search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branch 'for-linus' of git://oss.sgi.com/xfs/xfs
[linux/fpc-iii.git] / net / bluetooth / rfcomm / core.c
blob7dca91bb8c576397e571994655efbe9d1832d7b6
1 /*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25 * Bluetooth RFCOMM core.
26 */
27
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/kernel.h>
31 #include <linux/sched.h>
32 #include <linux/signal.h>
33 #include <linux/init.h>
34 #include <linux/wait.h>
35 #include <linux/device.h>
36 #include <linux/debugfs.h>
37 #include <linux/seq_file.h>
38 #include <linux/net.h>
39 #include <linux/mutex.h>
40 #include <linux/kthread.h>
41 #include <linux/slab.h>
42
43 #include <net/sock.h>
44 #include <asm/uaccess.h>
45 #include <asm/unaligned.h>
46
47 #include <net/bluetooth/bluetooth.h>
48 #include <net/bluetooth/hci_core.h>
49 #include <net/bluetooth/l2cap.h>
50 #include <net/bluetooth/rfcomm.h>
51
52 #define VERSION "1.11"
53
54 static int disable_cfc = 0;
55 static int channel_mtu = -1;
56 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
57 static int l2cap_ertm = 0;
58
59 static struct task_struct *rfcomm_thread;
60
61 static DEFINE_MUTEX(rfcomm_mutex);
62 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
63 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
64
65 static unsigned long rfcomm_event;
66
67 static LIST_HEAD(session_list);
68
69 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
70 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
71 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
72 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
73 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
74 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
75 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
76 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
77 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
78 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
79
80 static void rfcomm_process_connect(struct rfcomm_session *s);
81
82 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
83 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
84 static void rfcomm_session_del(struct rfcomm_session *s);
85
86 /* ---- RFCOMM frame parsing macros ---- */
87 #define __get_dlci(b) ((b & 0xfc) >> 2)
88 #define __get_channel(b) ((b & 0xf8) >> 3)
89 #define __get_dir(b) ((b & 0x04) >> 2)
90 #define __get_type(b) ((b & 0xef))
91
92 #define __test_ea(b) ((b & 0x01))
93 #define __test_cr(b) ((b & 0x02))
94 #define __test_pf(b) ((b & 0x10))
95
96 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
97 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
98 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
99 #define __srv_channel(dlci) (dlci >> 1)
100 #define __dir(dlci) (dlci & 0x01)
101
102 #define __len8(len) (((len) << 1) | 1)
103 #define __len16(len) ((len) << 1)
104
105 /* MCC macros */
106 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
107 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
108 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
109
110 /* RPN macros */
111 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
112 #define __get_rpn_data_bits(line) ((line) & 0x3)
113 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
114 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
115
116 static inline void rfcomm_schedule(uint event)
117 {
118 if (!rfcomm_thread)
119 return;
120 //set_bit(event, &rfcomm_event);
121 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
122 wake_up_process(rfcomm_thread);
123 }
124
125 static inline void rfcomm_session_put(struct rfcomm_session *s)
126 {
127 if (atomic_dec_and_test(&s->refcnt))
128 rfcomm_session_del(s);
129 }
130
131 /* ---- RFCOMM FCS computation ---- */
132
133 /* reversed, 8-bit, poly=0x07 */
134 static unsigned char rfcomm_crc_table[256] = {
135 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
136 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
137 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
138 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
139
140 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
141 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
142 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
143 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
144
145 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
146 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
147 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
148 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
149
150 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
151 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
152 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
153 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
154
155 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
156 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
157 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
158 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
159
160 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
161 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
162 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
163 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
164
165 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
166 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
167 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
168 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
169
170 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
171 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
172 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
173 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
174 };
175
176 /* CRC on 2 bytes */
177 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
178
179 /* FCS on 2 bytes */
180 static inline u8 __fcs(u8 *data)
181 {
182 return (0xff - __crc(data));
183 }
184
185 /* FCS on 3 bytes */
186 static inline u8 __fcs2(u8 *data)
187 {
188 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
189 }
190
191 /* Check FCS */
192 static inline int __check_fcs(u8 *data, int type, u8 fcs)
193 {
194 u8 f = __crc(data);
195
196 if (type != RFCOMM_UIH)
197 f = rfcomm_crc_table[f ^ data[2]];
198
199 return rfcomm_crc_table[f ^ fcs] != 0xcf;
200 }
201
202 /* ---- L2CAP callbacks ---- */
203 static void rfcomm_l2state_change(struct sock *sk)
204 {
205 BT_DBG("%p state %d", sk, sk->sk_state);
206 rfcomm_schedule(RFCOMM_SCHED_STATE);
207 }
208
209 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
210 {
211 BT_DBG("%p bytes %d", sk, bytes);
212 rfcomm_schedule(RFCOMM_SCHED_RX);
213 }
214
215 static int rfcomm_l2sock_create(struct socket **sock)
216 {
217 int err;
218
219 BT_DBG("");
220
221 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
222 if (!err) {
223 struct sock *sk = (*sock)->sk;
224 sk->sk_data_ready = rfcomm_l2data_ready;
225 sk->sk_state_change = rfcomm_l2state_change;
226 }
227 return err;
228 }
229
230 static inline int rfcomm_check_security(struct rfcomm_dlc *d)
231 {
232 struct sock *sk = d->session->sock->sk;
233 __u8 auth_type;
234
235 switch (d->sec_level) {
236 case BT_SECURITY_HIGH:
237 auth_type = HCI_AT_GENERAL_BONDING_MITM;
238 break;
239 case BT_SECURITY_MEDIUM:
240 auth_type = HCI_AT_GENERAL_BONDING;
241 break;
242 default:
243 auth_type = HCI_AT_NO_BONDING;
244 break;
245 }
246
247 return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level,
248 auth_type);
249 }
250
251 static void rfcomm_session_timeout(unsigned long arg)
252 {
253 struct rfcomm_session *s = (void *) arg;
254
255 BT_DBG("session %p state %ld", s, s->state);
256
257 set_bit(RFCOMM_TIMED_OUT, &s->flags);
258 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
259 }
260
261 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
262 {
263 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
264
265 if (!mod_timer(&s->timer, jiffies + timeout))
266 rfcomm_session_hold(s);
