xref: /linux/net/bluetooth/6lowpan.c (revision 80d443e8876602be2c130f79c4de81e12e2a700d)
1 /*
2    Copyright (c) 2013-2014 Intel Corp.
3 
4    This program is free software; you can redistribute it and/or modify
5    it under the terms of the GNU General Public License version 2 and
6    only version 2 as published by the Free Software Foundation.
7 
8    This program is distributed in the hope that it will be useful,
9    but WITHOUT ANY WARRANTY; without even the implied warranty of
10    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
11    GNU General Public License for more details.
12 */
13 
14 #include <linux/if_arp.h>
15 #include <linux/netdevice.h>
16 #include <linux/etherdevice.h>
17 #include <linux/module.h>
18 #include <linux/debugfs.h>
19 
20 #include <net/ipv6.h>
21 #include <net/ip6_route.h>
22 #include <net/addrconf.h>
23 
24 #include <net/bluetooth/bluetooth.h>
25 #include <net/bluetooth/hci_core.h>
26 #include <net/bluetooth/l2cap.h>
27 
28 #include <net/6lowpan.h> /* for the compression support */
29 
30 #define VERSION "0.1"
31 
32 static struct dentry *lowpan_enable_debugfs;
33 static struct dentry *lowpan_control_debugfs;
34 
35 #define IFACE_NAME_TEMPLATE "bt%d"
36 
37 struct skb_cb {
38 	struct in6_addr addr;
39 	struct in6_addr gw;
40 	struct l2cap_chan *chan;
41 	int status;
42 };
43 #define lowpan_cb(skb) ((struct skb_cb *)((skb)->cb))
44 
45 /* The devices list contains those devices that we are acting
46  * as a proxy. The BT 6LoWPAN device is a virtual device that
47  * connects to the Bluetooth LE device. The real connection to
48  * BT device is done via l2cap layer. There exists one
49  * virtual device / one BT 6LoWPAN network (=hciX device).
50  * The list contains struct lowpan_dev elements.
51  */
52 static LIST_HEAD(bt_6lowpan_devices);
53 static DEFINE_SPINLOCK(devices_lock);
54 
55 static bool enable_6lowpan;
56 
57 /* We are listening incoming connections via this channel
58  */
59 static struct l2cap_chan *listen_chan;
60 
61 struct lowpan_peer {
62 	struct list_head list;
63 	struct rcu_head rcu;
64 	struct l2cap_chan *chan;
65 
66 	/* peer addresses in various formats */
67 	unsigned char eui64_addr[EUI64_ADDR_LEN];
68 	struct in6_addr peer_addr;
69 };
70 
71 struct lowpan_btle_dev {
72 	struct list_head list;
73 
74 	struct hci_dev *hdev;
75 	struct net_device *netdev;
76 	struct list_head peers;
77 	atomic_t peer_count; /* number of items in peers list */
78 
79 	struct work_struct delete_netdev;
80 	struct delayed_work notify_peers;
81 };
82 
83 static inline struct lowpan_btle_dev *
84 lowpan_btle_dev(const struct net_device *netdev)
85 {
86 	return (struct lowpan_btle_dev *)lowpan_dev(netdev)->priv;
87 }
88 
89 static inline void peer_add(struct lowpan_btle_dev *dev,
90 			    struct lowpan_peer *peer)
91 {
92 	list_add_rcu(&peer->list, &dev->peers);
93 	atomic_inc(&dev->peer_count);
94 }
95 
96 static inline bool peer_del(struct lowpan_btle_dev *dev,
97 			    struct lowpan_peer *peer)
98 {
99 	list_del_rcu(&peer->list);
100 	kfree_rcu(peer, rcu);
101 
102 	module_put(THIS_MODULE);
103 
104 	if (atomic_dec_and_test(&dev->peer_count)) {
105 		BT_DBG("last peer");
106 		return true;
107 	}
108 
109 	return false;
110 }
111 
112 static inline struct lowpan_peer *peer_lookup_ba(struct lowpan_btle_dev *dev,
113 						 bdaddr_t *ba, __u8 type)
114 {
115 	struct lowpan_peer *peer;
116 
117 	BT_DBG("peers %d addr %pMR type %d", atomic_read(&dev->peer_count),
118 	       ba, type);
119 
120 	rcu_read_lock();
121 
122 	list_for_each_entry_rcu(peer, &dev->peers, list) {
123 		BT_DBG("dst addr %pMR dst type %d",
124 		       &peer->chan->dst, peer->chan->dst_type);
125 
126 		if (bacmp(&peer->chan->dst, ba))
127 			continue;
128 
129 		if (type == peer->chan->dst_type) {
130 			rcu_read_unlock();
131 			return peer;
132 		}
133 	}
134 
135 	rcu_read_unlock();
136 
137 	return NULL;
138 }
139 
140 static inline struct lowpan_peer *
141 __peer_lookup_chan(struct lowpan_btle_dev *dev, struct l2cap_chan *chan)
142 {
143 	struct lowpan_peer *peer;
144 
145 	list_for_each_entry_rcu(peer, &dev->peers, list) {
146 		if (peer->chan == chan)
147 			return peer;
148 	}
149 
150 	return NULL;
151 }
152 
153 static inline struct lowpan_peer *
154 __peer_lookup_conn(struct lowpan_btle_dev *dev, struct l2cap_conn *conn)
155 {
156 	struct lowpan_peer *peer;
157 
158 	list_for_each_entry_rcu(peer, &dev->peers, list) {
159 		if (peer->chan->conn == conn)
160 			return peer;
161 	}
162 
163 	return NULL;
164 }
165 
166 static inline struct lowpan_peer *peer_lookup_dst(struct lowpan_btle_dev *dev,
167 						  struct in6_addr *daddr,
168 						  struct sk_buff *skb)
169 {
170 	struct lowpan_peer *peer;
171 	struct in6_addr *nexthop;
172 	struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
173 	int count = atomic_read(&dev->peer_count);
174 
175 	BT_DBG("peers %d addr %pI6c rt %p", count, daddr, rt);
176 
177 	/* If we have multiple 6lowpan peers, then check where we should
178 	 * send the packet. If only one peer exists, then we can send the
179 	 * packet right away.
