1 /* 2 * ng_btsocket_rfcomm.c 3 */ 4 5 /*- 6 * Copyright (c) 2001-2003 Maksim Yevmenkin <m_evmenkin@yahoo.com> 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * SUCH DAMAGE. 29 * 30 * $Id: ng_btsocket_rfcomm.c,v 1.28 2003/09/14 23:29:06 max Exp $ 31 * $FreeBSD$ 32 */ 33 34 #include <sys/param.h> 35 #include <sys/systm.h> 36 #include <sys/bitstring.h> 37 #include <sys/domain.h> 38 #include <sys/endian.h> 39 #include <sys/errno.h> 40 #include <sys/filedesc.h> 41 #include <sys/ioccom.h> 42 #include <sys/kernel.h> 43 #include <sys/lock.h> 44 #include <sys/malloc.h> 45 #include <sys/mbuf.h> 46 #include <sys/mutex.h> 47 #include <sys/proc.h> 48 #include <sys/protosw.h> 49 #include <sys/queue.h> 50 #include <sys/socket.h> 51 #include <sys/socketvar.h> 52 #include <sys/sysctl.h> 53 #include <sys/taskqueue.h> 54 #include <sys/uio.h> 55 #include <netgraph/ng_message.h> 56 #include <netgraph/netgraph.h> 57 #include <netgraph/bluetooth/include/ng_bluetooth.h> 58 #include <netgraph/bluetooth/include/ng_hci.h> 59 #include <netgraph/bluetooth/include/ng_l2cap.h> 60 #include <netgraph/bluetooth/include/ng_btsocket.h> 61 #include <netgraph/bluetooth/include/ng_btsocket_l2cap.h> 62 #include <netgraph/bluetooth/include/ng_btsocket_rfcomm.h> 63 64 /* MALLOC define */ 65 #ifdef NG_SEPARATE_MALLOC 66 MALLOC_DEFINE(M_NETGRAPH_BTSOCKET_RFCOMM, "netgraph_btsocks_rfcomm", 67 "Netgraph Bluetooth RFCOMM sockets"); 68 #else 69 #define M_NETGRAPH_BTSOCKET_RFCOMM M_NETGRAPH 70 #endif /* NG_SEPARATE_MALLOC */ 71 72 /* Debug */ 73 #define NG_BTSOCKET_RFCOMM_INFO \ 74 if (ng_btsocket_rfcomm_debug_level >= NG_BTSOCKET_INFO_LEVEL) \ 75 printf 76 77 #define NG_BTSOCKET_RFCOMM_WARN \ 78 if (ng_btsocket_rfcomm_debug_level >= NG_BTSOCKET_WARN_LEVEL) \ 79 printf 80 81 #define NG_BTSOCKET_RFCOMM_ERR \ 82 if (ng_btsocket_rfcomm_debug_level >= NG_BTSOCKET_ERR_LEVEL) \ 83 printf 84 85 #define NG_BTSOCKET_RFCOMM_ALERT \ 86 if (ng_btsocket_rfcomm_debug_level >= NG_BTSOCKET_ALERT_LEVEL) \ 87 printf 88 89 #define ALOT 0x7fff 90 91 /* Local prototypes */ 92 static void ng_btsocket_rfcomm_upcall 93 (struct socket *so, void *arg, int waitflag); 94 static void ng_btsocket_rfcomm_sessions_task 95 (void *ctx, int pending); 96 static void ng_btsocket_rfcomm_session_task 97 (ng_btsocket_rfcomm_session_p s); 98 #define ng_btsocket_rfcomm_task_wakeup() \ 99 taskqueue_enqueue(taskqueue_swi_giant, &ng_btsocket_rfcomm_task) 100 101 static ng_btsocket_rfcomm_pcb_p ng_btsocket_rfcomm_connect_ind 102 (ng_btsocket_rfcomm_session_p s, int channel); 103 static void ng_btsocket_rfcomm_connect_cfm 104 (ng_btsocket_rfcomm_session_p s); 105 106 static int ng_btsocket_rfcomm_session_create 107 (ng_btsocket_rfcomm_session_p *sp, struct socket *l2so, 108 bdaddr_p src, bdaddr_p dst, struct thread *td); 109 static int ng_btsocket_rfcomm_session_accept 110 (ng_btsocket_rfcomm_session_p s0); 111 static int ng_btsocket_rfcomm_session_connect 112 (ng_btsocket_rfcomm_session_p s); 113 static int ng_btsocket_rfcomm_session_receive 114 (ng_btsocket_rfcomm_session_p s); 115 static int ng_btsocket_rfcomm_session_send 116 (ng_btsocket_rfcomm_session_p s); 117 static void ng_btsocket_rfcomm_session_clean 118 (ng_btsocket_rfcomm_session_p s); 119 static void ng_btsocket_rfcomm_session_process_pcb 120 (ng_btsocket_rfcomm_session_p s); 121 static ng_btsocket_rfcomm_session_p ng_btsocket_rfcomm_session_by_addr 122 (bdaddr_p src, bdaddr_p dst); 123 124 static int ng_btsocket_rfcomm_receive_frame 125 (ng_btsocket_rfcomm_session_p s, struct mbuf *m0); 126 static int ng_btsocket_rfcomm_receive_sabm 127 (ng_btsocket_rfcomm_session_p s, int dlci); 128 static int ng_btsocket_rfcomm_receive_disc 129 (ng_btsocket_rfcomm_session_p s, int dlci); 130 static int ng_btsocket_rfcomm_receive_ua 131 (ng_btsocket_rfcomm_session_p s, int dlci); 132 static int ng_btsocket_rfcomm_receive_dm 133 (ng_btsocket_rfcomm_session_p s, int dlci); 134 static int ng_btsocket_rfcomm_receive_uih 135 (ng_btsocket_rfcomm_session_p s, int dlci, int pf, struct mbuf *m0); 136 static int ng_btsocket_rfcomm_receive_mcc 137 (ng_btsocket_rfcomm_session_p s, struct mbuf *m0); 138 static int ng_btsocket_rfcomm_receive_test 139 (ng_btsocket_rfcomm_session_p s, struct mbuf *m0); 140 static int ng_btsocket_rfcomm_receive_fc 141 (ng_btsocket_rfcomm_session_p s, struct mbuf *m0); 142 static int ng_btsocket_rfcomm_receive_msc 143 (ng_btsocket_rfcomm_session_p s, struct mbuf *m0); 144 static int ng_btsocket_rfcomm_receive_rpn 145 (ng_btsocket_rfcomm_session_p s, struct mbuf *m0); 146 static int ng_btsocket_rfcomm_receive_rls 147 (ng_btsocket_rfcomm_session_p s, struct mbuf *m0); 148 static int ng_btsocket_rfcomm_receive_pn 149 (ng_btsocket_rfcomm_session_p s, struct mbuf *m0); 150 static void ng_btsocket_rfcomm_set_pn 151 (ng_btsocket_rfcomm_pcb_p pcb, u_int8_t cr, u_int8_t flow_control, 152 u_int8_t credits, u_int16_t mtu); 153 154 static int ng_btsocket_rfcomm_send_command 155 (ng_btsocket_rfcomm_session_p s, u_int8_t type, u_int8_t dlci); 156 static int ng_btsocket_rfcomm_send_uih 157 (ng_btsocket_rfcomm_session_p s, u_int8_t address, u_int8_t pf, 158 u_int8_t credits, struct mbuf *data); 159 static int ng_btsocket_rfcomm_send_msc 160 (ng_btsocket_rfcomm_pcb_p pcb); 161 static int ng_btsocket_rfcomm_send_pn 162 (ng_btsocket_rfcomm_pcb_p pcb); 163 static int ng_btsocket_rfcomm_send_credits 164 (ng_btsocket_rfcomm_pcb_p pcb); 165 166 static int ng_btsocket_rfcomm_pcb_send 167 (ng_btsocket_rfcomm_pcb_p pcb, int limit); 168 static void ng_btsocket_rfcomm_pcb_kill 169 (ng_btsocket_rfcomm_pcb_p pcb, int error); 170 static ng_btsocket_rfcomm_pcb_p ng_btsocket_rfcomm_pcb_by_channel 171 (bdaddr_p src, int channel); 172 static ng_btsocket_rfcomm_pcb_p ng_btsocket_rfcomm_pcb_by_dlci 173 (ng_btsocket_rfcomm_session_p s, int dlci); 174 static ng_btsocket_rfcomm_pcb_p ng_btsocket_rfcomm_pcb_listener 175 (bdaddr_p src, int channel); 176 177 static void ng_btsocket_rfcomm_timeout 178 (ng_btsocket_rfcomm_pcb_p pcb); 179 static void ng_btsocket_rfcomm_untimeout 180 (ng_btsocket_rfcomm_pcb_p pcb); 181 static void ng_btsocket_rfcomm_process_timeout 182 (void *xpcb); 183 184 static struct mbuf * ng_btsocket_rfcomm_prepare_packet 185 (struct sockbuf *sb, int length); 186 187 /* Globals */ 188 extern int ifqmaxlen; 189 static u_int32_t ng_btsocket_rfcomm_debug_level; 190 static u_int32_t ng_btsocket_rfcomm_timo; 191 struct task ng_btsocket_rfcomm_task; 192 static LIST_HEAD(, ng_btsocket_rfcomm_session) ng_btsocket_rfcomm_sessions; 193 static struct mtx ng_btsocket_rfcomm_sessions_mtx; 194 static LIST_HEAD(, ng_btsocket_rfcomm_pcb) ng_btsocket_rfcomm_sockets; 195 static struct mtx ng_btsocket_rfcomm_sockets_mtx; 196 197 /* Sysctl tree */ 198 SYSCTL_DECL(_net_bluetooth_rfcomm_sockets); 199 SYSCTL_NODE(_net_bluetooth_rfcomm_sockets, OID_AUTO, stream, CTLFLAG_RW, 200 0, "Bluetooth STREAM RFCOMM sockets family"); 201 SYSCTL_INT(_net_bluetooth_rfcomm_sockets_stream, OID_AUTO, debug_level, 202 CTLFLAG_RW, 203 &ng_btsocket_rfcomm_debug_level, NG_BTSOCKET_INFO_LEVEL, 204 "Bluetooth STREAM RFCOMM sockets debug level"); 205 SYSCTL_INT(_net_bluetooth_rfcomm_sockets_stream, OID_AUTO, timeout, 206 CTLFLAG_RW, 207 &ng_btsocket_rfcomm_timo, 60, 208 "Bluetooth STREAM RFCOMM sockets timeout"); 209 210 /***************************************************************************** 211 ***************************************************************************** 212 ** RFCOMM CRC 213 ***************************************************************************** 214 *****************************************************************************/ 215 216 static u_int8_t ng_btsocket_rfcomm_crc_table[256] = { 217 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75, 218 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b, 219 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69, 220 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67, 221 222 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d, 223 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43, 224 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51, 225 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f, 226 227 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05, 228 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b, 229 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19, 230 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17, 231 232 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d, 233 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33, 234 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21, 235 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f, 236 237 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95, 238 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b, 239 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89, 240 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87, 241 242 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad, 243 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3, 244 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1, 245 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf, 246 247 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5, 248 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb, 249 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9, 250 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7, 251 252 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd, 253 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3, 254 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1, 255 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf 256 }; 257 258 /* CRC */ 259 static u_int8_t 260 ng_btsocket_rfcomm_crc(u_int8_t *data, int length) 261 { 262 u_int8_t crc = 0xff; 263 264 while (length --) 265 crc = ng_btsocket_rfcomm_crc_table[crc ^ *data++]; 266 267 return (crc); 268 } /* ng_btsocket_rfcomm_crc */ 269 270 /* FCS on 2 bytes */ 271 static u_int8_t 272 ng_btsocket_rfcomm_fcs2(u_int8_t *data) 273 { 274 return (0xff - ng_btsocket_rfcomm_crc(data, 2)); 275 } /* ng_btsocket_rfcomm_fcs2 */ 276 277 /* FCS on 3 bytes */ 278 static u_int8_t 279 ng_btsocket_rfcomm_fcs3(u_int8_t *data) 280 { 281 return (0xff - ng_btsocket_rfcomm_crc(data, 3)); 282 } /* ng_btsocket_rfcomm_fcs3 */ 283 284 /* 285 * Check FCS 286 * 287 * From Bluetooth spec 288 * 289 * "... In 07.10, the frame check sequence (FCS) is calculated on different 290 * sets of fields for different frame types. These are the fields that the 291 * FCS are calculated on: 292 * 293 * For SABM, DISC, UA, DM frames: on Address, Control and length field. 294 * For UIH frames: on Address and Control field. 295 * 296 * (This is stated here for clarification, and to set the standard for RFCOMM; 297 * the fields included in FCS calculation have actually changed in version 298 * 7.0.0 of TS 07.10, but RFCOMM will not change the FCS calculation scheme 299 * from the one above.) ..." 300 */ 301 302 static int 303 ng_btsocket_rfcomm_check_fcs(u_int8_t *data, int type, u_int8_t fcs) 304 { 305 if (type != RFCOMM_FRAME_UIH) 306 return (ng_btsocket_rfcomm_fcs3(data) != fcs); 307 308 return (ng_btsocket_rfcomm_fcs2(data) != fcs); 309 } /* ng_btsocket_rfcomm_check_fcs */ 310 311 /***************************************************************************** 312 ***************************************************************************** 313 ** Socket interface 314 ***************************************************************************** 315 *****************************************************************************/ 316 317 /* 318 * Initialize everything 319 */ 320 321 void 322 ng_btsocket_rfcomm_init(void) 323 { 324 ng_btsocket_rfcomm_debug_level = NG_BTSOCKET_WARN_LEVEL; 325 ng_btsocket_rfcomm_timo = 60; 326 327 /* RFCOMM task */ 328 TASK_INIT(&ng_btsocket_rfcomm_task, 0, 329 ng_btsocket_rfcomm_sessions_task, NULL); 330 331 /* RFCOMM sessions list */ 332 LIST_INIT(&ng_btsocket_rfcomm_sessions); 333 mtx_init(&ng_btsocket_rfcomm_sessions_mtx, 334 "btsocks_rfcomm_sessions_mtx", NULL, MTX_DEF); 335 336 /* RFCOMM sockets list */ 337 LIST_INIT(&ng_btsocket_rfcomm_sockets); 338 mtx_init(&ng_btsocket_rfcomm_sockets_mtx, 339 "btsocks_rfcomm_sockets_mtx", NULL, MTX_DEF); 340 } /* ng_btsocket_rfcomm_init */ 341 342 /* 343 * Abort connection on socket 344 */ 345 346 void 347 ng_btsocket_rfcomm_abort(struct socket *so) 348 { 349 350 so->so_error = ECONNABORTED; 351 (void)ng_btsocket_rfcomm_disconnect(so); 352 } /* ng_btsocket_rfcomm_abort */ 353 354 void 355 ng_btsocket_rfcomm_close(struct socket *so) 356 { 357 358 (void)ng_btsocket_rfcomm_disconnect(so); 359 } /* ng_btsocket_rfcomm_close */ 360 361 /* 362 * Accept connection on socket. Nothing to do here, socket must be connected 363 * and ready, so just return peer address and be done with it. 364 */ 365 366 int 367 ng_btsocket_rfcomm_accept(struct socket *so, struct sockaddr **nam) 368 { 369 return (ng_btsocket_rfcomm_peeraddr(so, nam)); 370 } /* ng_btsocket_rfcomm_accept */ 371 372 /* 373 * Create and attach new socket 374 */ 375 376 int 377 ng_btsocket_rfcomm_attach(struct socket *so, int proto, struct thread *td) 378 { 379 ng_btsocket_rfcomm_pcb_p pcb = so2rfcomm_pcb(so); 380 int error; 381 382 /* Check socket and protocol */ 383 if (so->so_type != SOCK_STREAM) 384 return (ESOCKTNOSUPPORT); 385 386 #if 0 /* XXX sonewconn() calls "pru_attach" with proto == 0 */ 387 if (proto != 0) 388 if (proto != BLUETOOTH_PROTO_RFCOMM) 389 return (EPROTONOSUPPORT); 390 #endif /* XXX */ 391 392 if (pcb != NULL) 393 return (EISCONN); 394 395 /* Reserve send and receive space if it is not reserved yet */ 396 if ((so->so_snd.sb_hiwat == 0) || (so->so_rcv.sb_hiwat == 0)) { 397 error = soreserve(so, NG_BTSOCKET_RFCOMM_SENDSPACE, 398 NG_BTSOCKET_RFCOMM_RECVSPACE); 399 if (error != 0) 400 return (error); 401 } 402 403 /* Allocate the PCB */ 404 MALLOC(pcb, ng_btsocket_rfcomm_pcb_p, sizeof(*pcb), 405 M_NETGRAPH_BTSOCKET_RFCOMM, M_NOWAIT | M_ZERO); 406 if (pcb == NULL) 407 return (ENOMEM); 408 409 /* Link the PCB and the socket */ 410 so->so_pcb = (caddr_t) pcb; 411 pcb->so = so; 412 413 /* Initialize PCB */ 414 pcb->state = NG_BTSOCKET_RFCOMM_DLC_CLOSED; 415 pcb->flags = NG_BTSOCKET_RFCOMM_DLC_CFC; 416 417 pcb->lmodem = 418 pcb->rmodem = (RFCOMM_MODEM_RTC | RFCOMM_MODEM_RTR | RFCOMM_MODEM_DV); 419 420 pcb->mtu = RFCOMM_DEFAULT_MTU; 421 pcb->tx_cred = 0; 422 pcb->rx_cred = RFCOMM_DEFAULT_CREDITS; 423 424 mtx_init(&pcb->pcb_mtx, "btsocks_rfcomm_pcb_mtx", NULL, MTX_DEF); 425 callout_handle_init(&pcb->timo); 426 427 /* Add the PCB to the list */ 428 mtx_lock(&ng_btsocket_rfcomm_sockets_mtx); 429 LIST_INSERT_HEAD(&ng_btsocket_rfcomm_sockets, pcb, next); 430 mtx_unlock(&ng_btsocket_rfcomm_sockets_mtx); 431 432 return (0); 433 } /* ng_btsocket_rfcomm_attach */ 434 435 /* 436 * Bind socket 437 */ 438 439 int 440 ng_btsocket_rfcomm_bind(struct socket *so, struct sockaddr *nam, 441 struct thread *td) 442 { 443 ng_btsocket_rfcomm_pcb_t *pcb = so2rfcomm_pcb(so); 444 struct sockaddr_rfcomm *sa = (struct sockaddr_rfcomm *) nam; 445 446 if (pcb == NULL) 447 return (EINVAL); 448 449 /* Verify address */ 450 if (sa == NULL) 451 return (EINVAL); 452 if (sa->rfcomm_family != AF_BLUETOOTH) 453 return (EAFNOSUPPORT); 454 if (sa->rfcomm_len != sizeof(*sa)) 455 return (EINVAL); 456 if (sa->rfcomm_channel > 30) 457 return (EINVAL); 458 if (sa->rfcomm_channel != 0 && 459 ng_btsocket_rfcomm_pcb_by_channel(&sa->rfcomm_bdaddr, sa->rfcomm_channel) != NULL) 460 return (EADDRINUSE); 461 462 bcopy(&sa->rfcomm_bdaddr, &pcb->src, sizeof(pcb->src)); 463 pcb->channel = sa->rfcomm_channel; 464 465 return (0); 466 } /* ng_btsocket_rfcomm_bind */ 467 468 /* 469 * Connect socket 470 */ 471 472 int 473 ng_btsocket_rfcomm_connect(struct socket *so, struct sockaddr *nam, 474 struct thread *td) 475 { 476 ng_btsocket_rfcomm_pcb_t *pcb = so2rfcomm_pcb(so); 477 struct sockaddr_rfcomm *sa = (struct sockaddr_rfcomm *) nam; 478 ng_btsocket_rfcomm_session_t *s = NULL; 479 struct socket *l2so = NULL; 480 int dlci, error = 0; 481 482 if (pcb == NULL) 483 return (EINVAL); 484 485 /* Verify address */ 486 if (sa == NULL) 487 return (EINVAL); 488 if (sa->rfcomm_family != AF_BLUETOOTH) 489 return (EAFNOSUPPORT); 490 if (sa->rfcomm_len != sizeof(*sa)) 491 return (EINVAL); 492 if (sa->rfcomm_channel > 30) 493 return (EINVAL); 494 if (sa->rfcomm_channel == 0 || 495 bcmp(&sa->rfcomm_bdaddr, NG_HCI_BDADDR_ANY, sizeof(bdaddr_t)) == 0) 496 return (EDESTADDRREQ); 497 498 /* 499 * XXX FIXME - This is FUBAR. socreate() will call soalloc(1), i.e. 500 * soalloc() is allowed to sleep in MALLOC. This creates "could sleep" 501 * WITNESS warnings. To work around this problem we will create L2CAP 502 * socket first and then check if we actually need it. Note that we 503 * will not check for errors in socreate() because if we failed to 504 * create L2CAP socket at this point we still might have already open 505 * session. 506 */ 507 508 error = socreate(PF_BLUETOOTH, &l2so, SOCK_SEQPACKET, 509 BLUETOOTH_PROTO_L2CAP, td->td_ucred, td); 510 511 /* 512 * Look for session between "pcb->src" and "sa->rfcomm_bdaddr" (dst) 513 */ 514 515 mtx_lock(&ng_btsocket_rfcomm_sessions_mtx); 516 517 s = ng_btsocket_rfcomm_session_by_addr(&pcb->src, &sa->rfcomm_bdaddr); 518 if (s == NULL) { 519 /* 520 * We need to create new RFCOMM session. Check if we have L2CAP 521 * socket. If l2so == NULL then error has the error code from 522 * socreate() 523 */ 524 525 if (l2so == NULL) { 526 mtx_unlock(&ng_btsocket_rfcomm_sessions_mtx); 527 return (error); 528 } 529 530 error = ng_btsocket_rfcomm_session_create(&s, l2so, 531 &pcb->src, &sa->rfcomm_bdaddr, td); 532 if (error != 0) { 533 mtx_unlock(&ng_btsocket_rfcomm_sessions_mtx); 534 soclose(l2so); 535 536 return (error); 537 } 538 } else if (l2so != NULL) 539 soclose(l2so); /* we don't need new L2CAP socket */ 540 541 /* 542 * Check if we already have the same DLCI the the same session 543 */ 544 545 mtx_lock(&s->session_mtx); 546 mtx_lock(&pcb->pcb_mtx); 547 548 dlci = RFCOMM_MKDLCI(!INITIATOR(s), sa->rfcomm_channel); 549 550 if (ng_btsocket_rfcomm_pcb_by_dlci(s, dlci) != NULL) { 551 mtx_unlock(&pcb->pcb_mtx); 552 mtx_unlock(&s->session_mtx); 553 mtx_unlock(&ng_btsocket_rfcomm_sessions_mtx); 554 555 return (EBUSY); 556 } 557 558 /* 559 * Check session state and if its not acceptable then refuse connection 560 */ 561 562 switch (s->state) { 563 case NG_BTSOCKET_RFCOMM_SESSION_CONNECTING: 564 case NG_BTSOCKET_RFCOMM_SESSION_CONNECTED: 565 case NG_BTSOCKET_RFCOMM_SESSION_OPEN: 566 /* 567 * Update destination address and channel and attach 568 * DLC to the session 569 */ 570 571 bcopy(&sa->rfcomm_bdaddr, &pcb->dst, sizeof(pcb->dst)); 572 pcb->channel = sa->rfcomm_channel; 573 pcb->dlci = dlci; 574 575 LIST_INSERT_HEAD(&s->dlcs, pcb, session_next); 576 pcb->session = s; 577 578 ng_btsocket_rfcomm_timeout(pcb); 579 soisconnecting(pcb->so); 580 581 if (s->state == NG_BTSOCKET_RFCOMM_SESSION_OPEN) { 582 pcb->mtu = s->mtu; 583 bcopy(&so2l2cap_pcb(s->l2so)->src, &pcb->src, 584 sizeof(pcb->src)); 585 586 pcb->state = NG_BTSOCKET_RFCOMM_DLC_CONFIGURING; 587 588 error = ng_btsocket_rfcomm_send_pn(pcb); 589 if (error == 0) 590 error = ng_btsocket_rfcomm_task_wakeup(); 591 } else 592 pcb->state = NG_BTSOCKET_RFCOMM_DLC_W4_CONNECT; 593 break; 594 595 default: 596 error = ECONNRESET; 597 break; 598 } 599 600 mtx_unlock(&pcb->pcb_mtx); 601 mtx_unlock(&s->session_mtx); 602 mtx_unlock(&ng_btsocket_rfcomm_sessions_mtx); 603 604 return (error); 605 } /* ng_btsocket_rfcomm_connect */ 606 607 /* 608 * Process ioctl's calls on socket. 609 * XXX FIXME this should provide interface to the RFCOMM multiplexor channel 610 */ 611 612 int 613 ng_btsocket_rfcomm_control(struct socket *so, u_long cmd, caddr_t data, 614 struct ifnet *ifp, struct thread *td) 615 { 616 return (EINVAL); 617 } /* ng_btsocket_rfcomm_control */ 618 619 /* 620 * Process getsockopt/setsockopt system calls 621 */ 622 623 int 624 ng_btsocket_rfcomm_ctloutput(struct socket *so, struct sockopt *sopt) 625 { 626 ng_btsocket_rfcomm_pcb_p pcb = so2rfcomm_pcb(so); 627 struct ng_btsocket_rfcomm_fc_info fcinfo; 628 int error = 0; 629 630 if (pcb == NULL) 631 return (EINVAL); 632 if (sopt->sopt_level != SOL_RFCOMM) 633 return (0); 634 635 mtx_lock(&pcb->pcb_mtx); 636 637 switch (sopt->sopt_dir) { 638 case SOPT_GET: 639 switch (sopt->sopt_name) { 640 case SO_RFCOMM_MTU: 641 error = sooptcopyout(sopt, &pcb->mtu, sizeof(pcb->mtu)); 642 break; 643 644 case SO_RFCOMM_FC_INFO: 645 fcinfo.lmodem = pcb->lmodem; 646 fcinfo.rmodem = pcb->rmodem; 647 fcinfo.tx_cred = pcb->tx_cred; 648 fcinfo.rx_cred = pcb->rx_cred; 649 fcinfo.cfc = (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_CFC)? 650 1 : 0; 651 fcinfo.reserved = 0; 652 653 error = sooptcopyout(sopt, &fcinfo, sizeof(fcinfo)); 654 break; 655 656 default: 657 error = ENOPROTOOPT; 658 break; 659 } 660 break; 661 662 case SOPT_SET: 663 switch (sopt->sopt_name) { 664 default: 665 error = ENOPROTOOPT; 666 break; 667 } 668 break; 669 670 default: 671 error = EINVAL; 672 break; 673 } 674 675 mtx_unlock(&pcb->pcb_mtx); 676 677 return (error); 678 } /* ng_btsocket_rfcomm_ctloutput */ 679 680 /* 681 * Detach and destroy socket 682 */ 683 684 void 685 ng_btsocket_rfcomm_detach(struct socket *so) 686 { 687 ng_btsocket_rfcomm_pcb_p pcb = so2rfcomm_pcb(so); 688 689 KASSERT(pcb != NULL, ("ng_btsocket_rfcomm_detach: pcb == NULL")); 690 691 mtx_lock(&pcb->pcb_mtx); 692 693 switch (pcb->state) { 694 case NG_BTSOCKET_RFCOMM_DLC_W4_CONNECT: 695 case NG_BTSOCKET_RFCOMM_DLC_CONFIGURING: 696 case NG_BTSOCKET_RFCOMM_DLC_CONNECTING: 697 case NG_BTSOCKET_RFCOMM_DLC_CONNECTED: 698 /* XXX What to do with pending request? */ 699 if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_TIMO) 700 ng_btsocket_rfcomm_untimeout(pcb); 701 702 if (pcb->state == NG_BTSOCKET_RFCOMM_DLC_W4_CONNECT) 703 pcb->flags |= NG_BTSOCKET_RFCOMM_DLC_DETACHED; 704 else 705 pcb->state = NG_BTSOCKET_RFCOMM_DLC_DISCONNECTING; 706 707 ng_btsocket_rfcomm_task_wakeup(); 708 break; 709 710 case NG_BTSOCKET_RFCOMM_DLC_DISCONNECTING: 711 ng_btsocket_rfcomm_task_wakeup(); 712 break; 713 } 714 715 while (pcb->state != NG_BTSOCKET_RFCOMM_DLC_CLOSED) 716 msleep(&pcb->state, &pcb->pcb_mtx, PZERO, "rf_det", 0); 717 718 if (pcb->session != NULL) 719 panic("%s: pcb->session != NULL\n", __func__); 720 if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_TIMO) 721 panic("%s: timeout on closed DLC, flags=%#x\n", 722 __func__, pcb->flags); 723 724 mtx_lock(&ng_btsocket_rfcomm_sockets_mtx); 725 LIST_REMOVE(pcb, next); 726 mtx_unlock(&ng_btsocket_rfcomm_sockets_mtx); 727 728 mtx_unlock(&pcb->pcb_mtx); 729 730 mtx_destroy(&pcb->pcb_mtx); 731 bzero(pcb, sizeof(*pcb)); 732 FREE(pcb, M_NETGRAPH_BTSOCKET_RFCOMM); 733 734 soisdisconnected(so); 735 so->so_pcb = NULL; 736 } /* ng_btsocket_rfcomm_detach */ 737 738 /* 739 * Disconnect socket 740 */ 741 742 int 743 ng_btsocket_rfcomm_disconnect(struct socket *so) 744 { 745 ng_btsocket_rfcomm_pcb_p pcb = so2rfcomm_pcb(so); 746 747 if (pcb == NULL) 748 return (EINVAL); 749 750 mtx_lock(&pcb->pcb_mtx); 751 752 if (pcb->state == NG_BTSOCKET_RFCOMM_DLC_DISCONNECTING) { 753 mtx_unlock(&pcb->pcb_mtx); 754 return (EINPROGRESS); 755 } 756 757 /* XXX What to do with pending request? */ 758 if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_TIMO) 759 ng_btsocket_rfcomm_untimeout(pcb); 760 761 switch (pcb->state) { 762 case NG_BTSOCKET_RFCOMM_DLC_CONFIGURING: /* XXX can we get here? */ 763 case NG_BTSOCKET_RFCOMM_DLC_CONNECTING: /* XXX can we get here? */ 764 case NG_BTSOCKET_RFCOMM_DLC_CONNECTED: 765 766 /* 767 * Just change DLC state and enqueue RFCOMM task. It will 768 * queue and send DISC on the DLC. 769 */ 770 771 pcb->state = NG_BTSOCKET_RFCOMM_DLC_DISCONNECTING; 772 soisdisconnecting(so); 773 774 ng_btsocket_rfcomm_task_wakeup(); 775 break; 776 777 case NG_BTSOCKET_RFCOMM_DLC_CLOSED: 778 case NG_BTSOCKET_RFCOMM_DLC_W4_CONNECT: 779 break; 780 781 default: 782 panic("%s: Invalid DLC state=%d, flags=%#x\n", 783 __func__, pcb->state, pcb->flags); 784 break; 785 } 786 787 mtx_unlock(&pcb->pcb_mtx); 788 789 return (0); 790 } /* ng_btsocket_rfcomm_disconnect */ 791 792 /* 793 * Listen on socket. First call to listen() will create listening RFCOMM session 794 */ 795 796 int 797 ng_btsocket_rfcomm_listen(struct socket *so, int backlog, struct thread *td) 798 { 799 ng_btsocket_rfcomm_pcb_p pcb = so2rfcomm_pcb(so); 800 ng_btsocket_rfcomm_session_p s = NULL; 801 struct socket *l2so = NULL; 802 int error; 803 int socreate_error; 804 805 if (pcb == NULL) 806 return (EINVAL); 807 if (pcb->channel < 1 || pcb->channel > 30) 808 return (EDESTADDRREQ); 809 810 /* 811 * XXX FIXME - This is FUBAR. socreate() will call soalloc(1), i.e. 812 * soalloc() is allowed to sleep in MALLOC. This creates "could sleep" 813 * WITNESS warnings. To work around this problem we will create L2CAP 814 * socket first and then check if we actually need it. Note that we 815 * will not check for errors in socreate() because if we failed to 816 * create L2CAP socket at this point we still might have already open 817 * session. 818 */ 819 820 socreate_error = socreate(PF_BLUETOOTH, &l2so, SOCK_SEQPACKET, 821 BLUETOOTH_PROTO_L2CAP, td->td_ucred, td); 822 823 /* 824 * Transition the socket and session into the LISTENING state. Check 825 * for collisions first, as there can only be one. 826 */ 827 mtx_lock(&ng_btsocket_rfcomm_sessions_mtx); 828 SOCK_LOCK(so); 829 error = solisten_proto_check(so); 830 SOCK_UNLOCK(so); 831 if (error != 0) 832 goto out; 833 834 LIST_FOREACH(s, &ng_btsocket_rfcomm_sessions, next) 835 if (s->state == NG_BTSOCKET_RFCOMM_SESSION_LISTENING) 836 break; 837 838 if (s == NULL) { 839 /* 840 * We need to create default RFCOMM session. Check if we have 841 * L2CAP socket. If l2so == NULL then error has the error code 842 * from socreate() 843 */ 844 if (l2so == NULL) { 845 error = socreate_error; 846 goto out; 847 } 848 849 /* 850 * Create default listen RFCOMM session. The default RFCOMM 851 * session will listen on ANY address. 852 * 853 * XXX FIXME Note that currently there is no way to adjust MTU 854 * for the default session. 