1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * Bluetooth RFCOMM core. 26 * 27 * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $ 28 */ 29 30 #include <linux/config.h> 31 #include <linux/module.h> 32 #include <linux/errno.h> 33 #include <linux/kernel.h> 34 #include <linux/sched.h> 35 #include <linux/signal.h> 36 #include <linux/init.h> 37 #include <linux/wait.h> 38 #include <linux/device.h> 39 #include <linux/net.h> 40 #include <linux/mutex.h> 41 42 #include <net/sock.h> 43 #include <asm/uaccess.h> 44 #include <asm/unaligned.h> 45 46 #include <net/bluetooth/bluetooth.h> 47 #include <net/bluetooth/hci_core.h> 48 #include <net/bluetooth/l2cap.h> 49 #include <net/bluetooth/rfcomm.h> 50 51 #ifndef CONFIG_BT_RFCOMM_DEBUG 52 #undef BT_DBG 53 #define BT_DBG(D...) 54 #endif 55 56 #define VERSION "1.7" 57 58 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU; 59 60 static struct task_struct *rfcomm_thread; 61 62 static DEFINE_MUTEX(rfcomm_mutex); 63 #define rfcomm_lock() mutex_lock(&rfcomm_mutex) 64 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex) 65 66 static unsigned long rfcomm_event; 67 68 static LIST_HEAD(session_list); 69 static atomic_t terminate, running; 70 71 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len); 72 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci); 73 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci); 74 static int rfcomm_queue_disc(struct rfcomm_dlc *d); 75 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type); 76 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d); 77 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig); 78 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len); 79 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits); 80 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr); 81 82 static void rfcomm_process_connect(struct rfcomm_session *s); 83 84 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err); 85 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst); 86 static void rfcomm_session_del(struct rfcomm_session *s); 87 88 /* ---- RFCOMM frame parsing macros ---- */ 89 #define __get_dlci(b) ((b & 0xfc) >> 2) 90 #define __get_channel(b) ((b & 0xf8) >> 3) 91 #define __get_dir(b) ((b & 0x04) >> 2) 92 #define __get_type(b) ((b & 0xef)) 93 94 #define __test_ea(b) ((b & 0x01)) 95 #define __test_cr(b) ((b & 0x02)) 96 #define __test_pf(b) ((b & 0x10)) 97 98 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01) 99 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4))) 100 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir) 101 #define __srv_channel(dlci) (dlci >> 1) 102 #define __dir(dlci) (dlci & 0x01) 103 104 #define __len8(len) (((len) << 1) | 1) 105 #define __len16(len) ((len) << 1) 106 107 /* MCC macros */ 108 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01)) 109 #define __get_mcc_type(b) ((b & 0xfc) >> 2) 110 #define __get_mcc_len(b) ((b & 0xfe) >> 1) 111 112 /* RPN macros */ 113 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3)) 114 #define __get_rpn_data_bits(line) ((line) & 0x3) 115 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1) 116 #define __get_rpn_parity(line) (((line) >> 3) & 0x7) 117 118 static inline void rfcomm_schedule(uint event) 119 { 120 if (!rfcomm_thread) 121 return; 122 //set_bit(event, &rfcomm_event); 123 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 124 wake_up_process(rfcomm_thread); 125 } 126 127 static inline void rfcomm_session_put(struct rfcomm_session *s) 128 { 129 if (atomic_dec_and_test(&s->refcnt)) 130 rfcomm_session_del(s); 131 } 132 133 /* ---- RFCOMM FCS computation ---- */ 134 135 /* reversed, 8-bit, poly=0x07 */ 136 static unsigned char rfcomm_crc_table[256] = { 137 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75, 138 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b, 139 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69, 140 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67, 141 142 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d, 143 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43, 144 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51, 145 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f, 146 147 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05, 148 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b, 149 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19, 150 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17, 151 152 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d, 153 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33, 154 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21, 155 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f, 156 157 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95, 158 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b, 159 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89, 160 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87, 161 162 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad, 163 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3, 164 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1, 165 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf, 166 167 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5, 168 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb, 169 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9, 170 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7, 171 172 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd, 173 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3, 174 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1, 175 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf 176 }; 177 178 /* CRC on 2 bytes */ 179 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]]) 180 181 /* FCS on 2 bytes */ 182 static inline u8 __fcs(u8 *data) 183 { 184 return (0xff - __crc(data)); 185 } 186 187 /* FCS on 3 bytes */ 188 static inline u8 __fcs2(u8 *data) 189 { 190 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]); 191 } 192 193 /* Check FCS */ 194 static inline int __check_fcs(u8 *data, int type, u8 fcs) 195 { 196 u8 f = __crc(data); 197 198 if (type != RFCOMM_UIH) 199 f = rfcomm_crc_table[f ^ data[2]]; 200 201 return rfcomm_crc_table[f ^ fcs] != 0xcf; 202 } 203 204 /* ---- L2CAP callbacks ---- */ 205 static void rfcomm_l2state_change(struct sock *sk) 206 { 207 BT_DBG("%p state %d", sk, sk->sk_state); 208 rfcomm_schedule(RFCOMM_SCHED_STATE); 209 } 210 211 static void rfcomm_l2data_ready(struct sock *sk, int bytes) 212 { 213 BT_DBG("%p bytes %d", sk, bytes); 214 rfcomm_schedule(RFCOMM_SCHED_RX); 