180 	 */
181 	if (count == 1) {
182 		rcu_read_lock();
183 		peer = list_first_or_null_rcu(&dev->peers, struct lowpan_peer,
184 					      list);
185 		rcu_read_unlock();
186 		return peer;
187 	}
188 
189 	if (!rt) {
190 		nexthop = &lowpan_cb(skb)->gw;
191 
192 		if (ipv6_addr_any(nexthop))
193 			return NULL;
194 	} else {
195 		nexthop = rt6_nexthop(rt, daddr);
196 
197 		/* We need to remember the address because it is needed
198 		 * by bt_xmit() when sending the packet. In bt_xmit(), the
199 		 * destination routing info is not set.
200 		 */
201 		memcpy(&lowpan_cb(skb)->gw, nexthop, sizeof(struct in6_addr));
202 	}
203 
204 	BT_DBG("gw %pI6c", nexthop);
205 
206 	rcu_read_lock();
207 
208 	list_for_each_entry_rcu(peer, &dev->peers, list) {
209 		BT_DBG("dst addr %pMR dst type %d ip %pI6c",
210 		       &peer->chan->dst, peer->chan->dst_type,
211 		       &peer->peer_addr);
212 
213 		if (!ipv6_addr_cmp(&peer->peer_addr, nexthop)) {
214 			rcu_read_unlock();
215 			return peer;
216 		}
217 	}
218 
219 	rcu_read_unlock();
220 
221 	return NULL;
222 }
223 
224 static struct lowpan_peer *lookup_peer(struct l2cap_conn *conn)
225 {
226 	struct lowpan_btle_dev *entry;
227 	struct lowpan_peer *peer = NULL;
228 
229 	rcu_read_lock();
230 
231 	list_for_each_entry_rcu(entry, &bt_6lowpan_devices, list) {
232 		peer = __peer_lookup_conn(entry, conn);
233 		if (peer)
234 			break;
235 	}
236 
237 	rcu_read_unlock();
238 
239 	return peer;
240 }
241 
242 static struct lowpan_btle_dev *lookup_dev(struct l2cap_conn *conn)
243 {
244 	struct lowpan_btle_dev *entry;
245 	struct lowpan_btle_dev *dev = NULL;
246 
247 	rcu_read_lock();
248 
249 	list_for_each_entry_rcu(entry, &bt_6lowpan_devices, list) {
250 		if (conn->hcon->hdev == entry->hdev) {
251 			dev = entry;
252 			break;
253 		}
254 	}
255 
256 	rcu_read_unlock();
257 
258 	return dev;
259 }
260 
261 static int give_skb_to_upper(struct sk_buff *skb, struct net_device *dev)
262 {
263 	struct sk_buff *skb_cp;
264 
265 	skb_cp = skb_copy(skb, GFP_ATOMIC);
266 	if (!skb_cp)
267 		return NET_RX_DROP;
268 
269 	return netif_rx_ni(skb_cp);
270 }
271 
272 static int iphc_decompress(struct sk_buff *skb, struct net_device *netdev,
273 			   struct l2cap_chan *chan)
274 {
275 	const u8 *saddr, *daddr;
276 	struct lowpan_btle_dev *dev;
277 	struct lowpan_peer *peer;
278 
279 	dev = lowpan_btle_dev(netdev);
280 
281 	rcu_read_lock();
282 	peer = __peer_lookup_chan(dev, chan);
283 	rcu_read_unlock();
284 	if (!peer)
285 		return -EINVAL;
286 
287 	saddr = peer->eui64_addr;
288 	daddr = dev->netdev->dev_addr;
289 
290 	return lowpan_header_decompress(skb, netdev, daddr, saddr);
291 }
292 
293 static int recv_pkt(struct sk_buff *skb, struct net_device *dev,
294 		    struct l2cap_chan *chan)
295 {
296 	struct sk_buff *local_skb;
297 	int ret;
298 
299 	if (!netif_running(dev))
300 		goto drop;
301 
302 	if (dev->type != ARPHRD_6LOWPAN || !skb->len)
303 		goto drop;
304 
305 	skb_reset_network_header(skb);
306 
307 	skb = skb_share_check(skb, GFP_ATOMIC);
308 	if (!skb)
309 		goto drop;
310 
311 	/* check that it's our buffer */
312 	if (lowpan_is_ipv6(*skb_network_header(skb))) {
313 		/* Pull off the 1-byte of 6lowpan header. */
314 		skb_pull(skb, 1);
315 
316 		/* Copy the packet so that the IPv6 header is
317 		 * properly aligned.
