1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * Bluetooth RFCOMM core. 26 */ 27 28 #include <linux/module.h> 29 #include <linux/errno.h> 30 #include <linux/kernel.h> 31 #include <linux/sched.h> 32 #include <linux/signal.h> 33 #include <linux/init.h> 34 #include <linux/wait.h> 35 #include <linux/device.h> 36 #include <linux/net.h> 37 #include <linux/mutex.h> 38 #include <linux/kthread.h> 39 40 #include <net/sock.h> 41 #include <asm/uaccess.h> 42 #include <asm/unaligned.h> 43 44 #include <net/bluetooth/bluetooth.h> 45 #include <net/bluetooth/hci_core.h> 46 #include <net/bluetooth/l2cap.h> 47 #include <net/bluetooth/rfcomm.h> 48 49 #define VERSION "1.10" 50 51 static int disable_cfc = 0; 52 static int channel_mtu = -1; 53 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU; 54 55 static struct task_struct *rfcomm_thread; 56 57 static DEFINE_MUTEX(rfcomm_mutex); 58 #define rfcomm_lock() mutex_lock(&rfcomm_mutex) 59 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex) 60 61 static unsigned long rfcomm_event; 62 63 static LIST_HEAD(session_list); 64 65 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len); 66 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci); 67 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci); 68 static int rfcomm_queue_disc(struct rfcomm_dlc *d); 69 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type); 70 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d); 71 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig); 72 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len); 73 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits); 74 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr); 75 76 static void rfcomm_process_connect(struct rfcomm_session *s); 77 78 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err); 79 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst); 80 static void rfcomm_session_del(struct rfcomm_session *s); 81 82 /* ---- RFCOMM frame parsing macros ---- */ 83 #define __get_dlci(b) ((b & 0xfc) >> 2) 84 #define __get_channel(b) ((b & 0xf8) >> 3) 85 #define __get_dir(b) ((b & 0x04) >> 2) 86 #define __get_type(b) ((b & 0xef)) 87 88 #define __test_ea(b) ((b & 0x01)) 89 #define __test_cr(b) ((b & 0x02)) 90 #define __test_pf(b) ((b & 0x10)) 91 92 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01) 93 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4))) 94 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir) 95 #define __srv_channel(dlci) (dlci >> 1) 96 #define __dir(dlci) (dlci & 0x01) 97 98 #define __len8(len) (((len) << 1) | 1) 99 #define __len16(len) ((len) << 1) 100 101 /* MCC macros */ 102 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01)) 103 #define __get_mcc_type(b) ((b & 0xfc) >> 2) 104 #define __get_mcc_len(b) ((b & 0xfe) >> 1) 105 106 /* RPN macros */ 107 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3)) 108 #define __get_rpn_data_bits(line) ((line) & 0x3) 109 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1) 110 #define __get_rpn_parity(line) (((line) >> 3) & 0x7) 111 112 static inline void rfcomm_schedule(uint event) 113 { 114 if (!rfcomm_thread) 115 return; 116 //set_bit(event, &rfcomm_event); 117 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 118 wake_up_process(rfcomm_thread); 119 } 120 121 static inline void rfcomm_session_put(struct rfcomm_session *s) 122 { 123 if (atomic_dec_and_test(&s->refcnt)) 124 rfcomm_session_del(s); 125 } 126 127 /* ---- RFCOMM FCS computation ---- */ 128 129 /* reversed, 8-bit, poly=0x07 */ 130 static unsigned char rfcomm_crc_table[256] = { 131 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75, 132 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b, 133 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69, 134 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67, 135 136 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d, 137 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43, 138 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51, 139 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f, 140 141 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05, 142 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b, 143 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19, 144 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17, 145 146 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d, 147 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33, 148 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21, 149 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f, 150 151 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95, 152 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b, 153 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89, 154 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87, 155 156 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad, 157 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3, 158 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1, 159 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf, 160 161 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5, 162 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb, 163 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9, 164 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7, 165 166 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd, 167 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3, 168 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1, 169 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf 170 }; 171 172 /* CRC on 2 bytes */ 173 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]]) 174 175 /* FCS on 2 bytes */ 176 static inline u8 __fcs(u8 *data) 177 { 178 return (0xff - __crc(data)); 179 } 180 181 /* FCS on 3 bytes */ 182 static inline u8 __fcs2(u8 *data) 183 { 184 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]); 185 } 186 187 /* Check FCS */ 188 static inline int __check_fcs(u8 *data, int type, u8 fcs) 189 { 190 u8 f = __crc(data); 191 192 if (type != RFCOMM_UIH) 193 f = rfcomm_crc_table[f ^ data[2]]; 194 195 return rfcomm_crc_table[f ^ fcs] != 0xcf; 196 } 197 198 /* ---- L2CAP callbacks ---- */ 199 static void rfcomm_l2state_change(struct sock *sk) 200 { 201 BT_DBG("%p state %d", sk, sk->sk_state); 202 rfcomm_schedule(RFCOMM_SCHED_STATE); 203 } 204 205 static void rfcomm_l2data_ready(struct sock *sk, int bytes) 206 { 207 BT_DBG("%p bytes %d", sk, bytes); 208 rfcomm_schedule(RFCOMM_SCHED_RX); 209 } 210 211 static int rfcomm_l2sock_create(struct socket **sock) 212 { 213 int err; 214 215 BT_DBG(""); 216 217 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock); 218 if (!err) { 219 struct sock *sk = (*sock)->sk; 220 sk->sk_data_ready = rfcomm_l2data_ready; 