1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * Bluetooth RFCOMM core. 26 * 27 * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $ 28 */ 29 30 #include <linux/config.h> 31 #include <linux/module.h> 32 #include <linux/errno.h> 33 #include <linux/kernel.h> 34 #include <linux/sched.h> 35 #include <linux/signal.h> 36 #include <linux/init.h> 37 #include <linux/wait.h> 38 #include <linux/device.h> 39 #include <linux/net.h> 40 #include <net/sock.h> 41 #include <asm/uaccess.h> 42 #include <asm/unaligned.h> 43 44 #include <net/bluetooth/bluetooth.h> 45 #include <net/bluetooth/hci_core.h> 46 #include <net/bluetooth/l2cap.h> 47 #include <net/bluetooth/rfcomm.h> 48 49 #ifndef CONFIG_BT_RFCOMM_DEBUG 50 #undef BT_DBG 51 #define BT_DBG(D...) 52 #endif 53 54 #define VERSION "1.7" 55 56 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU; 57 58 static struct task_struct *rfcomm_thread; 59 60 static DECLARE_MUTEX(rfcomm_sem); 61 #define rfcomm_lock() down(&rfcomm_sem); 62 #define rfcomm_unlock() up(&rfcomm_sem); 63 64 static unsigned long rfcomm_event; 65 66 static LIST_HEAD(session_list); 67 static atomic_t terminate, running; 68 69 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len); 70 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci); 71 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci); 72 static int rfcomm_queue_disc(struct rfcomm_dlc *d); 73 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type); 74 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d); 75 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig); 76 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len); 77 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits); 78 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr); 79 80 static void rfcomm_process_connect(struct rfcomm_session *s); 81 82 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err); 83 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst); 84 static void rfcomm_session_del(struct rfcomm_session *s); 85 86 /* ---- RFCOMM frame parsing macros ---- */ 87 #define __get_dlci(b) ((b & 0xfc) >> 2) 88 #define __get_channel(b) ((b & 0xf8) >> 3) 89 #define __get_dir(b) ((b & 0x04) >> 2) 90 #define __get_type(b) ((b & 0xef)) 91 92 #define __test_ea(b) ((b & 0x01)) 93 #define __test_cr(b) ((b & 0x02)) 94 #define __test_pf(b) ((b & 0x10)) 95 96 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01) 97 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4))) 98 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir) 99 #define __srv_channel(dlci) (dlci >> 1) 100 #define __dir(dlci) (dlci & 0x01) 101 102 #define __len8(len) (((len) << 1) | 1) 103 #define __len16(len) ((len) << 1) 104 105 /* MCC macros */ 106 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01)) 107 #define __get_mcc_type(b) ((b & 0xfc) >> 2) 108 #define __get_mcc_len(b) ((b & 0xfe) >> 1) 109 110 /* RPN macros */ 111 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3)) 112 #define __get_rpn_data_bits(line) ((line) & 0x3) 113 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1) 114 #define __get_rpn_parity(line) (((line) >> 3) & 0x7) 115 116 static inline void rfcomm_schedule(uint event) 117 { 118 if (!rfcomm_thread) 119 return; 120 //set_bit(event, &rfcomm_event); 121 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 122 wake_up_process(rfcomm_thread); 123 } 124 125 static inline void rfcomm_session_put(struct rfcomm_session *s) 126 { 127 if (atomic_dec_and_test(&s->refcnt)) 128 rfcomm_session_del(s); 129 } 130 131 /* ---- RFCOMM FCS computation ---- */ 132 133 /* reversed, 8-bit, poly=0x07 */ 134 static unsigned char rfcomm_crc_table[256] = { 135 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75, 136 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b, 137 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69, 138 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67, 139 140 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d, 141 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43, 142 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51, 143 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f, 144 145 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05, 146 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b, 147 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19, 148 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17, 149 150 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d, 151 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33, 152 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21, 153 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f, 154 155 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95, 156 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b, 157 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89, 158 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87, 159 160 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad, 161 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3, 162 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1, 163 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf, 164 165 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5, 166 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb, 167 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9, 168 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7, 169 170 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd, 171 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3, 172 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1, 173 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf 174 }; 175 176 /* CRC on 2 bytes */ 177 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]]) 178 179 /* FCS on 2 bytes */ 180 static inline u8 __fcs(u8 *data) 181 { 182 return (0xff - __crc(data)); 183 } 184 185 /* FCS on 3 bytes */ 186 static inline u8 __fcs2(u8 *data) 187 { 188 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]); 189 } 190 191 /* Check FCS */ 192 static inline int __check_fcs(u8 *data, int type, u8 fcs) 193 { 194 u8 f = __crc(data); 195 196 if (type != RFCOMM_UIH) 197 f = rfcomm_crc_table[f ^ data[2]]; 198 199 return rfcomm_crc_table[f ^ fcs] != 0xcf; 200 } 201 202 /* ---- L2CAP callbacks ---- */ 203 static void rfcomm_l2state_change(struct sock *sk) 204 { 205 BT_DBG("%p state %d", sk, sk->sk_state); 206 rfcomm_schedule(RFCOMM_SCHED_STATE); 207 } 208 209 static void rfcomm_l2data_ready(struct sock *sk, int bytes) 210 { 211 BT_DBG("%p bytes %d", sk, bytes); 212 rfcomm_schedule(RFCOMM_SCHED_RX); 213 } 214 215 static int rfcomm_l2sock_create(struct