projects / openwrt / staging / blogic.git / blob
? search:


ba115d4
[openwrt/staging/blogic.git] /
1 /*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22 */
23
24 /*
25 * Bluetooth RFCOMM core.
26 */
27
28 #include <linux/module.h>
29 #include <linux/debugfs.h>
30 #include <linux/kthread.h>
31 #include <asm/unaligned.h>
32
33 #include <net/bluetooth/bluetooth.h>
34 #include <net/bluetooth/hci_core.h>
35 #include <net/bluetooth/l2cap.h>
36 #include <net/bluetooth/rfcomm.h>
37
38 #define VERSION "1.11"
39
40 static bool disable_cfc;
41 static bool l2cap_ertm;
42 static int channel_mtu = -1;
43 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
44
45 static struct task_struct *rfcomm_thread;
46
47 static DEFINE_MUTEX(rfcomm_mutex);
48 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
49 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
50
51
52 static LIST_HEAD(session_list);
53
54 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
55 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
56 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
57 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
58 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
59 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
60 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
61 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
62 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
63 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
64
65 static void rfcomm_process_connect(struct rfcomm_session *s);
66
67 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
68 bdaddr_t *dst,
69 u8 sec_level,
70 int *err);
71 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
72 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s);
73
74 /* ---- RFCOMM frame parsing macros ---- */
75 #define __get_dlci(b) ((b & 0xfc) >> 2)
76 #define __get_channel(b) ((b & 0xf8) >> 3)
77 #define __get_dir(b) ((b & 0x04) >> 2)
78 #define __get_type(b) ((b & 0xef))
79
80 #define __test_ea(b) ((b & 0x01))
81 #define __test_cr(b) ((b & 0x02))
82 #define __test_pf(b) ((b & 0x10))
83
84 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
85 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
86 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
87 #define __srv_channel(dlci) (dlci >> 1)
88 #define __dir(dlci) (dlci & 0x01)
89
90 #define __len8(len) (((len) << 1) | 1)
91 #define __len16(len) ((len) << 1)
92
93 /* MCC macros */
94 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
95 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
96 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
97
98 /* RPN macros */
99 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
100 #define __get_rpn_data_bits(line) ((line) & 0x3)
101 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
102 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
103
104 static void rfcomm_schedule(void)
105 {
106 if (!rfcomm_thread)
107 return;
108 wake_up_process(rfcomm_thread);
109 }
110
111 /* ---- RFCOMM FCS computation ---- */
112
113 /* reversed, 8-bit, poly=0x07 */
114 static unsigned char rfcomm_crc_table[256] = {
115 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
116 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
117 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
118 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
119
120 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
121 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
122 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
123 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
124
125 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
126 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
127 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
128 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
129
130 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
131 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
132 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
133 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
134
135 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
136 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
137 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
138 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
139
140 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
141 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
142 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
143 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
144
145 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
146 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
147 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
148 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
149
150 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
151 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
152 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
153 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
154 };
155
156 /* CRC on 2 bytes */
157 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
158
159 /* FCS on 2 bytes */
160 static inline u8 __fcs(u8 *data)
161 {
162 return 0xff - __crc(data);
163 }
164
165 /* FCS on 3 bytes */
166 static inline u8 __fcs2(u8 *data)
167 {
168 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
169 }
170
171 /* Check FCS */
172 static inline int __check_fcs(u8 *data, int type, u8 fcs)
173 {
174 u8 f = __crc(data);
175
176 if (type != RFCOMM_UIH)
177 f = rfcomm_crc_table[f ^ data[2]];
178
179 return rfcomm_crc_table[f ^ fcs] != 0xcf;
180 }
181
182 /* ---- L2CAP callbacks ---- */
183 static void rfcomm_l2state_change(struct sock *sk)
184 {
185 BT_DBG("%p state %d", sk, sk->sk_state);
186 rfcomm_schedule();
187 }
188
189 static void rfcomm_l2data_ready(struct sock *sk, int bytes)
190 {
191 BT_DBG("%p bytes %d", sk, bytes);
192 rfcomm_schedule();
193 }
194
195 static int rfcomm_l2sock_create(struct socket **sock)
196 {
197 int err;
198
199 BT_DBG("");
200
201 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
202 if (!err) {
203 struct sock *sk = (*sock)->sk;
204 sk->sk_data_ready = rfcomm_l2data_ready;
205 sk->sk_state_change = rfcomm_l2state_change;
206 }
207 return err;
208 }
209
210 static int rfcomm_check_security(struct rfcomm_dlc *d)
211 {
212 struct sock *sk = d->session->sock->sk;
213 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
214
215 __u8 auth_type;
216
217 switch (d->sec_level) {
218 case BT_SECURITY_HIGH:
219 case BT_SECURITY_FIPS:
220 auth_type = HCI_AT_GENERAL_BONDING_MITM;
221 break;
222 case BT_SECURITY_MEDIUM:
223 auth_type = HCI_AT_GENERAL_BONDING;
224 break;
225 default:
226 auth_type = HCI_AT_NO_BONDING;
227 break;
228 }
229
230 return hci_conn_security(conn->hcon, d->sec_level, auth_type);
231 }
232
233 static void rfcomm_session_timeout(unsigned long arg)
234 {
235 struct rfcomm_session *s = (void *) arg;
236
237 BT_DBG("session %p state %ld", s, s->state);
238
239 set_bit(RFCOMM_TIMED_OUT, &s->flags);
240 rfcomm_schedule();
241 }
242
243 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
244 {
245 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
246
247 mod_timer(&s->timer, jiffies + timeout);
248 }
249
250 static void rfcomm_session_clear_timer(struct rfcomm_session *s)
251 {
252 BT_DBG("session %p state %ld", s, s->state);
253
254 del_timer_sync(&s->timer);
255 }
256
257 /* ---- RFCOMM DLCs ---- */
258 static void rfcomm_dlc_timeout(unsigned long arg)
259 {
260 struct rfcomm_dlc *d = (void *) arg;
261
262 BT_DBG("dlc %p state %ld", d, d->state);
263
264 set_bit(RFCOMM_TIMED_OUT, &d->flags);
265 rfcomm_dlc_put(d);
266 rfcomm_schedule();
267 }
268
