1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * Bluetooth RFCOMM core. 26 * 27 * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $ 28 */ 29 30 #include <linux/module.h> 31 #include <linux/errno.h> 32 #include <linux/kernel.h> 33 #include <linux/sched.h> 34 #include <linux/signal.h> 35 #include <linux/init.h> 36 #include <linux/wait.h> 37 #include <linux/device.h> 38 #include <linux/net.h> 39 #include <linux/mutex.h> 40 41 #include <net/sock.h> 42 #include <asm/uaccess.h> 43 #include <asm/unaligned.h> 44 45 #include <net/bluetooth/bluetooth.h> 46 #include <net/bluetooth/hci_core.h> 47 #include <net/bluetooth/l2cap.h> 48 #include <net/bluetooth/rfcomm.h> 49 50 #ifndef CONFIG_BT_RFCOMM_DEBUG 51 #undef BT_DBG 52 #define BT_DBG(D...) 53 #endif 54 55 #define VERSION "1.8" 56 57 static int disable_cfc = 0; 58 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU; 59 60 static struct task_struct *rfcomm_thread; 61 62 static DEFINE_MUTEX(rfcomm_mutex); 63 #define rfcomm_lock() mutex_lock(&rfcomm_mutex) 64 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex) 65 66 static unsigned long rfcomm_event; 67 68 static LIST_HEAD(session_list); 69 static atomic_t terminate, running; 70 71 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len); 72 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci); 73 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci); 74 static int rfcomm_queue_disc(struct rfcomm_dlc *d); 75 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type); 76 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d); 77 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig); 78 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len); 79 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits); 80 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr); 81 82 static void rfcomm_process_connect(struct rfcomm_session *s); 83 84 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err); 85 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst); 86 static void rfcomm_session_del(struct rfcomm_session *s); 87 88 /* ---- RFCOMM frame parsing macros ---- */ 89 #define __get_dlci(b) ((b & 0xfc) >> 2) 90 #define __get_channel(b) ((b & 0xf8) >> 3) 91 #define __get_dir(b) ((b & 0x04) >> 2) 92 #define __get_type(b) ((b & 0xef)) 93 94 #define __test_ea(b) ((b & 0x01)) 95 #define __test_cr(b) ((b & 0x02)) 96 #define __test_pf(b) ((b & 0x10)) 97 98 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01) 99 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4))) 100 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir) 101 #define __srv_channel(dlci) (dlci >> 1) 102 #define __dir(dlci) (dlci & 0x01) 103 104 #define __len8(len) (((len) << 1) | 1) 105 #define __len16(len) ((len) << 1) 106 107 /* MCC macros */ 108 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01)) 109 #define __get_mcc_type(b) ((b & 0xfc) >> 2) 110 #define __get_mcc_len(b) ((b & 0xfe) >> 1) 111 112 /* RPN macros */ 113 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3)) 114 #define __get_rpn_data_bits(line) ((line) & 0x3) 115 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1) 116 #define __get_rpn_parity(line) (((line) >> 3) & 0x7) 117 118 static inline void rfcomm_schedule(uint event) 119 { 120 if (!rfcomm_thread) 121 return; 122 //set_bit(event, &rfcomm_event); 123 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 124 wake_up_process(rfcomm_thread); 125 } 126 127 static inline void rfcomm_session_put(struct rfcomm_session *s) 128 { 129 if (atomic_dec_and_test(&s->refcnt)) 130 rfcomm_session_del(s); 131 } 132 133 /* ---- RFCOMM FCS computation ---- */ 134 135 /* reversed, 8-bit, poly=0x07 */ 136 static unsigned char rfcomm_crc_table[256] = { 137 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75, 138 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b, 139 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69, 140 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67, 141 142 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d, 143 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43, 144 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51, 145 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f, 146 147 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05, 148 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b, 149 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19, 150 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17, 151 152 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d, 153 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33, 154 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21, 155 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f, 156 157 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95, 158 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b, 159 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89, 160 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87, 161 162 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad, 163 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3, 164 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1, 165 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf, 166 167 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5, 168 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb, 169 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9, 170 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7, 171 172 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd, 173 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3, 174 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1, 175 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf 176 }; 177 178 /* CRC on 2 bytes */ 179 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]]) 180 181 /* FCS on 2 bytes */ 182 static inline u8 __fcs(u8 *data) 183 { 184 return (0xff - __crc(data)); 185 } 186 187 /* FCS on 3 bytes */ 188 static inline u8 __fcs2(u8 *data) 189 { 190 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]); 191 } 192 193 /* Check FCS */ 194 static inline int __check_fcs(u8 *data, int type, u8 fcs) 195 { 196 u8 f = __crc(data); 197 198 if (type != RFCOMM_UIH) 199 f = rfcomm_crc_table[f ^ data[2]]; 200 201 return rfcomm_crc_table[f ^ fcs] != 0xcf; 202 } 203 204 /* ---- L2CAP callbacks ---- */ 205 static void rfcomm_l2state_change(struct sock *sk) 206 { 207 BT_DBG("%p state %d", sk, sk->sk_state); 208 rfcomm_schedule(RFCOMM_SCHED_STATE); 209 } 210 211 static void rfcomm_l2data_ready(struct sock *sk, int bytes) 212 { 213 BT_DBG("%p bytes %d", sk, bytes); 214 rfcomm_schedule(RFCOMM_SCHED_RX); 215 } 216 217 static int