 0 means multiplexor channel */
2259         if (dlci == 0) {
2260                 /* Disconnect all dlc's on the session */
2261                 s->state = NG_BTSOCKET_RFCOMM_SESSION_CLOSED;
2262                 ng_btsocket_rfcomm_session_clean(s);
2263         } else {
2264                 pcb = ng_btsocket_rfcomm_pcb_by_dlci(s, dlci);
2265                 if (pcb != NULL) {
2266                         mtx_lock(&pcb->pcb_mtx);
2267
2268                         NG_BTSOCKET_RFCOMM_INFO(
2269 "%s: Got DM for dlci=%d, state=%d, flags=%#x\n",
2270                                 __func__, dlci, pcb->state, pcb->flags);
2271
2272                         if (pcb->state == NG_BTSOCKET_RFCOMM_DLC_CONNECTED)
2273                                 error = ECONNRESET;
2274                         else
2275                                 error = ECONNREFUSED;
2276
2277                         ng_btsocket_rfcomm_pcb_kill(pcb, error);
2278
2279                         mtx_unlock(&pcb->pcb_mtx);
2280                 } else
2281                         NG_BTSOCKET_RFCOMM_WARN(
2282 "%s: Got DM for non-existing dlci=%d\n", __func__, dlci);
2283         }
2284
2285         return (0);
2286 } /* ng_btsocket_rfcomm_receive_dm */
2287
2288 /*
2289  * Process RFCOMM UIH frame (data)
2290  */
2291
2292 static int
2293 ng_btsocket_rfcomm_receive_uih(ng_btsocket_rfcomm_session_p s, int dlci,
2294                 int pf, struct mbuf *m0)
2295 {
2296         ng_btsocket_rfcomm_pcb_p        pcb = NULL;
2297         int                             error = 0;
2298
2299         mtx_assert(&s->session_mtx, MA_OWNED);
2300
2301         NG_BTSOCKET_RFCOMM_INFO(
2302 "%s: Got UIH, session state=%d, flags=%#x, mtu=%d, dlci=%d, pf=%d, len=%d\n",
2303                 __func__, s->state, s->flags, s->mtu, dlci, pf,
2304                 m0->m_pkthdr.len);
2305
2306         /* XXX should we do it here? Check for session flow control */
2307         if (s->flags & NG_BTSOCKET_RFCOMM_SESSION_LFC) {
2308                 NG_BTSOCKET_RFCOMM_WARN(
2309 "%s: Got UIH with session flow control asserted, state=%d, flags=%#x\n",
2310                         __func__, s->state, s->flags);
2311                 goto drop;
2312         }
2313
2314         /* Check if we have this dlci */
2315         pcb = ng_btsocket_rfcomm_pcb_by_dlci(s, dlci);
2316         if (pcb == NULL) {
2317                 NG_BTSOCKET_RFCOMM_WARN(
2318 "%s: Got UIH for non-existing dlci=%d\n", __func__, dlci);
2319                 error = ng_btsocket_rfcomm_send_command(s,RFCOMM_FRAME_DM,dlci);
2320                 goto drop;
2321         }
2322
2323         mtx_lock(&pcb->pcb_mtx);
2324
2325         /* Check dlci state */
2326         if (pcb->state != NG_BTSOCKET_RFCOMM_DLC_CONNECTED) {
2327                 NG_BTSOCKET_RFCOMM_WARN(
2328 "%s: Got UIH for dlci=%d in invalid state=%d, flags=%#x\n",
2329                         __func__, dlci, pcb->state, pcb->flags);
2330                 error = EINVAL;
2331                 goto drop1;
2332         }
2333
2334         /* Check dlci flow control */
2335         if (((pcb->flags & NG_BTSOCKET_RFCOMM_DLC_CFC) && pcb->rx_cred <= 0) ||
2336              (pcb->lmodem & RFCOMM_MODEM_FC)) {
2337                 NG_BTSOCKET_RFCOMM_ERR(
2338 "%s: Got UIH for dlci=%d with asserted flow control, state=%d, " \
2339 "flags=%#x, rx_cred=%d, lmodem=%#x\n",
2340                         __func__, dlci, pcb->state, pcb->flags,
2341                         pcb->rx_cred, pcb->lmodem);
2342                 goto drop1;
2343         }
2344
2345         /* Did we get any credits? */
2346         if ((pcb->flags & NG_BTSOCKET_RFCOMM_DLC_CFC) && pf) {
2347                 NG_BTSOCKET_RFCOMM_INFO(
2348 "%s: Got %d more credits for dlci=%d, state=%d, flags=%#x, " \
2349 "rx_cred=%d, tx_cred=%d\n",
2350                         __func__, *mtod(m0, u_int8_t *), dlci, pcb->state,
2351                         pcb->flags, pcb->rx_cred, pcb->tx_cred);
2352
2353                 pcb->tx_cred += *mtod(m0, u_int8_t *);
2354                 m_adj(m0, 1);
2355
2356                 /* Send more from the DLC. XXX check for errors? */
2357                 ng_btsocket_rfcomm_pcb_send(pcb, ALOT);
2358         }
2359
2360         /* OK the of the rest of the mbuf is the data */
2361         if (m0->m_pkthdr.len > 0) {
2362                 /* If we are using credit flow control decrease rx_cred here */
2363                 if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_CFC) {
2364                         /* Give remote peer more credits (if needed) */
2365                         if (-- pcb->rx_cred <= RFCOMM_MAX_CREDITS / 2)
2366                                 ng_btsocket_rfcomm_send_credits(pcb);
2367                         else
2368                                 NG_BTSOCKET_RFCOMM_INFO(
2369 "%s: Remote side still has credits, dlci=%d, state=%d, flags=%#x, " \
2370 "rx_cred=%d, tx_cred=%d\n",             __func__, dlci, pcb->state, pcb->flags,
2371                                         pcb->rx_cred, pcb->tx_cred);
2372                 }
2373
2374                 /* Check packet against mtu on dlci */
2375                 if (m0->m_pkthdr.len > pcb->mtu) {
2376                         NG_BTSOCKET_RFCOMM_ERR(
2377 "%s: Got oversized UIH for dlci=%d, state=%d, flags=%#x, mtu=%d, len=%d\n",
2378                                 __func__, dlci, pcb->state, pcb->flags,
2379                                 pcb->mtu, m0->m_pkthdr.len);
2380
2381                         error = EMSGSIZE;
2382                 } else if (m0->m_pkthdr.len > sbspace(&pcb->so->so_rcv)) {
2383
2384                         /*
2385                          * This is really bad. Receive queue on socket does
2386                          * not have enough space for the packet. We do not
2387                          * have any other choice but drop the packet.
2388                          */
2389
2390                         NG_BTSOCKET_RFCOMM_ERR(
2391 "%s: Not enough space in socket receive queue. Dropping UIH for dlci=%d, " \
2392 "state=%d, flags=%#x, len=%d, space=%ld\n",
2393                                 __func__, dlci, pcb->state, pcb->flags,
2394                                 m0->m_pkthdr.len, sbspace(&pcb->so->so_rcv));
2395
2396                         error = ENOBUFS;
2397                 } else {
2398                         /* Append packet to the socket receive queue */
2399                         sbappend(&pcb->so->so_rcv, m0, 0);
2400                         m0 = NULL;
2401
2402                         sorwakeup(pcb->so);
2403                 }
2404         }
2405 drop1:
2406         mtx_unlock(&pcb->pcb_mtx);
2407 drop:
2408         NG_FREE_M(m0); /* checks for != NULL */
2409
2410         return (error);
2411 } /* ng_btsocket_rfcomm_receive_uih */
2412
2413 /*
2414  * Process RFCOMM MCC command (Multiplexor)
2415  *
2416  * From TS 07.10 spec
2417  *
2418  * "5.4.3.1 Information Data
2419  *
2420  *  ...The frames (UIH) sent by the initiating station have the C/R bit set
2421  *  to 1 and those sent by the responding station have the C/R bit set to 0..."