269 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
270 {
271 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
272
273 if (!mod_timer(&d->timer, jiffies + timeout))
274 rfcomm_dlc_hold(d);
275 }
276
277 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
278 {
279 BT_DBG("dlc %p state %ld", d, d->state);
280
281 if (del_timer(&d->timer))
282 rfcomm_dlc_put(d);
283 }
284
285 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
286 {
287 BT_DBG("%p", d);
288
289 d->state = BT_OPEN;
290 d->flags = 0;
291 d->mscex = 0;
292 d->sec_level = BT_SECURITY_LOW;
293 d->mtu = RFCOMM_DEFAULT_MTU;
294 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
295
296 d->cfc = RFCOMM_CFC_DISABLED;
297 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
298 }
299
300 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
301 {
302 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
303
304 if (!d)
305 return NULL;
306
307 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
308
309 skb_queue_head_init(&d->tx_queue);
310 spin_lock_init(&d->lock);
311 atomic_set(&d->refcnt, 1);
312
313 rfcomm_dlc_clear_state(d);
314
315 BT_DBG("%p", d);
316
317 return d;
318 }
319
320 void rfcomm_dlc_free(struct rfcomm_dlc *d)
321 {
322 BT_DBG("%p", d);
323
324 skb_queue_purge(&d->tx_queue);
325 kfree(d);
326 }
327
328 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
329 {
330 BT_DBG("dlc %p session %p", d, s);
331
332 rfcomm_session_clear_timer(s);
333 rfcomm_dlc_hold(d);
334 list_add(&d->list, &s->dlcs);
335 d->session = s;
336 }
337
338 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
339 {
340 struct rfcomm_session *s = d->session;
341
342 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
343
344 list_del(&d->list);
345 d->session = NULL;
346 rfcomm_dlc_put(d);
347
348 if (list_empty(&s->dlcs))
349 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
350 }
351
352 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
353 {
354 struct rfcomm_dlc *d;
355
356 list_for_each_entry(d, &s->dlcs, list)
357 if (d->dlci == dlci)
358 return d;
359
360 return NULL;
361 }
362
363 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
364 {
365 struct rfcomm_session *s;
366 int err = 0;
367 u8 dlci;
368
369 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d",
370 d, d->state, src, dst, channel);
371
372 if (channel < 1 || channel > 30)
373 return -EINVAL;
374
375 if (d->state != BT_OPEN && d->state != BT_CLOSED)
376 return 0;
377
378 s = rfcomm_session_get(src, dst);
379 if (!s) {
380 s = rfcomm_session_create(src, dst, d->sec_level, &err);
381 if (!s)
382 return err;
383 }
384
385 dlci = __dlci(!s->initiator, channel);
386
387 /* Check if DLCI already exists */
388 if (rfcomm_dlc_get(s, dlci))
389 return -EBUSY;
390
391 rfcomm_dlc_clear_state(d);
392
393 d->dlci = dlci;
394 d->addr = __addr(s->initiator, dlci);
395 d->priority = 7;
396
397 d->state = BT_CONFIG;
398 rfcomm_dlc_link(s, d);
399
400 d->out = 1;
401
402 d->mtu = s->mtu;
403 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
404
405 if (s->state == BT_CONNECTED) {
406 if (rfcomm_check_security(d))
407 rfcomm_send_pn(s, 1, d);
408 else
409 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
410 }
411
412 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
413
414 return 0;
415 }
416
417 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
418 {
419 int r;
420
421 rfcomm_lock();
422
423 r = __rfcomm_dlc_open(d, src, dst, channel);
424
425 rfcomm_unlock();
426 return r;
427 }
428
429 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
430 {
431 struct rfcomm_session *s = d->session;
432 if (!s)
433 return 0;
434
435 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
436 d, d->state, d->dlci, err, s);
437
438 switch (d->state) {
439 case BT_CONNECT:
440 case BT_CONFIG:
441 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
442 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
443 rfcomm_schedule();
444 break;
445 }
446 /* Fall through */
447
448 case BT_CONNECTED:
449 d->state = BT_DISCONN;
450 if (skb_queue_empty(&d->tx_queue)) {
451 rfcomm_send_disc(s, d->dlci);
452 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
453 } else {
454 rfcomm_queue_disc(d);
455 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
456 }
457 break;
458
459 case BT_OPEN:
460 case BT_CONNECT2:
461 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
462 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
463 rfcomm_schedule();
464 break;
465 }
466 /* Fall through */
467
468 default:
469 rfcomm_dlc_clear_timer(d);
470
471 rfcomm_dlc_lock(d);
472 d->state = BT_CLOSED;
473 d->state_change(d, err);
474 rfcomm_dlc_unlock(d);
475
476 skb_queue_purge(&d->tx_queue);
477 rfcomm_dlc_unlink(d);
478 }
479
480 return 0;
481 }
482
483 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
484 {
485 int r = 0;
486 struct rfcomm_dlc *d_list;
487 struct rfcomm_session *s, *s_list;
488
489 BT_DBG("dlc %p state %ld dlci %d err %d", d, d->state, d->dlci, err);
490
491 rfcomm_lock();
492
493 s = d->session;
494 if (!s)
495 goto no_session;
496
497 /* after waiting on the mutex check the session still exists
498 * then check the dlc still exists
499 */
500 list_for_each_entry(s_list, &session_list, list) {
501 if (s_list == s) {
502 list_for_each_entry(d_list, &s->dlcs, list) {
503 if (d_list == d) {
504 r = __rfcomm_dlc_close(d, err);
505 break;
506 }
507 }
508 break;
509 }
510 }
511
512 no_session:
513 rfcomm_unlock();
514 return r;
515 }
516
517 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
518 {
519 int len = skb->len;
520
521 if (d->state != BT_CONNECTED)
522 return -ENOTCONN;
523
524 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
525
526 if (len > d->mtu)
527 return -EINVAL;
528
529 rfcomm_make_uih(skb, d->addr);
530 skb_queue_tail(&d->tx_queue, skb);
531
532 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
533 rfcomm_schedule();
534 return len;
535 }
536
537 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
538 {
539 BT_DBG("dlc %p state %ld", d, d->state);
540
541 if (!d->cfc) {
542 d->v24_sig |= RFCOMM_V24_FC;
543 set_bit(RFCOMM_MSC_PENDING, &d->flags);
544 }
545 rfcomm_schedule();
546 }
547
548 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
549 {
550 BT_DBG("dlc %p state %ld", d, d->state);
551
552 if (!d->cfc) {
553 d->v24_sig &= ~RFCOMM_V24_FC;
554 set_bit(RFCOMM_MSC_PENDING, &d->flags);
555 }
556 rfcomm_schedule();
557 }
558
559 /*
560 Set/get modem status functions use _local_ status i.e. what we report
561 to the other side.
562 Remote status is provided by dlc->modem_status() callback.
563 */
564 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
565 {
566 BT_DBG("dlc %p state %ld v24_sig 0x%x",
567 d, d->state, v24_sig);
568
569 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
570 v24_sig |= RFCOMM_V24_FC;
571 else
572 v24_sig &= ~RFCOMM_V24_FC;
573
574 d->v24_sig = v24_sig;
575
576 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
577 rfcomm_schedule();
578
579 return 0;
580 }
581
582 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
583 {
584 BT_DBG("dlc %p state %ld v24_sig 0x%x",
585 d, d->state, d->v24_sig);
586
587 *v24_sig = d->v24_sig;
588 return 0;
589 }
590
591 /* ---- RFCOMM sessions ---- */
592 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
593 {
594 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
595
596 if (!s)
597 return NULL;
598
599 BT_DBG("session %p sock %p", s, sock);
600
601 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
602
603 INIT_LIST_HEAD(&s->dlcs);
604 s->state = state;
605 s->sock = sock;
606
607 s->mtu = RFCOMM_DEFAULT_MTU;
608 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
609
610 /* Do not increment module usage count for listening sessions.
