1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * Bluetooth RFCOMM core. 26 * 27 * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $ 28 */ 29 30 #include <linux/config.h> 31 #include <linux/module.h> 32 #include <linux/errno.h> 33 #include <linux/kernel.h> 34 #include <linux/sched.h> 35 #include <linux/signal.h> 36 #include <linux/init.h> 37 #include <linux/wait.h> 38 #include <linux/net.h> 39 #include <linux/proc_fs.h> 40 #include <linux/seq_file.h> 41 #include <net/sock.h> 42 #include <asm/uaccess.h> 43 #include <asm/unaligned.h> 44 45 #include <net/bluetooth/bluetooth.h> 46 #include <net/bluetooth/hci_core.h> 47 #include <net/bluetooth/l2cap.h> 48 #include <net/bluetooth/rfcomm.h> 49 50 #define VERSION "1.5" 51 52 #ifndef CONFIG_BT_RFCOMM_DEBUG 53 #undef BT_DBG 54 #define BT_DBG(D...) 55 #endif 56 57 #ifdef CONFIG_PROC_FS 58 struct proc_dir_entry *proc_bt_rfcomm; 59 #endif 60 61 static struct task_struct *rfcomm_thread; 62 63 static DECLARE_MUTEX(rfcomm_sem); 64 #define rfcomm_lock() down(&rfcomm_sem); 65 #define rfcomm_unlock() up(&rfcomm_sem); 66 67 static unsigned long rfcomm_event; 68 69 static LIST_HEAD(session_list); 70 static atomic_t terminate, running; 71 72 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len); 73 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci); 74 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci); 75 static int rfcomm_queue_disc(struct rfcomm_dlc *d); 76 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type); 77 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d); 78 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig); 79 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len); 80 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits); 81 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr); 82 83 static void rfcomm_process_connect(struct rfcomm_session *s); 84 85 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err); 86 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst); 87 static void rfcomm_session_del(struct rfcomm_session *s); 88 89 /* ---- RFCOMM frame parsing macros ---- */ 90 #define __get_dlci(b) ((b & 0xfc) >> 2) 91 #define __get_channel(b) ((b & 0xf8) >> 3) 92 #define __get_dir(b) ((b & 0x04) >> 2) 93 #define __get_type(b) ((b & 0xef)) 94 95 #define __test_ea(b) ((b & 0x01)) 96 #define __test_cr(b) ((b & 0x02)) 97 #define __test_pf(b) ((b & 0x10)) 98 99 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01) 100 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4))) 101 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir) 102 #define __srv_channel(dlci) (dlci >> 1) 103 #define __dir(dlci) (dlci & 0x01) 104 105 #define __len8(len) (((len) << 1) | 1) 106 #define __len16(len) ((len) << 1) 107 108 /* MCC macros */ 109 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01)) 110 #define __get_mcc_type(b) ((b & 0xfc) >> 2) 111 #define __get_mcc_len(b) ((b & 0xfe) >> 1) 112 113 /* RPN macros */ 114 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3)) 115 #define __get_rpn_data_bits(line) ((line) & 0x3) 116 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1) 117 #define __get_rpn_parity(line) (((line) >> 3) & 0x7) 118 119 static inline void rfcomm_schedule(uint event) 120 { 121 if (!rfcomm_thread) 122 return; 123 //set_bit(event, &rfcomm_event); 124 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 125 wake_up_process(rfcomm_thread); 126 } 127 128 static inline void rfcomm_session_put(struct rfcomm_session *s) 129 { 130 if (atomic_dec_and_test(&s->refcnt)) 131 rfcomm_session_del(s); 132 } 133 134 /* ---- RFCOMM FCS computation ---- */ 135 136 /* reversed, 8-bit, poly=0x07 */ 137 static unsigned char rfcomm_crc_table[256] = { 138 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75, 139 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b, 140 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69, 141 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67, 142 143 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d, 144 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43, 145 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51, 146 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f, 147 148 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05, 149 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b, 150 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19, 151 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17, 152 153 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d, 154 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33, 155 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21, 156 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f, 157 158 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95, 159 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b, 160 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89, 161 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87, 162 163 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad, 164 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3, 165 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1, 166 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf, 167 168 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5, 169 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb, 170 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9, 171 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7, 172 173 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd, 174 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3, 175 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1, 176 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf 177 }; 178 179 /* CRC on 2 bytes */ 180 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]]) 181 182 /* FCS on 2 bytes */ 183 static inline u8 __fcs(u8 *data) 184 { 185 return (0xff - __crc(data)); 186 } 187 188 /* FCS on 3 bytes */ 189 static inline u8 __fcs2(u8 *data) 190 { 191 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]); 192 } 193 194 /* Check FCS */ 195 static inline int __check_fcs(u8 *data, int type, u8 fcs) 196 { 197 u8 f = __crc(data); 198 199 if (type != RFCOMM_UIH) 200 f = rfcomm_crc_table[f ^ data[2]]; 201 202 return rfcomm_crc_table[f ^ fcs] != 0xcf; 203 } 204 205 /* ---- L2CAP callbacks ---- */ 206 static void rfcomm_l2state_change(struct sock *sk) 207 { 208 BT_DBG("%p state %d", sk, sk->sk_state); 209 rfcomm_schedule(RFCOMM_SCHED_STATE); 210 } 211 212 static void rfcomm_l2data_ready(struct sock *sk, int bytes) 213 { 214 BT_DBG("%p bytes %d", sk, bytes); 215 rfcomm_schedule(RFCOMM_SCHED_RX); 216 } 217 218 static int rfcomm_l2sock_create(struct socket **sock) 219 { 220 int err; 221 222 BT_DBG(""); 223 224 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock); 225 if (!err) { 226 struct sock *sk = (*sock)->sk; 