855 */ 856 error = ng_btsocket_rfcomm_session_create(&s, l2so, 857 NG_HCI_BDADDR_ANY, NULL, td); 858 if (error != 0) 859 goto out; 860 l2so = NULL; 861 } 862 SOCK_LOCK(so); 863 solisten_proto(so, backlog); 864 SOCK_UNLOCK(so); 865 out: 866 mtx_unlock(&ng_btsocket_rfcomm_sessions_mtx); 867 /* 868 * If we still have an l2so reference here, it's unneeded, so release 869 * it. 870 */ 871 if (l2so != NULL) 872 soclose(l2so); 873 return (error); 874 } /* ng_btsocket_listen */ 875 876 /* 877 * Get peer address 878 */ 879 880 int 881 ng_btsocket_rfcomm_peeraddr(struct socket *so, struct sockaddr **nam) 882 { 883 ng_btsocket_rfcomm_pcb_p pcb = so2rfcomm_pcb(so); 884 struct sockaddr_rfcomm sa; 885 886 if (pcb == NULL) 887 return (EINVAL); 888 889 bcopy(&pcb->dst, &sa.rfcomm_bdaddr, sizeof(sa.rfcomm_bdaddr)); 890 sa.rfcomm_channel = pcb->channel; 891 sa.rfcomm_len = sizeof(sa); 892 sa.rfcomm_family = AF_BLUETOOTH; 893 894 *nam = sodupsockaddr((struct sockaddr *) &sa, M_NOWAIT); 895 896 return ((*nam == NULL)? ENOMEM : 0); 897 } /* ng_btsocket_rfcomm_peeraddr */ 898 899 /* 900 * Send data to socket 901 */ 902 903 int 904 ng_btsocket_rfcomm_send(struct socket *so, int flags, struct mbuf *m, 905 struct sockaddr *nam, struct mbuf *control, struct thread *td) 906 { 907 ng_btsocket_rfcomm_pcb_t *pcb = so2rfcomm_pcb(so); 908 int error = 0; 909 910 /* Check socket and input */ 911 if (pcb == NULL || m == NULL || control != NULL) { 912 error = EINVAL; 913 goto drop; 914 } 915 916 mtx_lock(&pcb->pcb_mtx); 917 918 /* Make sure DLC is connected */ 919 if (pcb->state != NG_BTSOCKET_RFCOMM_DLC_CONNECTED) { 920 mtx_unlock(&pcb->pcb_mtx); 921 error = ENOTCONN; 922 goto drop; 923 } 924 925 /* Put the packet on the socket's send queue and wakeup RFCOMM task */ 926 sbappend(&pcb->so->so_snd, m); 927 m = NULL; 928 929 if (!(pcb->flags & NG_BTSOCKET_RFCOMM_DLC_SENDING)) { 930 pcb->flags |= NG_BTSOCKET_RFCOMM_DLC_SENDING; 931 error = ng_btsocket_rfcomm_task_wakeup(); 932 } 933 934 mtx_unlock(&pcb->pcb_mtx); 935 drop: 936 NG_FREE_M(m); /* checks for != NULL */ 937 NG_FREE_M(control); 938 939 return (error); 940 } /* ng_btsocket_rfcomm_send */ 941 942 /* 943 * Get socket address 944 */ 945 946 int 947 ng_btsocket_rfcomm_sockaddr(struct socket *so, struct sockaddr **nam) 948 { 949 ng_btsocket_rfcomm_pcb_p pcb = so2rfcomm_pcb(so); 950 struct sockaddr_rfcomm sa; 951 952 if (pcb == NULL) 953 return (EINVAL); 954 955 bcopy(&pcb->src, &sa.rfcomm_bdaddr, sizeof(sa.rfcomm_bdaddr)); 956 sa.rfcomm_channel = pcb->channel; 957 sa.rfcomm_len = sizeof(sa); 958 sa.rfcomm_family = AF_BLUETOOTH; 959 960 *nam = sodupsockaddr((struct sockaddr *) &sa, M_NOWAIT); 961 962 return ((*nam == NULL)? ENOMEM : 0); 963 } /* ng_btsocket_rfcomm_sockaddr */ 964 965 /* 966 * Upcall function for L2CAP sockets. Enqueue RFCOMM task. 967 */ 968 969 static void 970 ng_btsocket_rfcomm_upcall(struct socket *so, void *arg, int waitflag) 971 { 972 int error; 973 974 if (so == NULL) 975 panic("%s: so == NULL\n", __func__); 976 977 if ((error = ng_btsocket_rfcomm_task_wakeup()) != 0) 978 NG_BTSOCKET_RFCOMM_ALERT( 979 "%s: Could not enqueue RFCOMM task, error=%d\n", __func__, error); 980 } /* ng_btsocket_rfcomm_upcall */ 981 982 /* 983 * RFCOMM task. Will handle all RFCOMM sessions in one pass. 984 * XXX FIXME does not scale very well 985 */ 986 987 static void 988 ng_btsocket_rfcomm_sessions_task(void *ctx, int pending) 989 { 990 ng_btsocket_rfcomm_session_p s = NULL, s_next = NULL; 991 992 mtx_lock(&ng_btsocket_rfcomm_sessions_mtx); 993 994 for (s = LIST_FIRST(&ng_btsocket_rfcomm_sessions); s != NULL; ) { 995 mtx_lock(&s->session_mtx); 996 s_next = LIST_NEXT(s, next); 997 998 ng_btsocket_rfcomm_session_task(s); 999 1000 if (s->state == NG_BTSOCKET_RFCOMM_SESSION_CLOSED) { 1001 /* Unlink and clean the session */ 1002 LIST_REMOVE(s, next); 1003 1004 NG_BT_MBUFQ_DRAIN(&s->outq); 1005 if (!LIST_EMPTY(&s->dlcs)) 1006 panic("%s: DLC list is not empty\n", __func__); 1007 1008 /* Close L2CAP socket */ 1009 s->l2so->so_upcallarg = NULL; 1010 s->l2so->so_upcall = NULL; 1011 SOCKBUF_LOCK(&s->l2so->so_rcv); 1012 s->l2so->so_rcv.sb_flags &= ~SB_UPCALL; 1013 SOCKBUF_UNLOCK(&s->l2so->so_rcv); 1014 SOCKBUF_LOCK(&s->l2so->so_snd); 1015 s->l2so->so_snd.sb_flags &= ~SB_UPCALL; 1016 SOCKBUF_UNLOCK(&s->l2so->so_snd); 1017 soclose(s->l2so); 1018 1019 mtx_unlock(&s->session_mtx); 1020 1021 mtx_destroy(&s->session_mtx); 1022 bzero(s, sizeof(*s)); 1023 FREE(s, M_NETGRAPH_BTSOCKET_RFCOMM); 1024 } else 1025 mtx_unlock(&s->session_mtx); 1026 1027 s = s_next; 1028 } 1029 1030 mtx_unlock(&ng_btsocket_rfcomm_sessions_mtx); 1031 } /* ng_btsocket_rfcomm_sessions_task */ 1032 1033 /* 1034 * Process RFCOMM session. Will handle all RFCOMM sockets in one pass. 1035 */ 1036 1037 static void 1038 ng_btsocket_rfcomm_session_task(ng_btsocket_rfcomm_session_p s) 1039 { 1040 mtx_assert(&s->session_mtx, MA_OWNED); 1041 1042 if (s->l2so->so_rcv.sb_state & SBS_CANTRCVMORE) { 1043 NG_BTSOCKET_RFCOMM_INFO( 1044 "%s: L2CAP connection has been terminated, so=%p, so_state=%#x, so_count=%d, " \ 1045 "state=%d, flags=%#x\n", __func__, s->l2so, s->l2so->so_state, 1046 s->l2so->so_count, s->state, s->flags); 1047 1048 s->state = NG_BTSOCKET_RFCOMM_SESSION_CLOSED; 1049 ng_btsocket_rfcomm_session_clean(s); 1050 } 1051 1052 /* Now process upcall */ 1053 switch (s->state) { 1054 /* Try to accept new L2CAP connection(s) */ 1055 case NG_BTSOCKET_RFCOMM_SESSION_LISTENING: 1056 while (ng_btsocket_rfcomm_session_accept(s) == 0) 1057 ; 1058 break; 1059 1060 /* Process the results of the L2CAP connect */ 1061 case NG_BTSOCKET_RFCOMM_SESSION_CONNECTING: 1062 ng_btsocket_rfcomm_session_process_pcb(s); 1063 1064 if (ng_btsocket_rfcomm_session_connect(s) != 0) { 1065 s->state = NG_BTSOCKET_RFCOMM_SESSION_CLOSED; 1066 ng_btsocket_rfcomm_session_clean(s); 1067 } 1068 break; 1069 1070 /* Try to receive/send more data */ 1071 case NG_BTSOCKET_RFCOMM_SESSION_CONNECTED: 1072 case NG_BTSOCKET_RFCOMM_SESSION_OPEN: 1073 case NG_BTSOCKET_RFCOMM_SESSION_DISCONNECTING: 1074 ng_btsocket_rfcomm_session_process_pcb(s); 1075 1076 if (ng_btsocket_rfcomm_session_receive(s) != 0) { 1077 s->state = NG_BTSOCKET_RFCOMM_SESSION_CLOSED; 1078 ng_btsocket_rfcomm_session_clean(s); 1079 } else if (ng_btsocket_rfcomm_session_send(s) != 0) { 1080 s->state = NG_BTSOCKET_RFCOMM_SESSION_CLOSED; 1081 ng_btsocket_rfcomm_session_clean(s); 1082 } 1083 break; 1084 1085 case NG_BTSOCKET_RFCOMM_SESSION_CLOSED: 1086 break; 1087 1088 default: 1089 panic("%s: Invalid session state=%d, flags=%#x\n", 1090 __func__, s->state, s->flags); 1091 break; 1092 } 1093 } /* ng_btsocket_rfcomm_session_task */ 1094 1095 /* 1096 * Process RFCOMM connection indicator. Caller must hold s->session_mtx 1097 */ 1098 1099 static ng_btsocket_rfcomm_pcb_p 1100 ng_btsocket_rfcomm_connect_ind(ng_btsocket_rfcomm_session_p s, int channel) 1101 { 1102 ng_btsocket_rfcomm_pcb_p pcb = NULL, pcb1 = NULL; 1103 ng_btsocket_l2cap_pcb_p l2pcb = NULL; 1104 struct socket *so1 = NULL; 1105 1106 mtx_assert(&s->session_mtx, MA_OWNED); 1107 1108 /* 1109 * Try to find RFCOMM socket that listens on given source address 1110 * and channel. This will return the best possible match. 1111 */ 1112 1113 l2pcb = so2l2cap_pcb(s->l2so); 1114 pcb = ng_btsocket_rfcomm_pcb_listener(&l2pcb->src, channel); 1115 if (pcb == NULL) 1116 return (NULL); 1117 1118 /* 1119 * Check the pending connections queue and if we have space then 1120 * create new socket and set proper source and destination address, 1121 * and channel. 1122 */ 1123 1124 mtx_lock(&pcb->pcb_mtx); 1125 1126 if (pcb->so->so_qlen <= pcb->so->so_qlimit) 1127 so1 = sonewconn(pcb->so, 0); 1128 1129 mtx_unlock(&pcb->pcb_mtx); 1130 1131 if (so1 == NULL) 1132 return (NULL); 1133 1134 /* 1135 * If we got here than we have created new socket. So complete the 1136 * connection. Set source and destination address from the session. 1137 */ 1138 1139 pcb1 = so2rfcomm_pcb(so1); 1140 if (pcb1 == NULL) 1141 panic("%s: pcb1 == NULL\n", __func__); 1142 1143 mtx_lock(&pcb1->pcb_mtx); 1144 1145 bcopy(&l2pcb->src, &pcb1->src, sizeof(pcb1->src)); 1146 bcopy(&l2pcb->dst, &pcb1->dst, sizeof(pcb1->dst)); 1147 pcb1->channel = channel; 1148 1149 /* Link new DLC to the session. We already hold s->session_mtx */ 1150 LIST_INSERT_HEAD(&s->dlcs, pcb1, session_next); 1151 pcb1->session = s; 1152 1153 mtx_unlock(&pcb1->pcb_mtx); 1154 1155 return (pcb1); 1156 } /* ng_btsocket_rfcomm_connect_ind */ 1157 1158 /* 1159 * Process RFCOMM connect confirmation. Caller must hold s->session_mtx. 1160 */ 1161 1162 static void 1163 ng_btsocket_rfcomm_connect_cfm(ng_btsocket_rfcomm_session_p s) 1164 { 1165 ng_btsocket_rfcomm_pcb_p pcb = NULL, pcb_next = NULL; 1166 int error; 1167 1168 mtx_assert(&s->session_mtx, MA_OWNED); 1169 1170 /* 1171 * Wake up all waiting sockets and send PN request for each of them. 1172 * Note that timeout already been set in ng_btsocket_rfcomm_connect() 1173 * 1174 * Note: cannot use LIST_FOREACH because ng_btsocket_rfcomm_pcb_kill 1175 * will unlink DLC from the session 1176 */ 1177 1178 for (pcb = LIST_FIRST(&s->dlcs); pcb != NULL; ) { 1179 mtx_lock(&pcb->pcb_mtx); 1180 pcb_next = LIST_NEXT(pcb, session_next); 1181 1182 if (pcb->state == NG_BTSOCKET_RFCOMM_DLC_W4_CONNECT) { 1183 pcb->mtu = s->mtu; 1184 bcopy(&so2l2cap_pcb(s->l2so)->src, &pcb->src, 1185 sizeof(pcb->src)); 1186 1187 error = ng_btsocket_rfcomm_send_pn(pcb); 1188 if (error == 0) 1189 pcb->state = NG_BTSOCKET_RFCOMM_DLC_CONFIGURING; 1190 else 1191 ng_btsocket_rfcomm_pcb_kill(pcb, error); 1192 } 1193 1194 mtx_unlock(&pcb->pcb_mtx); 1195 pcb = pcb_next; 1196 } 1197 } /* ng_btsocket_rfcomm_connect_cfm */ 1198 1199 /***************************************************************************** 1200 ***************************************************************************** 1201 ** RFCOMM sessions 1202 ***************************************************************************** 1203 *****************************************************************************/ 1204 1205 /* 1206 * Create new RFCOMM session. That function WILL NOT take ownership over l2so. 1207 * Caller MUST free l2so if function failed. 1208 */ 1209 1210 static int 1211 ng_btsocket_rfcomm_session_create(ng_btsocket_rfcomm_session_p *sp, 1212 struct socket *l2so, bdaddr_p src, bdaddr_p dst, 1213 struct thread *td) 1214 { 1215 ng_btsocket_rfcomm_session_p s = NULL; 1216 struct sockaddr_l2cap l2sa; 1217 struct sockopt l2sopt; 1218 int error; 1219 u_int16_t mtu; 1220 1221 mtx_assert(&ng_btsocket_rfcomm_sessions_mtx, MA_OWNED); 1222 1223 /* Allocate the RFCOMM session */ 1224 MALLOC(s, ng_btsocket_rfcomm_session_p, sizeof(*s), 1225 M_NETGRAPH_BTSOCKET_RFCOMM, M_NOWAIT | M_ZERO); 1226 if (s == NULL) 1227 return (ENOMEM); 1228 1229 /* Set defaults */ 1230 s->mtu = RFCOMM_DEFAULT_MTU; 1231 s->flags = 0; 1232 s->state = NG_BTSOCKET_RFCOMM_SESSION_CLOSED; 1233 NG_BT_MBUFQ_INIT(&s->outq, ifqmaxlen); 1234 1235 /* 1236 * XXX Mark session mutex as DUPOK to prevent "duplicated lock of 1237 * the same type" message. When accepting new L2CAP connection 1238 * ng_btsocket_rfcomm_session_accept() holds both session mutexes 1239 * for "old" (accepting) session and "new" (created) session. 1240 */ 1241 1242 mtx_init(&s->session_mtx, "btsocks_rfcomm_session_mtx", NULL, 1243 MTX_DEF|MTX_DUPOK); 1244 1245 LIST_INIT(&s->dlcs); 1246 1247 /* Prepare L2CAP socket */ 1248 l2so->so_upcallarg = NULL; 1249 l2so->so_upcall = ng_btsocket_rfcomm_upcall; 1250 SOCKBUF_LOCK(&l2so->so_rcv); 1251 l2so->so_rcv.sb_flags |= SB_UPCALL; 1252 SOCKBUF_UNLOCK(&l2so->so_rcv); 1253 SOCKBUF_LOCK(&l2so->so_snd); 1254 l2so->so_snd.sb_flags |= SB_UPCALL; 1255 SOCKBUF_UNLOCK(&l2so->so_snd); 1256 l2so->so_state |= SS_NBIO; 1257 s->l2so = l2so; 1258 1259 mtx_lock(&s->session_mtx); 1260 1261 /* 1262 * "src" == NULL and "dst" == NULL means just create session. 1263 * caller must do the rest 1264 */ 1265 1266 if (src == NULL && dst == NULL) 1267 goto done; 1268 1269 /* 1270 * Set incoming MTU on L2CAP socket. It is RFCOMM session default MTU 1271 * plus 5 bytes: RFCOMM frame header, one extra byte for length and one 1272 * extra byte for credits. 1273 */ 1274 1275 mtu = s->mtu + sizeof(struct rfcomm_frame_hdr) + 1 + 1; 1276 1277 l2sopt.sopt_dir = SOPT_SET; 1278 l2sopt.sopt_level = SOL_L2CAP; 1279 l2sopt.sopt_name = SO_L2CAP_IMTU; 1280 l2sopt.sopt_val = (void *) &mtu; 1281 l2sopt.sopt_valsize = sizeof(mtu); 1282 l2sopt.sopt_td = NULL; 1283 1284 error = sosetopt(s->l2so, &l2sopt); 1285 if (error != 0) 1286 goto bad; 1287 1288 /* Bind socket to "src" address */ 1289 l2sa.l2cap_len = sizeof(l2sa); 1290 l2sa.l2cap_family = AF_BLUETOOTH; 1291 l2sa.l2cap_psm = (dst == NULL)? htole16(NG_L2CAP_PSM_RFCOMM) : 0; 1292 bcopy(src, &l2sa.l2cap_bdaddr, sizeof(l2sa.l2cap_bdaddr)); 1293 1294 error = sobind(s->l2so, (struct sockaddr *) &l2sa, td); 1295 if (error != 0) 1296 goto bad; 1297 1298 /* If "dst" is not NULL then initiate connect(), otherwise listen() */ 1299 if (dst == NULL) { 1300 s->flags = 0; 1301 s->state = NG_BTSOCKET_RFCOMM_SESSION_LISTENING; 1302 1303 error = solisten(s->l2so, 10, td); 1304 if (error != 0) 1305 goto bad; 1306 } else { 1307 s->flags = NG_BTSOCKET_RFCOMM_SESSION_INITIATOR; 1308 s->state = NG_BTSOCKET_RFCOMM_SESSION_CONNECTING; 1309 1310 l2sa.l2cap_len = sizeof(l2sa); 1311 l2sa.l2cap_family = AF_BLUETOOTH; 1312 l2sa.l2cap_psm = htole16(NG_L2CAP_PSM_RFCOMM); 1313 bcopy(dst, &l2sa.l2cap_bdaddr, sizeof(l2sa.l2cap_bdaddr)); 1314 1315 error = soconnect(s->l2so, (struct sockaddr *) &l2sa, td); 1316 if (error != 0) 1317 goto bad; 1318 } 1319 1320 done: 1321 LIST_INSERT_HEAD(&ng_btsocket_rfcomm_sessions, s, next); 1322 *sp = s; 1323 1324 mtx_unlock(&s->session_mtx); 1325 1326 return (0); 1327 1328 bad: 1329 mtx_unlock(&s->session_mtx); 1330 1331 /* Return L2CAP socket back to its original state */ 1332 l2so->so_upcallarg = NULL; 1333 l2so->so_upcall = NULL; 1334 SOCKBUF_LOCK(&l2so->so_rcv); 1335 l2so->so_rcv.sb_flags &= ~SB_UPCALL; 1336 SOCKBUF_UNLOCK(&l2so->so_rcv); 1337 SOCKBUF_LOCK(&l2so->so_snd); 1338 l2so->so_snd.sb_flags &= ~SB_UPCALL; 1339 SOCKBUF_UNLOCK(&l2so->so_snd); 1340 l2so->so_state &= ~SS_NBIO; 1341 1342 mtx_destroy(&s->session_mtx); 1343 bzero(s, sizeof(*s)); 1344 FREE(s, M_NETGRAPH_BTSOCKET_RFCOMM); 1345 1346 return (error); 1347 } /* ng_btsocket_rfcomm_session_create */ 1348 1349 /* 1350 * Process accept() on RFCOMM session 1351 * XXX FIXME locking for "l2so"? 