1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * Bluetooth RFCOMM core. 26 * 27 * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $ 28 */ 29 30 #include <linux/config.h> 31 #include <linux/module.h> 32 #include <linux/errno.h> 33 #include <linux/kernel.h> 34 #include <linux/sched.h> 35 #include <linux/signal.h> 36 #include <linux/init.h> 37 #include <linux/wait.h> 38 #include <linux/device.h> 39 #include <linux/net.h> 40 #include <net/sock.h> 41 #include <asm/uaccess.h> 42 #include <asm/unaligned.h> 43 44 #include <net/bluetooth/bluetooth.h> 45 #include <net/bluetooth/hci_core.h> 46 #include <net/bluetooth/l2cap.h> 47 #include <net/bluetooth/rfcomm.h> 48 49 #define VERSION "1.6" 50 51 #ifndef CONFIG_BT_RFCOMM_DEBUG 52 #undef BT_DBG 53 #define BT_DBG(D...) 54 #endif 55 56 static struct task_struct *rfcomm_thread; 57 58 static DECLARE_MUTEX(rfcomm_sem); 59 #define rfcomm_lock() down(&rfcomm_sem); 60 #define rfcomm_unlock() up(&rfcomm_sem); 61 62 static unsigned long rfcomm_event; 63 64 static LIST_HEAD(session_list); 65 static atomic_t terminate, running; 66 67 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len); 68 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci); 69 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci); 70 static int rfcomm_queue_disc(struct rfcomm_dlc *d); 71 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type); 72 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d); 73 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig); 74 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len); 75 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits); 76 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr); 77 78 static void rfcomm_process_connect(struct rfcomm_session *s); 79 80 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err); 81 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst); 82 static void rfcomm_session_del(struct rfcomm_session *s); 83 84 /* ---- RFCOMM frame parsing macros ---- */ 85 #define __get_dlci(b) ((b & 0xfc) >> 2) 86 #define __get_channel(b) ((b & 0xf8) >> 3) 87 #define __get_dir(b) ((b & 0x04) >> 2) 88 #define __get_type(b) ((b & 0xef)) 89 90 #define __test_ea(b) ((b & 0x01)) 91 #define __test_cr(b) ((b & 0x02)) 92 #define __test_pf(b) ((b & 0x10)) 93 94 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01) 95 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4))) 96 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir) 97 #define __srv_channel(dlci) (dlci >> 1) 98 #define __dir(dlci) (dlci & 0x01) 99 100 #define __len8(len) (((len) << 1) | 1) 101 #define __len16(len) ((len) << 1) 102 103 /* MCC macros */ 104 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01)) 105 #define __get_mcc_type(b) ((b & 0xfc) >> 2) 106 #define __get_mcc_len(b) ((b & 0xfe) >> 1) 107 108 /* RPN macros */ 109 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3)) 110 #define __get_rpn_data_bits(line) ((line) & 0x3) 111 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1) 112 #define __get_rpn_parity(line) (((line) >> 3) & 0x7) 113 114 static inline void rfcomm_schedule(uint event) 115 { 116 if (!rfcomm_thread) 117 return; 118 //set_bit(event, &rfcomm_event); 119 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 120 wake_up_process(rfcomm_thread); 121 } 122 123 static inline void rfcomm_session_put(struct rfcomm_session *s) 124 { 125 if (atomic_dec_and_test(&s->refcnt)) 126 rfcomm_session_del(s); 127 } 128 129 /* ---- RFCOMM FCS computation ---- */ 130 131 /* reversed, 8-bit, poly=0x07 */ 132 static unsigned char rfcomm_crc_table[256] = { 133 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75, 134 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b, 135 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69, 136 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67, 137 138 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d, 139 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43, 140 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51, 141 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f, 142 143 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05, 144 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b, 145 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19, 146 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17, 147 148 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d, 149 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33, 150 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21, 151 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f, 152 153 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95, 154 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b, 155 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89, 156 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87, 157 158 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad, 159 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3, 160 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1, 161 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf, 162 163 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5, 164 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb, 165 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9, 166 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7, 167 168 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd, 169 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3, 170 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1, 171 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf 172 }; 173 174 /* CRC on 2 bytes */ 175 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]]) 176 177 /* FCS on 2 bytes */ 178 static inline u8 __fcs(u8 *data) 179 { 180 return (0xff - __crc(data)); 181 } 182 183 /* FCS on 3 bytes */ 184 static inline u8 __fcs2(u8 *data) 185 { 186 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]); 187 } 188 189 /* Check FCS */ 190 static inline