2422  *
2423  * "5.4.6.2 Operating procedures
2424  *
2425  *  Messages always exist in pairs; a command message and a corresponding
2426  *  response message. If the C/R bit is set to 1 the message is a command,
2427  *  if it is set to 0 the message is a response...
2428  *
2429  *  ...
2430  *
2431  *  NOTE: Notice that when UIH frames are used to convey information on DLCI 0
2432  *  there are at least two different fields that contain a C/R bit, and the
2433  *  bits are set of different form. The C/R bit in the Type field shall be set
2434  *  as it is stated above, while the C/R bit in the Address field (see subclause
2435  *  5.2.1.2) shall be set as it is described in subclause 5.4.3.1."
2436  */
2437
2438 static int
2439 ng_btsocket_rfcomm_receive_mcc(ng_btsocket_rfcomm_session_p s, struct mbuf *m0)
2440 {
2441         struct rfcomm_mcc_hdr   *hdr = NULL;
2442         u_int8_t                 cr, type, length;
2443
2444         mtx_assert(&s->session_mtx, MA_OWNED);
2445
2446         /*
2447          * We can access data directly in the first mbuf, because we have
2448          * m_pullup()'ed mbuf chain in ng_btsocket_rfcomm_receive_frame().
2449          * All MCC commands should fit into single mbuf (except probably TEST).
2450          */
2451
2452         hdr = mtod(m0, struct rfcomm_mcc_hdr *);
2453         cr = RFCOMM_CR(hdr->type);
2454         type = RFCOMM_MCC_TYPE(hdr->type);
2455         length = RFCOMM_MCC_LENGTH(hdr->length);
2456
2457         /* Check MCC frame length */
2458         if (sizeof(*hdr) + length != m0->m_pkthdr.len) {
2459                 NG_BTSOCKET_RFCOMM_ERR(
2460 "%s: Invalid MCC frame length=%d, len=%d\n",
2461                         __func__, length, m0->m_pkthdr.len);
2462                 NG_FREE_M(m0);
2463
2464                 return (EMSGSIZE);
2465         }
2466
2467         switch (type) {
2468         case RFCOMM_MCC_TEST:
2469                 return (ng_btsocket_rfcomm_receive_test(s, m0));
2470                 /* NOT REACHED */
2471
2472         case RFCOMM_MCC_FCON:
2473         case RFCOMM_MCC_FCOFF:
2474                 return (ng_btsocket_rfcomm_receive_fc(s, m0));
2475                 /* NOT REACHED */
2476
2477         case RFCOMM_MCC_MSC:
2478                 return (ng_btsocket_rfcomm_receive_msc(s, m0));
2479                 /* NOT REACHED */
2480
2481         case RFCOMM_MCC_RPN:
2482                 return (ng_btsocket_rfcomm_receive_rpn(s, m0));
2483                 /* NOT REACHED */
2484
2485         case RFCOMM_MCC_RLS:
2486                 return (ng_btsocket_rfcomm_receive_rls(s, m0));
2487                 /* NOT REACHED */
2488
2489         case RFCOMM_MCC_PN:
2490                 return (ng_btsocket_rfcomm_receive_pn(s, m0));
2491                 /* NOT REACHED */
2492
2493         case RFCOMM_MCC_NSC:
2494                 NG_BTSOCKET_RFCOMM_ERR(
2495 "%s: Got MCC NSC, type=%#x, cr=%d, length=%d, session state=%d, flags=%#x, " \
2496 "mtu=%d, len=%d\n",     __func__, RFCOMM_MCC_TYPE(*((u_int8_t *)(hdr + 1))), cr,
2497                          length, s->state, s->flags, s->mtu, m0->m_pkthdr.len);
2498                 NG_FREE_M(m0);
2499                 break;
2500
2501         default:
2502                 NG_BTSOCKET_RFCOMM_ERR(
2503 "%s: Got unknown MCC, type=%#x, cr=%d, length=%d, session state=%d, " \
2504 "flags=%#x, mtu=%d, len=%d\n",
2505                         __func__, type, cr, length, s->state, s->flags,
2506                         s->mtu, m0->m_pkthdr.len);
2507
2508                 /* Reuse mbuf to send NSC */
2509                 hdr = mtod(m0, struct rfcomm_mcc_hdr *);
2510                 m0->m_pkthdr.len = m0->m_len = sizeof(*hdr);
2511
2512                 /* Create MCC NSC header */
2513                 hdr->type = RFCOMM_MKMCC_TYPE(0, RFCOMM_MCC_NSC);
2514                 hdr->length = RFCOMM_MKLEN8(1);
2515
2516                 /* Put back MCC command type we did not like */
2517                 m0->m_data[m0->m_len] = RFCOMM_MKMCC_TYPE(cr, type);
2518                 m0->m_pkthdr.len ++;
2519                 m0->m_len ++;
2520
2521                 /* Send UIH frame */
2522                 return (ng_btsocket_rfcomm_send_uih(s,
2523                                 RFCOMM_MKADDRESS(INITIATOR(s), 0), 0, 0, m0));
2524                 /* NOT REACHED */
2525         }
2526
2527         return (0);
2528 } /* ng_btsocket_rfcomm_receive_mcc */
2529
2530 /*
2531  * Receive RFCOMM TEST MCC command
2532  */
2533
2534 static int
2535 ng_btsocket_rfcomm_receive_test(ng_btsocket_rfcomm_session_p s, struct mbuf *m0)
2536 {
2537         struct rfcomm_mcc_hdr   *hdr = mtod(m0, struct rfcomm_mcc_hdr *);
2538         int                      error = 0;
2539
2540         mtx_assert(&s->session_mtx, MA_OWNED);
2541
2542         NG_BTSOCKET_RFCOMM_INFO(
2543 "%s: Got MCC TEST, cr=%d, length=%d, session state=%d, flags=%#x, mtu=%d, " \
2544 "len=%d\n",     __func__, RFCOMM_CR(hdr->type), RFCOMM_MCC_LENGTH(hdr->length),
2545                 s->state, s->flags, s->mtu, m0->m_pkthdr.len);
2546
2547         if (RFCOMM_CR(hdr->type)) {
2548                 hdr->type = RFCOMM_MKMCC_TYPE(0, RFCOMM_MCC_TEST);
2549                 error = ng_btsocket_rfcomm_send_uih(s,
2550                                 RFCOMM_MKADDRESS(INITIATOR(s), 0), 0, 0, m0);
2551         } else
2552                 NG_FREE_M(m0); /* XXX ignore response */
2553
2554         return (error);
2555 } /* ng_btsocket_rfcomm_receive_test */
2556
2557 /*
2558  * Receive RFCOMM FCON/FCOFF MCC command
2559  */
2560
2561 static int
2562 ng_btsocket_rfcomm_receive_fc(ng_btsocket_rfcomm_session_p s, struct mbuf *m0)
2563 {
2564         struct rfcomm_mcc_hdr   *hdr = mtod(m0, struct rfcomm_mcc_hdr *);
2565         u_int8_t                 type = RFCOMM_MCC_TYPE(hdr->type);
2566         int                      error = 0;
2567
2568         mtx_assert(&s->session_mtx, MA_OWNED);
2569
2570         /*
2571          * Turn ON/OFF aggregate flow on the entire session. When remote peer
2572          * asserted flow control no transmission shall occur except on dlci 0
2573          * (control channel).