227 sk->sk_data_ready = rfcomm_l2data_ready; 228 sk->sk_state_change = rfcomm_l2state_change; 229 } 230 return err; 231 } 232 233 /* ---- RFCOMM DLCs ---- */ 234 static void rfcomm_dlc_timeout(unsigned long arg) 235 { 236 struct rfcomm_dlc *d = (void *) arg; 237 238 BT_DBG("dlc %p state %ld", d, d->state); 239 240 set_bit(RFCOMM_TIMED_OUT, &d->flags); 241 rfcomm_dlc_put(d); 242 rfcomm_schedule(RFCOMM_SCHED_TIMEO); 243 } 244 245 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout) 246 { 247 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout); 248 249 if (!mod_timer(&d->timer, jiffies + timeout)) 250 rfcomm_dlc_hold(d); 251 } 252 253 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d) 254 { 255 BT_DBG("dlc %p state %ld", d, d->state); 256 257 if (timer_pending(&d->timer) && del_timer(&d->timer)) 258 rfcomm_dlc_put(d); 259 } 260 261 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d) 262 { 263 BT_DBG("%p", d); 264 265 d->state = BT_OPEN; 266 d->flags = 0; 267 d->mscex = 0; 268 d->mtu = RFCOMM_DEFAULT_MTU; 269 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV; 270 271 d->cfc = RFCOMM_CFC_DISABLED; 272 d->rx_credits = RFCOMM_DEFAULT_CREDITS; 273 } 274 275 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio) 276 { 277 struct rfcomm_dlc *d = kmalloc(sizeof(*d), prio); 278 if (!d) 279 return NULL; 280 memset(d, 0, sizeof(*d)); 281 282 init_timer(&d->timer); 283 d->timer.function = rfcomm_dlc_timeout; 284 d->timer.data = (unsigned long) d; 285 286 skb_queue_head_init(&d->tx_queue); 287 spin_lock_init(&d->lock); 288 atomic_set(&d->refcnt, 1); 289 290 rfcomm_dlc_clear_state(d); 291 292 BT_DBG("%p", d); 293 return d; 294 } 295 296 void rfcomm_dlc_free(struct rfcomm_dlc *d) 297 { 298 BT_DBG("%p", d); 299 300 skb_queue_purge(&d->tx_queue); 301 kfree(d); 302 } 303 304 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d) 305 { 306 BT_DBG("dlc %p session %p", d, s); 307 308 rfcomm_session_hold(s); 309 310 rfcomm_dlc_hold(d); 311 list_add(&d->list, &s->dlcs); 312 d->session = s; 313 } 314 315 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d) 316 { 317 struct rfcomm_session *s = d->session; 318 319 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s); 320 321 list_del(&d->list); 322 d->session = NULL; 323 rfcomm_dlc_put(d); 324 325 rfcomm_session_put(s); 326 } 327 328 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci) 329 { 330 struct rfcomm_dlc *d; 331 struct list_head *p; 332 333 list_for_each(p, &s->dlcs) { 334 d = list_entry(p, struct rfcomm_dlc, list); 335 if (d->dlci == dlci) 336 return d; 337 } 338 return NULL; 339 } 340 341 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 342 { 343 struct rfcomm_session *s; 344 int err = 0; 345 u8 dlci; 346 347 BT_DBG("dlc %p state %ld %s %s channel %d", 348 d, d->state, batostr(src), batostr(dst), channel); 349 350 if (channel < 1 || channel > 30) 351 return -EINVAL; 352 353 if (d->state != BT_OPEN && d->state != BT_CLOSED) 354 return 0; 355 356 s = rfcomm_session_get(src, dst); 357 if (!s) { 358 s = rfcomm_session_create(src, dst, &err); 359 if (!s) 360 return err; 361 } 362 363 dlci = __dlci(!s->initiator, channel); 364 365 /* Check if DLCI already exists */ 366 if (rfcomm_dlc_get(s, dlci)) 367 return -EBUSY; 368 369 rfcomm_dlc_clear_state(d); 370 371 d->dlci = dlci; 372 d->addr = __addr(s->initiator, dlci); 373 d->priority = 7; 374 375 d->state = BT_CONFIG; 376 rfcomm_dlc_link(s, d); 377 378 d->mtu = s->mtu; 379 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc; 380 381 if (s->state == BT_CONNECTED) 382 rfcomm_send_pn(s, 1, d); 383 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 384 return 0; 385 } 386 387 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 388 { 389 int r; 390 391 rfcomm_lock(); 392 393 r = __rfcomm_dlc_open(d, src, dst, channel); 394 395 rfcomm_unlock(); 396 return r; 397 } 398 399 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 400 { 401 struct rfcomm_session *s = d->session; 402 if (!s) 403 return 0; 404 405 BT_DBG("dlc %p state %ld dlci %d err %d session %p", 406 d, d->state, d->dlci, err, s); 407 408 switch (d->state) { 409 case BT_CONNECTED: 410 case BT_CONFIG: 411 case BT_CONNECT: 412 d->state = BT_DISCONN; 413 if (skb_queue_empty(&d->tx_queue)) { 414 rfcomm_send_disc(s, d->dlci); 415 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT); 416 } else { 417 rfcomm_queue_disc(d); 418 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2); 419 } 420 break; 421 422 default: 423 rfcomm_dlc_clear_timer(d); 424 425 rfcomm_dlc_lock(d); 426 d->state = BT_CLOSED; 427 d->state_change(d, err); 428 rfcomm_dlc_unlock(d); 429 430 skb_queue_purge(&d->tx_queue); 431 rfcomm_dlc_unlink(d); 432 } 433 434 return 0; 435 } 436 437 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 438 { 439 int r; 440 441 rfcomm_lock(); 442 443 r = __rfcomm_dlc_close(d, err); 444 445 rfcomm_unlock(); 446 return r; 447 } 448 449 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb) 450 { 451 int len = skb->len; 452 453 if (d->state != BT_CONNECTED) 454 return -ENOTCONN; 455 456 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len); 457 458 if (len > d->mtu) 459 return -EINVAL; 460 461 rfcomm_make_uih(skb, d->addr); 462 skb_queue_tail(&d->tx_queue, skb); 463 464 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 465 rfcomm_schedule(RFCOMM_SCHED_TX); 466 return len; 467 } 468 469 void fastcall __rfcomm_dlc_throttle(struct rfcomm_dlc *d) 470 { 471 BT_DBG("dlc %p state %ld", d, d->state); 472 473 if (!d->cfc) { 474 d->v24_sig |= RFCOMM_V24_FC; 475 set_bit(RFCOMM_MSC_PENDING, &d->flags); 476 } 477 rfcomm_schedule(RFCOMM_SCHED_TX); 478 } 479 480 void fastcall __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d) 481 { 482 BT_DBG("dlc %p state %ld", d, d->state); 483 484 if (!d->cfc) { 485 d->v24_sig &= ~RFCOMM_V24_FC; 486 set_bit(RFCOMM_MSC_PENDING, &d->flags); 487 } 488 rfcomm_schedule(RFCOMM_SCHED_TX); 489 } 490 491 /* 492 Set/get modem status functions use _local_ status i.e. what we report 493 to the other side. 494 Remote status is provided by dlc->modem_status() callback. 495 */ 496 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig) 497 { 498 BT_DBG("dlc %p state %ld v24_sig 0x%x", 499 d, d->state, v24_sig); 500 501 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags)) 502 v24_sig |= RFCOMM_V24_FC; 503 else 504 v24_sig &= ~RFCOMM_V24_FC; 505 506 d->v24_sig = v24_sig; 507 508 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags)) 509 rfcomm_schedule(RFCOMM_SCHED_TX); 510 511 return 0; 512 } 513 514 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig) 515 { 516 BT_DBG("dlc %p state %ld v24_sig 0x%x", 517 d, d->state, d->v24_sig); 518 519 *v24_sig = d->v24_sig; 520 return 0; 521 } 522 523 /* ---- RFCOMM sessions ---- */ 524 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state) 525 { 526 struct rfcomm_session *s = kmalloc(sizeof(*s), GFP_KERNEL); 527 if (!s) 528 return NULL; 529 memset(s, 0, sizeof(*s)); 530 531 BT_DBG("session %p sock %p", s, sock); 532 533 INIT_LIST_HEAD(&s->dlcs); 534 s->state = state; 535 s->sock = sock; 536 537 s->mtu = RFCOMM_DEFAULT_MTU; 538 s->cfc = RFCOMM_CFC_UNKNOWN; 539 540 /* Do not increment module usage count for listening sessions. 