socket **sock) 216 { 217 int err; 218 219 BT_DBG(""); 220 221 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock); 222 if (!err) { 223 struct sock *sk = (*sock)->sk; 224 sk->sk_data_ready = rfcomm_l2data_ready; 225 sk->sk_state_change = rfcomm_l2state_change; 226 } 227 return err; 228 } 229 230 /* ---- RFCOMM DLCs ---- */ 231 static void rfcomm_dlc_timeout(unsigned long arg) 232 { 233 struct rfcomm_dlc *d = (void *) arg; 234 235 BT_DBG("dlc %p state %ld", d, d->state); 236 237 set_bit(RFCOMM_TIMED_OUT, &d->flags); 238 rfcomm_dlc_put(d); 239 rfcomm_schedule(RFCOMM_SCHED_TIMEO); 240 } 241 242 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout) 243 { 244 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout); 245 246 if (!mod_timer(&d->timer, jiffies + timeout)) 247 rfcomm_dlc_hold(d); 248 } 249 250 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d) 251 { 252 BT_DBG("dlc %p state %ld", d, d->state); 253 254 if (timer_pending(&d->timer) && del_timer(&d->timer)) 255 rfcomm_dlc_put(d); 256 } 257 258 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d) 259 { 260 BT_DBG("%p", d); 261 262 d->state = BT_OPEN; 263 d->flags = 0; 264 d->mscex = 0; 265 d->mtu = RFCOMM_DEFAULT_MTU; 266 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV; 267 268 d->cfc = RFCOMM_CFC_DISABLED; 269 d->rx_credits = RFCOMM_DEFAULT_CREDITS; 270 } 271 272 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio) 273 { 274 struct rfcomm_dlc *d = kmalloc(sizeof(*d), prio); 275 if (!d) 276 return NULL; 277 memset(d, 0, sizeof(*d)); 278 279 init_timer(&d->timer); 280 d->timer.function = rfcomm_dlc_timeout; 281 d->timer.data = (unsigned long) d; 282 283 skb_queue_head_init(&d->tx_queue); 284 spin_lock_init(&d->lock); 285 atomic_set(&d->refcnt, 1); 286 287 rfcomm_dlc_clear_state(d); 288 289 BT_DBG("%p", d); 290 return d; 291 } 292 293 void rfcomm_dlc_free(struct rfcomm_dlc *d) 294 { 295 BT_DBG("%p", d); 296 297 skb_queue_purge(&d->tx_queue); 298 kfree(d); 299 } 300 301 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d) 302 { 303 BT_DBG("dlc %p session %p", d, s); 304 305 rfcomm_session_hold(s); 306 307 rfcomm_dlc_hold(d); 308 list_add(&d->list, &s->dlcs); 309 d->session = s; 310 } 311 312 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d) 313 { 314 struct rfcomm_session *s = d->session; 315 316 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s); 317 318 list_del(&d->list); 319 d->session = NULL; 320 rfcomm_dlc_put(d); 321 322 rfcomm_session_put(s); 323 } 324 325 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci) 326 { 327 struct rfcomm_dlc *d; 328 struct list_head *p; 329 330 list_for_each(p, &s->dlcs) { 331 d = list_entry(p, struct rfcomm_dlc, list); 332 if (d->dlci == dlci) 333 return d; 334 } 335 return NULL; 336 } 337 338 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 339 { 340 struct rfcomm_session *s; 341 int err = 0; 342 u8 dlci; 343 344 BT_DBG("dlc %p state %ld %s %s channel %d", 345 d, d->state, batostr(src), batostr(dst), channel); 346 347 if (channel < 1 || channel > 30) 348 return -EINVAL; 349 350 if (d->state != BT_OPEN && d->state != BT_CLOSED) 351 return 0; 352 353 s = rfcomm_session_get(src, dst); 354 if (!s) { 355 s = rfcomm_session_create(src, dst, &err); 356 if (!s) 357 return err; 358 } 359 360 dlci = __dlci(!s->initiator, channel); 361 362 /* Check if DLCI already exists */ 363 if (rfcomm_dlc_get(s, dlci)) 364 return -EBUSY; 365 366 rfcomm_dlc_clear_state(d); 367 368 d->dlci = dlci; 369 d->addr = __addr(s->initiator, dlci); 370 d->priority = 7; 371 372 d->state = BT_CONFIG; 373 rfcomm_dlc_link(s, d); 374 375 d->mtu = s->mtu; 376 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc; 377 378 if (s->state == BT_CONNECTED) 379 rfcomm_send_pn(s, 1, d); 380 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 381 return 0; 382 } 383 384 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 385 { 386 int r; 387 388 rfcomm_lock(); 389 390 r = __rfcomm_dlc_open(d, src, dst, channel); 391 392 rfcomm_unlock(); 393 return r; 394 } 395 396 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 397 { 398 struct rfcomm_session *s = d->session; 399 if (!s) 400 return 0; 401 402 BT_DBG("dlc %p state %ld dlci %d err %d session %p", 403 d, d->state, d->dlci, err, s); 404 405 switch (d->state) { 406 case BT_CONNECTED: 407 case BT_CONFIG: 408 case BT_CONNECT: 409 d->state = BT_DISCONN; 410 if (skb_queue_empty(&d->tx_queue)) { 411 rfcomm_send_disc(s, d->dlci); 412 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT); 413 } else { 414 rfcomm_queue_disc(d); 415 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2); 416 } 417 break; 418 419 default: 420 rfcomm_dlc_clear_timer(d); 421 422 rfcomm_dlc_lock(d); 423 d->state = BT_CLOSED; 424 d->state_change(d, err); 425 rfcomm_dlc_unlock(d); 426 427 skb_queue_purge(&d->tx_queue); 428 rfcomm_dlc_unlink(d); 429 } 430 431 return 0; 432 } 433 434 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 435 { 436 int r; 437 438 rfcomm_lock(); 439 440 r = __rfcomm_dlc_close(d, err); 441 442 rfcomm_unlock(); 443 return r; 444 } 445 446 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb) 447 { 448 int len = skb->len; 449 450 if (d->state != BT_CONNECTED) 451 return -ENOTCONN; 452 453 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len); 454 455 if (len > d->mtu) 456 return -EINVAL; 457 458 rfcomm_make_uih(skb, d->addr); 459 skb_queue_tail(&d->tx_queue, skb); 460 461 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 462 rfcomm_schedule(RFCOMM_SCHED_TX); 463 return len; 464 } 465 466 void fastcall __rfcomm_dlc_throttle(struct rfcomm_dlc *d) 467 { 468 BT_DBG("dlc %p state %ld", d, d->state); 469 470 if (!d->cfc) { 471 d->v24_sig |= RFCOMM_V24_FC; 472 set_bit(RFCOMM_MSC_PENDING, &d->flags); 473 } 474 rfcomm_schedule(RFCOMM_SCHED_TX); 475 } 476 477 void fastcall __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d) 478 { 479 BT_DBG("dlc %p state %ld", d, d->state); 480 481 if (!d->cfc) { 482 d->v24_sig &= ~RFCOMM_V24_FC; 483 set_bit(RFCOMM_MSC_PENDING, &d->flags); 484 } 485 rfcomm_schedule(RFCOMM_SCHED_TX); 486 } 487 488 /* 489 Set/get modem status functions use _local_ status i.e. what we report 490 to the other side. 491 Remote status is provided by dlc->modem_status() callback. 