rfcomm_l2sock_create(struct socket **sock) 218 { 219 int err; 220 221 BT_DBG(""); 222 223 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock); 224 if (!err) { 225 struct sock *sk = (*sock)->sk; 226 sk->sk_data_ready = rfcomm_l2data_ready; 227 sk->sk_state_change = rfcomm_l2state_change; 228 } 229 return err; 230 } 231 232 /* ---- RFCOMM DLCs ---- */ 233 static void rfcomm_dlc_timeout(unsigned long arg) 234 { 235 struct rfcomm_dlc *d = (void *) arg; 236 237 BT_DBG("dlc %p state %ld", d, d->state); 238 239 set_bit(RFCOMM_TIMED_OUT, &d->flags); 240 rfcomm_dlc_put(d); 241 rfcomm_schedule(RFCOMM_SCHED_TIMEO); 242 } 243 244 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout) 245 { 246 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout); 247 248 if (!mod_timer(&d->timer, jiffies + timeout)) 249 rfcomm_dlc_hold(d); 250 } 251 252 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d) 253 { 254 BT_DBG("dlc %p state %ld", d, d->state); 255 256 if (timer_pending(&d->timer) && del_timer(&d->timer)) 257 rfcomm_dlc_put(d); 258 } 259 260 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d) 261 { 262 BT_DBG("%p", d); 263 264 d->state = BT_OPEN; 265 d->flags = 0; 266 d->mscex = 0; 267 d->mtu = RFCOMM_DEFAULT_MTU; 268 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV; 269 270 d->cfc = RFCOMM_CFC_DISABLED; 271 d->rx_credits = RFCOMM_DEFAULT_CREDITS; 272 } 273 274 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio) 275 { 276 struct rfcomm_dlc *d = kmalloc(sizeof(*d), prio); 277 if (!d) 278 return NULL; 279 memset(d, 0, sizeof(*d)); 280 281 init_timer(&d->timer); 282 d->timer.function = rfcomm_dlc_timeout; 283 d->timer.data = (unsigned long) d; 284 285 skb_queue_head_init(&d->tx_queue); 286 spin_lock_init(&d->lock); 287 atomic_set(&d->refcnt, 1); 288 289 rfcomm_dlc_clear_state(d); 290 291 BT_DBG("%p", d); 292 return d; 293 } 294 295 void rfcomm_dlc_free(struct rfcomm_dlc *d) 296 { 297 BT_DBG("%p", d); 298 299 skb_queue_purge(&d->tx_queue); 300 kfree(d); 301 } 302 303 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d) 304 { 305 BT_DBG("dlc %p session %p", d, s); 306 307 rfcomm_session_hold(s); 308 309 rfcomm_dlc_hold(d); 310 list_add(&d->list, &s->dlcs); 311 d->session = s; 312 } 313 314 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d) 315 { 316 struct rfcomm_session *s = d->session; 317 318 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s); 319 320 list_del(&d->list); 321 d->session = NULL; 322 rfcomm_dlc_put(d); 323 324 rfcomm_session_put(s); 325 } 326 327 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci) 328 { 329 struct rfcomm_dlc *d; 330 struct list_head *p; 331 332 list_for_each(p, &s->dlcs) { 333 d = list_entry(p, struct rfcomm_dlc, list); 334 if (d->dlci == dlci) 335 return d; 336 } 337 return NULL; 338 } 339 340 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 341 { 342 struct rfcomm_session *s; 343 int err = 0; 344 u8 dlci; 345 346 BT_DBG("dlc %p state %ld %s %s channel %d", 347 d, d->state, batostr(src), batostr(dst), channel); 348 349 if (channel < 1 || channel > 30) 350 return -EINVAL; 351 352 if (d->state != BT_OPEN && d->state != BT_CLOSED) 353 return 0; 354 355 s = rfcomm_session_get(src, dst); 356 if (!s) { 357 s = rfcomm_session_create(src, dst, &err); 358 if (!s) 359 return err; 360 } 361 362 dlci = __dlci(!s->initiator, channel); 363 364 /* Check if DLCI already exists */ 365 if (rfcomm_dlc_get(s, dlci)) 366 return -EBUSY; 367 368 rfcomm_dlc_clear_state(d); 369 370 d->dlci = dlci; 371 d->addr = __addr(s->initiator, dlci); 372 d->priority = 7; 373 374 d->state = BT_CONFIG; 375 rfcomm_dlc_link(s, d); 376 377 d->mtu = s->mtu; 378 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc; 379 380 if (s->state == BT_CONNECTED) 381 rfcomm_send_pn(s, 1, d); 382 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 383 return 0; 384 } 385 386 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 387 { 388 int r; 389 390 rfcomm_lock(); 391 392 r = __rfcomm_dlc_open(d, src, dst, channel); 393 394 rfcomm_unlock(); 395 return r; 396 } 397 398 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 399 { 400 struct rfcomm_session *s = d->session; 401 if (!s) 402 return 0; 403 404 BT_DBG("dlc %p state %ld dlci %d err %d session %p", 405 d, d->state, d->dlci, err, s); 406 407 switch (d->state) { 408 case BT_CONNECTED: 409 case BT_CONFIG: 410 case BT_CONNECT: 411 d->state = BT_DISCONN; 412 if (skb_queue_empty(&d->tx_queue)) { 413 rfcomm_send_disc(s, d->dlci); 414 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT); 415 } else { 416 rfcomm_queue_disc(d); 417 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2); 418 } 419 break; 420 421 default: 422 rfcomm_dlc_clear_timer(d); 423 424 rfcomm_dlc_lock(d); 425 d->state = BT_CLOSED; 426 d->state_change(d, err); 427 rfcomm_dlc_unlock(d); 428 429 skb_queue_purge(&d->tx_queue); 430 rfcomm_dlc_unlink(d); 431 } 432 433 return 0; 434 } 435 436 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 437 { 438 int r; 439 440 rfcomm_lock(); 441 442 r = __rfcomm_dlc_close(d, err); 443 444 rfcomm_unlock(); 445 return r; 446 } 447 448 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb) 449 { 450 int len = skb->len; 451 452 if (d->state != BT_CONNECTED) 453 return -ENOTCONN; 454 455 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len); 456 457 if (len > d->mtu) 458 return -EINVAL; 459 460 rfcomm_make_uih(skb, d->addr); 461 skb_queue_tail(&d->tx_queue, skb); 462 463 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 464 rfcomm_schedule(RFCOMM_SCHED_TX); 465 return len; 466 } 467 468 void fastcall __rfcomm_dlc_throttle(struct rfcomm_dlc *d) 469 { 470 BT_DBG("dlc %p state %ld", d, d->state); 471 472 if (!d->cfc) { 473 d->v24_sig |= RFCOMM_V24_FC; 474 set_bit(RFCOMM_MSC_PENDING, &d->flags); 475 } 476 rfcomm_schedule(RFCOMM_SCHED_TX); 477 } 478 479 void fastcall __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d) 480 { 481 BT_DBG("dlc %p state %ld", d, d->state); 482 483 if (!d->cfc) { 484 d->v24_sig &= ~RFCOMM_V24_FC; 485 set_bit(RFCOMM_MSC_PENDING, &d->flags); 486 } 487 rfcomm_schedule(RFCOMM_SCHED_TX); 488 } 489 490 /* 491 Set/get modem status functions use _local_ status i.e. what we report 492 to the other side. 493 Remote status is provided by dlc->modem_status() callback. 