541 * Otherwise we won't be able to unload the module. */ 542 if (state != BT_LISTEN) 543 if (!try_module_get(THIS_MODULE)) { 544 kfree(s); 545 return NULL; 546 } 547 548 list_add(&s->list, &session_list); 549 550 return s; 551 } 552 553 static void rfcomm_session_del(struct rfcomm_session *s) 554 { 555 int state = s->state; 556 557 BT_DBG("session %p state %ld", s, s->state); 558 559 list_del(&s->list); 560 561 if (state == BT_CONNECTED) 562 rfcomm_send_disc(s, 0); 563 564 sock_release(s->sock); 565 kfree(s); 566 567 if (state != BT_LISTEN) 568 module_put(THIS_MODULE); 569 } 570 571 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst) 572 { 573 struct rfcomm_session *s; 574 struct list_head *p, *n; 575 struct bt_sock *sk; 576 list_for_each_safe(p, n, &session_list) { 577 s = list_entry(p, struct rfcomm_session, list); 578 sk = bt_sk(s->sock->sk); 579 580 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) && 581 !bacmp(&sk->dst, dst)) 582 return s; 583 } 584 return NULL; 585 } 586 587 static void rfcomm_session_close(struct rfcomm_session *s, int err) 588 { 589 struct rfcomm_dlc *d; 590 struct list_head *p, *n; 591 592 BT_DBG("session %p state %ld err %d", s, s->state, err); 593 594 rfcomm_session_hold(s); 595 596 s->state = BT_CLOSED; 597 598 /* Close all dlcs */ 599 list_for_each_safe(p, n, &s->dlcs) { 600 d = list_entry(p, struct rfcomm_dlc, list); 601 d->state = BT_CLOSED; 602 __rfcomm_dlc_close(d, err); 603 } 604 605 rfcomm_session_put(s); 606 } 607 608 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err) 609 { 610 struct rfcomm_session *s = NULL; 611 struct sockaddr_l2 addr; 612 struct socket *sock; 613 struct sock *sk; 614 615 BT_DBG("%s %s", batostr(src), batostr(dst)); 616 617 *err = rfcomm_l2sock_create(&sock); 618 if (*err < 0) 619 return NULL; 620 621 bacpy(&addr.l2_bdaddr, src); 622 addr.l2_family = AF_BLUETOOTH; 623 addr.l2_psm = 0; 624 *err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 625 if (*err < 0) 626 goto failed; 627 628 /* Set L2CAP options */ 629 sk = sock->sk; 630 lock_sock(sk); 631 l2cap_pi(sk)->imtu = RFCOMM_MAX_L2CAP_MTU; 632 release_sock(sk); 633 634 s = rfcomm_session_add(sock, BT_BOUND); 635 if (!s) { 636 *err = -ENOMEM; 637 goto failed; 638 } 639 640 s->initiator = 1; 641 642 bacpy(&addr.l2_bdaddr, dst); 643 addr.l2_family = AF_BLUETOOTH; 644 addr.l2_psm = htobs(RFCOMM_PSM); 645 *err = sock->ops->connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); 646 if (*err == 0 || *err == -EAGAIN) 647 return s; 648 649 rfcomm_session_del(s); 650 return NULL; 651 652 failed: 653 sock_release(sock); 654 return NULL; 655 } 656 657 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst) 658 { 659 struct sock *sk = s->sock->sk; 660 if (src) 661 bacpy(src, &bt_sk(sk)->src); 662 if (dst) 663 bacpy(dst, &bt_sk(sk)->dst); 664 } 665 666 /* ---- RFCOMM frame sending ---- */ 667 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len) 668 { 669 struct socket *sock = s->sock; 670 struct kvec iv = { data, len }; 671 struct msghdr msg; 672 673 BT_DBG("session %p len %d", s, len); 674 675 memset(&msg, 0, sizeof(msg)); 676 677 return kernel_sendmsg(sock, &msg, &iv, 1, len); 678 } 679 680 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci) 681 { 682 struct rfcomm_cmd cmd; 683 684 BT_DBG("%p dlci %d", s, dlci); 685 686 cmd.addr = __addr(s->initiator, dlci); 687 cmd.ctrl = __ctrl(RFCOMM_SABM, 1); 688 cmd.len = __len8(0); 689 cmd.fcs = __fcs2((u8 *) &cmd); 690 691 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 692 } 693 694 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci) 695 { 696 struct rfcomm_cmd cmd; 697 698 BT_DBG("%p dlci %d", s, dlci); 699 700 cmd.addr = __addr(!s->initiator, dlci); 701 cmd.ctrl = __ctrl(RFCOMM_UA, 1); 702 cmd.len = __len8(0); 703 cmd.fcs = __fcs2((u8 *) &cmd); 704 705 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 706 } 707 708 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci) 709 { 710 struct rfcomm_cmd cmd; 711 712 BT_DBG("%p dlci %d", s, dlci); 713 714 cmd.addr = __addr(s->initiator, dlci); 715 cmd.ctrl = __ctrl(RFCOMM_DISC, 1); 716 cmd.len = __len8(0); 717 cmd.fcs = __fcs2((u8 *) &cmd); 718 719 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 720 } 721 722 static int rfcomm_queue_disc(struct rfcomm_dlc *d) 723 { 724 struct rfcomm_cmd *cmd; 725 struct sk_buff *skb; 726 727 BT_DBG("dlc %p dlci %d", d, d->dlci); 728 729 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL); 730 if (!skb) 731 return -ENOMEM; 732 733 cmd = (void *) __skb_put(skb, sizeof(*cmd)); 734 cmd->addr = d->addr; 735 cmd->ctrl = __ctrl(RFCOMM_DISC, 1); 736 cmd->len = __len8(0); 737 cmd->fcs = __fcs2((u8 *) cmd); 738 739 skb_queue_tail(&d->tx_queue, skb); 740 rfcomm_schedule(RFCOMM_SCHED_TX); 741 return 0; 742 } 743 744 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci) 745 { 746 struct rfcomm_cmd cmd; 747 748 BT_DBG("%p dlci %d", s, dlci); 749 750 cmd.addr = __addr(!s->initiator, dlci); 751 cmd.ctrl = __ctrl(RFCOMM_DM, 1); 752 cmd.len = __len8(0); 753 cmd.fcs = __fcs2((u8 *) &cmd); 754 755 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 756 } 757 758 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type) 759 { 760 struct rfcomm_hdr *hdr; 761 struct rfcomm_mcc *mcc; 762 u8 buf[16], *ptr = buf; 763 764 BT_DBG("%p cr %d type %d", s, cr, type); 765 766 hdr = (void *) ptr; ptr += sizeof(*hdr); 767 hdr->addr = __addr(s->initiator, 0); 768 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 769 hdr->len = __len8(sizeof(*mcc) + 1); 770 771 mcc = (void *) ptr; ptr += sizeof(*mcc); 772 mcc->type = __mcc_type(cr, RFCOMM_NSC); 773 mcc->len = __len8(1); 774 775 /* Type that we didn't like */ 776 *ptr = __mcc_type(cr, type); ptr++; 777 778 *ptr = __fcs(buf); ptr++; 779 780 return rfcomm_send_frame(s, buf, ptr - buf); 781 } 782 783 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d) 784 { 785 struct rfcomm_hdr *hdr; 786 struct rfcomm_mcc *mcc; 787 struct rfcomm_pn *pn; 788 u8 buf[16], *ptr = buf; 789 790 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu); 791 792 hdr = (void *) ptr; ptr += sizeof(*hdr); 793 hdr->addr = __addr(s->initiator, 0); 794 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 795 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn)); 796 797 mcc = (void *) ptr; ptr += sizeof(*mcc); 798 mcc->type = __mcc_type(cr, RFCOMM_PN); 799 mcc->len = __len8(sizeof(*pn)); 800 801 pn = (void *) ptr; ptr += sizeof(*pn); 802 pn->dlci = d->dlci; 803 pn->priority = d->priority; 804 pn->ack_timer = 0; 805 pn->max_retrans = 0; 806 807 if (s->cfc) { 808 pn->flow_ctrl = cr ? 