492 */ 493 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig) 494 { 495 BT_DBG("dlc %p state %ld v24_sig 0x%x", 496 d, d->state, v24_sig); 497 498 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags)) 499 v24_sig |= RFCOMM_V24_FC; 500 else 501 v24_sig &= ~RFCOMM_V24_FC; 502 503 d->v24_sig = v24_sig; 504 505 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags)) 506 rfcomm_schedule(RFCOMM_SCHED_TX); 507 508 return 0; 509 } 510 511 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig) 512 { 513 BT_DBG("dlc %p state %ld v24_sig 0x%x", 514 d, d->state, d->v24_sig); 515 516 *v24_sig = d->v24_sig; 517 return 0; 518 } 519 520 /* ---- RFCOMM sessions ---- */ 521 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state) 522 { 523 struct rfcomm_session *s = kmalloc(sizeof(*s), GFP_KERNEL); 524 if (!s) 525 return NULL; 526 memset(s, 0, sizeof(*s)); 527 528 BT_DBG("session %p sock %p", s, sock); 529 530 INIT_LIST_HEAD(&s->dlcs); 531 s->state = state; 532 s->sock = sock; 533 534 s->mtu = RFCOMM_DEFAULT_MTU; 535 s->cfc = RFCOMM_CFC_UNKNOWN; 536 537 /* Do not increment module usage count for listening sessions. 538 * Otherwise we won't be able to unload the module. */ 539 if (state != BT_LISTEN) 540 if (!try_module_get(THIS_MODULE)) { 541 kfree(s); 542 return NULL; 543 } 544 545 list_add(&s->list, &session_list); 546 547 return s; 548 } 549 550 static void rfcomm_session_del(struct rfcomm_session *s) 551 { 552 int state = s->state; 553 554 BT_DBG("session %p state %ld", s, s->state); 555 556 list_del(&s->list); 557 558 if (state == BT_CONNECTED) 559 rfcomm_send_disc(s, 0); 560 561 sock_release(s->sock); 562 kfree(s); 563 564 if (state != BT_LISTEN) 565 module_put(THIS_MODULE); 566 } 567 568 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst) 569 { 570 struct rfcomm_session *s; 571 struct list_head *p, *n; 572 struct bt_sock *sk; 573 list_for_each_safe(p, n, &session_list) { 574 s = list_entry(p, struct rfcomm_session, list); 575 sk = bt_sk(s->sock->sk); 576 577 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) && 578 !bacmp(&sk->dst, dst)) 579 return s; 580 } 581 return NULL; 582 } 583 584 static void rfcomm_session_close(struct rfcomm_session *s, int err) 585 { 586 struct rfcomm_dlc *d; 587 struct list_head *p, *n; 588 589 BT_DBG("session %p state %ld err %d", s, s->state, err); 590 591 rfcomm_session_hold(s); 592 593 s->state = BT_CLOSED; 594 595 /* Close all dlcs */ 596 list_for_each_safe(p, n, &s->dlcs) { 597 d = list_entry(p, struct rfcomm_dlc, list); 598 d->state = BT_CLOSED; 599 __rfcomm_dlc_close(d, err); 600 } 601 602 rfcomm_session_put(s); 603 } 604 605 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err) 606 { 607 struct rfcomm_session *s = NULL; 608 struct sockaddr_l2 addr; 609 struct socket *sock; 610 struct sock *sk; 611 612 BT_DBG("%s %s", batostr(src), batostr(dst)); 613 614 *err = rfcomm_l2sock_create(&sock); 615 if (*err < 0) 616 return NULL; 617 618 bacpy(&addr.l2_bdaddr, src); 619 addr.l2_family = AF_BLUETOOTH; 620 addr.l2_psm = 0; 621 *err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 622 if (*err < 0) 623 goto failed; 624 625 /* Set L2CAP options */ 626 sk = sock->sk; 627 lock_sock(sk); 628 l2cap_pi(sk)->imtu = l2cap_mtu; 629 release_sock(sk); 630 631 s = rfcomm_session_add(sock, BT_BOUND); 632 if (!s) { 633 *err = -ENOMEM; 634 goto failed; 635 } 636 637 s->initiator = 1; 638 639 bacpy(&addr.l2_bdaddr, dst); 640 addr.l2_family = AF_BLUETOOTH; 641 addr.l2_psm = htobs(RFCOMM_PSM); 642 *err = sock->ops->connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); 643 if (*err == 0 || *err == -EAGAIN) 644 return s; 645 646 rfcomm_session_del(s); 647 return NULL; 648 649 failed: 650 sock_release(sock); 651 return NULL; 652 } 653 654 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst) 655 { 656 struct sock *sk = s->sock->sk; 657 if (src) 658 bacpy(src, &bt_sk(sk)->src); 659 if (dst) 660 bacpy(dst, &bt_sk(sk)->dst); 661 } 662 663 /* ---- RFCOMM frame sending ---- */ 664 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len) 665 { 666 struct socket *sock = s->sock; 667 struct kvec iv = { data, len }; 668 struct msghdr msg; 669 670 BT_DBG("session %p len %d", s, len); 671 672 memset(&msg, 0, sizeof(msg)); 673 674 return kernel_sendmsg(sock, &msg, &iv, 1, len); 675 } 676 677 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci) 678 { 679 struct rfcomm_cmd cmd; 680 681 BT_DBG("%p dlci %d", s, dlci); 682 683 cmd.addr = __addr(s->initiator, dlci); 684 cmd.ctrl = __ctrl(RFCOMM_SABM, 1); 685 cmd.len = __len8(0); 686 cmd.fcs = __fcs2((u8 *) &cmd); 687 688 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 689 } 690 691 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci) 692 { 693 struct rfcomm_cmd cmd; 694 695 BT_DBG("%p dlci %d", s, dlci); 696 697 cmd.addr = __addr(!s->initiator, dlci); 698 cmd.ctrl = __ctrl(RFCOMM_UA, 1); 699 cmd.len = __len8(0); 700 cmd.fcs = __fcs2((u8 *) &cmd); 701 702 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 703 } 704 705 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci) 706 { 707 struct rfcomm_cmd cmd; 708 709 BT_DBG("%p dlci %d", s, dlci); 710 711 cmd.addr = __addr(s->initiator, dlci); 712 cmd.ctrl = __ctrl(RFCOMM_DISC, 1); 713 cmd.len = __len8(0); 714 cmd.fcs = __fcs2((u8 *) &cmd); 715 716 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 717 } 718 719 static int rfcomm_queue_disc(struct rfcomm_dlc *d) 720 { 721 struct rfcomm_cmd *cmd; 722 struct sk_buff *skb; 723 724 BT_DBG("dlc %p dlci %d", d, d->dlci); 725 726 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL); 727 if (!skb) 728 return -ENOMEM; 729 730 cmd = (void *) __skb_put(skb, sizeof(*cmd)); 731 cmd->addr = d->addr; 732 cmd->ctrl = __ctrl(RFCOMM_DISC, 1); 733 cmd->len = __len8(0); 734 cmd->fcs = __fcs2((u8 *) cmd); 735 736 skb_queue_tail(&d->tx_queue, skb); 737 rfcomm_schedule(RFCOMM_SCHED_TX); 738 return 0; 739 } 740 741 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci) 742 { 743 struct rfcomm_cmd cmd; 744 745 BT_DBG("%p dlci %d", s, dlci); 746 747 cmd.addr = __addr(!s->initiator, dlci); 748 cmd.ctrl = __ctrl(RFCOMM_DM, 1); 749 cmd.len = __len8(0); 750 cmd.fcs = __fcs2((u8 *) &cmd); 751 752 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 753 } 754 755 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type) 756 { 757 struct rfcomm_hdr *hdr; 758 struct rfcomm_mcc *mcc; 759 u8 buf[16], *ptr = buf; 760 761 BT_DBG("%p cr %d type %d", s, cr, type); 762 763 hdr = (void *) ptr; ptr += sizeof(*hdr); 764 hdr->addr = __addr(s->initiator, 0); 765 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 766 hdr->len = __len8(sizeof(*mcc) + 1); 767 768 mcc = (void *) ptr; ptr += sizeof(*mcc); 769 mcc->type = __mcc_type(cr, RFCOMM_NSC); 770 mcc->len = __len8(1); 771 772 /* Type that we didn't like */ 773 *ptr = __mcc_type(cr, type); ptr++; 774 775 *ptr = __fcs(buf); ptr++; 776 777 return rfcomm_send_frame(s, buf, ptr - buf); 778 } 779 780 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d) 781 { 782 struct rfcomm_hdr *hdr; 783 struct rfcomm_mcc *mcc; 784 struct rfcomm_pn *pn; 785 u8 buf[16], *ptr = buf; 786 787 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu); 788 789 hdr = (void *) ptr; ptr += sizeof(*hdr); 790 hdr->addr = __addr(s->initiator, 0); 791 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 792 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn)); 793 794 mcc = (void *) ptr; ptr += sizeof(*mcc); 795 mcc->type = __mcc_type(cr, RFCOMM_PN); 796 mcc->len = __len8(sizeof(*pn)); 797 798 pn = (void *) ptr; ptr += sizeof(*pn); 799 pn->dlci = d->dlci; 800 pn->priority = d->priority; 801 pn->ack_timer = 0; 802 pn->max_retrans = 0; 803 804 if (s->cfc) { 805 pn->flow_ctrl = cr ? 