int __check_fcs(u8 *data, int type, u8 fcs) 191 { 192 u8 f = __crc(data); 193 194 if (type != RFCOMM_UIH) 195 f = rfcomm_crc_table[f ^ data[2]]; 196 197 return rfcomm_crc_table[f ^ fcs] != 0xcf; 198 } 199 200 /* ---- L2CAP callbacks ---- */ 201 static void rfcomm_l2state_change(struct sock *sk) 202 { 203 BT_DBG("%p state %d", sk, sk->sk_state); 204 rfcomm_schedule(RFCOMM_SCHED_STATE); 205 } 206 207 static void rfcomm_l2data_ready(struct sock *sk, int bytes) 208 { 209 BT_DBG("%p bytes %d", sk, bytes); 210 rfcomm_schedule(RFCOMM_SCHED_RX); 211 } 212 213 static int rfcomm_l2sock_create(struct socket **sock) 214 { 215 int err; 216 217 BT_DBG(""); 218 219 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock); 220 if (!err) { 221 struct sock *sk = (*sock)->sk; 222 sk->sk_data_ready = rfcomm_l2data_ready; 223 sk->sk_state_change = rfcomm_l2state_change; 224 } 225 return err; 226 } 227 228 /* ---- RFCOMM DLCs ---- */ 229 static void rfcomm_dlc_timeout(unsigned long arg) 230 { 231 struct rfcomm_dlc *d = (void *) arg; 232 233 BT_DBG("dlc %p state %ld", d, d->state); 234 235 set_bit(RFCOMM_TIMED_OUT, &d->flags); 236 rfcomm_dlc_put(d); 237 rfcomm_schedule(RFCOMM_SCHED_TIMEO); 238 } 239 240 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout) 241 { 242 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout); 243 244 if (!mod_timer(&d->timer, jiffies + timeout)) 245 rfcomm_dlc_hold(d); 246 } 247 248 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d) 249 { 250 BT_DBG("dlc %p state %ld", d, d->state); 251 252 if (timer_pending(&d->timer) && del_timer(&d->timer)) 253 rfcomm_dlc_put(d); 254 } 255 256 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d) 257 { 258 BT_DBG("%p", d); 259 260 d->state = BT_OPEN; 261 d->flags = 0; 262 d->mscex = 0; 263 d->mtu = RFCOMM_DEFAULT_MTU; 264 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV; 265 266 d->cfc = RFCOMM_CFC_DISABLED; 267 d->rx_credits = RFCOMM_DEFAULT_CREDITS; 268 } 269 270 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio) 271 { 272 struct rfcomm_dlc *d = kmalloc(sizeof(*d), prio); 273 if (!d) 274 return NULL; 275 memset(d, 0, sizeof(*d)); 276 277 init_timer(&d->timer); 278 d->timer.function = rfcomm_dlc_timeout; 279 d->timer.data = (unsigned long) d; 280 281 skb_queue_head_init(&d->tx_queue); 282 spin_lock_init(&d->lock); 283 atomic_set(&d->refcnt, 1); 284 285 rfcomm_dlc_clear_state(d); 286 287 BT_DBG("%p", d); 288 return d; 289 } 290 291 void rfcomm_dlc_free(struct rfcomm_dlc *d) 292 { 293 BT_DBG("%p", d); 294 295 skb_queue_purge(&d->tx_queue); 296 kfree(d); 297 } 298 299 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d) 300 { 301 BT_DBG("dlc %p session %p", d, s); 302 303 rfcomm_session_hold(s); 304 305 rfcomm_dlc_hold(d); 306 list_add(&d->list, &s->dlcs); 307 d->session = s; 308 } 309 310 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d) 311 { 312 struct rfcomm_session *s = d->session; 313 314 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s); 315 316 list_del(&d->list); 317 d->session = NULL; 318 rfcomm_dlc_put(d); 319 320 rfcomm_session_put(s); 321 } 322 323 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci) 324 { 325 struct rfcomm_dlc *d; 326 struct list_head *p; 327 328 list_for_each(p, &s->dlcs) { 329 d = list_entry(p, struct rfcomm_dlc, list); 330 if (d->dlci == dlci) 331 return d; 332 } 333 return NULL; 334 } 335 336 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 337 { 338 struct rfcomm_session *s; 339 int err = 0; 340 u8 dlci; 341 342 BT_DBG("dlc %p state %ld %s %s channel %d", 343 d, d->state, batostr(src), batostr(dst), channel); 344 345 if (channel < 1 || channel > 30) 346 return -EINVAL; 347 348 if (d->state != BT_OPEN && d->state != BT_CLOSED) 349 return 0; 350 351 s = rfcomm_session_get(src, dst); 352 if (!s) { 353 s = rfcomm_session_create(src, dst, &err); 354 if (!s) 355 return err; 356 } 357 358 dlci = __dlci(!s->initiator, channel); 359 360 /* Check if DLCI already exists */ 361 if (rfcomm_dlc_get(s, dlci)) 362 return -EBUSY; 363 364 rfcomm_dlc_clear_state(d); 365 366 d->dlci = dlci; 367 d->addr = __addr(s->initiator, dlci); 368 d->priority = 7; 369 370 d->state = BT_CONFIG; 371 rfcomm_dlc_link(s, d); 372 373 d->mtu = s->mtu; 374 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc; 375 376 if (s->state == BT_CONNECTED) 377 rfcomm_send_pn(s, 1, d); 378 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 379 return 0; 380 } 381 382 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 383 { 384 int r; 385 386 rfcomm_lock(); 387 388 r = __rfcomm_dlc_open(d, src, dst, channel); 389 390 rfcomm_unlock(); 391 return r; 392 } 393 394 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 395 { 396 struct rfcomm_session *s = d->session; 397 if (!s) 398 return 0; 399 400 BT_DBG("dlc %p state %ld dlci %d err %d session %p", 401 d, d->state, d->dlci, err, s); 402 403 switch (d->state) { 404 case BT_CONNECTED: 405 case BT_CONFIG: 406 case BT_CONNECT: 407 d->state = BT_DISCONN; 408 if (skb_queue_empty(&d->tx_queue)) { 409 rfcomm_send_disc(s, d->dlci); 410 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT); 411 } else { 412 rfcomm_queue_disc(d); 413 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2); 414 } 415 break; 416 417 default: 418 rfcomm_dlc_clear_timer(d); 419 420 rfcomm_dlc_lock(d); 421 d->state = BT_CLOSED; 422 d->state_change(d, err); 423 rfcomm_dlc_unlock(d); 424 425 skb_queue_purge(&d->tx_queue); 426 rfcomm_dlc_unlink(d); 427 } 428 429 return 0; 430 } 431 432 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 433 { 434 int r; 435 436 rfcomm_lock(); 437 438 r = __rfcomm_dlc_close(d, err); 439 440 rfcomm_unlock(); 441 return r; 442 } 443 444 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb) 445 { 446 int len = skb->len; 447 448 if (d->state != BT_CONNECTED) 449 return -ENOTCONN; 450 451 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len); 452 453 if (len > d->mtu) 454 return -EINVAL; 455 