2574          */
2575
2576         NG_BTSOCKET_RFCOMM_INFO(
2577 "%s: Got MCC FC%s, cr=%d, length=%d, session state=%d, flags=%#x, mtu=%d, " \
2578 "len=%d\n",     __func__, (type == RFCOMM_MCC_FCON)? "ON" : "OFF",
2579                 RFCOMM_CR(hdr->type), RFCOMM_MCC_LENGTH(hdr->length),
2580                 s->state, s->flags, s->mtu, m0->m_pkthdr.len);
2581
2582         if (RFCOMM_CR(hdr->type)) {
2583                 if (type == RFCOMM_MCC_FCON)
2584                         s->flags &= ~NG_BTSOCKET_RFCOMM_SESSION_RFC;
2585                 else
2586                         s->flags |= NG_BTSOCKET_RFCOMM_SESSION_RFC;
2587
2588                 hdr->type = RFCOMM_MKMCC_TYPE(0, type);
2589                 error = ng_btsocket_rfcomm_send_uih(s,
2590                                 RFCOMM_MKADDRESS(INITIATOR(s), 0), 0, 0, m0);
2591         } else
2592                 NG_FREE_M(m0); /* XXX ignore response */
2593
2594         return (error);
2595 } /* ng_btsocket_rfcomm_receive_fc  */
2596
2597 /*
2598  * Receive RFCOMM MSC MCC command
2599  */
2600
2601 static int
2602 ng_btsocket_rfcomm_receive_msc(ng_btsocket_rfcomm_session_p s, struct mbuf *m0)
2603 {
2604         struct rfcomm_mcc_hdr           *hdr = mtod(m0, struct rfcomm_mcc_hdr*);
2605         struct rfcomm_mcc_msc           *msc = (struct rfcomm_mcc_msc *)(hdr+1);
2606         ng_btsocket_rfcomm_pcb_t        *pcb = NULL;
2607         int                              error = 0;
2608
2609         mtx_assert(&s->session_mtx, MA_OWNED);
2610
2611         NG_BTSOCKET_RFCOMM_INFO(
2612 "%s: Got MCC MSC, dlci=%d, cr=%d, length=%d, session state=%d, flags=%#x, " \
2613 "mtu=%d, len=%d\n",
2614                 __func__,  RFCOMM_DLCI(msc->address), RFCOMM_CR(hdr->type),
2615                 RFCOMM_MCC_LENGTH(hdr->length), s->state, s->flags,
2616                 s->mtu, m0->m_pkthdr.len);
2617
2618         if (RFCOMM_CR(hdr->type)) {
2619                 pcb = ng_btsocket_rfcomm_pcb_by_dlci(s, RFCOMM_DLCI(msc->address));
2620                 if (pcb == NULL) {
2621                         NG_BTSOCKET_RFCOMM_WARN(
2622 "%s: Got MSC command for non-existing dlci=%d\n",
2623                                 __func__, RFCOMM_DLCI(msc->address));
2624                         NG_FREE_M(m0);
2625
2626                         return (ENOENT);
2627                 }
2628
2629                 mtx_lock(&pcb->pcb_mtx);
2630
2631                 if (pcb->state != NG_BTSOCKET_RFCOMM_DLC_CONNECTING &&
2632                     pcb->state != NG_BTSOCKET_RFCOMM_DLC_CONNECTED) {
2633                         NG_BTSOCKET_RFCOMM_WARN(
2634 "%s: Got MSC on dlci=%d in invalid state=%d\n",
2635                                 __func__, RFCOMM_DLCI(msc->address),
2636                                 pcb->state);
2637
2638                         mtx_unlock(&pcb->pcb_mtx);
2639                         NG_FREE_M(m0);
2640
2641                         return (EINVAL);
2642                 }
2643
2644                 pcb->rmodem = msc->modem; /* Update remote port signals */
2645
2646                 hdr->type = RFCOMM_MKMCC_TYPE(0, RFCOMM_MCC_MSC);
2647                 error = ng_btsocket_rfcomm_send_uih(s,
2648                                 RFCOMM_MKADDRESS(INITIATOR(s), 0), 0, 0, m0);
2649
2650 #if 0 /* YYY */
2651                 /* Send more data from DLC. XXX check for errors? */
2652                 if (!(pcb->rmodem & RFCOMM_MODEM_FC) &&
2653                     !(pcb->flags & NG_BTSOCKET_RFCOMM_DLC_CFC))
2654                         ng_btsocket_rfcomm_pcb_send(pcb, ALOT);
2655 #endif /* YYY */
2656
2657                 mtx_unlock(&pcb->pcb_mtx);
2658         } else
2659                 NG_FREE_M(m0); /* XXX ignore response */
2660
2661         return (error);
2662 } /* ng_btsocket_rfcomm_receive_msc */
2663
2664 /*
2665  * Receive RFCOMM RPN MCC command
2666  * XXX FIXME do we need htole16/le16toh for RPN param_mask?
2667  */
2668
2669 static int
2670 ng_btsocket_rfcomm_receive_rpn(ng_btsocket_rfcomm_session_p s, struct mbuf *m0)
2671 {
2672         struct rfcomm_mcc_hdr   *hdr = mtod(m0, struct rfcomm_mcc_hdr *);
2673         struct rfcomm_mcc_rpn   *rpn = (struct rfcomm_mcc_rpn *)(hdr + 1);
2674         int                      error = 0;
2675         u_int16_t                param_mask;
2676         u_int8_t                 bit_rate, data_bits, stop_bits, parity,
2677                                  flow_control, xon_char, xoff_char;
2678
2679         mtx_assert(&s->session_mtx, MA_OWNED);
2680
2681         NG_BTSOCKET_RFCOMM_INFO(
2682 "%s: Got MCC RPN, dlci=%d, cr=%d, length=%d, session state=%d, flags=%#x, " \
2683 "mtu=%d, len=%d\n",
2684                 __func__, RFCOMM_DLCI(rpn->dlci), RFCOMM_CR(hdr->type),
2685                 RFCOMM_MCC_LENGTH(hdr->length), s->state, s->flags,
2686                 s->mtu, m0->m_pkthdr.len);
2687
2688         if (RFCOMM_CR(hdr->type)) {
2689                 param_mask = RFCOMM_RPN_PM_ALL;
2690
2691                 if (RFCOMM_MCC_LENGTH(hdr->length) == 1) {
2692                         /* Request - return default setting */
2693                         bit_rate = RFCOMM_RPN_BR_115200;
2694                         data_bits = RFCOMM_RPN_DATA_8;
2695                         stop_bits = RFCOMM_RPN_STOP_1;
2696                         parity = RFCOMM_RPN_PARITY_NONE;
2697                         flow_control = RFCOMM_RPN_FLOW_NONE;
2698                         xon_char = RFCOMM_RPN_XON_CHAR;
2699                         xoff_char = RFCOMM_RPN_XOFF_CHAR;
2700                 } else {
2701                         /*
2702                          * Ignore/accept bit_rate, 8 bits, 1 stop bit, no
2703                          * parity, no flow control lines, default XON/XOFF
2704                          * chars.