1352 */ 1353 1354 static int 1355 ng_btsocket_rfcomm_session_accept(ng_btsocket_rfcomm_session_p s0) 1356 { 1357 struct socket *l2so = NULL; 1358 struct sockaddr_l2cap *l2sa = NULL; 1359 ng_btsocket_l2cap_pcb_t *l2pcb = NULL; 1360 ng_btsocket_rfcomm_session_p s = NULL; 1361 int error = 0; 1362 1363 mtx_assert(&ng_btsocket_rfcomm_sessions_mtx, MA_OWNED); 1364 mtx_assert(&s0->session_mtx, MA_OWNED); 1365 1366 /* Check if there is a complete L2CAP connection in the queue */ 1367 if ((error = s0->l2so->so_error) != 0) { 1368 NG_BTSOCKET_RFCOMM_ERR( 1369 "%s: Could not accept connection on L2CAP socket, error=%d\n", __func__, error); 1370 s0->l2so->so_error = 0; 1371 1372 return (error); 1373 } 1374 1375 ACCEPT_LOCK(); 1376 if (TAILQ_EMPTY(&s0->l2so->so_comp)) { 1377 ACCEPT_UNLOCK(); 1378 if (s0->l2so->so_rcv.sb_state & SBS_CANTRCVMORE) 1379 return (ECONNABORTED); 1380 return (EWOULDBLOCK); 1381 } 1382 1383 /* Accept incoming L2CAP connection */ 1384 l2so = TAILQ_FIRST(&s0->l2so->so_comp); 1385 if (l2so == NULL) 1386 panic("%s: l2so == NULL\n", __func__); 1387 1388 TAILQ_REMOVE(&s0->l2so->so_comp, l2so, so_list); 1389 s0->l2so->so_qlen --; 1390 l2so->so_qstate &= ~SQ_COMP; 1391 l2so->so_head = NULL; 1392 SOCK_LOCK(l2so); 1393 soref(l2so); 1394 l2so->so_state |= SS_NBIO; 1395 SOCK_UNLOCK(l2so); 1396 ACCEPT_UNLOCK(); 1397 1398 error = soaccept(l2so, (struct sockaddr **) &l2sa); 1399 if (error != 0) { 1400 NG_BTSOCKET_RFCOMM_ERR( 1401 "%s: soaccept() on L2CAP socket failed, error=%d\n", __func__, error); 1402 soclose(l2so); 1403 1404 return (error); 1405 } 1406 1407 /* 1408 * Check if there is already active RFCOMM session between two devices. 1409 * If so then close L2CAP connection. We only support one RFCOMM session 1410 * between each pair of devices. Note that here we assume session in any 1411 * state. The session even could be in the middle of disconnecting. 1412 */ 1413 1414 l2pcb = so2l2cap_pcb(l2so); 1415 s = ng_btsocket_rfcomm_session_by_addr(&l2pcb->src, &l2pcb->dst); 1416 if (s == NULL) { 1417 /* Create a new RFCOMM session */ 1418 error = ng_btsocket_rfcomm_session_create(&s, l2so, NULL, NULL, 1419 curthread /* XXX */); 1420 if (error == 0) { 1421 mtx_lock(&s->session_mtx); 1422 1423 s->flags = 0; 1424 s->state = NG_BTSOCKET_RFCOMM_SESSION_CONNECTED; 1425 1426 /* 1427 * Adjust MTU on incomming connection. Reserve 5 bytes: 1428 * RFCOMM frame header, one extra byte for length and 1429 * one extra byte for credits. 1430 */ 1431 1432 s->mtu = min(l2pcb->imtu, l2pcb->omtu) - 1433 sizeof(struct rfcomm_frame_hdr) - 1 - 1; 1434 1435 mtx_unlock(&s->session_mtx); 1436 } else { 1437 NG_BTSOCKET_RFCOMM_ALERT( 1438 "%s: Failed to create new RFCOMM session, error=%d\n", __func__, error); 1439 1440 soclose(l2so); 1441 } 1442 } else { 1443 NG_BTSOCKET_RFCOMM_WARN( 1444 "%s: Rejecting duplicating RFCOMM session between src=%x:%x:%x:%x:%x:%x and " \ 1445 "dst=%x:%x:%x:%x:%x:%x, state=%d, flags=%#x\n", __func__, 1446 l2pcb->src.b[5], l2pcb->src.b[4], l2pcb->src.b[3], 1447 l2pcb->src.b[2], l2pcb->src.b[1], l2pcb->src.b[0], 1448 l2pcb->dst.b[5], l2pcb->dst.b[4], l2pcb->dst.b[3], 1449 l2pcb->dst.b[2], l2pcb->dst.b[1], l2pcb->dst.b[0], 1450 s->state, s->flags); 1451 1452 error = EBUSY; 1453 soclose(l2so); 1454 } 1455 1456 return (error); 1457 } /* ng_btsocket_rfcomm_session_accept */ 1458 1459 /* 1460 * Process connect() on RFCOMM session 1461 * XXX FIXME locking for "l2so"? 1462 */ 1463 1464 static int 1465 ng_btsocket_rfcomm_session_connect(ng_btsocket_rfcomm_session_p s) 1466 { 1467 ng_btsocket_l2cap_pcb_p l2pcb = so2l2cap_pcb(s->l2so); 1468 int error; 1469 1470 mtx_assert(&s->session_mtx, MA_OWNED); 1471 1472 /* First check if connection has failed */ 1473 if ((error = s->l2so->so_error) != 0) { 1474 s->l2so->so_error = 0; 1475 1476 NG_BTSOCKET_RFCOMM_ERR( 1477 "%s: Could not connect RFCOMM session, error=%d, state=%d, flags=%#x\n", 1478 __func__, error, s->state, s->flags); 1479 1480 return (error); 1481 } 1482 1483 /* Is connection still in progress? */ 1484 if (s->l2so->so_state & SS_ISCONNECTING) 1485 return (0); 1486 1487 /* 1488 * If we got here then we are connected. Send SABM on DLCI 0 to 1489 * open multiplexor channel. 1490 */ 1491 1492 if (error == 0) { 1493 s->state = NG_BTSOCKET_RFCOMM_SESSION_CONNECTED; 1494 1495 /* 1496 * Adjust MTU on outgoing connection. Reserve 5 bytes: RFCOMM 1497 * frame header, one extra byte for length and one extra byte 1498 * for credits. 1499 */ 1500 1501 s->mtu = min(l2pcb->imtu, l2pcb->omtu) - 1502 sizeof(struct rfcomm_frame_hdr) - 1 - 1; 1503 1504 error = ng_btsocket_rfcomm_send_command(s,RFCOMM_FRAME_SABM,0); 1505 if (error == 0) 1506 error = ng_btsocket_rfcomm_task_wakeup(); 1507 } 1508 1509 return (error); 1510 }/* ng_btsocket_rfcomm_session_connect */ 1511 1512 /* 1513 * Receive data on RFCOMM session 1514 * XXX FIXME locking for "l2so"? 1515 */ 1516 1517 static int 1518 ng_btsocket_rfcomm_session_receive(ng_btsocket_rfcomm_session_p s) 1519 { 1520 struct mbuf *m = NULL; 1521 struct uio uio; 1522 int more, flags, error; 1523 1524 mtx_assert(&s->session_mtx, MA_OWNED); 1525 1526 /* Can we read from the L2CAP socket? */ 1527 if (!soreadable(s->l2so)) 1528 return (0); 1529 1530 /* First check for error on L2CAP socket */ 1531 if ((error = s->l2so->so_error) != 0) { 1532 s->l2so->so_error = 0; 1533 1534 NG_BTSOCKET_RFCOMM_ERR( 1535 "%s: Could not receive data from L2CAP socket, error=%d, state=%d, flags=%#x\n", 1536 __func__, error, s->state, s->flags); 1537 1538 return (error); 1539 } 1540 1541 /* 1542 * Read all packets from the L2CAP socket. 1543 * XXX FIXME/VERIFY is that correct? For now use m->m_nextpkt as 1544 * indication that there is more packets on the socket's buffer. 1545 * Also what should we use in uio.uio_resid? 1546 * May be s->mtu + sizeof(struct rfcomm_frame_hdr) + 1 + 1? 1547 */ 1548 1549 for (more = 1; more; ) { 1550 /* Try to get next packet from socket */ 1551 bzero(&uio, sizeof(uio)); 1552 /* uio.uio_td = NULL; */ 1553 uio.uio_resid = 1000000000; 1554 flags = MSG_DONTWAIT; 1555 1556 m = NULL; 1557 error = soreceive(s->l2so, NULL, &uio, &m, 1558 (struct mbuf **) NULL, &flags); 1559 if (error != 0) { 1560 if (error == EWOULDBLOCK) 1561 return (0); /* XXX can happen? */ 1562 1563 NG_BTSOCKET_RFCOMM_ERR( 1564 "%s: Could not receive data from L2CAP socket, error=%d\n", __func__, error); 1565 1566 return (error); 1567 } 1568 1569 more = (m->m_nextpkt != NULL); 1570 m->m_nextpkt = NULL; 1571 1572 ng_btsocket_rfcomm_receive_frame(s, m); 1573 } 1574 1575 return (0); 1576 } /* ng_btsocket_rfcomm_session_receive */ 1577 1578 /* 1579 * Send data on RFCOMM session 1580 * XXX FIXME locking for "l2so"? 1581 */ 1582 1583 static int 1584 ng_btsocket_rfcomm_session_send(ng_btsocket_rfcomm_session_p s) 1585 { 1586 struct mbuf *m = NULL; 1587 int error; 1588 1589 mtx_assert(&s->session_mtx, MA_OWNED); 1590 1591 /* Send as much as we can from the session queue */ 1592 while (sowriteable(s->l2so)) { 1593 /* Check if socket still OK */ 1594 if ((error = s->l2so->so_error) != 0) { 1595 s->l2so->so_error = 0; 1596 1597 NG_BTSOCKET_RFCOMM_ERR( 1598 "%s: Detected error=%d on L2CAP socket, state=%d, flags=%#x\n", 1599 __func__, error, s->state, s->flags); 1600 1601 return (error); 1602 } 1603 1604 NG_BT_MBUFQ_DEQUEUE(&s->outq, m); 1605 if (m == NULL) 1606 return (0); /* we are done */ 1607 1608 /* Call send function on the L2CAP socket */ 1609 error = (*s->l2so->so_proto->pr_usrreqs->pru_send)(s->l2so, 1610 0, m, NULL, NULL, curthread /* XXX */); 1611 if (error != 0) { 1612 NG_BTSOCKET_RFCOMM_ERR( 1613 "%s: Could not send data to L2CAP socket, error=%d\n", __func__, error); 1614 1615 return (error); 1616 } 1617 } 1618 1619 return (0); 1620 } /* ng_btsocket_rfcomm_session_send */ 1621 1622 /* 1623 * Close and disconnect all DLCs for the given session. Caller must hold 1624 * s->sesson_mtx. Will wakeup session. 1625 */ 1626 1627 static void 1628 ng_btsocket_rfcomm_session_clean(ng_btsocket_rfcomm_session_p s) 1629 { 1630 ng_btsocket_rfcomm_pcb_p pcb = NULL, pcb_next = NULL; 1631 int error; 1632 1633 mtx_assert(&s->session_mtx, MA_OWNED); 1634 1635 /* 1636 * Note: cannot use LIST_FOREACH because ng_btsocket_rfcomm_pcb_kill 1637 * will unlink DLC from the session 1638 */ 1639 1640 for (pcb = LIST_FIRST(&s->dlcs); pcb != NULL; ) { 1641 mtx_lock(&pcb->pcb_mtx); 1642 pcb_next = LIST_NEXT(pcb, session_next); 1643 1644 NG_BTSOCKET_RFCOMM_INFO( 1645 "%s: Disconnecting dlci=%d, state=%d, flags=%#x\n", 1646 __func__, pcb->dlci, pcb->state, pcb->flags); 1647 1648 if (pcb->state == NG_BTSOCKET_RFCOMM_DLC_CONNECTED) 1649 error = ECONNRESET; 1650 else 1651 error = ECONNREFUSED; 1652 1653 ng_btsocket_rfcomm_pcb_kill(pcb, error); 1654 1655 mtx_unlock(&pcb->pcb_mtx); 1656 pcb = pcb_next; 1657 } 1658 } /* ng_btsocket_rfcomm_session_clean */ 1659 1660 /* 1661 * Process all DLCs on the session. Caller MUST hold s->session_mtx. 1662 */ 1663 1664 static void 1665 ng_btsocket_rfcomm_session_process_pcb(ng_btsocket_rfcomm_session_p s) 1666 { 1667 ng_btsocket_rfcomm_pcb_p pcb = NULL, pcb_next = NULL; 1668 int error; 1669 1670 mtx_assert(&s->session_mtx, MA_OWNED); 1671 1672 /* 1673 * Note: cannot use LIST_FOREACH because ng_btsocket_rfcomm_pcb_kill 1674 * will unlink DLC from the session 1675 */ 1676 1677 for (pcb = LIST_FIRST(&s->dlcs); pcb != NULL; ) { 1678 mtx_lock(&pcb->pcb_mtx); 1679 pcb_next = LIST_NEXT(pcb, session_next); 1680 1681 switch (pcb->state) { 1682 1683 /* 1684 * If DLC in W4_CONNECT state then we should check for both 1685 * timeout and detach. 1686 */ 1687 1688 case NG_BTSOCKET_RFCOMM_DLC_W4_CONNECT: 1689 if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_DETACHED) 1690 ng_btsocket_rfcomm_pcb_kill(pcb, 0); 1691 else if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_TIMEDOUT) 1692 ng_btsocket_rfcomm_pcb_kill(pcb, ETIMEDOUT); 1693 break; 1694 1695 /* 1696 * If DLC in CONFIGURING or CONNECTING state then we only 1697 * should check for timeout. If detach() was called then 1698 * DLC will be moved into DISCONNECTING state. 1699 */ 1700 1701 case NG_BTSOCKET_RFCOMM_DLC_CONFIGURING: 1702 case NG_BTSOCKET_RFCOMM_DLC_CONNECTING: 1703 if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_TIMEDOUT) 1704 ng_btsocket_rfcomm_pcb_kill(pcb, ETIMEDOUT); 1705 break; 1706 1707 /* 1708 * If DLC in CONNECTED state then we need to send data (if any) 1709 * from the socket's send queue. Note that we will send data 1710 * from either all sockets or none. This may overload session's 1711 * outgoing queue (but we do not check for that). 1712 * 1713 * XXX FIXME need scheduler for RFCOMM sockets 1714 */ 1715 1716 case NG_BTSOCKET_RFCOMM_DLC_CONNECTED: 1717 error = ng_btsocket_rfcomm_pcb_send(pcb, ALOT); 1718 if (error != 0) 1719 ng_btsocket_rfcomm_pcb_kill(pcb, error); 1720 break; 1721 1722 /* 1723 * If DLC in DISCONNECTING state then we must send DISC frame. 1724 * Note that if DLC has timeout set then we do not need to 1725 * resend DISC frame. 1726 * 1727 * XXX FIXME need to drain all data from the socket's queue 1728 * if LINGER option was set 1729 */ 1730 1731 case NG_BTSOCKET_RFCOMM_DLC_DISCONNECTING: 1732 if (!(pcb->flags & NG_BTSOCKET_RFCOMM_DLC_TIMO)) { 1733 error = ng_btsocket_rfcomm_send_command( 1734 pcb->session, RFCOMM_FRAME_DISC, 1735 pcb->dlci); 1736 if (error == 0) 1737 ng_btsocket_rfcomm_timeout(pcb); 1738 else 1739 ng_btsocket_rfcomm_pcb_kill(pcb, error); 1740 } else if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_TIMEDOUT) 1741 ng_btsocket_rfcomm_pcb_kill(pcb, ETIMEDOUT); 1742 break; 1743 1744 /* case NG_BTSOCKET_RFCOMM_DLC_CLOSED: */ 1745 default: 1746 panic("%s: Invalid DLC state=%d, flags=%#x\n", 1747 __func__, pcb->state, pcb->flags); 1748 break; 1749 } 1750 1751 mtx_unlock(&pcb->pcb_mtx); 1752 pcb = pcb_next; 1753 } 1754 } /* ng_btsocket_rfcomm_session_process_pcb */ 1755 1756 /* 1757 * Find RFCOMM session between "src" and "dst". 