456 rfcomm_make_uih(skb, d->addr); 457 skb_queue_tail(&d->tx_queue, skb); 458 459 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 460 rfcomm_schedule(RFCOMM_SCHED_TX); 461 return len; 462 } 463 464 void fastcall __rfcomm_dlc_throttle(struct rfcomm_dlc *d) 465 { 466 BT_DBG("dlc %p state %ld", d, d->state); 467 468 if (!d->cfc) { 469 d->v24_sig |= RFCOMM_V24_FC; 470 set_bit(RFCOMM_MSC_PENDING, &d->flags); 471 } 472 rfcomm_schedule(RFCOMM_SCHED_TX); 473 } 474 475 void fastcall __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d) 476 { 477 BT_DBG("dlc %p state %ld", d, d->state); 478 479 if (!d->cfc) { 480 d->v24_sig &= ~RFCOMM_V24_FC; 481 set_bit(RFCOMM_MSC_PENDING, &d->flags); 482 } 483 rfcomm_schedule(RFCOMM_SCHED_TX); 484 } 485 486 /* 487 Set/get modem status functions use _local_ status i.e. what we report 488 to the other side. 489 Remote status is provided by dlc->modem_status() callback. 490 */ 491 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig) 492 { 493 BT_DBG("dlc %p state %ld v24_sig 0x%x", 494 d, d->state, v24_sig); 495 496 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags)) 497 v24_sig |= RFCOMM_V24_FC; 498 else 499 v24_sig &= ~RFCOMM_V24_FC; 500 501 d->v24_sig = v24_sig; 502 503 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags)) 504 rfcomm_schedule(RFCOMM_SCHED_TX); 505 506 return 0; 507 } 508 509 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig) 510 { 511 BT_DBG("dlc %p state %ld v24_sig 0x%x", 512 d, d->state, d->v24_sig); 513 514 *v24_sig = d->v24_sig; 515 return 0; 516 } 517 518 /* ---- RFCOMM sessions ---- */ 519 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state) 520 { 521 struct rfcomm_session *s = kmalloc(sizeof(*s), GFP_KERNEL); 522 if (!s) 523 return NULL; 524 memset(s, 0, sizeof(*s)); 525 526 BT_DBG("session %p sock %p", s, sock); 527 528 INIT_LIST_HEAD(&s->dlcs); 529 s->state = state; 530 s->sock = sock; 531 532 s->mtu = RFCOMM_DEFAULT_MTU; 533 s->cfc = RFCOMM_CFC_UNKNOWN; 534 535 /* Do not increment module usage count for listening sessions. 536 * Otherwise we won't be able to unload the module. */ 537 if (state != BT_LISTEN) 538 if (!try_module_get(THIS_MODULE)) { 539 kfree(s); 540 return NULL; 541 } 542 543 list_add(&s->list, &session_list); 544 545 return s; 546 } 547 548 static void rfcomm_session_del(struct rfcomm_session *s) 549 { 550 int state = s->state; 551 552 BT_DBG("session %p state %ld", s, s->state); 553 554 list_del(&s->list); 555 556 if (state == BT_CONNECTED) 557 rfcomm_send_disc(s, 0); 558 559 sock_release(s->sock); 560 kfree(s); 561 562 if (state != BT_LISTEN) 563 module_put(THIS_MODULE); 564 } 565 566 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst) 567 { 568 struct rfcomm_session *s; 569 struct list_head *p, *n; 570 struct bt_sock *sk; 571 list_for_each_safe(p, n, &session_list) { 572 s = list_entry(p, struct rfcomm_session, list); 573 sk = bt_sk(s->sock->sk); 574 575 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) && 576 !bacmp(&sk->dst, dst)) 577 return s; 578 } 579 return NULL; 580 } 581 582 static void rfcomm_session_close(struct rfcomm_session *s, int err) 583 { 584 struct rfcomm_dlc *d; 585 struct list_head *p, *n; 586 587 BT_DBG("session %p state %ld err %d", s, s->state, err); 588 589 rfcomm_session_hold(s); 590 591 s->state = BT_CLOSED; 592 593 /* Close all dlcs */ 594 list_for_each_safe(p, n, &s->dlcs) { 595 d = list_entry(p, struct rfcomm_dlc, list); 596 d->state = BT_CLOSED; 597 __rfcomm_dlc_close(d, err); 598 } 599 600 rfcomm_session_put(s); 601 } 602 603 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err) 604 { 605 struct rfcomm_session *s = NULL; 606 struct sockaddr_l2 addr; 607 struct socket *sock; 608 struct sock *sk; 609 610 BT_DBG("%s %s", batostr(src), batostr(dst)); 611 612 *err = rfcomm_l2sock_create(&sock); 613 if (*err < 0) 614 return NULL; 615 616 bacpy(&addr.l2_bdaddr, src); 617 addr.l2_family = AF_BLUETOOTH; 618 addr.l2_psm = 0; 619 *err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 620 if (*err < 0) 621 goto failed; 622 623 /* Set L2CAP options */ 624 sk = sock->sk; 625 lock_sock(sk); 626 l2cap_pi(sk)->imtu = RFCOMM_MAX_L2CAP_MTU; 627 release_sock(sk); 628 629 s = rfcomm_session_add(sock, BT_BOUND); 630 if (!s) { 631 *err = -ENOMEM; 632 goto failed; 633 } 634 635 s->initiator = 1; 636 637 bacpy(&addr.l2_bdaddr, dst); 638 addr.l2_family = AF_BLUETOOTH; 639 addr.l2_psm = htobs(RFCOMM_PSM); 640 *err = sock->ops->connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); 641 if (*err == 0 || *err == -EAGAIN) 642 return s; 643 644 rfcomm_session_del(s); 645 return NULL; 646 647 failed: 648 sock_release(sock); 649 return NULL; 650 } 651 652 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst) 653 { 654 struct sock *sk = s->sock->sk; 655 if (src) 656 bacpy(src, &bt_sk(sk)->src); 657 if (dst) 658 bacpy(dst, &bt_sk(sk)->dst); 659 } 660 661 /* ---- RFCOMM frame sending ---- */ 662 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len) 663 { 664 struct socket *sock = s->sock; 665 struct kvec iv = { data, len }; 666 struct msghdr msg; 667 668 BT_DBG("session %p len %d", s, len); 669 670 memset(&msg, 0, sizeof(msg)); 671 672 return kernel_sendmsg(sock, &msg, &iv, 1, len); 673 } 674 675 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci) 676 { 677 struct rfcomm_cmd cmd; 678 679 BT_DBG("%p dlci %d", s, dlci); 680 681 cmd.addr = __addr(s->initiator, dlci); 682 cmd.ctrl = __ctrl(RFCOMM_SABM, 1); 683 cmd.len = __len8(0); 684 cmd.fcs = __fcs2((u8 *) &cmd); 685 686 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 687 } 688 689 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci) 690 { 691 struct rfcomm_cmd cmd; 692 693 BT_DBG("%p dlci %d", s, dlci); 694 695 cmd.addr = __addr(!s->initiator, dlci); 696 cmd.ctrl = __ctrl(RFCOMM_UA, 1); 697 cmd.len = __len8(0); 698 cmd.fcs = __fcs2((u8 *) &cmd); 699 700 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 701 } 702 703 