0xf0 : 0xe0; 806 pn->credits = RFCOMM_DEFAULT_CREDITS; 807 } else { 808 pn->flow_ctrl = 0; 809 pn->credits = 0; 810 } 811 812 pn->mtu = htobs(d->mtu); 813 814 *ptr = __fcs(buf); ptr++; 815 816 return rfcomm_send_frame(s, buf, ptr - buf); 817 } 818 819 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci, 820 u8 bit_rate, u8 data_bits, u8 stop_bits, 821 u8 parity, u8 flow_ctrl_settings, 822 u8 xon_char, u8 xoff_char, u16 param_mask) 823 { 824 struct rfcomm_hdr *hdr; 825 struct rfcomm_mcc *mcc; 826 struct rfcomm_rpn *rpn; 827 u8 buf[16], *ptr = buf; 828 829 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x" 830 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x", 831 s, cr, dlci, bit_rate, data_bits, stop_bits, parity, 832 flow_ctrl_settings, xon_char, xoff_char, param_mask); 833 834 hdr = (void *) ptr; ptr += sizeof(*hdr); 835 hdr->addr = __addr(s->initiator, 0); 836 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 837 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn)); 838 839 mcc = (void *) ptr; ptr += sizeof(*mcc); 840 mcc->type = __mcc_type(cr, RFCOMM_RPN); 841 mcc->len = __len8(sizeof(*rpn)); 842 843 rpn = (void *) ptr; ptr += sizeof(*rpn); 844 rpn->dlci = __addr(1, dlci); 845 rpn->bit_rate = bit_rate; 846 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity); 847 rpn->flow_ctrl = flow_ctrl_settings; 848 rpn->xon_char = xon_char; 849 rpn->xoff_char = xoff_char; 850 rpn->param_mask = param_mask; 851 852 *ptr = __fcs(buf); ptr++; 853 854 return rfcomm_send_frame(s, buf, ptr - buf); 855 } 856 857 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status) 858 { 859 struct rfcomm_hdr *hdr; 860 struct rfcomm_mcc *mcc; 861 struct rfcomm_rls *rls; 862 u8 buf[16], *ptr = buf; 863 864 BT_DBG("%p cr %d status 0x%x", s, cr, status); 865 866 hdr = (void *) ptr; ptr += sizeof(*hdr); 867 hdr->addr = __addr(s->initiator, 0); 868 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 869 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls)); 870 871 mcc = (void *) ptr; ptr += sizeof(*mcc); 872 mcc->type = __mcc_type(cr, RFCOMM_RLS); 873 mcc->len = __len8(sizeof(*rls)); 874 875 rls = (void *) ptr; ptr += sizeof(*rls); 876 rls->dlci = __addr(1, dlci); 877 rls->status = status; 878 879 *ptr = __fcs(buf); ptr++; 880 881 return rfcomm_send_frame(s, buf, ptr - buf); 882 } 883 884 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig) 885 { 886 struct rfcomm_hdr *hdr; 887 struct rfcomm_mcc *mcc; 888 struct rfcomm_msc *msc; 889 u8 buf[16], *ptr = buf; 890 891 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig); 892 893 hdr = (void *) ptr; ptr += sizeof(*hdr); 894 hdr->addr = __addr(s->initiator, 0); 895 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 896 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc)); 897 898 mcc = (void *) ptr; ptr += sizeof(*mcc); 899 mcc->type = __mcc_type(cr, RFCOMM_MSC); 900 mcc->len = __len8(sizeof(*msc)); 901 902 msc = (void *) ptr; ptr += sizeof(*msc); 903 msc->dlci = __addr(1, dlci); 904 msc->v24_sig = v24_sig | 0x01; 905 906 *ptr = __fcs(buf); ptr++; 907 908 return rfcomm_send_frame(s, buf, ptr - buf); 909 } 910 911 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr) 912 { 913 struct rfcomm_hdr *hdr; 914 struct rfcomm_mcc *mcc; 915 u8 buf[16], *ptr = buf; 916 917 BT_DBG("%p cr %d", s, cr); 918 919 hdr = (void *) ptr; ptr += sizeof(*hdr); 920 hdr->addr = __addr(s->initiator, 0); 921 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 922 hdr->len = __len8(sizeof(*mcc)); 923 924 mcc = (void *) ptr; ptr += sizeof(*mcc); 925 mcc->type = __mcc_type(cr, RFCOMM_FCOFF); 926 mcc->len = __len8(0); 927 928 *ptr = __fcs(buf); ptr++; 929 930 return rfcomm_send_frame(s, buf, ptr - buf); 931 } 932 933 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr) 934 { 935 struct rfcomm_hdr *hdr; 936 struct rfcomm_mcc *mcc; 937 u8 buf[16], *ptr = buf; 938 939 BT_DBG("%p cr %d", s, cr); 940 941 hdr = (void *) ptr; ptr += sizeof(*hdr); 942 hdr->addr = __addr(s->initiator, 0); 943 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 944 hdr->len = __len8(sizeof(*mcc)); 945 946 mcc = (void *) ptr; ptr += sizeof(*mcc); 947 mcc->type = __mcc_type(cr, RFCOMM_FCON); 948 mcc->len = __len8(0); 949 950 *ptr = __fcs(buf); ptr++; 951 952 return rfcomm_send_frame(s, buf, ptr - buf); 953 } 954 955 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len) 956 { 957 struct socket *sock = s->sock; 958 struct kvec iv[3]; 959 struct msghdr msg; 960 unsigned char hdr[5], crc[1]; 961 962 if (len > 125) 963 return -EINVAL; 964 965 BT_DBG("%p cr %d", s, cr); 966 967 hdr[0] = __addr(s->initiator, 0); 968 hdr[1] = __ctrl(RFCOMM_UIH, 0); 969 hdr[2] = 0x01 | ((len + 2) << 1); 970 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2); 971 hdr[4] = 0x01 | (len << 1); 972 973 crc[0] = __fcs(hdr); 974 975 iv[0].iov_base = hdr; 976 iv[0].iov_len = 5; 977 iv[1].iov_base = pattern; 978 iv[1].iov_len = len; 979 iv[2].iov_base = crc; 980 iv[2].iov_len = 1; 981 982 memset(&msg, 0, sizeof(msg)); 983 984 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len); 985 } 986 987 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits) 988 { 989 struct rfcomm_hdr *hdr; 990 u8 buf[16], *ptr = buf; 991 992 BT_DBG("%p addr %d credits %d", s, addr, credits); 993 994 hdr = (void *) ptr; ptr += sizeof(*hdr); 995 hdr->addr = addr; 996 hdr->ctrl = __ctrl(RFCOMM_UIH, 1); 997 hdr->len = __len8(0); 998 999 *ptr = credits; ptr++; 1000 1001 *ptr = __fcs(buf); ptr++; 1002 1003 return rfcomm_send_frame(s, buf, ptr - buf); 1004 } 1005 1006 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr) 1007 { 1008 struct rfcomm_hdr *hdr; 1009 int len = skb->len; 1010 u8 *crc; 1011 1012 if (len > 127) { 1013 hdr = (void *) skb_push(skb, 4); 1014 put_unaligned(htobs(__len16(len)), (u16 *) &hdr->len); 1015 } else { 