494 */ 495 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig) 496 { 497 BT_DBG("dlc %p state %ld v24_sig 0x%x", 498 d, d->state, v24_sig); 499 500 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags)) 501 v24_sig |= RFCOMM_V24_FC; 502 else 503 v24_sig &= ~RFCOMM_V24_FC; 504 505 d->v24_sig = v24_sig; 506 507 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags)) 508 rfcomm_schedule(RFCOMM_SCHED_TX); 509 510 return 0; 511 } 512 513 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig) 514 { 515 BT_DBG("dlc %p state %ld v24_sig 0x%x", 516 d, d->state, d->v24_sig); 517 518 *v24_sig = d->v24_sig; 519 return 0; 520 } 521 522 /* ---- RFCOMM sessions ---- */ 523 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state) 524 { 525 struct rfcomm_session *s = kmalloc(sizeof(*s), GFP_KERNEL); 526 if (!s) 527 return NULL; 528 memset(s, 0, sizeof(*s)); 529 530 BT_DBG("session %p sock %p", s, sock); 531 532 INIT_LIST_HEAD(&s->dlcs); 533 s->state = state; 534 s->sock = sock; 535 536 s->mtu = RFCOMM_DEFAULT_MTU; 537 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN; 538 539 /* Do not increment module usage count for listening sessions. 540 * Otherwise we won't be able to unload the module. */ 541 if (state != BT_LISTEN) 542 if (!try_module_get(THIS_MODULE)) { 543 kfree(s); 544 return NULL; 545 } 546 547 list_add(&s->list, &session_list); 548 549 return s; 550 } 551 552 static void rfcomm_session_del(struct rfcomm_session *s) 553 { 554 int state = s->state; 555 556 BT_DBG("session %p state %ld", s, s->state); 557 558 list_del(&s->list); 559 560 if (state == BT_CONNECTED) 561 rfcomm_send_disc(s, 0); 562 563 sock_release(s->sock); 564 kfree(s); 565 566 if (state != BT_LISTEN) 567 module_put(THIS_MODULE); 568 } 569 570 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst) 571 { 572 struct rfcomm_session *s; 573 struct list_head *p, *n; 574 struct bt_sock *sk; 575 list_for_each_safe(p, n, &session_list) { 576 s = list_entry(p, struct rfcomm_session, list); 577 sk = bt_sk(s->sock->sk); 578 579 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) && 580 !bacmp(&sk->dst, dst)) 581 return s; 582 } 583 return NULL; 584 } 585 586 static void rfcomm_session_close(struct rfcomm_session *s, int err) 587 { 588 struct rfcomm_dlc *d; 589 struct list_head *p, *n; 590 591 BT_DBG("session %p state %ld err %d", s, s->state, err); 592 593 rfcomm_session_hold(s); 594 595 s->state = BT_CLOSED; 596 597 /* Close all dlcs */ 598 list_for_each_safe(p, n, &s->dlcs) { 599 d = list_entry(p, struct rfcomm_dlc, list); 600 d->state = BT_CLOSED; 601 __rfcomm_dlc_close(d, err); 602 } 603 604 rfcomm_session_put(s); 605 } 606 607 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err) 608 { 609 struct rfcomm_session *s = NULL; 610 struct sockaddr_l2 addr; 611 struct socket *sock; 612 struct sock *sk; 613 614 BT_DBG("%s %s", batostr(src), batostr(dst)); 615 616 *err = rfcomm_l2sock_create(&sock); 617 if (*err < 0) 618 return NULL; 619 620 bacpy(&addr.l2_bdaddr, src); 621 addr.l2_family = AF_BLUETOOTH; 622 addr.l2_psm = 0; 623 *err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 624 if (*err < 0) 625 goto failed; 626 627 /* Set L2CAP options */ 628 sk = sock->sk; 629 lock_sock(sk); 630 l2cap_pi(sk)->imtu = l2cap_mtu; 631 release_sock(sk); 632 633 s = rfcomm_session_add(sock, BT_BOUND); 634 if (!s) { 635 *err = -ENOMEM; 636 goto failed; 637 } 638 639 s->initiator = 1; 640 641 bacpy(&addr.l2_bdaddr, dst); 642 addr.l2_family = AF_BLUETOOTH; 643 addr.l2_psm = htobs(RFCOMM_PSM); 644 *err = sock->ops->connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); 645 if (*err == 0 || *err == -EAGAIN) 646 return s; 647 648 rfcomm_session_del(s); 649 return NULL; 650 651 failed: 652 sock_release(sock); 653 return NULL; 654 } 655 656 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst) 657 { 658 struct sock *sk = s->sock->sk; 659 if (src) 660 bacpy(src, &bt_sk(sk)->src); 661 if (dst) 662 bacpy(dst, &bt_sk(sk)->dst); 663 } 664 665 /* ---- RFCOMM frame sending ---- */ 666 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len) 667 { 668 struct socket *sock = s->sock; 669 struct kvec iv = { data, len }; 670 struct msghdr msg; 671 672 BT_DBG("session %p len %d", s, len); 673 674 memset(&msg, 0, sizeof(msg)); 675 676 return kernel_sendmsg(sock, &msg, &iv, 1, len); 677 } 678 679 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci) 680 { 681 struct rfcomm_cmd cmd; 682 683 BT_DBG("%p dlci %d", s, dlci); 684 685 cmd.addr = __addr(s->initiator, dlci); 686 cmd.ctrl = __ctrl(RFCOMM_SABM, 1); 687 cmd.len = __len8(0); 688 cmd.fcs = __fcs2((u8 *) &cmd); 689 690 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 691 } 692 693 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci) 694 { 695 struct rfcomm_cmd cmd; 696 697 BT_DBG("%p dlci %d", s, dlci); 698 699 cmd.addr = __addr(!s->initiator, dlci); 700 cmd.ctrl = __ctrl(RFCOMM_UA, 1); 701 cmd.len = __len8(0); 702 cmd.fcs = __fcs2((u8 *) &cmd); 703 704 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 705 } 706 707 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci) 708 { 709 struct rfcomm_cmd cmd; 710 711 BT_DBG("%p dlci %d", s, dlci); 712 713 cmd.addr = __addr(s->initiator, dlci); 714 cmd.ctrl = __ctrl(RFCOMM_DISC, 1); 715 cmd.len = __len8(0); 716 cmd.fcs = __fcs2((u8 *) &cmd); 717 718 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 719 } 720 721 static int rfcomm_queue_disc(struct rfcomm_dlc *d) 722 { 723 struct rfcomm_cmd *cmd; 724 struct sk_buff *skb; 725 726 BT_DBG("dlc %p dlci %d", d, d->dlci); 727 728 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL); 729 if (!skb) 730 return -ENOMEM; 731 732 cmd = (void *) __skb_put(skb, sizeof(*cmd)); 733 cmd->addr = d->addr; 734 cmd->ctrl = __ctrl(RFCOMM_DISC, 1); 735 cmd->len = __len8(0); 736 cmd->fcs = __fcs2((u8 *) cmd); 737 738 skb_queue_tail(&d->tx_queue, skb); 739 rfcomm_schedule(RFCOMM_SCHED_TX); 740 return 0; 741 } 742 743 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci) 744 { 745 struct rfcomm_cmd cmd; 746 747 BT_DBG("%p dlci %d", s, dlci); 748 749 cmd.addr = __addr(!s->initiator, dlci); 750 cmd.ctrl = __ctrl(RFCOMM_DM, 1); 751 cmd.len = __len8(0); 752 cmd.fcs = __fcs2((u8 *) &cmd); 753 754 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 755 } 756 757 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type) 758 { 759 struct rfcomm_hdr *hdr; 760 struct rfcomm_mcc *mcc; 761 u8 buf[16], *ptr = buf; 762 763 BT_DBG("%p cr %d type %d", s, cr, type); 764 765 hdr = (void *) ptr; ptr += sizeof(*hdr); 766 hdr->addr = __addr(s->initiator, 0); 767 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 768 hdr->len = __len8(sizeof(*mcc) + 1); 769 770 mcc = (void *) ptr; ptr += sizeof(*mcc); 771 mcc->type = __mcc_type(cr, RFCOMM_NSC); 772 mcc->len = __len8(1); 773 774 /* Type that we didn't like */ 775 *ptr = __mcc_type(cr, type); ptr++; 776 777 *ptr = __fcs(buf); ptr++; 778 779 return rfcomm_send_frame(s, buf, ptr - buf); 780 } 781 782 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d) 783 { 784 struct rfcomm_hdr *hdr; 785 struct rfcomm_mcc *mcc; 786 struct rfcomm_pn *pn; 787 u8 buf[16], *ptr = buf; 788 789 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu); 790 791 hdr = (void *) ptr; ptr += sizeof(*hdr); 792 hdr->addr = __addr(s->initiator, 0); 793 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 794 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn)); 795 796 mcc = (void *) ptr; ptr += sizeof(*mcc); 797 mcc->type = __mcc_type(cr, RFCOMM_PN); 798 mcc->len = __len8(sizeof(*pn)); 799 800 pn = (void *) ptr; ptr += sizeof(*pn); 801 pn->dlci = d->dlci; 802 pn->priority = d->priority; 803 pn->ack_timer = 0; 804 pn->max_retrans = 0; 805 806 if (s->cfc) { 807 pn->flow_ctrl = cr ? 