267 }
268
269 static void rfcomm_session_clear_timer(struct rfcomm_session *s)
270 {
271 BT_DBG("session %p state %ld", s, s->state);
272
273 if (timer_pending(&s->timer) && del_timer(&s->timer))
274 rfcomm_session_put(s);
275 }
276
277 /* ---- RFCOMM DLCs ---- */
278 static void rfcomm_dlc_timeout(unsigned long arg)
279 {
280 struct rfcomm_dlc *d = (void *) arg;
281
282 BT_DBG("dlc %p state %ld", d, d->state);
283
284 set_bit(RFCOMM_TIMED_OUT, &d->flags);
285 rfcomm_dlc_put(d);
286 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
287 }
288
289 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
290 {
291 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
292
293 if (!mod_timer(&d->timer, jiffies + timeout))
294 rfcomm_dlc_hold(d);
295 }
296
297 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
298 {
299 BT_DBG("dlc %p state %ld", d, d->state);
300
301 if (timer_pending(&d->timer) && del_timer(&d->timer))
302 rfcomm_dlc_put(d);
303 }
304
305 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
306 {
307 BT_DBG("%p", d);
308
309 d->state = BT_OPEN;
310 d->flags = 0;
311 d->mscex = 0;
312 d->mtu = RFCOMM_DEFAULT_MTU;
313 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
314
315 d->cfc = RFCOMM_CFC_DISABLED;
316 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
317 }
318
319 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
320 {
321 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
322
323 if (!d)
324 return NULL;
325
326 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
327
328 skb_queue_head_init(&d->tx_queue);
329 spin_lock_init(&d->lock);
330 atomic_set(&d->refcnt, 1);
331
332 rfcomm_dlc_clear_state(d);
333
334 BT_DBG("%p", d);
335
336 return d;
337 }
338
339 void rfcomm_dlc_free(struct rfcomm_dlc *d)
340 {
341 BT_DBG("%p", d);
342
343 skb_queue_purge(&d->tx_queue);
344 kfree(d);
345 }
346
347 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
348 {
349 BT_DBG("dlc %p session %p", d, s);
350
351 rfcomm_session_hold(s);
352
353 rfcomm_session_clear_timer(s);
354 rfcomm_dlc_hold(d);
355 list_add(&d->list, &s->dlcs);
356 d->session = s;
357 }
358
359 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
360 {
361 struct rfcomm_session *s = d->session;
362
363 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
364
365 list_del(&d->list);
366 d->session = NULL;
367 rfcomm_dlc_put(d);
368
369 if (list_empty(&s->dlcs))
370 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
371
372 rfcomm_session_put(s);
373 }
374
375 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
376 {
377 struct rfcomm_dlc *d;
378 struct list_head *p;
379
380 list_for_each(p, &s->dlcs) {
381 d = list_entry(p, struct rfcomm_dlc, list);
382 if (d->dlci == dlci)
383 return d;
384 }
385 return NULL;
386 }
387
388 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
389 {
390 struct rfcomm_session *s;
391 int err = 0;
392 u8 dlci;
393
394 BT_DBG("dlc %p state %ld %s %s channel %d",
395 d, d->state, batostr(src), batostr(dst), channel);
396
397 if (channel < 1 || channel > 30)
398 return -EINVAL;
399
400 if (d->state != BT_OPEN && d->state != BT_CLOSED)
401 return 0;
402
403 s = rfcomm_session_get(src, dst);
404 if (!s) {
405 s = rfcomm_session_create(src, dst, &err);
406 if (!s)
407 return err;
408 }
409
410 dlci = __dlci(!s->initiator, channel);
411
412 /* Check if DLCI already exists */
413 if (rfcomm_dlc_get(s, dlci))
414 return -EBUSY;
415
416 rfcomm_dlc_clear_state(d);
417
418 d->dlci = dlci;
419 d->addr = __addr(s->initiator, dlci);
420 d->priority = 7;
421
422 d->state = BT_CONFIG;
423 rfcomm_dlc_link(s, d);
424
425 d->out = 1;
426
427 d->mtu = s->mtu;
428 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
429
430 if (s->state == BT_CONNECTED) {
431 if (rfcomm_check_security(d))
432 rfcomm_send_pn(s, 1, d);
433 else
434 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
435 }
436
437 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
438
439 return 0;
440 }
441
442 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
443 {
444 int r;
445
446 rfcomm_lock();
447
448 r = __rfcomm_dlc_open(d, src, dst, channel);
449
450 rfcomm_unlock();
451 return r;
452 }
453
454 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
455 {
456 struct rfcomm_session *s = d->session;
457 if (!s)
458 return 0;
459
460 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
461 d, d->state, d->dlci, err, s);
462
463 switch (d->state) {
464 case BT_CONNECT:
465 case BT_CONFIG:
466 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
467 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
468 rfcomm_schedule(RFCOMM_SCHED_AUTH);
469 break;
470 }
471 /* Fall through */
472
473 case BT_CONNECTED:
474 d->state = BT_DISCONN;
475 if (skb_queue_empty(&d->tx_queue)) {
476 rfcomm_send_disc(s, d->dlci);
477 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
478 } else {
479 rfcomm_queue_disc(d);
480 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
481 }
482 break;
483
484 case BT_OPEN:
485 case BT_CONNECT2:
486 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
487 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
488 rfcomm_schedule(RFCOMM_SCHED_AUTH);
489 break;
490 }
491 /* Fall through */
492
493 default:
494 rfcomm_dlc_clear_timer(d);
495
496 rfcomm_dlc_lock(d);
497 d->state = BT_CLOSED;
498 d->state_change(d, err);
499 rfcomm_dlc_unlock(d);
500
501 skb_queue_purge(&d->tx_queue);
502 rfcomm_dlc_unlink(d);
503 }
504
505 return 0;
506 }
507
508 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
509 {
510 int r;
511
512 rfcomm_lock();
513
514 r = __rfcomm_dlc_close(d, err);
515
516 rfcomm_unlock();
517 return r;
518 }
519
520 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
521 {
522 int len = skb->len;
523
524 if (d->state != BT_CONNECTED)
525 return -ENOTCONN;
526
527 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
528
529 if (len > d->mtu)
530 return -EINVAL;
531
532 rfcomm_make_uih(skb, d->addr);
533 skb_queue_tail(&d->tx_queue, skb);
534
535 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
536 rfcomm_schedule(RFCOMM_SCHED_TX);
537 return len;
538 }
539
540 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
541 {
542 BT_DBG("dlc %p state %ld", d, d->state);
543
544 if (!d->cfc) {
545 d->v24_sig |= RFCOMM_V24_FC;
546 set_bit(RFCOMM_MSC_PENDING, &d->flags);
547 }
548 rfcomm_schedule(RFCOMM_SCHED_TX);
549 }
550
551 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
552 {
553 BT_DBG("dlc %p state %ld", d, d->state);
554
555 if (!d->cfc) {
556 d->v24_sig &= ~RFCOMM_V24_FC;
557 set_bit(RFCOMM_MSC_PENDING, &d->flags);
558 }
559 rfcomm_schedule(RFCOMM_SCHED_TX);
560 }
561
562 /*
563 Set/get modem status functions use _local_ status i.e. what we report
564 to the other side.
565 Remote status is provided by dlc->modem_status() callback.
566 */
567 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
568 {
569 BT_DBG("dlc %p state %ld v24_sig 0x%x",
570 d, d->state, v24_sig);
571
572 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
573 v24_sig |= RFCOMM_V24_FC;
574 else
575 v24_sig &= ~RFCOMM_V24_FC;
576
577 d->v24_sig = v24_sig;
578
579 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
580 rfcomm_schedule(RFCOMM_SCHED_TX);
581
582 return 0;
583 }
584
585 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
586 {
587 BT_DBG("dlc %p state %ld v24_sig 0x%x",
588 d, d->state, d->v24_sig);
589
590 *v24_sig = d->v24_sig;
591 return 0;
592 }
593
594 /* ---- RFCOMM sessions ---- */
595 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
596 {
597 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
598
599 if (!s)
600 return NULL;
601
602 BT_DBG("session %p sock %p", s, sock);
603
604 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
605
606 INIT_LIST_HEAD(&s->dlcs);
607 s->state = state;
608 s->sock = sock;
609
610 s->mtu = RFCOMM_DEFAULT_MTU;
611 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
612
613 /* Do not increment module usage count for listening sessions.
