1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * Bluetooth RFCOMM core. 26 */ 27 28 #include <linux/module.h> 29 #include <linux/errno.h> 30 #include <linux/kernel.h> 31 #include <linux/sched.h> 32 #include <linux/signal.h> 33 #include <linux/init.h> 34 #include <linux/wait.h> 35 #include <linux/device.h> 36 #include <linux/net.h> 37 #include <linux/mutex.h> 38 #include <linux/kthread.h> 39 40 #include <net/sock.h> 41 #include <asm/uaccess.h> 42 #include <asm/unaligned.h> 43 44 #include <net/bluetooth/bluetooth.h> 45 #include <net/bluetooth/hci_core.h> 46 #include <net/bluetooth/l2cap.h> 47 #include <net/bluetooth/rfcomm.h> 48 49 #define VERSION "1.11" 50 51 static int disable_cfc = 0; 52 static int channel_mtu = -1; 53 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU; 54 55 static struct task_struct *rfcomm_thread; 56 57 static DEFINE_MUTEX(rfcomm_mutex); 58 #define rfcomm_lock() mutex_lock(&rfcomm_mutex) 59 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex) 60 61 static unsigned long rfcomm_event; 62 63 static LIST_HEAD(session_list); 64 65 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len); 66 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci); 67 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci); 68 static int rfcomm_queue_disc(struct rfcomm_dlc *d); 69 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type); 70 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d); 71 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig); 72 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len); 73 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits); 74 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr); 75 76 static void rfcomm_process_connect(struct rfcomm_session *s); 77 78 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err); 79 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst); 80 static void rfcomm_session_del(struct rfcomm_session *s); 81 82 /* ---- RFCOMM frame parsing macros ---- */ 83 #define __get_dlci(b) ((b & 0xfc) >> 2) 84 #define __get_channel(b) ((b & 0xf8) >> 3) 85 #define __get_dir(b) ((b & 0x04) >> 2) 86 #define __get_type(b) ((b & 0xef)) 87 88 #define __test_ea(b) ((b & 0x01)) 89 #define __test_cr(b) ((b & 0x02)) 90 #define __test_pf(b) ((b & 0x10)) 91 92 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01) 93 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4))) 94 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir) 95 #define __srv_channel(dlci) (dlci >> 1) 96 #define __dir(dlci) (dlci & 0x01) 97 98 #define __len8(len) (((len) << 1) | 1) 99 #define __len16(len) ((len) << 1) 100 101 /* MCC macros */ 102 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01)) 103 #define __get_mcc_type(b) ((b & 0xfc) >> 2) 104 #define __get_mcc_len(b) ((b & 0xfe) >> 1) 105 106 /* RPN macros */ 107 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3)) 108 #define __get_rpn_data_bits(line) ((line) & 0x3) 109 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1) 110 #define __get_rpn_parity(line) (((line) >> 3) & 0x7) 111 112 static inline void rfcomm_schedule(uint event) 113 { 114 if (!rfcomm_thread) 115 return; 116 //set_bit(event, &rfcomm_event); 117 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 118 wake_up_process(rfcomm_thread); 119 } 120 121 static inline void rfcomm_session_put(struct rfcomm_session *s) 122 { 123 if (atomic_dec_and_test(&s->refcnt)) 124 rfcomm_session_del(s); 125 } 126 127 /* ---- RFCOMM FCS computation ---- */ 128 129 /* reversed, 8-bit, poly=0x07 */ 130 static unsigned char rfcomm_crc_table[256] = { 131 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75, 132 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b, 133 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69, 134 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67, 135 136 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d, 137 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43, 138 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51, 139 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f, 140 141 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05, 142 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b, 143 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19, 144 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17, 145 146 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d, 147 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33, 148 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21, 149 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f, 150 151 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95, 152 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b, 153 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89, 154 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87, 155 156 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad, 157 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3, 158 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1, 159 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf, 160 161 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5, 162 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb, 163 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9, 164 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7, 165 166 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd, 167 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3, 168 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1, 169 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf 170 }; 171 172 /* CRC on 2 bytes */ 173 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]]) 174 175 /* FCS on 2 bytes */ 176 static inline u8 __fcs(u8 *data) 177 { 178 return (0xff - __crc(data)); 179 } 180 181 /* FCS on 3 bytes */ 182 static inline u8 __fcs2(u8 *data) 183 { 184 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]); 185 } 186 187 /* Check FCS */ 188 static inline int __check_fcs(u8 *data, int type, u8 fcs) 189 { 190 u8 f = __crc(data); 191 192 if (type != RFCOMM_UIH) 193 f = rfcomm_crc_table[f ^ data[2]]; 194 195 return rfcomm_crc_table[f ^ fcs] != 0xcf; 196 } 197 198 /* ---- L2CAP callbacks ---- */ 199 static void rfcomm_l2state_change(struct sock *sk) 200 { 201 BT_DBG("%p state %d", sk, sk->sk_state); 202 rfcomm_schedule(RFCOMM_SCHED_STATE); 203 } 204 205 static void rfcomm_l2data_ready(struct sock *sk, int bytes) 206 { 207 BT_DBG("%p bytes %d", sk, bytes); 208 rfcomm_schedule(RFCOMM_SCHED_RX); 209 } 210 211 static int rfcomm_l2sock_create(struct socket **sock) 212 { 213 int err; 214 215 BT_DBG(""); 216 217 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock); 218 if (!err) { 219 struct sock *sk = (*sock)->sk; 220 sk->sk_data_ready = rfcomm_l2data_ready; 221 sk->sk_state_change = rfcomm_l2state_change; 