0xf0 : 0xe0; 808 pn->credits = RFCOMM_DEFAULT_CREDITS; 809 } else { 810 pn->flow_ctrl = 0; 811 pn->credits = 0; 812 } 813 814 pn->mtu = htobs(d->mtu); 815 816 *ptr = __fcs(buf); ptr++; 817 818 return rfcomm_send_frame(s, buf, ptr - buf); 819 } 820 821 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci, 822 u8 bit_rate, u8 data_bits, u8 stop_bits, 823 u8 parity, u8 flow_ctrl_settings, 824 u8 xon_char, u8 xoff_char, u16 param_mask) 825 { 826 struct rfcomm_hdr *hdr; 827 struct rfcomm_mcc *mcc; 828 struct rfcomm_rpn *rpn; 829 u8 buf[16], *ptr = buf; 830 831 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x" 832 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x", 833 s, cr, dlci, bit_rate, data_bits, stop_bits, parity, 834 flow_ctrl_settings, xon_char, xoff_char, param_mask); 835 836 hdr = (void *) ptr; ptr += sizeof(*hdr); 837 hdr->addr = __addr(s->initiator, 0); 838 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 839 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn)); 840 841 mcc = (void *) ptr; ptr += sizeof(*mcc); 842 mcc->type = __mcc_type(cr, RFCOMM_RPN); 843 mcc->len = __len8(sizeof(*rpn)); 844 845 rpn = (void *) ptr; ptr += sizeof(*rpn); 846 rpn->dlci = __addr(1, dlci); 847 rpn->bit_rate = bit_rate; 848 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity); 849 rpn->flow_ctrl = flow_ctrl_settings; 850 rpn->xon_char = xon_char; 851 rpn->xoff_char = xoff_char; 852 rpn->param_mask = param_mask; 853 854 *ptr = __fcs(buf); ptr++; 855 856 return rfcomm_send_frame(s, buf, ptr - buf); 857 } 858 859 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status) 860 { 861 struct rfcomm_hdr *hdr; 862 struct rfcomm_mcc *mcc; 863 struct rfcomm_rls *rls; 864 u8 buf[16], *ptr = buf; 865 866 BT_DBG("%p cr %d status 0x%x", s, cr, status); 867 868 hdr = (void *) ptr; ptr += sizeof(*hdr); 869 hdr->addr = __addr(s->initiator, 0); 870 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 871 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls)); 872 873 mcc = (void *) ptr; ptr += sizeof(*mcc); 874 mcc->type = __mcc_type(cr, RFCOMM_RLS); 875 mcc->len = __len8(sizeof(*rls)); 876 877 rls = (void *) ptr; ptr += sizeof(*rls); 878 rls->dlci = __addr(1, dlci); 879 rls->status = status; 880 881 *ptr = __fcs(buf); ptr++; 882 883 return rfcomm_send_frame(s, buf, ptr - buf); 884 } 885 886 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig) 887 { 888 struct rfcomm_hdr *hdr; 889 struct rfcomm_mcc *mcc; 890 struct rfcomm_msc *msc; 891 u8 buf[16], *ptr = buf; 892 893 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig); 894 895 hdr = (void *) ptr; ptr += sizeof(*hdr); 896 hdr->addr = __addr(s->initiator, 0); 897 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 898 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc)); 899 900 mcc = (void *) ptr; ptr += sizeof(*mcc); 901 mcc->type = __mcc_type(cr, RFCOMM_MSC); 902 mcc->len = __len8(sizeof(*msc)); 903 904 msc = (void *) ptr; ptr += sizeof(*msc); 905 msc->dlci = __addr(1, dlci); 906 msc->v24_sig = v24_sig | 0x01; 907 908 *ptr = __fcs(buf); ptr++; 909 910 return rfcomm_send_frame(s, buf, ptr - buf); 911 } 912 913 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr) 914 { 915 struct rfcomm_hdr *hdr; 916 struct rfcomm_mcc *mcc; 917 u8 buf[16], *ptr = buf; 918 919 BT_DBG("%p cr %d", s, cr); 920 921 hdr = (void *) ptr; ptr += sizeof(*hdr); 922 hdr->addr = __addr(s->initiator, 0); 923 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 924 hdr->len = __len8(sizeof(*mcc)); 925 926 mcc = (void *) ptr; ptr += sizeof(*mcc); 927 mcc->type = __mcc_type(cr, RFCOMM_FCOFF); 928 mcc->len = __len8(0); 929 930 *ptr = __fcs(buf); ptr++; 931 932 return rfcomm_send_frame(s, buf, ptr - buf); 933 } 934 935 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr) 936 { 937 struct rfcomm_hdr *hdr; 938 struct rfcomm_mcc *mcc; 939 u8 buf[16], *ptr = buf; 940 941 BT_DBG("%p cr %d", s, cr); 942 943 hdr = (void *) ptr; ptr += sizeof(*hdr); 944 hdr->addr = __addr(s->initiator, 0); 945 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 946 hdr->len = __len8(sizeof(*mcc)); 947 948 mcc = (void *) ptr; ptr += sizeof(*mcc); 949 mcc->type = __mcc_type(cr, RFCOMM_FCON); 950 mcc->len = __len8(0); 951 952 *ptr = __fcs(buf); ptr++; 953 954 return rfcomm_send_frame(s, buf, ptr - buf); 955 } 956 957 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len) 958 { 959 struct socket *sock = s->sock; 960 struct kvec iv[3]; 961 struct msghdr msg; 962 unsigned char hdr[5], crc[1]; 963 964 if (len > 125) 965 return -EINVAL; 966 967 BT_DBG("%p cr %d", s, cr); 968 969 hdr[0] = __addr(s->initiator, 0); 970 hdr[1] = __ctrl(RFCOMM_UIH, 0); 971 hdr[2] = 0x01 | ((len + 2) << 1); 972 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2); 973 hdr[4] = 0x01 | (len << 1); 974 975 crc[0] = __fcs(hdr); 976 977 iv[0].iov_base = hdr; 978 iv[0].iov_len = 5; 979 iv[1].iov_base = pattern; 980 iv[1].iov_len = len; 981 iv[2].iov_base = crc; 982 iv[2].iov_len = 1; 983 984 memset(&msg, 0, sizeof(msg)); 985 986 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len); 987 } 988 989 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits) 990 { 991 struct rfcomm_hdr *hdr; 992 u8 buf[16], *ptr = buf; 993 994 BT_DBG("%p addr %d credits %d", s, addr, credits); 995 996 hdr = (void *) ptr; ptr += sizeof(*hdr); 997 hdr->addr = addr; 998 hdr->ctrl = __ctrl(RFCOMM_UIH, 1); 999 hdr->len = __len8(0); 1000 1001 *ptr = credits; ptr++; 1002 1003 *ptr = __fcs(buf); ptr++; 1004 1005 return rfcomm_send_frame(s, buf, ptr - buf); 1006 } 1007 1008 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr) 1009 { 1010 struct rfcomm_hdr *hdr; 1011 int len = skb->len; 1012 u8 *crc; 1013 1014 if (len > 127) { 1015 hdr = (void *) skb_push(skb, 4); 1016 put_unaligned(htobs(__len16(len)), (u16 *) &hdr->len); 1017 } else { 1018 hdr = (void *) skb_push(skb, 3); 1019 hdr->len = __len8(len); 1020 } 1021 hdr->addr = addr; 1022 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1023 