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci) 704 { 705 struct rfcomm_cmd cmd; 706 707 BT_DBG("%p dlci %d", s, dlci); 708 709 cmd.addr = __addr(s->initiator, dlci); 710 cmd.ctrl = __ctrl(RFCOMM_DISC, 1); 711 cmd.len = __len8(0); 712 cmd.fcs = __fcs2((u8 *) &cmd); 713 714 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 715 } 716 717 static int rfcomm_queue_disc(struct rfcomm_dlc *d) 718 { 719 struct rfcomm_cmd *cmd; 720 struct sk_buff *skb; 721 722 BT_DBG("dlc %p dlci %d", d, d->dlci); 723 724 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL); 725 if (!skb) 726 return -ENOMEM; 727 728 cmd = (void *) __skb_put(skb, sizeof(*cmd)); 729 cmd->addr = d->addr; 730 cmd->ctrl = __ctrl(RFCOMM_DISC, 1); 731 cmd->len = __len8(0); 732 cmd->fcs = __fcs2((u8 *) cmd); 733 734 skb_queue_tail(&d->tx_queue, skb); 735 rfcomm_schedule(RFCOMM_SCHED_TX); 736 return 0; 737 } 738 739 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci) 740 { 741 struct rfcomm_cmd cmd; 742 743 BT_DBG("%p dlci %d", s, dlci); 744 745 cmd.addr = __addr(!s->initiator, dlci); 746 cmd.ctrl = __ctrl(RFCOMM_DM, 1); 747 cmd.len = __len8(0); 748 cmd.fcs = __fcs2((u8 *) &cmd); 749 750 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 751 } 752 753 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type) 754 { 755 struct rfcomm_hdr *hdr; 756 struct rfcomm_mcc *mcc; 757 u8 buf[16], *ptr = buf; 758 759 BT_DBG("%p cr %d type %d", s, cr, type); 760 761 hdr = (void *) ptr; ptr += sizeof(*hdr); 762 hdr->addr = __addr(s->initiator, 0); 763 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 764 hdr->len = __len8(sizeof(*mcc) + 1); 765 766 mcc = (void *) ptr; ptr += sizeof(*mcc); 767 mcc->type = __mcc_type(cr, RFCOMM_NSC); 768 mcc->len = __len8(1); 769 770 /* Type that we didn't like */ 771 *ptr = __mcc_type(cr, type); ptr++; 772 773 *ptr = __fcs(buf); ptr++; 774 775 return rfcomm_send_frame(s, buf, ptr - buf); 776 } 777 778 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d) 779 { 780 struct rfcomm_hdr *hdr; 781 struct rfcomm_mcc *mcc; 782 struct rfcomm_pn *pn; 783 u8 buf[16], *ptr = buf; 784 785 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu); 786 787 hdr = (void *) ptr; ptr += sizeof(*hdr); 788 hdr->addr = __addr(s->initiator, 0); 789 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 790 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn)); 791 792 mcc = (void *) ptr; ptr += sizeof(*mcc); 793 mcc->type = __mcc_type(cr, RFCOMM_PN); 794 mcc->len = __len8(sizeof(*pn)); 795 796 pn = (void *) ptr; ptr += sizeof(*pn); 797 pn->dlci = d->dlci; 798 pn->priority = d->priority; 799 pn->ack_timer = 0; 800 pn->max_retrans = 0; 801 802 if (s->cfc) { 803 pn->flow_ctrl = cr ? 0xf0 : 0xe0; 804 pn->credits = RFCOMM_DEFAULT_CREDITS; 805 } else { 806 pn->flow_ctrl = 0; 807 pn->credits = 0; 808 } 809 810 pn->mtu = htobs(d->mtu); 811 812 *ptr = __fcs(buf); ptr++; 813 814 return rfcomm_send_frame(s, buf, ptr - buf); 815 } 816 817 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci, 818 u8 bit_rate, u8 data_bits, u8 stop_bits, 819 u8 parity, u8 flow_ctrl_settings, 820 u8 xon_char, u8 xoff_char, u16 param_mask) 821 { 822 struct rfcomm_hdr *hdr; 823 struct rfcomm_mcc *mcc; 824 struct rfcomm_rpn *rpn; 825 u8 buf[16], *ptr = buf; 826 827 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x" 828 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x", 829 s, cr, dlci, bit_rate, data_bits, stop_bits, parity, 830 flow_ctrl_settings, xon_char, xoff_char, param_mask); 831 832 hdr = (void *) ptr; ptr += sizeof(*hdr); 833 hdr->addr = __addr(s->initiator, 0); 834 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 835 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn)); 836 837 mcc = (void *) ptr; ptr += sizeof(*mcc); 838 mcc->type = __mcc_type(cr, RFCOMM_RPN); 839 mcc->len = __len8(sizeof(*rpn)); 840 841 rpn = (void *) ptr; ptr += sizeof(*rpn); 842 rpn->dlci = __addr(1, dlci); 843 rpn->bit_rate = bit_rate; 844 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity); 845 rpn->flow_ctrl = flow_ctrl_settings; 846 rpn->xon_char = xon_char; 847 rpn->xoff_char = xoff_char; 848 rpn->param_mask = param_mask; 849 850 *ptr = __fcs(buf); ptr++; 851 852 return rfcomm_send_frame(s, buf, ptr - buf); 853 } 854 855 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status) 856 { 857 struct rfcomm_hdr *hdr; 858 struct rfcomm_mcc *mcc; 859 struct rfcomm_rls *rls; 860 u8 buf[16], *ptr = buf; 861 862 BT_DBG("%p cr %d status 0x%x", s, cr, status); 863 864 hdr = (void *) ptr; ptr += sizeof(*hdr); 865 hdr->addr = __addr(s->initiator, 0); 866 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 867 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls)); 868 869 mcc = (void *) ptr; ptr += sizeof(*mcc); 870 mcc->type = __mcc_type(cr, RFCOMM_RLS); 871 mcc->len = __len8(sizeof(*rls)); 872 873 rls = (void *) ptr; ptr += sizeof(*rls); 874 rls->dlci = __addr(1, dlci); 875 rls->status = status; 876 877 *ptr = __fcs(buf); ptr++; 878 879 return rfcomm_send_frame(s, buf, ptr - buf); 880 } 881 882 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig) 883 { 884 struct rfcomm_hdr *hdr; 885 struct rfcomm_mcc *mcc; 886 struct rfcomm_msc *msc; 887 u8 buf[16], *ptr = buf; 888 889 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig); 890 891 hdr = (void *) ptr; ptr += sizeof(*hdr); 892 hdr->addr = __addr(s->initiator, 0); 893 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 894 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc)); 895 896 mcc = (void *) ptr; ptr += sizeof(*mcc); 897 mcc->type = __mcc_type(cr, RFCOMM_MSC); 898 mcc->len = __len8(sizeof(*msc)); 899 900 msc = (void *) ptr; ptr += sizeof(*msc); 901 msc->dlci = __addr(1, dlci); 902 msc->v24_sig = v24_sig | 0x01; 903 904 *ptr = __fcs(buf); ptr++; 905 906 return rfcomm_send_frame(s, buf, ptr - buf); 907 } 908 909 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr) 910 { 911 struct rfcomm_hdr *hdr; 912 struct rfcomm_mcc *mcc; 913 u8 buf[16], *ptr = buf; 914 915 BT_DBG("%p cr %d", s, cr); 916 917 hdr = (void *) ptr; ptr += sizeof(*hdr); 918 hdr->addr = __addr(s->initiator, 0); 919 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 920 hdr->len = __len8(sizeof(*mcc)); 921 922 mcc = (void *) ptr; ptr += sizeof(*mcc); 923 mcc->type = __mcc_type(cr, RFCOMM_FCOFF); 924 mcc->len = __len8(0); 925 926 *ptr = __fcs(buf); ptr++; 927 928 return rfcomm_send_frame(s, buf, ptr - buf); 929 } 930 931 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr) 932 { 933 struct rfcomm_hdr *hdr; 934 struct rfcomm_mcc *mcc; 935 u8 buf[16], *ptr = buf; 936 937 BT_DBG("%p cr %d", s, cr); 938 939 hdr = (void *) ptr; ptr += sizeof(*hdr); 940 hdr->addr = __addr(s->initiator, 0); 941 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 942 hdr->len = __len8(sizeof(*mcc)); 943 944 mcc = (void *) ptr; ptr += sizeof(*mcc); 945 mcc->type = __mcc_type(cr, RFCOMM_FCON); 946 mcc->len = __len8(0); 947 948 *ptr = __fcs(buf); ptr++; 949 950 return rfcomm_send_frame(s, buf, ptr - buf); 951 } 952 953 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len) 954 { 955 struct socket *sock = s->sock; 956 struct kvec iv[3]; 957 struct msghdr msg; 958 unsigned char hdr[5], crc[1]; 959 960 if (len > 125) 961 return -EINVAL; 962 963 BT_DBG("%p cr %d", s, cr); 964 965 hdr[0] = __addr(s->initiator, 0); 966 hdr[1] = __ctrl(RFCOMM_UIH, 0); 967 hdr[2] = 0x01 | ((len + 2) << 1); 968 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2); 969 hdr[4] = 0x01 | (len << 1); 970 971 crc[0] = __fcs(hdr); 972 973 iv[0].iov_base = hdr; 974 iv[0].iov_len = 5; 975 iv[1].iov_base = pattern; 976 iv[1].iov_len = len; 977 iv[2].iov_base = crc; 978 iv[2].iov_len = 1; 979 980 memset(&msg, 0, sizeof(msg)); 981 982 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len); 983 } 984 985 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits) 986 { 987 struct rfcomm_hdr *hdr; 988 u8 buf[16], *ptr = buf; 989 990 BT_DBG("%p addr %d credits %d", s, addr, credits); 991 992 hdr = (void *) ptr; ptr += sizeof(*hdr); 993 hdr->addr = addr; 994 hdr->ctrl = __ctrl(RFCOMM_UIH, 1); 995 hdr->len = __len8(0); 996 997 *ptr = credits; ptr++; 998 999 *ptr = __fcs(buf); ptr++; 1000 1001 return rfcomm_send_frame(s, buf, ptr - buf); 1002 } 1003 1004 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr) 1005 { 1006 struct rfcomm_hdr *hdr; 1007 int len = skb->len; 1008 u8 *crc; 1009 1010 if (len > 127) { 1011 hdr = (void *) skb_push(skb, 4); 1012 put_unaligned(htobs(__len16(len)), (u16 *) &hdr->len); 1013 } else { 1014 hdr = (void *) skb_push(skb, 3); 1015 hdr->len = __len8(len); 1016 } 1017 hdr->addr = addr; 1018 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1019 1020 crc = skb_put(skb, 1); 1021 *crc = __fcs((void *) hdr); 1022 } 1023 1024 /* ---- RFCOMM frame reception ---- */ 1025 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci) 1026 { 1027 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1028 1029 if (dlci) { 1030 /* Data channel */ 1031 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1032 if (!d) { 1033 rfcomm_send_dm(s, dlci); 1034 return 0; 1035 } 1036 1037 switch (d->state) { 1038 case BT_CONNECT: 1039 rfcomm_dlc_clear_timer(d); 1040 1041 rfcomm_dlc_lock(d); 1042 d->state = BT_CONNECTED; 1043 d->state_change(d, 0); 1044 rfcomm_dlc_unlock(d); 1045 1046 rfcomm_send_msc(s, 1, dlci, d->v24_sig); 1047 break; 1048 1049 case BT_DISCONN: 1050 d->state = BT_CLOSED; 1051 __rfcomm_dlc_close(d, 0); 1052 break; 1053 } 1054 } else { 1055 /* Control channel */ 1056 switch (s->state) { 1057 case BT_CONNECT: 1058 s->state = BT_CONNECTED; 1059 rfcomm_process_connect(s); 1060 break; 1061 } 1062 } 1063 return 0; 1064 } 1065 1066 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci) 1067 { 1068 int err = 0; 1069 1070 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1071 1072 if (dlci) { 1073 /* Data DLC */ 1074 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1075 if (d) { 1076 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1077 err = ECONNREFUSED; 1078 else 1079 err = ECONNRESET; 1080 1081 d->state = BT_CLOSED; 1082 __rfcomm_dlc_close(d, err); 1083 } 1084 } else { 1085 if (s->state == BT_CONNECT) 1086 err = ECONNREFUSED; 1087 else 1088 err = ECONNRESET; 1089 1090 s->state = BT_CLOSED; 1091 rfcomm_session_close(s, err); 1092 } 1093 return 0; 1094 } 1095 1096 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci) 1097 { 1098 int err = 0; 1099 1100 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1101 1102 if (dlci) { 1103 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1104 if (d) { 1105 rfcomm_send_ua(s, dlci); 1106 1107 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1108 err = ECONNREFUSED; 1109 else 1110 err = ECONNRESET; 1111 1112 d->state = BT_CLOSED; 1113 __rfcomm_dlc_close(d, err); 1114 } else 1115 rfcomm_send_dm(s, dlci); 1116 1117 } else { 1118 rfcomm_send_ua(s, 0); 1119 1120 if (s->state == BT_CONNECT) 1121 err = ECONNREFUSED; 1122 else 1123 err = ECONNRESET; 1124 1125 s->state = BT_CLOSED; 1126 rfcomm_session_close(s, err); 1127 } 1128 1129 return 0; 1130 } 1131 1132 static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d) 1133 { 1134 struct sock *sk = d->session->sock->sk; 1135 1136 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) { 1137 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon)) 1138 return 1; 1139 } else if (d->link_mode & RFCOMM_LM_AUTH) { 1140 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon)) 1141 return 1; 1142 } 1143 1144 return 0; 1145 } 1146 1147 static void rfcomm_dlc_accept(struct rfcomm_dlc *d) 1148 { 1149 BT_DBG("dlc %p", d); 1150 1151 rfcomm_send_ua(d->session, d->dlci); 1152 1153 rfcomm_dlc_lock(d); 1154 d->state = BT_CONNECTED; 1155 d->state_change(d, 0); 1156 rfcomm_dlc_unlock(d); 1157 1158 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1159 } 1160 1161 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci) 1162 { 1163 