215 } 216 217 static int rfcomm_l2sock_create(struct socket **sock) 218 { 219 int err; 220 221 BT_DBG(""); 222 223 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock); 224 if (!err) { 225 struct sock *sk = (*sock)->sk; 226 sk->sk_data_ready = rfcomm_l2data_ready; 227 sk->sk_state_change = rfcomm_l2state_change; 228 } 229 return err; 230 } 231 232 /* ---- RFCOMM DLCs ---- */ 233 static void rfcomm_dlc_timeout(unsigned long arg) 234 { 235 struct rfcomm_dlc *d = (void *) arg; 236 237 BT_DBG("dlc %p state %ld", d, d->state); 238 239 set_bit(RFCOMM_TIMED_OUT, &d->flags); 240 rfcomm_dlc_put(d); 241 rfcomm_schedule(RFCOMM_SCHED_TIMEO); 242 } 243 244 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout) 245 { 246 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout); 247 248 if (!mod_timer(&d->timer, jiffies + timeout)) 249 rfcomm_dlc_hold(d); 250 } 251 252 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d) 253 { 254 BT_DBG("dlc %p state %ld", d, d->state); 255 256 if (timer_pending(&d->timer) && del_timer(&d->timer)) 257 rfcomm_dlc_put(d); 258 } 259 260 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d) 261 { 262 BT_DBG("%p", d); 263 264 d->state = BT_OPEN; 265 d->flags = 0; 266 d->mscex = 0; 267 d->mtu = RFCOMM_DEFAULT_MTU; 268 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV; 269 270 d->cfc = RFCOMM_CFC_DISABLED; 271 d->rx_credits = RFCOMM_DEFAULT_CREDITS; 272 } 273 274 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio) 275 { 276 struct rfcomm_dlc *d = kmalloc(sizeof(*d), prio); 277 if (!d) 278 return NULL; 279 memset(d, 0, sizeof(*d)); 280 281 init_timer(&d->timer); 282 d->timer.function = rfcomm_dlc_timeout; 283 d->timer.data = (unsigned long) d; 284 285 skb_queue_head_init(&d->tx_queue); 286 spin_lock_init(&d->lock); 287 atomic_set(&d->refcnt, 1); 288 289 rfcomm_dlc_clear_state(d); 290 291 BT_DBG("%p", d); 292 return d; 293 } 294 295 void rfcomm_dlc_free(struct rfcomm_dlc *d) 296 { 297 BT_DBG("%p", d); 298 299 skb_queue_purge(&d->tx_queue); 300 kfree(d); 301 } 302 303 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d) 304 { 305 BT_DBG("dlc %p session %p", d, s); 306 307 rfcomm_session_hold(s); 308 309 rfcomm_dlc_hold(d); 310 list_add(&d->list, &s->dlcs); 311 d->session = s; 312 } 313 314 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d) 315 { 316 struct rfcomm_session *s = d->session; 317 318 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s); 319 320 list_del(&d->list); 321 d->session = NULL; 322 rfcomm_dlc_put(d); 323 324 rfcomm_session_put(s); 325 } 326 327 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci) 328 { 329 struct rfcomm_dlc *d; 330 struct list_head *p; 331 332 list_for_each(p, &s->dlcs) { 333 d = list_entry(p, struct rfcomm_dlc, list); 334 if (d->dlci == dlci) 335 return d; 336 } 337 return NULL; 338 } 339 340 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 341 { 342 struct rfcomm_session *s; 343 int err = 0; 344 u8 dlci; 345 346 BT_DBG("dlc %p state %ld %s %s channel %d", 347 d, d->state, batostr(src), batostr(dst), channel); 348 349 if (channel < 1 || channel > 30) 350 return -EINVAL; 351 352 if (d->state != BT_OPEN && d->state != BT_CLOSED) 353 return 0; 354 355 s = rfcomm_session_get(src, dst); 356 if (!s) { 357 s = rfcomm_session_create(src, dst, &err); 358 if (!s) 359 return err; 360 } 361 362 dlci = __dlci(!s->initiator, channel); 363 364 /* Check if DLCI already exists */ 365 if (rfcomm_dlc_get(s, dlci)) 366 return -EBUSY; 367 368 rfcomm_dlc_clear_state(d); 369 370 d->dlci = dlci; 371 d->addr = __addr(s->initiator, dlci); 372 d->priority = 7; 373 374 d->state = BT_CONFIG; 375 rfcomm_dlc_link(s, d); 376 377 d->mtu = s->mtu; 378 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc; 379 380 if (s->state == BT_CONNECTED) 381 rfcomm_send_pn(s, 1, d); 382 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 383 return 0; 384 } 385 386 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 387 { 388 int r; 389 390 rfcomm_lock(); 391 392 r = __rfcomm_dlc_open(d, src, dst, channel); 393 394 rfcomm_unlock(); 395 return r; 396 } 397 398 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 399 { 400 struct rfcomm_session *s = d->session; 401 if (!s) 402 return 0; 403 404 BT_DBG("dlc %p state %ld dlci %d err %d session %p", 405 d, d->state, d->dlci, err, s); 406 407 switch (d->state) { 408 case BT_CONNECTED: 409 case BT_CONFIG: 410 case BT_CONNECT: 411 d->state = BT_DISCONN; 412 if (skb_queue_empty(&d->tx_queue)) { 413 rfcomm_send_disc(s, d->dlci); 414 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT); 415 } else { 416 rfcomm_queue_disc(d); 417 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2); 418 } 419 break; 420 421 default: 422 rfcomm_dlc_clear_timer(d); 423 424 rfcomm_dlc_lock(d); 425 d->state = BT_CLOSED; 426 d->state_change(d, err); 427 rfcomm_dlc_unlock(d); 428 429 skb_queue_purge(&d->tx_queue); 430 rfcomm_dlc_unlink(d); 431 } 432 433 return 0; 434 } 435 436 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 437 { 438 int r; 439 440 rfcomm_lock(); 441 442 r = __rfcomm_dlc_close(d, err); 443 444 rfcomm_unlock(); 445 return r; 446 } 447 448 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb) 449 { 450 int len = skb->len; 451 452 if (d->state != BT_CONNECTED) 453 return -ENOTCONN; 454 455 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len); 456 457 if (len > d->mtu) 458 return -EINVAL; 459 460 rfcomm_make_uih(skb, d->addr); 461 skb_queue_tail(&d->tx_queue, skb); 462 463 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 464 rfcomm_schedule(RFCOMM_SCHED_TX); 465 return len; 466 } 467 468 void fastcall __rfcomm_dlc_throttle(struct rfcomm_dlc *d) 469 { 470 BT_DBG("dlc %p state %ld", d, d->state); 471 472 if (!d->cfc) { 473 d->v24_sig |= RFCOMM_V24_FC; 474 set_bit(RFCOMM_MSC_PENDING, &d->flags); 475 } 476 rfcomm_schedule(RFCOMM_SCHED_TX); 477 } 478 479 void fastcall __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d) 480 { 481 BT_DBG("dlc %p state %ld", d, d->state); 482 483 if (!d->cfc) { 484 d->v24_sig &= ~RFCOMM_V24_FC; 485 set_bit(RFCOMM_MSC_PENDING, &d->flags); 486 } 487 rfcomm_schedule(RFCOMM_SCHED_TX); 488 } 489 490 /* 491 Set/get modem status functions use _local_ status i.e. what we report 492 to the other side. 493 Remote status is provided by dlc->modem_status() callback. 