1024 crc = skb_put(skb, 1); 1025 *crc = __fcs((void *) hdr); 1026 } 1027 1028 /* ---- RFCOMM frame reception ---- */ 1029 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci) 1030 { 1031 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1032 1033 if (dlci) { 1034 /* Data channel */ 1035 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1036 if (!d) { 1037 rfcomm_send_dm(s, dlci); 1038 return 0; 1039 } 1040 1041 switch (d->state) { 1042 case BT_CONNECT: 1043 rfcomm_dlc_clear_timer(d); 1044 1045 rfcomm_dlc_lock(d); 1046 d->state = BT_CONNECTED; 1047 d->state_change(d, 0); 1048 rfcomm_dlc_unlock(d); 1049 1050 rfcomm_send_msc(s, 1, dlci, d->v24_sig); 1051 break; 1052 1053 case BT_DISCONN: 1054 d->state = BT_CLOSED; 1055 __rfcomm_dlc_close(d, 0); 1056 break; 1057 } 1058 } else { 1059 /* Control channel */ 1060 switch (s->state) { 1061 case BT_CONNECT: 1062 s->state = BT_CONNECTED; 1063 rfcomm_process_connect(s); 1064 break; 1065 } 1066 } 1067 return 0; 1068 } 1069 1070 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci) 1071 { 1072 int err = 0; 1073 1074 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1075 1076 if (dlci) { 1077 /* Data DLC */ 1078 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1079 if (d) { 1080 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1081 err = ECONNREFUSED; 1082 else 1083 err = ECONNRESET; 1084 1085 d->state = BT_CLOSED; 1086 __rfcomm_dlc_close(d, err); 1087 } 1088 } else { 1089 if (s->state == BT_CONNECT) 1090 err = ECONNREFUSED; 1091 else 1092 err = ECONNRESET; 1093 1094 s->state = BT_CLOSED; 1095 rfcomm_session_close(s, err); 1096 } 1097 return 0; 1098 } 1099 1100 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci) 1101 { 1102 int err = 0; 1103 1104 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1105 1106 if (dlci) { 1107 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1108 if (d) { 1109 rfcomm_send_ua(s, dlci); 1110 1111 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1112 err = ECONNREFUSED; 1113 else 1114 err = ECONNRESET; 1115 1116 d->state = BT_CLOSED; 1117 __rfcomm_dlc_close(d, err); 1118 } else 1119 rfcomm_send_dm(s, dlci); 1120 1121 } else { 1122 rfcomm_send_ua(s, 0); 1123 1124 if (s->state == BT_CONNECT) 1125 err = ECONNREFUSED; 1126 else 1127 err = ECONNRESET; 1128 1129 s->state = BT_CLOSED; 1130 rfcomm_session_close(s, err); 1131 } 1132 1133 return 0; 1134 } 1135 1136 static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d) 1137 { 1138 struct sock *sk = d->session->sock->sk; 1139 1140 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) { 1141 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon)) 1142 return 1; 1143 } else if (d->link_mode & RFCOMM_LM_AUTH) { 1144 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon)) 1145 return 1; 1146 } 1147 1148 return 0; 1149 } 1150 1151 static void rfcomm_dlc_accept(struct rfcomm_dlc *d) 1152 { 1153 struct sock *sk = d->session->sock->sk; 1154 1155 BT_DBG("dlc %p", d); 1156 1157 rfcomm_send_ua(d->session, d->dlci); 1158 1159 rfcomm_dlc_lock(d); 1160 d->state = BT_CONNECTED; 1161 d->state_change(d, 0); 1162 rfcomm_dlc_unlock(d); 1163 1164 if (d->link_mode & RFCOMM_LM_MASTER) 1165 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00); 1166 1167 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1168 } 1169 1170 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci) 1171 { 1172 struct rfcomm_dlc *d; 1173 u8 channel; 1174 1175 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1176 1177 if (!dlci) { 1178 rfcomm_send_ua(s, 0); 1179 1180 if (s->state == BT_OPEN) { 1181 s->state = BT_CONNECTED; 1182 rfcomm_process_connect(s); 1183 } 1184 return 0; 1185 } 1186 1187 /* Check if DLC exists */ 1188 d = rfcomm_dlc_get(s, dlci); 1189 if (d) { 1190 if (d->state == BT_OPEN) { 1191 /* DLC was previously opened by PN request */ 1192 if (rfcomm_check_link_mode(d)) { 1193 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1194 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1195 return 0; 1196 } 1197 1198 rfcomm_dlc_accept(d); 1199 } 1200 return 0; 1201 } 1202 1203 /* Notify socket layer about incoming connection */ 1204 channel = __srv_channel(dlci); 1205 if (rfcomm_connect_ind(s, channel, &d)) { 1206 d->dlci = dlci; 1207 d->addr = __addr(s->initiator, dlci); 1208 rfcomm_dlc_link(s, d); 1209 1210 if (rfcomm_check_link_mode(d)) { 1211 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1212 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1213 return 0; 1214 } 1215 1216 rfcomm_dlc_accept(d); 1217 } else { 1218 rfcomm_send_dm(s, dlci); 1219 } 1220 1221 return 0; 1222 } 1223 1224 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn) 1225 { 1226 struct rfcomm_session *s = d->session; 1227 1228 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d", 1229 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits); 1230 1231 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) || 1232 pn->flow_ctrl == 0xe0) { 1233 d->cfc = RFCOMM_CFC_ENABLED; 1234 d->tx_credits = pn->credits; 1235 } else { 1236 d->cfc = RFCOMM_CFC_DISABLED; 1237 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1238 } 1239 1240 if (s->cfc == RFCOMM_CFC_UNKNOWN) 1241 s->cfc = d->cfc; 1242 1243 d->priority = pn->priority; 1244 1245 d->mtu = s->mtu = btohs(pn->mtu); 1246 1247 return 0; 1248 } 1249 1250 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1251 { 1252 struct rfcomm_pn *pn = (void *) skb->data; 1253 struct rfcomm_dlc *d; 1254 u8 dlci = pn->dlci; 1255 1256 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1257 1258 if (!dlci) 1259 return 0; 1260 1261 d = rfcomm_dlc_get(s, dlci); 1262 if (d) { 1263 if (cr) { 1264 /* PN request */ 1265 rfcomm_apply_pn(d, cr, pn); 1266 rfcomm_send_pn(s, 0, d); 1267 } else { 1268 /* PN response */ 1269 switch (d->state) { 1270 case BT_CONFIG: 1271 rfcomm_apply_pn(d, cr, pn); 1272 1273 d->state = BT_CONNECT; 1274 rfcomm_send_sabm(s, d->dlci); 1275 break; 1276 } 1277 } 1278 } else { 1279 u8 channel = __srv_channel(dlci); 1280 1281 if (!cr) 1282 return 0; 1283 1284 /* PN request for non existing DLC. 1285 * Assume incoming connection. */ 1286 if (rfcomm_connect_ind(s, channel, &d)) { 1287 d->dlci = dlci; 1288 d->addr = __addr(s->initiator, dlci); 1289 rfcomm_dlc_link(s, d); 1290 1291 rfcomm_apply_pn(d, cr, pn); 1292 1293 d->state = BT_OPEN; 1294 rfcomm_send_pn(s, 0, d); 1295 } else { 1296 rfcomm_send_dm(s, dlci); 1297 } 1298 } 1299 return 0; 1300 } 1301 1302 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb) 1303 { 1304 struct rfcomm_rpn *rpn = (void *) skb->data; 1305 u8 dlci = __get_dlci(rpn->dlci); 1306 1307 u8 bit_rate = 0; 1308 u8 data_bits = 0; 1309 u8 stop_bits = 0; 1310 u8 parity = 0; 1311 u8 flow_ctrl = 0; 1312 u8 xon_char = 0; 1313 u8 xoff_char = 0; 1314 u16 rpn_mask = RFCOMM_RPN_PM_ALL; 1315 1316 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x", 1317 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl, 1318 rpn->xon_char, rpn->xoff_char, rpn->param_mask); 1319 1320 if (!cr) 1321 return 0; 1322 1323 if (len == 1) { 1324 /* This is a request, return default settings */ 1325 bit_rate = RFCOMM_RPN_BR_115200; 1326 data_bits = RFCOMM_RPN_DATA_8; 1327 stop_bits = RFCOMM_RPN_STOP_1; 1328 parity = RFCOMM_RPN_PARITY_NONE; 1329 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1330 xon_char = RFCOMM_RPN_XON_CHAR; 1331 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1332 goto rpn_out; 1333 } 1334 1335 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit, 1336 * no parity, no flow control lines, normal XON/XOFF chars */ 1337 1338 if (rpn->param_mask & RFCOMM_RPN_PM_BITRATE) { 1339 bit_rate = rpn->bit_rate; 1340 if (bit_rate != RFCOMM_RPN_BR_115200) { 1341 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate); 1342 bit_rate = RFCOMM_RPN_BR_115200; 1343 rpn_mask ^= RFCOMM_RPN_PM_BITRATE; 1344 } 1345 } 1346 1347 if (rpn->param_mask & RFCOMM_RPN_PM_DATA) { 1348 data_bits = __get_rpn_data_bits(rpn->line_settings); 1349 if (data_bits != RFCOMM_RPN_DATA_8) { 1350 BT_DBG("RPN data bits mismatch 0x%x", data_bits); 1351 data_bits = RFCOMM_RPN_DATA_8; 1352 rpn_mask ^= RFCOMM_RPN_PM_DATA; 1353 } 1354 } 1355 1356 if (rpn->param_mask & RFCOMM_RPN_PM_STOP) { 1357 stop_bits = __get_rpn_stop_bits(rpn->line_settings); 1358 if (stop_bits != RFCOMM_RPN_STOP_1) { 1359 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits); 1360 stop_bits = RFCOMM_RPN_STOP_1; 1361 rpn_mask ^= RFCOMM_RPN_PM_STOP; 1362 } 1363 } 1364 1365 if (rpn->param_mask & RFCOMM_RPN_PM_PARITY) { 1366 parity = __get_rpn_parity(rpn->line_settings); 1367 if (parity != RFCOMM_RPN_PARITY_NONE) { 1368 BT_DBG("RPN parity mismatch 0x%x", parity); 1369 parity = RFCOMM_RPN_PARITY_NONE; 1370 rpn_mask ^= RFCOMM_RPN_PM_PARITY; 1371 } 1372 } 1373 1374 if (rpn->param_mask & RFCOMM_RPN_PM_FLOW) { 1375 flow_ctrl = rpn->flow_ctrl; 1376 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) { 1377 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl); 1378 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1379 rpn_mask ^= RFCOMM_RPN_PM_FLOW; 1380 } 1381 } 1382 1383 if (rpn->param_mask & RFCOMM_RPN_PM_XON) { 1384 xon_char = rpn->xon_char; 1385 if (xon_char != RFCOMM_RPN_XON_CHAR) { 1386 BT_DBG("RPN XON char mismatch 0x%x", xon_char); 1387 xon_char = RFCOMM_RPN_XON_CHAR; 1388 rpn_mask ^= RFCOMM_RPN_PM_XON; 1389 } 1390 } 1391 1392 if (rpn->param_mask & RFCOMM_RPN_PM_XOFF) { 1393 xoff_char = rpn->xoff_char; 1394 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) { 1395 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char); 1396 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1397 rpn_mask ^= RFCOMM_RPN_PM_XOFF; 1398 } 1399 } 1400 1401 rpn_out: 1402 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits, 1403 parity, flow_ctrl, xon_char, xoff_char, rpn_mask); 1404 1405 return 0; 1406 } 1407 1408 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1409 { 1410 struct rfcomm_rls *rls = (void *) skb->data; 1411 u8 dlci = __get_dlci(rls->dlci); 1412 1413 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status); 1414 1415 if (!cr) 1416 return 0; 1417 1418 /* We should probably do something with this information here. But 1419 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's 1420 * mandatory to recognise and respond to RLS */ 1421 1422 rfcomm_send_rls(s, 0, dlci, rls->status); 1423 1424 return 0; 1425 } 1426 1427 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1428 { 1429 struct rfcomm_msc *msc = (void *) skb->data; 1430 struct rfcomm_dlc *d; 1431 u8 dlci = __get_dlci(msc->dlci); 1432 1433 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig); 1434 1435 d = rfcomm_dlc_get(s, dlci); 1436 if (!d) 1437 return 0; 1438 1439 if (cr) { 1440 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc) 1441 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1442 else 1443 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1444 1445 rfcomm_dlc_lock(d); 1446 if (d->modem_status) 1447 d->modem_status(d, msc->v24_sig); 1448 rfcomm_dlc_unlock(d); 1449 1450 rfcomm_send_msc(s, 0, dlci, msc->v24_sig); 1451 1452 d->mscex |= RFCOMM_MSCEX_RX; 1453 } else 1454 d->mscex |= RFCOMM_MSCEX_TX; 1455 1456 return 0; 1457 } 1458 1459 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb) 1460 { 1461 struct rfcomm_mcc *mcc = (void *) skb->data; 1462 u8 type, cr, len; 1463 1464 cr = __test_cr(mcc->type); 1465 type = __get_mcc_type(mcc->type); 1466 len = __get_mcc_len(mcc->len); 1467 1468 BT_DBG("%p type 0x%x cr %d", s, type, cr); 1469 1470 skb_pull(skb, 2); 1471 1472 switch (type) { 1473 case RFCOMM_PN: 1474 rfcomm_recv_pn(s, cr, skb); 1475 break; 1476 1477 case RFCOMM_RPN: 1478 rfcomm_recv_rpn(s, cr, len, skb); 1479 break; 1480 1481 case RFCOMM_RLS: 1482 rfcomm_recv_rls(s, cr, skb); 1483 break; 1484 1485 case RFCOMM_MSC: 1486 rfcomm_recv_msc(s, cr, skb); 1487 break; 1488 1489 case RFCOMM_FCOFF: 1490 if (cr) { 1491 set_bit(RFCOMM_TX_THROTTLED, &s->flags); 1492 rfcomm_send_fcoff(s, 0); 1493 } 1494 break; 1495 1496 case RFCOMM_FCON: 1497 if (cr) { 1498 clear_bit(RFCOMM_TX_THROTTLED, &s->flags); 1499 rfcomm_send_fcon(s, 0); 1500 } 1501 break; 1502 1503 case RFCOMM_TEST: 1504 if (cr) 1505 rfcomm_send_test(s, 0, skb->data, skb->len); 1506 break; 1507 1508 case RFCOMM_NSC: 1509 break; 1510 1511 default: 1512 BT_ERR("Unknown control type 0x%02x", type); 1513 rfcomm_send_nsc(s, cr, type); 1514 break; 1515 } 1516 return 0; 1517 } 1518 1519 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb) 1520 { 1521 struct rfcomm_dlc *d; 1522 1523 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf); 1524 1525 d = rfcomm_dlc_get(s, dlci); 1526 if (!d) { 1527 rfcomm_send_dm(s, dlci); 1528 goto drop; 1529 } 1530 1531 if (pf && d->cfc) { 1532 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1); 1533 1534 d->tx_credits += credits; 1535 if (d->tx_credits) 1536 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1537 } 1538 1539 if (skb->len && d->state == BT_CONNECTED) { 1540 rfcomm_dlc_lock(d); 1541 d->rx_credits--; 1542 d->data_ready(d, skb); 1543 rfcomm_dlc_unlock(d); 1544 return 0; 1545 } 1546 1547 drop: 1548 kfree_skb(skb); 1549 return 0; 1550 } 1551 1552 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb) 1553 { 1554 struct rfcomm_hdr *hdr = (void *) skb->data; 1555 u8 type, dlci, fcs; 1556 1557 dlci = __get_dlci(hdr->addr); 