318 		 */
319 		local_skb = skb_copy_expand(skb, NET_SKB_PAD - 1,
320 					    skb_tailroom(skb), GFP_ATOMIC);
321 		if (!local_skb)
322 			goto drop;
323 
324 		local_skb->protocol = htons(ETH_P_IPV6);
325 		local_skb->pkt_type = PACKET_HOST;
326 		local_skb->dev = dev;
327 
328 		skb_set_transport_header(local_skb, sizeof(struct ipv6hdr));
329 
330 		if (give_skb_to_upper(local_skb, dev) != NET_RX_SUCCESS) {
331 			kfree_skb(local_skb);
332 			goto drop;
333 		}
334 
335 		dev->stats.rx_bytes += skb->len;
336 		dev->stats.rx_packets++;
337 
338 		consume_skb(local_skb);
339 		consume_skb(skb);
340 	} else if (lowpan_is_iphc(*skb_network_header(skb))) {
341 		local_skb = skb_clone(skb, GFP_ATOMIC);
342 		if (!local_skb)
343 			goto drop;
344 
345 		local_skb->dev = dev;
346 
347 		ret = iphc_decompress(local_skb, dev, chan);
348 		if (ret < 0) {
349 			kfree_skb(local_skb);
350 			goto drop;
351 		}
352 
353 		local_skb->protocol = htons(ETH_P_IPV6);
354 		local_skb->pkt_type = PACKET_HOST;
355 
356 		if (give_skb_to_upper(local_skb, dev)
357 				!= NET_RX_SUCCESS) {
358 			kfree_skb(local_skb);
359 			goto drop;
360 		}
361 
362 		dev->stats.rx_bytes += skb->len;
363 		dev->stats.rx_packets++;
364 
365 		consume_skb(local_skb);
366 		consume_skb(skb);
367 	} else {
368 		goto drop;
369 	}
370 
371 	return NET_RX_SUCCESS;
372 
373 drop:
374 	dev->stats.rx_dropped++;
375 	return NET_RX_DROP;
376 }
377 
378 /* Packet from BT LE device */
379 static int chan_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
380 {
381 	struct lowpan_btle_dev *dev;
382 	struct lowpan_peer *peer;
383 	int err;
384 
385 	peer = lookup_peer(chan->conn);
386 	if (!peer)
387 		return -ENOENT;
388 
389 	dev = lookup_dev(chan->conn);
390 	if (!dev || !dev->netdev)
391 		return -ENOENT;
392 
393 	err = recv_pkt(skb, dev->netdev, chan);
394 	if (err) {
395 		BT_DBG("recv pkt %d", err);
396 		err = -EAGAIN;
397 	}
398 
399 	return err;
400 }
401 
402 static u8 get_addr_type_from_eui64(u8 byte)
403 {
404 	/* Is universal(0) or local(1) bit */
405 	return ((byte & 0x02) ? BDADDR_LE_RANDOM : BDADDR_LE_PUBLIC);
406 }
407 
408 static void copy_to_bdaddr(struct in6_addr *ip6_daddr, bdaddr_t *addr)
409 {
410 	u8 *eui64 = ip6_daddr->s6_addr + 8;
411 
412 	addr->b[0] = eui64[7];
413 	addr->b[1] = eui64[6];
414 	addr->b[2] = eui64[5];
415 	addr->b[3] = eui64[2];
416 	addr->b[4] = eui64[1];
417 	addr->b[5] = eui64[0];
418 }
419 
420 static void convert_dest_bdaddr(struct in6_addr *ip6_daddr,
421 				bdaddr_t *addr, u8 *addr_type)
422 {
423 	copy_to_bdaddr(ip6_daddr, addr);
424 
425 	/* We need to toggle the U/L bit that we got from IPv6 address
426 	 * so that we get the proper address and type of the BD address.
427 	 */
428 	addr->b[5] ^= 0x02;
429 
430 	*addr_type = get_addr_type_from_eui64(addr->b[5]);
431 }
432 
433 static int setup_header(struct sk_buff *skb, struct net_device *netdev,
434 			bdaddr_t *peer_addr, u8 *peer_addr_type)
435 {
436 	struct in6_addr ipv6_daddr;
437 	struct ipv6hdr *hdr;
438 	struct lowpan_btle_dev *dev;
439 	struct lowpan_peer *peer;
440 	bdaddr_t addr, *any = BDADDR_ANY;
441 	u8 *daddr = any->b;
442 	int err, status = 0;
443 
444 	hdr = ipv6_hdr(skb);
445 
446 	dev = lowpan_btle_dev(netdev);
447 
448 	memcpy(&ipv6_daddr, &hdr->daddr, sizeof(ipv6_daddr));
449 
450 	if (ipv6_addr_is_multicast(&ipv6_daddr)) {
451 		lowpan_cb(skb)->chan = NULL;
452 	} else {
453 		u8 addr_type;
454 
455 		/* Get destination BT device from skb.
456 		 * If there is no such peer then discard the packet.
457 		 */
458 		convert_dest_bdaddr(&ipv6_daddr, &addr, &addr_type);
459 
460 		BT_DBG("dest addr %pMR type %d IP %pI6c", &addr,
461 		       addr_type, &ipv6_daddr);
462 
463 		peer = peer_lookup_ba(dev, &addr, addr_type);
464 		if (!peer) {
465 			/* The packet might be sent to 6lowpan interface
466 			 * because of routing (either via default route
467 			 * or user set route) so get peer according to
468 			 * the destination address.
469 			 */
470 			peer = peer_lookup_dst(dev, &ipv6_daddr, skb);
471 			if (!peer) {
472 				BT_DBG("no such peer %pMR found", &addr);
473 				return -ENOENT;
474 			}
475 		}
476 
477 		daddr = peer->eui64_addr;
478 		*peer_addr = addr;
479 		*peer_addr_type = addr_type;
480 		lowpan_cb(skb)->chan = peer->chan;
481 
482 		status = 1;
483 	}
484 
485 	lowpan_header_compress(skb, netdev, daddr, dev->netdev->dev_addr);
486 
487 	err = dev_hard_header(skb, netdev, ETH_P_IPV6, NULL, NULL, 0);
488 	if (err < 0)
489 		return err;
490 
491 	return status;
492 }
493 
494 static int header_create(struct sk_buff *skb, struct net_device *netdev,
495 			 unsigned short type, const void *_daddr,
496 			 const void *_saddr, unsigned int len)
497 {
498 	if (type != ETH_P_IPV6)
499 		return -EINVAL;
500 
501 	return 0;
502 }
503 
504 /* Packet to BT LE device */
505 static int send_pkt(struct l2cap_chan *chan, struct sk_buff *skb,
506 		    struct net_device *netdev)
507 {
508 	struct msghdr msg;
509 	struct kvec iv;
510 	int err;
511 
512 	/* Remember the skb so that we can send EAGAIN to the caller if
513 	 * we run out of credits.