1016 hdr = (void *) skb_push(skb, 3); 1017 hdr->len = __len8(len); 1018 } 1019 hdr->addr = addr; 1020 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1021 1022 crc = skb_put(skb, 1); 1023 *crc = __fcs((void *) hdr); 1024 } 1025 1026 /* ---- RFCOMM frame reception ---- */ 1027 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci) 1028 { 1029 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1030 1031 if (dlci) { 1032 /* Data channel */ 1033 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1034 if (!d) { 1035 rfcomm_send_dm(s, dlci); 1036 return 0; 1037 } 1038 1039 switch (d->state) { 1040 case BT_CONNECT: 1041 rfcomm_dlc_clear_timer(d); 1042 1043 rfcomm_dlc_lock(d); 1044 d->state = BT_CONNECTED; 1045 d->state_change(d, 0); 1046 rfcomm_dlc_unlock(d); 1047 1048 rfcomm_send_msc(s, 1, dlci, d->v24_sig); 1049 break; 1050 1051 case BT_DISCONN: 1052 d->state = BT_CLOSED; 1053 __rfcomm_dlc_close(d, 0); 1054 break; 1055 } 1056 } else { 1057 /* Control channel */ 1058 switch (s->state) { 1059 case BT_CONNECT: 1060 s->state = BT_CONNECTED; 1061 rfcomm_process_connect(s); 1062 break; 1063 } 1064 } 1065 return 0; 1066 } 1067 1068 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci) 1069 { 1070 int err = 0; 1071 1072 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1073 1074 if (dlci) { 1075 /* Data DLC */ 1076 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1077 if (d) { 1078 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1079 err = ECONNREFUSED; 1080 else 1081 err = ECONNRESET; 1082 1083 d->state = BT_CLOSED; 1084 __rfcomm_dlc_close(d, err); 1085 } 1086 } else { 1087 if (s->state == BT_CONNECT) 1088 err = ECONNREFUSED; 1089 else 1090 err = ECONNRESET; 1091 1092 s->state = BT_CLOSED; 1093 rfcomm_session_close(s, err); 1094 } 1095 return 0; 1096 } 1097 1098 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci) 1099 { 1100 int err = 0; 1101 1102 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1103 1104 if (dlci) { 1105 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1106 if (d) { 1107 rfcomm_send_ua(s, dlci); 1108 1109 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1110 err = ECONNREFUSED; 1111 else 1112 err = ECONNRESET; 1113 1114 d->state = BT_CLOSED; 1115 __rfcomm_dlc_close(d, err); 1116 } else 1117 rfcomm_send_dm(s, dlci); 1118 1119 } else { 1120 rfcomm_send_ua(s, 0); 1121 1122 if (s->state == BT_CONNECT) 1123 err = ECONNREFUSED; 1124 else 1125 err = ECONNRESET; 1126 1127 s->state = BT_CLOSED; 1128 rfcomm_session_close(s, err); 1129 } 1130 1131 return 0; 1132 } 1133 1134 static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d) 1135 { 1136 struct sock *sk = d->session->sock->sk; 1137 1138 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) { 1139 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon)) 1140 return 1; 1141 } else if (d->link_mode & RFCOMM_LM_AUTH) { 1142 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon)) 1143 return 1; 1144 } 1145 1146 return 0; 1147 } 1148 1149 static void rfcomm_dlc_accept(struct rfcomm_dlc *d) 1150 { 1151 BT_DBG("dlc %p", d); 1152 1153 rfcomm_send_ua(d->session, d->dlci); 1154 1155 rfcomm_dlc_lock(d); 1156 d->state = BT_CONNECTED; 1157 d->state_change(d, 0); 1158 rfcomm_dlc_unlock(d); 1159 1160 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1161 } 1162 1163 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci) 1164 { 1165 struct rfcomm_dlc *d; 1166 u8 channel; 1167 1168 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1169 1170 if (!dlci) { 1171 rfcomm_send_ua(s, 0); 1172 1173 if (s->state == BT_OPEN) { 1174 s->state = BT_CONNECTED; 1175 rfcomm_process_connect(s); 1176 } 1177 return 0; 1178 } 1179 1180 /* Check if DLC exists */ 1181 d = rfcomm_dlc_get(s, dlci); 1182 if (d) { 1183 if (d->state == BT_OPEN) { 1184 /* DLC was previously opened by PN request */ 1185 if (rfcomm_check_link_mode(d)) { 1186 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1187 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1188 return 0; 1189 } 1190 1191 rfcomm_dlc_accept(d); 1192 } 1193 return 0; 1194 } 1195 1196 /* Notify socket layer about incoming connection */ 1197 channel = __srv_channel(dlci); 1198 if (rfcomm_connect_ind(s, channel, &d)) { 1199 d->dlci = dlci; 1200 d->addr = __addr(s->initiator, dlci); 1201 rfcomm_dlc_link(s, d); 1202 1203 if (rfcomm_check_link_mode(d)) { 1204 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1205 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1206 return 0; 1207 } 1208 1209 rfcomm_dlc_accept(d); 1210 } else { 1211 rfcomm_send_dm(s, dlci); 1212 } 1213 1214 return 0; 1215 } 1216 1217 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn) 1218 { 1219 struct rfcomm_session *s = d->session; 1220 1221 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d", 1222 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits); 1223 1224 if (pn->flow_ctrl == 0xf0 || pn->flow_ctrl == 0xe0) { 1225 d->cfc = s->cfc = RFCOMM_CFC_ENABLED; 1226 d->tx_credits = pn->credits; 1227 } else { 1228 d->cfc = s->cfc = RFCOMM_CFC_DISABLED; 1229 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1230 } 1231 1232 d->priority = pn->priority; 1233 1234 d->mtu = s->mtu = btohs(pn->mtu); 1235 1236 return 0; 1237 } 1238 1239 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1240 { 1241 struct rfcomm_pn *pn = (void *) skb->data; 1242 struct rfcomm_dlc *d; 1243 u8 dlci = pn->dlci; 1244 1245 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1246 1247 if (!dlci) 1248 return 0; 1249 1250 d = rfcomm_dlc_get(s, dlci); 1251 if (d) { 1252 if (cr) { 1253 /* PN request */ 1254 rfcomm_apply_pn(d, cr, pn); 1255 rfcomm_send_pn(s, 0, d); 1256 } else { 1257 /* PN response */ 1258 switch (d->state) { 1259 case BT_CONFIG: 1260 rfcomm_apply_pn(d, cr, pn); 1261 1262 d->state = BT_CONNECT; 1263 rfcomm_send_sabm(s, d->dlci); 1264 break; 1265 } 1266 } 1267 } else { 1268 u8 channel = __srv_channel(dlci); 1269 1270 if (!cr) 1271 return 0; 1272 1273 /* PN request for non existing DLC. 1274 * Assume incoming connection. */ 1275 if (rfcomm_connect_ind(s, channel, &d)) { 1276 d->dlci = dlci; 1277 d->addr = __addr(s->initiator, dlci); 1278 rfcomm_dlc_link(s, d); 1279 1280 rfcomm_apply_pn(d, cr, pn); 1281 1282 d->state = BT_OPEN; 1283 rfcomm_send_pn(s, 0, d); 1284 } else { 1285 rfcomm_send_dm(s, dlci); 1286 } 1287 } 1288 return 0; 1289 } 1290 1291 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb) 1292 { 1293 struct rfcomm_rpn *rpn = (void *) skb->data; 1294 u8 dlci = __get_dlci(rpn->dlci); 1295 1296 u8 bit_rate = 0; 1297 u8 data_bits = 0; 1298 u8 stop_bits = 0; 1299 u8 parity = 0; 