1558 type = __get_type(hdr->ctrl); 1559 1560 /* Trim FCS */ 1561 skb->len--; skb->tail--; 1562 fcs = *(u8 *) skb->tail; 1563 1564 if (__check_fcs(skb->data, type, fcs)) { 1565 BT_ERR("bad checksum in packet"); 1566 kfree_skb(skb); 1567 return -EILSEQ; 1568 } 1569 1570 if (__test_ea(hdr->len)) 1571 skb_pull(skb, 3); 1572 else 1573 skb_pull(skb, 4); 1574 1575 switch (type) { 1576 case RFCOMM_SABM: 1577 if (__test_pf(hdr->ctrl)) 1578 rfcomm_recv_sabm(s, dlci); 1579 break; 1580 1581 case RFCOMM_DISC: 1582 if (__test_pf(hdr->ctrl)) 1583 rfcomm_recv_disc(s, dlci); 1584 break; 1585 1586 case RFCOMM_UA: 1587 if (__test_pf(hdr->ctrl)) 1588 rfcomm_recv_ua(s, dlci); 1589 break; 1590 1591 case RFCOMM_DM: 1592 rfcomm_recv_dm(s, dlci); 1593 break; 1594 1595 case RFCOMM_UIH: 1596 if (dlci) 1597 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb); 1598 1599 rfcomm_recv_mcc(s, skb); 1600 break; 1601 1602 default: 1603 BT_ERR("Unknown packet type 0x%02x\n", type); 1604 break; 1605 } 1606 kfree_skb(skb); 1607 return 0; 1608 } 1609 1610 /* ---- Connection and data processing ---- */ 1611 1612 static void rfcomm_process_connect(struct rfcomm_session *s) 1613 { 1614 struct rfcomm_dlc *d; 1615 struct list_head *p, *n; 1616 1617 BT_DBG("session %p state %ld", s, s->state); 1618 1619 list_for_each_safe(p, n, &s->dlcs) { 1620 d = list_entry(p, struct rfcomm_dlc, list); 1621 if (d->state == BT_CONFIG) { 1622 d->mtu = s->mtu; 1623 rfcomm_send_pn(s, 1, d); 1624 } 1625 } 1626 } 1627 1628 /* Send data queued for the DLC. 1629 * Return number of frames left in the queue. 1630 */ 1631 static inline int rfcomm_process_tx(struct rfcomm_dlc *d) 1632 { 1633 struct sk_buff *skb; 1634 int err; 1635 1636 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d", 1637 d, d->state, d->cfc, d->rx_credits, d->tx_credits); 1638 1639 /* Send pending MSC */ 1640 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags)) 1641 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1642 1643 if (d->cfc) { 1644 /* CFC enabled. 1645 * Give them some credits */ 1646 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) && 1647 d->rx_credits <= (d->cfc >> 2)) { 1648 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits); 1649 d->rx_credits = d->cfc; 1650 } 1651 } else { 1652 /* CFC disabled. 1653 * Give ourselves some credits */ 1654 d->tx_credits = 5; 1655 } 1656 1657 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 1658 return skb_queue_len(&d->tx_queue); 1659 1660 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) { 1661 err = rfcomm_send_frame(d->session, skb->data, skb->len); 1662 if (err < 0) { 1663 skb_queue_head(&d->tx_queue, skb); 1664 break; 1665 } 1666 kfree_skb(skb); 1667 d->tx_credits--; 1668 } 1669 1670 if (d->cfc && !d->tx_credits) { 1671 /* We're out of TX credits. 1672 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */ 1673 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1674 } 1675 1676 return skb_queue_len(&d->tx_queue); 1677 } 1678 1679 static inline void rfcomm_process_dlcs(struct rfcomm_session *s) 1680 { 1681 struct rfcomm_dlc *d; 1682 struct list_head *p, *n; 1683 1684 BT_DBG("session %p state %ld", s, s->state); 1685 1686 list_for_each_safe(p, n, &s->dlcs) { 1687 d = list_entry(p, struct rfcomm_dlc, list); 1688 1689 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) { 1690 __rfcomm_dlc_close(d, ETIMEDOUT); 1691 continue; 1692 } 1693 1694 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) { 1695 rfcomm_dlc_clear_timer(d); 1696 rfcomm_dlc_accept(d); 1697 if (d->link_mode & RFCOMM_LM_SECURE) { 1698 struct sock *sk = s->sock->sk; 1699 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon); 1700 } 1701 continue; 1702 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) { 1703 rfcomm_dlc_clear_timer(d); 1704 rfcomm_send_dm(s, d->dlci); 1705 __rfcomm_dlc_close(d, ECONNREFUSED); 1706 continue; 1707 } 1708 1709 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags)) 1710 continue; 1711 1712 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) && 1713 d->mscex == RFCOMM_MSCEX_OK) 1714 rfcomm_process_tx(d); 1715 } 1716 } 1717 1718 static inline void rfcomm_process_rx(struct rfcomm_session *s) 1719 { 1720 struct socket *sock = s->sock; 1721 struct sock *sk = sock->sk; 1722 struct sk_buff *skb; 1723 1724 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue)); 1725 1726 /* Get data directly from socket receive queue without copying it. */ 1727 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 1728 skb_orphan(skb); 1729 rfcomm_recv_frame(s, skb); 1730 } 1731 1732 if (sk->sk_state == BT_CLOSED) { 1733 if (!s->initiator) 1734 rfcomm_session_put(s); 1735 1736 rfcomm_session_close(s, sk->sk_err); 1737 } 1738 } 1739 1740 static inline void rfcomm_accept_connection(struct rfcomm_session *s) 1741 { 1742 struct socket *sock = s->sock, *nsock; 1743 int err; 1744 1745 /* Fast check for a new connection. 1746 * Avoids unnesesary socket allocations. */ 1747 if (list_empty(&bt_sk(sock->sk)->accept_q)) 1748 return; 1749 1750 BT_DBG("session %p", s); 1751 1752 if (sock_create_lite(PF_BLUETOOTH, sock->type, BTPROTO_L2CAP, &nsock)) 1753 return; 1754 1755 nsock->ops = sock->ops; 1756 1757 __module_get(nsock->ops->owner); 1758 1759 err = sock->ops->accept(sock, nsock, O_NONBLOCK); 1760 if (err < 0) { 1761 sock_release(nsock); 1762 return; 1763 } 1764 1765 /* Set our callbacks */ 1766 nsock->sk->sk_data_ready = rfcomm_l2data_ready; 1767 nsock->sk->sk_state_change = rfcomm_l2state_change; 1768 1769 s = rfcomm_session_add(nsock, BT_OPEN); 1770 if (s) { 1771 rfcomm_session_hold(s); 1772 rfcomm_schedule(RFCOMM_SCHED_RX); 1773 } else 1774 sock_release(nsock); 1775 } 1776 1777 static inline void rfcomm_check_connection(struct rfcomm_session *s) 1778 { 1779 struct sock *sk = s->sock->sk; 1780 1781 BT_DBG("%p state %ld", s, s->state); 1782 1783 switch(sk->sk_state) { 1784 case BT_CONNECTED: 1785 s->state = BT_CONNECT; 1786 1787 /* We can adjust MTU on outgoing sessions. 1788 * L2CAP MTU minus UIH header and FCS. */ 1789 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5; 1790 1791 rfcomm_send_sabm(s, 0); 1792 break; 1793 1794 case BT_CLOSED: 1795 s->state = BT_CLOSED; 1796 rfcomm_session_close(s, sk->sk_err); 1797 break; 1798 } 1799 } 1800 1801 static inline void rfcomm_process_sessions(void) 1802 { 1803 struct list_head *p, *n; 1804 1805 rfcomm_lock(); 1806 1807 list_for_each_safe(p, n, &session_list) { 1808 struct rfcomm_session *s; 1809 s = list_entry(p, struct rfcomm_session, list); 1810 1811 if (s->state == BT_LISTEN) { 1812 rfcomm_accept_connection(s); 1813 continue; 1814 } 1815 1816 rfcomm_session_hold(s); 1817 1818 switch (s->state) { 1819 case BT_BOUND: 1820 rfcomm_check_connection(s); 1821 break; 1822 1823 default: 1824 rfcomm_process_rx(s); 1825 break; 1826 } 1827 1828 rfcomm_process_dlcs(s); 1829 1830 rfcomm_session_put(s); 1831 } 1832 1833 rfcomm_unlock(); 1834 } 1835 1836 static void rfcomm_worker(void) 1837 { 1838 BT_DBG(""); 1839 1840 while (!atomic_read(&terminate)) { 1841 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) { 1842 /* No pending events. Let's sleep. 