0xf0 : 0xe0; 809 pn->credits = RFCOMM_DEFAULT_CREDITS; 810 } else { 811 pn->flow_ctrl = 0; 812 pn->credits = 0; 813 } 814 815 pn->mtu = htobs(d->mtu); 816 817 *ptr = __fcs(buf); ptr++; 818 819 return rfcomm_send_frame(s, buf, ptr - buf); 820 } 821 822 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci, 823 u8 bit_rate, u8 data_bits, u8 stop_bits, 824 u8 parity, u8 flow_ctrl_settings, 825 u8 xon_char, u8 xoff_char, u16 param_mask) 826 { 827 struct rfcomm_hdr *hdr; 828 struct rfcomm_mcc *mcc; 829 struct rfcomm_rpn *rpn; 830 u8 buf[16], *ptr = buf; 831 832 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x" 833 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x", 834 s, cr, dlci, bit_rate, data_bits, stop_bits, parity, 835 flow_ctrl_settings, xon_char, xoff_char, param_mask); 836 837 hdr = (void *) ptr; ptr += sizeof(*hdr); 838 hdr->addr = __addr(s->initiator, 0); 839 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 840 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn)); 841 842 mcc = (void *) ptr; ptr += sizeof(*mcc); 843 mcc->type = __mcc_type(cr, RFCOMM_RPN); 844 mcc->len = __len8(sizeof(*rpn)); 845 846 rpn = (void *) ptr; ptr += sizeof(*rpn); 847 rpn->dlci = __addr(1, dlci); 848 rpn->bit_rate = bit_rate; 849 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity); 850 rpn->flow_ctrl = flow_ctrl_settings; 851 rpn->xon_char = xon_char; 852 rpn->xoff_char = xoff_char; 853 rpn->param_mask = param_mask; 854 855 *ptr = __fcs(buf); ptr++; 856 857 return rfcomm_send_frame(s, buf, ptr - buf); 858 } 859 860 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status) 861 { 862 struct rfcomm_hdr *hdr; 863 struct rfcomm_mcc *mcc; 864 struct rfcomm_rls *rls; 865 u8 buf[16], *ptr = buf; 866 867 BT_DBG("%p cr %d status 0x%x", s, cr, status); 868 869 hdr = (void *) ptr; ptr += sizeof(*hdr); 870 hdr->addr = __addr(s->initiator, 0); 871 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 872 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls)); 873 874 mcc = (void *) ptr; ptr += sizeof(*mcc); 875 mcc->type = __mcc_type(cr, RFCOMM_RLS); 876 mcc->len = __len8(sizeof(*rls)); 877 878 rls = (void *) ptr; ptr += sizeof(*rls); 879 rls->dlci = __addr(1, dlci); 880 rls->status = status; 881 882 *ptr = __fcs(buf); ptr++; 883 884 return rfcomm_send_frame(s, buf, ptr - buf); 885 } 886 887 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig) 888 { 889 struct rfcomm_hdr *hdr; 890 struct rfcomm_mcc *mcc; 891 struct rfcomm_msc *msc; 892 u8 buf[16], *ptr = buf; 893 894 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig); 895 896 hdr = (void *) ptr; ptr += sizeof(*hdr); 897 hdr->addr = __addr(s->initiator, 0); 898 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 899 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc)); 900 901 mcc = (void *) ptr; ptr += sizeof(*mcc); 902 mcc->type = __mcc_type(cr, RFCOMM_MSC); 903 mcc->len = __len8(sizeof(*msc)); 904 905 msc = (void *) ptr; ptr += sizeof(*msc); 906 msc->dlci = __addr(1, dlci); 907 msc->v24_sig = v24_sig | 0x01; 908 909 *ptr = __fcs(buf); ptr++; 910 911 return rfcomm_send_frame(s, buf, ptr - buf); 912 } 913 914 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr) 915 { 916 struct rfcomm_hdr *hdr; 917 struct rfcomm_mcc *mcc; 918 u8 buf[16], *ptr = buf; 919 920 BT_DBG("%p cr %d", s, cr); 921 922 hdr = (void *) ptr; ptr += sizeof(*hdr); 923 hdr->addr = __addr(s->initiator, 0); 924 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 925 hdr->len = __len8(sizeof(*mcc)); 926 927 mcc = (void *) ptr; ptr += sizeof(*mcc); 928 mcc->type = __mcc_type(cr, RFCOMM_FCOFF); 929 mcc->len = __len8(0); 930 931 *ptr = __fcs(buf); ptr++; 932 933 return rfcomm_send_frame(s, buf, ptr - buf); 934 } 935 936 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr) 937 { 938 struct rfcomm_hdr *hdr; 939 struct rfcomm_mcc *mcc; 940 u8 buf[16], *ptr = buf; 941 942 BT_DBG("%p cr %d", s, cr); 943 944 hdr = (void *) ptr; ptr += sizeof(*hdr); 945 hdr->addr = __addr(s->initiator, 0); 946 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 947 hdr->len = __len8(sizeof(*mcc)); 948 949 mcc = (void *) ptr; ptr += sizeof(*mcc); 950 mcc->type = __mcc_type(cr, RFCOMM_FCON); 951 mcc->len = __len8(0); 952 953 *ptr = __fcs(buf); ptr++; 954 955 return rfcomm_send_frame(s, buf, ptr - buf); 956 } 957 958 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len) 959 { 960 struct socket *sock = s->sock; 961 struct kvec iv[3]; 962 struct msghdr msg; 963 unsigned char hdr[5], crc[1]; 964 965 if (len > 125) 966 return -EINVAL; 967 968 BT_DBG("%p cr %d", s, cr); 969 970 hdr[0] = __addr(s->initiator, 0); 971 hdr[1] = __ctrl(RFCOMM_UIH, 0); 972 hdr[2] = 0x01 | ((len + 2) << 1); 973 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2); 974 hdr[4] = 0x01 | (len << 1); 975 976 crc[0] = __fcs(hdr); 977 978 iv[0].iov_base = hdr; 979 iv[0].iov_len = 5; 980 iv[1].iov_base = pattern; 981 iv[1].iov_len = len; 982 iv[2].iov_base = crc; 983 iv[2].iov_len = 1; 984 985 memset(&msg, 0, sizeof(msg)); 986 987 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len); 988 } 989 990 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits) 991 { 992 struct rfcomm_hdr *hdr; 993 u8 buf[16], *ptr = buf; 994 995 BT_DBG("%p addr %d credits %d", s, addr, credits); 996 997 hdr = (void *) ptr; ptr += sizeof(*hdr); 998 hdr->addr = addr; 999 hdr->ctrl = __ctrl(RFCOMM_UIH, 1); 1000 hdr->len = __len8(0); 1001 1002 *ptr = credits; ptr++; 1003 1004 *ptr = __fcs(buf); ptr++; 1005 1006 return rfcomm_send_frame(s, buf, ptr - buf); 1007 } 1008 1009 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr) 1010 { 1011 struct rfcomm_hdr *hdr; 1012 int len = skb->len; 1013 u8 *crc; 1014 1015 if (len > 127) { 1016 hdr = (void *) skb_push(skb, 4); 1017 put_unaligned(htobs(__len16(len)), (u16 *) &hdr->len); 1018 } else { 1019 hdr = (void *) skb_push(skb, 3); 1020 hdr->len = __len8(len); 1021 } 1022 hdr->addr = addr; 1023 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1024 1025 crc = skb_put(skb, 1); 1026 *crc = __fcs((void *) hdr); 1027 } 1028 1029 /* ---- RFCOMM frame reception ---- */ 1030 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci) 1031 { 1032 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1033 1034 if (dlci) { 1035 /* Data channel */ 1036 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1037 if (!d) { 1038 rfcomm_send_dm(s, dlci); 1039 return 0; 1040 } 1041 1042 switch (d->state) { 1043 case BT_CONNECT: 1044 rfcomm_dlc_clear_timer(d); 1045 1046 rfcomm_dlc_lock(d); 1047 d->state = BT_CONNECTED; 1048 d->state_change(d, 0); 1049 rfcomm_dlc_unlock(d); 1050 1051 rfcomm_send_msc(s, 1, dlci, d->v24_sig); 1052 break; 1053 1054 case BT_DISCONN: 1055 d->state = BT_CLOSED; 1056 __rfcomm_dlc_close(d, 0); 1057 break; 1058 } 1059 } else { 1060 /* Control channel */ 1061 switch (s->state) { 1062 case BT_CONNECT: 1063 s->state = BT_CONNECTED; 1064 rfcomm_process_connect(s); 1065 break; 1066 } 1067 } 1068 return 0; 1069 } 1070 1071 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci) 1072 { 1073 int err = 0; 1074 1075 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1076 1077 if (dlci) { 1078 /* Data DLC */ 1079 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1080 if (d) { 1081 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1082 err = ECONNREFUSED; 1083 else 1084 err = ECONNRESET; 1085 1086 d->state = BT_CLOSED; 1087 __rfcomm_dlc_close(d, err); 1088 } 1089 } else { 1090 if (s->state == BT_CONNECT) 1091 err = ECONNREFUSED; 1092 else 1093 err = ECONNRESET; 1094 1095 s->state = BT_CLOSED; 1096 rfcomm_session_close(s, err); 1097 } 1098 return 0; 1099 } 1100 1101 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci) 1102 { 1103 int err = 0; 1104 1105 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1106 1107 if (dlci) { 1108 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1109 if (d) { 1110 rfcomm_send_ua(s, dlci); 1111 1112 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1113 err = ECONNREFUSED; 1114 else 1115 err = ECONNRESET; 1116 1117 d->state = BT_CLOSED; 1118 __rfcomm_dlc_close(d, err); 1119 } else 1120 rfcomm_send_dm(s, dlci); 1121 1122 } else { 1123 rfcomm_send_ua(s, 0); 1124 1125 if (s->state == BT_CONNECT) 1126 err = ECONNREFUSED; 1127 else 1128 err = ECONNRESET; 1129 1130 s->state = BT_CLOSED; 1131 rfcomm_session_close(s, err); 1132 } 1133 1134 return 0; 1135 } 1136 1137 static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d) 1138 { 1139 struct sock *sk = d->session->sock->sk; 1140 1141 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) { 1142 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon)) 1143 return 1; 1144 } else if (d->link_mode & RFCOMM_LM_AUTH) { 1145 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon)) 1146 return 1; 1147 } 1148 1149 return 0; 1150 } 1151 1152 static void rfcomm_dlc_accept(struct rfcomm_dlc *d) 1153 { 1154 BT_DBG("dlc %p", d); 1155 1156 rfcomm_send_ua(d->session, d->dlci); 1157 1158 rfcomm_dlc_lock(d); 1159 d->state = BT_CONNECTED; 1160 d->state_change(d, 0); 1161 rfcomm_dlc_unlock(d); 1162 1163 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1164 } 1165 1166 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci) 1167 { 1168 struct rfcomm_dlc *d; 1169 u8 channel; 1170 1171 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1172 1173 if (!dlci) { 1174 rfcomm_send_ua(s, 0); 1175 1176 if (s->state == BT_OPEN) { 1177 s->state = BT_CONNECTED; 1178 rfcomm_process_connect(s); 1179 } 1180 return 0; 1181 } 1182 1183 /* Check if DLC exists */ 1184 d = rfcomm_dlc_get(s, dlci); 1185 if (d) { 1186 if (d->state == BT_OPEN) { 1187 /* DLC was previously opened by PN request */ 1188 if (rfcomm_check_link_mode(d)) { 1189 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1190 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1191 return 0; 1192 } 1193 1194 rfcomm_dlc_accept(d); 1195 } 1196 return 0; 1197 } 1198 1199 /* Notify socket layer about incoming connection */ 1200 channel = __srv_channel(dlci); 1201 if (rfcomm_connect_ind(s, channel, &d)) { 1202 d->dlci = dlci; 1203 d->addr = __addr(s->initiator, dlci); 1204 rfcomm_dlc_link(s, d); 1205 1206 if (rfcomm_check_link_mode(d)) { 1207 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1208 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1209 return 0; 1210 } 1211 1212 rfcomm_dlc_accept(d); 1213 } else { 1214 rfcomm_send_dm(s, dlci); 1215 } 1216 1217 return 0; 1218 } 1219 1220 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn) 1221 { 1222 struct rfcomm_session *s = d->session; 1223 1224 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d", 1225 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits); 1226 1227 if (pn->flow_ctrl == 0xf0 || pn->flow_ctrl == 0xe0) { 1228 d->cfc = s->cfc = RFCOMM_CFC_ENABLED; 1229 d->tx_credits = pn->credits; 1230 } else { 1231 d->cfc = s->cfc = RFCOMM_CFC_DISABLED; 1232 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1233 } 1234 1235 d->priority = pn->priority; 1236 1237 d->mtu = s->mtu = btohs(pn->mtu); 1238 1239 return 0; 1240 } 1241 1242 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1243 { 1244 struct rfcomm_pn *pn = (void *) skb->data; 1245 struct rfcomm_dlc *d; 1246 u8 dlci = pn->dlci; 1247 1248 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1249 1250 if (!dlci) 1251 return 0; 1252 1253 d = rfcomm_dlc_get(s, dlci); 1254 if (d) { 1255 if (cr) { 1256 /* PN request */ 1257 rfcomm_apply_pn(d, cr, pn); 1258 rfcomm_send_pn(s, 0, d); 1259 } else { 1260 /* PN response */ 1261 switch (d->state) { 1262 case BT_CONFIG: 1263 rfcomm_apply_pn(d, cr, pn); 1264 1265 d->state = BT_CONNECT; 1266 rfcomm_send_sabm(s, d->dlci); 1267 break; 1268 } 1269 } 1270 } else { 1271 u8 channel = __srv_channel(dlci); 1272 1273 if (!cr) 1274 return 0; 1275 1276 /* PN request for non existing DLC. 1277 * Assume incoming connection. */ 1278 if (rfcomm_connect_ind(s, channel, &d)) { 1279 d->dlci = dlci; 1280 d->addr = __addr(s->initiator, dlci); 1281 rfcomm_dlc_link(s, d); 1282 1283 rfcomm_apply_pn(d, cr, pn); 1284 1285 d->state = BT_OPEN; 1286 rfcomm_send_pn(s, 0, d); 1287 } else { 1288 rfcomm_send_dm(s, dlci); 1289 } 1290 } 1291 return 0; 1292 } 1293 1294 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb) 1295 { 1296 struct rfcomm_rpn *rpn = (void *) skb->data; 1297 u8 dlci = __get_dlci(rpn->dlci); 1298 1299 u8 bit_rate = 0; 1300 u8 data_bits = 0; 1301 u8 stop_bits = 0; 1302 u8 parity = 0; 1303 u8 flow_ctrl = 0; 1304 u8 xon_char = 0; 1305 u8 xoff_char = 0; 1306 u16 rpn_mask = RFCOMM_RPN_PM_ALL; 1307 1308 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x", 1309 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl, 1310 rpn->xon_char, rpn->xoff_char, rpn->param_mask); 1311 1312 if (!cr) 1313 return 0; 1314 1315 if (len == 1) { 1316 /* This is a request, return default settings */ 1317 bit_rate = RFCOMM_RPN_BR_115200; 1318 data_bits = RFCOMM_RPN_DATA_8; 1319 stop_bits = RFCOMM_RPN_STOP_1; 1320 parity = RFCOMM_RPN_PARITY_NONE; 1321 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1322 xon_char = RFCOMM_RPN_XON_CHAR; 1323 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1324 goto rpn_out; 1325 } 1326 1327 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit, 1328 * no parity, no flow control lines, normal XON/XOFF chars */ 1329 1330 if (rpn->param_mask & RFCOMM_RPN_PM_BITRATE) { 1331 bit_rate = rpn->bit_rate; 1332 if (bit_rate != RFCOMM_RPN_BR_115200) { 1333 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate); 1334 bit_rate = RFCOMM_RPN_BR_115200; 1335 rpn_mask ^= RFCOMM_RPN_PM_BITRATE; 1336 } 1337 } 1338 1339 if (rpn->param_mask & RFCOMM_RPN_PM_DATA) { 1340 data_bits = __get_rpn_data_bits(rpn->line_settings); 1341 if (data_bits != RFCOMM_RPN_DATA_8) { 1342 BT_DBG("RPN data bits mismatch 0x%x", data_bits); 1343 data_bits = RFCOMM_RPN_DATA_8; 1344 rpn_mask ^= RFCOMM_RPN_PM_DATA; 1345 } 1346 } 1347 1348 if (rpn->param_mask & RFCOMM_RPN_PM_STOP) { 1349 stop_bits = __get_rpn_stop_bits(rpn->line_settings); 1350 if (stop_bits != RFCOMM_RPN_STOP_1) { 1351 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits); 1352 stop_bits = RFCOMM_RPN_STOP_1; 1353 rpn_mask ^= RFCOMM_RPN_PM_STOP; 1354 } 1355 } 1356 1357 if (rpn->param_mask & RFCOMM_RPN_PM_PARITY) { 1358 parity = __get_rpn_parity(rpn->line_settings); 1359 if (parity != RFCOMM_RPN_PARITY_NONE) { 1360 BT_DBG("RPN parity mismatch 0x%x", parity); 1361 parity = RFCOMM_RPN_PARITY_NONE; 1362 rpn_mask ^= RFCOMM_RPN_PM_PARITY; 1363 } 1364 } 1365 1366 if (rpn->param_mask & RFCOMM_RPN_PM_FLOW) { 1367 flow_ctrl = rpn->flow_ctrl; 1368 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) { 1369 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl); 1370 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1371 rpn_mask ^= RFCOMM_RPN_PM_FLOW; 1372 } 1373 } 1374 1375 if (rpn->param_mask & RFCOMM_RPN_PM_XON) { 1376 xon_char = rpn->xon_char; 1377 if (xon_char != RFCOMM_RPN_XON_CHAR) { 1378 BT_DBG("RPN XON char mismatch 0x%x", xon_char); 1379 xon_char = RFCOMM_RPN_XON_CHAR; 1380 rpn_mask ^= RFCOMM_RPN_PM_XON; 1381 } 1382 } 1383 1384 if (rpn->param_mask & RFCOMM_RPN_PM_XOFF) { 1385 xoff_char = rpn->xoff_char; 1386 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) { 1387 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char); 1388 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1389 rpn_mask ^= RFCOMM_RPN_PM_XOFF; 1390 } 1391 } 1392 1393 rpn_out: 1394 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits, 1395 parity, flow_ctrl, xon_char, xoff_char, rpn_mask); 1396 1397 return 0; 1398 } 1399 1400 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1401 { 1402 struct rfcomm_rls *rls = (void *) skb->data; 1403 u8 dlci = __get_dlci(rls->dlci); 1404 1405 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status); 1406 1407 if (!cr) 1408 return 0; 1409 1410 /* We should probably do something with this information here. But 1411 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's 1412 * mandatory to recognise and respond to RLS */ 1413 1414 rfcomm_send_rls(s, 0, dlci, rls->status); 1415 1416 return 0; 1417 } 1418 1419 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1420 { 1421 struct rfcomm_msc *msc = (void *) skb->data; 1422 struct rfcomm_dlc *d; 1423 u8 dlci = __get_dlci(msc->dlci); 1424 1425 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig); 1426 1427 d = rfcomm_dlc_get(s, dlci); 1428 if (!d) 1429 return 0; 1430 1431 if (cr) { 1432 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc) 1433 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1434 else 1435 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1436 1437 rfcomm_dlc_lock(d); 1438 if (d->modem_status) 1439 d->modem_status(d, msc->v24_sig); 1440 rfcomm_dlc_unlock(d); 1441 1442 rfcomm_send_msc(s, 0, dlci, msc->v24_sig); 1443 1444 d->mscex |= RFCOMM_MSCEX_RX; 1445 } else 1446 d->mscex |= RFCOMM_MSCEX_TX; 1447 1448 return 0; 1449 } 1450 1451 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb) 1452 { 1453 struct rfcomm_mcc *mcc = (void *) skb->data; 1454 u8 type, cr, len; 1455 1456 cr = __test_cr(mcc->type); 1457 type = __get_mcc_type(mcc->type); 1458 len = __get_mcc_len(mcc->len); 1459 1460 BT_DBG("%p type 0x%x cr %d", s, type, cr); 1461 1462 skb_pull(skb, 2); 1463 1464 switch (type) { 1465 case RFCOMM_PN: 1466 rfcomm_recv_pn(s, cr, skb); 1467 break; 1468 1469 case RFCOMM_RPN: 1470 rfcomm_recv_rpn(s, cr, len, skb); 1471 break; 1472 1473 case RFCOMM_RLS: 1474 rfcomm_recv_rls(s, cr, skb); 1475 break; 1476 1477 case RFCOMM_MSC: 1478 rfcomm_recv_msc(s, cr, skb); 1479 break; 1480 1481 case RFCOMM_FCOFF: 1482 if (cr) { 1483 set_bit(RFCOMM_TX_THROTTLED, &s->flags); 1484 rfcomm_send_fcoff(s, 0); 1485 } 1486 break; 1487 1488 case RFCOMM_FCON: 1489 if (cr) { 1490 clear_bit(RFCOMM_TX_THROTTLED, &s->flags); 1491 rfcomm_send_fcon(s, 0); 1492 } 1493 break; 1494 1495 case RFCOMM_TEST: 1496 if (cr) 1497 rfcomm_send_test(s, 0, skb->data, skb->len); 1498 break; 1499 1500 case RFCOMM_NSC: 1501 break; 1502 1503 default: 1504 BT_ERR("Unknown control type 0x%02x", type); 1505 rfcomm_send_nsc(s, cr, type); 1506 break; 1507 } 1508 return 0; 1509 } 1510 1511 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb) 1512 { 1513 struct rfcomm_dlc *d; 1514 1515 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf); 1516 1517 d = rfcomm_dlc_get(s, dlci); 1518 if (!d) { 1519 rfcomm_send_dm(s, dlci); 1520 goto drop; 1521 } 1522 1523 if (pf && d->cfc) { 1524 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1); 1525 1526 d->tx_credits += credits; 1527 if (d->tx_credits) 1528 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1529 } 1530 1531 if (skb->len && d->state == BT_CONNECTED) { 1532 rfcomm_dlc_lock(d); 1533 d->rx_credits--; 1534 d->data_ready(d, skb); 1535 rfcomm_dlc_unlock(d); 1536 return 0; 1537 } 1538 1539 drop: 1540 kfree_skb(skb); 1541 return 0; 1542 } 1543 1544 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb) 1545 { 1546 struct rfcomm_hdr *hdr = (void *) skb->data; 1547 u8 type, dlci, fcs; 1548 1549 dlci = __get_dlci(hdr->addr); 1550 type = __get_type(hdr->ctrl); 1551 1552 /* Trim FCS */ 1553 skb->len--; skb->tail--; 1554 fcs = *(u8 *) skb->tail; 1555 1556 if (__check_fcs(skb->data, type, fcs)) { 1557 BT_ERR("bad checksum in packet"); 1558 kfree_skb(skb); 1559 return -EILSEQ; 1560 } 1561 1562 if (__test_ea(hdr->len)) 1563 skb_pull(skb, 3); 1564 else 1565 skb_pull(skb, 4); 1566 1567 switch (type) { 1568 case RFCOMM_SABM: 1569 if (__test_pf(hdr->ctrl)) 1570 rfcomm_recv_sabm(s, dlci); 1571 break; 1572 1573 case RFCOMM_DISC: 1574 if (__test_pf(hdr->ctrl)) 1575 rfcomm_recv_disc(s, dlci); 1576 break; 1577 1578 case RFCOMM_UA: 1579 if (__test_pf(hdr->ctrl)) 1580 rfcomm_recv_ua(s, dlci); 1581 break; 1582 1583 case RFCOMM_DM: 1584 rfcomm_recv_dm(s, dlci); 1585 break; 1586 1587 case RFCOMM_UIH: 1588 if (dlci) 1589 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb); 1590 1591 rfcomm_recv_mcc(s, skb); 1592 break; 1593 1594 default: 1595 BT_ERR("Unknown packet type 0x%02x\n", type); 1596 break; 1597 } 1598 kfree_skb(skb); 1599 return 0; 1600 } 1601 1602 /* ---- Connection and data processing ---- */ 1603 1604 static void rfcomm_process_connect(struct rfcomm_session *s) 1605 { 1606 struct rfcomm_dlc *d; 1607 struct list_head *p, *n; 1608 1609 BT_DBG("session %p state %ld", s, s->state); 1610 1611 list_for_each_safe(p, n, &s->dlcs) { 1612 d = list_entry(p, struct rfcomm_dlc, list); 1613 if (d->state == BT_CONFIG) { 1614 d->mtu = s->mtu; 1615 rfcomm_send_pn(s, 1, d); 1616 } 1617 } 1618 } 1619 1620 /* Send data queued for the DLC. 1621 * Return number of frames left in the queue. 