2705                          */
2706
2707                         bit_rate = rpn->bit_rate;
2708                         rpn->param_mask = le16toh(rpn->param_mask); /* XXX */
2709
2710                         data_bits = RFCOMM_RPN_DATA_BITS(rpn->line_settings);
2711                         if (rpn->param_mask & RFCOMM_RPN_PM_DATA &&
2712                             data_bits != RFCOMM_RPN_DATA_8) {
2713                                 data_bits = RFCOMM_RPN_DATA_8;
2714                                 param_mask ^= RFCOMM_RPN_PM_DATA;
2715                         }
2716
2717                         stop_bits = RFCOMM_RPN_STOP_BITS(rpn->line_settings);
2718                         if (rpn->param_mask & RFCOMM_RPN_PM_STOP &&
2719                             stop_bits != RFCOMM_RPN_STOP_1) {
2720                                 stop_bits = RFCOMM_RPN_STOP_1;
2721                                 param_mask ^= RFCOMM_RPN_PM_STOP;
2722                         }
2723
2724                         parity = RFCOMM_RPN_PARITY(rpn->line_settings);
2725                         if (rpn->param_mask & RFCOMM_RPN_PM_PARITY &&
2726                             parity != RFCOMM_RPN_PARITY_NONE) {
2727                                 parity = RFCOMM_RPN_PARITY_NONE;
2728                                 param_mask ^= RFCOMM_RPN_PM_PARITY;
2729                         }
2730
2731                         flow_control = rpn->flow_control;
2732                         if (rpn->param_mask & RFCOMM_RPN_PM_FLOW &&
2733                             flow_control != RFCOMM_RPN_FLOW_NONE) {
2734                                 flow_control = RFCOMM_RPN_FLOW_NONE;
2735                                 param_mask ^= RFCOMM_RPN_PM_FLOW;
2736                         }
2737
2738                         xon_char = rpn->xon_char;
2739                         if (rpn->param_mask & RFCOMM_RPN_PM_XON &&
2740                             xon_char != RFCOMM_RPN_XON_CHAR) {
2741                                 xon_char = RFCOMM_RPN_XON_CHAR;
2742                                 param_mask ^= RFCOMM_RPN_PM_XON;
2743                         }
2744
2745                         xoff_char = rpn->xoff_char;
2746                         if (rpn->param_mask & RFCOMM_RPN_PM_XOFF &&
2747                             xoff_char != RFCOMM_RPN_XOFF_CHAR) {
2748                                 xoff_char = RFCOMM_RPN_XOFF_CHAR;
2749                                 param_mask ^= RFCOMM_RPN_PM_XOFF;
2750                         }
2751                 }
2752
2753                 rpn->bit_rate = bit_rate;
2754                 rpn->line_settings = RFCOMM_MKRPN_LINE_SETTINGS(data_bits,
2755                                                 stop_bits, parity);
2756                 rpn->flow_control = flow_control;
2757                 rpn->xon_char = xon_char;
2758                 rpn->xoff_char = xoff_char;
2759                 rpn->param_mask = htole16(param_mask); /* XXX */
2760
2761                 m0->m_pkthdr.len = m0->m_len = sizeof(*hdr) + sizeof(*rpn);
2762
2763                 hdr->type = RFCOMM_MKMCC_TYPE(0, RFCOMM_MCC_RPN);
2764                 error = ng_btsocket_rfcomm_send_uih(s,
2765                                 RFCOMM_MKADDRESS(INITIATOR(s), 0), 0, 0, m0);
2766         } else
2767                 NG_FREE_M(m0); /* XXX ignore response */
2768
2769         return (error);
2770 } /* ng_btsocket_rfcomm_receive_rpn */
2771
2772 /*
2773  * Receive RFCOMM RLS MCC command
2774  */
2775
2776 static int
2777 ng_btsocket_rfcomm_receive_rls(ng_btsocket_rfcomm_session_p s, struct mbuf *m0)
2778 {
2779         struct rfcomm_mcc_hdr   *hdr = mtod(m0, struct rfcomm_mcc_hdr *);
2780         struct rfcomm_mcc_rls   *rls = (struct rfcomm_mcc_rls *)(hdr + 1);
2781         int                      error = 0;
2782
2783         mtx_assert(&s->session_mtx, MA_OWNED);
2784
2785         /*
2786          * XXX FIXME Do we have to do anything else here? Remote peer tries to
2787          * tell us something about DLCI. Just report what we have received and
2788          * return back received values as required by TS 07.10 spec.
2789          */
2790
2791         NG_BTSOCKET_RFCOMM_INFO(
2792 "%s: Got MCC RLS, dlci=%d, status=%#x, cr=%d, length=%d, session state=%d, " \
2793 "flags=%#x, mtu=%d, len=%d\n",
2794                 __func__, RFCOMM_DLCI(rls->address), rls->status,
2795                 RFCOMM_CR(hdr->type), RFCOMM_MCC_LENGTH(hdr->length),
2796                 s->state, s->flags, s->mtu, m0->m_pkthdr.len);
2797
2798         if (RFCOMM_CR(hdr->type)) {
2799                 if (rls->status & 0x1)
2800                         NG_BTSOCKET_RFCOMM_ERR(
2801 "%s: Got RLS dlci=%d, error=%#x\n", __func__, RFCOMM_DLCI(rls->address),
2802                                 rls->status >> 1);
2803
2804                 hdr->type = RFCOMM_MKMCC_TYPE(0, RFCOMM_MCC_RLS);
2805                 error = ng_btsocket_rfcomm_send_uih(s,
2806                                 RFCOMM_MKADDRESS(INITIATOR(s), 0), 0, 0, m0);
2807         } else
2808                 NG_FREE_M(m0); /* XXX ignore responses */
2809
2810         return (error);
2811 } /* ng_btsocket_rfcomm_receive_rls */
2812
2813 /*
2814  * Receive RFCOMM PN MCC command
2815  */
2816
2817 static int
2818 ng_btsocket_rfcomm_receive_pn(ng_btsocket_rfcomm_session_p s, struct mbuf *m0)
2819 {
2820         struct rfcomm_mcc_hdr           *hdr = mtod(m0, struct rfcomm_mcc_hdr*);
2821         struct rfcomm_mcc_pn            *pn = (struct rfcomm_mcc_pn *)(hdr+1);
2822         ng_btsocket_rfcomm_pcb_t        *pcb = NULL;
2823         int                              error = 0;
2824
2825         mtx_assert(&s->session_mtx, MA_OWNED);
2826
2827         NG_BTSOCKET_RFCOMM_INFO(
2828 "%s: Got MCC PN, dlci=%d, cr=%d, length=%d, flow_control=%#x, priority=%d, " \
2829 "ack_timer=%d, mtu=%d, max_retrans=%d, credits=%d, session state=%d, " \
2830 "flags=%#x, session mtu=%d, len=%d\n",
2831                 __func__, pn->dlci, RFCOMM_CR(hdr->type),
2832                 RFCOMM_MCC_LENGTH(hdr->length), pn->flow_control, pn->priority,
2833                 pn->ack_timer, le16toh(pn->mtu), pn->max_retrans, pn->credits,
2834                 s->state, s->flags, s->mtu, m0->m_pkthdr.len);
2835
2836         if (pn->dlci == 0) {
2837                 NG_BTSOCKET_RFCOMM_ERR("%s: Zero dlci in MCC PN\n", __func__);
2838                 NG_FREE_M(m0);
2839
2840                 return (EINVAL);
2841         }
2842
2843         /* Check if we have this dlci */
2844         pcb = ng_btsocket_rfcomm_pcb_by_dlci(s, pn->dlci);
2845         if (pcb != NULL) {
2846                 mtx_lock(&pcb->pcb_mtx);
2847
2848                 if (RFCOMM_CR(hdr->type)) {
2849                         /* PN Request */
2850                         ng_btsocket_rfcomm_set_pn(pcb, 1, pn->flow_control,
2851                                 pn->credits, pn->mtu);
2852
2853                         if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_CFC) {
2854                                 pn->flow_control = 0xe0;
2855                                 pn->credits = RFCOMM_DEFAULT_CREDITS;
2856                         } else {
2857                                 pn->flow_control = 0;