222 } 223 return err; 224 } 225 226 static inline int rfcomm_check_security(struct rfcomm_dlc *d) 227 { 228 struct sock *sk = d->session->sock->sk; 229 __u8 auth_type; 230 231 switch (d->sec_level) { 232 case BT_SECURITY_HIGH: 233 auth_type = HCI_AT_GENERAL_BONDING_MITM; 234 break; 235 case BT_SECURITY_MEDIUM: 236 auth_type = HCI_AT_GENERAL_BONDING; 237 break; 238 default: 239 auth_type = HCI_AT_NO_BONDING; 240 break; 241 } 242 243 return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level, 244 auth_type); 245 } 246 247 /* ---- RFCOMM DLCs ---- */ 248 static void rfcomm_dlc_timeout(unsigned long arg) 249 { 250 struct rfcomm_dlc *d = (void *) arg; 251 252 BT_DBG("dlc %p state %ld", d, d->state); 253 254 set_bit(RFCOMM_TIMED_OUT, &d->flags); 255 rfcomm_dlc_put(d); 256 rfcomm_schedule(RFCOMM_SCHED_TIMEO); 257 } 258 259 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout) 260 { 261 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout); 262 263 if (!mod_timer(&d->timer, jiffies + timeout)) 264 rfcomm_dlc_hold(d); 265 } 266 267 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d) 268 { 269 BT_DBG("dlc %p state %ld", d, d->state); 270 271 if (timer_pending(&d->timer) && del_timer(&d->timer)) 272 rfcomm_dlc_put(d); 273 } 274 275 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d) 276 { 277 BT_DBG("%p", d); 278 279 d->state = BT_OPEN; 280 d->flags = 0; 281 d->mscex = 0; 282 d->mtu = RFCOMM_DEFAULT_MTU; 283 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV; 284 285 d->cfc = RFCOMM_CFC_DISABLED; 286 d->rx_credits = RFCOMM_DEFAULT_CREDITS; 287 } 288 289 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio) 290 { 291 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio); 292 293 if (!d) 294 return NULL; 295 296 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d); 297 298 skb_queue_head_init(&d->tx_queue); 299 spin_lock_init(&d->lock); 300 atomic_set(&d->refcnt, 1); 301 302 rfcomm_dlc_clear_state(d); 303 304 BT_DBG("%p", d); 305 306 return d; 307 } 308 309 void rfcomm_dlc_free(struct rfcomm_dlc *d) 310 { 311 BT_DBG("%p", d); 312 313 skb_queue_purge(&d->tx_queue); 314 kfree(d); 315 } 316 317 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d) 318 { 319 BT_DBG("dlc %p session %p", d, s); 320 321 rfcomm_session_hold(s); 322 323 rfcomm_dlc_hold(d); 324 list_add(&d->list, &s->dlcs); 325 d->session = s; 326 } 327 328 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d) 329 { 330 struct rfcomm_session *s = d->session; 331 332 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s); 333 334 list_del(&d->list); 335 d->session = NULL; 336 rfcomm_dlc_put(d); 337 338 rfcomm_session_put(s); 339 } 340 341 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci) 342 { 343 struct rfcomm_dlc *d; 344 struct list_head *p; 345 346 list_for_each(p, &s->dlcs) { 347 d = list_entry(p, struct rfcomm_dlc, list); 348 if (d->dlci == dlci) 349 return d; 350 } 351 return NULL; 352 } 353 354 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 355 { 356 struct rfcomm_session *s; 357 int err = 0; 358 u8 dlci; 359 360 BT_DBG("dlc %p state %ld %s %s channel %d", 361 d, d->state, batostr(src), batostr(dst), channel); 362 363 if (channel < 1 || channel > 30) 364 return -EINVAL; 365 366 if (d->state != BT_OPEN && d->state != BT_CLOSED) 367 return 0; 368 369 s = rfcomm_session_get(src, dst); 370 if (!s) { 371 s = rfcomm_session_create(src, dst, &err); 372 if (!s) 373 return err; 374 } 375 376 dlci = __dlci(!s->initiator, channel); 377 378 /* Check if DLCI already exists */ 379 if (rfcomm_dlc_get(s, dlci)) 380 return -EBUSY; 381 382 rfcomm_dlc_clear_state(d); 383 384 d->dlci = dlci; 385 d->addr = __addr(s->initiator, dlci); 386 d->priority = 7; 387 388 d->state = BT_CONFIG; 389 rfcomm_dlc_link(s, d); 390 391 d->out = 1; 392 393 d->mtu = s->mtu; 394 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc; 395 396 if (s->state == BT_CONNECTED) { 397 if (rfcomm_check_security(d)) 398 rfcomm_send_pn(s, 1, d); 399 else 400 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 401 } 402 403 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 404 405 return 0; 406 } 407 408 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 409 { 410 int r; 411 412 rfcomm_lock(); 413 414 r = __rfcomm_dlc_open(d, src, dst, channel); 415 416 rfcomm_unlock(); 417 return r; 418 } 419 420 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 421 { 422 struct rfcomm_session *s = d->session; 423 if (!s) 424 return 0; 425 426 BT_DBG("dlc %p state %ld dlci %d err %d session %p", 427 d, d->state, d->dlci, err, s); 428 429 switch (d->state) { 430 case BT_CONNECT: 431 case BT_CONFIG: 432 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 433 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 434 rfcomm_schedule(RFCOMM_SCHED_AUTH); 435 break; 436 } 437 /* Fall through */ 438 439 case BT_CONNECTED: 440 d->state = BT_DISCONN; 441 if (skb_queue_empty(&d->tx_queue)) { 442 rfcomm_send_disc(s, d->dlci); 443 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT); 444 } else { 445 rfcomm_queue_disc(d); 446 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2); 447 } 448 break; 449 450 case BT_OPEN: 451 case BT_CONNECT2: 452 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 453 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 454 rfcomm_schedule(RFCOMM_SCHED_AUTH); 455 break; 456 } 457 /* Fall through */ 458 459 default: 460 rfcomm_dlc_clear_timer(d); 461 462 rfcomm_dlc_lock(d); 463 d->state = BT_CLOSED; 464 d->state_change(d, err); 465 rfcomm_dlc_unlock(d); 466 467 skb_queue_purge(&d->tx_queue); 468 rfcomm_dlc_unlink(d); 469 } 470 471 return 0; 472 } 473 474 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 475 { 476 int r; 477 478 rfcomm_lock(); 479 480 r = __rfcomm_dlc_close(d, err); 481 482 rfcomm_unlock(); 483 return r; 484 } 485 486 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb) 487 { 488 int len = skb->len; 489 490 if (d->state != BT_CONNECTED) 491 return -ENOTCONN; 492 493 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len); 494 495 if (len > d->mtu) 496 return -EINVAL; 497 498 rfcomm_make_uih(skb, d->addr); 499 skb_queue_tail(&d->tx_queue, skb); 500 501 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 502 rfcomm_schedule(RFCOMM_SCHED_TX); 503 return len; 504 } 505 506 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d) 507 { 508 BT_DBG("dlc %p state %ld", d, d->state); 509 510 if (!d->cfc) { 511 d->v24_sig |= RFCOMM_V24_FC; 512 set_bit(RFCOMM_MSC_PENDING, &d->flags); 513 } 514 rfcomm_schedule(RFCOMM_SCHED_TX); 515 } 516 517 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d) 518 { 519 BT_DBG("dlc %p state %ld", d, d->state); 520 521 if (!d->cfc) { 522 d->v24_sig &= ~RFCOMM_V24_FC; 523 set_bit(RFCOMM_MSC_PENDING, &d->flags); 524 } 525 rfcomm_schedule(RFCOMM_SCHED_TX); 526 } 527 528 /* 529 Set/get modem status functions use _local_ status i.e. what we report 530 to the other side. 531 Remote status is provided by dlc->modem_status() callback. 