1622 */ 1623 static inline int rfcomm_process_tx(struct rfcomm_dlc *d) 1624 { 1625 struct sk_buff *skb; 1626 int err; 1627 1628 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d", 1629 d, d->state, d->cfc, d->rx_credits, d->tx_credits); 1630 1631 /* Send pending MSC */ 1632 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags)) 1633 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1634 1635 if (d->cfc) { 1636 /* CFC enabled. 1637 * Give them some credits */ 1638 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) && 1639 d->rx_credits <= (d->cfc >> 2)) { 1640 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits); 1641 d->rx_credits = d->cfc; 1642 } 1643 } else { 1644 /* CFC disabled. 1645 * Give ourselves some credits */ 1646 d->tx_credits = 5; 1647 } 1648 1649 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 1650 return skb_queue_len(&d->tx_queue); 1651 1652 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) { 1653 err = rfcomm_send_frame(d->session, skb->data, skb->len); 1654 if (err < 0) { 1655 skb_queue_head(&d->tx_queue, skb); 1656 break; 1657 } 1658 kfree_skb(skb); 1659 d->tx_credits--; 1660 } 1661 1662 if (d->cfc && !d->tx_credits) { 1663 /* We're out of TX credits. 1664 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */ 1665 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1666 } 1667 1668 return skb_queue_len(&d->tx_queue); 1669 } 1670 1671 static inline void rfcomm_process_dlcs(struct rfcomm_session *s) 1672 { 1673 struct rfcomm_dlc *d; 1674 struct list_head *p, *n; 1675 1676 BT_DBG("session %p state %ld", s, s->state); 1677 1678 list_for_each_safe(p, n, &s->dlcs) { 1679 d = list_entry(p, struct rfcomm_dlc, list); 1680 1681 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) { 1682 __rfcomm_dlc_close(d, ETIMEDOUT); 1683 continue; 1684 } 1685 1686 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) { 1687 rfcomm_dlc_clear_timer(d); 1688 rfcomm_dlc_accept(d); 1689 if (d->link_mode & RFCOMM_LM_SECURE) { 1690 struct sock *sk = s->sock->sk; 1691 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon); 1692 } 1693 continue; 1694 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) { 1695 rfcomm_dlc_clear_timer(d); 1696 rfcomm_send_dm(s, d->dlci); 1697 __rfcomm_dlc_close(d, ECONNREFUSED); 1698 continue; 1699 } 1700 1701 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags)) 1702 continue; 1703 1704 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) && 1705 d->mscex == RFCOMM_MSCEX_OK) 1706 rfcomm_process_tx(d); 1707 } 1708 } 1709 1710 static inline void rfcomm_process_rx(struct rfcomm_session *s) 1711 { 1712 struct socket *sock = s->sock; 1713 struct sock *sk = sock->sk; 1714 struct sk_buff *skb; 1715 1716 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue)); 1717 1718 /* Get data directly from socket receive queue without copying it. */ 1719 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 1720 skb_orphan(skb); 1721 rfcomm_recv_frame(s, skb); 1722 } 1723 1724 if (sk->sk_state == BT_CLOSED) { 1725 if (!s->initiator) 1726 rfcomm_session_put(s); 1727 1728 rfcomm_session_close(s, sk->sk_err); 1729 } 1730 } 1731 1732 static inline void rfcomm_accept_connection(struct rfcomm_session *s) 1733 { 1734 struct socket *sock = s->sock, *nsock; 1735 int err; 1736 1737 /* Fast check for a new connection. 1738 * Avoids unnesesary socket allocations. */ 1739 if (list_empty(&bt_sk(sock->sk)->accept_q)) 1740 return; 1741 1742 BT_DBG("session %p", s); 1743 1744 if (sock_create_lite(PF_BLUETOOTH, sock->type, BTPROTO_L2CAP, &nsock)) 1745 return; 1746 1747 nsock->ops = sock->ops; 1748 1749 __module_get(nsock->ops->owner); 1750 1751 err = sock->ops->accept(sock, nsock, O_NONBLOCK); 1752 if (err < 0) { 1753 sock_release(nsock); 1754 return; 1755 } 1756 1757 /* Set our callbacks */ 1758 nsock->sk->sk_data_ready = rfcomm_l2data_ready; 1759 nsock->sk->sk_state_change = rfcomm_l2state_change; 1760 1761 s = rfcomm_session_add(nsock, BT_OPEN); 1762 if (s) { 1763 rfcomm_session_hold(s); 1764 rfcomm_schedule(RFCOMM_SCHED_RX); 1765 } else 1766 sock_release(nsock); 1767 } 1768 1769 static inline void rfcomm_check_connection(struct rfcomm_session *s) 1770 { 1771 struct sock *sk = s->sock->sk; 1772 1773 BT_DBG("%p state %ld", s, s->state); 1774 1775 switch(sk->sk_state) { 1776 case BT_CONNECTED: 1777 s->state = BT_CONNECT; 1778 1779 /* We can adjust MTU on outgoing sessions. 1780 * L2CAP MTU minus UIH header and FCS. */ 1781 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5; 1782 1783 rfcomm_send_sabm(s, 0); 1784 break; 1785 1786 case BT_CLOSED: 1787 s->state = BT_CLOSED; 1788 rfcomm_session_close(s, sk->sk_err); 1789 break; 1790 } 1791 } 1792 1793 static inline void rfcomm_process_sessions(void) 1794 { 1795 struct list_head *p, *n; 1796 1797 rfcomm_lock(); 1798 1799 list_for_each_safe(p, n, &session_list) { 1800 struct rfcomm_session *s; 1801 s = list_entry(p, struct rfcomm_session, list); 1802 1803 if (s->state == BT_LISTEN) { 1804 rfcomm_accept_connection(s); 1805 continue; 1806 } 1807 1808 rfcomm_session_hold(s); 1809 1810 switch (s->state) { 1811 case BT_BOUND: 1812 rfcomm_check_connection(s); 1813 break; 1814 1815 default: 1816 rfcomm_process_rx(s); 1817 break; 1818 } 1819 1820 rfcomm_process_dlcs(s); 1821 1822 rfcomm_session_put(s); 1823 } 1824 1825 rfcomm_unlock(); 1826 } 1827 1828 static void rfcomm_worker(void) 1829 { 1830 BT_DBG(""); 1831 1832 while (!atomic_read(&terminate)) { 1833 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) { 1834 /* No pending events. Let's sleep. 1835 * Incoming connections and data will wake us up. */ 1836 set_current_state(TASK_INTERRUPTIBLE); 1837 schedule(); 1838 } 1839 1840 /* Process stuff */ 1841 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 1842 rfcomm_process_sessions(); 1843 } 1844 set_current_state(TASK_RUNNING); 1845 return; 1846 } 1847 1848 static int rfcomm_add_listener(bdaddr_t *ba) 1849 { 1850 struct sockaddr_l2 addr; 1851 struct socket *sock; 1852 struct sock *sk; 1853 struct rfcomm_session *s; 1854 int err = 0; 1855 1856 /* Create socket */ 1857 err = rfcomm_l2sock_create(&sock); 1858 if (err < 0) { 1859 BT_ERR("Create socket failed %d", err); 1860 return err; 1861 } 1862 1863 /* Bind socket */ 1864 bacpy(&addr.l2_bdaddr, ba); 1865 addr.l2_family = AF_BLUETOOTH; 1866 addr.l2_psm = htobs(RFCOMM_PSM); 1867 err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 1868 if (err < 0) { 1869 BT_ERR("Bind failed %d", err); 1870 goto failed; 1871 } 1872 1873 /* Set L2CAP options */ 1874 sk = sock->sk; 1875 lock_sock(sk); 1876 l2cap_pi(sk)->imtu = RFCOMM_MAX_L2CAP_MTU; 1877 release_sock(sk); 