2858                                 pn->credits = 0;
2859                         }
2860
2861                         hdr->type = RFCOMM_MKMCC_TYPE(0, RFCOMM_MCC_PN);
2862                         error = ng_btsocket_rfcomm_send_uih(s,
2863                                         RFCOMM_MKADDRESS(INITIATOR(s), 0),
2864                                         0, 0, m0);
2865                 } else {
2866                         /* PN Response - proceed with SABM. Timeout still set */
2867                         if (pcb->state == NG_BTSOCKET_RFCOMM_DLC_CONFIGURING) {
2868                                 ng_btsocket_rfcomm_set_pn(pcb, 0,
2869                                         pn->flow_control, pn->credits, pn->mtu);
2870
2871                                 pcb->state = NG_BTSOCKET_RFCOMM_DLC_CONNECTING;
2872                                 error = ng_btsocket_rfcomm_send_command(s,
2873                                                 RFCOMM_FRAME_SABM, pn->dlci);
2874                         } else
2875                                 NG_BTSOCKET_RFCOMM_WARN(
2876 "%s: Got PN response for dlci=%d in invalid state=%d\n",
2877                                         __func__, pn->dlci, pcb->state);
2878
2879                         NG_FREE_M(m0);
2880                 }
2881
2882                 mtx_unlock(&pcb->pcb_mtx);
2883         } else if (RFCOMM_CR(hdr->type)) {
2884                 /* PN request to non-existing dlci - incoming connection */
2885                 pcb = ng_btsocket_rfcomm_connect_ind(s,
2886                                 RFCOMM_SRVCHANNEL(pn->dlci));
2887                 if (pcb != NULL) {
2888                         mtx_lock(&pcb->pcb_mtx);
2889
2890                         pcb->dlci = pn->dlci;
2891
2892                         ng_btsocket_rfcomm_set_pn(pcb, 1, pn->flow_control,
2893                                 pn->credits, pn->mtu);
2894
2895                         if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_CFC) {
2896                                 pn->flow_control = 0xe0;
2897                                 pn->credits = RFCOMM_DEFAULT_CREDITS;
2898                         } else {
2899                                 pn->flow_control = 0;
2900                                 pn->credits = 0;
2901                         }
2902
2903                         hdr->type = RFCOMM_MKMCC_TYPE(0, RFCOMM_MCC_PN);
2904                         error = ng_btsocket_rfcomm_send_uih(s,
2905                                         RFCOMM_MKADDRESS(INITIATOR(s), 0),
2906                                         0, 0, m0);
2907
2908                         if (error == 0) {
2909                                 ng_btsocket_rfcomm_timeout(pcb);
2910                                 pcb->state = NG_BTSOCKET_RFCOMM_DLC_CONNECTING;
2911                                 soisconnecting(pcb->so);
2912                         } else
2913                                 ng_btsocket_rfcomm_pcb_kill(pcb, error);
2914
2915                         mtx_unlock(&pcb->pcb_mtx);
2916                 } else {
2917                         /* Nobody is listen()ing on this channel */
2918                         error = ng_btsocket_rfcomm_send_command(s,
2919                                         RFCOMM_FRAME_DM, pn->dlci);
2920                         NG_FREE_M(m0);
2921                 }
2922         } else
2923                 NG_FREE_M(m0); /* XXX ignore response to non-existing dlci */
2924
2925         return (error);
2926 } /* ng_btsocket_rfcomm_receive_pn */
2927
2928 /*
2929  * Set PN parameters for dlci. Caller must hold pcb->pcb_mtx.
2930  *
2931  * From Bluetooth spec.
2932  *
2933  * "... The CL1 - CL4 field is completely redefined. (In TS07.10 this defines
2934  *  the convergence layer to use, which is not applicable to RFCOMM. In RFCOMM,
2935  *  in Bluetooth versions up to 1.0B, this field was forced to 0).
2936  *
2937  *  In the PN request sent prior to a DLC establishment, this field must contain
2938  *  the value 15 (0xF), indicating support of credit based flow control in the
2939  *  sender. See Table 5.3 below. If the PN response contains any other value
2940  *  than 14 (0xE) in this field, it is inferred that the peer RFCOMM entity is
2941  *  not supporting the credit based flow control feature. (This is only possible
2942  *  if the peer RFCOMM implementation is only conforming to Bluetooth version
2943  *  1.0B.) If a PN request is sent on an already open DLC, then this field must
2944  *  contain the value zero; it is not possible to set initial credits  more
2945  *  than once per DLC activation. A responding implementation must set this
2946  *  field in the PN response to 14 (0xE), if (and only if) the value in the PN
2947  *  request was 15..."
2948  */
2949
2950 static void
2951 ng_btsocket_rfcomm_set_pn(ng_btsocket_rfcomm_pcb_p pcb, u_int8_t cr,
2952                 u_int8_t flow_control, u_int8_t credits, u_int16_t mtu)
2953 {
2954         mtx_assert(&pcb->pcb_mtx, MA_OWNED);
2955
2956         pcb->mtu = le16toh(mtu);
2957
2958         if (cr) {
2959                 if (flow_control == 0xf0) {
2960                         pcb->flags |= NG_BTSOCKET_RFCOMM_DLC_CFC;
2961                         pcb->tx_cred = credits;
2962                 } else {
2963                         pcb->flags &= ~NG_BTSOCKET_RFCOMM_DLC_CFC;
2964                         pcb->tx_cred = 0;
2965                 }
2966         } else {
2967                 if (flow_control == 0xe0) {
2968                         pcb->flags |= NG_BTSOCKET_RFCOMM_DLC_CFC;
2969                         pcb->tx_cred = credits;
2970                 } else {
2971                         pcb->flags &= ~NG_BTSOCKET_RFCOMM_DLC_CFC;
2972                         pcb->tx_cred = 0;
2973                 }
2974         }
2975
2976         NG_BTSOCKET_RFCOMM_INFO(
2977 "%s: cr=%d, dlci=%d, state=%d, flags=%#x, mtu=%d, rx_cred=%d, tx_cred=%d\n",
2978                 __func__, cr, pcb->dlci, pcb->state, pcb->flags, pcb->mtu,
2979                 pcb->rx_cred, pcb->tx_cred);
2980 } /* ng_btsocket_rfcomm_set_pn */
2981
2982 /*
2983  * Send RFCOMM SABM/DISC/UA/DM frames. Caller must hold s->session_mtx
2984  */
2985
2986 static int
2987 ng_btsocket_rfcomm_send_command(ng_btsocket_rfcomm_session_p s,
2988                 u_int8_t type, u_int8_t dlci)
2989 {
2990         struct rfcomm_cmd_hdr   *hdr = NULL;
2991         struct mbuf             *m = NULL;
2992         int                      cr;
2993
2994         mtx_assert(&s->session_mtx, MA_OWNED);
2995
2996         NG_BTSOCKET_RFCOMM_INFO(
2997 "%s: Sending command type %#x, session state=%d, flags=%#x, mtu=%d, dlci=%d\n",
2998                 __func__, type, s->state, s->flags, s->mtu, dlci);
2999
3000         switch (type) {
3001         case RFCOMM_FRAME_SABM:
3002         case RFCOMM_FRAME_DISC:
3003                 cr = INITIATOR(s);
3004                 break;
3005
3006         case RFCOMM_FRAME_UA:
3007         case RFCOMM_FRAME_DM:
3008                 cr = !INITIATOR(s);
3009                 break;
3010
3011         default:
3012                 panic("%s: Invalid frame type=%#x\n", __func__, type);
3013                 return (EINVAL);