514 	 */
515 	chan->data = skb;
516 
517 	iv.iov_base = skb->data;
518 	iv.iov_len = skb->len;
519 
520 	memset(&msg, 0, sizeof(msg));
521 	iov_iter_kvec(&msg.msg_iter, WRITE | ITER_KVEC, &iv, 1, skb->len);
522 
523 	err = l2cap_chan_send(chan, &msg, skb->len);
524 	if (err > 0) {
525 		netdev->stats.tx_bytes += err;
526 		netdev->stats.tx_packets++;
527 		return 0;
528 	}
529 
530 	if (!err)
531 		err = lowpan_cb(skb)->status;
532 
533 	if (err < 0) {
534 		if (err == -EAGAIN)
535 			netdev->stats.tx_dropped++;
536 		else
537 			netdev->stats.tx_errors++;
538 	}
539 
540 	return err;
541 }
542 
543 static int send_mcast_pkt(struct sk_buff *skb, struct net_device *netdev)
544 {
545 	struct sk_buff *local_skb;
546 	struct lowpan_btle_dev *entry;
547 	int err = 0;
548 
549 	rcu_read_lock();
550 
551 	list_for_each_entry_rcu(entry, &bt_6lowpan_devices, list) {
552 		struct lowpan_peer *pentry;
553 		struct lowpan_btle_dev *dev;
554 
555 		if (entry->netdev != netdev)
556 			continue;
557 
558 		dev = lowpan_btle_dev(entry->netdev);
559 
560 		list_for_each_entry_rcu(pentry, &dev->peers, list) {
561 			int ret;
562 
563 			local_skb = skb_clone(skb, GFP_ATOMIC);
564 
565 			BT_DBG("xmit %s to %pMR type %d IP %pI6c chan %p",
566 			       netdev->name,
567 			       &pentry->chan->dst, pentry->chan->dst_type,
568 			       &pentry->peer_addr, pentry->chan);
569 			ret = send_pkt(pentry->chan, local_skb, netdev);
570 			if (ret < 0)
571 				err = ret;
572 
573 			kfree_skb(local_skb);
574 		}
575 	}
576 
577 	rcu_read_unlock();
578 
579 	return err;
580 }
581 
582 static netdev_tx_t bt_xmit(struct sk_buff *skb, struct net_device *netdev)
583 {
584 	int err = 0;
585 	bdaddr_t addr;
586 	u8 addr_type;
587 
588 	/* We must take a copy of the skb before we modify/replace the ipv6
589 	 * header as the header could be used elsewhere
590 	 */
591 	skb = skb_unshare(skb, GFP_ATOMIC);
592 	if (!skb)
593 		return NET_XMIT_DROP;
594 
595 	/* Return values from setup_header()
596 	 *  <0 - error, packet is dropped
597 	 *   0 - this is a multicast packet
598 	 *   1 - this is unicast packet
599 	 */
600 	err = setup_header(skb, netdev, &addr, &addr_type);
601 	if (err < 0) {
602 		kfree_skb(skb);
603 		return NET_XMIT_DROP;
604 	}
605 
606 	if (err) {
607 		if (lowpan_cb(skb)->chan) {
608 			BT_DBG("xmit %s to %pMR type %d IP %pI6c chan %p",
609 			       netdev->name, &addr, addr_type,
610 			       &lowpan_cb(skb)->addr, lowpan_cb(skb)->chan);
611 			err = send_pkt(lowpan_cb(skb)->chan, skb, netdev);
612 		} else {
613 			err = -ENOENT;
614 		}
615 	} else {
616 		/* We need to send the packet to every device behind this
617 		 * interface.
618 		 */
619 		err = send_mcast_pkt(skb, netdev);
620 	}
621 
622 	dev_kfree_skb(skb);
623 
624 	if (err)
625 		BT_DBG("ERROR: xmit failed (%d)", err);
626 
627 	return err < 0 ? NET_XMIT_DROP : err;
628 }
629 
630 static int bt_dev_init(struct net_device *dev)
631 {
632 	netdev_lockdep_set_classes(dev);
633 
634 	return 0;
635 }
636 
637 static const struct net_device_ops netdev_ops = {
638 	.ndo_init		= bt_dev_init,
639 	.ndo_start_xmit		= bt_xmit,
640 };
641 
642 static struct header_ops header_ops = {
643 	.create	= header_create,
644 };
645 
646 static void netdev_setup(struct net_device *dev)
647 {
648 	dev->hard_header_len	= 0;
649 	dev->needed_tailroom	= 0;
650 	dev->flags		= IFF_RUNNING | IFF_POINTOPOINT |
651 				  IFF_MULTICAST;
652 	dev->watchdog_timeo	= 0;
653 
654 	dev->netdev_ops		= &netdev_ops;
655 	dev->header_ops		= &header_ops;
656 	dev->destructor		= free_netdev;
657 }
658 
659 static struct device_type bt_type = {
660 	.name	= "bluetooth",
661 };
662 
663 static void set_addr(u8 *eui, u8 *addr, u8 addr_type)
664 {
665 	/* addr is the BT address in little-endian format */
666 	eui[0] = addr[5];
667 	eui[1] = addr[4];
668 	eui[2] = addr[3];
669 	eui[3] = 0xFF;
670 	eui[4] = 0xFE;
671 	eui[5] = addr[2];
672 	eui[6] = addr[1];
673 	eui[7] = addr[0];
674 
675 	/* Universal/local bit set, BT 6lowpan draft ch. 3.2.1 */
676 	if (addr_type == BDADDR_LE_PUBLIC)
677 		eui[0] &= ~0x02;
678 	else
679 		eui[0] |= 0x02;
680 
681 	BT_DBG("type %d addr %*phC", addr_type, 8, eui);
682 }
683 
684 static void set_dev_addr(struct net_device *netdev, bdaddr_t *addr,
685 		         u8 addr_type)
686 {
687 	netdev->addr_assign_type = NET_ADDR_PERM;
688 	set_addr(netdev->dev_addr, addr->b, addr_type);
689 }
690 
691 static void ifup(struct net_device *netdev)
692 {
693 	int err;
694 
695 	rtnl_lock();
696 	err = dev_open(netdev);
697 	if (err < 0)
698 		BT_INFO("iface %s cannot be opened (%d)", netdev->name, err);
699 	rtnl_unlock();
700 }
701 
702 static void ifdown(struct net_device *netdev)
703 {
704 	int err;
705 
706 	rtnl_lock();
707 	err = dev_close(netdev);
708 	if (err < 0)
709 		BT_INFO("iface %s cannot be closed (%d)", netdev->name, err);
710 	rtnl_unlock();
711 }
712 
713 static void do_notify_peers(struct work_struct *work)
714 {
715 	struct lowpan_btle_dev *dev = container_of(work, struct lowpan_btle_dev,
716 						   notify_peers.work);
717 
718 	netdev_notify_peers(dev->netdev); /* send neighbour adv at startup */
719 }
720 
721 static bool is_bt_6lowpan(struct hci_conn *hcon)
722 {
723 	if (hcon->type != LE_LINK)
724 		return false;
725 
726 	if (!enable_6lowpan)
727 		return false;
728 
729 	return true;
730 }
731 
732 static struct l2cap_chan *chan_create(void)
733 {
734 	struct l2cap_chan *chan;
735 
736 	chan = l2cap_chan_create();
737 	if (!chan)
738 		return NULL;
739 
740 	l2cap_chan_set_defaults(chan);
741 
742 	chan->chan_type = L2CAP_CHAN_CONN_ORIENTED;
743 	chan->mode = L2CAP_MODE_LE_FLOWCTL;
744 	chan->imtu = 1280;
745 
746 	return chan;
747 }
748 
749 static void set_ip_addr_bits(u8 addr_type, u8 *addr)
750 {
751 	if (addr_type == BDADDR_LE_PUBLIC)
752 		*addr |= 0x02;
753 	else
754 		*addr &= ~0x02;
755 }
756 
757 static struct l2cap_chan *add_peer_chan(struct l2cap_chan *chan,
758 					struct lowpan_btle_dev *dev)
759 {
760 	struct lowpan_peer *peer;
761 
762 	peer = kzalloc(sizeof(*peer), GFP_ATOMIC);
763 	if (!peer)
764 		return NULL;
765 
766 	peer->chan = chan;
767 	memset(&peer->peer_addr, 0, sizeof(struct in6_addr));
768 
769 	/* RFC 2464 ch. 5 */
770 	peer->peer_addr.s6_addr[0] = 0xFE;
771 	peer->peer_addr.s6_addr[1] = 0x80;
772 	set_addr((u8 *)&peer->peer_addr.s6_addr + 8, chan->dst.b,
773 		 chan->dst_type);
774 
775 	memcpy(&peer->eui64_addr, (u8 *)&peer->peer_addr.s6_addr + 8,
776 	       EUI64_ADDR_LEN);
777 
778 	/* IPv6 address needs to have the U/L bit set properly so toggle
779 	 * it back here.