532 */ 533 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig) 534 { 535 BT_DBG("dlc %p state %ld v24_sig 0x%x", 536 d, d->state, v24_sig); 537 538 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags)) 539 v24_sig |= RFCOMM_V24_FC; 540 else 541 v24_sig &= ~RFCOMM_V24_FC; 542 543 d->v24_sig = v24_sig; 544 545 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags)) 546 rfcomm_schedule(RFCOMM_SCHED_TX); 547 548 return 0; 549 } 550 551 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig) 552 { 553 BT_DBG("dlc %p state %ld v24_sig 0x%x", 554 d, d->state, d->v24_sig); 555 556 *v24_sig = d->v24_sig; 557 return 0; 558 } 559 560 /* ---- RFCOMM sessions ---- */ 561 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state) 562 { 563 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL); 564 565 if (!s) 566 return NULL; 567 568 BT_DBG("session %p sock %p", s, sock); 569 570 INIT_LIST_HEAD(&s->dlcs); 571 s->state = state; 572 s->sock = sock; 573 574 s->mtu = RFCOMM_DEFAULT_MTU; 575 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN; 576 577 /* Do not increment module usage count for listening sessions. 578 * Otherwise we won't be able to unload the module. */ 579 if (state != BT_LISTEN) 580 if (!try_module_get(THIS_MODULE)) { 581 kfree(s); 582 return NULL; 583 } 584 585 list_add(&s->list, &session_list); 586 587 return s; 588 } 589 590 static void rfcomm_session_del(struct rfcomm_session *s) 591 { 592 int state = s->state; 593 594 BT_DBG("session %p state %ld", s, s->state); 595 596 list_del(&s->list); 597 598 if (state == BT_CONNECTED) 599 rfcomm_send_disc(s, 0); 600 601 sock_release(s->sock); 602 kfree(s); 603 604 if (state != BT_LISTEN) 605 module_put(THIS_MODULE); 606 } 607 608 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst) 609 { 610 struct rfcomm_session *s; 611 struct list_head *p, *n; 612 struct bt_sock *sk; 613 list_for_each_safe(p, n, &session_list) { 614 s = list_entry(p, struct rfcomm_session, list); 615 sk = bt_sk(s->sock->sk); 616 617 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) && 618 !bacmp(&sk->dst, dst)) 619 return s; 620 } 621 return NULL; 622 } 623 624 static void rfcomm_session_close(struct rfcomm_session *s, int err) 625 { 626 struct rfcomm_dlc *d; 627 struct list_head *p, *n; 628 629 BT_DBG("session %p state %ld err %d", s, s->state, err); 630 631 rfcomm_session_hold(s); 632 633 s->state = BT_CLOSED; 634 635 /* Close all dlcs */ 636 list_for_each_safe(p, n, &s->dlcs) { 637 d = list_entry(p, struct rfcomm_dlc, list); 638 d->state = BT_CLOSED; 639 __rfcomm_dlc_close(d, err); 640 } 641 642 rfcomm_session_put(s); 643 } 644 645 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err) 646 { 647 struct rfcomm_session *s = NULL; 648 struct sockaddr_l2 addr; 649 struct socket *sock; 650 struct sock *sk; 651 652 BT_DBG("%s %s", batostr(src), batostr(dst)); 653 654 *err = rfcomm_l2sock_create(&sock); 655 if (*err < 0) 656 return NULL; 657 658 bacpy(&addr.l2_bdaddr, src); 659 addr.l2_family = AF_BLUETOOTH; 660 addr.l2_psm = 0; 661 addr.l2_cid = 0; 662 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 663 if (*err < 0) 664 goto failed; 665 666 /* Set L2CAP options */ 667 sk = sock->sk; 668 lock_sock(sk); 669 l2cap_pi(sk)->imtu = l2cap_mtu; 670 release_sock(sk); 671 672 s = rfcomm_session_add(sock, BT_BOUND); 673 if (!s) { 674 *err = -ENOMEM; 675 goto failed; 676 } 677 678 s->initiator = 1; 679 680 bacpy(&addr.l2_bdaddr, dst); 681 addr.l2_family = AF_BLUETOOTH; 682 addr.l2_psm = htobs(RFCOMM_PSM); 683 addr.l2_cid = 0; 684 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); 685 if (*err == 0 || *err == -EINPROGRESS) 686 return s; 687 688 rfcomm_session_del(s); 689 return NULL; 690 691 failed: 692 sock_release(sock); 693 return NULL; 694 } 695 696 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst) 697 { 698 struct sock *sk = s->sock->sk; 699 if (src) 700 bacpy(src, &bt_sk(sk)->src); 701 if (dst) 702 bacpy(dst, &bt_sk(sk)->dst); 703 } 704 705 /* ---- RFCOMM frame sending ---- */ 706 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len) 707 { 708 struct socket *sock = s->sock; 709 struct kvec iv = { data, len }; 710 struct msghdr msg; 711 712 BT_DBG("session %p len %d", s, len); 713 714 memset(&msg, 0, sizeof(msg)); 715 716 return kernel_sendmsg(sock, &msg, &iv, 1, len); 717 } 718 719 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci) 720 { 721 struct rfcomm_cmd cmd; 722 723 BT_DBG("%p dlci %d", s, dlci); 724 725 cmd.addr = __addr(s->initiator, dlci); 726 cmd.ctrl = __ctrl(RFCOMM_SABM, 1); 727 cmd.len = __len8(0); 728 cmd.fcs = __fcs2((u8 *) &cmd); 729 730 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 731 } 732 733 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci) 734 { 735 struct rfcomm_cmd cmd; 736 737 BT_DBG("%p dlci %d", s, dlci); 738 739 cmd.addr = __addr(!s->initiator, dlci); 740 cmd.ctrl = __ctrl(RFCOMM_UA, 1); 741 cmd.len = __len8(0); 742 cmd.fcs = __fcs2((u8 *) &cmd); 743 744 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 745 } 746 747 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci) 748 { 749 struct rfcomm_cmd cmd; 750 751 BT_DBG("%p dlci %d", s, dlci); 752 753 cmd.addr = __addr(s->initiator, dlci); 754 cmd.ctrl = __ctrl(RFCOMM_DISC, 1); 755 cmd.len = __len8(0); 756 cmd.fcs = __fcs2((u8 *) &cmd); 757 758 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 759 } 760 761 static int rfcomm_queue_disc(struct rfcomm_dlc *d) 762 { 763 struct rfcomm_cmd *cmd; 764 struct sk_buff *skb; 765 766 BT_DBG("dlc %p dlci %d", d, d->dlci); 767 768 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL); 769 if (!skb) 770 return -ENOMEM; 771 772 cmd = (void *) __skb_put(skb, sizeof(*cmd)); 773 cmd->addr = d->addr; 774 cmd->ctrl = __ctrl(RFCOMM_DISC, 1); 775 cmd->len = __len8(0); 776 cmd->fcs = __fcs2((u8 *) cmd); 777 778 skb_queue_tail(&d->tx_queue, skb); 779 rfcomm_schedule(RFCOMM_SCHED_TX); 780 return 0; 781 } 782 783 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci) 784 { 785 struct rfcomm_cmd cmd; 786 787 BT_DBG("%p dlci %d", s, dlci); 788 789 cmd.addr = __addr(!s->initiator, dlci); 790 cmd.ctrl = __ctrl(RFCOMM_DM, 1); 791 cmd.len = __len8(0); 792 cmd.fcs = __fcs2((u8 *) &cmd); 793 794 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 795 } 796 797 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type) 798 { 799 struct rfcomm_hdr *hdr; 800 struct rfcomm_mcc *mcc; 801 u8 buf[16], *ptr = buf; 802 803 BT_DBG("%p cr %d type %d", s, cr, type); 804 805 hdr = (void *) ptr; ptr += sizeof(*hdr); 806 hdr->addr = __addr(s->initiator, 0); 807 