1878 1879 /* Start listening on the socket */ 1880 err = sock->ops->listen(sock, 10); 1881 if (err) { 1882 BT_ERR("Listen failed %d", err); 1883 goto failed; 1884 } 1885 1886 /* Add listening session */ 1887 s = rfcomm_session_add(sock, BT_LISTEN); 1888 if (!s) 1889 goto failed; 1890 1891 rfcomm_session_hold(s); 1892 return 0; 1893 failed: 1894 sock_release(sock); 1895 return err; 1896 } 1897 1898 static void rfcomm_kill_listener(void) 1899 { 1900 struct rfcomm_session *s; 1901 struct list_head *p, *n; 1902 1903 BT_DBG(""); 1904 1905 list_for_each_safe(p, n, &session_list) { 1906 s = list_entry(p, struct rfcomm_session, list); 1907 rfcomm_session_del(s); 1908 } 1909 } 1910 1911 static int rfcomm_run(void *unused) 1912 { 1913 rfcomm_thread = current; 1914 1915 atomic_inc(&running); 1916 1917 daemonize("krfcommd"); 1918 set_user_nice(current, -10); 1919 current->flags |= PF_NOFREEZE; 1920 1921 BT_DBG(""); 1922 1923 rfcomm_add_listener(BDADDR_ANY); 1924 1925 rfcomm_worker(); 1926 1927 rfcomm_kill_listener(); 1928 1929 atomic_dec(&running); 1930 return 0; 1931 } 1932 1933 static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status) 1934 { 1935 struct rfcomm_session *s; 1936 struct rfcomm_dlc *d; 1937 struct list_head *p, *n; 1938 1939 BT_DBG("conn %p status 0x%02x", conn, status); 1940 1941 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); 1942 if (!s) 1943 return; 1944 1945 rfcomm_session_hold(s); 1946 1947 list_for_each_safe(p, n, &s->dlcs) { 1948 d = list_entry(p, struct rfcomm_dlc, list); 1949 1950 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) 1951 continue; 1952 1953 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 1954 continue; 1955 1956 if (!status) 1957 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 1958 else 1959 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 1960 } 1961 1962 rfcomm_session_put(s); 1963 1964 rfcomm_schedule(RFCOMM_SCHED_AUTH); 1965 } 1966 1967 static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt) 1968 { 1969 struct rfcomm_session *s; 1970 struct rfcomm_dlc *d; 1971 struct list_head *p, *n; 1972 1973 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt); 1974 1975 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); 1976 if (!s) 1977 return; 1978 1979 rfcomm_session_hold(s); 1980 1981 list_for_each_safe(p, n, &s->dlcs) { 1982 d = list_entry(p, struct rfcomm_dlc, list); 1983 1984 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 1985 continue; 1986 1987 if (!status && encrypt) 1988 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 1989 else 1990 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 1991 } 1992 1993 rfcomm_session_put(s); 1994 1995 rfcomm_schedule(RFCOMM_SCHED_AUTH); 1996 } 1997 1998 static struct hci_cb rfcomm_cb = { 1999 .name = "RFCOMM", 2000 .auth_cfm = rfcomm_auth_cfm, 2001 .encrypt_cfm = rfcomm_encrypt_cfm 2002 }; 2003 2004 /* ---- Proc fs support ---- */ 2005 #ifdef CONFIG_PROC_FS 2006 static void *rfcomm_seq_start(struct seq_file *seq, loff_t *pos) 2007 { 2008 struct rfcomm_session *s; 2009 struct list_head *pp, *p; 2010 loff_t l = *pos; 2011 2012 rfcomm_lock(); 2013 2014 list_for_each(p, &session_list) { 2015 s = list_entry(p, struct rfcomm_session, list); 2016 list_for_each(pp, &s->dlcs) 2017 if (!l--) { 2018 seq->private = s; 2019 return pp; 2020 } 2021 } 2022 return NULL; 2023 } 2024 2025 static void *rfcomm_seq_next(struct seq_file *seq, void *e, loff_t *pos) 2026 { 2027 struct rfcomm_session *s = seq->private; 2028 struct list_head *pp, *p = e; 2029 (*pos)++; 2030 2031 if (p->next != &s->dlcs) 2032 return p->next; 2033 2034 list_for_each(p, &session_list) { 2035 s = list_entry(p, struct rfcomm_session, list); 2036 __list_for_each(pp, &s->dlcs) { 2037 seq->private = s; 2038 return pp; 2039 } 2040 } 2041 return NULL; 2042 } 2043 2044 static void rfcomm_seq_stop(struct seq_file *seq, void *e) 2045 { 2046 rfcomm_unlock(); 2047 } 2048 2049 static int rfcomm_seq_show(struct seq_file *seq, void *e) 2050 { 2051 struct rfcomm_session *s = seq->private; 2052 struct sock *sk = s->sock->sk; 2053 struct rfcomm_dlc *d = list_entry(e, struct rfcomm_dlc, list); 2054 2055 seq_printf(seq, "%s %s %ld %d %d %d %d\n", 2056 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), 2057 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits); 2058 return 0; 2059 } 2060 2061 static struct seq_operations rfcomm_seq_ops = { 2062 .start = rfcomm_seq_start, 2063 .next = rfcomm_seq_next, 2064 .stop = rfcomm_seq_stop, 2065 .show = rfcomm_seq_show 2066 }; 2067 2068 static int rfcomm_seq_open(struct inode *inode, struct file *file) 2069 { 2070 return seq_open(file, &rfcomm_seq_ops); 2071 } 2072 2073 static struct file_operations rfcomm_seq_fops = { 2074 .owner = THIS_MODULE, 2075 .open = rfcomm_seq_open, 2076 .read = seq_read, 2077 .llseek = seq_lseek, 2078 .release = seq_release, 2079 }; 2080 2081 static int __init rfcomm_proc_init(void) 2082 { 2083 struct proc_dir_entry *p; 2084 2085 proc_bt_rfcomm = proc_mkdir("rfcomm", proc_bt); 2086 if (proc_bt_rfcomm) { 2087 proc_bt_rfcomm->owner = THIS_MODULE; 2088 2089 p = create_proc_entry("dlc", S_IRUGO, proc_bt_rfcomm); 2090 if (p) 2091 p->proc_fops = &rfcomm_seq_fops; 2092 } 2093 return 0; 2094 } 2095 2096 static void __exit rfcomm_proc_cleanup(void) 2097 { 2098 remove_proc_entry("dlc", proc_bt_rfcomm); 2099 2100 remove_proc_entry("rfcomm", proc_bt); 2101 } 2102 2103 #else /* CONFIG_PROC_FS */ 2104 2105 static int __init rfcomm_proc_init(void) 2106 { 2107 return 0; 2108 } 2109 2110 static void __exit rfcomm_proc_cleanup(void) 2111 { 2112 return; 2113 } 2114 #endif /* CONFIG_PROC_FS */ 2115 2116 /* ---- Initialization ---- */ 2117 static int __init rfcomm_init(void) 2118 { 2119 l2cap_load(); 2120 2121 hci_register_cb(&rfcomm_cb); 2122 2123 kernel_thread(rfcomm_run, NULL, CLONE_KERNEL); 2124 2125 BT_INFO("RFCOMM ver %s", VERSION); 2126 2127 rfcomm_proc_init(); 2128 2129 rfcomm_init_sockets(); 2130 2131 #ifdef CONFIG_BT_RFCOMM_TTY 2132 rfcomm_init_ttys(); 2133 #endif 2134 2135 return 0; 2136 } 2137 2138 static void __exit rfcomm_exit(void) 2139 { 2140 hci_unregister_cb(&rfcomm_cb); 2141 2142 /* Terminate working thread. 2143 * ie. Set terminate flag and wake it up */ 2144 atomic_inc(&terminate); 2145 rfcomm_schedule(RFCOMM_SCHED_STATE); 2146 2147 /* Wait until thread is running */ 2148 while (atomic_read(&running)) 2149 schedule(); 2150 2151 #ifdef CONFIG_BT_RFCOMM_TTY 2152 rfcomm_cleanup_ttys(); 2153 #endif 2154 2155 rfcomm_cleanup_sockets(); 2156 2157 rfcomm_proc_cleanup(); 2158 } 2159 2160 module_init(rfcomm_init); 2161 module_exit(rfcomm_exit); 2162 2163 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>"); 2164 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION); 2165 MODULE_VERSION(VERSION); 2166 MODULE_LICENSE("GPL"); 2167 MODULE_ALIAS("bt-proto-3"); 2168