780 	 */
781 	set_ip_addr_bits(chan->dst_type, (u8 *)&peer->peer_addr.s6_addr + 8);
782 
783 	spin_lock(&devices_lock);
784 	INIT_LIST_HEAD(&peer->list);
785 	peer_add(dev, peer);
786 	spin_unlock(&devices_lock);
787 
788 	/* Notifying peers about us needs to be done without locks held */
789 	INIT_DELAYED_WORK(&dev->notify_peers, do_notify_peers);
790 	schedule_delayed_work(&dev->notify_peers, msecs_to_jiffies(100));
791 
792 	return peer->chan;
793 }
794 
795 static int setup_netdev(struct l2cap_chan *chan, struct lowpan_btle_dev **dev)
796 {
797 	struct net_device *netdev;
798 	int err = 0;
799 
800 	netdev = alloc_netdev(LOWPAN_PRIV_SIZE(sizeof(struct lowpan_btle_dev)),
801 			      IFACE_NAME_TEMPLATE, NET_NAME_UNKNOWN,
802 			      netdev_setup);
803 	if (!netdev)
804 		return -ENOMEM;
805 
806 	set_dev_addr(netdev, &chan->src, chan->src_type);
807 
808 	netdev->netdev_ops = &netdev_ops;
809 	SET_NETDEV_DEV(netdev, &chan->conn->hcon->hdev->dev);
810 	SET_NETDEV_DEVTYPE(netdev, &bt_type);
811 
812 	*dev = lowpan_btle_dev(netdev);
813 	(*dev)->netdev = netdev;
814 	(*dev)->hdev = chan->conn->hcon->hdev;
815 	INIT_LIST_HEAD(&(*dev)->peers);
816 
817 	spin_lock(&devices_lock);
818 	INIT_LIST_HEAD(&(*dev)->list);
819 	list_add_rcu(&(*dev)->list, &bt_6lowpan_devices);
820 	spin_unlock(&devices_lock);
821 
822 	err = lowpan_register_netdev(netdev, LOWPAN_LLTYPE_BTLE);
823 	if (err < 0) {
824 		BT_INFO("register_netdev failed %d", err);
825 		spin_lock(&devices_lock);
826 		list_del_rcu(&(*dev)->list);
827 		spin_unlock(&devices_lock);
828 		free_netdev(netdev);
829 		goto out;
830 	}
831 
832 	BT_DBG("ifindex %d peer bdaddr %pMR type %d my addr %pMR type %d",
833 	       netdev->ifindex, &chan->dst, chan->dst_type,
834 	       &chan->src, chan->src_type);
835 	set_bit(__LINK_STATE_PRESENT, &netdev->state);
836 
837 	return 0;
838 
839 out:
840 	return err;
841 }
842 
843 static inline void chan_ready_cb(struct l2cap_chan *chan)
844 {
845 	struct lowpan_btle_dev *dev;
846 
847 	dev = lookup_dev(chan->conn);
848 
849 	BT_DBG("chan %p conn %p dev %p", chan, chan->conn, dev);
850 
851 	if (!dev) {
852 		if (setup_netdev(chan, &dev) < 0) {
853 			l2cap_chan_del(chan, -ENOENT);
854 			return;
855 		}
856 	}
857 
858 	if (!try_module_get(THIS_MODULE))
859 		return;
860 
861 	add_peer_chan(chan, dev);
862 	ifup(dev->netdev);
863 }
864 
865 static inline struct l2cap_chan *chan_new_conn_cb(struct l2cap_chan *pchan)
866 {
867 	struct l2cap_chan *chan;
868 
869 	chan = chan_create();
870 	if (!chan)
871 		return NULL;
872 
873 	chan->ops = pchan->ops;
874 
875 	BT_DBG("chan %p pchan %p", chan, pchan);
876 
877 	return chan;
878 }
879 
880 static void delete_netdev(struct work_struct *work)
881 {
882 	struct lowpan_btle_dev *entry = container_of(work,
883 						     struct lowpan_btle_dev,
884 						     delete_netdev);
885 
886 	lowpan_unregister_netdev(entry->netdev);
887 
888 	/* The entry pointer is deleted by the netdev destructor. */
889 }
890 
891 static void chan_close_cb(struct l2cap_chan *chan)
892 {
893 	struct lowpan_btle_dev *entry;
894 	struct lowpan_btle_dev *dev = NULL;
895 	struct lowpan_peer *peer;
896 	int err = -ENOENT;
897 	bool last = false, remove = true;
898 
899 	BT_DBG("chan %p conn %p", chan, chan->conn);
900 
901 	if (chan->conn && chan->conn->hcon) {
902 		if (!is_bt_6lowpan(chan->conn->hcon))
903 			return;
904 
905 		/* If conn is set, then the netdev is also there and we should
906 		 * not remove it.