611 * Otherwise we won't be able to unload the module. */
612 if (state != BT_LISTEN)
613 if (!try_module_get(THIS_MODULE)) {
614 kfree(s);
615 return NULL;
616 }
617
618 list_add(&s->list, &session_list);
619
620 return s;
621 }
622
623 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s)
624 {
625 int state = s->state;
626
627 BT_DBG("session %p state %ld", s, s->state);
628
629 list_del(&s->list);
630
631 rfcomm_session_clear_timer(s);
632 sock_release(s->sock);
633 kfree(s);
634
635 if (state != BT_LISTEN)
636 module_put(THIS_MODULE);
637
638 return NULL;
639 }
640
641 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
642 {
643 struct rfcomm_session *s;
644 struct list_head *p, *n;
645 struct l2cap_chan *chan;
646 list_for_each_safe(p, n, &session_list) {
647 s = list_entry(p, struct rfcomm_session, list);
648 chan = l2cap_pi(s->sock->sk)->chan;
649
650 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&chan->src, src)) &&
651 !bacmp(&chan->dst, dst))
652 return s;
653 }
654 return NULL;
655 }
656
657 static struct rfcomm_session *rfcomm_session_close(struct rfcomm_session *s,
658 int err)
659 {
660 struct rfcomm_dlc *d;
661 struct list_head *p, *n;
662
663 s->state = BT_CLOSED;
664
665 BT_DBG("session %p state %ld err %d", s, s->state, err);
666
667 /* Close all dlcs */
668 list_for_each_safe(p, n, &s->dlcs) {
669 d = list_entry(p, struct rfcomm_dlc, list);
670 d->state = BT_CLOSED;
671 __rfcomm_dlc_close(d, err);
672 }
673
674 rfcomm_session_clear_timer(s);
675 return rfcomm_session_del(s);
676 }
677
678 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
679 bdaddr_t *dst,
680 u8 sec_level,
681 int *err)
682 {
683 struct rfcomm_session *s = NULL;
684 struct sockaddr_l2 addr;
685 struct socket *sock;
686 struct sock *sk;
687
688 BT_DBG("%pMR -> %pMR", src, dst);
689
690 *err = rfcomm_l2sock_create(&sock);
691 if (*err < 0)
692 return NULL;
693
694 bacpy(&addr.l2_bdaddr, src);
695 addr.l2_family = AF_BLUETOOTH;
696 addr.l2_psm = 0;
697 addr.l2_cid = 0;
698 addr.l2_bdaddr_type = BDADDR_BREDR;
699 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
700 if (*err < 0)
701 goto failed;
702
703 /* Set L2CAP options */
704 sk = sock->sk;
705 lock_sock(sk);
706 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
707 l2cap_pi(sk)->chan->sec_level = sec_level;
708 if (l2cap_ertm)
709 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
710 release_sock(sk);
711
712 s = rfcomm_session_add(sock, BT_BOUND);
713 if (!s) {
714 *err = -ENOMEM;
715 goto failed;
716 }
717
718 s->initiator = 1;
719
720 bacpy(&addr.l2_bdaddr, dst);
721 addr.l2_family = AF_BLUETOOTH;
722 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
723 addr.l2_cid = 0;
724 addr.l2_bdaddr_type = BDADDR_BREDR;
725 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
726 if (*err == 0 || *err == -EINPROGRESS)
727 return s;
728
729 return rfcomm_session_del(s);
730
731 failed:
732 sock_release(sock);
733 return NULL;
734 }
735
736 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
737 {
738 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
739 if (src)
740 bacpy(src, &chan->src);
741 if (dst)
742 bacpy(dst, &chan->dst);
743 }
744
745 /* ---- RFCOMM frame sending ---- */
746 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
747 {
748 struct kvec iv = { data, len };
749 struct msghdr msg;
750
751 BT_DBG("session %p len %d", s, len);
752
753 memset(&msg, 0, sizeof(msg));
754
755 return kernel_sendmsg(s->sock, &msg, &iv, 1, len);
756 }
757
758 static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd)
759 {
760 BT_DBG("%p cmd %u", s, cmd->ctrl);
761
762 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd));
763 }
764
765 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
766 {
767 struct rfcomm_cmd cmd;
768
769 BT_DBG("%p dlci %d", s, dlci);
770
771 cmd.addr = __addr(s->initiator, dlci);
772 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
773 cmd.len = __len8(0);
774 cmd.fcs = __fcs2((u8 *) &cmd);
775
776 return rfcomm_send_cmd(s, &cmd);
777 }
778
779 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
780 {
781 struct rfcomm_cmd cmd;
782
783 BT_DBG("%p dlci %d", s, dlci);
784
785 cmd.addr = __addr(!s->initiator, dlci);
786 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
787 cmd.len = __len8(0);
788 cmd.fcs = __fcs2((u8 *) &cmd);
789
790 return rfcomm_send_cmd(s, &cmd);
791 }
792
793 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
794 {
795 struct rfcomm_cmd cmd;
796
797 BT_DBG("%p dlci %d", s, dlci);
798
799 cmd.addr = __addr(s->initiator, dlci);
800 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
801 cmd.len = __len8(0);
802 cmd.fcs = __fcs2((u8 *) &cmd);
803
804 return rfcomm_send_cmd(s, &cmd);
805 }
806
807 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
808 {
809 struct rfcomm_cmd *cmd;
810 struct sk_buff *skb;
811
812 BT_DBG("dlc %p dlci %d", d, d->dlci);
813
814 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
815 if (!skb)
816 return -ENOMEM;
817
818 cmd = (void *) __skb_put(skb, sizeof(*cmd));
819 cmd->addr = d->addr;
820 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
821 cmd->len = __len8(0);
822 cmd->fcs = __fcs2((u8 *) cmd);
823
824 skb_queue_tail(&d->tx_queue, skb);
825 rfcomm_schedule();
826 return 0;
827 }
828
829 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
830 {
831 struct rfcomm_cmd cmd;
832
833 BT_DBG("%p dlci %d", s, dlci);
834
835 cmd.addr = __addr(!s->initiator, dlci);
836 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
837 cmd.len = __len8(0);
838 cmd.fcs = __fcs2((u8 *) &cmd);
839
840 return rfcomm_send_cmd(s, &cmd);
841 }
842
843 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
844 {
845 struct rfcomm_hdr *hdr;
846 struct rfcomm_mcc *mcc;
847 u8 buf[16], *ptr = buf;
848
849 BT_DBG("%p cr %d type %d", s, cr, type);
850
851 hdr = (void *) ptr; ptr += sizeof(*hdr);
852 hdr->addr = __addr(s->initiator, 0);
853 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
854 hdr->len = __len8(sizeof(*mcc) + 1);
855
856 mcc = (void *) ptr; ptr += sizeof(*mcc);
857 mcc->type = __mcc_type(cr, RFCOMM_NSC);
858 mcc->len = __len8(1);
859
860 /* Type that we didn't like */
861 *ptr = __mcc_type(cr, type); ptr++;
862
863 *ptr = __fcs(buf); ptr++;
864
865 return rfcomm_send_frame(s, buf, ptr - buf);
866 }
867
868 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
869 {
870 struct rfcomm_hdr *hdr;
871 struct rfcomm_mcc *mcc;
872 struct rfcomm_pn *pn;
873 u8 buf[16], *ptr = buf;
874