1758 * Caller MUST hold ng_btsocket_rfcomm_sessions_mtx. 1759 */ 1760 1761 static ng_btsocket_rfcomm_session_p 1762 ng_btsocket_rfcomm_session_by_addr(bdaddr_p src, bdaddr_p dst) 1763 { 1764 ng_btsocket_rfcomm_session_p s = NULL; 1765 ng_btsocket_l2cap_pcb_p l2pcb = NULL; 1766 int any_src; 1767 1768 mtx_assert(&ng_btsocket_rfcomm_sessions_mtx, MA_OWNED); 1769 1770 any_src = (bcmp(src, NG_HCI_BDADDR_ANY, sizeof(*src)) == 0); 1771 1772 LIST_FOREACH(s, &ng_btsocket_rfcomm_sessions, next) { 1773 l2pcb = so2l2cap_pcb(s->l2so); 1774 1775 if ((any_src || bcmp(&l2pcb->src, src, sizeof(*src)) == 0) && 1776 bcmp(&l2pcb->dst, dst, sizeof(*dst)) == 0) 1777 break; 1778 } 1779 1780 return (s); 1781 } /* ng_btsocket_rfcomm_session_by_addr */ 1782 1783 /***************************************************************************** 1784 ***************************************************************************** 1785 ** RFCOMM 1786 ***************************************************************************** 1787 *****************************************************************************/ 1788 1789 /* 1790 * Process incoming RFCOMM frame. Caller must hold s->session_mtx. 1791 * XXX FIXME check frame length 1792 */ 1793 1794 static int 1795 ng_btsocket_rfcomm_receive_frame(ng_btsocket_rfcomm_session_p s, 1796 struct mbuf *m0) 1797 { 1798 struct rfcomm_frame_hdr *hdr = NULL; 1799 struct mbuf *m = NULL; 1800 u_int16_t length; 1801 u_int8_t dlci, type; 1802 int error = 0; 1803 1804 mtx_assert(&s->session_mtx, MA_OWNED); 1805 1806 /* Pullup as much as we can into first mbuf (for direct access) */ 1807 length = min(m0->m_pkthdr.len, MHLEN); 1808 if (m0->m_len < length) { 1809 if ((m0 = m_pullup(m0, length)) == NULL) { 1810 NG_BTSOCKET_RFCOMM_ALERT( 1811 "%s: m_pullup(%d) failed\n", __func__, length); 1812 1813 return (ENOBUFS); 1814 } 1815 } 1816 1817 hdr = mtod(m0, struct rfcomm_frame_hdr *); 1818 dlci = RFCOMM_DLCI(hdr->address); 1819 type = RFCOMM_TYPE(hdr->control); 1820 1821 /* Test EA bit in length. If not set then we have 2 bytes of length */ 1822 if (!RFCOMM_EA(hdr->length)) { 1823 bcopy(&hdr->length, &length, sizeof(length)); 1824 length = le16toh(length) >> 1; 1825 m_adj(m0, sizeof(*hdr) + 1); 1826 } else { 1827 length = hdr->length >> 1; 1828 m_adj(m0, sizeof(*hdr)); 1829 } 1830 1831 NG_BTSOCKET_RFCOMM_INFO( 1832 "%s: Got frame type=%#x, dlci=%d, length=%d, cr=%d, pf=%d, len=%d\n", 1833 __func__, type, dlci, length, RFCOMM_CR(hdr->address), 1834 RFCOMM_PF(hdr->control), m0->m_pkthdr.len); 1835 1836 /* 1837 * Get FCS (the last byte in the frame) 1838 * XXX this will not work if mbuf chain ends with empty mbuf. 1839 * XXX let's hope it never happens :) 1840 */ 1841 1842 for (m = m0; m->m_next != NULL; m = m->m_next) 1843 ; 1844 if (m->m_len <= 0) 1845 panic("%s: Empty mbuf at the end of the chain, len=%d\n", 1846 __func__, m->m_len); 1847 1848 /* 1849 * Check FCS. We only need to calculate FCS on first 2 or 3 bytes 1850 * and already m_pullup'ed mbuf chain, so it should be safe. 1851 */ 1852 1853 if (ng_btsocket_rfcomm_check_fcs((u_int8_t *) hdr, type, m->m_data[m->m_len - 1])) { 1854 NG_BTSOCKET_RFCOMM_ERR( 1855 "%s: Invalid RFCOMM packet. Bad checksum\n", __func__); 1856 NG_FREE_M(m0); 1857 1858 return (EINVAL); 1859 } 1860 1861 m_adj(m0, -1); /* Trim FCS byte */ 1862 1863 /* 1864 * Process RFCOMM frame. 1865 * 1866 * From TS 07.10 spec 1867 * 1868 * "... In the case where a SABM or DISC command with the P bit set 1869 * to 0 is received then the received frame shall be discarded..." 1870 * 1871 * "... If a unsolicited DM response is received then the frame shall 1872 * be processed irrespective of the P/F setting... " 1873 * 1874 * "... The station may transmit response frames with the F bit set 1875 * to 0 at any opportunity on an asynchronous basis. However, in the 1876 * case where a UA response is received with the F bit set to 0 then 1877 * the received frame shall be discarded..." 1878 * 1879 * From Bluetooth spec 1880 * 1881 * "... When credit based flow control is being used, the meaning of 1882 * the P/F bit in the control field of the RFCOMM header is redefined 1883 * for UIH frames..." 1884 */ 1885 1886 switch (type) { 1887 case RFCOMM_FRAME_SABM: 1888 if (RFCOMM_PF(hdr->control)) 1889 error = ng_btsocket_rfcomm_receive_sabm(s, dlci); 1890 break; 1891 1892 case RFCOMM_FRAME_DISC: 1893 if (RFCOMM_PF(hdr->control)) 1894 error = ng_btsocket_rfcomm_receive_disc(s, dlci); 1895 break; 1896 1897 case RFCOMM_FRAME_UA: 1898 if (RFCOMM_PF(hdr->control)) 1899 error = ng_btsocket_rfcomm_receive_ua(s, dlci); 1900 break; 1901 1902 case RFCOMM_FRAME_DM: 1903 error = ng_btsocket_rfcomm_receive_dm(s, dlci); 1904 break; 1905 1906 case RFCOMM_FRAME_UIH: 1907 if (dlci == 0) 1908 error = ng_btsocket_rfcomm_receive_mcc(s, m0); 1909 else 1910 error = ng_btsocket_rfcomm_receive_uih(s, dlci, 1911 RFCOMM_PF(hdr->control), m0); 1912 1913 return (error); 1914 /* NOT REACHED */ 1915 1916 default: 1917 NG_BTSOCKET_RFCOMM_ERR( 1918 "%s: Invalid RFCOMM packet. Unknown type=%#x\n", __func__, type); 1919 error = EINVAL; 1920 break; 1921 } 1922 1923 NG_FREE_M(m0); 1924 1925 return (error); 1926 } /* ng_btsocket_rfcomm_receive_frame */ 1927 1928 /* 1929 * Process RFCOMM SABM frame 1930 */ 1931 1932 static int 1933 ng_btsocket_rfcomm_receive_sabm(ng_btsocket_rfcomm_session_p s, int dlci) 1934 { 1935 ng_btsocket_rfcomm_pcb_p pcb = NULL; 1936 int error = 0; 1937 1938 mtx_assert(&s->session_mtx, MA_OWNED); 1939 1940 NG_BTSOCKET_RFCOMM_INFO( 1941 "%s: Got SABM, session state=%d, flags=%#x, mtu=%d, dlci=%d\n", 1942 __func__, s->state, s->flags, s->mtu, dlci); 1943 1944 /* DLCI == 0 means open multiplexor channel */ 1945 if (dlci == 0) { 1946 switch (s->state) { 1947 case NG_BTSOCKET_RFCOMM_SESSION_CONNECTED: 1948 case NG_BTSOCKET_RFCOMM_SESSION_OPEN: 1949 error = ng_btsocket_rfcomm_send_command(s, 1950 RFCOMM_FRAME_UA, dlci); 1951 if (error == 0) { 1952 s->state = NG_BTSOCKET_RFCOMM_SESSION_OPEN; 1953 ng_btsocket_rfcomm_connect_cfm(s); 1954 } else { 1955 s->state = NG_BTSOCKET_RFCOMM_SESSION_CLOSED; 1956 ng_btsocket_rfcomm_session_clean(s); 1957 } 1958 break; 1959 1960 default: 1961 NG_BTSOCKET_RFCOMM_WARN( 1962 "%s: Got SABM for session in invalid state state=%d, flags=%#x\n", 1963 __func__, s->state, s->flags); 1964 error = EINVAL; 1965 break; 1966 } 1967 1968 return (error); 1969 } 1970 1971 /* Make sure multiplexor channel is open */ 1972 if (s->state != NG_BTSOCKET_RFCOMM_SESSION_OPEN) { 1973 NG_BTSOCKET_RFCOMM_ERR( 1974 "%s: Got SABM for dlci=%d with mulitplexor channel closed, state=%d, " \ 1975 "flags=%#x\n", __func__, dlci, s->state, s->flags); 1976 1977 return (EINVAL); 1978 } 1979 1980 /* 1981 * Check if we have this DLCI. This might happen when remote 1982 * peer uses PN command before actual open (SABM) happens. 1983 */ 1984 1985 pcb = ng_btsocket_rfcomm_pcb_by_dlci(s, dlci); 1986 if (pcb != NULL) { 1987 mtx_lock(&pcb->pcb_mtx); 1988 1989 if (pcb->state != NG_BTSOCKET_RFCOMM_DLC_CONNECTING) { 1990 NG_BTSOCKET_RFCOMM_ERR( 1991 "%s: Got SABM for dlci=%d in invalid state=%d, flags=%#x\n", 1992 __func__, dlci, pcb->state, pcb->flags); 1993 mtx_unlock(&pcb->pcb_mtx); 1994 1995 return (ENOENT); 1996 } 1997 1998 ng_btsocket_rfcomm_untimeout(pcb); 1999 2000 error = ng_btsocket_rfcomm_send_command(s,RFCOMM_FRAME_UA,dlci); 2001 if (error == 0) 2002 error = ng_btsocket_rfcomm_send_msc(pcb); 2003 2004 if (error == 0) { 2005 pcb->state = NG_BTSOCKET_RFCOMM_DLC_CONNECTED; 2006 soisconnected(pcb->so); 2007 } else 2008 ng_btsocket_rfcomm_pcb_kill(pcb, error); 2009 2010 mtx_unlock(&pcb->pcb_mtx); 2011 2012 return (error); 2013 } 2014 2015 /* 2016 * We do not have requested DLCI, so it must be an incoming connection 2017 * with default parameters. Try to accept it. 2018 */ 2019 2020 pcb = ng_btsocket_rfcomm_connect_ind(s, RFCOMM_SRVCHANNEL(dlci)); 2021 if (pcb != NULL) { 2022 mtx_lock(&pcb->pcb_mtx); 2023 2024 pcb->dlci = dlci; 2025 2026 error = ng_btsocket_rfcomm_send_command(s,RFCOMM_FRAME_UA,dlci); 2027 if (error == 0) 2028 error = ng_btsocket_rfcomm_send_msc(pcb); 2029 2030 if (error == 0) { 2031 pcb->state = NG_BTSOCKET_RFCOMM_DLC_CONNECTED; 2032 soisconnected(pcb->so); 2033 } else 2034 ng_btsocket_rfcomm_pcb_kill(pcb, error); 2035 2036 mtx_unlock(&pcb->pcb_mtx); 2037 } else 2038 /* Nobody is listen()ing on the requested DLCI */ 2039 error = ng_btsocket_rfcomm_send_command(s,RFCOMM_FRAME_DM,dlci); 2040 2041 return (error); 2042 } /* ng_btsocket_rfcomm_receive_sabm */ 2043 2044 /* 2045 * Process RFCOMM DISC frame 2046 */ 2047 2048 static int 2049 ng_btsocket_rfcomm_receive_disc(ng_btsocket_rfcomm_session_p s, int dlci) 2050 { 2051 ng_btsocket_rfcomm_pcb_p pcb = NULL; 2052 int error = 0; 2053 2054 mtx_assert(&s->session_mtx, MA_OWNED); 2055 2056 NG_BTSOCKET_RFCOMM_INFO( 2057 "%s: Got DISC, session state=%d, flags=%#x, mtu=%d, dlci=%d\n", 2058 __func__, s->state, s->flags, s->mtu, dlci); 2059 2060 /* DLCI == 0 means close multiplexor channel */ 2061 if (dlci == 0) { 2062 /* XXX FIXME assume that remote side will close the socket */ 2063 error = ng_btsocket_rfcomm_send_command(s, RFCOMM_FRAME_UA, 0); 2064 if (error == 0) { 2065 if (s->state == NG_BTSOCKET_RFCOMM_SESSION_DISCONNECTING) 2066 s->state = NG_BTSOCKET_RFCOMM_SESSION_CLOSED; /* XXX */ 2067 else 2068 s->state = NG_BTSOCKET_RFCOMM_SESSION_DISCONNECTING; 2069 } else 2070 s->state = NG_BTSOCKET_RFCOMM_SESSION_CLOSED; /* XXX */ 2071 2072 ng_btsocket_rfcomm_session_clean(s); 2073 } else { 2074 pcb = ng_btsocket_rfcomm_pcb_by_dlci(s, dlci); 2075 if (pcb != NULL) { 2076 int err; 2077 2078 mtx_lock(&pcb->pcb_mtx); 2079 2080 NG_BTSOCKET_RFCOMM_INFO( 2081 "%s: Got DISC for dlci=%d, state=%d, flags=%#x\n", 2082 __func__, dlci, pcb->state, pcb->flags); 2083 2084 error = ng_btsocket_rfcomm_send_command(s, 2085 RFCOMM_FRAME_UA, dlci); 2086 2087 if (pcb->state == NG_BTSOCKET_RFCOMM_DLC_CONNECTED) 2088 err = 0; 2089 else 2090 err = ECONNREFUSED; 2091 2092 ng_btsocket_rfcomm_pcb_kill(pcb, err); 2093 2094 mtx_unlock(&pcb->pcb_mtx); 2095 } else { 2096 NG_BTSOCKET_RFCOMM_WARN( 2097 "%s: Got DISC for non-existing dlci=%d\n", __func__, dlci); 2098 2099 error = ng_btsocket_rfcomm_send_command(s, 2100 RFCOMM_FRAME_DM, dlci); 2101 } 2102 } 2103 2104 return (error); 2105 } /* ng_btsocket_rfcomm_receive_disc */ 2106 2107 /* 2108 * Process RFCOMM UA frame 2109 */ 2110 2111 static int 2112 ng_btsocket_rfcomm_receive_ua(ng_btsocket_rfcomm_session_p s, int dlci) 2113 { 2114 ng_btsocket_rfcomm_pcb_p pcb = NULL; 2115 int error = 0; 2116 2117 mtx_assert(&s->session_mtx, MA_OWNED); 2118 2119 NG_BTSOCKET_RFCOMM_INFO( 2120 "%s: Got UA, session state=%d, flags=%#x, mtu=%d, dlci=%d\n", 2121 __func__, s->state, s->flags, s->mtu, dlci); 2122 2123 /* dlci == 0 means multiplexor channel */ 2124 if (dlci == 0) { 2125 switch (s->state) { 2126 case NG_BTSOCKET_RFCOMM_SESSION_CONNECTED: 2127 s->state = NG_BTSOCKET_RFCOMM_SESSION_OPEN; 2128 ng_btsocket_rfcomm_connect_cfm(s); 2129 break; 2130 2131 case NG_BTSOCKET_RFCOMM_SESSION_DISCONNECTING: 2132 s->state = NG_BTSOCKET_RFCOMM_SESSION_CLOSED; 2133 ng_btsocket_rfcomm_session_clean(s); 2134 break; 2135 2136 default: 2137 NG_BTSOCKET_RFCOMM_WARN( 2138 "%s: Got UA for session in invalid state=%d(%d), flags=%#x, mtu=%d\n", 2139 __func__, s->state, INITIATOR(s), s->flags, 2140 s->mtu); 2141 error = ENOENT; 2142 break; 2143 } 2144 2145 return (error); 2146 } 2147 2148 /* Check if we have this DLCI */ 2149 pcb = ng_btsocket_rfcomm_pcb_by_dlci(s, dlci); 2150 if (pcb != NULL) { 2151 mtx_lock(&pcb->pcb_mtx); 2152 2153 NG_BTSOCKET_RFCOMM_INFO( 2154 "%s: Got UA for dlci=%d, state=%d, flags=%#x\n", 2155 __func__, dlci, pcb->state, pcb->flags); 2156 2157 switch (pcb->state) { 2158 case NG_BTSOCKET_RFCOMM_DLC_CONNECTING: 2159 ng_btsocket_rfcomm_untimeout(pcb); 2160 2161 error = ng_btsocket_rfcomm_send_msc(pcb); 2162 if (error == 0) { 2163 pcb->state = NG_BTSOCKET_RFCOMM_DLC_CONNECTED; 2164 soisconnected(pcb->so); 2165 } 2166 break; 2167 2168 case NG_BTSOCKET_RFCOMM_DLC_DISCONNECTING: 2169 ng_btsocket_rfcomm_pcb_kill(pcb, 0); 2170 break; 2171 2172 default: 2173 NG_BTSOCKET_RFCOMM_WARN( 2174 "%s: Got UA for dlci=%d in invalid state=%d, flags=%#x\n", 2175 __func__, dlci, pcb->state, pcb->flags); 2176 error = ENOENT; 2177 break; 2178 } 2179 2180 mtx_unlock(&pcb->pcb_mtx); 2181 } else { 2182 NG_BTSOCKET_RFCOMM_WARN( 2183 "%s: Got UA for non-existing dlci=%d\n", __func__, dlci); 2184 2185 error = ng_btsocket_rfcomm_send_command(s,RFCOMM_FRAME_DM,dlci); 2186 } 2187 2188 return (error); 2189 } /* ng_btsocket_rfcomm_receive_ua */ 2190 2191 /* 2192 * Process RFCOMM DM frame 2193 */ 2194 2195 static int 2196 ng_btsocket_rfcomm_receive_dm(ng_btsocket_rfcomm_session_p s, int dlci) 2197 { 2198 ng_btsocket_rfcomm_pcb_p pcb = NULL; 2199 int error; 2200 2201 mtx_assert(&s->session_mtx, MA_OWNED); 2202 2203 NG_BTSOCKET_RFCOMM_INFO( 2204 "%s: Got DM, session state=%d, flags=%#x, mtu=%d, dlci=%d\n", 2205 __func__, s->state, s->flags, s->mtu, dlci); 2206 2207 /* DLCI == 0 means multiplexor channel */ 2208 if (dlci == 0) { 2209 /* Disconnect all dlc's on the session */ 2210 s->state = NG_BTSOCKET_RFCOMM_SESSION_CLOSED; 2211 ng_btsocket_rfcomm_session_clean(s); 2212 } else { 2213 pcb = ng_btsocket_rfcomm_pcb_by_dlci(s, dlci); 2214 if (pcb != NULL) { 2215 mtx_lock(&pcb->pcb_mtx); 2216 2217 NG_BTSOCKET_RFCOMM_INFO( 2218 "%s: Got DM for dlci=%d, state=%d, flags=%#x\n", 2219 __func__, dlci, pcb->state, pcb->flags); 2220 2221 if (pcb->state == NG_BTSOCKET_RFCOMM_DLC_CONNECTED) 2222 error = ECONNRESET; 2223 else 2224 error = ECONNREFUSED; 2225 2226 ng_btsocket_rfcomm_pcb_kill(pcb, error); 2227 2228 mtx_unlock(&pcb->pcb_mtx); 2229 } else 2230 NG_BTSOCKET_RFCOMM_WARN( 2231 "%s: Got DM for non-existing dlci=%d\n", __func__, dlci); 2232 } 2233 2234 return (0); 2235 } /* ng_btsocket_rfcomm_receive_dm */ 2236 2237 /* 2238 * Process RFCOMM UIH frame (data) 2239 */ 2240 2241 static int 2242 ng_btsocket_rfcomm_receive_uih(ng_btsocket_rfcomm_session_p s, int dlci, 2243 int pf, struct mbuf *m0) 2244 { 2245 ng_btsocket_rfcomm_pcb_p pcb = NULL; 2246 int error = 0; 2247 2248 mtx_assert(&s->session_mtx, MA_OWNED); 2249 2250 NG_BTSOCKET_RFCOMM_INFO( 2251 "%s: Got UIH, session state=%d, flags=%#x, mtu=%d, dlci=%d, pf=%d, len=%d\n", 2252 __func__, s->state, s->flags, s->mtu, dlci, pf, 2253 m0->m_pkthdr.len); 2254 2255 /* XXX should we do it here? Check for session flow control */ 2256 if (s->flags & NG_BTSOCKET_RFCOMM_SESSION_LFC) { 2257 NG_BTSOCKET_RFCOMM_WARN( 2258 "%s: Got UIH with session flow control asserted, state=%d, flags=%#x\n", 2259 __func__, s->state, s->flags); 2260 goto drop; 2261 } 2262 2263 /* Check if we have this dlci */ 2264 pcb = ng_btsocket_rfcomm_pcb_by_dlci(s, dlci); 