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 808 hdr->len = __len8(sizeof(*mcc) + 1); 809 810 mcc = (void *) ptr; ptr += sizeof(*mcc); 811 mcc->type = __mcc_type(cr, RFCOMM_NSC); 812 mcc->len = __len8(1); 813 814 /* Type that we didn't like */ 815 *ptr = __mcc_type(cr, type); ptr++; 816 817 *ptr = __fcs(buf); ptr++; 818 819 return rfcomm_send_frame(s, buf, ptr - buf); 820 } 821 822 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d) 823 { 824 struct rfcomm_hdr *hdr; 825 struct rfcomm_mcc *mcc; 826 struct rfcomm_pn *pn; 827 u8 buf[16], *ptr = buf; 828 829 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu); 830 831 hdr = (void *) ptr; ptr += sizeof(*hdr); 832 hdr->addr = __addr(s->initiator, 0); 833 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 834 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn)); 835 836 mcc = (void *) ptr; ptr += sizeof(*mcc); 837 mcc->type = __mcc_type(cr, RFCOMM_PN); 838 mcc->len = __len8(sizeof(*pn)); 839 840 pn = (void *) ptr; ptr += sizeof(*pn); 841 pn->dlci = d->dlci; 842 pn->priority = d->priority; 843 pn->ack_timer = 0; 844 pn->max_retrans = 0; 845 846 if (s->cfc) { 847 pn->flow_ctrl = cr ? 0xf0 : 0xe0; 848 pn->credits = RFCOMM_DEFAULT_CREDITS; 849 } else { 850 pn->flow_ctrl = 0; 851 pn->credits = 0; 852 } 853 854 if (cr && channel_mtu >= 0) 855 pn->mtu = htobs(channel_mtu); 856 else 857 pn->mtu = htobs(d->mtu); 858 859 *ptr = __fcs(buf); ptr++; 860 861 return rfcomm_send_frame(s, buf, ptr - buf); 862 } 863 864 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci, 865 u8 bit_rate, u8 data_bits, u8 stop_bits, 866 u8 parity, u8 flow_ctrl_settings, 867 u8 xon_char, u8 xoff_char, u16 param_mask) 868 { 869 struct rfcomm_hdr *hdr; 870 struct rfcomm_mcc *mcc; 871 struct rfcomm_rpn *rpn; 872 u8 buf[16], *ptr = buf; 873 874 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x" 875 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x", 876 s, cr, dlci, bit_rate, data_bits, stop_bits, parity, 877 flow_ctrl_settings, xon_char, xoff_char, param_mask); 878 879 hdr = (void *) ptr; ptr += sizeof(*hdr); 880 hdr->addr = __addr(s->initiator, 0); 881 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 882 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn)); 883 884 mcc = (void *) ptr; ptr += sizeof(*mcc); 885 mcc->type = __mcc_type(cr, RFCOMM_RPN); 886 mcc->len = __len8(sizeof(*rpn)); 887 888 rpn = (void *) ptr; ptr += sizeof(*rpn); 889 rpn->dlci = __addr(1, dlci); 890 rpn->bit_rate = bit_rate; 891 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity); 892 rpn->flow_ctrl = flow_ctrl_settings; 893 rpn->xon_char = xon_char; 894 rpn->xoff_char = xoff_char; 895 rpn->param_mask = cpu_to_le16(param_mask); 896 897 *ptr = __fcs(buf); ptr++; 898 899 return rfcomm_send_frame(s, buf, ptr - buf); 900 } 901 902 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status) 903 { 904 struct rfcomm_hdr *hdr; 905 struct rfcomm_mcc *mcc; 906 struct rfcomm_rls *rls; 907 u8 buf[16], *ptr = buf; 908 909 BT_DBG("%p cr %d status 0x%x", s, cr, status); 910 911 hdr = (void *) ptr; ptr += sizeof(*hdr); 912 hdr->addr = __addr(s->initiator, 0); 913 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 914 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls)); 915 916 mcc = (void *) ptr; ptr += sizeof(*mcc); 917 mcc->type = __mcc_type(cr, RFCOMM_RLS); 918 mcc->len = __len8(sizeof(*rls)); 919 920 rls = (void *) ptr; ptr += sizeof(*rls); 921 rls->dlci = __addr(1, dlci); 922 rls->status = status; 923 924 *ptr = __fcs(buf); ptr++; 925 926 return rfcomm_send_frame(s, buf, ptr - buf); 927 } 928 929 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig) 930 { 931 struct rfcomm_hdr *hdr; 932 struct rfcomm_mcc *mcc; 933 struct rfcomm_msc *msc; 934 u8 buf[16], *ptr = buf; 935 936 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig); 937 938 hdr = (void *) ptr; ptr += sizeof(*hdr); 939 hdr->addr = __addr(s->initiator, 0); 940 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 941 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc)); 942 943 mcc = (void *) ptr; ptr += sizeof(*mcc); 944 mcc->type = __mcc_type(cr, RFCOMM_MSC); 945 mcc->len = __len8(sizeof(*msc)); 946 947 msc = (void *) ptr; ptr += sizeof(*msc); 948 msc->dlci = __addr(1, dlci); 949 msc->v24_sig = v24_sig | 0x01; 950 951 *ptr = __fcs(buf); ptr++; 952 953 return rfcomm_send_frame(s, buf, ptr - buf); 954 } 955 956 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr) 957 { 958 struct rfcomm_hdr *hdr; 959 struct rfcomm_mcc *mcc; 960 u8 buf[16], *ptr = buf; 961 962 BT_DBG("%p cr %d", s, cr); 963 964 hdr = (void *) ptr; ptr += sizeof(*hdr); 965 hdr->addr = __addr(s->initiator, 0); 966 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 967 hdr->len = __len8(sizeof(*mcc)); 968 969 mcc = (void *) ptr; ptr += sizeof(*mcc); 970 mcc->type = __mcc_type(cr, RFCOMM_FCOFF); 971 mcc->len = __len8(0); 972 973 *ptr = __fcs(buf); ptr++; 974 975 return rfcomm_send_frame(s, buf, ptr - buf); 976 } 977 978 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr) 979 { 980 struct rfcomm_hdr *hdr; 981 struct rfcomm_mcc *mcc; 982 u8 buf[16], *ptr = buf; 983 984 BT_DBG("%p cr %d", s, cr); 985 986 hdr = (void *) ptr; ptr += sizeof(*hdr); 987 hdr->addr = __addr(s->initiator, 0); 988 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 989 hdr->len = __len8(sizeof(*mcc)); 990 991 mcc = (void *) ptr; ptr += sizeof(*mcc); 992 mcc->type = __mcc_type(cr, RFCOMM_FCON); 993 mcc->len = __len8(0); 994 995 *ptr = __fcs(buf); ptr++; 996 997 return rfcomm_send_frame(s, buf, ptr - buf); 998 } 999 1000 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len) 1001 { 1002 struct socket *sock = s->sock; 1003 struct kvec iv[3]; 1004 struct msghdr msg; 1005 unsigned char hdr[5], crc[1]; 1006 1007 if (len > 125) 1008 return -EINVAL; 1009 1010 BT_DBG("%p cr %d", s, cr); 1011 1012 hdr[0] = __addr(s->initiator, 0); 1013 hdr[1] = __ctrl(RFCOMM_UIH, 0); 1014 hdr[2] = 0x01 | ((len + 2) << 1); 1015 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2); 1016 hdr[4] = 0x01 | (len << 1); 1017 1018 crc[0] = __fcs(hdr); 1019 1020 iv[0].iov_base = hdr; 1021 iv[0].iov_len = 5; 1022 iv[1].iov_base = pattern; 1023 iv[1].iov_len = len; 1024 iv[2].iov_base = crc; 1025 iv[2].iov_len = 1; 1026 1027 memset(&msg, 0, sizeof(msg)); 1028 1029 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len); 1030 } 1031 1032 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits) 1033 { 1034 struct rfcomm_hdr *hdr; 1035 u8 buf[16], *ptr = buf; 1036 1037 BT_DBG("%p addr %d credits %d", s, addr, credits); 1038 1039 hdr = (void *) ptr; ptr += sizeof(*hdr); 1040 hdr->addr = addr; 1041 hdr->ctrl = __ctrl(RFCOMM_UIH, 1); 1042 hdr->len = __len8(0); 1043 1044 *ptr = credits; ptr++; 1045 1046 *ptr = __fcs(buf); ptr++; 1047 1048 return rfcomm_send_frame(s, buf, ptr - buf); 1049 } 1050 1051 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr) 1052 { 1053 struct rfcomm_hdr *hdr; 1054 int len = skb->len; 1055 u8 *crc; 1056 1057 if (len > 127) { 1058 hdr = (void *) skb_push(skb, 4); 1059 put_unaligned(htobs(__len16(len)), (__le16 *) &hdr->len); 1060 } else { 1061 hdr = (void *) skb_push(skb, 3); 1062 hdr->len = __len8(len); 1063 } 1064 hdr->addr = addr; 1065 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1066 1067 crc = skb_put(skb, 1); 1068 *crc = __fcs((void *) hdr); 1069 } 1070 1071 /* ---- RFCOMM frame reception ---- */ 1072 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci) 1073 { 1074 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1075 1076 if (dlci) { 1077 /* Data channel */ 1078 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1079 if (!d) { 1080 rfcomm_send_dm(s, dlci); 1081 return 0; 1082 } 1083 1084 switch (d->state) { 1085 case BT_CONNECT: 1086 rfcomm_dlc_clear_timer(d); 1087 1088 rfcomm_dlc_lock(d); 1089 d->state = BT_CONNECTED; 1090 d->state_change(d, 0); 1091 rfcomm_dlc_unlock(d); 1092 1093 rfcomm_send_msc(s, 1, dlci, d->v24_sig); 1094 break; 1095 1096 case BT_DISCONN: 1097 d->state = BT_CLOSED; 1098 __rfcomm_dlc_close(d, 0); 1099 1100 if (list_empty(&s->dlcs)) { 1101 s->state = BT_DISCONN; 1102 rfcomm_send_disc(s, 0); 1103 } 1104 1105 break; 1106 } 1107 } else { 1108 /* Control channel */ 1109 switch (s->state) { 1110 case BT_CONNECT: 1111 s->state = BT_CONNECTED; 1112 rfcomm_process_connect(s); 1113 break; 1114 1115 case BT_DISCONN: 1116 rfcomm_session_put(s); 1117 break; 1118 } 1119 } 1120 return 0; 1121 } 1122 1123 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci) 1124 { 1125 int err = 0; 1126 1127 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1128 1129 if (dlci) { 1130 /* Data DLC */ 1131 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1132 if (d) { 1133 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1134 err = ECONNREFUSED; 1135 else 1136 err = ECONNRESET; 1137 1138 d->state = BT_CLOSED; 1139 __rfcomm_dlc_close(d, err); 1140 } 1141 } else { 1142 if (s->state == BT_CONNECT) 1143 err = ECONNREFUSED; 1144 else 1145 err = ECONNRESET; 1146 1147 s->state = BT_CLOSED; 1148 rfcomm_session_close(s, err); 1149 } 1150 return 0; 1151 } 1152 1153 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci) 1154 { 1155 int err = 0; 1156 1157 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1158 1159 if (dlci) { 1160 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1161 if (d) { 1162 rfcomm_send_ua(s, dlci); 1163 1164 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1165 err = ECONNREFUSED; 1166 else 1167 err = ECONNRESET; 1168 1169 d->state = BT_CLOSED; 1170 __rfcomm_dlc_close(d, err); 1171 } else 1172 rfcomm_send_dm(s, dlci); 1173 1174 } else { 1175 rfcomm_send_ua(s, 0); 1176 1177 if (s->state == BT_CONNECT) 1178 err = ECONNREFUSED; 1179 else 1180 err = ECONNRESET; 1181 1182 s->state = BT_CLOSED; 1183 rfcomm_session_close(s, err); 1184 } 1185 1186 return 0; 1187 } 1188 1189 void rfcomm_dlc_accept(struct rfcomm_dlc *d) 1190 { 1191 struct sock *sk = d->session->sock->sk; 1192 1193 BT_DBG("dlc %p", d); 1194 1195 rfcomm_send_ua(d->session, d->dlci); 1196 1197 rfcomm_dlc_clear_timer(d); 1198 1199 rfcomm_dlc_lock(d); 1200 d->state = BT_CONNECTED; 1201 d->state_change(d, 0); 1202 rfcomm_dlc_unlock(d); 1203 1204 if (d->role_switch) 1205 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00); 1206 1207 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1208 } 1209 1210 static void rfcomm_check_accept(struct rfcomm_dlc *d) 1211 { 1212 if (rfcomm_check_security(d)) { 1213 if (d->defer_setup) { 1214 set_bit(RFCOMM_DEFER_SETUP, &d->flags); 1215 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1216 1217 rfcomm_dlc_lock(d); 1218 d->state = BT_CONNECT2; 1219 d->state_change(d, 0); 1220 rfcomm_dlc_unlock(d); 1221 } else 1222 rfcomm_dlc_accept(d); 1223 } else { 1224 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1225 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1226 } 1227 } 1228 1229 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci) 1230 { 1231 struct rfcomm_dlc *d; 1232 u8 channel; 1233 1234 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1235 1236 if (!dlci) { 1237 rfcomm_send_ua(s, 0); 1238 1239 if (s->state == BT_OPEN) { 1240 s->state = BT_CONNECTED; 1241 rfcomm_process_connect(s); 1242 } 1243 return 0; 1244 } 1245 1246 /* Check if DLC exists */ 1247 d = rfcomm_dlc_get(s, dlci); 1248 if (d) { 1249 if (d->state == BT_OPEN) { 1250 /* DLC was previously opened by PN request */ 1251 rfcomm_check_accept(d); 1252 } 1253 return 0; 1254 } 1255 1256 /* Notify socket layer about incoming connection */ 1257 channel = __srv_channel(dlci); 1258 if (rfcomm_connect_ind(s, channel, &d)) { 1259 d->dlci = dlci; 1260 d->addr = __addr(s->initiator, dlci); 1261 rfcomm_dlc_link(s, d); 1262 1263 rfcomm_check_accept(d); 1264 } else { 1265 rfcomm_send_dm(s, dlci); 1266 } 1267 1268 return 0; 1269 } 1270 1271 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn) 1272 { 1273 struct rfcomm_session *s = d->session; 1274 1275 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d", 1276 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits); 1277 1278 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) || 1279 pn->flow_ctrl == 0xe0) { 1280 d->cfc = RFCOMM_CFC_ENABLED; 1281 d->tx_credits = pn->credits; 1282 } else { 1283 d->cfc = RFCOMM_CFC_DISABLED; 1284 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1285 } 1286 1287 if (s->cfc == RFCOMM_CFC_UNKNOWN) 1288 s->cfc = d->cfc; 1289 1290 d->priority = pn->priority; 1291 1292 d->mtu = btohs(pn->mtu); 1293 1294 if (cr && d->mtu > s->mtu) 1295 d->mtu = s->mtu; 1296 1297 return 0; 1298 } 1299 1300 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1301 { 1302 struct rfcomm_pn *pn = (void *) skb->data; 1303 struct rfcomm_dlc *d; 1304 u8 dlci = pn->dlci; 1305 1306 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1307 1308 if (!dlci) 1309 return 0; 1310 1311 d = rfcomm_dlc_get(s, dlci); 1312 if (d) { 1313 if (cr) { 1314 /* PN request */ 1315 rfcomm_apply_pn(d, cr, pn); 1316 rfcomm_send_pn(s, 0, d); 1317 } else { 1318 /* PN response */ 1319 switch (d->state) { 1320 case BT_CONFIG: 1321 rfcomm_apply_pn(d, cr, pn); 1322 1323 d->state = BT_CONNECT; 1324 rfcomm_send_sabm(s, d->dlci); 1325 break; 1326 } 1327 } 1328 } else { 1329 u8 channel = __srv_channel(dlci); 1330 1331 if (!cr) 1332 return 0; 1333 1334 /* PN request for non existing DLC. 1335 * Assume incoming connection. */ 1336 if (rfcomm_connect_ind(s, channel, &d)) { 1337 d->dlci = dlci; 1338 d->addr = __addr(s->initiator, dlci); 1339 rfcomm_dlc_link(s, d); 1340 1341 rfcomm_apply_pn(d, cr, pn); 1342 1343 d->state = BT_OPEN; 1344 rfcomm_send_pn(s, 