875 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
876
877 hdr = (void *) ptr; ptr += sizeof(*hdr);
878 hdr->addr = __addr(s->initiator, 0);
879 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
880 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
881
882 mcc = (void *) ptr; ptr += sizeof(*mcc);
883 mcc->type = __mcc_type(cr, RFCOMM_PN);
884 mcc->len = __len8(sizeof(*pn));
885
886 pn = (void *) ptr; ptr += sizeof(*pn);
887 pn->dlci = d->dlci;
888 pn->priority = d->priority;
889 pn->ack_timer = 0;
890 pn->max_retrans = 0;
891
892 if (s->cfc) {
893 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
894 pn->credits = RFCOMM_DEFAULT_CREDITS;
895 } else {
896 pn->flow_ctrl = 0;
897 pn->credits = 0;
898 }
899
900 if (cr && channel_mtu >= 0)
901 pn->mtu = cpu_to_le16(channel_mtu);
902 else
903 pn->mtu = cpu_to_le16(d->mtu);
904
905 *ptr = __fcs(buf); ptr++;
906
907 return rfcomm_send_frame(s, buf, ptr - buf);
908 }
909
910 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
911 u8 bit_rate, u8 data_bits, u8 stop_bits,
912 u8 parity, u8 flow_ctrl_settings,
913 u8 xon_char, u8 xoff_char, u16 param_mask)
914 {
915 struct rfcomm_hdr *hdr;
916 struct rfcomm_mcc *mcc;
917 struct rfcomm_rpn *rpn;
918 u8 buf[16], *ptr = buf;
919
920 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
921 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
922 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
923 flow_ctrl_settings, xon_char, xoff_char, param_mask);
924
925 hdr = (void *) ptr; ptr += sizeof(*hdr);
926 hdr->addr = __addr(s->initiator, 0);
927 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
928 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
929
930 mcc = (void *) ptr; ptr += sizeof(*mcc);
931 mcc->type = __mcc_type(cr, RFCOMM_RPN);
932 mcc->len = __len8(sizeof(*rpn));
933
934 rpn = (void *) ptr; ptr += sizeof(*rpn);
935 rpn->dlci = __addr(1, dlci);
936 rpn->bit_rate = bit_rate;
937 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
938 rpn->flow_ctrl = flow_ctrl_settings;
939 rpn->xon_char = xon_char;
940 rpn->xoff_char = xoff_char;
941 rpn->param_mask = cpu_to_le16(param_mask);
942
943 *ptr = __fcs(buf); ptr++;
944
945 return rfcomm_send_frame(s, buf, ptr - buf);
946 }
947
948 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
949 {
950 struct rfcomm_hdr *hdr;
951 struct rfcomm_mcc *mcc;
952 struct rfcomm_rls *rls;
953 u8 buf[16], *ptr = buf;
954
955 BT_DBG("%p cr %d status 0x%x", s, cr, status);
956
957 hdr = (void *) ptr; ptr += sizeof(*hdr);
958 hdr->addr = __addr(s->initiator, 0);
959 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
960 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
961
962 mcc = (void *) ptr; ptr += sizeof(*mcc);
963 mcc->type = __mcc_type(cr, RFCOMM_RLS);
964 mcc->len = __len8(sizeof(*rls));
965
966 rls = (void *) ptr; ptr += sizeof(*rls);
967 rls->dlci = __addr(1, dlci);
968 rls->status = status;
969
970 *ptr = __fcs(buf); ptr++;
971
972 return rfcomm_send_frame(s, buf, ptr - buf);
973 }
974
975 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
976 {
977 struct rfcomm_hdr *hdr;
978 struct rfcomm_mcc *mcc;
979 struct rfcomm_msc *msc;
980 u8 buf[16], *ptr = buf;
981
982 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
983
984 hdr = (void *) ptr; ptr += sizeof(*hdr);
985 hdr->addr = __addr(s->initiator, 0);
986 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
987 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
988
989 mcc = (void *) ptr; ptr += sizeof(*mcc);
990 mcc->type = __mcc_type(cr, RFCOMM_MSC);
991 mcc->len = __len8(sizeof(*msc));
992
993 msc = (void *) ptr; ptr += sizeof(*msc);
994 msc->dlci = __addr(1, dlci);
995 msc->v24_sig = v24_sig | 0x01;
996
997 *ptr = __fcs(buf); ptr++;
998
999 return rfcomm_send_frame(s, buf, ptr - buf);
1000 }
1001
1002 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
1003 {
1004 struct rfcomm_hdr *hdr;
1005 struct rfcomm_mcc *mcc;
1006 u8 buf[16], *ptr = buf;
1007
1008 BT_DBG("%p cr %d", s, cr);
1009
1010 hdr = (void *) ptr; ptr += sizeof(*hdr);
1011 hdr->addr = __addr(s->initiator, 0);
1012 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1013 hdr->len = __len8(sizeof(*mcc));
1014
1015 mcc = (void *) ptr; ptr += sizeof(*mcc);
1016 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1017 mcc->len = __len8(0);
1018
1019 *ptr = __fcs(buf); ptr++;
1020
1021 return rfcomm_send_frame(s, buf, ptr - buf);
1022 }
1023
1024 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1025 {
1026 struct rfcomm_hdr *hdr;
1027 struct rfcomm_mcc *mcc;
1028 u8 buf[16], *ptr = buf;
1029
1030 BT_DBG("%p cr %d", s, cr);
1031
1032 hdr = (void *) ptr; ptr += sizeof(*hdr);
1033 hdr->addr = __addr(s->initiator, 0);
1034 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1035 hdr->len = __len8(sizeof(*mcc));
1036
1037 mcc = (void *) ptr; ptr += sizeof(*mcc);
1038 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1039 mcc->len = __len8(0);
1040
1041 *ptr = __fcs(buf); ptr++;
1042
1043 return rfcomm_send_frame(s, buf, ptr - buf);
1044 }
1045
1046 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1047 {
1048 struct socket *sock = s->sock;
1049 struct kvec iv[3];
1050 struct msghdr msg;
1051 unsigned char hdr[5], crc[1];
1052
1053 if (len > 125)
1054 return -EINVAL;
1055
1056 BT_DBG("%p cr %d", s, cr);
1057
1058 hdr[0] = __addr(s->initiator, 0);
1059 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1060 hdr[2] = 0x01 | ((len + 2) << 1);
1061 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1062 hdr[4] = 0x01 | (len << 1);
1063
1064 crc[0] = __fcs(hdr);
1065
1066 iv[0].iov_base = hdr;
1067 iv[0].iov_len = 5;
1068 iv[1].iov_base = pattern;
1069 iv[1].iov_len = len;
1070 iv[2].iov_base = crc;
1071 iv[2].iov_len = 1;
1072
1073 memset(&msg, 0, sizeof(msg));
1074
1075 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1076 }
1077
1078 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1079 {
1080 struct rfcomm_hdr *hdr;
1081 u8 buf[16], *ptr = buf;
1082
1083 BT_DBG("%p addr %d credits %d", s, addr, credits);
1084
1085 hdr = (void *) ptr; ptr += sizeof(*hdr);
1086 hdr->addr = addr;
1087 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1088 hdr->len = __len8(0);
1089
1090 *ptr = credits; ptr++;
1091
1092 *ptr = __fcs(buf); ptr++;
1093
1094 return rfcomm_send_frame(s, buf, ptr - buf);
1095 }
1096
1097 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1098 {
1099 struct rfcomm_hdr *hdr;
1100 int len = skb->len;
1101 u8 *crc;
1102
1103 if (len > 127) {