struct rfcomm_dlc *d; 1164 u8 channel; 1165 1166 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1167 1168 if (!dlci) { 1169 rfcomm_send_ua(s, 0); 1170 1171 if (s->state == BT_OPEN) { 1172 s->state = BT_CONNECTED; 1173 rfcomm_process_connect(s); 1174 } 1175 return 0; 1176 } 1177 1178 /* Check if DLC exists */ 1179 d = rfcomm_dlc_get(s, dlci); 1180 if (d) { 1181 if (d->state == BT_OPEN) { 1182 /* DLC was previously opened by PN request */ 1183 if (rfcomm_check_link_mode(d)) { 1184 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1185 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1186 return 0; 1187 } 1188 1189 rfcomm_dlc_accept(d); 1190 } 1191 return 0; 1192 } 1193 1194 /* Notify socket layer about incoming connection */ 1195 channel = __srv_channel(dlci); 1196 if (rfcomm_connect_ind(s, channel, &d)) { 1197 d->dlci = dlci; 1198 d->addr = __addr(s->initiator, dlci); 1199 rfcomm_dlc_link(s, d); 1200 1201 if (rfcomm_check_link_mode(d)) { 1202 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1203 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1204 return 0; 1205 } 1206 1207 rfcomm_dlc_accept(d); 1208 } else { 1209 rfcomm_send_dm(s, dlci); 1210 } 1211 1212 return 0; 1213 } 1214 1215 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn) 1216 { 1217 struct rfcomm_session *s = d->session; 1218 1219 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d", 1220 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits); 1221 1222 if (pn->flow_ctrl == 0xf0 || pn->flow_ctrl == 0xe0) { 1223 d->cfc = s->cfc = RFCOMM_CFC_ENABLED; 1224 d->tx_credits = pn->credits; 1225 } else { 1226 d->cfc = s->cfc = RFCOMM_CFC_DISABLED; 1227 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1228 } 1229 1230 d->priority = pn->priority; 1231 1232 d->mtu = s->mtu = btohs(pn->mtu); 1233 1234 return 0; 1235 } 1236 1237 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1238 { 1239 struct rfcomm_pn *pn = (void *) skb->data; 1240 struct rfcomm_dlc *d; 1241 u8 dlci = pn->dlci; 1242 1243 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1244 1245 if (!dlci) 1246 return 0; 1247 1248 d = rfcomm_dlc_get(s, dlci); 1249 if (d) { 1250 if (cr) { 1251 /* PN request */ 1252 rfcomm_apply_pn(d, cr, pn); 1253 rfcomm_send_pn(s, 0, d); 1254 } else { 1255 /* PN response */ 1256 switch (d->state) { 1257 case BT_CONFIG: 1258 rfcomm_apply_pn(d, cr, pn); 1259 1260 d->state = BT_CONNECT; 1261 rfcomm_send_sabm(s, d->dlci); 1262 break; 1263 } 1264 } 1265 } else { 1266 u8 channel = __srv_channel(dlci); 1267 1268 if (!cr) 1269 return 0; 1270 1271 /* PN request for non existing DLC. 1272 * Assume incoming connection. */ 1273 if (rfcomm_connect_ind(s, channel, &d)) { 1274 d->dlci = dlci; 1275 d->addr = __addr(s->initiator, dlci); 1276 rfcomm_dlc_link(s, d); 1277 1278 rfcomm_apply_pn(d, cr, pn); 1279 1280 d->state = BT_OPEN; 1281 rfcomm_send_pn(s, 0, d); 1282 } else { 1283 rfcomm_send_dm(s, dlci); 1284 } 1285 } 1286 return 0; 1287 } 1288 1289 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb) 1290 { 1291 struct rfcomm_rpn *rpn = (void *) skb->data; 1292 u8 dlci = __get_dlci(rpn->dlci); 1293 1294 u8 bit_rate = 0; 1295 u8 data_bits = 0; 1296 u8 stop_bits = 0; 1297 u8 parity = 0; 1298 u8 flow_ctrl = 0; 1299 u8 xon_char = 0; 1300 u8 xoff_char = 0; 1301 u16 rpn_mask = RFCOMM_RPN_PM_ALL; 1302 1303 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x", 1304 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl, 1305 rpn->xon_char, rpn->xoff_char, rpn->param_mask); 1306 1307 if (!cr) 1308 return 0; 1309 1310 if (len == 1) { 1311 /* This is a request, return default settings */ 1312 bit_rate = RFCOMM_RPN_BR_115200; 1313 data_bits = RFCOMM_RPN_DATA_8; 1314 stop_bits = RFCOMM_RPN_STOP_1; 1315 parity = RFCOMM_RPN_PARITY_NONE; 1316 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1317 xon_char = RFCOMM_RPN_XON_CHAR; 1318 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1319 goto rpn_out; 1320 } 1321 1322 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit, 1323 * no parity, no flow control lines, normal XON/XOFF chars */ 1324 1325 if (rpn->param_mask & RFCOMM_RPN_PM_BITRATE) { 1326 bit_rate = rpn->bit_rate; 1327 if (bit_rate != RFCOMM_RPN_BR_115200) { 1328 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate); 1329 bit_rate = RFCOMM_RPN_BR_115200; 1330 rpn_mask ^= RFCOMM_RPN_PM_BITRATE; 1331 } 1332 } 1333 1334 if (rpn->param_mask & RFCOMM_RPN_PM_DATA) { 1335 data_bits = __get_rpn_data_bits(rpn->line_settings); 1336 if (data_bits != RFCOMM_RPN_DATA_8) { 1337 BT_DBG("RPN data bits mismatch 0x%x", data_bits); 1338 data_bits = RFCOMM_RPN_DATA_8; 1339 rpn_mask ^= RFCOMM_RPN_PM_DATA; 1340 } 1341 } 1342 1343 if (rpn->param_mask & RFCOMM_RPN_PM_STOP) { 1344 stop_bits = __get_rpn_stop_bits(rpn->line_settings); 1345 if (stop_bits != RFCOMM_RPN_STOP_1) { 1346 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits); 1347 stop_bits = RFCOMM_RPN_STOP_1; 1348 rpn_mask ^= RFCOMM_RPN_PM_STOP; 1349 } 1350 } 1351 1352 if (rpn->param_mask & RFCOMM_RPN_PM_PARITY) { 1353 parity = __get_rpn_parity(rpn->line_settings); 1354 if (parity != RFCOMM_RPN_PARITY_NONE) { 1355 BT_DBG("RPN parity mismatch 0x%x", parity); 1356 parity = RFCOMM_RPN_PARITY_NONE; 1357 rpn_mask ^= RFCOMM_RPN_PM_PARITY; 1358 } 1359 } 1360 1361 if (rpn->param_mask & RFCOMM_RPN_PM_FLOW) { 1362 flow_ctrl = rpn->flow_ctrl; 1363 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) { 1364 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl); 1365 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1366 rpn_mask ^= RFCOMM_RPN_PM_FLOW; 1367 } 1368 } 1369 1370 if (rpn->param_mask & RFCOMM_RPN_PM_XON) { 1371 xon_char = rpn->xon_char; 1372 if (xon_char != RFCOMM_RPN_XON_CHAR) { 1373 BT_DBG("RPN XON char mismatch 0x%x", xon_char); 1374 xon_char = RFCOMM_RPN_XON_CHAR; 1375 rpn_mask ^= RFCOMM_RPN_PM_XON; 1376 } 1377 } 1378 1379 if (rpn->param_mask & RFCOMM_RPN_PM_XOFF) { 1380 xoff_char = rpn->xoff_char; 1381 