494 */ 495 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig) 496 { 497 BT_DBG("dlc %p state %ld v24_sig 0x%x", 498 d, d->state, v24_sig); 499 500 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags)) 501 v24_sig |= RFCOMM_V24_FC; 502 else 503 v24_sig &= ~RFCOMM_V24_FC; 504 505 d->v24_sig = v24_sig; 506 507 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags)) 508 rfcomm_schedule(RFCOMM_SCHED_TX); 509 510 return 0; 511 } 512 513 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig) 514 { 515 BT_DBG("dlc %p state %ld v24_sig 0x%x", 516 d, d->state, d->v24_sig); 517 518 *v24_sig = d->v24_sig; 519 return 0; 520 } 521 522 /* ---- RFCOMM sessions ---- */ 523 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state) 524 { 525 struct rfcomm_session *s = kmalloc(sizeof(*s), GFP_KERNEL); 526 if (!s) 527 return NULL; 528 memset(s, 0, sizeof(*s)); 529 530 BT_DBG("session %p sock %p", s, sock); 531 532 INIT_LIST_HEAD(&s->dlcs); 533 s->state = state; 534 s->sock = sock; 535 536 s->mtu = RFCOMM_DEFAULT_MTU; 537 s->cfc = RFCOMM_CFC_UNKNOWN; 538 539 /* Do not increment module usage count for listening sessions. 540 * Otherwise we won't be able to unload the module. */ 541 if (state != BT_LISTEN) 542 if (!try_module_get(THIS_MODULE)) { 543 kfree(s); 544 return NULL; 545 } 546 547 list_add(&s->list, &session_list); 548 549 return s; 550 } 551 552 static void rfcomm_session_del(struct rfcomm_session *s) 553 { 554 int state = s->state; 555 556 BT_DBG("session %p state %ld", s, s->state); 557 558 list_del(&s->list); 559 560 if (state == BT_CONNECTED) 561 rfcomm_send_disc(s, 0); 562 563 sock_release(s->sock); 564 kfree(s); 565 566 if (state != BT_LISTEN) 567 module_put(THIS_MODULE); 568 } 569 570 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst) 571 { 572 struct rfcomm_session *s; 573 struct list_head *p, *n; 574 struct bt_sock *sk; 575 list_for_each_safe(p, n, &session_list) { 576 s = list_entry(p, struct rfcomm_session, list); 577 sk = bt_sk(s->sock->sk); 578 579 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) && 580 !bacmp(&sk->dst, dst)) 581 return s; 582 } 583 return NULL; 584 } 585 586 static void rfcomm_session_close(struct rfcomm_session *s, int err) 587 { 588 struct rfcomm_dlc *d; 589 struct list_head *p, *n; 590 591 BT_DBG("session %p state %ld err %d", s, s->state, err); 592 593 rfcomm_session_hold(s); 594 595 s->state = BT_CLOSED; 596 597 /* Close all dlcs */ 598 list_for_each_safe(p, n, &s->dlcs) { 599 d = list_entry(p, struct rfcomm_dlc, list); 600 d->state = BT_CLOSED; 601 __rfcomm_dlc_close(d, err); 602 } 603 604 rfcomm_session_put(s); 605 } 606 607 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err) 608 { 609 struct rfcomm_session *s = NULL; 610 struct sockaddr_l2 addr; 611 struct socket *sock; 612 struct sock *sk; 613 614 BT_DBG("%s %s", batostr(src), batostr(dst)); 615 616 *err = rfcomm_l2sock_create(&sock); 617 if (*err < 0) 618 return NULL; 619 620 bacpy(&addr.l2_bdaddr, src); 621 addr.l2_family = AF_BLUETOOTH; 622 addr.l2_psm = 0; 623 *err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 624 if (*err < 0) 625 goto failed; 626 627 /* Set L2CAP options */ 628 sk = sock->sk; 629 lock_sock(sk); 630 l2cap_pi(sk)->imtu = l2cap_mtu; 631 release_sock(sk); 632 633 s = rfcomm_session_add(sock, BT_BOUND); 634 if (!s) { 635 *err = -ENOMEM; 636 goto failed; 637 } 638 639 s->initiator = 1; 640 641 bacpy(&addr.l2_bdaddr, dst); 642 addr.l2_family = AF_BLUETOOTH; 643 addr.l2_psm = htobs(RFCOMM_PSM); 644 *err = sock->ops->connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); 645 if (*err == 0 || *err == -EAGAIN) 646 return s; 647 648 rfcomm_session_del(s); 649 return NULL; 650 651 failed: 652 sock_release(sock); 653 return NULL; 654 } 655 656 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst) 657 { 658 struct sock *sk = s->sock->sk; 659 if (src) 660 bacpy(src, &bt_sk(sk)->src); 661 if (dst) 662 bacpy(dst, &bt_sk(sk)->dst); 663 } 664 665 /* ---- RFCOMM frame sending ---- */ 666 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len) 667 { 668 struct socket *sock = s->sock; 669 struct kvec iv = { data, len }; 670 struct msghdr msg; 671 672 BT_DBG("session %p len %d", s, len); 673 674 memset(&msg, 0, sizeof(msg)); 675 676 return kernel_sendmsg(sock, &msg, &iv, 1, len); 677 } 678 679 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci) 680 { 681 struct rfcomm_cmd cmd; 682 683 BT_DBG("%p dlci %d", s, dlci); 684 685 cmd.addr = __addr(s->initiator, dlci); 686 cmd.ctrl = __ctrl(RFCOMM_SABM, 1); 687 cmd.len = __len8(0); 688 cmd.fcs = __fcs2((u8 *) &cmd); 689 690 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 691 } 692 693 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci) 694 { 695 struct rfcomm_cmd cmd; 696 697 BT_DBG("%p dlci %d", s, dlci); 698 699 cmd.addr = __addr(!s->initiator, dlci); 700 cmd.ctrl = __ctrl(RFCOMM_UA, 1); 701 cmd.len = __len8(0); 702 cmd.fcs = __fcs2((u8 *) &cmd); 703 704 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 705 } 706 707 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci) 708 { 709 struct rfcomm_cmd cmd; 710 711 BT_DBG("%p dlci %d", s, dlci); 712 713 cmd.addr = __addr(s->initiator, dlci); 714 cmd.ctrl = __ctrl(RFCOMM_DISC, 1); 715 cmd.len = __len8(0); 716 cmd.fcs = __fcs2((u8 *) &cmd); 717 718 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 719 } 720 721 static int rfcomm_queue_disc(struct rfcomm_dlc *d) 722 { 723 struct rfcomm_cmd *cmd; 724 struct sk_buff *skb; 725 726 BT_DBG("dlc %p dlci %d", d, d->dlci); 727 728 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL); 729 if (!skb) 730 return -ENOMEM; 731 732 cmd = (void *) __skb_put(skb, sizeof(*cmd)); 733 cmd->addr = d->addr; 734 cmd->ctrl = __ctrl(RFCOMM_DISC, 1); 735 cmd->len = __len8(0); 736 cmd->fcs = __fcs2((u8 *) cmd); 737 738 skb_queue_tail(&d->tx_queue, skb); 739 rfcomm_schedule(RFCOMM_SCHED_TX); 740 return 0; 741 } 742 743 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci) 744 { 745 struct rfcomm_cmd cmd; 746 747 BT_DBG("%p dlci %d", s, dlci); 748 749 cmd.addr = __addr(!s->initiator, dlci); 750 cmd.ctrl = __ctrl(RFCOMM_DM, 1); 751 cmd.len = __len8(0); 752 cmd.fcs = __fcs2((u8 *) &cmd); 753 754 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 755 } 756 757 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type) 758 { 759 struct rfcomm_hdr *hdr; 760 struct rfcomm_mcc *mcc; 761 u8 buf[16], *ptr = buf; 762 763 BT_DBG("%p cr %d type %d", s, cr, type); 764 765 hdr = (void *) ptr; ptr += sizeof(*hdr); 766 hdr->addr = __addr(s->initiator, 0); 767 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 768 hdr->len = __len8(sizeof(*mcc) + 1); 769 770 mcc = (void *) ptr; ptr += sizeof(*mcc); 771 mcc->type = __mcc_type(cr, RFCOMM_NSC); 772 mcc->len = __len8(1); 773 774 /* Type that we didn't like */ 775 *ptr = __mcc_type(cr, type); ptr++; 776 777 *ptr = __fcs(buf); ptr++; 778 779 return rfcomm_send_frame(s, buf, ptr - buf); 780 } 781 782 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d) 783 { 784 struct rfcomm_hdr *hdr; 785 struct rfcomm_mcc *mcc; 786 struct rfcomm_pn *pn; 787 u8 buf[16], *ptr = buf; 788 789 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu); 790 791 hdr = (void *) ptr; ptr += sizeof(*hdr); 792 hdr->addr = __addr(s->initiator, 0); 793 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 794 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn)); 795 796 mcc = (void *) ptr; ptr += sizeof(*mcc); 797 mcc->type = __mcc_type(cr, RFCOMM_PN); 798 mcc->len = __len8(sizeof(*pn)); 799 800 pn = (void *) ptr; ptr += sizeof(*pn); 801 pn->dlci = d->dlci; 802 pn->priority = d->priority; 803 pn->ack_timer = 0; 804 pn->max_retrans = 0; 805 806 if (s->cfc) { 807 pn->flow_ctrl = cr ? 