3014                 /* NOT REACHED */
3015         }
3016
3017         MGETHDR(m, M_NOWAIT, MT_DATA);
3018         if (m == NULL)
3019                 return (ENOBUFS);
3020
3021         m->m_pkthdr.len = m->m_len = sizeof(*hdr);
3022
3023         hdr = mtod(m, struct rfcomm_cmd_hdr *);
3024         hdr->address = RFCOMM_MKADDRESS(cr, dlci);
3025         hdr->control = RFCOMM_MKCONTROL(type, 1);
3026         hdr->length = RFCOMM_MKLEN8(0);
3027         hdr->fcs = ng_btsocket_rfcomm_fcs3((u_int8_t *) hdr);
3028
3029         NG_BT_MBUFQ_ENQUEUE(&s->outq, m);
3030
3031         return (0);
3032 } /* ng_btsocket_rfcomm_send_command */
3033
3034 /*
3035  * Send RFCOMM UIH frame. Caller must hold s->session_mtx
3036  */
3037
3038 static int
3039 ng_btsocket_rfcomm_send_uih(ng_btsocket_rfcomm_session_p s, u_int8_t address,
3040                 u_int8_t pf, u_int8_t credits, struct mbuf *data)
3041 {
3042         struct rfcomm_frame_hdr *hdr = NULL;
3043         struct mbuf             *m = NULL, *mcrc = NULL;
3044         u_int16_t                length;
3045
3046         mtx_assert(&s->session_mtx, MA_OWNED);
3047
3048         MGETHDR(m, M_NOWAIT, MT_DATA);
3049         if (m == NULL) {
3050                 NG_FREE_M(data);
3051                 return (ENOBUFS);
3052         }
3053         m->m_pkthdr.len = m->m_len = sizeof(*hdr);
3054
3055         MGET(mcrc, M_NOWAIT, MT_DATA);
3056         if (mcrc == NULL) {
3057                 NG_FREE_M(data);
3058                 return (ENOBUFS);
3059         }
3060         mcrc->m_len = 1;
3061
3062         /* Fill UIH frame header */
3063         hdr = mtod(m, struct rfcomm_frame_hdr *);
3064         hdr->address = address;
3065         hdr->control = RFCOMM_MKCONTROL(RFCOMM_FRAME_UIH, pf);
3066
3067         /* Calculate FCS */
3068         mcrc->m_data[0] = ng_btsocket_rfcomm_fcs2((u_int8_t *) hdr);
3069
3070         /* Put length back */
3071         length = (data != NULL)? data->m_pkthdr.len : 0;
3072         if (length > 127) {
3073                 u_int16_t       l = htole16(RFCOMM_MKLEN16(length));
3074
3075                 bcopy(&l, &hdr->length, sizeof(l));
3076                 m->m_pkthdr.len ++;
3077                 m->m_len ++;
3078         } else
3079                 hdr->length = RFCOMM_MKLEN8(length);
3080
3081         if (pf) {
3082                 m->m_data[m->m_len] = credits;
3083                 m->m_pkthdr.len ++;
3084                 m->m_len ++;
3085         }
3086
3087         /* Add payload */
3088         if (data != NULL) {
3089                 m_cat(m, data);
3090                 m->m_pkthdr.len += length;
3091         }
3092
3093         /* Put FCS back */
3094         m_cat(m, mcrc);
3095         m->m_pkthdr.len ++;
3096
3097         NG_BTSOCKET_RFCOMM_INFO(
3098 "%s: Sending UIH state=%d, flags=%#x, address=%d, length=%d, pf=%d, " \
3099 "credits=%d, len=%d\n",
3100                 __func__, s->state, s->flags, address, length, pf, credits,
3101                 m->m_pkthdr.len);
3102
3103         NG_BT_MBUFQ_ENQUEUE(&s->outq, m);
3104
3105         return (0);
3106 } /* ng_btsocket_rfcomm_send_uih */
3107
3108 /*
3109  * Send MSC request. Caller must hold pcb->pcb_mtx and pcb->session->session_mtx
3110  */
3111
3112 static int
3113 ng_btsocket_rfcomm_send_msc(ng_btsocket_rfcomm_pcb_p pcb)
3114 {
3115         struct mbuf             *m = NULL;
3116         struct rfcomm_mcc_hdr   *hdr = NULL;
3117         struct rfcomm_mcc_msc   *msc = NULL;
3118
3119         mtx_assert(&pcb->session->session_mtx, MA_OWNED);
3120         mtx_assert(&pcb->pcb_mtx, MA_OWNED);
3121
3122         MGETHDR(m, M_NOWAIT, MT_DATA);
3123         if (m == NULL)
3124                 return (ENOBUFS);
3125
3126         m->m_pkthdr.len = m->m_len = sizeof(*hdr) + sizeof(*msc);
3127
3128         hdr = mtod(m, struct rfcomm_mcc_hdr *);
3129         msc = (struct rfcomm_mcc_msc *)(hdr + 1);
3130
3131         hdr->type = RFCOMM_MKMCC_TYPE(1, RFCOMM_MCC_MSC);
3132         hdr->length = RFCOMM_MKLEN8(sizeof(*msc));
3133
3134         msc->address = RFCOMM_MKADDRESS(1, pcb->dlci);
3135         msc->modem = pcb->lmodem;
3136
3137         NG_BTSOCKET_RFCOMM_INFO(
3138 "%s: Sending MSC dlci=%d, state=%d, flags=%#x, address=%d, modem=%#x\n",
3139                 __func__, pcb->dlci, pcb->state, pcb->flags, msc->address,
3140                 msc->modem);
3141
3142         return (ng_btsocket_rfcomm_send_uih(pcb->session,
3143                         RFCOMM_MKADDRESS(INITIATOR(pcb->session), 0), 0, 0, m));
3144 } /* ng_btsocket_rfcomm_send_msc */
3145
3146 /*
3147  * Send PN request. Caller must hold pcb->pcb_mtx and pcb->session->session_mtx
3148  */
3149
3150 static int
3151 ng_btsocket_rfcomm_send_pn(ng_btsocket_rfcomm_pcb_p pcb)
3152 {
3153         struct mbuf             *m = NULL;
3154         struct rfcomm_mcc_hdr   *hdr = NULL;
3155         struct rfcomm_mcc_pn    *pn = NULL;
3156
3157         mtx_assert(&pcb->session->session_mtx, MA_OWNED);
3158         mtx_assert(&pcb->pcb_mtx, MA_OWNED);
3159
3160         MGETHDR(m, M_NOWAIT, MT_DATA);
3161         if (m == NULL)
3162                 return (ENOBUFS);
3163
3164         m->m_pkthdr.len = m->m_len = sizeof(*hdr) + sizeof(*pn);
3165
3166         hdr = mtod(m, struct rfcomm_mcc_hdr *);
3167         pn = (struct rfcomm_mcc_pn *)(hdr + 1);
3168
3169         hdr->type = RFCOMM_MKMCC_TYPE(1, RFCOMM_MCC_PN);
3170         hdr->length = RFCOMM_MKLEN8(sizeof(*pn));
3171
3172         pn->dlci = pcb->dlci;
3173
3174         /*
3175          * Set default DLCI priority as described in GSM 07.10
3176          * (ETSI TS 101 369) clause 5.6 page 42
3177          */
3178
3179         pn->priority = (pcb->dlci < 56)? (((pcb->dlci >> 3) << 3) + 7) : 61;
3180         pn->ack_timer = 0;
3181         pn->mtu = htole16(pcb->mtu);
3182         pn->max_retrans = 0;
3183
3184         if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_CFC) {
3185                 pn->flow_control = 0xf0;
3186                 pn->credits = pcb->rx_cred;
3187         } else {
3188                 pn->flow_control = 0;
3189                 pn->credits = 0;
3190         }
3191
3192         NG_BTSOCKET_RFCOMM_INFO(
3193 "%s: Sending PN dlci=%d, state=%d, flags=%#x, mtu=%d, flow_control=%#x, " \
3194 "credits=%d\n", __func__, pcb->dlci, pcb->state, pcb->flags, pcb->mtu,
3195                 pn->flow_control, pn->credits);
3196
3197         return (ng_btsocket_rfcomm_send_uih(pcb->session,
3198                         RFCOMM_MKADDRESS(INITIATOR(pcb->session), 0), 0, 0, m));
3199 } /* ng_btsocket_rfcomm_send_pn */
3200
3201 /*
3202  * Calculate and send credits based on available space in receive buffer
3203  */
3204
3205 static int
3206 ng_btsocket_rfcomm_send_credits(ng_btsocket_rfcomm_pcb_p pcb)
3207 {
3208         int             error = 0;
3209         u_int8_t        credits;
3210
3211         mtx_assert(&pcb->pcb_mtx, MA_OWNED);
3212         mtx_assert(&pcb->session->session_mtx, MA_OWNED);
3213
3214         NG_BTSOCKET_RFCOMM_INFO(
3215 "%s: Sending more credits, dlci=%d, state=%d, flags=%#x, mtu=%d, " \
3216 "space=%ld, tx_cred=%d, rx_cred=%d\n",
3217                 __func__, pcb->dlci, pcb->state, pcb->flags, pcb->mtu,