1104 hdr = (void *) skb_push(skb, 4);
1105 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1106 } else {
1107 hdr = (void *) skb_push(skb, 3);
1108 hdr->len = __len8(len);
1109 }
1110 hdr->addr = addr;
1111 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1112
1113 crc = skb_put(skb, 1);
1114 *crc = __fcs((void *) hdr);
1115 }
1116
1117 /* ---- RFCOMM frame reception ---- */
1118 static struct rfcomm_session *rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1119 {
1120 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1121
1122 if (dlci) {
1123 /* Data channel */
1124 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1125 if (!d) {
1126 rfcomm_send_dm(s, dlci);
1127 return s;
1128 }
1129
1130 switch (d->state) {
1131 case BT_CONNECT:
1132 rfcomm_dlc_clear_timer(d);
1133
1134 rfcomm_dlc_lock(d);
1135 d->state = BT_CONNECTED;
1136 d->state_change(d, 0);
1137 rfcomm_dlc_unlock(d);
1138
1139 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1140 break;
1141
1142 case BT_DISCONN:
1143 d->state = BT_CLOSED;
1144 __rfcomm_dlc_close(d, 0);
1145
1146 if (list_empty(&s->dlcs)) {
1147 s->state = BT_DISCONN;
1148 rfcomm_send_disc(s, 0);
1149 rfcomm_session_clear_timer(s);
1150 }
1151
1152 break;
1153 }
1154 } else {
1155 /* Control channel */
1156 switch (s->state) {
1157 case BT_CONNECT:
1158 s->state = BT_CONNECTED;
1159 rfcomm_process_connect(s);
1160 break;
1161
1162 case BT_DISCONN:
1163 s = rfcomm_session_close(s, ECONNRESET);
1164 break;
1165 }
1166 }
1167 return s;
1168 }
1169
1170 static struct rfcomm_session *rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1171 {
1172 int err = 0;
1173
1174 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1175
1176 if (dlci) {
1177 /* Data DLC */
1178 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1179 if (d) {
1180 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1181 err = ECONNREFUSED;
1182 else
1183 err = ECONNRESET;
1184
1185 d->state = BT_CLOSED;
1186 __rfcomm_dlc_close(d, err);
1187 }
1188 } else {
1189 if (s->state == BT_CONNECT)
1190 err = ECONNREFUSED;
1191 else
1192 err = ECONNRESET;
1193
1194 s = rfcomm_session_close(s, err);
1195 }
1196 return s;
1197 }
1198
1199 static struct rfcomm_session *rfcomm_recv_disc(struct rfcomm_session *s,
1200 u8 dlci)
1201 {
1202 int err = 0;
1203
1204 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1205
1206 if (dlci) {
1207 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1208 if (d) {
1209 rfcomm_send_ua(s, dlci);
1210
1211 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1212 err = ECONNREFUSED;
1213 else
1214 err = ECONNRESET;
1215
1216 d->state = BT_CLOSED;
1217 __rfcomm_dlc_close(d, err);
1218 } else
1219 rfcomm_send_dm(s, dlci);
1220
1221 } else {
1222 rfcomm_send_ua(s, 0);
1223
1224 if (s->state == BT_CONNECT)
1225 err = ECONNREFUSED;
1226 else
1227 err = ECONNRESET;
1228
1229 s = rfcomm_session_close(s, err);
1230 }
1231 return s;
1232 }
1233
1234 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1235 {
1236 struct sock *sk = d->session->sock->sk;
1237 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1238
1239 BT_DBG("dlc %p", d);
1240
1241 rfcomm_send_ua(d->session, d->dlci);
1242
1243 rfcomm_dlc_clear_timer(d);
1244
1245 rfcomm_dlc_lock(d);
1246 d->state = BT_CONNECTED;
1247 d->state_change(d, 0);
1248 rfcomm_dlc_unlock(d);
1249
1250 if (d->role_switch)
1251 hci_conn_switch_role(conn->hcon, 0x00);
1252
1253 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1254 }
1255
1256 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1257 {
1258 if (rfcomm_check_security(d)) {
1259 if (d->defer_setup) {
1260 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1261 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1262
1263 rfcomm_dlc_lock(d);
1264 d->state = BT_CONNECT2;
1265 d->state_change(d, 0);
1266 rfcomm_dlc_unlock(d);
1267 } else
1268 rfcomm_dlc_accept(d);
1269 } else {
1270 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1271 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1272 }
1273 }
1274
1275 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1276 {
1277 struct rfcomm_dlc *d;
1278 u8 channel;
1279
1280 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1281
1282 if (!dlci) {
1283 rfcomm_send_ua(s, 0);
1284
1285 if (s->state == BT_OPEN) {
1286 s->state = BT_CONNECTED;
1287 rfcomm_process_connect(s);
1288 }
1289 return 0;
1290 }
1291
1292 /* Check if DLC exists */
1293 d = rfcomm_dlc_get(s, dlci);
1294 if (d) {
1295 if (d->state == BT_OPEN) {
1296 /* DLC was previously opened by PN request */
1297 rfcomm_check_accept(d);
1298 }
1299 return 0;
1300 }
1301
1302 /* Notify socket layer about incoming connection */
1303 channel = __srv_channel(dlci);
1304 if (rfcomm_connect_ind(s, channel, &d)) {
1305 d->dlci = dlci;
1306 d->addr = __addr(s->initiator, dlci);
1307 rfcomm_dlc_link(s, d);
1308
1309 rfcomm_check_accept(d);
1310 } else {
1311 rfcomm_send_dm(s, dlci);
1312 }
1313
1314 return 0;
1315 }
1316
1317 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1318 {
1319 struct rfcomm_session *s = d->session;
1320
1321 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1322 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1323
1324 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1325 pn->flow_ctrl == 0xe0) {
1326 d->cfc = RFCOMM_CFC_ENABLED;
1327 d->tx_credits = pn->credits;
1328 } else {
1329 d->cfc = RFCOMM_CFC_DISABLED;
1330 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1331 }
1332
1333 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1334 s->cfc = d->cfc;
1335
1336 d->priority = pn->priority;
1337
1338 d->mtu = __le16_to_cpu(pn->mtu);
1339
1340 if (cr && d->mtu > s->mtu)
1341 d->mtu = s->mtu;
1342
1343 return 0;
1344 }
1345
1346 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1347 {
1348 struct rfcomm_pn *pn = (void *) skb->data;
1349 struct rfcomm_dlc *d;
1350 u8 dlci = pn->dlci;
1351
1352 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1353
1354 if (!dlci)
1355 return 0;
1356
1357 d = rfcomm_dlc_get(s, dlci);
1358 if (d) {
1359 if (cr) {
1360 /* PN request */
1361 rfcomm_apply_pn(d, cr, pn);
1362 rfcomm_send_pn(s, 0, d);
1363 } else {
1364 /* PN response */
1365 switch (d->state) {
1366 case BT_CONFIG:
1367 rfcomm_apply_pn(d, cr, pn);
1368
1369 d->state = BT_CONNECT;
1370 rfcomm_send_sabm(s, d->dlci);
1371 break;
1372 }
1373 }
1374 } else {
1375 u8 channel = __srv_channel(dlci);
1376
1377 if (!cr)
1378 return 0;
1379
1380 /* PN request for non existing DLC.