0xf0 : 0xe0; 808 pn->credits = RFCOMM_DEFAULT_CREDITS; 809 } else { 810 pn->flow_ctrl = 0; 811 pn->credits = 0; 812 } 813 814 pn->mtu = htobs(d->mtu); 815 816 *ptr = __fcs(buf); ptr++; 817 818 return rfcomm_send_frame(s, buf, ptr - buf); 819 } 820 821 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci, 822 u8 bit_rate, u8 data_bits, u8 stop_bits, 823 u8 parity, u8 flow_ctrl_settings, 824 u8 xon_char, u8 xoff_char, u16 param_mask) 825 { 826 struct rfcomm_hdr *hdr; 827 struct rfcomm_mcc *mcc; 828 struct rfcomm_rpn *rpn; 829 u8 buf[16], *ptr = buf; 830 831 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x" 832 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x", 833 s, cr, dlci, bit_rate, data_bits, stop_bits, parity, 834 flow_ctrl_settings, xon_char, xoff_char, param_mask); 835 836 hdr = (void *) ptr; ptr += sizeof(*hdr); 837 hdr->addr = __addr(s->initiator, 0); 838 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 839 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn)); 840 841 mcc = (void *) ptr; ptr += sizeof(*mcc); 842 mcc->type = __mcc_type(cr, RFCOMM_RPN); 843 mcc->len = __len8(sizeof(*rpn)); 844 845 rpn = (void *) ptr; ptr += sizeof(*rpn); 846 rpn->dlci = __addr(1, dlci); 847 rpn->bit_rate = bit_rate; 848 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity); 849 rpn->flow_ctrl = flow_ctrl_settings; 850 rpn->xon_char = xon_char; 851 rpn->xoff_char = xoff_char; 852 rpn->param_mask = param_mask; 853 854 *ptr = __fcs(buf); ptr++; 855 856 return rfcomm_send_frame(s, buf, ptr - buf); 857 } 858 859 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status) 860 { 861 struct rfcomm_hdr *hdr; 862 struct rfcomm_mcc *mcc; 863 struct rfcomm_rls *rls; 864 u8 buf[16], *ptr = buf; 865 866 BT_DBG("%p cr %d status 0x%x", s, cr, status); 867 868 hdr = (void *) ptr; ptr += sizeof(*hdr); 869 hdr->addr = __addr(s->initiator, 0); 870 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 871 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls)); 872 873 mcc = (void *) ptr; ptr += sizeof(*mcc); 874 mcc->type = __mcc_type(cr, RFCOMM_RLS); 875 mcc->len = __len8(sizeof(*rls)); 876 877 rls = (void *) ptr; ptr += sizeof(*rls); 878 rls->dlci = __addr(1, dlci); 879 rls->status = status; 880 881 *ptr = __fcs(buf); ptr++; 882 883 return rfcomm_send_frame(s, buf, ptr - buf); 884 } 885 886 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig) 887 { 888 struct rfcomm_hdr *hdr; 889 struct rfcomm_mcc *mcc; 890 struct rfcomm_msc *msc; 891 u8 buf[16], *ptr = buf; 892 893 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig); 894 895 hdr = (void *) ptr; ptr += sizeof(*hdr); 896 hdr->addr = __addr(s->initiator, 0); 897 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 898 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc)); 899 900 mcc = (void *) ptr; ptr += sizeof(*mcc); 901 mcc->type = __mcc_type(cr, RFCOMM_MSC); 902 mcc->len = __len8(sizeof(*msc)); 903 904 msc = (void *) ptr; ptr += sizeof(*msc); 905 msc->dlci = __addr(1, dlci); 906 msc->v24_sig = v24_sig | 0x01; 907 908 *ptr = __fcs(buf); ptr++; 909 910 return rfcomm_send_frame(s, buf, ptr - buf); 911 } 912 913 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr) 914 { 915 struct rfcomm_hdr *hdr; 916 struct rfcomm_mcc *mcc; 917 u8 buf[16], *ptr = buf; 918 919 BT_DBG("%p cr %d", s, cr); 920 921 hdr = (void *) ptr; ptr += sizeof(*hdr); 922 hdr->addr = __addr(s->initiator, 0); 923 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 924 hdr->len = __len8(sizeof(*mcc)); 925 926 mcc = (void *) ptr; ptr += sizeof(*mcc); 927 mcc->type = __mcc_type(cr, RFCOMM_FCOFF); 928 mcc->len = __len8(0); 929 930 *ptr = __fcs(buf); ptr++; 931 932 return rfcomm_send_frame(s, buf, ptr - buf); 933 } 934 935 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr) 936 { 937 struct rfcomm_hdr *hdr; 938 struct rfcomm_mcc *mcc; 939 u8 buf[16], *ptr = buf; 940 941 BT_DBG("%p cr %d", s, cr); 942 943 hdr = (void *) ptr; ptr += sizeof(*hdr); 944 hdr->addr = __addr(s->initiator, 0); 945 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 946 hdr->len = __len8(sizeof(*mcc)); 947 948 mcc = (void *) ptr; ptr += sizeof(*mcc); 949 mcc->type = __mcc_type(cr, RFCOMM_FCON); 950 mcc->len = __len8(0); 951 952 *ptr = __fcs(buf); ptr++; 953 954 return rfcomm_send_frame(s, buf, ptr - buf); 955 } 956 957 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len) 958 { 959 struct socket *sock = s->sock; 960 struct kvec iv[3]; 961 struct msghdr msg; 962 unsigned char hdr[5], crc[1]; 963 964 if (len > 125) 965 return -EINVAL; 966 967 BT_DBG("%p cr %d", s, cr); 968 969 hdr[0] = __addr(s->initiator, 0); 970 hdr[1] = __ctrl(RFCOMM_UIH, 0); 971 hdr[2] = 0x01 | ((len + 2) << 1); 972 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2); 973 hdr[4] = 0x01 | (len << 1); 974 975 crc[0] = __fcs(hdr); 976 977 iv[0].iov_base = hdr; 978 iv[0].iov_len = 5; 979 iv[1].iov_base = pattern; 980 iv[1].iov_len = len; 981 iv[2].iov_base = crc; 982 iv[2].iov_len = 1; 983 984 memset(&msg, 0, sizeof(msg)); 985 986 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len); 987 } 988 989 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits) 990 { 991 struct rfcomm_hdr *hdr; 992 u8 buf[16], *ptr = buf; 993 994 BT_DBG("%p addr %d credits %d", s, addr, credits); 995 996 hdr = (void *) ptr; ptr += sizeof(*hdr); 997 hdr->addr = addr; 998 hdr->ctrl = __ctrl(RFCOMM_UIH, 1); 999 hdr->len = __len8(0); 1000 1001 *ptr = credits; ptr++; 1002 1003 *ptr = __fcs(buf); ptr++; 1004 1005 return rfcomm_send_frame(s, buf, ptr - buf); 1006 } 1007 1008 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr) 1009 { 1010 struct rfcomm_hdr *hdr; 1011 int len = skb->len; 1012 u8 *crc; 1013 1014 if (len > 127) { 1015 hdr = (void *) skb_push(skb, 4); 1016 put_unaligned(htobs(__len16(len)), (u16 *) &hdr->len); 1017 } else { 1018 hdr = (void *) skb_push(skb, 3); 1019 hdr->len = __len8(len); 1020 } 1021 hdr->addr = addr; 1022 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1023 1024 crc = skb_put(skb, 1); 1025 *crc = __fcs((void *) hdr); 1026 } 1027 1028 /* ---- RFCOMM frame reception ---- */ 1029 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci) 1030 { 1031 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1032 1033 if (dlci) { 1034 /* Data channel */ 1035 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1036 if (!d) { 1037 rfcomm_send_dm(s, dlci); 1038 return 0; 1039 } 1040 1041 switch (d->state) { 1042 case BT_CONNECT: 1043 rfcomm_dlc_clear_timer(d); 1044 1045 rfcomm_dlc_lock(d); 1046 d->state = BT_CONNECTED; 1047 d->state_change(d, 0); 1048 rfcomm_dlc_unlock(d); 1049 1050 rfcomm_send_msc(s, 1, dlci, d->v24_sig); 1051 break; 1052 1053 case BT_DISCONN: 1054 d->state = BT_CLOSED; 1055 __rfcomm_dlc_close(d, 0); 1056 break; 1057 } 1058 } else { 1059 /* Control channel */ 1060 switch (s->state) { 1061 case BT_CONNECT: 1062 s->state = BT_CONNECTED; 1063 rfcomm_process_connect(s); 1064 break; 1065 } 1066 } 1067 return 0; 1068 } 1069 1070 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci) 1071 { 1072 int err = 0; 1073 1074 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1075 1076 if (dlci) { 1077 /* Data DLC */ 1078 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1079 if (d) { 1080 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1081 err = ECONNREFUSED; 1082 else 1083 err = ECONNRESET; 1084 1085 d->state = BT_CLOSED; 1086 __rfcomm_dlc_close(d, err); 1087 } 1088 } else { 1089 if (s->state == BT_CONNECT) 1090 err = ECONNREFUSED; 1091 else 1092 err = ECONNRESET; 1093 1094 s->state = BT_CLOSED; 1095 rfcomm_session_close(s, err); 1096 } 1097 return 0; 1098 } 1099 1100 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci) 1101 { 1102 int err = 0; 1103 1104 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1105 1106 if (dlci) { 1107 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1108 if (d) { 1109 rfcomm_send_ua(s, dlci); 1110 1111 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1112 err = ECONNREFUSED; 1113 else 1114 err = ECONNRESET; 1115 1116 d->state = BT_CLOSED; 1117 __rfcomm_dlc_close(d, err); 1118 } else 1119 rfcomm_send_dm(s, dlci); 1120 1121 } else { 1122 rfcomm_send_ua(s, 0); 1123 1124 if (s->state == BT_CONNECT) 1125 err = ECONNREFUSED; 1126 else 1127 err = ECONNRESET; 1128 1129 s->state = BT_CLOSED; 1130 rfcomm_session_close(s, err); 1131 } 1132 1133 return 0; 1134 } 1135 1136 static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d) 1137 { 1138 struct sock *sk = d->session->sock->sk; 1139 1140 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) { 1141 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon)) 1142 return 1; 1143 } else if (d->link_mode & RFCOMM_LM_AUTH) { 1144 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon)) 1145 return 1; 1146 } 1147 1148 return 0; 1149 } 1150 1151 static void rfcomm_dlc_accept(struct rfcomm_dlc *d) 1152 { 1153 BT_DBG("dlc %p", d); 1154 1155 rfcomm_send_ua(d->session, d->dlci); 1156 1157 rfcomm_dlc_lock(d); 1158 d->state = BT_CONNECTED; 1159 d->state_change(d, 0); 1160 rfcomm_dlc_unlock(d); 1161 1162 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1163 } 1164 1165 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci) 1166 { 1167 struct rfcomm_dlc *d; 1168 u8 channel; 1169 1170 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1171 1172 if (!dlci) { 1173 rfcomm_send_ua(s, 0); 1174 1175 if (s->state == BT_OPEN) { 1176 s->state = BT_CONNECTED; 1177 rfcomm_process_connect(s); 1178 } 1179 return 0; 1180 } 1181 1182 /* Check if DLC exists */ 1183 d = rfcomm_dlc_get(s, dlci); 1184 if (d) { 1185 if (d->state == BT_OPEN) { 1186 /* DLC was previously opened by PN request */ 1187 if (rfcomm_check_link_mode(d)) { 1188 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1189 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1190 return 0; 1191 } 1192 1193 rfcomm_dlc_accept(d); 1194 } 1195 return 0; 1196 } 1197 1198 /* Notify socket layer about incoming connection */ 1199 channel = __srv_channel(dlci); 1200 if (rfcomm_connect_ind(s, channel, &d)) { 1201 d->dlci = dlci; 1202 d->addr = __addr(s->initiator, dlci); 1203 rfcomm_dlc_link(s, d); 1204 1205 if (rfcomm_check_link_mode(d)) { 1206 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1207 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1208 return 0; 1209 } 1210 1211 rfcomm_dlc_accept(d); 1212 } else { 1213 rfcomm_send_dm(s, dlci); 1214 } 1215 1216 return 0; 1217 } 1218 1219 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn) 1220 { 1221 struct rfcomm_session *s = d->session; 1222 1223 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d", 1224 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits); 1225 1226 if (pn->flow_ctrl == 0xf0 || pn->flow_ctrl == 0xe0) { 1227 d->cfc = s->cfc = RFCOMM_CFC_ENABLED; 1228 d->tx_credits = pn->credits; 1229 } else { 1230 d->cfc = s->cfc = RFCOMM_CFC_DISABLED; 1231 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1232 } 1233 1234 d->priority = pn->priority; 1235 1236 d->mtu = s->mtu = btohs(pn->mtu); 1237 1238 return 0; 1239 } 1240 1241 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1242 { 1243 struct rfcomm_pn *pn = (void *) skb->data; 1244 struct rfcomm_dlc *d; 1245 u8 dlci = pn->dlci; 1246 1247 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1248 1249 if (!dlci) 1250 return 0; 1251 1252 d = rfcomm_dlc_get(s, dlci); 1253 if (d) { 1254 if (cr) { 1255 /* PN request */ 1256 rfcomm_apply_pn(d, cr, pn); 1257 rfcomm_send_pn(s, 0, d); 1258 } else { 1259 /* PN response */ 1260 switch (d->state) { 1261 case BT_CONFIG: 1262 rfcomm_apply_pn(d, cr, pn); 1263 1264 d->state = BT_CONNECT; 1265 rfcomm_send_sabm(s, d->dlci); 1266 break; 1267 } 1268 } 1269 } else { 1270 u8 channel = __srv_channel(dlci); 1271 1272 if (!cr) 1273 return 0; 1274 1275 /* PN request for non existing DLC. 1276 * Assume incoming connection. */ 1277 if (rfcomm_connect_ind(s, channel, &d)) { 1278 d->dlci = dlci; 1279 d->addr = __addr(s->initiator, dlci); 1280 rfcomm_dlc_link(s, d); 1281 1282 rfcomm_apply_pn(d, cr, pn); 1283 1284 d->state = BT_OPEN; 1285 rfcomm_send_pn(s, 0, d); 1286 } else { 1287 rfcomm_send_dm(s, dlci); 1288 } 1289 } 1290 return 0; 1291 } 1292 1293 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb) 1294 { 1295 struct rfcomm_rpn *rpn = (void *) skb->data; 1296 u8 dlci = __get_dlci(rpn->dlci); 1297 1298 u8 bit_rate = 0; 1299 u8 data_bits = 0; 1300 u8 stop_bits = 