3218                 sbspace(&pcb->so->so_rcv), pcb->tx_cred, pcb->rx_cred);
3219
3220         credits = sbspace(&pcb->so->so_rcv) / pcb->mtu;
3221         if (credits > 0) {
3222                 if (pcb->rx_cred + credits > RFCOMM_MAX_CREDITS)
3223                         credits = RFCOMM_MAX_CREDITS - pcb->rx_cred;
3224
3225                 error = ng_btsocket_rfcomm_send_uih(
3226                                 pcb->session,
3227                                 RFCOMM_MKADDRESS(INITIATOR(pcb->session),
3228                                         pcb->dlci), 1, credits, NULL);
3229                 if (error == 0) {
3230                         pcb->rx_cred += credits;
3231
3232                         NG_BTSOCKET_RFCOMM_INFO(
3233 "%s: Gave remote side %d more credits, dlci=%d, state=%d, flags=%#x, " \
3234 "rx_cred=%d, tx_cred=%d\n",     __func__, credits, pcb->dlci, pcb->state,
3235                                 pcb->flags, pcb->rx_cred, pcb->tx_cred);
3236                 } else
3237                         NG_BTSOCKET_RFCOMM_ERR(
3238 "%s: Could not send credits, error=%d, dlci=%d, state=%d, flags=%#x, " \
3239 "mtu=%d, space=%ld, tx_cred=%d, rx_cred=%d\n",
3240                                 __func__, error, pcb->dlci, pcb->state,
3241                                 pcb->flags, pcb->mtu, sbspace(&pcb->so->so_rcv),
3242                                 pcb->tx_cred, pcb->rx_cred);
3243         }
3244
3245         return (error);
3246 } /* ng_btsocket_rfcomm_send_credits */
3247
3248 /*****************************************************************************
3249  *****************************************************************************
3250  **                              RFCOMM DLCs
3251  *****************************************************************************
3252  *****************************************************************************/
3253
3254 /*
3255  * Send data from socket send buffer
3256  * Caller must hold pcb->pcb_mtx and pcb->session->session_mtx
3257  */
3258
3259 static int
3260 ng_btsocket_rfcomm_pcb_send(ng_btsocket_rfcomm_pcb_p pcb, int limit)
3261 {
3262         struct mbuf     *m = NULL;
3263         int              sent, length, error;
3264
3265         mtx_assert(&pcb->session->session_mtx, MA_OWNED);
3266         mtx_assert(&pcb->pcb_mtx, MA_OWNED);
3267
3268         if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_CFC)
3269                 limit = min(limit, pcb->tx_cred);
3270         else if (!(pcb->rmodem & RFCOMM_MODEM_FC))
3271                 limit = min(limit, RFCOMM_MAX_CREDITS); /* XXX ??? */
3272         else
3273                 limit = 0;
3274
3275         if (limit == 0) {
3276                 NG_BTSOCKET_RFCOMM_INFO(
3277 "%s: Could not send - remote flow control asserted, dlci=%d, flags=%#x, " \
3278 "rmodem=%#x, tx_cred=%d\n",
3279                         __func__, pcb->dlci, pcb->flags, pcb->rmodem,
3280                         pcb->tx_cred);
3281
3282                 return (0);
3283         }
3284
3285         for (error = 0, sent = 0; sent < limit; sent ++) {
3286                 length = min(pcb->mtu, sbavail(&pcb->so->so_snd));
3287                 if (length == 0)
3288                         break;
3289
3290                 /* Get the chunk from the socket's send buffer */
3291                 m = ng_btsocket_rfcomm_prepare_packet(&pcb->so->so_snd, length);
3292                 if (m == NULL) {
3293                         error = ENOBUFS;
3294                         break;
3295                 }
3296
3297                 sbdrop(&pcb->so->so_snd, length);
3298
3299                 error = ng_btsocket_rfcomm_send_uih(pcb->session,
3300                                 RFCOMM_MKADDRESS(INITIATOR(pcb->session),
3301                                         pcb->dlci), 0, 0, m);
3302                 if (error != 0)
3303                         break;
3304         }
3305
3306         if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_CFC)
3307                 pcb->tx_cred -= sent;
3308
3309         if (error == 0 && sent > 0) {
3310                 pcb->flags &= ~NG_BTSOCKET_RFCOMM_DLC_SENDING;
3311                 sowwakeup(pcb->so);
3312         }
3313
3314         return (error);
3315 } /* ng_btsocket_rfcomm_pcb_send */
3316
3317 /*
3318  * Unlink and disconnect DLC. If ng_btsocket_rfcomm_pcb_kill() returns
3319  * non zero value than socket has no reference and has to be detached.
3320  * Caller must hold pcb->pcb_mtx and pcb->session->session_mtx
3321  */
3322
3323 static void
3324 ng_btsocket_rfcomm_pcb_kill(ng_btsocket_rfcomm_pcb_p pcb, int error)
3325 {
3326         ng_btsocket_rfcomm_session_p    s = pcb->session;
3327
3328         NG_BTSOCKET_RFCOMM_INFO(
3329 "%s: Killing DLC, so=%p, dlci=%d, state=%d, flags=%#x, error=%d\n",
3330                 __func__, pcb->so, pcb->dlci, pcb->state, pcb->flags, error);
3331
3332         if (pcb->session == NULL)
3333                 panic("%s: DLC without session, pcb=%p, state=%d, flags=%#x\n",
3334                         __func__, pcb, pcb->state, pcb->flags);
3335
3336         mtx_assert(&pcb->session->session_mtx, MA_OWNED);
3337         mtx_assert(&pcb->pcb_mtx, MA_OWNED);
3338
3339         if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_TIMO)
3340                 ng_btsocket_rfcomm_untimeout(pcb);
3341
3342         /* Detach DLC from the session. Does not matter which state DLC in */
3343         LIST_REMOVE(pcb, session_next);
3344         pcb->session = NULL;
3345
3346         /* Change DLC state and wakeup all sleepers */
3347         pcb->state = NG_BTSOCKET_RFCOMM_DLC_CLOSED;
3348         pcb->so->so_error = error;
3349         soisdisconnected(pcb->so);
3350         wakeup(&pcb->state);
3351
3352         /* Check if we have any DLCs left on the session */
3353         if (LIST_EMPTY(&s->dlcs) && INITIATOR(s)) {
3354                 NG_BTSOCKET_RFCOMM_INFO(
3355 "%s: Disconnecting session, state=%d, flags=%#x, mtu=%d\n",
3356                         __func__, s->state, s->flags, s->mtu);
3357
3358                 switch (s->state) {
3359                 case NG_BTSOCKET_RFCOMM_SESSION_CLOSED:
3360                 case NG_BTSOCKET_RFCOMM_SESSION_DISCONNECTING:
3361                         /*
3362                          * Do not have to do anything here. We can get here
3363                          * when L2CAP connection was terminated or we have
3364                          * received DISC on multiplexor channel
3365                          */
3366                         break;
3367
3368                 case NG_BTSOCKET_RFCOMM_SESSION_OPEN:
3369                         /* Send DISC on multiplexor channel */
3370                         error = ng_btsocket_rfcomm_send_command(s,
3371                                         RFCOMM_FRAME_DISC, 0);
3372                         if (error == 0) {
3373                                 s->state = NG_BTSOCKET_RFCOMM_SESSION_DISCONNECTING;
3374                                 break;
3375                         }
3376                         /* FALL THROUGH */
3377
3378                 case NG_BTSOCKET_RFCOMM_SESSION_CONNECTING:
3379                 case NG_BTSOCKET_RFCOMM_SESSION_CONNECTED:
3380                         s->state = NG_BTSOCKET_RFCOMM_SESSION_CLOSED;
3381                         break;
3382
3383 /*              case NG_BTSOCKET_RFCOMM_SESSION_LISTENING: */
3384                 default:
3385                         panic("%s: Invalid session state=%d, flags=%#x\n",
3386                                 __func__, s->state, s->flags);
3387                         break;
3388                 }
3389
3390                 ng_btsocket_rfcomm_task_wakeup();
3391         }
3392 } /* ng_btsocket_rfcomm_pcb_kill */
3393
3394 /*
3395  * Look for given dlci for given RFCOMM session. Caller must hold s->session_mtx
3396  */
3397
3398 static ng_btsocket_rfcomm_pcb_p
3399 ng_btsocket_rfcomm_pcb_by_dlci(ng_btsocket_rfcomm_session_p s, int dlci)
3400 {
3401         ng_btsocket_rfcomm_pcb_p        pcb = NULL;
3402
3403         mtx_assert(&s->session_mtx, MA_OWNED);
3404
3405         LIST_FOREACH(pcb, &s->dlcs, session_next)
3406                 if (pcb->dlci == dlci)
3407                         break;
3408
3409         return (pcb);
3410 } /* ng_btsocket_rfcomm_pcb_by_dlci */
3411
3412 /*
3413  * Look for socket that listens on given src address and given channel
3414  */
3415
3416 static ng_btsocket_rfcomm_pcb_p
3417 ng_btsocket_rfcomm_pcb_listener(bdaddr_p src, int channel)
3418 {
3419         ng_btsocket_rfcomm_pcb_p        pcb = NULL, pcb1 = NULL;
3420
3421         mtx_lock(&ng_btsocket_rfcomm_sockets_mtx);
3422
3423         LIST_FOREACH(pcb, &ng_btsocket_rfcomm_sockets, next) {
3424                 if (pcb->channel != channel ||
3425                     !(pcb->so->so_options & SO_ACCEPTCONN))
3426                         continue;
3427
3428                 if (bcmp(&pcb->src, src, sizeof(*src)) == 0)
3429                         break;
3430
3431                 if (bcmp(&pcb->src, NG_HCI_BDADDR_ANY, sizeof(bdaddr_t)) == 0)
3432                         pcb1 = pcb;
3433         }
3434
3435         mtx_unlock(&ng_btsocket_rfcomm_sockets_mtx);
3436
3437         return ((pcb != NULL)? pcb : pcb1);
3438 } /* ng_btsocket_rfcomm_pcb_listener */
3439
3440 /*****************************************************************************
3441  *****************************************************************************
3442  **                              Misc. functions
3443  *****************************************************************************
3444  *****************************************************************************/
3445
3446 /*
3447  *  Set timeout. Caller MUST hold pcb_mtx
3448  */
3449
3450 static void
3451 ng_btsocket_rfcomm_timeout(ng_btsocket_rfcomm_pcb_p pcb)
3452 {
3453         mtx_assert(&pcb->pcb_mtx, MA_OWNED);
3454
3455         if (!(pcb->flags & NG_BTSOCKET_RFCOMM_DLC_TIMO)) {
3456                 pcb->flags |= NG_BTSOCKET_RFCOMM_DLC_TIMO;
3457                 pcb->flags &= ~NG_BTSOCKET_RFCOMM_DLC_TIMEDOUT;
3458                 callout_reset(&pcb->timo, ng_btsocket_rfcomm_timo * hz,
3459                     ng_btsocket_rfcomm_process_timeout, pcb);
3460         } else
3461                 panic("%s: Duplicated socket timeout?!\n", __func__);
3462 } /* ng_btsocket_rfcomm_timeout */
3463
3464 /*
3465  *  Unset pcb timeout. Caller MUST hold pcb_mtx
3466  */
3467
3468 static void
3469 ng_btsocket_rfcomm_untimeout(ng_btsocket_rfcomm_pcb_p pcb)
3470 {
3471         mtx_assert(&pcb->pcb_mtx, MA_OWNED);
3472
3473         if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_TIMO) {
3474                 callout_stop(&pcb->timo);
3475                 pcb->flags &= ~NG_BTSOCKET_RFCOMM_DLC_TIMO;
3476                 pcb->flags &= ~NG_BTSOCKET_RFCOMM_DLC_TIMEDOUT;
3477         } else
3478                 panic("%s: No socket timeout?!\n", __func__);
3479 } /* ng_btsocket_rfcomm_timeout */
3480
3481 /*
3482  * Process pcb timeout
3483  */
3484
3485 static void
3486 ng_btsocket_rfcomm_process_timeout(void *xpcb)
3487 {
3488         ng_btsocket_rfcomm_pcb_p        pcb = (ng_btsocket_rfcomm_pcb_p) xpcb;
3489
3490         mtx_assert(&pcb->pcb_mtx, MA_OWNED);
3491
3492         NG_BTSOCKET_RFCOMM_INFO(
3493 "%s: Timeout, so=%p, dlci=%d, state=%d, flags=%#x\n",
3494                 __func__, pcb->so, pcb->dlci, pcb->state, pcb->flags);
3495
3496         pcb->flags &= ~NG_BTSOCKET_RFCOMM_DLC_TIMO;
3497         pcb->flags |= NG_BTSOCKET_RFCOMM_DLC_TIMEDOUT;
3498
3499         switch (pcb->state) {
3500         case NG_BTSOCKET_RFCOMM_DLC_CONFIGURING:
3501         case NG_BTSOCKET_RFCOMM_DLC_CONNECTING:
3502                 pcb->state = NG_BTSOCKET_RFCOMM_DLC_DISCONNECTING;
3503                 break;
3504
3505         case NG_BTSOCKET_RFCOMM_DLC_W4_CONNECT:
3506         case NG_BTSOCKET_RFCOMM_DLC_DISCONNECTING:
3507                 break;
3508
3509         default:
3510                 panic(
3511 "%s: DLC timeout in invalid state, dlci=%d, state=%d, flags=%#x\n",
3512                         __func__, pcb->dlci, pcb->state, pcb->flags);
3513                 break;
3514         }
3515
3516         ng_btsocket_rfcomm_task_wakeup();
3517 } /* ng_btsocket_rfcomm_process_timeout */
3518
3519 /*
3520  * Get up to length bytes from the socket buffer
3521  */
3522
3523 static struct mbuf *
3524 ng_btsocket_rfcomm_prepare_packet(struct sockbuf *sb, int length)
3525 {
3526         struct mbuf     *top = NULL, *m = NULL, *n = NULL, *nextpkt = NULL;
3527         int              mlen, noff, len;
3528
3529         MGETHDR(top, M_NOWAIT, MT_DATA);
3530         if (top == NULL)
3531                 return (NULL);
3532
3533         top->m_pkthdr.len = length;
3534         top->m_len = 0;
3535         mlen = MHLEN;
3536
3537         m = top;
3538         n = sb->sb_mb;
3539         nextpkt = n->m_nextpkt;
3540         noff = 0;
3541
3542         while (length > 0 && n != NULL) {
3543                 len = min(mlen - m->m_len, n->m_len - noff);
3544                 if (len > length)
3545                         len = length;
3546
3547                 bcopy(mtod(n, caddr_t)+noff, mtod(m, caddr_t)+m->m_len, len);
3548                 m->m_len += len;
3549                 noff += len;
3550                 length -= len;
3551
3552                 if (length > 0 && m->m_len == mlen) {
3553                         MGET(m->m_next, M_NOWAIT, MT_DATA);
3554                         if (m->m_next == NULL) {
3555                                 NG_FREE_M(top);
3556                                 return (NULL);
3557                         }
3558
3559                         m = m->m_next;
3560                         m->m_len = 0;
3561                         mlen = MLEN;
3562                 }
3563
3564                 if (noff == n->m_len) {
3565                         noff = 0;
3566                         n = n->m_next;
3567
3568                         if (n == NULL)
3569                                 n = nextpkt;
3570
3571                         nextpkt = (n != NULL)? n->m_nextpkt : NULL;
3572                 }
3573         }
3574
3575         if (length < 0)
3576                 panic("%s: length=%d\n", __func__, length);
3577         if (length > 0 && n == NULL)
3578                 panic("%s: bogus length=%d, n=%p\n", __func__, length, n);
3579
3580         return (top);
3581 } /* ng_btsocket_rfcomm_prepare_packet */
3582