1381 * Assume incoming connection. */
1382 if (rfcomm_connect_ind(s, channel, &d)) {
1383 d->dlci = dlci;
1384 d->addr = __addr(s->initiator, dlci);
1385 rfcomm_dlc_link(s, d);
1386
1387 rfcomm_apply_pn(d, cr, pn);
1388
1389 d->state = BT_OPEN;
1390 rfcomm_send_pn(s, 0, d);
1391 } else {
1392 rfcomm_send_dm(s, dlci);
1393 }
1394 }
1395 return 0;
1396 }
1397
1398 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1399 {
1400 struct rfcomm_rpn *rpn = (void *) skb->data;
1401 u8 dlci = __get_dlci(rpn->dlci);
1402
1403 u8 bit_rate = 0;
1404 u8 data_bits = 0;
1405 u8 stop_bits = 0;
1406 u8 parity = 0;
1407 u8 flow_ctrl = 0;
1408 u8 xon_char = 0;
1409 u8 xoff_char = 0;
1410 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1411
1412 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1413 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1414 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1415
1416 if (!cr)
1417 return 0;
1418
1419 if (len == 1) {
1420 /* This is a request, return default (according to ETSI TS 07.10) settings */
1421 bit_rate = RFCOMM_RPN_BR_9600;
1422 data_bits = RFCOMM_RPN_DATA_8;
1423 stop_bits = RFCOMM_RPN_STOP_1;
1424 parity = RFCOMM_RPN_PARITY_NONE;
1425 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1426 xon_char = RFCOMM_RPN_XON_CHAR;
1427 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1428 goto rpn_out;
1429 }
1430
1431 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1432 * no parity, no flow control lines, normal XON/XOFF chars */
1433
1434 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1435 bit_rate = rpn->bit_rate;
1436 if (bit_rate > RFCOMM_RPN_BR_230400) {
1437 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1438 bit_rate = RFCOMM_RPN_BR_9600;
1439 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1440 }
1441 }
1442
1443 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1444 data_bits = __get_rpn_data_bits(rpn->line_settings);
1445 if (data_bits != RFCOMM_RPN_DATA_8) {
1446 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1447 data_bits = RFCOMM_RPN_DATA_8;
1448 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1449 }
1450 }
1451
1452 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1453 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1454 if (stop_bits != RFCOMM_RPN_STOP_1) {
1455 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1456 stop_bits = RFCOMM_RPN_STOP_1;
1457 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1458 }
1459 }
1460
1461 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1462 parity = __get_rpn_parity(rpn->line_settings);
1463 if (parity != RFCOMM_RPN_PARITY_NONE) {
1464 BT_DBG("RPN parity mismatch 0x%x", parity);
1465 parity = RFCOMM_RPN_PARITY_NONE;
1466 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1467 }
1468 }
1469
1470 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1471 flow_ctrl = rpn->flow_ctrl;
1472 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1473 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1474 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1475 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1476 }
1477 }
1478
1479 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1480 xon_char = rpn->xon_char;
1481 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1482 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1483 xon_char = RFCOMM_RPN_XON_CHAR;
1484 rpn_mask ^= RFCOMM_RPN_PM_XON;
1485 }
1486 }
1487
1488 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1489 xoff_char = rpn->xoff_char;
1490 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1491 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1492 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1493 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1494 }
1495 }
1496
1497 rpn_out:
1498 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1499 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1500
1501 return 0;
1502 }
1503
1504 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1505 {
1506 struct rfcomm_rls *rls = (void *) skb->data;
1507 u8 dlci = __get_dlci(rls->dlci);
1508
1509 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1510
1511 if (!cr)
1512 return 0;
1513
1514 /* We should probably do something with this information here. But
1515 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1516 * mandatory to recognise and respond to RLS */
1517
1518 rfcomm_send_rls(s, 0, dlci, rls->status);
1519
1520 return 0;
1521 }
1522
1523 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1524 {
1525 struct rfcomm_msc *msc = (void *) skb->data;
1526 struct rfcomm_dlc *d;
1527 u8 dlci = __get_dlci(msc->dlci);
1528
1529 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1530
1531 d = rfcomm_dlc_get(s, dlci);
1532 if (!d)
1533 return 0;
1534
1535 if (cr) {
1536 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1537 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1538 else
1539 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1540
1541 rfcomm_dlc_lock(d);
1542
1543 d->remote_v24_sig = msc->v24_sig;
1544
1545 if (d->modem_status)
1546 d->modem_status(d, msc->v24_sig);
1547
1548 rfcomm_dlc_unlock(d);
1549
1550 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1551
1552 d->mscex |= RFCOMM_MSCEX_RX;
1553 } else
1554 d->mscex |= RFCOMM_MSCEX_TX;
1555
1556 return 0;
1557 }
1558
1559 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1560 {
1561 struct rfcomm_mcc *mcc = (void *) skb->data;
1562 u8 type, cr, len;
1563
1564 cr = __test_cr(mcc->type);
1565 type = __get_mcc_type(mcc->type);
1566 len = __get_mcc_len(mcc->len);
1567
1568 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1569
1570 skb_pull(skb, 2);
1571
1572 switch (type) {
1573 case RFCOMM_PN:
1574 rfcomm_recv_pn(s, cr, skb);
1575 break;
1576
1577 case RFCOMM_RPN:
1578 rfcomm_recv_rpn(s, cr, len, skb);
1579 break;
1580
1581 case RFCOMM_RLS:
1582 rfcomm_recv_rls(s, cr, skb);
1583 break;
1584
1585 case RFCOMM_MSC:
1586 rfcomm_recv_msc(s, cr, skb);
1587 break;
1588
1589 case RFCOMM_FCOFF:
1590 if (cr) {
1591 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1592 rfcomm_send_fcoff(s, 0);
1593 }
1594 break;
1595
1596 case RFCOMM_FCON:
1597 if (cr) {
1598 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1599 rfcomm_send_fcon(s, 0);
1600 }
1601 break;
1602
1603 case RFCOMM_TEST:
1604 if (cr)
1605 rfcomm_send_test(s, 0, skb->data, skb->len);
1606 break;
1607
1608 case RFCOMM_NSC:
1609 break;
1610
1611 default:
1612 BT_ERR("Unknown control type 0x%02x", type);
1613 rfcomm_send_nsc(s, cr, type);
1614 break;
1615 }
1616 return 0;
1617 }
1618
1619 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1620 {
1621 struct rfcomm_dlc *d;
1622
1623 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1624
1625 d = rfcomm_dlc_get(s, dlci);
1626 if (!d) {
1627 rfcomm_send_dm(s, dlci);
1628 goto drop;
1629 }
1630
1631 if (pf && d->cfc) {
1632 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1633
1634 d->tx_credits += credits;
1635 if (d->tx_credits)
1636 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1637 }
1638
1639 if (skb->len && d->state == BT_CONNECTED) {
1640 rfcomm_dlc_lock(d);
1641 d->rx_credits--;
1642 d->data_ready(d, skb);
1643 rfcomm_dlc_unlock(d);
1644 return 0;
1645 }
1646
1647 drop:
1648 kfree_skb(skb);
1649 return 0;
1650 }
1651
1652 static struct rfcomm_session *rfcomm_recv_frame(struct rfcomm_session *s,
1653 struct sk_buff *skb)
1654 {
1655 struct rfcomm_hdr *hdr = (void *) skb->data;
1656 u8 type, dlci, fcs;
1657
1658 if (!s) {
1659 /* no session, so free socket data */
1660 kfree_skb(skb);
1661 return s;
1662 }
1663
1664 dlci = __get_dlci(hdr->addr);
1665 type = __get_type(hdr->ctrl);
1666
1667 /* Trim FCS */
1668 skb->len--; skb->tail--;
1669 fcs = *(u8 *)skb_tail_pointer(skb);
1670
1671 if (__check_fcs(skb->data, type, fcs)) {
1672 BT_ERR("bad checksum in packet");
1673 kfree_skb(skb);
1674 return s;
1675 }
1676
1677 if (__test_ea(hdr->len))
1678 skb_pull(skb, 3);
1679 else
1680 skb_pull(skb, 4);
1681
1682 switch (type) {
1683 case RFCOMM_SABM:
1684 if (__test_pf(hdr->ctrl))
1685 rfcomm_recv_sabm(s, dlci);
1686 break;
1687
1688 case RFCOMM_DISC:
1689 if (__test_pf(hdr->ctrl))
1690 s = rfcomm_recv_disc(s, dlci);
1691 break;
1692
1693 case RFCOMM_UA:
1694 if (__test_pf(hdr->ctrl))
1695 s = rfcomm_recv_ua(s, dlci);
1696 break;
1697
1698 case RFCOMM_DM:
1699 s = rfcomm_recv_dm(s, dlci);
1700 break;
1701
1702 case RFCOMM_UIH:
1703 if (dlci) {
1704 rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1705 return s;
1706 }
1707 rfcomm_recv_mcc(s, skb);
1708 break;
1709
1710 default:
1711 BT_ERR("Unknown packet type 0x%02x", type);
1712 break;
1713 }
1714 kfree_skb(skb);
1715 return s;
1716 }
1717
1718 /* ---- Connection and data processing ---- */
1719
1720 static void rfcomm_process_connect(struct rfcomm_session *s)
1721 {
1722 struct rfcomm_dlc *d;
1723 struct list_head *p, *n;
1724
1725 BT_DBG("session %p state %ld", s, s->state);
1726
1727 list_for_each_safe(p, n, &s->dlcs) {
1728 d = list_entry(p, struct rfcomm_dlc, list);
1729 if (d->state == BT_CONFIG) {
1730 d->mtu = s->mtu;
1731 if (rfcomm_check_security(d)) {
1732 rfcomm_send_pn(s, 1, d);
1733 } else {
1734 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1735 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1736 }
1737 }
1738 }
1739 }
1740
1741 /* Send data queued for the DLC.