907 		 */
908 		remove = false;
909 	}
910 
911 	spin_lock(&devices_lock);
912 
913 	list_for_each_entry_rcu(entry, &bt_6lowpan_devices, list) {
914 		dev = lowpan_btle_dev(entry->netdev);
915 		peer = __peer_lookup_chan(dev, chan);
916 		if (peer) {
917 			last = peer_del(dev, peer);
918 			err = 0;
919 
920 			BT_DBG("dev %p removing %speer %p", dev,
921 			       last ? "last " : "1 ", peer);
922 			BT_DBG("chan %p orig refcnt %d", chan,
923 			       atomic_read(&chan->kref.refcount));
924 
925 			l2cap_chan_put(chan);
926 			break;
927 		}
928 	}
929 
930 	if (!err && last && dev && !atomic_read(&dev->peer_count)) {
931 		spin_unlock(&devices_lock);
932 
933 		cancel_delayed_work_sync(&dev->notify_peers);
934 
935 		ifdown(dev->netdev);
936 
937 		if (remove) {
938 			INIT_WORK(&entry->delete_netdev, delete_netdev);
939 			schedule_work(&entry->delete_netdev);
940 		}
941 	} else {
942 		spin_unlock(&devices_lock);
943 	}
944 
945 	return;
946 }
947 
948 static void chan_state_change_cb(struct l2cap_chan *chan, int state, int err)
949 {
950 	BT_DBG("chan %p conn %p state %s err %d", chan, chan->conn,
951 	       state_to_string(state), err);
952 }
953 
954 static struct sk_buff *chan_alloc_skb_cb(struct l2cap_chan *chan,
955 					 unsigned long hdr_len,
956 					 unsigned long len, int nb)
957 {
958 	/* Note that we must allocate using GFP_ATOMIC here as
959 	 * this function is called originally from netdev hard xmit
960 	 * function in atomic context.
961 	 */
962 	return bt_skb_alloc(hdr_len + len, GFP_ATOMIC);
963 }
964 
965 static void chan_suspend_cb(struct l2cap_chan *chan)
966 {
967 	struct sk_buff *skb = chan->data;
968 
969 	BT_DBG("chan %p conn %p skb %p", chan, chan->conn, skb);
970 
971 	if (!skb)
972 		return;
973 
974 	lowpan_cb(skb)->status = -EAGAIN;
975 }
976 
977 static void chan_resume_cb(struct l2cap_chan *chan)
978 {
979 	struct sk_buff *skb = chan->data;
980 
981 	BT_DBG("chan %p conn %p skb %p", chan, chan->conn, skb);
982 
983 	if (!skb)
984 		return;
985 
986 	lowpan_cb(skb)->status = 0;
987 }
988 
989 static long chan_get_sndtimeo_cb(struct l2cap_chan *chan)
990 {
991 	return L2CAP_CONN_TIMEOUT;
992 }
993 
994 static const struct l2cap_ops bt_6lowpan_chan_ops = {
995 	.name			= "L2CAP 6LoWPAN channel",
996 	.new_connection		= chan_new_conn_cb,
997 	.recv			= chan_recv_cb,
998 	.close			= chan_close_cb,
999 	.state_change		= chan_state_change_cb,
1000 	.ready			= chan_ready_cb,
1001 	.resume			= chan_resume_cb,
1002 	.suspend		= chan_suspend_cb,
1003 	.get_sndtimeo		= chan_get_sndtimeo_cb,
1004 	.alloc_skb		= chan_alloc_skb_cb,
1005 
1006 	.teardown		= l2cap_chan_no_teardown,
1007 	.defer			= l2cap_chan_no_defer,
1008 	.set_shutdown		= l2cap_chan_no_set_shutdown,
1009 };
1010 
1011 static inline __u8 bdaddr_type(__u8 type)
1012 {
1013 	if (type == ADDR_LE_DEV_PUBLIC)
1014 		return BDADDR_LE_PUBLIC;
1015 	else
1016 		return BDADDR_LE_RANDOM;
1017 }
1018 
1019 static int bt_6lowpan_connect(bdaddr_t *addr, u8 dst_type)
1020 {
1021 	struct l2cap_chan *chan;
1022 	int err;
1023 
1024 	chan = chan_create();
1025 	if (!chan)
1026 		return -EINVAL;
1027 
1028 	chan->ops = &bt_6lowpan_chan_ops;
1029 
1030 	err = l2cap_chan_connect(chan, cpu_to_le16(L2CAP_PSM_IPSP), 0,
1031 				 addr, dst_type);
1032 
1033 	BT_DBG("chan %p err %d", chan, err);
1034 	if (err < 0)
1035 		l2cap_chan_put(chan);
1036 
1037 	return err;
1038 }
1039 
1040 static int bt_6lowpan_disconnect(struct l2cap_conn *conn, u8 dst_type)
1041 {
1042 	struct lowpan_peer *peer;
1043 
1044 	BT_DBG("conn %p dst type %d", conn, dst_type);
1045 
1046 	peer = lookup_peer(conn);
1047 	if (!peer)
1048 		return -ENOENT;
1049 
1050 	BT_DBG("peer %p chan %p", peer, peer->chan);
1051 
1052 	l2cap_chan_close(peer->chan, ENOENT);
1053 
1054 	return 0;
1055 }
1056 
1057 static struct l2cap_chan *bt_6lowpan_listen(void)
1058 {
1059 	bdaddr_t *addr = BDADDR_ANY;
1060 	struct l2cap_chan *chan;
1061 	int err;
1062 
1063 	if (!enable_6lowpan)
1064 		return NULL;
1065 
1066 	chan = chan_create();
1067 	if (!chan)
1068 		return NULL;
1069 
1070 	chan->ops = &bt_6lowpan_chan_ops;
1071 	chan->state = BT_LISTEN;
1072 	chan->src_type = BDADDR_LE_PUBLIC;
1073 
1074 	atomic_set(&chan->nesting, L2CAP_NESTING_PARENT);
1075 
1076 	BT_DBG("chan %p src type %d", chan, chan->src_type);
1077 
1078 	err = l2cap_add_psm(chan, addr, cpu_to_le16(L2CAP_PSM_IPSP));
1079 	if (err) {
1080 		l2cap_chan_put(chan);
1081 		BT_ERR("psm cannot be added err %d", err);