221 sk->sk_state_change = rfcomm_l2state_change; 222 } 223 return err; 224 } 225 226 static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d) 227 { 228 struct sock *sk = d->session->sock->sk; 229 230 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) { 231 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon)) 232 return 1; 233 } else if (d->link_mode & RFCOMM_LM_AUTH) { 234 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon)) 235 return 1; 236 } 237 238 return 0; 239 } 240 241 /* ---- RFCOMM DLCs ---- */ 242 static void rfcomm_dlc_timeout(unsigned long arg) 243 { 244 struct rfcomm_dlc *d = (void *) arg; 245 246 BT_DBG("dlc %p state %ld", d, d->state); 247 248 set_bit(RFCOMM_TIMED_OUT, &d->flags); 249 rfcomm_dlc_put(d); 250 rfcomm_schedule(RFCOMM_SCHED_TIMEO); 251 } 252 253 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout) 254 { 255 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout); 256 257 if (!mod_timer(&d->timer, jiffies + timeout)) 258 rfcomm_dlc_hold(d); 259 } 260 261 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d) 262 { 263 BT_DBG("dlc %p state %ld", d, d->state); 264 265 if (timer_pending(&d->timer) && del_timer(&d->timer)) 266 rfcomm_dlc_put(d); 267 } 268 269 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d) 270 { 271 BT_DBG("%p", d); 272 273 d->state = BT_OPEN; 274 d->flags = 0; 275 d->mscex = 0; 276 d->mtu = RFCOMM_DEFAULT_MTU; 277 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV; 278 279 d->cfc = RFCOMM_CFC_DISABLED; 280 d->rx_credits = RFCOMM_DEFAULT_CREDITS; 281 } 282 283 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio) 284 { 285 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio); 286 287 if (!d) 288 return NULL; 289 290 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d); 291 292 skb_queue_head_init(&d->tx_queue); 293 spin_lock_init(&d->lock); 294 atomic_set(&d->refcnt, 1); 295 296 rfcomm_dlc_clear_state(d); 297 298 BT_DBG("%p", d); 299 300 return d; 301 } 302 303 void rfcomm_dlc_free(struct rfcomm_dlc *d) 304 { 305 BT_DBG("%p", d); 306 307 skb_queue_purge(&d->tx_queue); 308 kfree(d); 309 } 310 311 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d) 312 { 313 BT_DBG("dlc %p session %p", d, s); 314 315 rfcomm_session_hold(s); 316 317 rfcomm_dlc_hold(d); 318 list_add(&d->list, &s->dlcs); 319 d->session = s; 320 } 321 322 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d) 323 { 324 struct rfcomm_session *s = d->session; 325 326 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s); 327 328 list_del(&d->list); 329 d->session = NULL; 330 rfcomm_dlc_put(d); 331 332 rfcomm_session_put(s); 333 } 334 335 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci) 336 { 337 struct rfcomm_dlc *d; 338 struct list_head *p; 339 340 list_for_each(p, &s->dlcs) { 341 d = list_entry(p, struct rfcomm_dlc, list); 342 if (d->dlci == dlci) 343 return d; 344 } 345 return NULL; 346 } 347 348 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 349 { 350 struct rfcomm_session *s; 351 int err = 0; 352 u8 dlci; 353 354 BT_DBG("dlc %p state %ld %s %s channel %d", 355 d, d->state, batostr(src), batostr(dst), channel); 356 357 if (channel < 1 || channel > 30) 358 return -EINVAL; 359 360 if (d->state != BT_OPEN && d->state != BT_CLOSED) 361 return 0; 362 363 s = rfcomm_session_get(src, dst); 364 if (!s) { 365 s = rfcomm_session_create(src, dst, &err); 366 if (!s) 367 return err; 368 } 369 370 dlci = __dlci(!s->initiator, channel); 371 372 /* Check if DLCI already exists */ 373 if (rfcomm_dlc_get(s, dlci)) 374 return -EBUSY; 375 376 rfcomm_dlc_clear_state(d); 377 378 d->dlci = dlci; 379 d->addr = __addr(s->initiator, dlci); 380 d->priority = 7; 381 382 d->state = BT_CONFIG; 383 rfcomm_dlc_link(s, d); 384 385 d->out = 1; 386 387 d->mtu = s->mtu; 388 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc; 389 390 if (s->state == BT_CONNECTED) { 391 if (rfcomm_check_link_mode(d)) 392 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 393 else 394 rfcomm_send_pn(s, 1, d); 395 } 396 397 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 398 399 return 0; 400 } 401 402 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 403 { 404 int r; 405 406 rfcomm_lock(); 407 408 r = __rfcomm_dlc_open(d, src, dst, channel); 409 410 rfcomm_unlock(); 411 return r; 412 } 413 414 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 415 { 416 struct rfcomm_session *s = d->session; 417 if (!s) 418 return 0; 419 420 BT_DBG("dlc %p state %ld dlci %d err %d session %p", 421 d, d->state, d->dlci, err, s); 422 423 switch (d->state) { 424 case BT_CONNECTED: 425 case BT_CONFIG: 426 case BT_CONNECT: 427 d->state = BT_DISCONN; 428 if (skb_queue_empty(&d->tx_queue)) { 429 rfcomm_send_disc(s, d->dlci); 430 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT); 431 } else { 432 rfcomm_queue_disc(d); 433 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2); 434 } 435 break; 436 437 default: 438 rfcomm_dlc_clear_timer(d); 439 440 rfcomm_dlc_lock(d); 441 d->state = BT_CLOSED; 442 d->state_change(d, err); 443 rfcomm_dlc_unlock(d); 444 445 skb_queue_purge(&d->tx_queue); 446 rfcomm_dlc_unlink(d); 447 } 448 449 return 0; 450 } 451 452 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 453 { 454 int r; 455 456 rfcomm_lock(); 457 458 r = __rfcomm_dlc_close(d, err); 459 460 rfcomm_unlock(); 461 return r; 462 } 463 464 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb) 465 { 466 int len = skb->len; 467 468 if (d->state != BT_CONNECTED) 469 return -ENOTCONN; 470 471 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len); 472 473 if (len > d->mtu) 474 return -EINVAL; 475 476 rfcomm_make_uih(skb, d->addr); 477 skb_queue_tail(&d->tx_queue, skb); 478 479 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 480 rfcomm_schedule(RFCOMM_SCHED_TX); 481 return len; 482 } 483 484 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d) 485 { 486 BT_DBG("dlc %p state %ld", d, d->state); 487 488 if (!d->cfc) { 489 d->v24_sig |= RFCOMM_V24_FC; 490 set_bit(RFCOMM_MSC_PENDING, &d->flags); 491 } 492 rfcomm_schedule(RFCOMM_SCHED_TX); 493 } 494 495 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d) 496 { 497 BT_DBG("dlc %p state %ld", d, d->state); 498 499 if (!d->cfc) { 500 d->v24_sig &= ~RFCOMM_V24_FC; 501 set_bit(RFCOMM_MSC_PENDING, &d->flags); 502 } 503 rfcomm_schedule(RFCOMM_SCHED_TX); 504 } 505 506 /* 507 Set/get modem status functions use _local_ status i.e. what we report 508 to the other side. 509 Remote status is provided by dlc->modem_status() callback. 