614 * Otherwise we won't be able to unload the module. */
615 if (state != BT_LISTEN)
616 if (!try_module_get(THIS_MODULE)) {
617 kfree(s);
618 return NULL;
619 }
620
621 list_add(&s->list, &session_list);
622
623 return s;
624 }
625
626 static void rfcomm_session_del(struct rfcomm_session *s)
627 {
628 int state = s->state;
629
630 BT_DBG("session %p state %ld", s, s->state);
631
632 list_del(&s->list);
633
634 if (state == BT_CONNECTED)
635 rfcomm_send_disc(s, 0);
636
637 rfcomm_session_clear_timer(s);
638 sock_release(s->sock);
639 kfree(s);
640
641 if (state != BT_LISTEN)
642 module_put(THIS_MODULE);
643 }
644
645 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
646 {
647 struct rfcomm_session *s;
648 struct list_head *p, *n;
649 struct bt_sock *sk;
650 list_for_each_safe(p, n, &session_list) {
651 s = list_entry(p, struct rfcomm_session, list);
652 sk = bt_sk(s->sock->sk);
653
654 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
655 !bacmp(&sk->dst, dst))
656 return s;
657 }
658 return NULL;
659 }
660
661 static void rfcomm_session_close(struct rfcomm_session *s, int err)
662 {
663 struct rfcomm_dlc *d;
664 struct list_head *p, *n;
665
666 BT_DBG("session %p state %ld err %d", s, s->state, err);
667
668 rfcomm_session_hold(s);
669
670 s->state = BT_CLOSED;
671
672 /* Close all dlcs */
673 list_for_each_safe(p, n, &s->dlcs) {
674 d = list_entry(p, struct rfcomm_dlc, list);
675 d->state = BT_CLOSED;
676 __rfcomm_dlc_close(d, err);
677 }
678
679 rfcomm_session_clear_timer(s);
680 rfcomm_session_put(s);
681 }
682
683 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
684 {
685 struct rfcomm_session *s = NULL;
686 struct sockaddr_l2 addr;
687 struct socket *sock;
688 struct sock *sk;
689
690 BT_DBG("%s %s", batostr(src), batostr(dst));
691
692 *err = rfcomm_l2sock_create(&sock);
693 if (*err < 0)
694 return NULL;
695
696 bacpy(&addr.l2_bdaddr, src);
697 addr.l2_family = AF_BLUETOOTH;
698 addr.l2_psm = 0;
699 addr.l2_cid = 0;
700 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
701 if (*err < 0)
702 goto failed;
703
704 /* Set L2CAP options */
705 sk = sock->sk;
706 lock_sock(sk);
707 l2cap_pi(sk)->imtu = l2cap_mtu;
708 if (l2cap_ertm)
709 l2cap_pi(sk)->mode = L2CAP_MODE_ERTM;
710 release_sock(sk);
711
712 s = rfcomm_session_add(sock, BT_BOUND);
713 if (!s) {
714 *err = -ENOMEM;
715 goto failed;
716 }
717
718 s->initiator = 1;
719
720 bacpy(&addr.l2_bdaddr, dst);
721 addr.l2_family = AF_BLUETOOTH;
722 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
723 addr.l2_cid = 0;
724 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
725 if (*err == 0 || *err == -EINPROGRESS)
726 return s;
727
728 rfcomm_session_del(s);
729 return NULL;
730
731 failed:
732 sock_release(sock);
733 return NULL;
734 }
735
736 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
737 {
738 struct sock *sk = s->sock->sk;
739 if (src)
740 bacpy(src, &bt_sk(sk)->src);
741 if (dst)
742 bacpy(dst, &bt_sk(sk)->dst);
743 }
744
745 /* ---- RFCOMM frame sending ---- */
746 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
747 {
748 struct socket *sock = s->sock;
749 struct kvec iv = { data, len };
750 struct msghdr msg;
751
752 BT_DBG("session %p len %d", s, len);
753
754 memset(&msg, 0, sizeof(msg));
755
756 return kernel_sendmsg(sock, &msg, &iv, 1, len);
757 }
758
759 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
760 {
761 struct rfcomm_cmd cmd;
762
763 BT_DBG("%p dlci %d", s, dlci);
764
765 cmd.addr = __addr(s->initiator, dlci);
766 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
767 cmd.len = __len8(0);
768 cmd.fcs = __fcs2((u8 *) &cmd);
769
770 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
771 }
772
773 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
774 {
775 struct rfcomm_cmd cmd;
776
777 BT_DBG("%p dlci %d", s, dlci);
778
779 cmd.addr = __addr(!s->initiator, dlci);
780 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
781 cmd.len = __len8(0);
782 cmd.fcs = __fcs2((u8 *) &cmd);
783
784 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
785 }
786
787 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
788 {
789 struct rfcomm_cmd cmd;
790
791 BT_DBG("%p dlci %d", s, dlci);
792
793 cmd.addr = __addr(s->initiator, dlci);
794 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
795 cmd.len = __len8(0);
796 cmd.fcs = __fcs2((u8 *) &cmd);
797
798 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
799 }
800
801 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
802 {
803 struct rfcomm_cmd *cmd;
804 struct sk_buff *skb;
805
806 BT_DBG("dlc %p dlci %d", d, d->dlci);
807
808 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
809 if (!skb)
810 return -ENOMEM;
811
812 cmd = (void *) __skb_put(skb, sizeof(*cmd));
813 cmd->addr = d->addr;
814 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
815 cmd->len = __len8(0);
816 cmd->fcs = __fcs2((u8 *) cmd);
817
818 skb_queue_tail(&d->tx_queue, skb);
819 rfcomm_schedule(RFCOMM_SCHED_TX);
820 return 0;
821 }
822
823 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
824 {
825 struct rfcomm_cmd cmd;
826
827 BT_DBG("%p dlci %d", s, dlci);
828
829 cmd.addr = __addr(!s->initiator, dlci);
830 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
831 cmd.len = __len8(0);
832 cmd.fcs = __fcs2((u8 *) &cmd);
833
834 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
835 }
836
837 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
838 {
839 struct rfcomm_hdr *hdr;
840 struct rfcomm_mcc *mcc;
841 u8 buf[16], *ptr = buf;
842
843 BT_DBG("%p cr %d type %d", s, cr, type);
844
845 hdr = (void *) ptr; ptr += sizeof(*hdr);
846 hdr->addr = __addr(s->initiator, 0);
847 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
848 hdr->len = __len8(sizeof(*mcc) + 1);
849
850 mcc = (void *) ptr; ptr += sizeof(*mcc);
851 mcc->type = __mcc_type(cr, RFCOMM_NSC);
852 mcc->len = __len8(1);
853
854 /* Type that we didn't like */
855 *ptr = __mcc_type(cr, type); ptr++;
856
857 *ptr = __fcs(buf); ptr++;
858
859 return rfcomm_send_frame(s, buf, ptr - buf);
860 }
861
862 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
863 {
864 struct rfcomm_hdr *hdr;
865 struct rfcomm_mcc *mcc;
866 struct rfcomm_pn *pn;
867 u8 buf[16], *ptr = buf;
868
869 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
870
871 hdr = (void *) ptr; ptr += sizeof(*hdr);
872 hdr->addr = __addr(s->initiator, 0);
873 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