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) { 1382 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char); 1383 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1384 rpn_mask ^= RFCOMM_RPN_PM_XOFF; 1385 } 1386 } 1387 1388 rpn_out: 1389 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits, 1390 parity, flow_ctrl, xon_char, xoff_char, rpn_mask); 1391 1392 return 0; 1393 } 1394 1395 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1396 { 1397 struct rfcomm_rls *rls = (void *) skb->data; 1398 u8 dlci = __get_dlci(rls->dlci); 1399 1400 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status); 1401 1402 if (!cr) 1403 return 0; 1404 1405 /* We should probably do something with this information here. But 1406 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's 1407 * mandatory to recognise and respond to RLS */ 1408 1409 rfcomm_send_rls(s, 0, dlci, rls->status); 1410 1411 return 0; 1412 } 1413 1414 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1415 { 1416 struct rfcomm_msc *msc = (void *) skb->data; 1417 struct rfcomm_dlc *d; 1418 u8 dlci = __get_dlci(msc->dlci); 1419 1420 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig); 1421 1422 d = rfcomm_dlc_get(s, dlci); 1423 if (!d) 1424 return 0; 1425 1426 if (cr) { 1427 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc) 1428 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1429 else 1430 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1431 1432 rfcomm_dlc_lock(d); 1433 if (d->modem_status) 1434 d->modem_status(d, msc->v24_sig); 1435 rfcomm_dlc_unlock(d); 1436 1437 rfcomm_send_msc(s, 0, dlci, msc->v24_sig); 1438 1439 d->mscex |= RFCOMM_MSCEX_RX; 1440 } else 1441 d->mscex |= RFCOMM_MSCEX_TX; 1442 1443 return 0; 1444 } 1445 1446 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb) 1447 { 1448 struct rfcomm_mcc *mcc = (void *) skb->data; 1449 u8 type, cr, len; 1450 1451 cr = __test_cr(mcc->type); 1452 type = __get_mcc_type(mcc->type); 1453 len = __get_mcc_len(mcc->len); 1454 1455 BT_DBG("%p type 0x%x cr %d", s, type, cr); 1456 1457 skb_pull(skb, 2); 1458 1459 switch (type) { 1460 case RFCOMM_PN: 1461 rfcomm_recv_pn(s, cr, skb); 1462 break; 1463 1464 case RFCOMM_RPN: 1465 rfcomm_recv_rpn(s, cr, len, skb); 1466 break; 1467 1468 case RFCOMM_RLS: 1469 rfcomm_recv_rls(s, cr, skb); 1470 break; 1471 1472 case RFCOMM_MSC: 1473 rfcomm_recv_msc(s, cr, skb); 1474 break; 1475 1476 case RFCOMM_FCOFF: 1477 if (cr) { 1478 set_bit(RFCOMM_TX_THROTTLED, &s->flags); 1479 rfcomm_send_fcoff(s, 0); 1480 } 1481 break; 1482 1483 case RFCOMM_FCON: 1484 if (cr) { 1485 clear_bit(RFCOMM_TX_THROTTLED, &s->flags); 1486 rfcomm_send_fcon(s, 0); 1487 } 1488 break; 1489 1490 case RFCOMM_TEST: 1491 if (cr) 1492 rfcomm_send_test(s, 0, skb->data, skb->len); 1493 break; 1494 1495 case RFCOMM_NSC: 1496 break; 1497 1498 default: 1499 BT_ERR("Unknown control type 0x%02x", type); 1500 rfcomm_send_nsc(s, cr, type); 1501 break; 1502 } 1503 return 0; 1504 } 1505 1506 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb) 1507 { 1508 struct rfcomm_dlc *d; 1509 1510 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf); 1511 1512 d = rfcomm_dlc_get(s, dlci); 1513 if (!d) { 1514 rfcomm_send_dm(s, dlci); 1515 goto drop; 1516 } 1517 1518 if (pf && d->cfc) { 1519 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1); 1520 1521 d->tx_credits += credits; 1522 if (d->tx_credits) 1523 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1524 } 1525 1526 if (skb->len && d->state == BT_CONNECTED) { 1527 rfcomm_dlc_lock(d); 1528 d->rx_credits--; 1529 d->data_ready(d, skb); 1530 rfcomm_dlc_unlock(d); 1531 return 0; 1532 } 1533 1534 drop: 1535 kfree_skb(skb); 1536 return 0; 1537 } 1538 1539 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb) 1540 { 1541 struct rfcomm_hdr *hdr = (void *) skb->data; 1542 u8 type, dlci, fcs; 1543 1544 dlci = __get_dlci(hdr->addr); 1545 type = __get_type(hdr->ctrl); 1546 1547 /* Trim FCS */ 1548 skb->len--; skb->tail--; 1549 fcs = *(u8 *) skb->tail; 1550 1551 if (__check_fcs(skb->data, type, fcs)) { 1552 BT_ERR("bad checksum in packet"); 1553 kfree_skb(skb); 1554 return -EILSEQ; 1555 } 1556 1557 if (__test_ea(hdr->len)) 1558 skb_pull(skb, 3); 1559 else 1560 skb_pull(skb, 4); 1561 1562 switch (type) { 1563 case RFCOMM_SABM: 1564 if (__test_pf(hdr->ctrl)) 1565 rfcomm_recv_sabm(s, dlci); 1566 break; 1567 1568 case RFCOMM_DISC: 1569 if (__test_pf(hdr->ctrl)) 1570 rfcomm_recv_disc(s, dlci); 1571 break; 1572 1573 case RFCOMM_UA: 1574 if (__test_pf(hdr->ctrl)) 1575 rfcomm_recv_ua(s, dlci); 1576 break; 1577 1578 case RFCOMM_DM: 1579 rfcomm_recv_dm(s, dlci); 1580 break; 1581 1582 case RFCOMM_UIH: 1583 if (dlci) 1584 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb); 1585 1586 rfcomm_recv_mcc(s, skb); 1587 break; 1588 1589 default: 1590 BT_ERR("Unknown packet type 0x%02x\n", type); 1591 break; 1592 } 1593 kfree_skb(skb); 1594 return 0; 1595 } 1596 1597 /* ---- Connection and data processing ---- */ 1598 1599 static void rfcomm_process_connect(struct rfcomm_session *s) 1600 { 1601 struct rfcomm_dlc *d; 1602 struct list_head *p, *n; 1603 1604 BT_DBG("session %p state %ld", s, s->state); 1605 1606 list_for_each_safe(p, n, &s->dlcs) { 1607 d = list_entry(p, struct rfcomm_dlc, list); 1608 if (d->state == BT_CONFIG) { 1609 d->mtu = s->mtu; 1610 rfcomm_send_pn(s, 1, d); 1611 } 1612 } 1613 } 1614 1615 /* Send data queued for the DLC. 1616 * Return number of frames left in the queue. 1617 */ 1618 static inline int rfcomm_process_tx(struct rfcomm_dlc *d) 1619 { 1620 struct sk_buff *skb; 1621 int err; 1622 1623 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d", 1624 d, d->state, d->cfc, d->rx_credits, d->tx_credits); 1625 1626 /* Send pending MSC */ 1627 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags)) 1628 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1629 1630 if (d->cfc) { 1631 /* CFC enabled. 