510 */ 511 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig) 512 { 513 BT_DBG("dlc %p state %ld v24_sig 0x%x", 514 d, d->state, v24_sig); 515 516 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags)) 517 v24_sig |= RFCOMM_V24_FC; 518 else 519 v24_sig &= ~RFCOMM_V24_FC; 520 521 d->v24_sig = v24_sig; 522 523 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags)) 524 rfcomm_schedule(RFCOMM_SCHED_TX); 525 526 return 0; 527 } 528 529 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig) 530 { 531 BT_DBG("dlc %p state %ld v24_sig 0x%x", 532 d, d->state, d->v24_sig); 533 534 *v24_sig = d->v24_sig; 535 return 0; 536 } 537 538 /* ---- RFCOMM sessions ---- */ 539 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state) 540 { 541 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL); 542 543 if (!s) 544 return NULL; 545 546 BT_DBG("session %p sock %p", s, sock); 547 548 INIT_LIST_HEAD(&s->dlcs); 549 s->state = state; 550 s->sock = sock; 551 552 s->mtu = RFCOMM_DEFAULT_MTU; 553 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN; 554 555 /* Do not increment module usage count for listening sessions. 556 * Otherwise we won't be able to unload the module. */ 557 if (state != BT_LISTEN) 558 if (!try_module_get(THIS_MODULE)) { 559 kfree(s); 560 return NULL; 561 } 562 563 list_add(&s->list, &session_list); 564 565 return s; 566 } 567 568 static void rfcomm_session_del(struct rfcomm_session *s) 569 { 570 int state = s->state; 571 572 BT_DBG("session %p state %ld", s, s->state); 573 574 list_del(&s->list); 575 576 if (state == BT_CONNECTED) 577 rfcomm_send_disc(s, 0); 578 579 sock_release(s->sock); 580 kfree(s); 581 582 if (state != BT_LISTEN) 583 module_put(THIS_MODULE); 584 } 585 586 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst) 587 { 588 struct rfcomm_session *s; 589 struct list_head *p, *n; 590 struct bt_sock *sk; 591 list_for_each_safe(p, n, &session_list) { 592 s = list_entry(p, struct rfcomm_session, list); 593 sk = bt_sk(s->sock->sk); 594 595 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) && 596 !bacmp(&sk->dst, dst)) 597 return s; 598 } 599 return NULL; 600 } 601 602 static void rfcomm_session_close(struct rfcomm_session *s, int err) 603 { 604 struct rfcomm_dlc *d; 605 struct list_head *p, *n; 606 607 BT_DBG("session %p state %ld err %d", s, s->state, err); 608 609 rfcomm_session_hold(s); 610 611 s->state = BT_CLOSED; 612 613 /* Close all dlcs */ 614 list_for_each_safe(p, n, &s->dlcs) { 615 d = list_entry(p, struct rfcomm_dlc, list); 616 d->state = BT_CLOSED; 617 __rfcomm_dlc_close(d, err); 618 } 619 620 rfcomm_session_put(s); 621 } 622 623 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err) 624 { 625 struct rfcomm_session *s = NULL; 626 struct sockaddr_l2 addr; 627 struct socket *sock; 628 struct sock *sk; 629 630 BT_DBG("%s %s", batostr(src), batostr(dst)); 631 632 *err = rfcomm_l2sock_create(&sock); 633 if (*err < 0) 634 return NULL; 635 636 bacpy(&addr.l2_bdaddr, src); 637 addr.l2_family = AF_BLUETOOTH; 638 addr.l2_psm = 0; 639 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 640 if (*err < 0) 641 goto failed; 642 643 /* Set L2CAP options */ 644 sk = sock->sk; 645 lock_sock(sk); 646 l2cap_pi(sk)->imtu = l2cap_mtu; 647 release_sock(sk); 648 649 s = rfcomm_session_add(sock, BT_BOUND); 650 if (!s) { 651 *err = -ENOMEM; 652 goto failed; 653 } 654 655 s->initiator = 1; 656 657 bacpy(&addr.l2_bdaddr, dst); 658 addr.l2_family = AF_BLUETOOTH; 659 addr.l2_psm = htobs(RFCOMM_PSM); 660 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); 661 if (*err == 0 || *err == -EINPROGRESS) 662 return s; 663 664 rfcomm_session_del(s); 665 return NULL; 666 667 failed: 668 sock_release(sock); 669 return NULL; 670 } 671 672 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst) 673 { 674 struct sock *sk = s->sock->sk; 675 if (src) 676 bacpy(src, &bt_sk(sk)->src); 677 if (dst) 678 bacpy(dst, &bt_sk(sk)->dst); 679 } 680 681 /* ---- RFCOMM frame sending ---- */ 682 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len) 683 { 684 struct socket *sock = s->sock; 685 struct kvec iv = { data, len }; 686 struct msghdr msg; 687 688 BT_DBG("session %p len %d", s, len); 689 690 memset(&msg, 0, sizeof(msg)); 691 692 return kernel_sendmsg(sock, &msg, &iv, 1, len); 693 } 694 695 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci) 696 { 697 struct rfcomm_cmd cmd; 698 699 BT_DBG("%p dlci %d", s, dlci); 700 701 cmd.addr = __addr(s->initiator, dlci); 702 cmd.ctrl = __ctrl(RFCOMM_SABM, 1); 703 cmd.len = __len8(0); 704 cmd.fcs = __fcs2((u8 *) &cmd); 705 706 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 707 } 708 709 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci) 710 { 711 struct rfcomm_cmd cmd; 712 713 BT_DBG("%p dlci %d", s, dlci); 714 715 cmd.addr = __addr(!s->initiator, dlci); 716 cmd.ctrl = __ctrl(RFCOMM_UA, 1); 717 cmd.len = __len8(0); 718 cmd.fcs = __fcs2((u8 *) &cmd); 719 720 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 721 } 722 723 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci) 724 { 725 struct rfcomm_cmd cmd; 726 727 BT_DBG("%p dlci %d", s, dlci); 728 729 cmd.addr = __addr(s->initiator, dlci); 730 cmd.ctrl = __ctrl(RFCOMM_DISC, 1); 731 cmd.len = __len8(0); 732 cmd.fcs = __fcs2((u8 *) &cmd); 733 734 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 735 } 736 737 static int rfcomm_queue_disc(struct rfcomm_dlc *d) 738 { 739 struct rfcomm_cmd *cmd; 740 struct sk_buff *skb; 741 742 BT_DBG("dlc %p dlci %d", d, d->dlci); 743 744 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL); 745 if (!skb) 746 return -ENOMEM; 747 748 cmd = (void *) __skb_put(skb, sizeof(*cmd)); 749 cmd->addr = d->addr; 750 cmd->ctrl = __ctrl(RFCOMM_DISC, 1); 751 cmd->len = __len8(0); 752 cmd->fcs = __fcs2((u8 *) cmd); 753 754 skb_queue_tail(&d->tx_queue, skb); 755 rfcomm_schedule(RFCOMM_SCHED_TX); 756 return 0; 757 } 758 759 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci) 760 { 761 struct rfcomm_cmd cmd; 762 763 BT_DBG("%p dlci %d", s, dlci); 764 765 cmd.addr = __addr(!s->initiator, dlci); 766 cmd.ctrl = __ctrl(RFCOMM_DM, 1); 767 cmd.len = __len8(0); 768 cmd.fcs = __fcs2((u8 *) &cmd); 769 770 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 771 } 772 773 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type) 774 { 775 struct rfcomm_hdr *hdr; 776 struct rfcomm_mcc *mcc; 777 u8 buf[16], *ptr = buf; 778 779 BT_DBG("%p cr %d type %d", s, cr, type); 780 781 hdr = (void *) ptr; ptr += sizeof(*hdr); 782 hdr->addr = __addr(s->initiator, 0); 783 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 784 hdr->len = __len8(sizeof(*mcc) + 1); 785 786 mcc = (void *) ptr; ptr += sizeof(*mcc); 787 mcc->type = __mcc_type(cr, RFCOMM_NSC); 788 mcc->len = __len8(1); 789 790 /* Type that we didn't like */ 791 *ptr = __mcc_type(cr, type); ptr++; 792 793 *ptr = __fcs(buf); ptr++; 794 795 return rfcomm_send_frame(s, buf, ptr - buf); 796 } 797 798 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d) 799 { 800 struct rfcomm_hdr *hdr; 801 struct rfcomm_mcc *mcc; 802 struct rfcomm_pn *pn; 803 u8 buf[16], *ptr = buf; 804 805 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu); 806 807 hdr = (void *) ptr; ptr += sizeof(*hdr); 808 hdr->addr = __addr(s->initiator, 0); 809 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 810 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn)); 811 812 mcc = (void *) ptr; ptr += sizeof(*mcc); 813 mcc->type = __mcc_type(cr, RFCOMM_PN); 814 mcc->len = __len8(sizeof(*pn)); 815 816 pn = (void *) ptr; ptr += sizeof(*pn); 817 pn->dlci = d->dlci; 818 pn->priority = d->priority; 819 pn->ack_timer = 0; 820 pn->max_retrans = 0; 821 822 if (s->cfc) { 823 pn->flow_ctrl = cr ? 