874 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
875
876 mcc = (void *) ptr; ptr += sizeof(*mcc);
877 mcc->type = __mcc_type(cr, RFCOMM_PN);
878 mcc->len = __len8(sizeof(*pn));
879
880 pn = (void *) ptr; ptr += sizeof(*pn);
881 pn->dlci = d->dlci;
882 pn->priority = d->priority;
883 pn->ack_timer = 0;
884 pn->max_retrans = 0;
885
886 if (s->cfc) {
887 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
888 pn->credits = RFCOMM_DEFAULT_CREDITS;
889 } else {
890 pn->flow_ctrl = 0;
891 pn->credits = 0;
892 }
893
894 if (cr && channel_mtu >= 0)
895 pn->mtu = cpu_to_le16(channel_mtu);
896 else
897 pn->mtu = cpu_to_le16(d->mtu);
898
899 *ptr = __fcs(buf); ptr++;
900
901 return rfcomm_send_frame(s, buf, ptr - buf);
902 }
903
904 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
905 u8 bit_rate, u8 data_bits, u8 stop_bits,
906 u8 parity, u8 flow_ctrl_settings,
907 u8 xon_char, u8 xoff_char, u16 param_mask)
908 {
909 struct rfcomm_hdr *hdr;
910 struct rfcomm_mcc *mcc;
911 struct rfcomm_rpn *rpn;
912 u8 buf[16], *ptr = buf;
913
914 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
915 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
916 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
917 flow_ctrl_settings, xon_char, xoff_char, param_mask);
918
919 hdr = (void *) ptr; ptr += sizeof(*hdr);
920 hdr->addr = __addr(s->initiator, 0);
921 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
922 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
923
924 mcc = (void *) ptr; ptr += sizeof(*mcc);
925 mcc->type = __mcc_type(cr, RFCOMM_RPN);
926 mcc->len = __len8(sizeof(*rpn));
927
928 rpn = (void *) ptr; ptr += sizeof(*rpn);
929 rpn->dlci = __addr(1, dlci);
930 rpn->bit_rate = bit_rate;
931 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
932 rpn->flow_ctrl = flow_ctrl_settings;
933 rpn->xon_char = xon_char;
934 rpn->xoff_char = xoff_char;
935 rpn->param_mask = cpu_to_le16(param_mask);
936
937 *ptr = __fcs(buf); ptr++;
938
939 return rfcomm_send_frame(s, buf, ptr - buf);
940 }
941
942 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
943 {
944 struct rfcomm_hdr *hdr;
945 struct rfcomm_mcc *mcc;
946 struct rfcomm_rls *rls;
947 u8 buf[16], *ptr = buf;
948
949 BT_DBG("%p cr %d status 0x%x", s, cr, status);
950
951 hdr = (void *) ptr; ptr += sizeof(*hdr);
952 hdr->addr = __addr(s->initiator, 0);
953 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
954 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
955
956 mcc = (void *) ptr; ptr += sizeof(*mcc);
957 mcc->type = __mcc_type(cr, RFCOMM_RLS);
958 mcc->len = __len8(sizeof(*rls));
959
960 rls = (void *) ptr; ptr += sizeof(*rls);
961 rls->dlci = __addr(1, dlci);
962 rls->status = status;
963
964 *ptr = __fcs(buf); ptr++;
965
966 return rfcomm_send_frame(s, buf, ptr - buf);
967 }
968
969 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
970 {
971 struct rfcomm_hdr *hdr;
972 struct rfcomm_mcc *mcc;
973 struct rfcomm_msc *msc;
974 u8 buf[16], *ptr = buf;
975
976 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
977
978 hdr = (void *) ptr; ptr += sizeof(*hdr);
979 hdr->addr = __addr(s->initiator, 0);
980 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
981 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
982
983 mcc = (void *) ptr; ptr += sizeof(*mcc);
984 mcc->type = __mcc_type(cr, RFCOMM_MSC);
985 mcc->len = __len8(sizeof(*msc));
986
987 msc = (void *) ptr; ptr += sizeof(*msc);
988 msc->dlci = __addr(1, dlci);
989 msc->v24_sig = v24_sig | 0x01;
990
991 *ptr = __fcs(buf); ptr++;
992
993 return rfcomm_send_frame(s, buf, ptr - buf);
994 }
995
996 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
997 {
998 struct rfcomm_hdr *hdr;
999 struct rfcomm_mcc *mcc;
1000 u8 buf[16], *ptr = buf;
1001
1002 BT_DBG("%p cr %d", s, cr);
1003
1004 hdr = (void *) ptr; ptr += sizeof(*hdr);
1005 hdr->addr = __addr(s->initiator, 0);
1006 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1007 hdr->len = __len8(sizeof(*mcc));
1008
1009 mcc = (void *) ptr; ptr += sizeof(*mcc);
1010 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1011 mcc->len = __len8(0);
1012
1013 *ptr = __fcs(buf); ptr++;
1014
1015 return rfcomm_send_frame(s, buf, ptr - buf);
1016 }
1017
1018 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1019 {
1020 struct rfcomm_hdr *hdr;
1021 struct rfcomm_mcc *mcc;
1022 u8 buf[16], *ptr = buf;
1023
1024 BT_DBG("%p cr %d", s, cr);
1025
1026 hdr = (void *) ptr; ptr += sizeof(*hdr);
1027 hdr->addr = __addr(s->initiator, 0);
1028 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1029 hdr->len = __len8(sizeof(*mcc));
1030
1031 mcc = (void *) ptr; ptr += sizeof(*mcc);
1032 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1033 mcc->len = __len8(0);
1034
1035 *ptr = __fcs(buf); ptr++;
1036
1037 return rfcomm_send_frame(s, buf, ptr - buf);
1038 }
1039
1040 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1041 {
1042 struct socket *sock = s->sock;
1043 struct kvec iv[3];
1044 struct msghdr msg;
1045 unsigned char hdr[5], crc[1];
1046
1047 if (len > 125)
1048 return -EINVAL;
1049
1050 BT_DBG("%p cr %d", s, cr);
1051
1052 hdr[0] = __addr(s->initiator, 0);
1053 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1054 hdr[2] = 0x01 | ((len + 2) << 1);
1055 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1056 hdr[4] = 0x01 | (len << 1);
1057
1058 crc[0] = __fcs(hdr);
1059
1060 iv[0].iov_base = hdr;
1061 iv[0].iov_len = 5;
1062 iv[1].iov_base = pattern;
1063 iv[1].iov_len = len;
1064 iv[2].iov_base = crc;
1065 iv[2].iov_len = 1;
1066
1067 memset(&msg, 0, sizeof(msg));
1068
1069 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1070 }
1071
1072 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1073 {
1074 struct rfcomm_hdr *hdr;
1075 u8 buf[16], *ptr = buf;
1076
1077 BT_DBG("%p addr %d credits %d", s, addr, credits);
1078
1079 hdr = (void *) ptr; ptr += sizeof(*hdr);
1080 hdr->addr = addr;
1081 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1082 hdr->len = __len8(0);
1083
1084 *ptr = credits; ptr++;
1085
1086 *ptr = __fcs(buf); ptr++;
1087
1088 return rfcomm_send_frame(s, buf, ptr - buf);
1089 }
1090
1091 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1092 {
1093 struct rfcomm_hdr *hdr;
1094 int len = skb->len;
1095 u8 *crc;
1096
1097 if (len > 127) {
1098 hdr = (void *) skb_push(skb, 4);
1099 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1100 } else {