2265 if (pcb == NULL) { 2266 NG_BTSOCKET_RFCOMM_WARN( 2267 "%s: Got UIH for non-existing dlci=%d\n", __func__, dlci); 2268 error = ng_btsocket_rfcomm_send_command(s,RFCOMM_FRAME_DM,dlci); 2269 goto drop; 2270 } 2271 2272 mtx_lock(&pcb->pcb_mtx); 2273 2274 /* Check dlci state */ 2275 if (pcb->state != NG_BTSOCKET_RFCOMM_DLC_CONNECTED) { 2276 NG_BTSOCKET_RFCOMM_WARN( 2277 "%s: Got UIH for dlci=%d in invalid state=%d, flags=%#x\n", 2278 __func__, dlci, pcb->state, pcb->flags); 2279 error = EINVAL; 2280 goto drop1; 2281 } 2282 2283 /* Check dlci flow control */ 2284 if (((pcb->flags & NG_BTSOCKET_RFCOMM_DLC_CFC) && pcb->rx_cred <= 0) || 2285 (pcb->lmodem & RFCOMM_MODEM_FC)) { 2286 NG_BTSOCKET_RFCOMM_ERR( 2287 "%s: Got UIH for dlci=%d with asserted flow control, state=%d, " \ 2288 "flags=%#x, rx_cred=%d, lmodem=%#x\n", 2289 __func__, dlci, pcb->state, pcb->flags, 2290 pcb->rx_cred, pcb->lmodem); 2291 goto drop1; 2292 } 2293 2294 /* Did we get any credits? */ 2295 if ((pcb->flags & NG_BTSOCKET_RFCOMM_DLC_CFC) && pf) { 2296 NG_BTSOCKET_RFCOMM_INFO( 2297 "%s: Got %d more credits for dlci=%d, state=%d, flags=%#x, " \ 2298 "rx_cred=%d, tx_cred=%d\n", 2299 __func__, *mtod(m0, u_int8_t *), dlci, pcb->state, 2300 pcb->flags, pcb->rx_cred, pcb->tx_cred); 2301 2302 pcb->tx_cred += *mtod(m0, u_int8_t *); 2303 m_adj(m0, 1); 2304 2305 /* Send more from the DLC. XXX check for errors? */ 2306 ng_btsocket_rfcomm_pcb_send(pcb, ALOT); 2307 } 2308 2309 /* OK the of the rest of the mbuf is the data */ 2310 if (m0->m_pkthdr.len > 0) { 2311 /* If we are using credit flow control decrease rx_cred here */ 2312 if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_CFC) { 2313 /* Give remote peer more credits (if needed) */ 2314 if (-- pcb->rx_cred <= RFCOMM_MAX_CREDITS / 2) 2315 ng_btsocket_rfcomm_send_credits(pcb); 2316 else 2317 NG_BTSOCKET_RFCOMM_INFO( 2318 "%s: Remote side still has credits, dlci=%d, state=%d, flags=%#x, " \ 2319 "rx_cred=%d, tx_cred=%d\n", __func__, dlci, pcb->state, pcb->flags, 2320 pcb->rx_cred, pcb->tx_cred); 2321 } 2322 2323 /* Check packet against mtu on dlci */ 2324 if (m0->m_pkthdr.len > pcb->mtu) { 2325 NG_BTSOCKET_RFCOMM_ERR( 2326 "%s: Got oversized UIH for dlci=%d, state=%d, flags=%#x, mtu=%d, len=%d\n", 2327 __func__, dlci, pcb->state, pcb->flags, 2328 pcb->mtu, m0->m_pkthdr.len); 2329 2330 error = EMSGSIZE; 2331 } else if (m0->m_pkthdr.len > sbspace(&pcb->so->so_rcv)) { 2332 2333 /* 2334 * This is really bad. Receive queue on socket does 2335 * not have enough space for the packet. We do not 2336 * have any other choice but drop the packet. 2337 */ 2338 2339 NG_BTSOCKET_RFCOMM_ERR( 2340 "%s: Not enough space in socket receive queue. Dropping UIH for dlci=%d, " \ 2341 "state=%d, flags=%#x, len=%d, space=%ld\n", 2342 __func__, dlci, pcb->state, pcb->flags, 2343 m0->m_pkthdr.len, sbspace(&pcb->so->so_rcv)); 2344 2345 error = ENOBUFS; 2346 } else { 2347 /* Append packet to the socket receive queue */ 2348 sbappend(&pcb->so->so_rcv, m0); 2349 m0 = NULL; 2350 2351 sorwakeup(pcb->so); 2352 } 2353 } 2354 drop1: 2355 mtx_unlock(&pcb->pcb_mtx); 2356 drop: 2357 NG_FREE_M(m0); /* checks for != NULL */ 2358 2359 return (error); 2360 } /* ng_btsocket_rfcomm_receive_uih */ 2361 2362 /* 2363 * Process RFCOMM MCC command (Multiplexor) 2364 * 2365 * From TS 07.10 spec 2366 * 2367 * "5.4.3.1 Information Data 2368 * 2369 * ...The frames (UIH) sent by the initiating station have the C/R bit set 2370 * to 1 and those sent by the responding station have the C/R bit set to 0..." 2371 * 2372 * "5.4.6.2 Operating procedures 2373 * 2374 * Messages always exist in pairs; a command message and a corresponding 2375 * response message. If the C/R bit is set to 1 the message is a command, 2376 * if it is set to 0 the message is a response... 2377 * 2378 * ... 2379 * 2380 * NOTE: Notice that when UIH frames are used to convey information on DLCI 0 2381 * there are at least two different fields that contain a C/R bit, and the 2382 * bits are set of different form. The C/R bit in the Type field shall be set 2383 * as it is stated above, while the C/R bit in the Address field (see subclause 2384 * 5.2.1.2) shall be set as it is described in subclause 5.4.3.1." 2385 */ 2386 2387 static int 2388 ng_btsocket_rfcomm_receive_mcc(ng_btsocket_rfcomm_session_p s, struct mbuf *m0) 2389 { 2390 struct rfcomm_mcc_hdr *hdr = NULL; 2391 u_int8_t cr, type, length; 2392 2393 mtx_assert(&s->session_mtx, MA_OWNED); 2394 2395 /* 2396 * We can access data directly in the first mbuf, because we have 2397 * m_pullup()'ed mbuf chain in ng_btsocket_rfcomm_receive_frame(). 2398 * All MCC commands should fit into single mbuf (except probably TEST). 2399 */ 2400 2401 hdr = mtod(m0, struct rfcomm_mcc_hdr *); 2402 cr = RFCOMM_CR(hdr->type); 2403 type = RFCOMM_MCC_TYPE(hdr->type); 2404 length = RFCOMM_MCC_LENGTH(hdr->length); 2405 2406 /* Check MCC frame length */ 2407 if (sizeof(*hdr) + length != m0->m_pkthdr.len) { 2408 NG_BTSOCKET_RFCOMM_ERR( 2409 "%s: Invalid MCC frame length=%d, len=%d\n", 2410 __func__, length, m0->m_pkthdr.len); 2411 NG_FREE_M(m0); 2412 2413 return (EMSGSIZE); 2414 } 2415 2416 switch (type) { 2417 case RFCOMM_MCC_TEST: 2418 return (ng_btsocket_rfcomm_receive_test(s, m0)); 2419 /* NOT REACHED */ 2420 2421 case RFCOMM_MCC_FCON: 2422 case RFCOMM_MCC_FCOFF: 2423 return (ng_btsocket_rfcomm_receive_fc(s, m0)); 2424 /* NOT REACHED */ 2425 2426 case RFCOMM_MCC_MSC: 2427 return (ng_btsocket_rfcomm_receive_msc(s, m0)); 2428 /* NOT REACHED */ 2429 2430 case RFCOMM_MCC_RPN: 2431 return (ng_btsocket_rfcomm_receive_rpn(s, m0)); 2432 /* NOT REACHED */ 2433 2434 case RFCOMM_MCC_RLS: 2435 return (ng_btsocket_rfcomm_receive_rls(s, m0)); 2436 /* NOT REACHED */ 2437 2438 case RFCOMM_MCC_PN: 2439 return (ng_btsocket_rfcomm_receive_pn(s, m0)); 2440 /* NOT REACHED */ 2441 2442 case RFCOMM_MCC_NSC: 2443 NG_BTSOCKET_RFCOMM_ERR( 2444 "%s: Got MCC NSC, type=%#x, cr=%d, length=%d, session state=%d, flags=%#x, " \ 2445 "mtu=%d, len=%d\n", __func__, RFCOMM_MCC_TYPE(*((u_int8_t *)(hdr + 1))), cr, 2446 length, s->state, s->flags, s->mtu, m0->m_pkthdr.len); 2447 NG_FREE_M(m0); 2448 break; 2449 2450 default: 2451 NG_BTSOCKET_RFCOMM_ERR( 2452 "%s: Got unknown MCC, type=%#x, cr=%d, length=%d, session state=%d, " \ 2453 "flags=%#x, mtu=%d, len=%d\n", 2454 __func__, type, cr, length, s->state, s->flags, 2455 s->mtu, m0->m_pkthdr.len); 2456 2457 /* Reuse mbuf to send NSC */ 2458 hdr = mtod(m0, struct rfcomm_mcc_hdr *); 2459 m0->m_pkthdr.len = m0->m_len = sizeof(*hdr); 2460 2461 /* Create MCC NSC header */ 2462 hdr->type = RFCOMM_MKMCC_TYPE(0, RFCOMM_MCC_NSC); 2463 hdr->length = RFCOMM_MKLEN8(1); 2464 2465 /* Put back MCC command type we did not like */ 2466 m0->m_data[m0->m_len] = RFCOMM_MKMCC_TYPE(cr, type); 2467 m0->m_pkthdr.len ++; 2468 m0->m_len ++; 2469 2470 /* Send UIH frame */ 2471 return (ng_btsocket_rfcomm_send_uih(s, 2472 RFCOMM_MKADDRESS(INITIATOR(s), 0), 0, 0, m0)); 2473 /* NOT REACHED */ 2474 } 2475 2476 return (0); 2477 } /* ng_btsocket_rfcomm_receive_mcc */ 2478 2479 /* 2480 * Receive RFCOMM TEST MCC command 2481 */ 2482 2483 static int 2484 ng_btsocket_rfcomm_receive_test(ng_btsocket_rfcomm_session_p s, struct mbuf *m0) 2485 { 2486 struct rfcomm_mcc_hdr *hdr = mtod(m0, struct rfcomm_mcc_hdr *); 2487 int error = 0; 2488 2489 mtx_assert(&s->session_mtx, MA_OWNED); 2490 2491 NG_BTSOCKET_RFCOMM_INFO( 2492 "%s: Got MCC TEST, cr=%d, length=%d, session state=%d, flags=%#x, mtu=%d, " \ 2493 "len=%d\n", __func__, RFCOMM_CR(hdr->type), RFCOMM_MCC_LENGTH(hdr->length), 2494 s->state, s->flags, s->mtu, m0->m_pkthdr.len); 2495 2496 if (RFCOMM_CR(hdr->type)) { 2497 hdr->type = RFCOMM_MKMCC_TYPE(0, RFCOMM_MCC_TEST); 2498 error = ng_btsocket_rfcomm_send_uih(s, 2499 RFCOMM_MKADDRESS(INITIATOR(s), 0), 0, 0, m0); 2500 } else 2501 NG_FREE_M(m0); /* XXX ignore response */ 2502 2503 return (error); 2504 } /* ng_btsocket_rfcomm_receive_test */ 2505 2506 /* 2507 * Receive RFCOMM FCON/FCOFF MCC command 2508 */ 2509 2510 static int 2511 ng_btsocket_rfcomm_receive_fc(ng_btsocket_rfcomm_session_p s, struct mbuf *m0) 2512 { 2513 struct rfcomm_mcc_hdr *hdr = mtod(m0, struct rfcomm_mcc_hdr *); 2514 u_int8_t type = RFCOMM_MCC_TYPE(hdr->type); 2515 int error = 0; 2516 2517 mtx_assert(&s->session_mtx, MA_OWNED); 2518 2519 /* 2520 * Turn ON/OFF aggregate flow on the entire session. When remote peer 2521 * asserted flow control no transmission shall occur except on dlci 0 2522 * (control channel). 2523 */ 2524 2525 NG_BTSOCKET_RFCOMM_INFO( 2526 "%s: Got MCC FC%s, cr=%d, length=%d, session state=%d, flags=%#x, mtu=%d, " \ 2527 "len=%d\n", __func__, (type == RFCOMM_MCC_FCON)? "ON" : "OFF", 2528 RFCOMM_CR(hdr->type), RFCOMM_MCC_LENGTH(hdr->length), 2529 s->state, s->flags, s->mtu, m0->m_pkthdr.len); 2530 2531 if (RFCOMM_CR(hdr->type)) { 2532 if (type == RFCOMM_MCC_FCON) 2533 s->flags &= ~NG_BTSOCKET_RFCOMM_SESSION_RFC; 2534 else 2535 s->flags |= NG_BTSOCKET_RFCOMM_SESSION_RFC; 2536 2537 hdr->type = RFCOMM_MKMCC_TYPE(0, type); 2538 error = ng_btsocket_rfcomm_send_uih(s, 2539 RFCOMM_MKADDRESS(INITIATOR(s), 0), 0, 0, m0); 2540 } else 2541 NG_FREE_M(m0); /* XXX ignore response */ 2542 2543 return (error); 2544 } /* ng_btsocket_rfcomm_receive_fc */ 2545 2546 /* 2547 * Receive RFCOMM MSC MCC command 2548 */ 2549 2550 static int 2551 ng_btsocket_rfcomm_receive_msc(ng_btsocket_rfcomm_session_p s, struct mbuf *m0) 2552 { 2553 struct rfcomm_mcc_hdr *hdr = mtod(m0, struct rfcomm_mcc_hdr*); 2554 struct rfcomm_mcc_msc *msc = (struct rfcomm_mcc_msc *)(hdr+1); 2555 ng_btsocket_rfcomm_pcb_t *pcb = NULL; 2556 int error = 0; 2557 2558 mtx_assert(&s->session_mtx, MA_OWNED); 2559 2560 NG_BTSOCKET_RFCOMM_INFO( 2561 "%s: Got MCC MSC, dlci=%d, cr=%d, length=%d, session state=%d, flags=%#x, " \ 2562 "mtu=%d, len=%d\n", 2563 __func__, RFCOMM_DLCI(msc->address), RFCOMM_CR(hdr->type), 2564 RFCOMM_MCC_LENGTH(hdr->length), s->state, s->flags, 2565 s->mtu, m0->m_pkthdr.len); 2566 2567 if (RFCOMM_CR(hdr->type)) { 2568 pcb = ng_btsocket_rfcomm_pcb_by_dlci(s, RFCOMM_DLCI(msc->address)); 2569 if (pcb == NULL) { 2570 NG_BTSOCKET_RFCOMM_WARN( 2571 "%s: Got MSC command for non-existing dlci=%d\n", 2572 __func__, RFCOMM_DLCI(msc->address)); 2573 NG_FREE_M(m0); 2574 2575 return (ENOENT); 2576 } 2577 2578 mtx_lock(&pcb->pcb_mtx); 2579 2580 if (pcb->state != NG_BTSOCKET_RFCOMM_DLC_CONNECTING && 2581 pcb->state != NG_BTSOCKET_RFCOMM_DLC_CONNECTED) { 2582 NG_BTSOCKET_RFCOMM_WARN( 2583 "%s: Got MSC on dlci=%d in invalid state=%d\n", 2584 __func__, RFCOMM_DLCI(msc->address), 2585 pcb->state); 2586 2587 mtx_unlock(&pcb->pcb_mtx); 2588 NG_FREE_M(m0); 2589 2590 return (EINVAL); 2591 } 2592 2593 pcb->rmodem = msc->modem; /* Update remote port signals */ 2594 2595 hdr->type = RFCOMM_MKMCC_TYPE(0, RFCOMM_MCC_MSC); 2596 error = ng_btsocket_rfcomm_send_uih(s, 2597 RFCOMM_MKADDRESS(INITIATOR(s), 0), 0, 0, m0); 2598 2599 #if 0 /* YYY */ 2600 /* Send more data from DLC. XXX check for errors? */ 2601 if (!(pcb->rmodem & RFCOMM_MODEM_FC) && 2602 !(pcb->flags & NG_BTSOCKET_RFCOMM_DLC_CFC)) 2603 ng_btsocket_rfcomm_pcb_send(pcb, ALOT); 2604 #endif /* YYY */ 2605 2606 mtx_unlock(&pcb->pcb_mtx); 2607 } else 2608 NG_FREE_M(m0); /* XXX ignore response */ 2609 2610 return (error); 2611 } /* ng_btsocket_rfcomm_receive_msc */ 2612 2613 /* 2614 * Receive RFCOMM RPN MCC command 2615 * XXX FIXME do we need htole16/le16toh for RPN param_mask? 2616 */ 2617 2618 static int 2619 ng_btsocket_rfcomm_receive_rpn(ng_btsocket_rfcomm_session_p s, struct mbuf *m0) 2620 { 2621 struct rfcomm_mcc_hdr *hdr = mtod(m0, struct rfcomm_mcc_hdr *); 2622 struct rfcomm_mcc_rpn *rpn = (struct rfcomm_mcc_rpn *)(hdr + 1); 2623 int error = 0; 2624 u_int16_t param_mask; 2625 u_int8_t bit_rate, data_bits, stop_bits, parity, 2626 flow_control, xon_char, xoff_char; 2627 2628 mtx_assert(&s->session_mtx, MA_OWNED); 2629 2630 NG_BTSOCKET_RFCOMM_INFO( 2631 "%s: Got MCC RPN, dlci=%d, cr=%d, length=%d, session state=%d, flags=%#x, " \ 2632 "mtu=%d, len=%d\n", 2633 __func__, RFCOMM_DLCI(rpn->dlci), RFCOMM_CR(hdr->type), 2634 RFCOMM_MCC_LENGTH(hdr->length), s->state, s->flags, 2635 s->mtu, m0->m_pkthdr.len); 2636 2637 if (RFCOMM_CR(hdr->type)) { 2638 param_mask = RFCOMM_RPN_PM_ALL; 2639 2640 if (RFCOMM_MCC_LENGTH(hdr->length) == 1) { 2641 /* Request - return default setting */ 2642 bit_rate = RFCOMM_RPN_BR_115200; 2643 data_bits = RFCOMM_RPN_DATA_8; 2644 stop_bits = RFCOMM_RPN_STOP_1; 2645 parity = RFCOMM_RPN_PARITY_NONE; 2646 flow_control = RFCOMM_RPN_FLOW_NONE; 2647 xon_char = RFCOMM_RPN_XON_CHAR; 2648 xoff_char = RFCOMM_RPN_XOFF_CHAR; 2649 } else { 2650 /* 2651 * Ignore/accept bit_rate, 8 bits, 1 stop bit, no 2652 * parity, no flow control lines, default XON/XOFF 2653 * chars. 