0, d); 1345 } else { 1346 rfcomm_send_dm(s, dlci); 1347 } 1348 } 1349 return 0; 1350 } 1351 1352 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb) 1353 { 1354 struct rfcomm_rpn *rpn = (void *) skb->data; 1355 u8 dlci = __get_dlci(rpn->dlci); 1356 1357 u8 bit_rate = 0; 1358 u8 data_bits = 0; 1359 u8 stop_bits = 0; 1360 u8 parity = 0; 1361 u8 flow_ctrl = 0; 1362 u8 xon_char = 0; 1363 u8 xoff_char = 0; 1364 u16 rpn_mask = RFCOMM_RPN_PM_ALL; 1365 1366 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x", 1367 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl, 1368 rpn->xon_char, rpn->xoff_char, rpn->param_mask); 1369 1370 if (!cr) 1371 return 0; 1372 1373 if (len == 1) { 1374 /* This is a request, return default settings */ 1375 bit_rate = RFCOMM_RPN_BR_115200; 1376 data_bits = RFCOMM_RPN_DATA_8; 1377 stop_bits = RFCOMM_RPN_STOP_1; 1378 parity = RFCOMM_RPN_PARITY_NONE; 1379 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1380 xon_char = RFCOMM_RPN_XON_CHAR; 1381 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1382 goto rpn_out; 1383 } 1384 1385 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit, 1386 * no parity, no flow control lines, normal XON/XOFF chars */ 1387 1388 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) { 1389 bit_rate = rpn->bit_rate; 1390 if (bit_rate != RFCOMM_RPN_BR_115200) { 1391 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate); 1392 bit_rate = RFCOMM_RPN_BR_115200; 1393 rpn_mask ^= RFCOMM_RPN_PM_BITRATE; 1394 } 1395 } 1396 1397 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) { 1398 data_bits = __get_rpn_data_bits(rpn->line_settings); 1399 if (data_bits != RFCOMM_RPN_DATA_8) { 1400 BT_DBG("RPN data bits mismatch 0x%x", data_bits); 1401 data_bits = RFCOMM_RPN_DATA_8; 1402 rpn_mask ^= RFCOMM_RPN_PM_DATA; 1403 } 1404 } 1405 1406 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) { 1407 stop_bits = __get_rpn_stop_bits(rpn->line_settings); 1408 if (stop_bits != RFCOMM_RPN_STOP_1) { 1409 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits); 1410 stop_bits = RFCOMM_RPN_STOP_1; 1411 rpn_mask ^= RFCOMM_RPN_PM_STOP; 1412 } 1413 } 1414 1415 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) { 1416 parity = __get_rpn_parity(rpn->line_settings); 1417 if (parity != RFCOMM_RPN_PARITY_NONE) { 1418 BT_DBG("RPN parity mismatch 0x%x", parity); 1419 parity = RFCOMM_RPN_PARITY_NONE; 1420 rpn_mask ^= RFCOMM_RPN_PM_PARITY; 1421 } 1422 } 1423 1424 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) { 1425 flow_ctrl = rpn->flow_ctrl; 1426 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) { 1427 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl); 1428 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1429 rpn_mask ^= RFCOMM_RPN_PM_FLOW; 1430 } 1431 } 1432 1433 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) { 1434 xon_char = rpn->xon_char; 1435 if (xon_char != RFCOMM_RPN_XON_CHAR) { 1436 BT_DBG("RPN XON char mismatch 0x%x", xon_char); 1437 xon_char = RFCOMM_RPN_XON_CHAR; 1438 rpn_mask ^= RFCOMM_RPN_PM_XON; 1439 } 1440 } 1441 1442 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) { 1443 xoff_char = rpn->xoff_char; 1444 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) { 1445 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char); 1446 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1447 rpn_mask ^= RFCOMM_RPN_PM_XOFF; 1448 } 1449 } 1450 1451 rpn_out: 1452 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits, 1453 parity, flow_ctrl, xon_char, xoff_char, rpn_mask); 1454 1455 return 0; 1456 } 1457 1458 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1459 { 1460 struct rfcomm_rls *rls = (void *) skb->data; 1461 u8 dlci = __get_dlci(rls->dlci); 1462 1463 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status); 1464 1465 if (!cr) 1466 return 0; 1467 1468 /* We should probably do something with this information here. But 1469 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's 1470 * mandatory to recognise and respond to RLS */ 1471 1472 rfcomm_send_rls(s, 0, dlci, rls->status); 1473 1474 return 0; 1475 } 1476 1477 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1478 { 1479 struct rfcomm_msc *msc = (void *) skb->data; 1480 struct rfcomm_dlc *d; 1481 u8 dlci = __get_dlci(msc->dlci); 1482 1483 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig); 1484 1485 d = rfcomm_dlc_get(s, dlci); 1486 if (!d) 1487 return 0; 1488 1489 if (cr) { 1490 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc) 1491 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1492 else 1493 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1494 1495 rfcomm_dlc_lock(d); 1496 1497 d->remote_v24_sig = msc->v24_sig; 1498 1499 if (d->modem_status) 1500 d->modem_status(d, msc->v24_sig); 1501 1502 rfcomm_dlc_unlock(d); 1503 1504 rfcomm_send_msc(s, 0, dlci, msc->v24_sig); 1505 1506 d->mscex |= RFCOMM_MSCEX_RX; 1507 } else 1508 d->mscex |= RFCOMM_MSCEX_TX; 1509 1510 return 0; 1511 } 1512 1513 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb) 1514 { 1515 struct rfcomm_mcc *mcc = (void *) skb->data; 1516 u8 type, cr, len; 1517 1518 cr = __test_cr(mcc->type); 1519 type = __get_mcc_type(mcc->type); 1520 len = __get_mcc_len(mcc->len); 1521 1522 BT_DBG("%p type 0x%x cr %d", s, type, cr); 1523 1524 skb_pull(skb, 2); 1525 1526 switch (type) { 1527 case RFCOMM_PN: 1528 rfcomm_recv_pn(s, cr, skb); 1529 break; 1530 1531 case RFCOMM_RPN: 1532 rfcomm_recv_rpn(s, cr, len, skb); 1533 break; 1534 1535 case RFCOMM_RLS: 1536 rfcomm_recv_rls(s, cr, skb); 1537 break; 1538 1539 case RFCOMM_MSC: 1540 rfcomm_recv_msc(s, cr, skb); 1541 break; 1542 1543 case RFCOMM_FCOFF: 1544 if (cr) { 1545 set_bit(RFCOMM_TX_THROTTLED, &s->flags); 1546 rfcomm_send_fcoff(s, 0); 1547 } 1548 break; 1549 1550 case RFCOMM_FCON: 1551 if (cr) { 1552 clear_bit(RFCOMM_TX_THROTTLED, &s->flags); 1553 rfcomm_send_fcon(s, 0); 1554 } 1555 break; 1556 1557 case RFCOMM_TEST: 1558 if (cr) 1559 rfcomm_send_test(s, 0, skb->data, skb->len); 1560 break; 1561 1562 case RFCOMM_NSC: 1563 break; 1564 1565 default: 1566 BT_ERR("Unknown control type 0x%02x", type); 1567 rfcomm_send_nsc(s, cr, type); 1568 break; 1569 } 1570 return 0; 1571 } 1572 1573 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb) 1574 { 1575 struct rfcomm_dlc *d; 1576 1577 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf); 1578 1579 d = rfcomm_dlc_get(s, dlci); 1580 if (!d) { 1581 rfcomm_send_dm(s, dlci); 1582 goto drop; 1583 } 1584 1585 if (pf && d->cfc) { 1586 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1); 1587 1588 d->tx_credits += credits; 1589 if (d->tx_credits) 1590 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1591 } 1592 1593 if (skb->len && d->state == BT_CONNECTED) { 1594 rfcomm_dlc_lock(d); 1595 d->rx_credits--; 1596 d->data_ready(d, skb); 