0xf0 : 0xe0; 824 pn->credits = RFCOMM_DEFAULT_CREDITS; 825 } else { 826 pn->flow_ctrl = 0; 827 pn->credits = 0; 828 } 829 830 if (cr && channel_mtu >= 0) 831 pn->mtu = htobs(channel_mtu); 832 else 833 pn->mtu = htobs(d->mtu); 834 835 *ptr = __fcs(buf); ptr++; 836 837 return rfcomm_send_frame(s, buf, ptr - buf); 838 } 839 840 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci, 841 u8 bit_rate, u8 data_bits, u8 stop_bits, 842 u8 parity, u8 flow_ctrl_settings, 843 u8 xon_char, u8 xoff_char, u16 param_mask) 844 { 845 struct rfcomm_hdr *hdr; 846 struct rfcomm_mcc *mcc; 847 struct rfcomm_rpn *rpn; 848 u8 buf[16], *ptr = buf; 849 850 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x" 851 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x", 852 s, cr, dlci, bit_rate, data_bits, stop_bits, parity, 853 flow_ctrl_settings, xon_char, xoff_char, param_mask); 854 855 hdr = (void *) ptr; ptr += sizeof(*hdr); 856 hdr->addr = __addr(s->initiator, 0); 857 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 858 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn)); 859 860 mcc = (void *) ptr; ptr += sizeof(*mcc); 861 mcc->type = __mcc_type(cr, RFCOMM_RPN); 862 mcc->len = __len8(sizeof(*rpn)); 863 864 rpn = (void *) ptr; ptr += sizeof(*rpn); 865 rpn->dlci = __addr(1, dlci); 866 rpn->bit_rate = bit_rate; 867 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity); 868 rpn->flow_ctrl = flow_ctrl_settings; 869 rpn->xon_char = xon_char; 870 rpn->xoff_char = xoff_char; 871 rpn->param_mask = cpu_to_le16(param_mask); 872 873 *ptr = __fcs(buf); ptr++; 874 875 return rfcomm_send_frame(s, buf, ptr - buf); 876 } 877 878 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status) 879 { 880 struct rfcomm_hdr *hdr; 881 struct rfcomm_mcc *mcc; 882 struct rfcomm_rls *rls; 883 u8 buf[16], *ptr = buf; 884 885 BT_DBG("%p cr %d status 0x%x", s, cr, status); 886 887 hdr = (void *) ptr; ptr += sizeof(*hdr); 888 hdr->addr = __addr(s->initiator, 0); 889 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 890 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls)); 891 892 mcc = (void *) ptr; ptr += sizeof(*mcc); 893 mcc->type = __mcc_type(cr, RFCOMM_RLS); 894 mcc->len = __len8(sizeof(*rls)); 895 896 rls = (void *) ptr; ptr += sizeof(*rls); 897 rls->dlci = __addr(1, dlci); 898 rls->status = status; 899 900 *ptr = __fcs(buf); ptr++; 901 902 return rfcomm_send_frame(s, buf, ptr - buf); 903 } 904 905 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig) 906 { 907 struct rfcomm_hdr *hdr; 908 struct rfcomm_mcc *mcc; 909 struct rfcomm_msc *msc; 910 u8 buf[16], *ptr = buf; 911 912 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig); 913 914 hdr = (void *) ptr; ptr += sizeof(*hdr); 915 hdr->addr = __addr(s->initiator, 0); 916 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 917 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc)); 918 919 mcc = (void *) ptr; ptr += sizeof(*mcc); 920 mcc->type = __mcc_type(cr, RFCOMM_MSC); 921 mcc->len = __len8(sizeof(*msc)); 922 923 msc = (void *) ptr; ptr += sizeof(*msc); 924 msc->dlci = __addr(1, dlci); 925 msc->v24_sig = v24_sig | 0x01; 926 927 *ptr = __fcs(buf); ptr++; 928 929 return rfcomm_send_frame(s, buf, ptr - buf); 930 } 931 932 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr) 933 { 934 struct rfcomm_hdr *hdr; 935 struct rfcomm_mcc *mcc; 936 u8 buf[16], *ptr = buf; 937 938 BT_DBG("%p cr %d", s, cr); 939 940 hdr = (void *) ptr; ptr += sizeof(*hdr); 941 hdr->addr = __addr(s->initiator, 0); 942 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 943 hdr->len = __len8(sizeof(*mcc)); 944 945 mcc = (void *) ptr; ptr += sizeof(*mcc); 946 mcc->type = __mcc_type(cr, RFCOMM_FCOFF); 947 mcc->len = __len8(0); 948 949 *ptr = __fcs(buf); ptr++; 950 951 return rfcomm_send_frame(s, buf, ptr - buf); 952 } 953 954 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr) 955 { 956 struct rfcomm_hdr *hdr; 957 struct rfcomm_mcc *mcc; 958 u8 buf[16], *ptr = buf; 959 960 BT_DBG("%p cr %d", s, cr); 961 962 hdr = (void *) ptr; ptr += sizeof(*hdr); 963 hdr->addr = __addr(s->initiator, 0); 964 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 965 hdr->len = __len8(sizeof(*mcc)); 966 967 mcc = (void *) ptr; ptr += sizeof(*mcc); 968 mcc->type = __mcc_type(cr, RFCOMM_FCON); 969 mcc->len = __len8(0); 970 971 *ptr = __fcs(buf); ptr++; 972 973 return rfcomm_send_frame(s, buf, ptr - buf); 974 } 975 976 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len) 977 { 978 struct socket *sock = s->sock; 979 struct kvec iv[3]; 980 struct msghdr msg; 981 unsigned char hdr[5], crc[1]; 982 983 if (len > 125) 984 return -EINVAL; 985 986 BT_DBG("%p cr %d", s, cr); 987 988 hdr[0] = __addr(s->initiator, 0); 989 hdr[1] = __ctrl(RFCOMM_UIH, 0); 990 hdr[2] = 0x01 | ((len + 2) << 1); 991 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2); 992 hdr[4] = 0x01 | (len << 1); 993 994 crc[0] = __fcs(hdr); 995 996 iv[0].iov_base = hdr; 997 iv[0].iov_len = 5; 998 iv[1].iov_base = pattern; 999 iv[1].iov_len = len; 1000 iv[2].iov_base = crc; 1001 iv[2].iov_len = 1; 1002 1003 memset(&msg, 0, sizeof(msg)); 1004 1005 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len); 1006 } 1007 1008 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits) 1009 { 1010 struct rfcomm_hdr *hdr; 1011 u8 buf[16], *ptr = buf; 1012 1013 BT_DBG("%p addr %d credits %d", s, addr, credits); 1014 1015 hdr = (void *) ptr; ptr += sizeof(*hdr); 1016 hdr->addr = addr; 1017 hdr->ctrl = __ctrl(RFCOMM_UIH, 1); 1018 hdr->len = __len8(0); 1019 1020 *ptr = credits; ptr++; 1021 1022 *ptr = __fcs(buf); ptr++; 1023 1024 return rfcomm_send_frame(s, buf, ptr - buf); 1025 } 1026 1027 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr) 1028 { 1029 struct rfcomm_hdr *hdr; 1030 int len = skb->len; 1031 u8 *crc; 1032 1033 if (len > 127) { 1034 hdr = (void *) skb_push(skb, 4); 1035 put_unaligned(htobs(__len16(len)), (__le16 *) &hdr->len); 1036 } else { 1037 hdr = (void *) skb_push(skb, 3); 1038 hdr->len = __len8(len); 1039 } 1040 hdr->addr = addr; 1041 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1042 1043 crc = skb_put(skb, 1); 1044 *crc = __fcs((void *) hdr); 1045 } 1046 1047 /* ---- RFCOMM frame reception ---- */ 1048 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci) 1049 { 1050 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1051 1052 if (dlci) { 1053 /* Data channel */ 1054 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1055 if (!d) { 1056 rfcomm_send_dm(s, dlci); 1057 return 0; 1058 } 1059 1060 switch (d->state) { 1061 case BT_CONNECT: 1062 rfcomm_dlc_clear_timer(d); 1063 1064 rfcomm_dlc_lock(d); 1065 d->state = BT_CONNECTED; 1066 d->state_change(d, 0); 1067 rfcomm_dlc_unlock(d); 1068 1069 rfcomm_send_msc(s, 1, dlci, d->v24_sig); 1070 break; 1071 1072 case BT_DISCONN: 1073 d->state = BT_CLOSED; 1074 __rfcomm_dlc_close(d, 0); 1075 1076 if (list_empty(&s->dlcs)) { 1077 s->state = BT_DISCONN; 1078 rfcomm_send_disc(s, 0); 1079 } 1080 1081 break; 1082 } 1083 } else { 1084 /* Control channel */ 1085 switch (s->state) { 1086 case BT_CONNECT: 1087 s->state = BT_CONNECTED; 1088 rfcomm_process_connect(s); 1089 break; 1090 1091 case BT_DISCONN: 1092 rfcomm_session_put(s); 1093 break; 1094 } 1095 } 1096 return 0; 1097 } 1098 1099 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci) 1100 { 1101 int err = 0; 1102 1103 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1104 1105 if (dlci) { 1106 /* Data DLC */ 1107 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1108 if (d) { 1109 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1110 err = ECONNREFUSED; 1111 else 1112 err = ECONNRESET; 1113 1114 d->state = BT_CLOSED; 1115 __rfcomm_dlc_close(d, err); 1116 } 1117 } else { 1118 if (s->state == BT_CONNECT) 1119 err = ECONNREFUSED; 1120 else 1121 err = ECONNRESET; 1122 1123 s->state = BT_CLOSED; 1124 rfcomm_session_close(s, err); 1125 } 1126 return 0; 1127 } 1128 1129 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci) 1130 { 1131 int err = 0; 1132 1133 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1134 1135 if (dlci) { 1136 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1137 if (d) { 1138 rfcomm_send_ua(s, dlci); 1139 1140 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1141 err = ECONNREFUSED; 1142 else 1143 err = ECONNRESET; 1144 1145 d->state = BT_CLOSED; 1146 __rfcomm_dlc_close(d, err); 1147 } else 1148 rfcomm_send_dm(s, dlci); 1149 1150 } else { 1151 rfcomm_send_ua(s, 0); 1152 1153 if (s->state == BT_CONNECT) 1154 err = ECONNREFUSED; 1155 else 1156 err = ECONNRESET; 1157 1158 s->state = BT_CLOSED; 1159 rfcomm_session_close(s, err); 1160 } 1161 1162 return 0; 1163 } 1164 1165 static void rfcomm_dlc_accept(struct rfcomm_dlc *d) 1166 { 1167 struct sock *sk = d->session->sock->sk; 1168 1169 BT_DBG("dlc %p", d); 1170 1171 rfcomm_send_ua(d->session, d->dlci); 1172 1173 rfcomm_dlc_lock(d); 1174 d->state = BT_CONNECTED; 1175 d->state_change(d, 0); 1176 rfcomm_dlc_unlock(d); 1177 1178 if (d->link_mode & RFCOMM_LM_MASTER) 1179 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00); 1180 1181 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1182 } 1183 1184 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci) 1185 { 1186 struct rfcomm_dlc *d; 1187 u8 channel; 1188 1189 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1190 1191 if (!dlci) { 1192 rfcomm_send_ua(s, 0); 1193 1194 if (s->state == BT_OPEN) { 1195 s->state = BT_CONNECTED; 1196 rfcomm_process_connect(s); 1197 } 1198 return 0; 1199 } 1200 1201 /* Check if DLC exists */ 1202 d = rfcomm_dlc_get(s, dlci); 1203 if (d) { 1204 if (d->state == BT_OPEN) { 1205 /* DLC was previously opened by PN request */ 1206 if (rfcomm_check_link_mode(d)) { 1207 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1208 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1209 } else 1210 rfcomm_dlc_accept(d); 1211 } 1212 return 0; 1213 } 1214 1215 /* Notify socket layer about incoming connection */ 1216 channel = __srv_channel(dlci); 1217 if (rfcomm_connect_ind(s, channel, &d)) { 1218 d->dlci = dlci; 1219 d->addr = __addr(s->initiator, dlci); 1220 rfcomm_dlc_link(s, d); 1221 1222 if (rfcomm_check_link_mode(d)) { 1223 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1224 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1225 } else 1226 rfcomm_dlc_accept(d); 1227 } else { 1228 rfcomm_send_dm(s, dlci); 1229 } 1230 1231 return 0; 1232 } 1233 1234 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn) 1235 { 1236 struct rfcomm_session *s = d->session; 1237 1238 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d", 1239 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits); 1240 1241 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) || 1242 pn->flow_ctrl == 0xe0) { 1243 d->cfc = RFCOMM_CFC_ENABLED; 1244 d->tx_credits = pn->credits; 1245 } else { 1246 d->cfc = RFCOMM_CFC_DISABLED; 1247 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1248 } 1249 1250 if (s->cfc == RFCOMM_CFC_UNKNOWN) 1251 s->cfc = d->cfc; 1252 1253 d->priority = pn->priority; 1254 1255 d->mtu = btohs(pn->mtu); 1256 1257 if (cr && d->mtu > s->mtu) 1258 d->mtu = s->mtu; 1259 1260 return 0; 1261 } 1262 1263 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1264 { 1265 struct rfcomm_pn *pn = (void *) skb->data; 1266 struct rfcomm_dlc *d; 1267 u8 dlci = pn->dlci; 1268 1269 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1270 1271 if (!dlci) 1272 return 0; 1273 1274 d = rfcomm_dlc_get(s, dlci); 1275 if (d) { 1276 if (cr) { 1277 /* PN request */ 1278 rfcomm_apply_pn(d, cr, pn); 1279 rfcomm_send_pn(s, 0, d); 1280 } else { 1281 /* PN response */ 1282 switch (d->state) { 1283 case BT_CONFIG: 1284 rfcomm_apply_pn(d, cr, pn); 1285 1286 d->state = BT_CONNECT; 1287 rfcomm_send_sabm(s, d->dlci); 1288 break; 1289 } 1290 } 1291 } else { 1292 u8 channel = __srv_channel(dlci); 1293 1294 if (!cr) 1295 return 0; 1296 1297 /* PN request for non existing DLC. 1298 * Assume incoming connection. */ 1299 if (rfcomm_connect_ind(s, channel, &d)) { 1300 d->dlci = dlci; 1301 d->addr = __addr(s->initiator, dlci); 1302 rfcomm_dlc_link(s, d); 1303 1304 rfcomm_apply_pn(d, cr, pn); 1305 1306 d->state = BT_OPEN; 1307 rfcomm_send_pn(s, 0, d); 1308 } else { 1309 rfcomm_send_dm(s, dlci); 1310 } 1311 } 1312 return 0; 1313 } 1314 1315 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb) 1316 { 1317 struct rfcomm_rpn *rpn = (void *) skb->data; 1318 u8 dlci = __get_dlci(rpn->dlci); 1319 1320 u8 bit_rate = 0; 1321 u8 data_bits = 0; 1322 u8 stop_bits = 0; 1323 u8 parity = 0; 1324 u8 flow_ctrl = 0; 1325 u8 xon_char = 0; 1326 u8 xoff_char = 0; 1327 u16 rpn_mask = RFCOMM_RPN_PM_ALL; 1328 1329 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x", 1330 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl, 