1101 hdr = (void *) skb_push(skb, 3);
1102 hdr->len = __len8(len);
1103 }
1104 hdr->addr = addr;
1105 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1106
1107 crc = skb_put(skb, 1);
1108 *crc = __fcs((void *) hdr);
1109 }
1110
1111 /* ---- RFCOMM frame reception ---- */
1112 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1113 {
1114 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1115
1116 if (dlci) {
1117 /* Data channel */
1118 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1119 if (!d) {
1120 rfcomm_send_dm(s, dlci);
1121 return 0;
1122 }
1123
1124 switch (d->state) {
1125 case BT_CONNECT:
1126 rfcomm_dlc_clear_timer(d);
1127
1128 rfcomm_dlc_lock(d);
1129 d->state = BT_CONNECTED;
1130 d->state_change(d, 0);
1131 rfcomm_dlc_unlock(d);
1132
1133 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1134 break;
1135
1136 case BT_DISCONN:
1137 d->state = BT_CLOSED;
1138 __rfcomm_dlc_close(d, 0);
1139
1140 if (list_empty(&s->dlcs)) {
1141 s->state = BT_DISCONN;
1142 rfcomm_send_disc(s, 0);
1143 }
1144
1145 break;
1146 }
1147 } else {
1148 /* Control channel */
1149 switch (s->state) {
1150 case BT_CONNECT:
1151 s->state = BT_CONNECTED;
1152 rfcomm_process_connect(s);
1153 break;
1154
1155 case BT_DISCONN:
1156 /* When socket is closed and we are not RFCOMM
1157 * initiator rfcomm_process_rx already calls
1158 * rfcomm_session_put() */
1159 if (s->sock->sk->sk_state != BT_CLOSED)
1160 rfcomm_session_put(s);
1161 break;
1162 }
1163 }
1164 return 0;
1165 }
1166
1167 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1168 {
1169 int err = 0;
1170
1171 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1172
1173 if (dlci) {
1174 /* Data DLC */
1175 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1176 if (d) {
1177 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1178 err = ECONNREFUSED;
1179 else
1180 err = ECONNRESET;
1181
1182 d->state = BT_CLOSED;
1183 __rfcomm_dlc_close(d, err);
1184 }
1185 } else {
1186 if (s->state == BT_CONNECT)
1187 err = ECONNREFUSED;
1188 else
1189 err = ECONNRESET;
1190
1191 s->state = BT_CLOSED;
1192 rfcomm_session_close(s, err);
1193 }
1194 return 0;
1195 }
1196
1197 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1198 {
1199 int err = 0;
1200
1201 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1202
1203 if (dlci) {
1204 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1205 if (d) {
1206 rfcomm_send_ua(s, dlci);
1207
1208 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1209 err = ECONNREFUSED;
1210 else
1211 err = ECONNRESET;
1212
1213 d->state = BT_CLOSED;
1214 __rfcomm_dlc_close(d, err);
1215 } else
1216 rfcomm_send_dm(s, dlci);
1217
1218 } else {
1219 rfcomm_send_ua(s, 0);
1220
1221 if (s->state == BT_CONNECT)
1222 err = ECONNREFUSED;
1223 else
1224 err = ECONNRESET;
1225
1226 s->state = BT_CLOSED;
1227 rfcomm_session_close(s, err);
1228 }
1229
1230 return 0;
1231 }
1232
1233 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1234 {
1235 struct sock *sk = d->session->sock->sk;
1236
1237 BT_DBG("dlc %p", d);
1238
1239 rfcomm_send_ua(d->session, d->dlci);
1240
1241 rfcomm_dlc_clear_timer(d);
1242
1243 rfcomm_dlc_lock(d);
1244 d->state = BT_CONNECTED;
1245 d->state_change(d, 0);
1246 rfcomm_dlc_unlock(d);
1247
1248 if (d->role_switch)
1249 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);
1250
1251 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1252 }
1253
1254 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1255 {
1256 if (rfcomm_check_security(d)) {
1257 if (d->defer_setup) {
1258 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1259 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1260
1261 rfcomm_dlc_lock(d);
1262 d->state = BT_CONNECT2;
1263 d->state_change(d, 0);
1264 rfcomm_dlc_unlock(d);
1265 } else
1266 rfcomm_dlc_accept(d);
1267 } else {
1268 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1269 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1270 }
1271 }
1272
1273 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1274 {
1275 struct rfcomm_dlc *d;
1276 u8 channel;
1277
1278 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1279
1280 if (!dlci) {
1281 rfcomm_send_ua(s, 0);
1282
1283 if (s->state == BT_OPEN) {
1284 s->state = BT_CONNECTED;
1285 rfcomm_process_connect(s);
1286 }
1287 return 0;
1288 }
1289
1290 /* Check if DLC exists */
1291 d = rfcomm_dlc_get(s, dlci);
1292 if (d) {
1293 if (d->state == BT_OPEN) {
1294 /* DLC was previously opened by PN request */
1295 rfcomm_check_accept(d);
1296 }
1297 return 0;
1298 }
1299
1300 /* Notify socket layer about incoming connection */
1301 channel = __srv_channel(dlci);
1302 if (rfcomm_connect_ind(s, channel, &d)) {
1303 d->dlci = dlci;
1304 d->addr = __addr(s->initiator, dlci);
1305 rfcomm_dlc_link(s, d);
1306
1307 rfcomm_check_accept(d);
1308 } else {
1309 rfcomm_send_dm(s, dlci);
1310 }
1311
1312 return 0;
1313 }
1314
1315 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1316 {
1317 struct rfcomm_session *s = d->session;
1318
1319 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1320 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1321
1322 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1323 pn->flow_ctrl == 0xe0) {
1324 d->cfc = RFCOMM_CFC_ENABLED;
1325 d->tx_credits = pn->credits;
1326 } else {
1327 d->cfc = RFCOMM_CFC_DISABLED;
1328 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1329 }
1330
1331 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1332 s->cfc = d->cfc;
1333
1334 d->priority = pn->priority;
1335
1336 d->mtu = __le16_to_cpu(pn->mtu);
1337
1338 if (cr && d->mtu > s->mtu)
1339 d->mtu = s->mtu;
1340
1341 return 0;
1342 }
1343
1344 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1345 {
1346 struct rfcomm_pn *pn = (void *) skb->data;
1347 struct rfcomm_dlc *d;
1348 u8 dlci = pn->dlci;
1349
1350 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1351
1352 if (!dlci)
1353 return 0;
1354
1355 d = rfcomm_dlc_get(s, dlci);
1356 if (d) {
1357 if (cr) {
1358 /* PN request */
1359 rfcomm_apply_pn(d, cr, pn);
1360 rfcomm_send_pn(s, 0, d);
1361 } else {
1362 /* PN response */
1363 switch (d->state) {
1364 case BT_CONFIG:
1365 rfcomm_apply_pn(d, cr, pn);
1366
1367 d->state = BT_CONNECT;
1368 rfcomm_send_sabm(s, d->dlci);
1369 break;
1370 }
1371 }
1372 } else {
1373 u8 channel = __srv_channel(dlci);
1374
1375 if (!cr)
1376 return 0;
1377
1378 /* PN request for non existing DLC.