1597 rfcomm_dlc_unlock(d); 1598 return 0; 1599 } 1600 1601 drop: 1602 kfree_skb(skb); 1603 return 0; 1604 } 1605 1606 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb) 1607 { 1608 struct rfcomm_hdr *hdr = (void *) skb->data; 1609 u8 type, dlci, fcs; 1610 1611 dlci = __get_dlci(hdr->addr); 1612 type = __get_type(hdr->ctrl); 1613 1614 /* Trim FCS */ 1615 skb->len--; skb->tail--; 1616 fcs = *(u8 *)skb_tail_pointer(skb); 1617 1618 if (__check_fcs(skb->data, type, fcs)) { 1619 BT_ERR("bad checksum in packet"); 1620 kfree_skb(skb); 1621 return -EILSEQ; 1622 } 1623 1624 if (__test_ea(hdr->len)) 1625 skb_pull(skb, 3); 1626 else 1627 skb_pull(skb, 4); 1628 1629 switch (type) { 1630 case RFCOMM_SABM: 1631 if (__test_pf(hdr->ctrl)) 1632 rfcomm_recv_sabm(s, dlci); 1633 break; 1634 1635 case RFCOMM_DISC: 1636 if (__test_pf(hdr->ctrl)) 1637 rfcomm_recv_disc(s, dlci); 1638 break; 1639 1640 case RFCOMM_UA: 1641 if (__test_pf(hdr->ctrl)) 1642 rfcomm_recv_ua(s, dlci); 1643 break; 1644 1645 case RFCOMM_DM: 1646 rfcomm_recv_dm(s, dlci); 1647 break; 1648 1649 case RFCOMM_UIH: 1650 if (dlci) 1651 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb); 1652 1653 rfcomm_recv_mcc(s, skb); 1654 break; 1655 1656 default: 1657 BT_ERR("Unknown packet type 0x%02x\n", type); 1658 break; 1659 } 1660 kfree_skb(skb); 1661 return 0; 1662 } 1663 1664 /* ---- Connection and data processing ---- */ 1665 1666 static void rfcomm_process_connect(struct rfcomm_session *s) 1667 { 1668 struct rfcomm_dlc *d; 1669 struct list_head *p, *n; 1670 1671 BT_DBG("session %p state %ld", s, s->state); 1672 1673 list_for_each_safe(p, n, &s->dlcs) { 1674 d = list_entry(p, struct rfcomm_dlc, list); 1675 if (d->state == BT_CONFIG) { 1676 d->mtu = s->mtu; 1677 if (rfcomm_check_security(d)) { 1678 rfcomm_send_pn(s, 1, d); 1679 } else { 1680 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1681 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1682 } 1683 } 1684 } 1685 } 1686 1687 /* Send data queued for the DLC. 1688 * Return number of frames left in the queue. 1689 */ 1690 static inline int rfcomm_process_tx(struct rfcomm_dlc *d) 1691 { 1692 struct sk_buff *skb; 1693 int err; 1694 1695 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d", 1696 d, d->state, d->cfc, d->rx_credits, d->tx_credits); 1697 1698 /* Send pending MSC */ 1699 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags)) 1700 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1701 1702 if (d->cfc) { 1703 /* CFC enabled. 1704 * Give them some credits */ 1705 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) && 1706 d->rx_credits <= (d->cfc >> 2)) { 1707 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits); 1708 d->rx_credits = d->cfc; 1709 } 1710 } else { 1711 /* CFC disabled. 1712 * Give ourselves some credits */ 1713 d->tx_credits = 5; 1714 } 1715 1716 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 1717 return skb_queue_len(&d->tx_queue); 1718 1719 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) { 1720 err = rfcomm_send_frame(d->session, skb->data, skb->len); 1721 if (err < 0) { 1722 skb_queue_head(&d->tx_queue, skb); 1723 break; 1724 } 1725 kfree_skb(skb); 1726 d->tx_credits--; 1727 } 1728 1729 if (d->cfc && !d->tx_credits) { 1730 /* We're out of TX credits. 1731 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */ 1732 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1733 } 1734 1735 return skb_queue_len(&d->tx_queue); 1736 } 1737 1738 static inline void rfcomm_process_dlcs(struct rfcomm_session *s) 1739 { 1740 struct rfcomm_dlc *d; 1741 struct list_head *p, *n; 1742 1743 BT_DBG("session %p state %ld", s, s->state); 1744 1745 list_for_each_safe(p, n, &s->dlcs) { 1746 d = list_entry(p, struct rfcomm_dlc, list); 1747 1748 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) { 1749 __rfcomm_dlc_close(d, ETIMEDOUT); 1750 continue; 1751 } 1752 1753 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) { 1754 rfcomm_dlc_clear_timer(d); 1755 if (d->out) { 1756 rfcomm_send_pn(s, 1, d); 1757 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 1758 } else { 1759 if (d->defer_setup) { 1760 set_bit(RFCOMM_DEFER_SETUP, &d->flags); 1761 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1762 1763 rfcomm_dlc_lock(d); 1764 d->state = BT_CONNECT2; 1765 d->state_change(d, 0); 1766 rfcomm_dlc_unlock(d); 1767 } else 1768 rfcomm_dlc_accept(d); 1769 } 1770 continue; 1771 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) { 1772 rfcomm_dlc_clear_timer(d); 1773 if (!d->out) 1774 rfcomm_send_dm(s, d->dlci); 1775 else 1776 d->state = BT_CLOSED; 1777 __rfcomm_dlc_close(d, ECONNREFUSED); 1778 continue; 1779 } 1780 1781 if (test_bit(RFCOMM_SEC_PENDING, &d->flags)) 1782 continue; 1783 1784 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags)) 1785 continue; 1786 1787 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) && 1788 d->mscex == RFCOMM_MSCEX_OK) 1789 rfcomm_process_tx(d); 1790 } 1791 } 1792 1793 static inline void rfcomm_process_rx(struct rfcomm_session *s) 1794 { 1795 struct socket *sock = s->sock; 1796 struct sock *sk = sock->sk; 1797 struct sk_buff *skb; 1798 1799 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue)); 1800 1801 /* Get data directly from socket receive queue without copying it. */ 1802 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 1803 skb_orphan(skb); 1804 rfcomm_recv_frame(s, skb); 1805 } 1806 1807 if (sk->sk_state == BT_CLOSED) { 1808 if (!s->initiator) 1809 rfcomm_session_put(s); 1810 1811 rfcomm_session_close(s, sk->sk_err); 1812 } 1813 } 1814 1815 static inline void rfcomm_accept_connection(struct rfcomm_session *s) 1816 { 1817 struct socket *sock = s->sock, *nsock; 1818 int err; 1819 1820 /* Fast check for a new connection. 1821 * Avoids unnesesary socket allocations. */ 1822 if (list_empty(&bt_sk(sock->sk)->accept_q)) 1823 return; 1824 1825 BT_DBG("session %p", s); 1826 1827 err = kernel_accept(sock, &nsock, O_NONBLOCK); 1828 if (err < 0) 1829 return; 1830 1831 /* Set our callbacks */ 1832 nsock->sk->sk_data_ready = rfcomm_l2data_ready; 1833 nsock->sk->sk_state_change = rfcomm_l2state_change; 1834 1835 s = rfcomm_session_add(nsock, BT_OPEN); 1836 if (s) { 1837 rfcomm_session_hold(s); 1838 1839 /* We should adjust MTU on incoming sessions. 1840 * L2CAP MTU minus UIH header and FCS. */ 1841 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5; 1842 1843 rfcomm_schedule(RFCOMM_SCHED_RX); 1844 } else 1845 sock_release(nsock); 1846 } 1847 1848 static inline void rfcomm_check_connection(struct rfcomm_session *s) 1849 { 1850 struct sock *sk = s->sock->sk; 1851 1852 BT_DBG("%p state %ld", s, s->state); 1853 1854 switch(sk->sk_state) { 1855 case BT_CONNECTED: 1856 s->state = BT_CONNECT; 1857 1858 /* We can adjust MTU on outgoing sessions. 