1843 * Incoming connections and data will wake us up. */ 1844 set_current_state(TASK_INTERRUPTIBLE); 1845 schedule(); 1846 } 1847 1848 /* Process stuff */ 1849 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 1850 rfcomm_process_sessions(); 1851 } 1852 set_current_state(TASK_RUNNING); 1853 return; 1854 } 1855 1856 static int rfcomm_add_listener(bdaddr_t *ba) 1857 { 1858 struct sockaddr_l2 addr; 1859 struct socket *sock; 1860 struct sock *sk; 1861 struct rfcomm_session *s; 1862 int err = 0; 1863 1864 /* Create socket */ 1865 err = rfcomm_l2sock_create(&sock); 1866 if (err < 0) { 1867 BT_ERR("Create socket failed %d", err); 1868 return err; 1869 } 1870 1871 /* Bind socket */ 1872 bacpy(&addr.l2_bdaddr, ba); 1873 addr.l2_family = AF_BLUETOOTH; 1874 addr.l2_psm = htobs(RFCOMM_PSM); 1875 err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 1876 if (err < 0) { 1877 BT_ERR("Bind failed %d", err); 1878 goto failed; 1879 } 1880 1881 /* Set L2CAP options */ 1882 sk = sock->sk; 1883 lock_sock(sk); 1884 l2cap_pi(sk)->imtu = l2cap_mtu; 1885 release_sock(sk); 1886 1887 /* Start listening on the socket */ 1888 err = sock->ops->listen(sock, 10); 1889 if (err) { 1890 BT_ERR("Listen failed %d", err); 1891 goto failed; 1892 } 1893 1894 /* Add listening session */ 1895 s = rfcomm_session_add(sock, BT_LISTEN); 1896 if (!s) 1897 goto failed; 1898 1899 rfcomm_session_hold(s); 1900 return 0; 1901 failed: 1902 sock_release(sock); 1903 return err; 1904 } 1905 1906 static void rfcomm_kill_listener(void) 1907 { 1908 struct rfcomm_session *s; 1909 struct list_head *p, *n; 1910 1911 BT_DBG(""); 1912 1913 list_for_each_safe(p, n, &session_list) { 1914 s = list_entry(p, struct rfcomm_session, list); 1915 rfcomm_session_del(s); 1916 } 1917 } 1918 1919 static int rfcomm_run(void *unused) 1920 { 1921 rfcomm_thread = current; 1922 1923 atomic_inc(&running); 1924 1925 daemonize("krfcommd"); 1926 set_user_nice(current, -10); 1927 current->flags |= PF_NOFREEZE; 1928 1929 BT_DBG(""); 1930 1931 rfcomm_add_listener(BDADDR_ANY); 1932 1933 rfcomm_worker(); 1934 1935 rfcomm_kill_listener(); 1936 1937 atomic_dec(&running); 1938 return 0; 1939 } 1940 1941 static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status) 1942 { 1943 struct rfcomm_session *s; 1944 struct rfcomm_dlc *d; 1945 struct list_head *p, *n; 1946 1947 BT_DBG("conn %p status 0x%02x", conn, status); 1948 1949 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); 1950 if (!s) 1951 return; 1952 1953 rfcomm_session_hold(s); 1954 1955 list_for_each_safe(p, n, &s->dlcs) { 1956 d = list_entry(p, struct rfcomm_dlc, list); 1957 1958 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) 1959 continue; 1960 1961 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 1962 continue; 1963 1964 if (!status) 1965 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 1966 else 1967 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 1968 } 1969 1970 rfcomm_session_put(s); 1971 1972 rfcomm_schedule(RFCOMM_SCHED_AUTH); 1973 } 1974 1975 static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt) 1976 { 1977 struct rfcomm_session *s; 1978 struct rfcomm_dlc *d; 1979 struct list_head *p, *n; 1980 1981 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt); 1982 1983 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); 1984 if (!s) 1985 return; 1986 1987 rfcomm_session_hold(s); 1988 1989 list_for_each_safe(p, n, &s->dlcs) { 1990 d = list_entry(p, struct rfcomm_dlc, list); 1991 1992 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 1993 continue; 1994 1995 if (!status && encrypt) 1996 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 1997 else 1998 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 1999 } 2000 2001 rfcomm_session_put(s); 2002 2003 rfcomm_schedule(RFCOMM_SCHED_AUTH); 2004 } 2005 2006 static struct hci_cb rfcomm_cb = { 2007 .name = "RFCOMM", 2008 .auth_cfm = rfcomm_auth_cfm, 2009 .encrypt_cfm = rfcomm_encrypt_cfm 2010 }; 2011 2012 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf) 2013 { 2014 struct rfcomm_session *s; 2015 struct list_head *pp, *p; 2016 char *str = buf; 2017 2018 rfcomm_lock(); 2019 2020 list_for_each(p, &session_list) { 2021 s = list_entry(p, struct rfcomm_session, list); 2022 list_for_each(pp, &s->dlcs) { 2023 struct sock *sk = s->sock->sk; 2024 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list); 2025 2026 str += sprintf(str, "%s %s %ld %d %d %d %d\n", 2027 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), 2028 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits); 2029 } 2030 } 2031 2032 rfcomm_unlock(); 2033 2034 return (str - buf); 2035 } 2036 2037 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL); 2038 2039 /* ---- Initialization ---- */ 2040 static int __init rfcomm_init(void) 2041 { 2042 l2cap_load(); 2043 2044 hci_register_cb(&rfcomm_cb); 2045 2046 kernel_thread(rfcomm_run, NULL, CLONE_KERNEL); 2047 2048 class_create_file(bt_class, &class_attr_rfcomm_dlc); 2049 2050 rfcomm_init_sockets(); 2051 2052 #ifdef CONFIG_BT_RFCOMM_TTY 2053 rfcomm_init_ttys(); 2054 #endif 2055 2056 BT_INFO("RFCOMM ver %s", VERSION); 2057 2058 return 0; 2059 } 2060 2061 static void __exit rfcomm_exit(void) 2062 { 2063 class_remove_file(bt_class, &class_attr_rfcomm_dlc); 2064 2065 hci_unregister_cb(&rfcomm_cb); 2066 2067 /* Terminate working thread. 2068 * ie. Set terminate flag and wake it up */ 2069 atomic_inc(&terminate); 2070 rfcomm_schedule(RFCOMM_SCHED_STATE); 2071 2072 /* Wait until thread is running */ 2073 while (atomic_read(&running)) 2074 schedule(); 2075 2076 #ifdef CONFIG_BT_RFCOMM_TTY 2077 rfcomm_cleanup_ttys(); 2078 #endif 2079 2080 rfcomm_cleanup_sockets(); 2081 } 2082 2083 module_init(rfcomm_init); 2084 module_exit(rfcomm_exit); 2085 2086 module_param(disable_cfc, bool, 0644); 2087 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control"); 2088 2089 module_param(l2cap_mtu, uint, 0644); 2090 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection"); 2091 2092 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>"); 2093 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION); 2094 MODULE_VERSION(VERSION); 2095 MODULE_LICENSE("GPL"); 2096 MODULE_ALIAS("bt-proto-3"); 2097