0; 1301 u8 parity = 0; 1302 u8 flow_ctrl = 0; 1303 u8 xon_char = 0; 1304 u8 xoff_char = 0; 1305 u16 rpn_mask = RFCOMM_RPN_PM_ALL; 1306 1307 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x", 1308 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl, 1309 rpn->xon_char, rpn->xoff_char, rpn->param_mask); 1310 1311 if (!cr) 1312 return 0; 1313 1314 if (len == 1) { 1315 /* This is a request, return default settings */ 1316 bit_rate = RFCOMM_RPN_BR_115200; 1317 data_bits = RFCOMM_RPN_DATA_8; 1318 stop_bits = RFCOMM_RPN_STOP_1; 1319 parity = RFCOMM_RPN_PARITY_NONE; 1320 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1321 xon_char = RFCOMM_RPN_XON_CHAR; 1322 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1323 goto rpn_out; 1324 } 1325 1326 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit, 1327 * no parity, no flow control lines, normal XON/XOFF chars */ 1328 1329 if (rpn->param_mask & RFCOMM_RPN_PM_BITRATE) { 1330 bit_rate = rpn->bit_rate; 1331 if (bit_rate != RFCOMM_RPN_BR_115200) { 1332 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate); 1333 bit_rate = RFCOMM_RPN_BR_115200; 1334 rpn_mask ^= RFCOMM_RPN_PM_BITRATE; 1335 } 1336 } 1337 1338 if (rpn->param_mask & RFCOMM_RPN_PM_DATA) { 1339 data_bits = __get_rpn_data_bits(rpn->line_settings); 1340 if (data_bits != RFCOMM_RPN_DATA_8) { 1341 BT_DBG("RPN data bits mismatch 0x%x", data_bits); 1342 data_bits = RFCOMM_RPN_DATA_8; 1343 rpn_mask ^= RFCOMM_RPN_PM_DATA; 1344 } 1345 } 1346 1347 if (rpn->param_mask & RFCOMM_RPN_PM_STOP) { 1348 stop_bits = __get_rpn_stop_bits(rpn->line_settings); 1349 if (stop_bits != RFCOMM_RPN_STOP_1) { 1350 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits); 1351 stop_bits = RFCOMM_RPN_STOP_1; 1352 rpn_mask ^= RFCOMM_RPN_PM_STOP; 1353 } 1354 } 1355 1356 if (rpn->param_mask & RFCOMM_RPN_PM_PARITY) { 1357 parity = __get_rpn_parity(rpn->line_settings); 1358 if (parity != RFCOMM_RPN_PARITY_NONE) { 1359 BT_DBG("RPN parity mismatch 0x%x", parity); 1360 parity = RFCOMM_RPN_PARITY_NONE; 1361 rpn_mask ^= RFCOMM_RPN_PM_PARITY; 1362 } 1363 } 1364 1365 if (rpn->param_mask & RFCOMM_RPN_PM_FLOW) { 1366 flow_ctrl = rpn->flow_ctrl; 1367 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) { 1368 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl); 1369 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1370 rpn_mask ^= RFCOMM_RPN_PM_FLOW; 1371 } 1372 } 1373 1374 if (rpn->param_mask & RFCOMM_RPN_PM_XON) { 1375 xon_char = rpn->xon_char; 1376 if (xon_char != RFCOMM_RPN_XON_CHAR) { 1377 BT_DBG("RPN XON char mismatch 0x%x", xon_char); 1378 xon_char = RFCOMM_RPN_XON_CHAR; 1379 rpn_mask ^= RFCOMM_RPN_PM_XON; 1380 } 1381 } 1382 1383 if (rpn->param_mask & RFCOMM_RPN_PM_XOFF) { 1384 xoff_char = rpn->xoff_char; 1385 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) { 1386 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char); 1387 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1388 rpn_mask ^= RFCOMM_RPN_PM_XOFF; 1389 } 1390 } 1391 1392 rpn_out: 1393 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits, 1394 parity, flow_ctrl, xon_char, xoff_char, rpn_mask); 1395 1396 return 0; 1397 } 1398 1399 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1400 { 1401 struct rfcomm_rls *rls = (void *) skb->data; 1402 u8 dlci = __get_dlci(rls->dlci); 1403 1404 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status); 1405 1406 if (!cr) 1407 return 0; 1408 1409 /* We should probably do something with this information here. But 1410 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's 1411 * mandatory to recognise and respond to RLS */ 1412 1413 rfcomm_send_rls(s, 0, dlci, rls->status); 1414 1415 return 0; 1416 } 1417 1418 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1419 { 1420 struct rfcomm_msc *msc = (void *) skb->data; 1421 struct rfcomm_dlc *d; 1422 u8 dlci = __get_dlci(msc->dlci); 1423 1424 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig); 1425 1426 d = rfcomm_dlc_get(s, dlci); 1427 if (!d) 1428 return 0; 1429 1430 if (cr) { 1431 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc) 1432 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1433 else 1434 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1435 1436 rfcomm_dlc_lock(d); 1437 if (d->modem_status) 1438 d->modem_status(d, msc->v24_sig); 1439 rfcomm_dlc_unlock(d); 1440 1441 rfcomm_send_msc(s, 0, dlci, msc->v24_sig); 1442 1443 d->mscex |= RFCOMM_MSCEX_RX; 1444 } else 1445 d->mscex |= RFCOMM_MSCEX_TX; 1446 1447 return 0; 1448 } 1449 1450 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb) 1451 { 1452 struct rfcomm_mcc *mcc = (void *) skb->data; 1453 u8 type, cr, len; 1454 1455 cr = __test_cr(mcc->type); 1456 type = __get_mcc_type(mcc->type); 1457 len = __get_mcc_len(mcc->len); 1458 1459 BT_DBG("%p type 0x%x cr %d", s, type, cr); 1460 1461 skb_pull(skb, 2); 1462 1463 switch (type) { 1464 case RFCOMM_PN: 1465 rfcomm_recv_pn(s, cr, skb); 1466 break; 1467 1468 case RFCOMM_RPN: 1469 rfcomm_recv_rpn(s, cr, len, skb); 1470 break; 1471 1472 case RFCOMM_RLS: 1473 rfcomm_recv_rls(s, cr, skb); 1474 break; 1475 1476 case RFCOMM_MSC: 1477 rfcomm_recv_msc(s, cr, skb); 1478 break; 1479 1480 case RFCOMM_FCOFF: 1481 if (cr) { 1482 set_bit(RFCOMM_TX_THROTTLED, &s->flags); 1483 rfcomm_send_fcoff(s, 0); 1484 } 1485 break; 1486 1487 case RFCOMM_FCON: 1488 if (cr) { 1489 clear_bit(RFCOMM_TX_THROTTLED, &s->flags); 1490 rfcomm_send_fcon(s, 0); 1491 } 1492 break; 1493 1494 case RFCOMM_TEST: 1495 if (cr) 1496 rfcomm_send_test(s, 0, skb->data, skb->len); 1497 break; 1498 1499 case RFCOMM_NSC: 1500 break; 1501 1502 default: 1503 BT_ERR("Unknown control type 0x%02x", type); 1504 rfcomm_send_nsc(s, cr, type); 1505 break; 1506 } 1507 return 0; 1508 } 1509 1510 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb) 1511 { 1512 struct rfcomm_dlc *d; 1513 1514 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf); 1515 1516 d = rfcomm_dlc_get(s, dlci); 1517 if (!d) { 1518 rfcomm_send_dm(s, dlci); 1519 goto drop; 1520 } 1521 1522 if (pf && d->cfc) { 1523 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1); 1524 1525 d->tx_credits += credits; 1526 if (d->tx_credits) 1527 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1528 } 1529 1530 if (skb->len && d->state == BT_CONNECTED) { 1531 rfcomm_dlc_lock(d); 1532 d->rx_credits--; 1533 d->data_ready(d, skb); 1534 rfcomm_dlc_unlock(d); 1535 return 0; 1536 } 1537 1538 drop: 1539 kfree_skb(skb); 1540 return 0; 1541 } 1542 1543 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb) 1544 { 1545 struct rfcomm_hdr *hdr = (void *) skb->data; 1546 u8 type, dlci, fcs; 1547 1548 