1859 * L2CAP MTU minus UIH header and FCS. */ 1860 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5; 1861 1862 rfcomm_send_sabm(s, 0); 1863 break; 1864 1865 case BT_CLOSED: 1866 s->state = BT_CLOSED; 1867 rfcomm_session_close(s, sk->sk_err); 1868 break; 1869 } 1870 } 1871 1872 static inline void rfcomm_process_sessions(void) 1873 { 1874 struct list_head *p, *n; 1875 1876 rfcomm_lock(); 1877 1878 list_for_each_safe(p, n, &session_list) { 1879 struct rfcomm_session *s; 1880 s = list_entry(p, struct rfcomm_session, list); 1881 1882 if (s->state == BT_LISTEN) { 1883 rfcomm_accept_connection(s); 1884 continue; 1885 } 1886 1887 rfcomm_session_hold(s); 1888 1889 switch (s->state) { 1890 case BT_BOUND: 1891 rfcomm_check_connection(s); 1892 break; 1893 1894 default: 1895 rfcomm_process_rx(s); 1896 break; 1897 } 1898 1899 rfcomm_process_dlcs(s); 1900 1901 rfcomm_session_put(s); 1902 } 1903 1904 rfcomm_unlock(); 1905 } 1906 1907 static int rfcomm_add_listener(bdaddr_t *ba) 1908 { 1909 struct sockaddr_l2 addr; 1910 struct socket *sock; 1911 struct sock *sk; 1912 struct rfcomm_session *s; 1913 int err = 0; 1914 1915 /* Create socket */ 1916 err = rfcomm_l2sock_create(&sock); 1917 if (err < 0) { 1918 BT_ERR("Create socket failed %d", err); 1919 return err; 1920 } 1921 1922 /* Bind socket */ 1923 bacpy(&addr.l2_bdaddr, ba); 1924 addr.l2_family = AF_BLUETOOTH; 1925 addr.l2_psm = htobs(RFCOMM_PSM); 1926 addr.l2_cid = 0; 1927 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 1928 if (err < 0) { 1929 BT_ERR("Bind failed %d", err); 1930 goto failed; 1931 } 1932 1933 /* Set L2CAP options */ 1934 sk = sock->sk; 1935 lock_sock(sk); 1936 l2cap_pi(sk)->imtu = l2cap_mtu; 1937 release_sock(sk); 1938 1939 /* Start listening on the socket */ 1940 err = kernel_listen(sock, 10); 1941 if (err) { 1942 BT_ERR("Listen failed %d", err); 1943 goto failed; 1944 } 1945 1946 /* Add listening session */ 1947 s = rfcomm_session_add(sock, BT_LISTEN); 1948 if (!s) 1949 goto failed; 1950 1951 rfcomm_session_hold(s); 1952 return 0; 1953 failed: 1954 sock_release(sock); 1955 return err; 1956 } 1957 1958 static void rfcomm_kill_listener(void) 1959 { 1960 struct rfcomm_session *s; 1961 struct list_head *p, *n; 1962 1963 BT_DBG(""); 1964 1965 list_for_each_safe(p, n, &session_list) { 1966 s = list_entry(p, struct rfcomm_session, list); 1967 rfcomm_session_del(s); 1968 } 1969 } 1970 1971 static int rfcomm_run(void *unused) 1972 { 1973 BT_DBG(""); 1974 1975 set_user_nice(current, -10); 1976 1977 rfcomm_add_listener(BDADDR_ANY); 1978 1979 while (!kthread_should_stop()) { 1980 set_current_state(TASK_INTERRUPTIBLE); 1981 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) { 1982 /* No pending events. Let's sleep. 1983 * Incoming connections and data will wake us up. */ 1984 schedule(); 1985 } 1986 set_current_state(TASK_RUNNING); 1987 1988 /* Process stuff */ 1989 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 1990 rfcomm_process_sessions(); 1991 } 1992 1993 rfcomm_kill_listener(); 1994 1995 return 0; 1996 } 1997 1998 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt) 1999 { 2000 struct rfcomm_session *s; 2001 struct rfcomm_dlc *d; 2002 struct list_head *p, *n; 2003 2004 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt); 2005 2006 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); 2007 if (!s) 2008 return; 2009 2010 rfcomm_session_hold(s); 2011 2012 list_for_each_safe(p, n, &s->dlcs) { 2013 d = list_entry(p, struct rfcomm_dlc, list); 2014 2015 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) { 2016 rfcomm_dlc_clear_timer(d); 2017 if (status || encrypt == 0x00) { 2018 __rfcomm_dlc_close(d, ECONNREFUSED); 2019 continue; 2020 } 2021 } 2022 2023 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) { 2024 if (d->sec_level == BT_SECURITY_MEDIUM) { 2025 set_bit(RFCOMM_SEC_PENDING, &d->flags); 2026 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 2027 continue; 2028 } else if (d->sec_level == BT_SECURITY_HIGH) { 2029 __rfcomm_dlc_close(d, ECONNREFUSED); 2030 continue; 2031 } 2032 } 2033 2034 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 2035 continue; 2036 2037 if (!status) 2038 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 2039 else 2040 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 2041 } 2042 2043 rfcomm_session_put(s); 2044 2045 rfcomm_schedule(RFCOMM_SCHED_AUTH); 2046 } 2047 2048 static struct hci_cb rfcomm_cb = { 2049 .name = "RFCOMM", 2050 .security_cfm = rfcomm_security_cfm 2051 }; 2052 2053 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf) 2054 { 2055 struct rfcomm_session *s; 2056 struct list_head *pp, *p; 2057 char *str = buf; 2058 2059 rfcomm_lock(); 2060 2061 list_for_each(p, &session_list) { 2062 s = list_entry(p, struct rfcomm_session, list); 2063 list_for_each(pp, &s->dlcs) { 2064 struct sock *sk = s->sock->sk; 2065 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list); 2066 2067 str += sprintf(str, "%s %s %ld %d %d %d %d\n", 2068 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), 2069 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits); 2070 } 2071 } 2072 2073 rfcomm_unlock(); 2074 2075 return (str - buf); 2076 } 2077 2078 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL); 2079 2080 /* ---- Initialization ---- */ 2081 static int __init rfcomm_init(void) 2082 { 2083 l2cap_load(); 2084 2085 hci_register_cb(&rfcomm_cb); 2086 2087 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd"); 2088 if (IS_ERR(rfcomm_thread)) { 2089 hci_unregister_cb(&rfcomm_cb); 2090 return PTR_ERR(rfcomm_thread); 2091 } 2092 2093 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0) 2094 BT_ERR("Failed to create RFCOMM info file"); 2095 2096 rfcomm_init_sockets(); 2097 2098 #ifdef CONFIG_BT_RFCOMM_TTY 2099 rfcomm_init_ttys(); 2100 #endif 2101 2102 BT_INFO("RFCOMM ver %s", VERSION); 2103 2104 return 0; 2105 } 2106 2107 static void __exit rfcomm_exit(void) 2108 { 2109 class_remove_file(bt_class, &class_attr_rfcomm_dlc); 2110 2111 hci_unregister_cb(&rfcomm_cb); 2112 2113 kthread_stop(rfcomm_thread); 2114 2115 #ifdef CONFIG_BT_RFCOMM_TTY 2116 rfcomm_cleanup_ttys(); 2117 #endif 2118 2119 rfcomm_cleanup_sockets(); 2120 } 2121 2122 module_init(rfcomm_init); 2123 module_exit(rfcomm_exit); 2124 2125 module_param(disable_cfc, bool, 0644); 2126 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control"); 2127 2128 module_param(channel_mtu, int, 0644); 2129 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel"); 2130 2131 module_param(l2cap_mtu, uint, 0644); 2132 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection"); 2133 2134 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 2135 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION); 2136 MODULE_VERSION(VERSION); 2137 MODULE_LICENSE("GPL"); 2138 MODULE_ALIAS("bt-proto-3"); 2139