1331 rpn->xon_char, rpn->xoff_char, rpn->param_mask); 1332 1333 if (!cr) 1334 return 0; 1335 1336 if (len == 1) { 1337 /* This is a request, return default settings */ 1338 bit_rate = RFCOMM_RPN_BR_115200; 1339 data_bits = RFCOMM_RPN_DATA_8; 1340 stop_bits = RFCOMM_RPN_STOP_1; 1341 parity = RFCOMM_RPN_PARITY_NONE; 1342 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1343 xon_char = RFCOMM_RPN_XON_CHAR; 1344 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1345 goto rpn_out; 1346 } 1347 1348 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit, 1349 * no parity, no flow control lines, normal XON/XOFF chars */ 1350 1351 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) { 1352 bit_rate = rpn->bit_rate; 1353 if (bit_rate != RFCOMM_RPN_BR_115200) { 1354 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate); 1355 bit_rate = RFCOMM_RPN_BR_115200; 1356 rpn_mask ^= RFCOMM_RPN_PM_BITRATE; 1357 } 1358 } 1359 1360 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) { 1361 data_bits = __get_rpn_data_bits(rpn->line_settings); 1362 if (data_bits != RFCOMM_RPN_DATA_8) { 1363 BT_DBG("RPN data bits mismatch 0x%x", data_bits); 1364 data_bits = RFCOMM_RPN_DATA_8; 1365 rpn_mask ^= RFCOMM_RPN_PM_DATA; 1366 } 1367 } 1368 1369 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) { 1370 stop_bits = __get_rpn_stop_bits(rpn->line_settings); 1371 if (stop_bits != RFCOMM_RPN_STOP_1) { 1372 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits); 1373 stop_bits = RFCOMM_RPN_STOP_1; 1374 rpn_mask ^= RFCOMM_RPN_PM_STOP; 1375 } 1376 } 1377 1378 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) { 1379 parity = __get_rpn_parity(rpn->line_settings); 1380 if (parity != RFCOMM_RPN_PARITY_NONE) { 1381 BT_DBG("RPN parity mismatch 0x%x", parity); 1382 parity = RFCOMM_RPN_PARITY_NONE; 1383 rpn_mask ^= RFCOMM_RPN_PM_PARITY; 1384 } 1385 } 1386 1387 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) { 1388 flow_ctrl = rpn->flow_ctrl; 1389 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) { 1390 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl); 1391 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1392 rpn_mask ^= RFCOMM_RPN_PM_FLOW; 1393 } 1394 } 1395 1396 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) { 1397 xon_char = rpn->xon_char; 1398 if (xon_char != RFCOMM_RPN_XON_CHAR) { 1399 BT_DBG("RPN XON char mismatch 0x%x", xon_char); 1400 xon_char = RFCOMM_RPN_XON_CHAR; 1401 rpn_mask ^= RFCOMM_RPN_PM_XON; 1402 } 1403 } 1404 1405 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) { 1406 xoff_char = rpn->xoff_char; 1407 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) { 1408 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char); 1409 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1410 rpn_mask ^= RFCOMM_RPN_PM_XOFF; 1411 } 1412 } 1413 1414 rpn_out: 1415 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits, 1416 parity, flow_ctrl, xon_char, xoff_char, rpn_mask); 1417 1418 return 0; 1419 } 1420 1421 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1422 { 1423 struct rfcomm_rls *rls = (void *) skb->data; 1424 u8 dlci = __get_dlci(rls->dlci); 1425 1426 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status); 1427 1428 if (!cr) 1429 return 0; 1430 1431 /* We should probably do something with this information here. But 1432 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's 1433 * mandatory to recognise and respond to RLS */ 1434 1435 rfcomm_send_rls(s, 0, dlci, rls->status); 1436 1437 return 0; 1438 } 1439 1440 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1441 { 1442 struct rfcomm_msc *msc = (void *) skb->data; 1443 struct rfcomm_dlc *d; 1444 u8 dlci = __get_dlci(msc->dlci); 1445 1446 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig); 1447 1448 d = rfcomm_dlc_get(s, dlci); 1449 if (!d) 1450 return 0; 1451 1452 if (cr) { 1453 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc) 1454 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1455 else 1456 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1457 1458 rfcomm_dlc_lock(d); 1459 1460 d->remote_v24_sig = msc->v24_sig; 1461 1462 if (d->modem_status) 1463 d->modem_status(d, msc->v24_sig); 1464 1465 rfcomm_dlc_unlock(d); 1466 1467 rfcomm_send_msc(s, 0, dlci, msc->v24_sig); 1468 1469 d->mscex |= RFCOMM_MSCEX_RX; 1470 } else 1471 d->mscex |= RFCOMM_MSCEX_TX; 1472 1473 return 0; 1474 } 1475 1476 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb) 1477 { 1478 struct rfcomm_mcc *mcc = (void *) skb->data; 1479 u8 type, cr, len; 1480 1481 cr = __test_cr(mcc->type); 1482 type = __get_mcc_type(mcc->type); 1483 len = __get_mcc_len(mcc->len); 1484 1485 BT_DBG("%p type 0x%x cr %d", s, type, cr); 1486 1487 skb_pull(skb, 2); 1488 1489 switch (type) { 1490 case RFCOMM_PN: 1491 rfcomm_recv_pn(s, cr, skb); 1492 break; 1493 1494 case RFCOMM_RPN: 1495 rfcomm_recv_rpn(s, cr, len, skb); 1496 break; 1497 1498 case RFCOMM_RLS: 1499 rfcomm_recv_rls(s, cr, skb); 1500 break; 1501 1502 case RFCOMM_MSC: 1503 rfcomm_recv_msc(s, cr, skb); 1504 break; 1505 1506 case RFCOMM_FCOFF: 1507 if (cr) { 1508 set_bit(RFCOMM_TX_THROTTLED, &s->flags); 1509 rfcomm_send_fcoff(s, 0); 1510 } 1511 break; 1512 1513 case RFCOMM_FCON: 1514 if (cr) { 1515 clear_bit(RFCOMM_TX_THROTTLED, &s->flags); 1516 rfcomm_send_fcon(s, 0); 1517 } 1518 break; 1519 1520 case RFCOMM_TEST: 1521 if (cr) 1522 rfcomm_send_test(s, 0, skb->data, skb->len); 1523 break; 1524 1525 case RFCOMM_NSC: 1526 break; 1527 1528 default: 1529 BT_ERR("Unknown control type 0x%02x", type); 1530 rfcomm_send_nsc(s, cr, type); 1531 break; 1532 } 1533 return 0; 1534 } 1535 1536 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb) 1537 { 1538 struct rfcomm_dlc *d; 1539 1540 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf); 1541 1542 d = rfcomm_dlc_get(s, dlci); 1543 if (!d) { 1544 rfcomm_send_dm(s, dlci); 1545 goto drop; 1546 } 1547 1548 if (pf && d->cfc) { 1549 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1); 1550 1551 d->tx_credits += credits; 1552 if (d->tx_credits) 1553 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1554 } 1555 1556 if (skb->len && d->state == BT_CONNECTED) { 1557 rfcomm_dlc_lock(d); 1558 d->rx_credits--; 1559 d->data_ready(d, skb); 1560 rfcomm_dlc_unlock(d); 1561 return 0; 1562 } 1563 1564 drop: 1565 kfree_skb(skb); 1566 return 0; 1567 } 1568 1569 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb) 1570 { 1571 struct rfcomm_hdr *hdr = (void *) skb->data; 1572 u8 type, dlci, fcs; 1573 1574 dlci = __get_dlci(hdr->addr); 1575 type = __get_type(hdr->ctrl); 1576 1577 /* Trim FCS */ 1578 skb->len--; skb->tail--; 1579 fcs = *(u8 *)skb_tail_pointer(skb); 1580 1581 if (__check_fcs(skb->data, type, fcs)) { 1582 BT_ERR("bad checksum in