dlci = __get_dlci(hdr->addr); 1549 type = __get_type(hdr->ctrl); 1550 1551 /* Trim FCS */ 1552 skb->len--; skb->tail--; 1553 fcs = *(u8 *) skb->tail; 1554 1555 if (__check_fcs(skb->data, type, fcs)) { 1556 BT_ERR("bad checksum in packet"); 1557 kfree_skb(skb); 1558 return -EILSEQ; 1559 } 1560 1561 if (__test_ea(hdr->len)) 1562 skb_pull(skb, 3); 1563 else 1564 skb_pull(skb, 4); 1565 1566 switch (type) { 1567 case RFCOMM_SABM: 1568 if (__test_pf(hdr->ctrl)) 1569 rfcomm_recv_sabm(s, dlci); 1570 break; 1571 1572 case RFCOMM_DISC: 1573 if (__test_pf(hdr->ctrl)) 1574 rfcomm_recv_disc(s, dlci); 1575 break; 1576 1577 case RFCOMM_UA: 1578 if (__test_pf(hdr->ctrl)) 1579 rfcomm_recv_ua(s, dlci); 1580 break; 1581 1582 case RFCOMM_DM: 1583 rfcomm_recv_dm(s, dlci); 1584 break; 1585 1586 case RFCOMM_UIH: 1587 if (dlci) 1588 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb); 1589 1590 rfcomm_recv_mcc(s, skb); 1591 break; 1592 1593 default: 1594 BT_ERR("Unknown packet type 0x%02x\n", type); 1595 break; 1596 } 1597 kfree_skb(skb); 1598 return 0; 1599 } 1600 1601 /* ---- Connection and data processing ---- */ 1602 1603 static void rfcomm_process_connect(struct rfcomm_session *s) 1604 { 1605 struct rfcomm_dlc *d; 1606 struct list_head *p, *n; 1607 1608 BT_DBG("session %p state %ld", s, s->state); 1609 1610 list_for_each_safe(p, n, &s->dlcs) { 1611 d = list_entry(p, struct rfcomm_dlc, list); 1612 if (d->state == BT_CONFIG) { 1613 d->mtu = s->mtu; 1614 rfcomm_send_pn(s, 1, d); 1615 } 1616 } 1617 } 1618 1619 /* Send data queued for the DLC. 1620 * Return number of frames left in the queue. 1621 */ 1622 static inline int rfcomm_process_tx(struct rfcomm_dlc *d) 1623 { 1624 struct sk_buff *skb; 1625 int err; 1626 1627 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d", 1628 d, d->state, d->cfc, d->rx_credits, d->tx_credits); 1629 1630 /* Send pending MSC */ 1631 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags)) 1632 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1633 1634 if (d->cfc) { 1635 /* CFC enabled. 1636 * Give them some credits */ 1637 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) && 1638 d->rx_credits <= (d->cfc >> 2)) { 1639 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits); 1640 d->rx_credits = d->cfc; 1641 } 1642 } else { 1643 /* CFC disabled. 1644 * Give ourselves some credits */ 1645 d->tx_credits = 5; 1646 } 1647 1648 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 1649 return skb_queue_len(&d->tx_queue); 1650 1651 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) { 1652 err = rfcomm_send_frame(d->session, skb->data, skb->len); 1653 if (err < 0) { 1654 skb_queue_head(&d->tx_queue, skb); 1655 break; 1656 } 1657 kfree_skb(skb); 1658 d->tx_credits--; 1659 } 1660 1661 if (d->cfc && !d->tx_credits) { 1662 /* We're out of TX credits. 1663 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */ 1664 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1665 } 1666 1667 return skb_queue_len(&d->tx_queue); 1668 } 1669 1670 static inline void rfcomm_process_dlcs(struct rfcomm_session *s) 1671 { 1672 struct rfcomm_dlc *d; 1673 struct list_head *p, *n; 1674 1675 BT_DBG("session %p state %ld", s, s->state); 1676 1677 list_for_each_safe(p, n, &s->dlcs) { 1678 d = list_entry(p, struct rfcomm_dlc, list); 1679 1680 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) { 1681 __rfcomm_dlc_close(d, ETIMEDOUT); 1682 continue; 1683 } 1684 1685 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) { 1686 rfcomm_dlc_clear_timer(d); 1687 rfcomm_dlc_accept(d); 1688 if (d->link_mode & RFCOMM_LM_SECURE) { 1689 struct sock *sk = s->sock->sk; 1690 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon); 1691 } 1692 continue; 1693 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) { 1694 rfcomm_dlc_clear_timer(d); 1695 rfcomm_send_dm(s, d->dlci); 1696 __rfcomm_dlc_close(d, ECONNREFUSED); 1697 continue; 1698 } 1699 1700 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags)) 1701 continue; 1702 1703 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) && 1704 d->mscex == RFCOMM_MSCEX_OK) 1705 rfcomm_process_tx(d); 1706 } 1707 } 1708 1709 static inline void rfcomm_process_rx(struct rfcomm_session *s) 1710 { 1711 struct socket *sock = s->sock; 1712 struct sock *sk = sock->sk; 1713 struct sk_buff *skb; 1714 1715 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue)); 1716 1717 /* Get data directly from socket receive queue without copying it. */ 1718 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 1719 skb_orphan(skb); 1720 rfcomm_recv_frame(s, skb); 1721 } 1722 1723 if (sk->sk_state == BT_CLOSED) { 1724 if (!s->initiator) 1725 rfcomm_session_put(s); 1726 1727 rfcomm_session_close(s, sk->sk_err); 1728 } 1729 } 1730 1731 static inline void rfcomm_accept_connection(struct rfcomm_session *s) 1732 { 1733 struct socket *sock = s->sock, *nsock; 1734 int err; 1735 1736 /* Fast check for a new connection. 1737 * Avoids unnesesary socket allocations. */ 1738 if (list_empty(&bt_sk(sock->sk)->accept_q)) 1739 return; 1740 1741 BT_DBG("session %p", s); 1742 1743 if (sock_create_lite(PF_BLUETOOTH, sock->type, BTPROTO_L2CAP, &nsock)) 1744 return; 1745 1746 nsock->ops = sock->ops; 1747 1748 __module_get(nsock->ops->owner); 1749 1750 err = sock->ops->accept(sock, nsock, O_NONBLOCK); 1751 if (err < 0) { 1752 sock_release(nsock); 1753 return; 1754 } 1755 1756 /* Set our callbacks */ 1757 nsock->sk->sk_data_ready = rfcomm_l2data_ready; 1758 nsock->sk->sk_state_change = rfcomm_l2state_change; 1759 1760 s = rfcomm_session_add(nsock, BT_OPEN); 1761 if (s) { 1762 rfcomm_session_hold(s); 1763 rfcomm_schedule(RFCOMM_SCHED_RX); 1764 } else 1765 sock_release(nsock); 1766 } 1767 1768 static inline void rfcomm_check_connection(struct rfcomm_session *s) 1769 { 1770 struct sock *sk = s->sock->sk; 1771 1772 BT_DBG("%p state %ld", s, s->state); 1773 1774 switch(sk->sk_state) { 1775 case BT_CONNECTED: 1776 s->state = BT_CONNECT; 1777 1778 /* We can adjust MTU on outgoing sessions. 1779 * L2CAP MTU minus UIH header and FCS. */ 1780 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5; 1781 1782 rfcomm_send_sabm(s, 0); 1783 break; 1784 1785 case BT_CLOSED: 1786 s->state = BT_CLOSED; 1787 rfcomm_session_close(s, sk->sk_err); 1788 break; 1789 } 1790 } 1791 1792 static inline void rfcomm_process_sessions(void) 1793 { 1794 struct list_head *p, *n; 1795 1796 rfcomm_lock(); 1797 1798 list_for_each_safe(p, n, &session_list) { 1799 struct rfcomm_session *s; 1800 s = list_entry(p, struct rfcomm_session, list); 1801 1802 if (s->state == BT_LISTEN) { 1803 rfcomm_accept_connection(s); 1804 continue; 1805 } 1806 1807 rfcomm_session_hold(s); 1808 1809 switch (s->state) { 1810 case BT_BOUND: 1811 rfcomm_check_connection(s); 1812 break; 1813 1814 default: 1815 rfcomm_process_rx(s); 1816 break; 1817 } 1818 1819 rfcomm_process_dlcs(s); 1820 1821 rfcomm_session_put(s); 1822 } 1823 1824 rfcomm_unlock(); 1825 } 1826 1827 static void rfcomm_worker(void) 1828 { 1829 BT_DBG(""); 1830 1831 while (!atomic_read(&terminate)) { 1832 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) { 1833 /* No pending events. Let's sleep. 