1300 u8 flow_ctrl = 0; 1301 u8 xon_char = 0; 1302 u8 xoff_char = 0; 1303 u16 rpn_mask = RFCOMM_RPN_PM_ALL; 1304 1305 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x", 1306 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl, 1307 rpn->xon_char, rpn->xoff_char, rpn->param_mask); 1308 1309 if (!cr) 1310 return 0; 1311 1312 if (len == 1) { 1313 /* This is a request, return default settings */ 1314 bit_rate = RFCOMM_RPN_BR_115200; 1315 data_bits = RFCOMM_RPN_DATA_8; 1316 stop_bits = RFCOMM_RPN_STOP_1; 1317 parity = RFCOMM_RPN_PARITY_NONE; 1318 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1319 xon_char = RFCOMM_RPN_XON_CHAR; 1320 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1321 goto rpn_out; 1322 } 1323 1324 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit, 1325 * no parity, no flow control lines, normal XON/XOFF chars */ 1326 1327 if (rpn->param_mask & RFCOMM_RPN_PM_BITRATE) { 1328 bit_rate = rpn->bit_rate; 1329 if (bit_rate != RFCOMM_RPN_BR_115200) { 1330 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate); 1331 bit_rate = RFCOMM_RPN_BR_115200; 1332 rpn_mask ^= RFCOMM_RPN_PM_BITRATE; 1333 } 1334 } 1335 1336 if (rpn->param_mask & RFCOMM_RPN_PM_DATA) { 1337 data_bits = __get_rpn_data_bits(rpn->line_settings); 1338 if (data_bits != RFCOMM_RPN_DATA_8) { 1339 BT_DBG("RPN data bits mismatch 0x%x", data_bits); 1340 data_bits = RFCOMM_RPN_DATA_8; 1341 rpn_mask ^= RFCOMM_RPN_PM_DATA; 1342 } 1343 } 1344 1345 if (rpn->param_mask & RFCOMM_RPN_PM_STOP) { 1346 stop_bits = __get_rpn_stop_bits(rpn->line_settings); 1347 if (stop_bits != RFCOMM_RPN_STOP_1) { 1348 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits); 1349 stop_bits = RFCOMM_RPN_STOP_1; 1350 rpn_mask ^= RFCOMM_RPN_PM_STOP; 1351 } 1352 } 1353 1354 if (rpn->param_mask & RFCOMM_RPN_PM_PARITY) { 1355 parity = __get_rpn_parity(rpn->line_settings); 1356 if (parity != RFCOMM_RPN_PARITY_NONE) { 1357 BT_DBG("RPN parity mismatch 0x%x", parity); 1358 parity = RFCOMM_RPN_PARITY_NONE; 1359 rpn_mask ^= RFCOMM_RPN_PM_PARITY; 1360 } 1361 } 1362 1363 if (rpn->param_mask & RFCOMM_RPN_PM_FLOW) { 1364 flow_ctrl = rpn->flow_ctrl; 1365 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) { 1366 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl); 1367 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1368 rpn_mask ^= RFCOMM_RPN_PM_FLOW; 1369 } 1370 } 1371 1372 if (rpn->param_mask & RFCOMM_RPN_PM_XON) { 1373 xon_char = rpn->xon_char; 1374 if (xon_char != RFCOMM_RPN_XON_CHAR) { 1375 BT_DBG("RPN XON char mismatch 0x%x", xon_char); 1376 xon_char = RFCOMM_RPN_XON_CHAR; 1377 rpn_mask ^= RFCOMM_RPN_PM_XON; 1378 } 1379 } 1380 1381 if (rpn->param_mask & RFCOMM_RPN_PM_XOFF) { 1382 xoff_char = rpn->xoff_char; 1383 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) { 1384 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char); 1385 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1386 rpn_mask ^= RFCOMM_RPN_PM_XOFF; 1387 } 1388 } 1389 1390 rpn_out: 1391 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits, 1392 parity, flow_ctrl, xon_char, xoff_char, rpn_mask); 1393 1394 return 0; 1395 } 1396 1397 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1398 { 1399 struct rfcomm_rls *rls = (void *) skb->data; 1400 u8 dlci = __get_dlci(rls->dlci); 1401 1402 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status); 1403 1404 if (!cr) 1405 return 0; 1406 1407 /* We should probably do something with this information here. But 1408 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's 1409 * mandatory to recognise and respond to RLS */ 1410 1411 rfcomm_send_rls(s, 0, dlci, rls->status); 1412 1413 return 0; 1414 } 1415 1416 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1417 { 1418 struct rfcomm_msc *msc = (void *) skb->data; 1419 struct rfcomm_dlc *d; 1420 u8 dlci = __get_dlci(msc->dlci); 1421 1422 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig); 1423 1424 d = rfcomm_dlc_get(s, dlci); 1425 if (!d) 1426 return 0; 1427 1428 if (cr) { 1429 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc) 1430 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1431 else 1432 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1433 1434 rfcomm_dlc_lock(d); 1435 if (d->modem_status) 1436 d->modem_status(d, msc->v24_sig); 1437 rfcomm_dlc_unlock(d); 1438 1439 rfcomm_send_msc(s, 0, dlci, msc->v24_sig); 1440 1441 d->mscex |= RFCOMM_MSCEX_RX; 1442 } else 1443 d->mscex |= RFCOMM_MSCEX_TX; 1444 1445 return 0; 1446 } 1447 1448 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb) 1449 { 1450 struct rfcomm_mcc *mcc = (void *) skb->data; 1451 u8 type, cr, len; 1452 1453 cr = __test_cr(mcc->type); 1454 type = __get_mcc_type(mcc->type); 1455 len = __get_mcc_len(mcc->len); 1456 1457 BT_DBG("%p type 0x%x cr %d", s, type, cr); 1458 1459 skb_pull(skb, 2); 1460 1461 switch (type) { 1462 case RFCOMM_PN: 1463 rfcomm_recv_pn(s, cr, skb); 1464 break; 1465 1466 case RFCOMM_RPN: 1467 rfcomm_recv_rpn(s, cr, len, skb); 1468 break; 1469 1470 case RFCOMM_RLS: 1471 rfcomm_recv_rls(s, cr, skb); 1472 break; 1473 1474 case RFCOMM_MSC: 1475 rfcomm_recv_msc(s, cr, skb); 1476 break; 1477 1478 case RFCOMM_FCOFF: 1479 if (cr) { 1480 set_bit(RFCOMM_TX_THROTTLED, &s->flags); 1481 rfcomm_send_fcoff(s, 0); 1482 } 1483 break; 1484 1485 case RFCOMM_FCON: 1486 if (cr) { 1487 clear_bit(RFCOMM_TX_THROTTLED, &s->flags); 1488 rfcomm_send_fcon(s, 0); 1489 } 1490 break; 1491 1492 case RFCOMM_TEST: 1493 if (cr) 1494 rfcomm_send_test(s, 0, skb->data, skb->len); 1495 break; 1496 1497 case RFCOMM_NSC: 1498 break; 1499 1500 default: 1501 BT_ERR("Unknown control type 0x%02x", type); 1502 rfcomm_send_nsc(s, cr, type); 1503 break; 1504 } 1505 return 0; 1506 } 1507 1508 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb) 1509 { 1510 struct rfcomm_dlc *d; 1511 1512 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf); 1513 1514 d = rfcomm_dlc_get(s, dlci); 1515 if (!d) { 1516 rfcomm_send_dm(s, dlci); 1517 goto drop; 1518 } 1519 1520 if (pf && d->cfc) { 1521 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1); 1522 1523 d->tx_credits += credits; 1524 if (d->tx_credits) 1525 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1526 } 1527 1528 if (skb->len && d->state == BT_CONNECTED) { 1529 rfcomm_dlc_lock(d); 1530 d->rx_credits--; 1531 d->data_ready(d, skb); 1532 rfcomm_dlc_unlock(d); 1533 return 0; 1534 } 1535 1536 drop: 1537 kfree_skb(skb); 1538 return 0; 1539 } 1540 1541 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb) 1542 { 1543 struct rfcomm_hdr *hdr = (void *) skb->data; 1544 u8 type, dlci, fcs; 1545 1546 dlci = __get_dlci(hdr->addr); 1547 type = __get_type(hdr->ctrl); 1548 1549 /* Trim FCS */ 1550 skb->len--; skb->tail--; 1551 fcs = *(u8 *) skb->tail; 1552 1553 if (__check_fcs(skb->data, type, fcs)) { 1554 BT_ERR("bad checksum in packet"); 1555 kfree_skb(skb); 1556 return -EILSEQ; 1557 } 1558 1559 if (__test_ea(hdr->len)) 1560 skb_pull(skb, 3); 1561 else 1562 skb_pull(skb, 4); 1563 1564 switch (type) { 1565 case RFCOMM_SABM: 1566 if (__test_pf(hdr->ctrl)) 1567 rfcomm_recv_sabm(s, dlci); 1568 break; 1569 1570 case RFCOMM_DISC: 1571 if (__test_pf(hdr->ctrl)) 1572 rfcomm_recv_disc(s, dlci); 1573 break; 1574 1575 case RFCOMM_UA: 1576 if (__test_pf(hdr->ctrl)) 1577 rfcomm_recv_ua(s, dlci); 1578 break; 1579 1580 case RFCOMM_DM: 1581 rfcomm_recv_dm(s, dlci); 1582 break; 1583 1584 case RFCOMM_UIH: 1585 if (dlci) 1586 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb); 1587 1588 rfcomm_recv_mcc(s, skb); 1589 break; 1590 1591 default: 1592 BT_ERR("Unknown packet type 0x%02x\n", type); 1593 break; 1594 } 1595 kfree_skb(skb); 1596 return 0; 1597 } 1598 1599 /* ---- Connection and data processing ---- */ 1600 1601 static void rfcomm_process_connect(struct rfcomm_session *s) 1602 { 1603 struct rfcomm_dlc *d; 1604 struct list_head *p, *n; 1605 1606 BT_DBG("session %p state %ld", s, s->state); 1607 1608 list_for_each_safe(p, n, &s->dlcs) { 1609 d = list_entry(p, struct rfcomm_dlc, list); 1610 if (d->state == BT_CONFIG) { 1611 d->mtu = s->mtu; 1612 rfcomm_send_pn(s, 1, d); 1613 } 1614 } 1615 } 1616 1617 /* Send data queued for the DLC. 1618 * Return number of frames left in the queue. 1619 */ 1620 static inline int rfcomm_process_tx(struct rfcomm_dlc *d) 1621 { 1622 struct sk_buff *skb; 1623 int err; 1624 1625 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d", 1626 d, d->state, d->cfc, d->rx_credits, d->tx_credits); 1627 1628 /* Send pending MSC */ 1629 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags)) 1630 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1631 1632 if (d->cfc) { 1633 /* CFC enabled. 1634 * Give them some credits */ 1635 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) && 1636 d->rx_credits <= (d->cfc >> 2)) { 1637 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits); 1638 d->rx_credits = d->cfc; 1639 } 1640 } else { 1641 /* CFC disabled. 1642 * Give ourselves some credits */ 1643 d->tx_credits = 5; 1644 } 1645 1646 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 1647 return skb_queue_len(&d->tx_queue); 1648 1649 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) { 1650 err = rfcomm_send_frame(d->session, skb->data, skb->len); 1651 if (err < 0) { 1652 skb_queue_head(&d->tx_queue, skb); 1653 break; 1654 } 1655 kfree_skb(skb); 1656 d->tx_credits--; 1657 } 1658 1659 if (d->cfc && !d->tx_credits) { 1660 /* We're out of TX credits. 1661 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */ 1662 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1663 } 1664 1665 return skb_queue_len(&d->tx_queue); 1666 } 1667 1668 static inline void rfcomm_process_dlcs(struct rfcomm_session *s) 1669 { 1670 struct rfcomm_dlc *d; 1671 struct list_head *p, *n; 1672 1673 BT_DBG("session %p state %ld", s, s->state); 1674 1675 list_for_each_safe(p, n, &s->dlcs) { 1676 d = list_entry(p, struct rfcomm_dlc, list); 1677 1678 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) { 1679 __rfcomm_dlc_close(d, ETIMEDOUT); 1680 continue; 1681 } 1682 1683 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) { 1684 rfcomm_dlc_clear_timer(d); 1685 rfcomm_dlc_accept(d); 1686 if (d->link_mode & RFCOMM_LM_SECURE) { 1687 struct sock *sk = s->sock->sk; 1688 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon); 1689 } 1690 continue; 1691 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) { 1692 rfcomm_dlc_clear_timer(d); 1693 rfcomm_send_dm(s, d->dlci); 1694 __rfcomm_dlc_close(d, ECONNREFUSED); 1695 continue; 1696 } 1697 1698 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags)) 1699 continue; 1700 1701 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) && 1702 d->mscex == RFCOMM_MSCEX_OK) 1703 rfcomm_process_tx(d); 1704 } 1705 } 1706 1707 static inline void rfcomm_process_rx(struct rfcomm_session *s) 1708 { 1709 struct socket *sock = s->sock; 1710 struct sock *sk = sock->sk; 1711 struct sk_buff *skb; 1712 1713 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue)); 1714 1715 /* Get data directly from socket receive queue without copying it. */ 1716 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 1717 skb_orphan(skb); 1718 rfcomm_recv_frame(s, skb); 1719 } 1720 1721 if (sk->sk_state == BT_CLOSED) { 1722 if (!s->initiator) 1723 rfcomm_session_put(s); 1724 1725 rfcomm_session_close(s, sk->sk_err); 1726 } 1727 } 1728 1729 static inline void rfcomm_accept_connection(struct rfcomm_session *s) 1730 { 1731 struct socket *sock = s->sock, *nsock; 1732 int err; 1733 1734 /* Fast check for a new connection. 1735 * Avoids unnesesary socket allocations. */ 1736 if (list_empty(&bt_sk(sock->sk)->accept_q)) 1737 return; 1738 1739 BT_DBG("session %p", s); 1740 1741 if (sock_create_lite(PF_BLUETOOTH, sock->type, BTPROTO_L2CAP, &nsock)) 1742 return; 1743 1744 nsock->ops = sock->ops; 1745 1746 __module_get(nsock->ops->owner); 1747 1748 err = sock->ops->accept(sock, nsock, O_NONBLOCK); 1749 if (err < 0) { 1750 sock_release(nsock); 1751 return; 1752 } 1753 1754 /* Set our callbacks */ 1755 nsock->sk->sk_data_ready = rfcomm_l2data_ready; 1756 nsock->sk->sk_state_change = rfcomm_l2state_change; 1757 1758 s = rfcomm_session_add(nsock, BT_OPEN); 1759 if (s) { 1760 rfcomm_session_hold(s); 1761 rfcomm_schedule(RFCOMM_SCHED_RX); 1762 } else 1763 sock_release(nsock); 1764 } 1765 1766 static inline void rfcomm_check_connection(struct rfcomm_session *s) 1767 { 1768 struct sock *sk = s->sock->sk; 1769 1770 BT_DBG("%p state %ld", s, s->state); 1771 1772 switch(sk->sk_state) { 1773 case BT_CONNECTED: 1774 s->state = BT_CONNECT; 1775 1776 /* We can adjust MTU on outgoing sessions. 1777 * L2CAP MTU minus UIH header and FCS. */ 1778 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5; 1779 1780 rfcomm_send_sabm(s, 0); 1781 break; 1782 1783 case BT_CLOSED: 1784 s->state = BT_CLOSED; 1785 rfcomm_session_close(s, sk->sk_err); 1786 break; 1787 } 1788 } 1789 1790 static inline void rfcomm_process_sessions(void) 1791 { 1792 struct list_head *p, *n; 1793 1794 rfcomm_lock(); 1795 1796 list_for_each_safe(p, n, &session_list) { 1797 struct rfcomm_session *s; 1798 s = list_entry(p, struct rfcomm_session, list); 1799 1800 if (s->state == BT_LISTEN) { 1801 rfcomm_accept_connection(s); 1802 continue; 1803 } 1804 1805 rfcomm_session_hold(s); 1806 1807 switch (s->state) { 1808 case BT_BOUND: 1809 rfcomm_check_connection(s); 1810 break; 1811 1812 default: 1813 rfcomm_process_rx(s); 1814 break; 1815 } 1816 1817 rfcomm_process_dlcs(s); 1818 1819 rfcomm_session_put(s); 1820 } 1821 1822 rfcomm_unlock(); 1823 } 1824 1825 static void rfcomm_worker(void) 1826 { 1827 BT_DBG(""); 1828 1829 while (!atomic_read(&terminate)) { 1830 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) { 1831 /* No pending events. Let's sleep. 