1742 * Return number of frames left in the queue.
1743 */
1744 static int rfcomm_process_tx(struct rfcomm_dlc *d)
1745 {
1746 struct sk_buff *skb;
1747 int err;
1748
1749 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1750 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1751
1752 /* Send pending MSC */
1753 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1754 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1755
1756 if (d->cfc) {
1757 /* CFC enabled.
1758 * Give them some credits */
1759 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1760 d->rx_credits <= (d->cfc >> 2)) {
1761 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1762 d->rx_credits = d->cfc;
1763 }
1764 } else {
1765 /* CFC disabled.
1766 * Give ourselves some credits */
1767 d->tx_credits = 5;
1768 }
1769
1770 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1771 return skb_queue_len(&d->tx_queue);
1772
1773 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1774 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1775 if (err < 0) {
1776 skb_queue_head(&d->tx_queue, skb);
1777 break;
1778 }
1779 kfree_skb(skb);
1780 d->tx_credits--;
1781 }
1782
1783 if (d->cfc && !d->tx_credits) {
1784 /* We're out of TX credits.
1785 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1786 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1787 }
1788
1789 return skb_queue_len(&d->tx_queue);
1790 }
1791
1792 static void rfcomm_process_dlcs(struct rfcomm_session *s)
1793 {
1794 struct rfcomm_dlc *d;
1795 struct list_head *p, *n;
1796
1797 BT_DBG("session %p state %ld", s, s->state);
1798
1799 list_for_each_safe(p, n, &s->dlcs) {
1800 d = list_entry(p, struct rfcomm_dlc, list);
1801
1802 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1803 __rfcomm_dlc_close(d, ETIMEDOUT);
1804 continue;
1805 }
1806
1807 if (test_bit(RFCOMM_ENC_DROP, &d->flags)) {
1808 __rfcomm_dlc_close(d, ECONNREFUSED);
1809 continue;
1810 }
1811
1812 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1813 rfcomm_dlc_clear_timer(d);
1814 if (d->out) {
1815 rfcomm_send_pn(s, 1, d);
1816 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1817 } else {
1818 if (d->defer_setup) {
1819 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1820 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1821
1822 rfcomm_dlc_lock(d);
1823 d->state = BT_CONNECT2;
1824 d->state_change(d, 0);
1825 rfcomm_dlc_unlock(d);
1826 } else
1827 rfcomm_dlc_accept(d);
1828 }
1829 continue;
1830 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1831 rfcomm_dlc_clear_timer(d);
1832 if (!d->out)
1833 rfcomm_send_dm(s, d->dlci);
1834 else
1835 d->state = BT_CLOSED;
1836 __rfcomm_dlc_close(d, ECONNREFUSED);
1837 continue;
1838 }
1839
1840 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1841 continue;
1842
1843 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1844 continue;
1845
1846 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1847 d->mscex == RFCOMM_MSCEX_OK)
1848 rfcomm_process_tx(d);
1849 }
1850 }
1851
1852 static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s)
1853 {
1854 struct socket *sock = s->sock;
1855 struct sock *sk = sock->sk;
1856 struct sk_buff *skb;
1857
1858 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1859
1860 /* Get data directly from socket receive queue without copying it. */
1861 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1862 skb_orphan(skb);
1863 if (!skb_linearize(skb))
1864 s = rfcomm_recv_frame(s, skb);
1865 else
1866 kfree_skb(skb);
1867 }
1868
1869 if (s && (sk->sk_state == BT_CLOSED))
1870 s = rfcomm_session_close(s, sk->sk_err);
1871
1872 return s;
1873 }
1874
1875 static void rfcomm_accept_connection(struct rfcomm_session *s)
1876 {
1877 struct socket *sock = s->sock, *nsock;
1878 int err;
1879
1880 /* Fast check for a new connection.
1881 * Avoids unnesesary socket allocations. */
1882 if (list_empty(&bt_sk(sock->sk)->accept_q))
1883 return;
1884
1885 BT_DBG("session %p", s);
1886
1887 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1888 if (err < 0)
1889 return;
1890
1891 /* Set our callbacks */
1892 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1893 nsock->sk->sk_state_change = rfcomm_l2state_change;
1894
1895 s = rfcomm_session_add(nsock, BT_OPEN);
1896 if (s) {
1897 /* We should adjust MTU on incoming sessions.
1898 * L2CAP MTU minus UIH header and FCS. */
1899 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1900 l2cap_pi(nsock->sk)->chan->imtu) - 5;
1901
1902 rfcomm_schedule();
1903 } else
1904 sock_release(nsock);
1905 }
1906
1907 static struct rfcomm_session *rfcomm_check_connection(struct rfcomm_session *s)
1908 {
1909 struct sock *sk = s->sock->sk;
1910
1911 BT_DBG("%p state %ld", s, s->state);
1912
1913 switch (sk->sk_state) {
1914 case BT_CONNECTED:
1915 s->state = BT_CONNECT;
1916
1917 /* We can adjust MTU on outgoing sessions.