1379 * Assume incoming connection. */
1380 if (rfcomm_connect_ind(s, channel, &d)) {
1381 d->dlci = dlci;
1382 d->addr = __addr(s->initiator, dlci);
1383 rfcomm_dlc_link(s, d);
1384
1385 rfcomm_apply_pn(d, cr, pn);
1386
1387 d->state = BT_OPEN;
1388 rfcomm_send_pn(s, 0, d);
1389 } else {
1390 rfcomm_send_dm(s, dlci);
1391 }
1392 }
1393 return 0;
1394 }
1395
1396 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1397 {
1398 struct rfcomm_rpn *rpn = (void *) skb->data;
1399 u8 dlci = __get_dlci(rpn->dlci);
1400
1401 u8 bit_rate = 0;
1402 u8 data_bits = 0;
1403 u8 stop_bits = 0;
1404 u8 parity = 0;
1405 u8 flow_ctrl = 0;
1406 u8 xon_char = 0;
1407 u8 xoff_char = 0;
1408 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1409
1410 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1411 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1412 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1413
1414 if (!cr)
1415 return 0;
1416
1417 if (len == 1) {
1418 /* This is a request, return default settings */
1419 bit_rate = RFCOMM_RPN_BR_115200;
1420 data_bits = RFCOMM_RPN_DATA_8;
1421 stop_bits = RFCOMM_RPN_STOP_1;
1422 parity = RFCOMM_RPN_PARITY_NONE;
1423 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1424 xon_char = RFCOMM_RPN_XON_CHAR;
1425 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1426 goto rpn_out;
1427 }
1428
1429 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1430 * no parity, no flow control lines, normal XON/XOFF chars */
1431
1432 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1433 bit_rate = rpn->bit_rate;
1434 if (bit_rate != RFCOMM_RPN_BR_115200) {
1435 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1436 bit_rate = RFCOMM_RPN_BR_115200;
1437 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1438 }
1439 }
1440
1441 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1442 data_bits = __get_rpn_data_bits(rpn->line_settings);
1443 if (data_bits != RFCOMM_RPN_DATA_8) {
1444 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1445 data_bits = RFCOMM_RPN_DATA_8;
1446 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1447 }
1448 }
1449
1450 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1451 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1452 if (stop_bits != RFCOMM_RPN_STOP_1) {
1453 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1454 stop_bits = RFCOMM_RPN_STOP_1;
1455 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1456 }
1457 }
1458
1459 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1460 parity = __get_rpn_parity(rpn->line_settings);
1461 if (parity != RFCOMM_RPN_PARITY_NONE) {
1462 BT_DBG("RPN parity mismatch 0x%x", parity);
1463 parity = RFCOMM_RPN_PARITY_NONE;
1464 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1465 }
1466 }
1467
1468 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1469 flow_ctrl = rpn->flow_ctrl;
1470 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1471 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1472 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1473 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1474 }
1475 }
1476
1477 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1478 xon_char = rpn->xon_char;
1479 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1480 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1481 xon_char = RFCOMM_RPN_XON_CHAR;
1482 rpn_mask ^= RFCOMM_RPN_PM_XON;
1483 }
1484 }
1485
1486 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1487 xoff_char = rpn->xoff_char;
1488 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1489 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1490 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1491 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1492 }
1493 }
1494
1495 rpn_out:
1496 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1497 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1498
1499 return 0;
1500 }
1501
1502 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1503 {
1504 struct rfcomm_rls *rls = (void *) skb->data;
1505 u8 dlci = __get_dlci(rls->dlci);
1506
1507 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1508
1509 if (!cr)
1510 return 0;
1511
1512 /* We should probably do something with this information here. But
1513 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1514 * mandatory to recognise and respond to RLS */
1515
1516 rfcomm_send_rls(s, 0, dlci, rls->status);
1517
1518 return 0;
1519 }
1520
1521 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1522 {
1523 struct rfcomm_msc *msc = (void *) skb->data;
1524 struct rfcomm_dlc *d;
1525 u8 dlci = __get_dlci(msc->dlci);
1526
1527 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1528
1529 d = rfcomm_dlc_get(s, dlci);
1530 if (!d)
1531 return 0;
1532
1533 if (cr) {
1534 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1535 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1536 else
1537 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1538
1539 rfcomm_dlc_lock(d);
1540
1541 d->remote_v24_sig = msc->v24_sig;
1542
1543 if (d->modem_status)
1544 d->modem_status(d, msc->v24_sig);
1545
1546 rfcomm_dlc_unlock(d);
1547
1548 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1549
1550 d->mscex |= RFCOMM_MSCEX_RX;
1551 } else
1552 d->mscex |= RFCOMM_MSCEX_TX;
1553
1554 return 0;
1555 }
1556
1557 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1558 {
1559 struct rfcomm_mcc *mcc = (void *) skb->data;
1560 u8 type, cr, len;
1561
1562 cr = __test_cr(mcc->type);
1563 type = __get_mcc_type(mcc->type);
1564 len = __get_mcc_len(mcc->len);
1565
1566 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1567
1568 skb_pull(skb, 2);
1569
1570 switch (type) {
1571 case RFCOMM_PN:
1572 rfcomm_recv_pn(s, cr, skb);
1573 break;
1574
1575 case RFCOMM_RPN:
1576 rfcomm_recv_rpn(s, cr, len, skb);
1577 break;
1578
1579 case RFCOMM_RLS:
1580 rfcomm_recv_rls(s, cr, skb);
1581 break;
1582
1583 case RFCOMM_MSC:
1584 rfcomm_recv_msc(s, cr, skb);
1585 break;
1586
1587 case RFCOMM_FCOFF:
1588 if (cr) {
1589 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1590 rfcomm_send_fcoff(s, 0);
1591 }
1592 break;
1593
1594 case RFCOMM_FCON:
1595 if (cr) {
1596 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1597 rfcomm_send_fcon(s, 0);
1598 }
1599 break;
1600
1601 case RFCOMM_TEST:
1602 if (cr)
1603 rfcomm_send_test(s, 0, skb->data, skb->len);
1604 break;
1605
1606 case RFCOMM_NSC:
1607 break;
1608
1609 default:
1610 BT_ERR("Unknown control type 0x%02x", type);
1611 rfcomm_send_nsc(s, cr, type);
1612 break;
1613 }
1614 return 0;
1615 }
1616
1617 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1618 {
1619 struct rfcomm_dlc *d;
1620
1621 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1622
1623 d = rfcomm_dlc_get(s, dlci);
1624 if (!d) {
1625 rfcomm_send_dm(s, dlci);
1626 goto drop;
1627 }
1628
1629 if (pf && d->cfc) {
1630 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1631
1632 d->tx_credits += credits;
1633 if (d->tx_credits)
1634 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1635 }
1636
1637 if (skb->len && d->state == BT_CONNECTED) {
1638 rfcomm_dlc_lock(d);
1639 d->rx_credits--;
1640 d->data_ready(d, skb);
1641 rfcomm_dlc_unlock(d);
1642 return 0;
1643 }
1644
1645 drop:
1646 kfree_skb(skb);
1647 return 0;
1648 }
1649
1650 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1651 {
1652 struct rfcomm_hdr *hdr = (void *) skb->data;
1653 u8 type, dlci, fcs;
1654
1655 dlci = __get_dlci(hdr->addr);
1656 type = __get_type(hdr->ctrl);
1657
1658 /* Trim FCS */
1659 skb->len--; skb->tail--;
1660 fcs = *(u8 *)skb_tail_pointer(skb);
1661
1662 if (__check_fcs(skb->data, type, fcs)) {
1663 BT_ERR("bad checksum in packet");
1664 kfree_skb(skb);
1665 return -EILSEQ;
1666 }
1667
1668 if (__test_ea(hdr->len))
1669 skb_pull(skb, 3);
1670 else
1671 skb_pull(skb, 4);
1672
1673 switch (type) {
1674 case RFCOMM_SABM:
1675 if (__test_pf(hdr->ctrl))
1676 rfcomm_recv_sabm(s, dlci);
1677 break;
1678
1679 case RFCOMM_DISC:
1680 if (__test_pf(hdr->ctrl))
1681 rfcomm_recv_disc(s, dlci);
1682 break;
1683
1684 case RFCOMM_UA:
1685 if (__test_pf(hdr->ctrl))
1686 rfcomm_recv_ua(s, dlci);
1687 break;
1688
1689 case RFCOMM_DM:
1690 rfcomm_recv_dm(s, dlci);
1691 break;
1692
1693 case RFCOMM_UIH:
1694 if (dlci)
1695 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1696
1697 rfcomm_recv_mcc(s, skb);
1698 break;
1699
1700 default:
1701 BT_ERR("Unknown packet type 0x%02x\n", type);
1702 break;
1703 }
1704 kfree_skb(skb);
1705 return 0;
1706 }
1707
1708 /* ---- Connection and data processing ---- */
1709
1710 static void rfcomm_process_connect(struct rfcomm_session *s)
1711 {
1712 struct rfcomm_dlc *d;
1713 struct list_head *p, *n;
1714
1715 BT_DBG("session %p state %ld", s, s->state);
1716
1717 list_for_each_safe(p, n, &s->dlcs) {
1718 d = list_entry(p, struct rfcomm_dlc, list);
1719 if (d->state == BT_CONFIG) {
1720 d->mtu = s->mtu;
1721 if (rfcomm_check_security(d)) {
1722 rfcomm_send_pn(s, 1, d);
1723 } else {
1724 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1725 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1726 }
1727 }
1728 }
1729 }
1730
1731 /* Send data queued for the DLC.