1834 * Incoming connections and data will wake us up. */ 1835 set_current_state(TASK_INTERRUPTIBLE); 1836 schedule(); 1837 } 1838 1839 /* Process stuff */ 1840 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 1841 rfcomm_process_sessions(); 1842 } 1843 set_current_state(TASK_RUNNING); 1844 return; 1845 } 1846 1847 static int rfcomm_add_listener(bdaddr_t *ba) 1848 { 1849 struct sockaddr_l2 addr; 1850 struct socket *sock; 1851 struct sock *sk; 1852 struct rfcomm_session *s; 1853 int err = 0; 1854 1855 /* Create socket */ 1856 err = rfcomm_l2sock_create(&sock); 1857 if (err < 0) { 1858 BT_ERR("Create socket failed %d", err); 1859 return err; 1860 } 1861 1862 /* Bind socket */ 1863 bacpy(&addr.l2_bdaddr, ba); 1864 addr.l2_family = AF_BLUETOOTH; 1865 addr.l2_psm = htobs(RFCOMM_PSM); 1866 err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 1867 if (err < 0) { 1868 BT_ERR("Bind failed %d", err); 1869 goto failed; 1870 } 1871 1872 /* Set L2CAP options */ 1873 sk = sock->sk; 1874 lock_sock(sk); 1875 l2cap_pi(sk)->imtu = l2cap_mtu; 1876 release_sock(sk); 1877 1878 /* Start listening on the socket */ 1879 err = sock->ops->listen(sock, 10); 1880 if (err) { 1881 BT_ERR("Listen failed %d", err); 1882 goto failed; 1883 } 1884 1885 /* Add listening session */ 1886 s = rfcomm_session_add(sock, BT_LISTEN); 1887 if (!s) 1888 goto failed; 1889 1890 rfcomm_session_hold(s); 1891 return 0; 1892 failed: 1893 sock_release(sock); 1894 return err; 1895 } 1896 1897 static void rfcomm_kill_listener(void) 1898 { 1899 struct rfcomm_session *s; 1900 struct list_head *p, *n; 1901 1902 BT_DBG(""); 1903 1904 list_for_each_safe(p, n, &session_list) { 1905 s = list_entry(p, struct rfcomm_session, list); 1906 rfcomm_session_del(s); 1907 } 1908 } 1909 1910 static int rfcomm_run(void *unused) 1911 { 1912 rfcomm_thread = current; 1913 1914 atomic_inc(&running); 1915 1916 daemonize("krfcommd"); 1917 set_user_nice(current, -10); 1918 current->flags |= PF_NOFREEZE; 1919 1920 BT_DBG(""); 1921 1922 rfcomm_add_listener(BDADDR_ANY); 1923 1924 rfcomm_worker(); 1925 1926 rfcomm_kill_listener(); 1927 1928 atomic_dec(&running); 1929 return 0; 1930 } 1931 1932 static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status) 1933 { 1934 struct rfcomm_session *s; 1935 struct rfcomm_dlc *d; 1936 struct list_head *p, *n; 1937 1938 BT_DBG("conn %p status 0x%02x", conn, status); 1939 1940 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); 1941 if (!s) 1942 return; 1943 1944 rfcomm_session_hold(s); 1945 1946 list_for_each_safe(p, n, &s->dlcs) { 1947 d = list_entry(p, struct rfcomm_dlc, list); 1948 1949 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) 1950 continue; 1951 1952 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 1953 continue; 1954 1955 if (!status) 1956 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 1957 else 1958 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 1959 } 1960 1961 rfcomm_session_put(s); 1962 1963 rfcomm_schedule(RFCOMM_SCHED_AUTH); 1964 } 1965 1966 static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt) 1967 { 1968 struct rfcomm_session *s; 1969 struct rfcomm_dlc *d; 1970 struct list_head *p, *n; 1971 1972 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt); 1973 1974 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); 1975 if (!s) 1976 return; 1977 1978 rfcomm_session_hold(s); 1979 1980 list_for_each_safe(p, n, &s->dlcs) { 1981 d = list_entry(p, struct rfcomm_dlc, list); 1982 1983 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 1984 continue; 1985 1986 if (!status && encrypt) 1987 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 1988 else 1989 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 1990 } 1991 1992 rfcomm_session_put(s); 1993 1994 rfcomm_schedule(RFCOMM_SCHED_AUTH); 1995 } 1996 1997 static struct hci_cb rfcomm_cb = { 1998 .name = "RFCOMM", 1999 .auth_cfm = rfcomm_auth_cfm, 2000 .encrypt_cfm = rfcomm_encrypt_cfm 2001 }; 2002 2003 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf) 2004 { 2005 struct rfcomm_session *s; 2006 struct list_head *pp, *p; 2007 char *str = buf; 2008 2009 rfcomm_lock(); 2010 2011 list_for_each(p, &session_list) { 2012 s = list_entry(p, struct rfcomm_session, list); 2013 list_for_each(pp, &s->dlcs) { 2014 struct sock *sk = s->sock->sk; 2015 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list); 2016 2017 str += sprintf(str, "%s %s %ld %d %d %d %d\n", 2018 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), 2019 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits); 2020 } 2021 } 2022 2023 rfcomm_unlock(); 2024 2025 return (str - buf); 2026 } 2027 2028 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL); 2029 2030 /* ---- Initialization ---- */ 2031 static int __init rfcomm_init(void) 2032 { 2033 l2cap_load(); 2034 2035 hci_register_cb(&rfcomm_cb); 2036 2037 kernel_thread(rfcomm_run, NULL, CLONE_KERNEL); 2038 2039 class_create_file(&bt_class, &class_attr_rfcomm_dlc); 2040 2041 rfcomm_init_sockets(); 2042 2043 #ifdef CONFIG_BT_RFCOMM_TTY 2044 rfcomm_init_ttys(); 2045 #endif 2046 2047 BT_INFO("RFCOMM ver %s", VERSION); 2048 2049 return 0; 2050 } 2051 2052 static void __exit rfcomm_exit(void) 2053 { 2054 class_remove_file(&bt_class, &class_attr_rfcomm_dlc); 2055 2056 hci_unregister_cb(&rfcomm_cb); 2057 2058 /* Terminate working thread. 2059 * ie. Set terminate flag and wake it up */ 2060 atomic_inc(&terminate); 2061 rfcomm_schedule(RFCOMM_SCHED_STATE); 2062 2063 /* Wait until thread is running */ 2064 while (atomic_read(&running)) 2065 schedule(); 2066 2067 #ifdef CONFIG_BT_RFCOMM_TTY 2068 rfcomm_cleanup_ttys(); 2069 #endif 2070 2071 rfcomm_cleanup_sockets(); 2072 } 2073 2074 module_init(rfcomm_init); 2075 module_exit(rfcomm_exit); 2076 2077 module_param(l2cap_mtu, uint, 0644); 2078 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection"); 2079 2080 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>"); 2081 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION); 2082 MODULE_VERSION(VERSION); 2083 MODULE_LICENSE("GPL"); 2084 MODULE_ALIAS("bt-proto-3"); 2085