1918 * L2CAP MTU minus UIH header and FCS. */
1919 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
1920
1921 rfcomm_send_sabm(s, 0);
1922 break;
1923
1924 case BT_CLOSED:
1925 s = rfcomm_session_close(s, sk->sk_err);
1926 break;
1927 }
1928 return s;
1929 }
1930
1931 static void rfcomm_process_sessions(void)
1932 {
1933 struct list_head *p, *n;
1934
1935 rfcomm_lock();
1936
1937 list_for_each_safe(p, n, &session_list) {
1938 struct rfcomm_session *s;
1939 s = list_entry(p, struct rfcomm_session, list);
1940
1941 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1942 s->state = BT_DISCONN;
1943 rfcomm_send_disc(s, 0);
1944 continue;
1945 }
1946
1947 if (s->state == BT_LISTEN) {
1948 rfcomm_accept_connection(s);
1949 continue;
1950 }
1951
1952 switch (s->state) {
1953 case BT_BOUND:
1954 s = rfcomm_check_connection(s);
1955 break;
1956
1957 default:
1958 s = rfcomm_process_rx(s);
1959 break;
1960 }
1961
1962 if (s)
1963 rfcomm_process_dlcs(s);
1964 }
1965
1966 rfcomm_unlock();
1967 }
1968
1969 static int rfcomm_add_listener(bdaddr_t *ba)
1970 {
1971 struct sockaddr_l2 addr;
1972 struct socket *sock;
1973 struct sock *sk;
1974 struct rfcomm_session *s;
1975 int err = 0;
1976
1977 /* Create socket */
1978 err = rfcomm_l2sock_create(&sock);
1979 if (err < 0) {
1980 BT_ERR("Create socket failed %d", err);
1981 return err;
1982 }
1983
1984 /* Bind socket */
1985 bacpy(&addr.l2_bdaddr, ba);
1986 addr.l2_family = AF_BLUETOOTH;
1987 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
1988 addr.l2_cid = 0;
1989 addr.l2_bdaddr_type = BDADDR_BREDR;
1990 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1991 if (err < 0) {
1992 BT_ERR("Bind failed %d", err);
1993 goto failed;
1994 }
1995
1996 /* Set L2CAP options */
1997 sk = sock->sk;
1998 lock_sock(sk);
1999 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
2000 release_sock(sk);
2001
2002 /* Start listening on the socket */
2003 err = kernel_listen(sock, 10);
2004 if (err) {
2005 BT_ERR("Listen failed %d", err);
2006 goto failed;
2007 }
2008
2009 /* Add listening session */
2010 s = rfcomm_session_add(sock, BT_LISTEN);
2011 if (!s) {
2012 err = -ENOMEM;
2013 goto failed;
2014 }
2015
2016 return 0;
2017 failed:
2018 sock_release(sock);
2019 return err;
2020 }
2021
2022 static void rfcomm_kill_listener(void)
2023 {
2024 struct rfcomm_session *s;
2025 struct list_head *p, *n;
2026
2027 BT_DBG("");
2028
2029 list_for_each_safe(p, n, &session_list) {
2030 s = list_entry(p, struct rfcomm_session, list);
2031 rfcomm_session_del(s);
2032 }
2033 }
2034
2035 static int rfcomm_run(void *unused)
2036 {
2037 BT_DBG("");
2038
2039 set_user_nice(current, -10);
2040
2041 rfcomm_add_listener(BDADDR_ANY);
2042
2043 while (1) {
2044 set_current_state(TASK_INTERRUPTIBLE);
2045
2046 if (kthread_should_stop())
2047 break;
2048
2049 /* Process stuff */
2050 rfcomm_process_sessions();
2051
2052 schedule();
2053 }
2054 __set_current_state(TASK_RUNNING);
2055
2056 rfcomm_kill_listener();
2057
2058 return 0;
2059 }
2060
2061 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2062 {
2063 struct rfcomm_session *s;
2064 struct rfcomm_dlc *d;
2065 struct list_head *p, *n;
2066
2067 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2068
2069 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2070 if (!s)
2071 return;
2072
2073 list_for_each_safe(p, n, &s->dlcs) {
2074 d = list_entry(p, struct rfcomm_dlc, list);
2075
2076 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2077 rfcomm_dlc_clear_timer(d);
2078 if (status || encrypt == 0x00) {
2079 set_bit(RFCOMM_ENC_DROP, &d->flags);
2080 continue;
2081 }
2082 }
2083
2084 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2085 if (d->sec_level == BT_SECURITY_MEDIUM) {
2086 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2087 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2088 continue;
2089 } else if (d->sec_level == BT_SECURITY_HIGH ||
2090 d->sec_level == BT_SECURITY_FIPS) {
2091 set_bit(RFCOMM_ENC_DROP, &d->flags);
2092 continue;
2093 }
2094 }
2095
2096 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2097 continue;
2098
2099 if (!status && hci_conn_check_secure(conn, d->sec_level))
2100 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2101 else
2102 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2103 }
2104
2105 rfcomm_schedule();
2106 }
2107
2108 static struct hci_cb rfcomm_cb = {
2109 .name = "RFCOMM",
2110 .security_cfm = rfcomm_security_cfm
2111 };
2112
2113 static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2114 {
2115 struct rfcomm_session *s;
2116
2117 rfcomm_lock();
2118
2119 list_for_each_entry(s, &session_list, list) {
2120 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
2121 struct rfcomm_dlc *d;
2122 list_for_each_entry(d, &s->dlcs, list) {
2123 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n",
2124 &chan->src, &chan->dst,
2125 d->state, d->dlci, d->mtu,
2126 d->rx_credits, d->tx_credits);
2127 }
2128 }
2129
2130 rfcomm_unlock();
2131
2132 return 0;
2133 }
2134
2135 static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file)
2136 {
2137 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private);
2138 }
2139
2140 static const struct file_operations rfcomm_dlc_debugfs_fops = {
2141 .open = rfcomm_dlc_debugfs_open,
2142 .read = seq_read,
2143 .llseek = seq_lseek,
2144 .release = single_release,
2145 };
2146
2147 static struct dentry *rfcomm_dlc_debugfs;
2148
2149 /* ---- Initialization ---- */
2150 static int __init rfcomm_init(void)
2151 {
2152 int err;
2153
2154 hci_register_cb(&rfcomm_cb);
2155
2156 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2157 if (IS_ERR(rfcomm_thread)) {
2158 err = PTR_ERR(rfcomm_thread);
2159 goto unregister;
2160 }
2161
2162 err = rfcomm_init_ttys();
2163 if (err < 0)
2164 goto stop;
2165
2166 err = rfcomm_init_sockets();
2167 if (err < 0)
2168 goto cleanup;
2169
2170 BT_INFO("RFCOMM ver %s", VERSION);
2171
2172 if (IS_ERR_OR_NULL(bt_debugfs))
2173 return 0;
2174
2175 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2176 bt_debugfs, NULL,
2177 &rfcomm_dlc_debugfs_fops);
2178
2179 return 0;
2180
2181 cleanup:
2182 rfcomm_cleanup_ttys();
2183
2184 stop:
2185 kthread_stop(rfcomm_thread);
2186
2187 unregister:
2188 hci_unregister_cb(&rfcomm_cb);
2189
2190 return err;
2191 }
2192
2193 static void __exit rfcomm_exit(void)
2194 {
2195 debugfs_remove(rfcomm_dlc_debugfs);
2196
2197 hci_unregister_cb(&rfcomm_cb);
2198
2199 kthread_stop(rfcomm_thread);
2200
2201 rfcomm_cleanup_ttys();
2202
2203 rfcomm_cleanup_sockets();
2204 }
2205
2206 module_init(rfcomm_init);
2207 module_exit(rfcomm_exit);
2208
2209 module_param(disable_cfc, bool, 0644);
2210 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2211
2212 module_param(channel_mtu, int, 0644);
2213 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2214
2215 module_param(l2cap_mtu, uint, 0644);
2216 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2217
2218 module_param(l2cap_ertm, bool, 0644);
2219 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2220
2221 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2222 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2223 MODULE_VERSION(VERSION);
2224 MODULE_LICENSE("GPL");
2225 MODULE_ALIAS("bt-proto-3");
John Crispins staging tree