1732 * Return number of frames left in the queue.
1733 */
1734 static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1735 {
1736 struct sk_buff *skb;
1737 int err;
1738
1739 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1740 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1741
1742 /* Send pending MSC */
1743 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1744 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1745
1746 if (d->cfc) {
1747 /* CFC enabled.
1748 * Give them some credits */
1749 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1750 d->rx_credits <= (d->cfc >> 2)) {
1751 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1752 d->rx_credits = d->cfc;
1753 }
1754 } else {
1755 /* CFC disabled.
1756 * Give ourselves some credits */
1757 d->tx_credits = 5;
1758 }
1759
1760 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1761 return skb_queue_len(&d->tx_queue);
1762
1763 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1764 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1765 if (err < 0) {
1766 skb_queue_head(&d->tx_queue, skb);
1767 break;
1768 }
1769 kfree_skb(skb);
1770 d->tx_credits--;
1771 }
1772
1773 if (d->cfc && !d->tx_credits) {
1774 /* We're out of TX credits.
1775 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1776 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1777 }
1778
1779 return skb_queue_len(&d->tx_queue);
1780 }
1781
1782 static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1783 {
1784 struct rfcomm_dlc *d;
1785 struct list_head *p, *n;
1786
1787 BT_DBG("session %p state %ld", s, s->state);
1788
1789 list_for_each_safe(p, n, &s->dlcs) {
1790 d = list_entry(p, struct rfcomm_dlc, list);
1791
1792 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1793 __rfcomm_dlc_close(d, ETIMEDOUT);
1794 continue;
1795 }
1796
1797 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1798 rfcomm_dlc_clear_timer(d);
1799 if (d->out) {
1800 rfcomm_send_pn(s, 1, d);
1801 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1802 } else {
1803 if (d->defer_setup) {
1804 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1805 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1806
1807 rfcomm_dlc_lock(d);
1808 d->state = BT_CONNECT2;
1809 d->state_change(d, 0);
1810 rfcomm_dlc_unlock(d);
1811 } else
1812 rfcomm_dlc_accept(d);
1813 }
1814 continue;
1815 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1816 rfcomm_dlc_clear_timer(d);
1817 if (!d->out)
1818 rfcomm_send_dm(s, d->dlci);
1819 else
1820 d->state = BT_CLOSED;
1821 __rfcomm_dlc_close(d, ECONNREFUSED);
1822 continue;
1823 }
1824
1825 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1826 continue;
1827
1828 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1829 continue;
1830
1831 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1832 d->mscex == RFCOMM_MSCEX_OK)
1833 rfcomm_process_tx(d);
1834 }
1835 }
1836
1837 static inline void rfcomm_process_rx(struct rfcomm_session *s)
1838 {
1839 struct socket *sock = s->sock;
1840 struct sock *sk = sock->sk;
1841 struct sk_buff *skb;
1842
1843 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1844
1845 /* Get data directly from socket receive queue without copying it. */
1846 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1847 skb_orphan(skb);
1848 rfcomm_recv_frame(s, skb);
1849 }
1850
1851 if (sk->sk_state == BT_CLOSED) {
1852 if (!s->initiator)
1853 rfcomm_session_put(s);
1854
1855 rfcomm_session_close(s, sk->sk_err);
1856 }
1857 }
1858
1859 static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1860 {
1861 struct socket *sock = s->sock, *nsock;
1862 int err;
1863
1864 /* Fast check for a new connection.
1865 * Avoids unnesesary socket allocations. */
1866 if (list_empty(&bt_sk(sock->sk)->accept_q))
1867 return;
1868
1869 BT_DBG("session %p", s);
1870
1871 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1872 if (err < 0)
1873 return;
1874
1875 /* Set our callbacks */
1876 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1877 nsock->sk->sk_state_change = rfcomm_l2state_change;
1878
1879 s = rfcomm_session_add(nsock, BT_OPEN);
1880 if (s) {
1881 rfcomm_session_hold(s);
1882
1883 /* We should adjust MTU on incoming sessions.
1884 * L2CAP MTU minus UIH header and FCS. */
1885 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5;
1886
1887 rfcomm_schedule(RFCOMM_SCHED_RX);
1888 } else
1889 sock_release(nsock);
1890 }
1891
1892 static inline void rfcomm_check_connection(struct rfcomm_session *s)
1893 {
1894 struct sock *sk = s->sock->sk;
1895
1896 BT_DBG("%p state %ld", s, s->state);
1897
1898 switch(sk->sk_state) {
1899 case BT_CONNECTED:
1900 s->state = BT_CONNECT;
1901
1902 /* We can adjust MTU on outgoing sessions.