2654 */ 2655 2656 bit_rate = rpn->bit_rate; 2657 rpn->param_mask = le16toh(rpn->param_mask); /* XXX */ 2658 2659 data_bits = RFCOMM_RPN_DATA_BITS(rpn->line_settings); 2660 if (rpn->param_mask & RFCOMM_RPN_PM_DATA && 2661 data_bits != RFCOMM_RPN_DATA_8) { 2662 data_bits = RFCOMM_RPN_DATA_8; 2663 param_mask ^= RFCOMM_RPN_PM_DATA; 2664 } 2665 2666 stop_bits = RFCOMM_RPN_STOP_BITS(rpn->line_settings); 2667 if (rpn->param_mask & RFCOMM_RPN_PM_STOP && 2668 stop_bits != RFCOMM_RPN_STOP_1) { 2669 stop_bits = RFCOMM_RPN_STOP_1; 2670 param_mask ^= RFCOMM_RPN_PM_STOP; 2671 } 2672 2673 parity = RFCOMM_RPN_PARITY(rpn->line_settings); 2674 if (rpn->param_mask & RFCOMM_RPN_PM_PARITY && 2675 parity != RFCOMM_RPN_PARITY_NONE) { 2676 parity = RFCOMM_RPN_PARITY_NONE; 2677 param_mask ^= RFCOMM_RPN_PM_PARITY; 2678 } 2679 2680 flow_control = rpn->flow_control; 2681 if (rpn->param_mask & RFCOMM_RPN_PM_FLOW && 2682 flow_control != RFCOMM_RPN_FLOW_NONE) { 2683 flow_control = RFCOMM_RPN_FLOW_NONE; 2684 param_mask ^= RFCOMM_RPN_PM_FLOW; 2685 } 2686 2687 xon_char = rpn->xon_char; 2688 if (rpn->param_mask & RFCOMM_RPN_PM_XON && 2689 xon_char != RFCOMM_RPN_XON_CHAR) { 2690 xon_char = RFCOMM_RPN_XON_CHAR; 2691 param_mask ^= RFCOMM_RPN_PM_XON; 2692 } 2693 2694 xoff_char = rpn->xoff_char; 2695 if (rpn->param_mask & RFCOMM_RPN_PM_XOFF && 2696 xoff_char != RFCOMM_RPN_XOFF_CHAR) { 2697 xoff_char = RFCOMM_RPN_XOFF_CHAR; 2698 param_mask ^= RFCOMM_RPN_PM_XOFF; 2699 } 2700 } 2701 2702 rpn->bit_rate = bit_rate; 2703 rpn->line_settings = RFCOMM_MKRPN_LINE_SETTINGS(data_bits, 2704 stop_bits, parity); 2705 rpn->flow_control = flow_control; 2706 rpn->xon_char = xon_char; 2707 rpn->xoff_char = xoff_char; 2708 rpn->param_mask = htole16(param_mask); /* XXX */ 2709 2710 m0->m_pkthdr.len = m0->m_len = sizeof(*hdr) + sizeof(*rpn); 2711 2712 hdr->type = RFCOMM_MKMCC_TYPE(0, RFCOMM_MCC_RPN); 2713 error = ng_btsocket_rfcomm_send_uih(s, 2714 RFCOMM_MKADDRESS(INITIATOR(s), 0), 0, 0, m0); 2715 } else 2716 NG_FREE_M(m0); /* XXX ignore response */ 2717 2718 return (error); 2719 } /* ng_btsocket_rfcomm_receive_rpn */ 2720 2721 /* 2722 * Receive RFCOMM RLS MCC command 2723 */ 2724 2725 static int 2726 ng_btsocket_rfcomm_receive_rls(ng_btsocket_rfcomm_session_p s, struct mbuf *m0) 2727 { 2728 struct rfcomm_mcc_hdr *hdr = mtod(m0, struct rfcomm_mcc_hdr *); 2729 struct rfcomm_mcc_rls *rls = (struct rfcomm_mcc_rls *)(hdr + 1); 2730 int error = 0; 2731 2732 mtx_assert(&s->session_mtx, MA_OWNED); 2733 2734 /* 2735 * XXX FIXME Do we have to do anything else here? Remote peer tries to 2736 * tell us something about DLCI. Just report what we have received and 2737 * return back received values as required by TS 07.10 spec. 2738 */ 2739 2740 NG_BTSOCKET_RFCOMM_INFO( 2741 "%s: Got MCC RLS, dlci=%d, status=%#x, cr=%d, length=%d, session state=%d, " \ 2742 "flags=%#x, mtu=%d, len=%d\n", 2743 __func__, RFCOMM_DLCI(rls->address), rls->status, 2744 RFCOMM_CR(hdr->type), RFCOMM_MCC_LENGTH(hdr->length), 2745 s->state, s->flags, s->mtu, m0->m_pkthdr.len); 2746 2747 if (RFCOMM_CR(hdr->type)) { 2748 if (rls->status & 0x1) 2749 NG_BTSOCKET_RFCOMM_ERR( 2750 "%s: Got RLS dlci=%d, error=%#x\n", __func__, RFCOMM_DLCI(rls->address), 2751 rls->status >> 1); 2752 2753 hdr->type = RFCOMM_MKMCC_TYPE(0, RFCOMM_MCC_RLS); 2754 error = ng_btsocket_rfcomm_send_uih(s, 2755 RFCOMM_MKADDRESS(INITIATOR(s), 0), 0, 0, m0); 2756 } else 2757 NG_FREE_M(m0); /* XXX ignore responses */ 2758 2759 return (error); 2760 } /* ng_btsocket_rfcomm_receive_rls */ 2761 2762 /* 2763 * Receive RFCOMM PN MCC command 2764 */ 2765 2766 static int 2767 ng_btsocket_rfcomm_receive_pn(ng_btsocket_rfcomm_session_p s, struct mbuf *m0) 2768 { 2769 struct rfcomm_mcc_hdr *hdr = mtod(m0, struct rfcomm_mcc_hdr*); 2770 struct rfcomm_mcc_pn *pn = (struct rfcomm_mcc_pn *)(hdr+1); 2771 ng_btsocket_rfcomm_pcb_t *pcb = NULL; 2772 int error = 0; 2773 2774 mtx_assert(&s->session_mtx, MA_OWNED); 2775 2776 NG_BTSOCKET_RFCOMM_INFO( 2777 "%s: Got MCC PN, dlci=%d, cr=%d, length=%d, flow_control=%#x, priority=%d, " \ 2778 "ack_timer=%d, mtu=%d, max_retrans=%d, credits=%d, session state=%d, " \ 2779 "flags=%#x, session mtu=%d, len=%d\n", 2780 __func__, pn->dlci, RFCOMM_CR(hdr->type), 2781 RFCOMM_MCC_LENGTH(hdr->length), pn->flow_control, pn->priority, 2782 pn->ack_timer, le16toh(pn->mtu), pn->max_retrans, pn->credits, 2783 s->state, s->flags, s->mtu, m0->m_pkthdr.len); 2784 2785 if (pn->dlci == 0) { 2786 NG_BTSOCKET_RFCOMM_ERR("%s: Zero dlci in MCC PN\n", __func__); 2787 NG_FREE_M(m0); 2788 2789 return (EINVAL); 2790 } 2791 2792 /* Check if we have this dlci */ 2793 pcb = ng_btsocket_rfcomm_pcb_by_dlci(s, pn->dlci); 2794 if (pcb != NULL) { 2795 mtx_lock(&pcb->pcb_mtx); 2796 2797 if (RFCOMM_CR(hdr->type)) { 2798 /* PN Request */ 2799 ng_btsocket_rfcomm_set_pn(pcb, 1, pn->flow_control, 2800 pn->credits, pn->mtu); 2801 2802 if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_CFC) { 2803 pn->flow_control = 0xe0; 2804 pn->credits = RFCOMM_DEFAULT_CREDITS; 2805 } else { 2806 pn->flow_control = 0; 2807 pn->credits = 0; 2808 } 2809 2810 hdr->type = RFCOMM_MKMCC_TYPE(0, RFCOMM_MCC_PN); 2811 error = ng_btsocket_rfcomm_send_uih(s, 2812 RFCOMM_MKADDRESS(INITIATOR(s), 0), 2813 0, 0, m0); 2814 } else { 2815 /* PN Response - proceed with SABM. Timeout still set */ 2816 if (pcb->state == NG_BTSOCKET_RFCOMM_DLC_CONFIGURING) { 2817 ng_btsocket_rfcomm_set_pn(pcb, 0, 2818 pn->flow_control, pn->credits, pn->mtu); 2819 2820 pcb->state = NG_BTSOCKET_RFCOMM_DLC_CONNECTING; 2821 error = ng_btsocket_rfcomm_send_command(s, 2822 RFCOMM_FRAME_SABM, pn->dlci); 2823 } else 2824 NG_BTSOCKET_RFCOMM_WARN( 2825 "%s: Got PN response for dlci=%d in invalid state=%d\n", 2826 __func__, pn->dlci, pcb->state); 2827 2828 NG_FREE_M(m0); 2829 } 2830 2831 mtx_unlock(&pcb->pcb_mtx); 2832 } else if (RFCOMM_CR(hdr->type)) { 2833 /* PN request to non-existing dlci - incomming connection */ 2834 pcb = ng_btsocket_rfcomm_connect_ind(s, 2835 RFCOMM_SRVCHANNEL(pn->dlci)); 2836 if (pcb != NULL) { 2837 mtx_lock(&pcb->pcb_mtx); 2838 2839 pcb->dlci = pn->dlci; 2840 2841 ng_btsocket_rfcomm_set_pn(pcb, 1, pn->flow_control, 2842 pn->credits, pn->mtu); 2843 2844 if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_CFC) { 2845 pn->flow_control = 0xe0; 2846 pn->credits = RFCOMM_DEFAULT_CREDITS; 2847 } else { 2848 pn->flow_control = 0; 2849 pn->credits = 0; 2850 } 2851 2852 hdr->type = RFCOMM_MKMCC_TYPE(0, RFCOMM_MCC_PN); 2853 error = ng_btsocket_rfcomm_send_uih(s, 2854 RFCOMM_MKADDRESS(INITIATOR(s), 0), 2855 0, 0, m0); 2856 2857 if (error == 0) { 2858 ng_btsocket_rfcomm_timeout(pcb); 2859 pcb->state = NG_BTSOCKET_RFCOMM_DLC_CONNECTING; 2860 soisconnecting(pcb->so); 2861 } else 2862 ng_btsocket_rfcomm_pcb_kill(pcb, error); 2863 2864 mtx_unlock(&pcb->pcb_mtx); 2865 } else { 2866 /* Nobody is listen()ing on this channel */ 2867 error = ng_btsocket_rfcomm_send_command(s, 2868 RFCOMM_FRAME_DM, pn->dlci); 2869 NG_FREE_M(m0); 2870 } 2871 } else 2872 NG_FREE_M(m0); /* XXX ignore response to non-existing dlci */ 2873 2874 return (error); 2875 } /* ng_btsocket_rfcomm_receive_pn */ 2876 2877 /* 2878 * Set PN parameters for dlci. Caller must hold pcb->pcb_mtx. 2879 * 2880 * From Bluetooth spec. 2881 * 2882 * "... The CL1 - CL4 field is completely redefined. (In TS07.10 this defines 2883 * the convergence layer to use, which is not applicable to RFCOMM. In RFCOMM, 2884 * in Bluetooth versions up to 1.0B, this field was forced to 0). 2885 * 2886 * In the PN request sent prior to a DLC establishment, this field must contain 2887 * the value 15 (0xF), indicating support of credit based flow control in the 2888 * sender. See Table 5.3 below. If the PN response contains any other value 2889 * than 14 (0xE) in this field, it is inferred that the peer RFCOMM entity is 2890 * not supporting the credit based flow control feature. (This is only possible 2891 * if the peer RFCOMM implementation is only conforming to Bluetooth version 2892 * 1.0B.) If a PN request is sent on an already open DLC, then this field must 2893 * contain the value zero; it is not possible to set initial credits more 2894 * than once per DLC activation. A responding implementation must set this 2895 * field in the PN response to 14 (0xE), if (and only if) the value in the PN 2896 * request was 15..." 2897 */ 2898 2899 static void 2900 ng_btsocket_rfcomm_set_pn(ng_btsocket_rfcomm_pcb_p pcb, u_int8_t cr, 2901 u_int8_t flow_control, u_int8_t credits, u_int16_t mtu) 2902 { 2903 mtx_assert(&pcb->pcb_mtx, MA_OWNED); 2904 2905 pcb->mtu = le16toh(mtu); 2906 2907 if (cr) { 2908 if (flow_control == 0xf0) { 2909 pcb->flags |= NG_BTSOCKET_RFCOMM_DLC_CFC; 2910 pcb->tx_cred = credits; 2911 } else { 2912 pcb->flags &= ~NG_BTSOCKET_RFCOMM_DLC_CFC; 2913 pcb->tx_cred = 0; 2914 } 2915 } else { 2916 if (flow_control == 0xe0) { 2917 pcb->flags |= NG_BTSOCKET_RFCOMM_DLC_CFC; 2918 pcb->tx_cred = credits; 2919 } else { 2920 pcb->flags &= ~NG_BTSOCKET_RFCOMM_DLC_CFC; 2921 pcb->tx_cred = 0; 2922 } 2923 } 2924 2925 NG_BTSOCKET_RFCOMM_INFO( 2926 "%s: cr=%d, dlci=%d, state=%d, flags=%#x, mtu=%d, rx_cred=%d, tx_cred=%d\n", 2927 __func__, cr, pcb->dlci, pcb->state, pcb->flags, pcb->mtu, 2928 pcb->rx_cred, pcb->tx_cred); 2929 } /* ng_btsocket_rfcomm_set_pn */ 2930 2931 /* 2932 * Send RFCOMM SABM/DISC/UA/DM frames. Caller must hold s->session_mtx 2933 */ 2934 2935 static int 2936 ng_btsocket_rfcomm_send_command(ng_btsocket_rfcomm_session_p s, 2937 u_int8_t type, u_int8_t dlci) 2938 { 2939 struct rfcomm_cmd_hdr *hdr = NULL; 2940 struct mbuf *m = NULL; 2941 int cr; 2942 2943 mtx_assert(&s->session_mtx, MA_OWNED); 2944 2945 NG_BTSOCKET_RFCOMM_INFO( 2946 "%s: Sending command type %#x, session state=%d, flags=%#x, mtu=%d, dlci=%d\n", 2947 __func__, type, s->state, s->flags, s->mtu, dlci); 2948 2949 switch (type) { 2950 case RFCOMM_FRAME_SABM: 2951 case RFCOMM_FRAME_DISC: 2952 cr = INITIATOR(s); 2953 break; 2954 2955 case RFCOMM_FRAME_UA: 2956 case RFCOMM_FRAME_DM: 2957 cr = !INITIATOR(s); 2958 break; 2959 2960 default: 2961 panic("%s: Invalid frame type=%#x\n", __func__, type); 2962 return (EINVAL); 2963 /* NOT REACHED */ 2964 } 2965 2966 MGETHDR(m, M_DONTWAIT, MT_DATA); 2967 if (m == NULL) 2968 return (ENOBUFS); 2969 2970 m->m_pkthdr.len = m->m_len = sizeof(*hdr); 2971 2972 hdr = mtod(m, struct rfcomm_cmd_hdr *); 2973 hdr->address = RFCOMM_MKADDRESS(cr, dlci); 2974 hdr->control = RFCOMM_MKCONTROL(type, 1); 2975 hdr->length = RFCOMM_MKLEN8(0); 2976 hdr->fcs = ng_btsocket_rfcomm_fcs3((u_int8_t *) hdr); 2977 2978 NG_BT_MBUFQ_ENQUEUE(&s->outq, m); 2979 2980 return (0); 2981 } /* ng_btsocket_rfcomm_send_command */ 2982 2983 /* 2984 * Send RFCOMM UIH frame. Caller must hold s->session_mtx 2985 */ 2986 2987 static int 2988 ng_btsocket_rfcomm_send_uih(ng_btsocket_rfcomm_session_p s, u_int8_t address, 2989 u_int8_t pf, u_int8_t credits, struct mbuf *data) 2990 { 2991 struct rfcomm_frame_hdr *hdr = NULL; 2992 struct mbuf *m = NULL, *mcrc = NULL; 2993 u_int16_t length; 2994 2995 mtx_assert(&s->session_mtx, MA_OWNED); 2996 2997 MGETHDR(m, M_DONTWAIT, MT_DATA); 2998 if (m == NULL) { 2999 NG_FREE_M(data); 3000 return (ENOBUFS); 3001 } 3002 m->m_pkthdr.len = m->m_len = sizeof(*hdr); 3003 3004 MGET(mcrc, M_DONTWAIT, MT_DATA); 3005 if (mcrc == NULL) { 3006 NG_FREE_M(data); 3007 return (ENOBUFS); 3008 } 3009 mcrc->m_len = 1; 3010 3011 /* Fill UIH frame header */ 3012 hdr = mtod(m, struct rfcomm_frame_hdr *); 3013 hdr->address = address; 3014 hdr->control = RFCOMM_MKCONTROL(RFCOMM_FRAME_UIH, pf); 3015 3016 /* Calculate FCS */ 3017 mcrc->m_data[0] = ng_btsocket_rfcomm_fcs2((u_int8_t *) hdr); 3018 3019 /* Put length back */ 3020 length = (data != NULL)? data->m_pkthdr.len : 0; 3021 if (length > 127) { 3022 u_int16_t l = htole16(RFCOMM_MKLEN16(length)); 3023 3024 bcopy(&l, &hdr->length, sizeof(l)); 3025 m->m_pkthdr.len ++; 3026 m->m_len ++; 3027 } else 3028 hdr->length = RFCOMM_MKLEN8(length); 3029 3030 if (pf) { 3031 m->m_data[m->m_len] = credits; 3032 m->m_pkthdr.len ++; 3033 m->m_len ++; 3034 } 3035 3036 /* Add payload */ 3037 if (data != NULL) { 3038 m_cat(m, data); 3039 m->m_pkthdr.len += length; 3040 } 3041 3042 /* Put FCS back */ 3043 m_cat(m, mcrc); 3044 m->m_pkthdr.len ++; 3045 3046 NG_BTSOCKET_RFCOMM_INFO( 3047 "%s: Sending UIH state=%d, flags=%#x, address=%d, length=%d, pf=%d, " \ 3048 "credits=%d, len=%d\n", 3049 __func__, s->state, s->flags, address, length, pf, credits, 3050 m->m_pkthdr.len); 3051 3052 NG_BT_MBUFQ_ENQUEUE(&s->outq, m); 3053 3054 return (0); 3055 } /* ng_btsocket_rfcomm_send_uih */ 3056 3057 /* 3058 * Send MSC request. Caller must hold pcb->pcb_mtx and pcb->session->session_mtx 3059 */ 3060 3061 static int 3062 ng_btsocket_rfcomm_send_msc(ng_btsocket_rfcomm_pcb_p pcb) 3063 { 3064 struct mbuf *m = NULL; 3065 struct rfcomm_mcc_hdr *hdr = NULL; 3066 struct rfcomm_mcc_msc *msc = NULL; 3067 3068 mtx_assert(&pcb->session->session_mtx, MA_OWNED); 3069 mtx_assert(&pcb->pcb_mtx, MA_OWNED); 3070 3071 MGETHDR(m, M_DONTWAIT, MT_DATA); 3072 if (m == NULL) 3073 return (ENOBUFS); 3074 3075 m->m_pkthdr.len = m->m_len = sizeof(*hdr) + sizeof(*msc); 3076 3077 hdr = mtod(m, struct rfcomm_mcc_hdr *); 3078 msc = (struct rfcomm_mcc_msc *)(hdr + 1); 3079 3080 hdr->type = RFCOMM_MKMCC_TYPE(1, RFCOMM_MCC_MSC); 3081 hdr->length = RFCOMM_MKLEN8(sizeof(*msc)); 3082 3083 msc->address = RFCOMM_MKADDRESS(1, pcb->dlci); 3084 msc->modem = pcb->lmodem; 3085 3086 NG_BTSOCKET_RFCOMM_INFO( 3087 "%s: Sending MSC dlci=%d, state=%d, flags=%#x, address=%d, modem=%#x\n", 3088 __func__, pcb->dlci, pcb->state, pcb->flags, msc->address, 3089 msc->modem); 3090 3091 return (ng_btsocket_rfcomm_send_uih(pcb->session, 3092 RFCOMM_MKADDRESS(INITIATOR(pcb->session), 0), 0, 0, m)); 3093 } /* ng_btsocket_rfcomm_send_msc */ 3094 3095 /* 3096 * Send PN request. Caller must hold pcb->pcb_mtx and pcb->session->session_mtx 3097 */ 3098 3099 static int 3100 ng_btsocket_rfcomm_send_pn(ng_btsocket_rfcomm_pcb_p pcb) 3101 { 3102 struct mbuf *m = NULL; 3103 struct rfcomm_mcc_hdr *hdr = NULL; 3104 struct rfcomm_mcc_pn *pn = NULL; 3105 3106 mtx_assert(&pcb->session->session_mtx, MA_OWNED); 3107 mtx_assert(&pcb->pcb_mtx, MA_OWNED); 3108 3109 