1082 		return NULL;
1083 	}
1084 
1085 	return chan;
1086 }
1087 
1088 static int get_l2cap_conn(char *buf, bdaddr_t *addr, u8 *addr_type,
1089 			  struct l2cap_conn **conn)
1090 {
1091 	struct hci_conn *hcon;
1092 	struct hci_dev *hdev;
1093 	int n;
1094 
1095 	n = sscanf(buf, "%hhx:%hhx:%hhx:%hhx:%hhx:%hhx %hhu",
1096 		   &addr->b[5], &addr->b[4], &addr->b[3],
1097 		   &addr->b[2], &addr->b[1], &addr->b[0],
1098 		   addr_type);
1099 
1100 	if (n < 7)
1101 		return -EINVAL;
1102 
1103 	/* The LE_PUBLIC address type is ignored because of BDADDR_ANY */
1104 	hdev = hci_get_route(addr, BDADDR_ANY, BDADDR_LE_PUBLIC);
1105 	if (!hdev)
1106 		return -ENOENT;
1107 
1108 	hci_dev_lock(hdev);
1109 	hcon = hci_conn_hash_lookup_le(hdev, addr, *addr_type);
1110 	hci_dev_unlock(hdev);
1111 
1112 	if (!hcon)
1113 		return -ENOENT;
1114 
1115 	*conn = (struct l2cap_conn *)hcon->l2cap_data;
1116 
1117 	BT_DBG("conn %p dst %pMR type %d", *conn, &hcon->dst, hcon->dst_type);
1118 
1119 	return 0;
1120 }
1121 
1122 static void disconnect_all_peers(void)
1123 {
1124 	struct lowpan_btle_dev *entry;
1125 	struct lowpan_peer *peer, *tmp_peer, *new_peer;
1126 	struct list_head peers;
1127 
1128 	INIT_LIST_HEAD(&peers);
1129 
1130 	/* We make a separate list of peers as the close_cb() will
1131 	 * modify the device peers list so it is better not to mess
1132 	 * with the same list at the same time.
1133 	 */
1134 
1135 	rcu_read_lock();
1136 
1137 	list_for_each_entry_rcu(entry, &bt_6lowpan_devices, list) {
1138 		list_for_each_entry_rcu(peer, &entry->peers, list) {
1139 			new_peer = kmalloc(sizeof(*new_peer), GFP_ATOMIC);
1140 			if (!new_peer)
1141 				break;
1142 
1143 			new_peer->chan = peer->chan;
1144 			INIT_LIST_HEAD(&new_peer->list);
1145 
1146 			list_add(&new_peer->list, &peers);
1147 		}
1148 	}
1149 
1150 	rcu_read_unlock();
1151 
1152 	spin_lock(&devices_lock);
1153 	list_for_each_entry_safe(peer, tmp_peer, &peers, list) {
1154 		l2cap_chan_close(peer->chan, ENOENT);
1155 
1156 		list_del_rcu(&peer->list);
1157 		kfree_rcu(peer, rcu);
1158 	}
1159 	spin_unlock(&devices_lock);
1160 }
1161 
1162 struct set_enable {
1163 	struct work_struct work;
1164 	bool flag;
1165 };
1166 
1167 static void do_enable_set(struct work_struct *work)
1168 {
1169 	struct set_enable *set_enable = container_of(work,
1170 						     struct set_enable, work);
1171 
1172 	if (!set_enable->flag || enable_6lowpan != set_enable->flag)
1173 		/* Disconnect existing connections if 6lowpan is
1174 		 * disabled
1175 		 */
1176 		disconnect_all_peers();
1177 
1178 	enable_6lowpan = set_enable->flag;
1179 
1180 	if (listen_chan) {
1181 		l2cap_chan_close(listen_chan, 0);
1182 		l2cap_chan_put(listen_chan);
1183 	}
1184 
1185 	listen_chan = bt_6lowpan_listen();
1186 
1187 	kfree(set_enable);
1188 }
1189 
1190 static int lowpan_enable_set(void *data, u64 val)
1191 {
1192 	struct set_enable *set_enable;
1193 
1194 	set_enable = kzalloc(sizeof(*set_enable), GFP_KERNEL);
1195 	if (!set_enable)
1196 		return -ENOMEM;
1197 
1198 	set_enable->flag = !!val;
1199 	INIT_WORK(&set_enable->work, do_enable_set);
1200 
1201 	schedule_work(&set_enable->work);
1202 
1203 	return 0;
1204 }
1205 
1206 static int lowpan_enable_get(void *data, u64 *val)
1207 {
1208 	*val = enable_6lowpan;
1209 	return 0;
1210 }
1211 
1212 DEFINE_SIMPLE_ATTRIBUTE(lowpan_enable_fops, lowpan_enable_get,
1213 			lowpan_enable_set, "%llu\n");
1214 
1215 static ssize_t lowpan_control_write(struct file *fp,
1216 				    const char __user *user_buffer,
1217 				    size_t count,
1218 				    loff_t *position)
1219 {
1220 	char buf[32];
1221 	size_t buf_size = min(count, sizeof(buf) - 1);
1222 	int ret;
1223 	bdaddr_t addr;
1224 	u8 addr_type;
1225 	struct l2cap_conn *conn = NULL;
1226 
1227 	if (copy_from_user(buf, user_buffer, buf_size))
1228 		return -EFAULT;
1229 
1230 	buf[buf_size] = '\0';
1231 
1232 	if (memcmp(buf, "connect ", 8) == 0) {
1233 		ret = get_l2cap_conn(&buf[8], &addr, &addr_type, &conn);
1234 		if (ret == -EINVAL)
1235 			return ret;
1236 
1237 		if (listen_chan) {
1238 			l2cap_chan_close(listen_chan, 0);
1239 			l2cap_chan_put(listen_chan);
1240 			listen_chan = NULL;
1241 		}
1242 
1243 		if (conn) {
1244 			struct lowpan_peer *peer;
1245 
1246 			if (!is_bt_6lowpan(conn->hcon))
1247 				return -EINVAL;
1248 
1249 			peer = lookup_peer(conn);
1250 			if (peer) {
1251 				BT_DBG("6LoWPAN connection already exists");