1832 * Incoming connections and data will wake us up. */ 1833 set_current_state(TASK_INTERRUPTIBLE); 1834 schedule(); 1835 } 1836 1837 /* Process stuff */ 1838 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 1839 rfcomm_process_sessions(); 1840 } 1841 set_current_state(TASK_RUNNING); 1842 return; 1843 } 1844 1845 static int rfcomm_add_listener(bdaddr_t *ba) 1846 { 1847 struct sockaddr_l2 addr; 1848 struct socket *sock; 1849 struct sock *sk; 1850 struct rfcomm_session *s; 1851 int err = 0; 1852 1853 /* Create socket */ 1854 err = rfcomm_l2sock_create(&sock); 1855 if (err < 0) { 1856 BT_ERR("Create socket failed %d", err); 1857 return err; 1858 } 1859 1860 /* Bind socket */ 1861 bacpy(&addr.l2_bdaddr, ba); 1862 addr.l2_family = AF_BLUETOOTH; 1863 addr.l2_psm = htobs(RFCOMM_PSM); 1864 err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 1865 if (err < 0) { 1866 BT_ERR("Bind failed %d", err); 1867 goto failed; 1868 } 1869 1870 /* Set L2CAP options */ 1871 sk = sock->sk; 1872 lock_sock(sk); 1873 l2cap_pi(sk)->imtu = l2cap_mtu; 1874 release_sock(sk); 1875 1876 /* Start listening on the socket */ 1877 err = sock->ops->listen(sock, 10); 1878 if (err) { 1879 BT_ERR("Listen failed %d", err); 1880 goto failed; 1881 } 1882 1883 /* Add listening session */ 1884 s = rfcomm_session_add(sock, BT_LISTEN); 1885 if (!s) 1886 goto failed; 1887 1888 rfcomm_session_hold(s); 1889 return 0; 1890 failed: 1891 sock_release(sock); 1892 return err; 1893 } 1894 1895 static void rfcomm_kill_listener(void) 1896 { 1897 struct rfcomm_session *s; 1898 struct list_head *p, *n; 1899 1900 BT_DBG(""); 1901 1902 list_for_each_safe(p, n, &session_list) { 1903 s = list_entry(p, struct rfcomm_session, list); 1904 rfcomm_session_del(s); 1905 } 1906 } 1907 1908 static int rfcomm_run(void *unused) 1909 { 1910 rfcomm_thread = current; 1911 1912 atomic_inc(&running); 1913 1914 daemonize("krfcommd"); 1915 set_user_nice(current, -10); 1916 current->flags |= PF_NOFREEZE; 1917 1918 BT_DBG(""); 1919 1920 rfcomm_add_listener(BDADDR_ANY); 1921 1922 rfcomm_worker(); 1923 1924 rfcomm_kill_listener(); 1925 1926 atomic_dec(&running); 1927 return 0; 1928 } 1929 1930 static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status) 1931 { 1932 struct rfcomm_session *s; 1933 struct rfcomm_dlc *d; 1934 struct list_head *p, *n; 1935 1936 BT_DBG("conn %p status 0x%02x", conn, status); 1937 1938 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); 1939 if (!s) 1940 return; 1941 1942 rfcomm_session_hold(s); 1943 1944 list_for_each_safe(p, n, &s->dlcs) { 1945 d = list_entry(p, struct rfcomm_dlc, list); 1946 1947 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) 1948 continue; 1949 1950 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 1951 continue; 1952 1953 if (!status) 1954 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 1955 else 1956 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 1957 } 1958 1959 rfcomm_session_put(s); 1960 1961 rfcomm_schedule(RFCOMM_SCHED_AUTH); 1962 } 1963 1964 static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt) 1965 { 1966 struct rfcomm_session *s; 1967 struct rfcomm_dlc *d; 1968 struct list_head *p, *n; 1969 1970 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt); 1971 1972 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); 1973 if (!s) 1974 return; 1975 1976 rfcomm_session_hold(s); 1977 1978 list_for_each_safe(p, n, &s->dlcs) { 1979 d = list_entry(p, struct rfcomm_dlc, list); 1980 1981 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 1982 continue; 1983 1984 if (!status && encrypt) 1985 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 1986 else 1987 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 1988 } 1989 1990 rfcomm_session_put(s); 1991 1992 rfcomm_schedule(RFCOMM_SCHED_AUTH); 1993 } 1994 1995 static struct hci_cb rfcomm_cb = { 1996 .name = "RFCOMM", 1997 .auth_cfm = rfcomm_auth_cfm, 1998 .encrypt_cfm = rfcomm_encrypt_cfm 1999 }; 2000 2001 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf) 2002 { 2003 struct rfcomm_session *s; 2004 struct list_head *pp, *p; 2005 char *str = buf; 2006 2007 rfcomm_lock(); 2008 2009 list_for_each(p, &session_list) { 2010 s = list_entry(p, struct rfcomm_session, list); 2011 list_for_each(pp, &s->dlcs) { 2012 struct sock *sk = s->sock->sk; 2013 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list); 2014 2015 str += sprintf(str, "%s %s %ld %d %d %d %d\n", 2016 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), 2017 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits); 2018 } 2019 } 2020 2021 rfcomm_unlock(); 2022 2023 return (str - buf); 2024 } 2025 2026 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL); 2027 2028 /* ---- Initialization ---- */ 2029 static int __init rfcomm_init(void) 2030 { 2031 l2cap_load(); 2032 2033 hci_register_cb(&rfcomm_cb); 2034 2035 kernel_thread(rfcomm_run, NULL, CLONE_KERNEL); 2036 2037 class_create_file(&bt_class, &class_attr_rfcomm_dlc); 2038 2039 rfcomm_init_sockets(); 2040 2041 #ifdef CONFIG_BT_RFCOMM_TTY 2042 rfcomm_init_ttys(); 2043 #endif 2044 2045 BT_INFO("RFCOMM ver %s", VERSION); 2046 2047 return 0; 2048 } 2049 2050 static void __exit rfcomm_exit(void) 2051 { 2052 class_remove_file(&bt_class, &class_attr_rfcomm_dlc); 2053 2054 hci_unregister_cb(&rfcomm_cb); 2055 2056 /* Terminate working thread. 2057 * ie. Set terminate flag and wake it up */ 2058 atomic_inc(&terminate); 2059 rfcomm_schedule(RFCOMM_SCHED_STATE); 2060 2061 /* Wait until thread is running */ 2062 while (atomic_read(&running)) 2063 schedule(); 2064 2065 #ifdef CONFIG_BT_RFCOMM_TTY 2066 rfcomm_cleanup_ttys(); 2067 #endif 2068 2069 rfcomm_cleanup_sockets(); 2070 } 2071 2072 module_init(rfcomm_init); 2073 module_exit(rfcomm_exit); 2074 2075 module_param(l2cap_mtu, uint, 0644); 2076 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection"); 2077 2078 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>"); 2079 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION); 2080 MODULE_VERSION(VERSION); 2081 MODULE_LICENSE("GPL"); 2082 MODULE_ALIAS("bt-proto-3"); 2083