packet"); 1583 kfree_skb(skb); 1584 return -EILSEQ; 1585 } 1586 1587 if (__test_ea(hdr->len)) 1588 skb_pull(skb, 3); 1589 else 1590 skb_pull(skb, 4); 1591 1592 switch (type) { 1593 case RFCOMM_SABM: 1594 if (__test_pf(hdr->ctrl)) 1595 rfcomm_recv_sabm(s, dlci); 1596 break; 1597 1598 case RFCOMM_DISC: 1599 if (__test_pf(hdr->ctrl)) 1600 rfcomm_recv_disc(s, dlci); 1601 break; 1602 1603 case RFCOMM_UA: 1604 if (__test_pf(hdr->ctrl)) 1605 rfcomm_recv_ua(s, dlci); 1606 break; 1607 1608 case RFCOMM_DM: 1609 rfcomm_recv_dm(s, dlci); 1610 break; 1611 1612 case RFCOMM_UIH: 1613 if (dlci) 1614 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb); 1615 1616 rfcomm_recv_mcc(s, skb); 1617 break; 1618 1619 default: 1620 BT_ERR("Unknown packet type 0x%02x\n", type); 1621 break; 1622 } 1623 kfree_skb(skb); 1624 return 0; 1625 } 1626 1627 /* ---- Connection and data processing ---- */ 1628 1629 static void rfcomm_process_connect(struct rfcomm_session *s) 1630 { 1631 struct rfcomm_dlc *d; 1632 struct list_head *p, *n; 1633 1634 BT_DBG("session %p state %ld", s, s->state); 1635 1636 list_for_each_safe(p, n, &s->dlcs) { 1637 d = list_entry(p, struct rfcomm_dlc, list); 1638 if (d->state == BT_CONFIG) { 1639 d->mtu = s->mtu; 1640 if (rfcomm_check_link_mode(d)) { 1641 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1642 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1643 } else 1644 rfcomm_send_pn(s, 1, d); 1645 } 1646 } 1647 } 1648 1649 /* Send data queued for the DLC. 1650 * Return number of frames left in the queue. 1651 */ 1652 static inline int rfcomm_process_tx(struct rfcomm_dlc *d) 1653 { 1654 struct sk_buff *skb; 1655 int err; 1656 1657 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d", 1658 d, d->state, d->cfc, d->rx_credits, d->tx_credits); 1659 1660 /* Send pending MSC */ 1661 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags)) 1662 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1663 1664 if (d->cfc) { 1665 /* CFC enabled. 1666 * Give them some credits */ 1667 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) && 1668 d->rx_credits <= (d->cfc >> 2)) { 1669 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits); 1670 d->rx_credits = d->cfc; 1671 } 1672 } else { 1673 /* CFC disabled. 1674 * Give ourselves some credits */ 1675 d->tx_credits = 5; 1676 } 1677 1678 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 1679 return skb_queue_len(&d->tx_queue); 1680 1681 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) { 1682 err = rfcomm_send_frame(d->session, skb->data, skb->len); 1683 if (err < 0) { 1684 skb_queue_head(&d->tx_queue, skb); 1685 break; 1686 } 1687 kfree_skb(skb); 1688 d->tx_credits--; 1689 } 1690 1691 if (d->cfc && !d->tx_credits) { 1692 /* We're out of TX credits. 1693 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */ 1694 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1695 } 1696 1697 return skb_queue_len(&d->tx_queue); 1698 } 1699 1700 static inline void rfcomm_process_dlcs(struct rfcomm_session *s) 1701 { 1702 struct rfcomm_dlc *d; 1703 struct list_head *p, *n; 1704 1705 BT_DBG("session %p state %ld", s, s->state); 1706 1707 list_for_each_safe(p, n, &s->dlcs) { 1708 d = list_entry(p, struct rfcomm_dlc, list); 1709 1710 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) { 1711 __rfcomm_dlc_close(d, ETIMEDOUT); 1712 continue; 1713 } 1714 1715 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) { 1716 rfcomm_dlc_clear_timer(d); 1717 if (d->out) { 1718 rfcomm_send_pn(s, 1, d); 1719 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 1720 } else 1721 rfcomm_dlc_accept(d); 1722 if (d->link_mode & RFCOMM_LM_SECURE) { 1723 struct sock *sk = s->sock->sk; 1724 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon); 1725 } 1726 continue; 1727 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) { 1728 rfcomm_dlc_clear_timer(d); 1729 if (!d->out) 1730 rfcomm_send_dm(s, d->dlci); 1731 else 1732 d->state = BT_CLOSED; 1733 __rfcomm_dlc_close(d, ECONNREFUSED); 1734 continue; 1735 } 1736 1737 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags)) 1738 continue; 1739 1740 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) && 1741 d->mscex == RFCOMM_MSCEX_OK) 1742 rfcomm_process_tx(d); 1743 } 1744 } 1745 1746 static inline void rfcomm_process_rx(struct rfcomm_session *s) 1747 { 1748 struct socket *sock = s->sock; 1749 struct sock *sk = sock->sk; 1750 struct sk_buff *skb; 1751 1752 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue)); 1753 1754 /* Get data directly from socket receive queue without copying it. */ 1755 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 1756 skb_orphan(skb); 1757 rfcomm_recv_frame(s, skb); 1758 } 1759 1760 if (sk->sk_state == BT_CLOSED) { 1761 if (!s->initiator) 1762 rfcomm_session_put(s); 1763 1764 rfcomm_session_close(s, sk->sk_err); 1765 } 1766 } 1767 1768 static inline void rfcomm_accept_connection(struct rfcomm_session *s) 1769 { 1770 struct socket *sock = s->sock, *nsock; 1771 int err; 1772 1773 /* Fast check for a new connection. 1774 * Avoids unnesesary socket allocations. */ 1775 if (list_empty(&bt_sk(sock->sk)->accept_q)) 1776 return; 1777 1778 BT_DBG("session %p", s); 1779 1780 err = kernel_accept(sock, &nsock, O_NONBLOCK); 1781 if (err < 0) 1782 return; 1783 1784 /* Set our callbacks */ 1785 nsock->sk->sk_data_ready = rfcomm_l2data_ready; 1786 nsock->sk->sk_state_change = rfcomm_l2state_change; 1787 1788 s = rfcomm_session_add(nsock, BT_OPEN); 1789 if (s) { 1790 rfcomm_session_hold(s); 1791 1792 /* We should adjust MTU on incoming sessions. 1793 * L2CAP MTU minus UIH header and FCS. */ 1794 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5; 1795 1796 rfcomm_schedule(RFCOMM_SCHED_RX); 1797 } else 1798 sock_release(nsock); 1799 } 1800 1801 static inline void rfcomm_check_connection(struct rfcomm_session *s) 1802 { 1803 struct sock *sk = s->sock->sk; 1804 1805 BT_DBG("%p state %ld", s, s->state); 1806 1807 switch(sk->sk_state) { 1808 case BT_CONNECTED: 1809 s->state = BT_CONNECT; 1810 1811 /* We can adjust MTU on outgoing sessions. 