MGETHDR(m, M_DONTWAIT, MT_DATA); 3110 if (m == NULL) 3111 return (ENOBUFS); 3112 3113 m->m_pkthdr.len = m->m_len = sizeof(*hdr) + sizeof(*pn); 3114 3115 hdr = mtod(m, struct rfcomm_mcc_hdr *); 3116 pn = (struct rfcomm_mcc_pn *)(hdr + 1); 3117 3118 hdr->type = RFCOMM_MKMCC_TYPE(1, RFCOMM_MCC_PN); 3119 hdr->length = RFCOMM_MKLEN8(sizeof(*pn)); 3120 3121 pn->dlci = pcb->dlci; 3122 3123 /* 3124 * Set default DLCI priority as described in GSM 07.10 3125 * (ETSI TS 101 369) clause 5.6 page 42 3126 */ 3127 3128 pn->priority = (pcb->dlci < 56)? (((pcb->dlci >> 3) << 3) + 7) : 61; 3129 pn->ack_timer = 0; 3130 pn->mtu = htole16(pcb->mtu); 3131 pn->max_retrans = 0; 3132 3133 if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_CFC) { 3134 pn->flow_control = 0xf0; 3135 pn->credits = pcb->rx_cred; 3136 } else { 3137 pn->flow_control = 0; 3138 pn->credits = 0; 3139 } 3140 3141 NG_BTSOCKET_RFCOMM_INFO( 3142 "%s: Sending PN dlci=%d, state=%d, flags=%#x, mtu=%d, flow_control=%#x, " \ 3143 "credits=%d\n", __func__, pcb->dlci, pcb->state, pcb->flags, pcb->mtu, 3144 pn->flow_control, pn->credits); 3145 3146 return (ng_btsocket_rfcomm_send_uih(pcb->session, 3147 RFCOMM_MKADDRESS(INITIATOR(pcb->session), 0), 0, 0, m)); 3148 } /* ng_btsocket_rfcomm_send_pn */ 3149 3150 /* 3151 * Calculate and send credits based on available space in receive buffer 3152 */ 3153 3154 static int 3155 ng_btsocket_rfcomm_send_credits(ng_btsocket_rfcomm_pcb_p pcb) 3156 { 3157 int error = 0; 3158 u_int8_t credits; 3159 3160 mtx_assert(&pcb->pcb_mtx, MA_OWNED); 3161 mtx_assert(&pcb->session->session_mtx, MA_OWNED); 3162 3163 NG_BTSOCKET_RFCOMM_INFO( 3164 "%s: Sending more credits, dlci=%d, state=%d, flags=%#x, mtu=%d, " \ 3165 "space=%ld, tx_cred=%d, rx_cred=%d\n", 3166 __func__, pcb->dlci, pcb->state, pcb->flags, pcb->mtu, 3167 sbspace(&pcb->so->so_rcv), pcb->tx_cred, pcb->rx_cred); 3168 3169 credits = sbspace(&pcb->so->so_rcv) / pcb->mtu; 3170 if (credits > 0) { 3171 if (pcb->rx_cred + credits > RFCOMM_MAX_CREDITS) 3172 credits = RFCOMM_MAX_CREDITS - pcb->rx_cred; 3173 3174 error = ng_btsocket_rfcomm_send_uih( 3175 pcb->session, 3176 RFCOMM_MKADDRESS(INITIATOR(pcb->session), 3177 pcb->dlci), 1, credits, NULL); 3178 if (error == 0) { 3179 pcb->rx_cred += credits; 3180 3181 NG_BTSOCKET_RFCOMM_INFO( 3182 "%s: Gave remote side %d more credits, dlci=%d, state=%d, flags=%#x, " \ 3183 "rx_cred=%d, tx_cred=%d\n", __func__, credits, pcb->dlci, pcb->state, 3184 pcb->flags, pcb->rx_cred, pcb->tx_cred); 3185 } else 3186 NG_BTSOCKET_RFCOMM_ERR( 3187 "%s: Could not send credits, error=%d, dlci=%d, state=%d, flags=%#x, " \ 3188 "mtu=%d, space=%ld, tx_cred=%d, rx_cred=%d\n", 3189 __func__, error, pcb->dlci, pcb->state, 3190 pcb->flags, pcb->mtu, sbspace(&pcb->so->so_rcv), 3191 pcb->tx_cred, pcb->rx_cred); 3192 } 3193 3194 return (error); 3195 } /* ng_btsocket_rfcomm_send_credits */ 3196 3197 /***************************************************************************** 3198 ***************************************************************************** 3199 ** RFCOMM DLCs 3200 ***************************************************************************** 3201 *****************************************************************************/ 3202 3203 /* 3204 * Send data from socket send buffer 3205 * Caller must hold pcb->pcb_mtx and pcb->session->session_mtx 3206 */ 3207 3208 static int 3209 ng_btsocket_rfcomm_pcb_send(ng_btsocket_rfcomm_pcb_p pcb, int limit) 3210 { 3211 struct mbuf *m = NULL; 3212 int sent, length, error; 3213 3214 mtx_assert(&pcb->session->session_mtx, MA_OWNED); 3215 mtx_assert(&pcb->pcb_mtx, MA_OWNED); 3216 3217 if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_CFC) 3218 limit = min(limit, pcb->tx_cred); 3219 else if (!(pcb->rmodem & RFCOMM_MODEM_FC)) 3220 limit = min(limit, RFCOMM_MAX_CREDITS); /* XXX ??? */ 3221 else 3222 limit = 0; 3223 3224 if (limit == 0) { 3225 NG_BTSOCKET_RFCOMM_INFO( 3226 "%s: Could not send - remote flow control asserted, dlci=%d, flags=%#x, " \ 3227 "rmodem=%#x, tx_cred=%d\n", 3228 __func__, pcb->dlci, pcb->flags, pcb->rmodem, 3229 pcb->tx_cred); 3230 3231 return (0); 3232 } 3233 3234 for (error = 0, sent = 0; sent < limit; sent ++) { 3235 length = min(pcb->mtu, pcb->so->so_snd.sb_cc); 3236 if (length == 0) 3237 break; 3238 3239 /* Get the chunk from the socket's send buffer */ 3240 m = ng_btsocket_rfcomm_prepare_packet(&pcb->so->so_snd, length); 3241 if (m == NULL) { 3242 error = ENOBUFS; 3243 break; 3244 } 3245 3246 sbdrop(&pcb->so->so_snd, length); 3247 3248 error = ng_btsocket_rfcomm_send_uih(pcb->session, 3249 RFCOMM_MKADDRESS(INITIATOR(pcb->session), 3250 pcb->dlci), 0, 0, m); 3251 if (error != 0) 3252 break; 3253 } 3254 3255 if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_CFC) 3256 pcb->tx_cred -= sent; 3257 3258 if (error == 0 && sent > 0) { 3259 pcb->flags &= ~NG_BTSOCKET_RFCOMM_DLC_SENDING; 3260 sowwakeup(pcb->so); 3261 } 3262 3263 return (error); 3264 } /* ng_btsocket_rfcomm_pcb_send */ 3265 3266 /* 3267 * Unlink and disconnect DLC. If ng_btsocket_rfcomm_pcb_kill() returns 3268 * non zero value than socket has no reference and has to be detached. 3269 * Caller must hold pcb->pcb_mtx and pcb->session->session_mtx 3270 */ 3271 3272 static void 3273 ng_btsocket_rfcomm_pcb_kill(ng_btsocket_rfcomm_pcb_p pcb, int error) 3274 { 3275 ng_btsocket_rfcomm_session_p s = pcb->session; 3276 3277 NG_BTSOCKET_RFCOMM_INFO( 3278 "%s: Killing DLC, so=%p, dlci=%d, state=%d, flags=%#x, error=%d\n", 3279 __func__, pcb->so, pcb->dlci, pcb->state, pcb->flags, error); 3280 3281 if (pcb->session == NULL) 3282 panic("%s: DLC without session, pcb=%p, state=%d, flags=%#x\n", 3283 __func__, pcb, pcb->state, pcb->flags); 3284 3285 mtx_assert(&pcb->session->session_mtx, MA_OWNED); 3286 mtx_assert(&pcb->pcb_mtx, MA_OWNED); 3287 3288 if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_TIMO) 3289 ng_btsocket_rfcomm_untimeout(pcb); 3290 3291 /* Detach DLC from the session. Does not matter which state DLC in */ 3292 LIST_REMOVE(pcb, session_next); 3293 pcb->session = NULL; 3294 3295 /* Change DLC state and wakeup all sleepers */ 3296 pcb->state = NG_BTSOCKET_RFCOMM_DLC_CLOSED; 3297 pcb->so->so_error = error; 3298 soisdisconnected(pcb->so); 3299 wakeup(&pcb->state); 3300 3301 /* Check if we have any DLCs left on the session */ 3302 if (LIST_EMPTY(&s->dlcs) && INITIATOR(s)) { 3303 NG_BTSOCKET_RFCOMM_INFO( 3304 "%s: Disconnecting session, state=%d, flags=%#x, mtu=%d\n", 3305 __func__, s->state, s->flags, s->mtu); 3306 3307 switch (s->state) { 3308 case NG_BTSOCKET_RFCOMM_SESSION_CLOSED: 3309 case NG_BTSOCKET_RFCOMM_SESSION_DISCONNECTING: 3310 /* 3311 * Do not have to do anything here. We can get here 3312 * when L2CAP connection was terminated or we have 3313 * received DISC on multiplexor channel 3314 */ 3315 break; 3316 3317 case NG_BTSOCKET_RFCOMM_SESSION_OPEN: 3318 /* Send DISC on multiplexor channel */ 3319 error = ng_btsocket_rfcomm_send_command(s, 3320 RFCOMM_FRAME_DISC, 0); 3321 if (error == 0) { 3322 s->state = NG_BTSOCKET_RFCOMM_SESSION_DISCONNECTING; 3323 break; 3324 } 3325 /* FALL THROUGH */ 3326 3327 case NG_BTSOCKET_RFCOMM_SESSION_CONNECTING: 3328 case NG_BTSOCKET_RFCOMM_SESSION_CONNECTED: 3329 s->state = NG_BTSOCKET_RFCOMM_SESSION_CLOSED; 3330 break; 3331 3332 /* case NG_BTSOCKET_RFCOMM_SESSION_LISTENING: */ 3333 default: 3334 panic("%s: Invalid session state=%d, flags=%#x\n", 3335 __func__, s->state, s->flags); 3336 break; 3337 } 3338 3339 ng_btsocket_rfcomm_task_wakeup(); 3340 } 3341 } /* ng_btsocket_rfcomm_pcb_kill */ 3342 3343 /* 3344 * Look for RFCOMM socket with given channel and source address 3345 */ 3346 3347 static ng_btsocket_rfcomm_pcb_p 3348 ng_btsocket_rfcomm_pcb_by_channel(bdaddr_p src, int channel) 3349 { 3350 ng_btsocket_rfcomm_pcb_p pcb = NULL; 3351 3352 mtx_lock(&ng_btsocket_rfcomm_sockets_mtx); 3353 3354 LIST_FOREACH(pcb, &ng_btsocket_rfcomm_sockets, next) 3355 if (pcb->channel == channel && 3356 bcmp(&pcb->src, src, sizeof(*src)) == 0) 3357 break; 3358 3359 mtx_unlock(&ng_btsocket_rfcomm_sockets_mtx); 3360 3361 return (pcb); 3362 } /* ng_btsocket_rfcomm_pcb_by_channel */ 3363 3364 /* 3365 * Look for given dlci for given RFCOMM session. Caller must hold s->session_mtx 3366 */ 3367 3368 static ng_btsocket_rfcomm_pcb_p 3369 ng_btsocket_rfcomm_pcb_by_dlci(ng_btsocket_rfcomm_session_p s, int dlci) 3370 { 3371 ng_btsocket_rfcomm_pcb_p pcb = NULL; 3372 3373 mtx_assert(&s->session_mtx, MA_OWNED); 3374 3375 LIST_FOREACH(pcb, &s->dlcs, session_next) 3376 if (pcb->dlci == dlci) 3377 break; 3378 3379 return (pcb); 3380 } /* ng_btsocket_rfcomm_pcb_by_dlci */ 3381 3382 /* 3383 * Look for socket that listens on given src address and given channel 3384 */ 3385 3386 static ng_btsocket_rfcomm_pcb_p 3387 ng_btsocket_rfcomm_pcb_listener(bdaddr_p src, int channel) 3388 { 3389 ng_btsocket_rfcomm_pcb_p pcb = NULL, pcb1 = NULL; 3390 3391 mtx_lock(&ng_btsocket_rfcomm_sockets_mtx); 3392 3393 LIST_FOREACH(pcb, &ng_btsocket_rfcomm_sockets, next) { 3394 if (pcb->channel != channel || 3395 !(pcb->so->so_options & SO_ACCEPTCONN)) 3396 continue; 3397 3398 if (bcmp(&pcb->src, src, sizeof(*src)) == 0) 3399 break; 3400 3401 if (bcmp(&pcb->src, NG_HCI_BDADDR_ANY, sizeof(bdaddr_t)) == 0) 3402 pcb1 = pcb; 3403 } 3404 3405 mtx_unlock(&ng_btsocket_rfcomm_sockets_mtx); 3406 3407 return ((pcb != NULL)? pcb : pcb1); 3408 } /* ng_btsocket_rfcomm_pcb_listener */ 3409 3410 /***************************************************************************** 3411 ***************************************************************************** 3412 ** Misc. functions 3413 ***************************************************************************** 3414 *****************************************************************************/ 3415 3416 /* 3417 * Set timeout. Caller MUST hold pcb_mtx 3418 */ 3419 3420 static void 3421 ng_btsocket_rfcomm_timeout(ng_btsocket_rfcomm_pcb_p pcb) 3422 { 3423 mtx_assert(&pcb->pcb_mtx, MA_OWNED); 3424 3425 if (!(pcb->flags & NG_BTSOCKET_RFCOMM_DLC_TIMO)) { 3426 pcb->flags |= NG_BTSOCKET_RFCOMM_DLC_TIMO; 3427 pcb->flags &= ~NG_BTSOCKET_RFCOMM_DLC_TIMEDOUT; 3428 pcb->timo = timeout(ng_btsocket_rfcomm_process_timeout, pcb, 3429 ng_btsocket_rfcomm_timo * hz); 3430 } else 3431 panic("%s: Duplicated socket timeout?!\n", __func__); 3432 } /* ng_btsocket_rfcomm_timeout */ 3433 3434 /* 3435 * Unset pcb timeout. Caller MUST hold pcb_mtx 3436 */ 3437 3438 static void 3439 ng_btsocket_rfcomm_untimeout(ng_btsocket_rfcomm_pcb_p pcb) 3440 { 3441 mtx_assert(&pcb->pcb_mtx, MA_OWNED); 3442 3443 if (pcb->flags & NG_BTSOCKET_RFCOMM_DLC_TIMO) { 3444 untimeout(ng_btsocket_rfcomm_process_timeout, pcb, pcb->timo); 3445 pcb->flags &= ~NG_BTSOCKET_RFCOMM_DLC_TIMO; 3446 pcb->flags &= ~NG_BTSOCKET_RFCOMM_DLC_TIMEDOUT; 3447 } else 3448 panic("%s: No socket timeout?!\n", __func__); 3449 } /* ng_btsocket_rfcomm_timeout */ 3450 3451 /* 3452 * Process pcb timeout 3453 */ 3454 3455 static void 3456 ng_btsocket_rfcomm_process_timeout(void *xpcb) 3457 { 3458 ng_btsocket_rfcomm_pcb_p pcb = (ng_btsocket_rfcomm_pcb_p) xpcb; 3459 3460 mtx_lock(&pcb->pcb_mtx); 3461 3462 NG_BTSOCKET_RFCOMM_INFO( 3463 "%s: Timeout, so=%p, dlci=%d, state=%d, flags=%#x\n", 3464 __func__, pcb->so, pcb->dlci, pcb->state, pcb->flags); 3465 3466 pcb->flags &= ~NG_BTSOCKET_RFCOMM_DLC_TIMO; 3467 pcb->flags |= NG_BTSOCKET_RFCOMM_DLC_TIMEDOUT; 3468 3469 switch (pcb->state) { 3470 case NG_BTSOCKET_RFCOMM_DLC_CONFIGURING: 3471 case NG_BTSOCKET_RFCOMM_DLC_CONNECTING: 3472 pcb->state = NG_BTSOCKET_RFCOMM_DLC_DISCONNECTING; 3473 break; 3474 3475 case NG_BTSOCKET_RFCOMM_DLC_W4_CONNECT: 3476 case NG_BTSOCKET_RFCOMM_DLC_DISCONNECTING: 3477 break; 3478 3479 default: 3480 panic( 3481 "%s: DLC timeout in invalid state, dlci=%d, state=%d, flags=%#x\n", 3482 __func__, pcb->dlci, pcb->state, pcb->flags); 3483 break; 3484 } 3485 3486 ng_btsocket_rfcomm_task_wakeup(); 3487 3488 mtx_unlock(&pcb->pcb_mtx); 3489 } /* ng_btsocket_rfcomm_process_timeout */ 3490 3491 /* 3492 * Get up to length bytes from the socket buffer 3493 */ 3494 3495 static struct mbuf * 3496 ng_btsocket_rfcomm_prepare_packet(struct sockbuf *sb, int length) 3497 { 3498 struct mbuf *top = NULL, *m = NULL, *n = NULL, *nextpkt = NULL; 3499 int mlen, noff, len; 3500 3501 MGETHDR(top, M_DONTWAIT, MT_DATA); 3502 if (top == NULL) 3503 return (NULL); 3504 3505 top->m_pkthdr.len = length; 3506 top->m_len = 0; 3507 mlen = MHLEN; 3508 3509 m = top; 3510 n = sb->sb_mb; 3511 nextpkt = n->m_nextpkt; 3512 noff = 0; 3513 3514 while (length > 0 && n != NULL) { 3515 len = min(mlen - m->m_len, n->m_len - noff); 3516 if (len > length) 3517 len = length; 3518 3519 bcopy(mtod(n, caddr_t)+noff, mtod(m, caddr_t)+m->m_len, len); 3520 m->m_len += len; 3521 noff += len; 3522 length -= len; 3523 3524 if (length > 0 && m->m_len == mlen) { 3525 MGET(m->m_next, M_DONTWAIT, MT_DATA); 3526 if (m->m_next == NULL) { 3527 NG_FREE_M(top); 3528 return (NULL); 3529 } 3530 3531 m = m->m_next; 3532 m->m_len = 0; 3533 mlen = MLEN; 3534 } 3535 3536 if (noff == n->m_len) { 3537 noff = 0; 3538 n = n->m_next; 3539 3540 if (n == NULL) 3541 n = nextpkt; 3542 3543 nextpkt = (n != NULL)? n->m_nextpkt : NULL; 3544 } 3545 } 3546 3547 if (length < 0) 3548 panic("%s: length=%d\n", __func__, length); 3549 if (length > 0 && n == NULL) 3550 panic("%s: bogus length=%d, n=%p\n", __func__, length, n); 3551 3552 return (top); 3553 } /* ng_btsocket_rfcomm_prepare_packet */ 3554 3555