1903 * L2CAP MTU minus UIH header and FCS. */
1904 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1905
1906 rfcomm_send_sabm(s, 0);
1907 break;
1908
1909 case BT_CLOSED:
1910 s->state = BT_CLOSED;
1911 rfcomm_session_close(s, sk->sk_err);
1912 break;
1913 }
1914 }
1915
1916 static inline void rfcomm_process_sessions(void)
1917 {
1918 struct list_head *p, *n;
1919
1920 rfcomm_lock();
1921
1922 list_for_each_safe(p, n, &session_list) {
1923 struct rfcomm_session *s;
1924 s = list_entry(p, struct rfcomm_session, list);
1925
1926 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1927 s->state = BT_DISCONN;
1928 rfcomm_send_disc(s, 0);
1929 rfcomm_session_put(s);
1930 continue;
1931 }
1932
1933 if (s->state == BT_LISTEN) {
1934 rfcomm_accept_connection(s);
1935 continue;
1936 }
1937
1938 rfcomm_session_hold(s);
1939
1940 switch (s->state) {
1941 case BT_BOUND:
1942 rfcomm_check_connection(s);
1943 break;
1944
1945 default:
1946 rfcomm_process_rx(s);
1947 break;
1948 }
1949
1950 rfcomm_process_dlcs(s);
1951
1952 rfcomm_session_put(s);
1953 }
1954
1955 rfcomm_unlock();
1956 }
1957
1958 static int rfcomm_add_listener(bdaddr_t *ba)
1959 {
1960 struct sockaddr_l2 addr;
1961 struct socket *sock;
1962 struct sock *sk;
1963 struct rfcomm_session *s;
1964 int err = 0;
1965
1966 /* Create socket */
1967 err = rfcomm_l2sock_create(&sock);
1968 if (err < 0) {
1969 BT_ERR("Create socket failed %d", err);
1970 return err;
1971 }
1972
1973 /* Bind socket */
1974 bacpy(&addr.l2_bdaddr, ba);
1975 addr.l2_family = AF_BLUETOOTH;
1976 addr.l2_psm = cpu_to_le16(RFCOMM_PSM);
1977 addr.l2_cid = 0;
1978 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1979 if (err < 0) {
1980 BT_ERR("Bind failed %d", err);
1981 goto failed;
1982 }
1983
1984 /* Set L2CAP options */
1985 sk = sock->sk;
1986 lock_sock(sk);
1987 l2cap_pi(sk)->imtu = l2cap_mtu;
1988 release_sock(sk);
1989
1990 /* Start listening on the socket */
1991 err = kernel_listen(sock, 10);
1992 if (err) {
1993 BT_ERR("Listen failed %d", err);
1994 goto failed;
1995 }
1996
1997 /* Add listening session */
1998 s = rfcomm_session_add(sock, BT_LISTEN);
1999 if (!s)
2000 goto failed;
2001
2002 rfcomm_session_hold(s);
2003 return 0;
2004 failed:
2005 sock_release(sock);
2006 return err;
2007 }
2008
2009 static void rfcomm_kill_listener(void)
2010 {
2011 struct rfcomm_session *s;
2012 struct list_head *p, *n;
2013
2014 BT_DBG("");
2015
2016 list_for_each_safe(p, n, &session_list) {
2017 s = list_entry(p, struct rfcomm_session, list);
2018 rfcomm_session_del(s);
2019 }
2020 }
2021
2022 static int rfcomm_run(void *unused)
2023 {
2024 BT_DBG("");
2025
2026 set_user_nice(current, -10);
2027
2028 rfcomm_add_listener(BDADDR_ANY);
2029
2030 while (!kthread_should_stop()) {
2031 set_current_state(TASK_INTERRUPTIBLE);
2032 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
2033 /* No pending events. Let's sleep.
2034 * Incoming connections and data will wake us up. */
2035 schedule();
2036 }
2037 set_current_state(TASK_RUNNING);
2038
2039 /* Process stuff */
2040 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
2041 rfcomm_process_sessions();
2042 }
2043
2044 rfcomm_kill_listener();
2045
2046 return 0;
2047 }
2048
2049 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2050 {
2051 struct rfcomm_session *s;
2052 struct rfcomm_dlc *d;
2053 struct list_head *p, *n;
2054
2055 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2056
2057 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2058 if (!s)
2059 return;
2060
2061 rfcomm_session_hold(s);
2062
2063 list_for_each_safe(p, n, &s->dlcs) {
2064 d = list_entry(p, struct rfcomm_dlc, list);
2065
2066 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2067 rfcomm_dlc_clear_timer(d);
2068 if (status || encrypt == 0x00) {
2069 __rfcomm_dlc_close(d, ECONNREFUSED);
2070 continue;
2071 }
2072 }
2073
2074 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2075 if (d->sec_level == BT_SECURITY_MEDIUM) {
2076 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2077 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2078 continue;
2079 } else if (d->sec_level == BT_SECURITY_HIGH) {
2080 __rfcomm_dlc_close(d, ECONNREFUSED);
2081 continue;
2082 }
2083 }
2084
2085 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2086 continue;
2087
2088 if (!status)
2089 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2090 else
2091 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2092 }
2093
2094 rfcomm_session_put(s);
2095
2096 rfcomm_schedule(RFCOMM_SCHED_AUTH);
2097 }
2098
2099 static struct hci_cb rfcomm_cb = {
2100 .name = "RFCOMM",
2101 .security_cfm = rfcomm_security_cfm
2102 };
2103
2104 static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2105 {
2106 struct rfcomm_session *s;
2107 struct list_head *pp, *p;
2108
2109 rfcomm_lock();
2110
2111 list_for_each(p, &session_list) {
2112 s = list_entry(p, struct rfcomm_session, list);
2113 list_for_each(pp, &s->dlcs) {
2114 struct sock *sk = s->sock->sk;
2115 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
2116
2117 seq_printf(f, "%s %s %ld %d %d %d %d\n",
2118 batostr(&bt_sk(sk)->src),
2119 batostr(&bt_sk(sk)->dst),
2120 d->state, d->dlci, d->mtu,
2121 d->rx_credits, d->tx_credits);
2122 }
2123 }
2124
2125 rfcomm_unlock();
2126
2127 return 0;
2128 }
2129
2130 static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file)
2131 {
2132 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private);
2133 }
2134
2135 static const struct file_operations rfcomm_dlc_debugfs_fops = {
2136 .open = rfcomm_dlc_debugfs_open,
2137 .read = seq_read,
2138 .llseek = seq_lseek,
2139 .release = single_release,
2140 };
2141
2142 static struct dentry *rfcomm_dlc_debugfs;
2143
2144 /* ---- Initialization ---- */
2145 static int __init rfcomm_init(void)
2146 {
2147 int err;
2148
2149 l2cap_load();
2150
2151 hci_register_cb(&rfcomm_cb);
2152
2153 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2154 if (IS_ERR(rfcomm_thread)) {
2155 err = PTR_ERR(rfcomm_thread);
2156 goto unregister;
2157 }
2158
2159 if (bt_debugfs) {
2160 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2161 bt_debugfs, NULL, &rfcomm_dlc_debugfs_fops);
2162 if (!rfcomm_dlc_debugfs)
2163 BT_ERR("Failed to create RFCOMM debug file");
2164 }
2165
2166 err = rfcomm_init_ttys();
2167 if (err < 0)
2168 goto stop;
2169
2170 err = rfcomm_init_sockets();
2171 if (err < 0)
2172 goto cleanup;
2173
2174 BT_INFO("RFCOMM ver %s", VERSION);
2175
2176 return 0;
2177
2178 cleanup:
2179 rfcomm_cleanup_ttys();
2180
2181 stop:
2182 kthread_stop(rfcomm_thread);
2183
2184 unregister:
2185 hci_unregister_cb(&rfcomm_cb);
2186
2187 return err;
2188 }
2189
2190 static void __exit rfcomm_exit(void)
2191 {
2192 debugfs_remove(rfcomm_dlc_debugfs);
2193
2194 hci_unregister_cb(&rfcomm_cb);
2195
2196 kthread_stop(rfcomm_thread);
2197
2198 rfcomm_cleanup_ttys();
2199
2200 rfcomm_cleanup_sockets();
2201 }
2202
2203 module_init(rfcomm_init);
2204 module_exit(rfcomm_exit);
2205
2206 module_param(disable_cfc, bool, 0644);
2207 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2208
2209 module_param(channel_mtu, int, 0644);
2210 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2211
2212 module_param(l2cap_mtu, uint, 0644);
2213 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2214
2215 module_param(l2cap_ertm, bool, 0644);
2216 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2217
2218 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2219 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2220 MODULE_VERSION(VERSION);
2221 MODULE_LICENSE("GPL");
2222 MODULE_ALIAS("bt-proto-3");
Linux with added FPC-III support