1252 				return -EALREADY;
1253 			}
1254 
1255 			BT_DBG("conn %p dst %pMR type %d user %d", conn,
1256 			       &conn->hcon->dst, conn->hcon->dst_type,
1257 			       addr_type);
1258 		}
1259 
1260 		ret = bt_6lowpan_connect(&addr, addr_type);
1261 		if (ret < 0)
1262 			return ret;
1263 
1264 		return count;
1265 	}
1266 
1267 	if (memcmp(buf, "disconnect ", 11) == 0) {
1268 		ret = get_l2cap_conn(&buf[11], &addr, &addr_type, &conn);
1269 		if (ret < 0)
1270 			return ret;
1271 
1272 		ret = bt_6lowpan_disconnect(conn, addr_type);
1273 		if (ret < 0)
1274 			return ret;
1275 
1276 		return count;
1277 	}
1278 
1279 	return count;
1280 }
1281 
1282 static int lowpan_control_show(struct seq_file *f, void *ptr)
1283 {
1284 	struct lowpan_btle_dev *entry;
1285 	struct lowpan_peer *peer;
1286 
1287 	spin_lock(&devices_lock);
1288 
1289 	list_for_each_entry(entry, &bt_6lowpan_devices, list) {
1290 		list_for_each_entry(peer, &entry->peers, list)
1291 			seq_printf(f, "%pMR (type %u)\n",
1292 				   &peer->chan->dst, peer->chan->dst_type);
1293 	}
1294 
1295 	spin_unlock(&devices_lock);
1296 
1297 	return 0;
1298 }
1299 
1300 static int lowpan_control_open(struct inode *inode, struct file *file)
1301 {
1302 	return single_open(file, lowpan_control_show, inode->i_private);
1303 }
1304 
1305 static const struct file_operations lowpan_control_fops = {
1306 	.open		= lowpan_control_open,
1307 	.read		= seq_read,
1308 	.write		= lowpan_control_write,
1309 	.llseek		= seq_lseek,
1310 	.release	= single_release,
1311 };
1312 
1313 static void disconnect_devices(void)
1314 {
1315 	struct lowpan_btle_dev *entry, *tmp, *new_dev;
1316 	struct list_head devices;
1317 
1318 	INIT_LIST_HEAD(&devices);
1319 
1320 	/* We make a separate list of devices because the unregister_netdev()
1321 	 * will call device_event() which will also want to modify the same
1322 	 * devices list.
1323 	 */
1324 
1325 	rcu_read_lock();
1326 
1327 	list_for_each_entry_rcu(entry, &bt_6lowpan_devices, list) {
1328 		new_dev = kmalloc(sizeof(*new_dev), GFP_ATOMIC);
1329 		if (!new_dev)
1330 			break;
1331 
1332 		new_dev->netdev = entry->netdev;
1333 		INIT_LIST_HEAD(&new_dev->list);
1334 
1335 		list_add_rcu(&new_dev->list, &devices);
1336 	}
1337 
1338 	rcu_read_unlock();
1339 
1340 	list_for_each_entry_safe(entry, tmp, &devices, list) {
1341 		ifdown(entry->netdev);
1342 		BT_DBG("Unregistering netdev %s %p",
1343 		       entry->netdev->name, entry->netdev);
1344 		lowpan_unregister_netdev(entry->netdev);
1345 		kfree(entry);
1346 	}
1347 }
1348 
1349 static int device_event(struct notifier_block *unused,
1350 			unsigned long event, void *ptr)
1351 {
1352 	struct net_device *netdev = netdev_notifier_info_to_dev(ptr);
1353 	struct lowpan_btle_dev *entry;
1354 
1355 	if (netdev->type != ARPHRD_6LOWPAN)
1356 		return NOTIFY_DONE;
1357 
1358 	switch (event) {
1359 	case NETDEV_UNREGISTER:
1360 		spin_lock(&devices_lock);
1361 		list_for_each_entry(entry, &bt_6lowpan_devices, list) {
1362 			if (entry->netdev == netdev) {
1363 				BT_DBG("Unregistered netdev %s %p",
1364 				       netdev->name, netdev);
1365 				list_del(&entry->list);
1366 				break;
1367 			}
1368 		}
1369 		spin_unlock(&devices_lock);
1370 		break;
1371 	}
1372 
1373 	return NOTIFY_DONE;
1374 }
1375 
1376 static struct notifier_block bt_6lowpan_dev_notifier = {
1377 	.notifier_call = device_event,
1378 };
1379 
1380 static int __init bt_6lowpan_init(void)
1381 {
1382 	lowpan_enable_debugfs = debugfs_create_file("6lowpan_enable", 0644,
1383 						    bt_debugfs, NULL,
1384 						    &lowpan_enable_fops);
1385 	lowpan_control_debugfs = debugfs_create_file("6lowpan_control", 0644,
1386 						     bt_debugfs, NULL,
1387 						     &lowpan_control_fops);
1388 
1389 	return register_netdevice_notifier(&bt_6lowpan_dev_notifier);
1390 }
1391 
1392 static void __exit bt_6lowpan_exit(void)
1393 {
1394 	debugfs_remove(lowpan_enable_debugfs);
1395 	debugfs_remove(lowpan_control_debugfs);
1396 
1397 	if (listen_chan) {
1398 		l2cap_chan_close(listen_chan, 0);
1399 		l2cap_chan_put(listen_chan);
1400 	}
1401 
1402 	disconnect_devices();
1403 
1404 	unregister_netdevice_notifier(&bt_6lowpan_dev_notifier);
1405 }
1406 
1407 module_init(bt_6lowpan_init);
1408 module_exit(bt_6lowpan_exit);
1409 
1410 MODULE_AUTHOR("Jukka Rissanen <jukka.rissanen@linux.intel.com>");
1411 MODULE_DESCRIPTION("Bluetooth 6LoWPAN");
1412 MODULE_VERSION(VERSION);
1413 MODULE_LICENSE("GPL");
1414