1812 * L2CAP MTU minus UIH header and FCS. */ 1813 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5; 1814 1815 rfcomm_send_sabm(s, 0); 1816 break; 1817 1818 case BT_CLOSED: 1819 s->state = BT_CLOSED; 1820 rfcomm_session_close(s, sk->sk_err); 1821 break; 1822 } 1823 } 1824 1825 static inline void rfcomm_process_sessions(void) 1826 { 1827 struct list_head *p, *n; 1828 1829 rfcomm_lock(); 1830 1831 list_for_each_safe(p, n, &session_list) { 1832 struct rfcomm_session *s; 1833 s = list_entry(p, struct rfcomm_session, list); 1834 1835 if (s->state == BT_LISTEN) { 1836 rfcomm_accept_connection(s); 1837 continue; 1838 } 1839 1840 rfcomm_session_hold(s); 1841 1842 switch (s->state) { 1843 case BT_BOUND: 1844 rfcomm_check_connection(s); 1845 break; 1846 1847 default: 1848 rfcomm_process_rx(s); 1849 break; 1850 } 1851 1852 rfcomm_process_dlcs(s); 1853 1854 rfcomm_session_put(s); 1855 } 1856 1857 rfcomm_unlock(); 1858 } 1859 1860 static int rfcomm_add_listener(bdaddr_t *ba) 1861 { 1862 struct sockaddr_l2 addr; 1863 struct socket *sock; 1864 struct sock *sk; 1865 struct rfcomm_session *s; 1866 int err = 0; 1867 1868 /* Create socket */ 1869 err = rfcomm_l2sock_create(&sock); 1870 if (err < 0) { 1871 BT_ERR("Create socket failed %d", err); 1872 return err; 1873 } 1874 1875 /* Bind socket */ 1876 bacpy(&addr.l2_bdaddr, ba); 1877 addr.l2_family = AF_BLUETOOTH; 1878 addr.l2_psm = htobs(RFCOMM_PSM); 1879 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 1880 if (err < 0) { 1881 BT_ERR("Bind failed %d", err); 1882 goto failed; 1883 } 1884 1885 /* Set L2CAP options */ 1886 sk = sock->sk; 1887 lock_sock(sk); 1888 l2cap_pi(sk)->imtu = l2cap_mtu; 1889 release_sock(sk); 1890 1891 /* Start listening on the socket */ 1892 err = kernel_listen(sock, 10); 1893 if (err) { 1894 BT_ERR("Listen failed %d", err); 1895 goto failed; 1896 } 1897 1898 /* Add listening session */ 1899 s = rfcomm_session_add(sock, BT_LISTEN); 1900 if (!s) 1901 goto failed; 1902 1903 rfcomm_session_hold(s); 1904 return 0; 1905 failed: 1906 sock_release(sock); 1907 return err; 1908 } 1909 1910 static void rfcomm_kill_listener(void) 1911 { 1912 struct rfcomm_session *s; 1913 struct list_head *p, *n; 1914 1915 BT_DBG(""); 1916 1917 list_for_each_safe(p, n, &session_list) { 1918 s = list_entry(p, struct rfcomm_session, list); 1919 rfcomm_session_del(s); 1920 } 1921 } 1922 1923 static int rfcomm_run(void *unused) 1924 { 1925 BT_DBG(""); 1926 1927 set_user_nice(current, -10); 1928 1929 rfcomm_add_listener(BDADDR_ANY); 1930 1931 while (!kthread_should_stop()) { 1932 set_current_state(TASK_INTERRUPTIBLE); 1933 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) { 1934 /* No pending events. Let's sleep. 1935 * Incoming connections and data will wake us up. */ 1936 schedule(); 1937 } 1938 set_current_state(TASK_RUNNING); 1939 1940 /* Process stuff */ 1941 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 1942 rfcomm_process_sessions(); 1943 } 1944 1945 rfcomm_kill_listener(); 1946 1947 return 0; 1948 } 1949 1950 static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status) 1951 { 1952 struct rfcomm_session *s; 1953 struct rfcomm_dlc *d; 1954 struct list_head *p, *n; 1955 1956 BT_DBG("conn %p status 0x%02x", conn, status); 1957 1958 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); 1959 if (!s) 1960 return; 1961 1962 rfcomm_session_hold(s); 1963 1964 list_for_each_safe(p, n, &s->dlcs) { 1965 d = list_entry(p, struct rfcomm_dlc, list); 1966 1967 if ((d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) && 1968 !(conn->link_mode & HCI_LM_ENCRYPT) && !status) 1969 continue; 1970 1971 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 1972 continue; 1973 1974 if (!status) 1975 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 1976 else 1977 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 1978 } 1979 1980 rfcomm_session_put(s); 1981 1982 rfcomm_schedule(RFCOMM_SCHED_AUTH); 1983 } 1984 1985 static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt) 1986 { 1987 struct rfcomm_session *s; 1988 struct rfcomm_dlc *d; 1989 struct list_head *p, *n; 1990 1991 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt); 1992 1993 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); 1994 if (!s) 1995 return; 1996 1997 rfcomm_session_hold(s); 1998 1999 list_for_each_safe(p, n, &s->dlcs) { 2000 d = list_entry(p, struct rfcomm_dlc, list); 2001 2002 if ((d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) && 2003 (d->state == BT_CONNECTED || 2004 d->state == BT_CONFIG) && 2005 !status && encrypt == 0x00) { 2006 __rfcomm_dlc_close(d, ECONNREFUSED); 2007 continue; 2008 } 2009 2010 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 2011 continue; 2012 2013 if (!status && encrypt) 2014 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 2015 else 2016 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 2017 } 2018 2019 rfcomm_session_put(s); 2020 2021 rfcomm_schedule(RFCOMM_SCHED_AUTH); 2022 } 2023 2024 static struct hci_cb rfcomm_cb = { 2025 .name = "RFCOMM", 2026 .auth_cfm = rfcomm_auth_cfm, 2027 .encrypt_cfm = rfcomm_encrypt_cfm 2028 }; 2029 2030 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf) 2031 { 2032 struct rfcomm_session *s; 2033 struct list_head *pp, *p; 2034 char *str = buf; 2035 2036 rfcomm_lock(); 2037 2038 list_for_each(p, &session_list) { 2039 s = list_entry(p, struct rfcomm_session, list); 2040 list_for_each(pp, &s->dlcs) { 2041 struct sock *sk = s->sock->sk; 2042 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list); 2043 2044 str += sprintf(str, "%s %s %ld %d %d %d %d\n", 2045 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), 2046 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits); 2047 } 2048 } 2049 2050 rfcomm_unlock(); 2051 2052 return (str - buf); 2053 } 2054 2055 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL); 2056 2057 /* ---- Initialization ---- */ 2058 static int __init rfcomm_init(void) 2059 { 2060 l2cap_load(); 2061 2062 hci_register_cb(&rfcomm_cb); 2063 2064 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd"); 2065 if (IS_ERR(rfcomm_thread)) { 2066 hci_unregister_cb(&rfcomm_cb); 2067 return PTR_ERR(rfcomm_thread); 2068 } 2069 2070 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0) 2071 BT_ERR("Failed to create RFCOMM info file"); 2072 2073 rfcomm_init_sockets(); 2074 2075 #ifdef CONFIG_BT_RFCOMM_TTY 2076 rfcomm_init_ttys(); 2077 #endif 2078 2079 BT_INFO("RFCOMM ver %s", VERSION); 2080 2081 return 0; 2082 } 2083 2084 static void __exit rfcomm_exit(void) 2085 { 2086 class_remove_file(bt_class, &class_attr_rfcomm_dlc); 2087 2088 hci_unregister_cb(&rfcomm_cb); 2089 2090 kthread_stop(rfcomm_thread); 2091 2092 #ifdef CONFIG_BT_RFCOMM_TTY 2093 rfcomm_cleanup_ttys(); 2094 #endif 2095 2096 rfcomm_cleanup_sockets(); 2097 } 2098 2099 module_init(rfcomm_init); 2100 module_exit(rfcomm_exit); 2101 2102 module_param(disable_cfc, bool, 0644); 2103 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control"); 2104 2105 module_param(channel_mtu, int, 0644); 2106 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel"); 2107 2108 module_param(l2cap_mtu, uint, 0644); 2109 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection"); 2110 2111 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 2112 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION); 2113 MODULE_VERSION(VERSION); 2114 MODULE_LICENSE("GPL"); 2115 MODULE_ALIAS("bt-proto-3"); 2116