1632 * Give them some credits */ 1633 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) && 1634 d->rx_credits <= (d->cfc >> 2)) { 1635 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits); 1636 d->rx_credits = d->cfc; 1637 } 1638 } else { 1639 /* CFC disabled. 1640 * Give ourselves some credits */ 1641 d->tx_credits = 5; 1642 } 1643 1644 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 1645 return skb_queue_len(&d->tx_queue); 1646 1647 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) { 1648 err = rfcomm_send_frame(d->session, skb->data, skb->len); 1649 if (err < 0) { 1650 skb_queue_head(&d->tx_queue, skb); 1651 break; 1652 } 1653 kfree_skb(skb); 1654 d->tx_credits--; 1655 } 1656 1657 if (d->cfc && !d->tx_credits) { 1658 /* We're out of TX credits. 1659 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */ 1660 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1661 } 1662 1663 return skb_queue_len(&d->tx_queue); 1664 } 1665 1666 static inline void rfcomm_process_dlcs(struct rfcomm_session *s) 1667 { 1668 struct rfcomm_dlc *d; 1669 struct list_head *p, *n; 1670 1671 BT_DBG("session %p state %ld", s, s->state); 1672 1673 list_for_each_safe(p, n, &s->dlcs) { 1674 d = list_entry(p, struct rfcomm_dlc, list); 1675 1676 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) { 1677 __rfcomm_dlc_close(d, ETIMEDOUT); 1678 continue; 1679 } 1680 1681 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) { 1682 rfcomm_dlc_clear_timer(d); 1683 rfcomm_dlc_accept(d); 1684 if (d->link_mode & RFCOMM_LM_SECURE) { 1685 struct sock *sk = s->sock->sk; 1686 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon); 1687 } 1688 continue; 1689 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) { 1690 rfcomm_dlc_clear_timer(d); 1691 rfcomm_send_dm(s, d->dlci); 1692 __rfcomm_dlc_close(d, ECONNREFUSED); 1693 continue; 1694 } 1695 1696 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags)) 1697 continue; 1698 1699 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) && 1700 d->mscex == RFCOMM_MSCEX_OK) 1701 rfcomm_process_tx(d); 1702 } 1703 } 1704 1705 static inline void rfcomm_process_rx(struct rfcomm_session *s) 1706 { 1707 struct socket *sock = s->sock; 1708 struct sock *sk = sock->sk; 1709 struct sk_buff *skb; 1710 1711 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue)); 1712 1713 /* Get data directly from socket receive queue without copying it. */ 1714 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 1715 skb_orphan(skb); 1716 rfcomm_recv_frame(s, skb); 1717 } 1718 1719 if (sk->sk_state == BT_CLOSED) { 1720 if (!s->initiator) 1721 rfcomm_session_put(s); 1722 1723 rfcomm_session_close(s, sk->sk_err); 1724 } 1725 } 1726 1727 static inline void rfcomm_accept_connection(struct rfcomm_session *s) 1728 { 1729 struct socket *sock = s->sock, *nsock; 1730 int err; 1731 1732 /* Fast check for a new connection. 1733 * Avoids unnesesary socket allocations. */ 1734 if (list_empty(&bt_sk(sock->sk)->accept_q)) 1735 return; 1736 1737 BT_DBG("session %p", s); 1738 1739 if (sock_create_lite(PF_BLUETOOTH, sock->type, BTPROTO_L2CAP, &nsock)) 1740 return; 1741 1742 nsock->ops = sock->ops; 1743 1744 __module_get(nsock->ops->owner); 1745 1746 err = sock->ops->accept(sock, nsock, O_NONBLOCK); 1747 if (err < 0) { 1748 sock_release(nsock); 1749 return; 1750 } 1751 1752 /* Set our callbacks */ 1753 nsock->sk->sk_data_ready = rfcomm_l2data_ready; 1754 nsock->sk->sk_state_change = rfcomm_l2state_change; 1755 1756 s = rfcomm_session_add(nsock, BT_OPEN); 1757 if (s) { 1758 rfcomm_session_hold(s); 1759 rfcomm_schedule(RFCOMM_SCHED_RX); 1760 } else 1761 sock_release(nsock); 1762 } 1763 1764 static inline void rfcomm_check_connection(struct rfcomm_session *s) 1765 { 1766 struct sock *sk = s->sock->sk; 1767 1768 BT_DBG("%p state %ld", s, s->state); 1769 1770 switch(sk->sk_state) { 1771 case BT_CONNECTED: 1772 s->state = BT_CONNECT; 1773 1774 /* We can adjust MTU on outgoing sessions. 1775 * L2CAP MTU minus UIH header and FCS. */ 1776 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5; 1777 1778 rfcomm_send_sabm(s, 0); 1779 break; 1780 1781 case BT_CLOSED: 1782 s->state = BT_CLOSED; 1783 rfcomm_session_close(s, sk->sk_err); 1784 break; 1785 } 1786 } 1787 1788 static inline void rfcomm_process_sessions(void) 1789 { 1790 struct list_head *p, *n; 1791 1792 rfcomm_lock(); 1793 1794 list_for_each_safe(p, n, &session_list) { 1795 struct rfcomm_session *s; 1796 s = list_entry(p, struct rfcomm_session, list); 1797 1798 if (s->state == BT_LISTEN) { 1799 rfcomm_accept_connection(s); 1800 continue; 1801 } 1802 1803 rfcomm_session_hold(s); 1804 1805 switch (s->state) { 1806 case BT_BOUND: 1807 rfcomm_check_connection(s); 1808 break; 1809 1810 default: 1811 rfcomm_process_rx(s); 1812 break; 1813 } 1814 1815 rfcomm_process_dlcs(s); 1816 1817 rfcomm_session_put(s); 1818 } 1819 1820 rfcomm_unlock(); 1821 } 1822 1823 static void rfcomm_worker(void) 1824 { 1825 BT_DBG(""); 1826 1827 while (!atomic_read(&terminate)) { 1828 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) { 1829 /* No pending events. Let's sleep. 1830 * Incoming connections and data will wake us up. */ 1831 set_current_state(TASK_INTERRUPTIBLE); 1832 schedule(); 1833 } 1834 1835 /* Process stuff */ 1836 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 1837 rfcomm_process_sessions(); 1838 } 1839 set_current_state(TASK_RUNNING); 1840 return; 1841 } 1842 1843 static int rfcomm_add_listener(bdaddr_t *ba) 1844 { 1845 struct sockaddr_l2 addr; 1846 struct socket *sock; 1847 struct sock *sk; 1848 struct rfcomm_session *s; 1849 int err = 0; 1850 1851 /* Create socket */ 1852 err = rfcomm_l2sock_create(&sock); 1853 if (err < 0) { 1854 BT_ERR("Create socket failed %d", err); 1855 return err; 1856 } 1857 1858 /* Bind socket */ 1859 bacpy(&addr.l2_bdaddr, ba); 1860 addr.l2_family = AF_BLUETOOTH; 1861 addr.l2_psm = htobs(RFCOMM_PSM); 1862 err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 1863 if (err < 0) { 1864 BT_ERR("Bind failed %d", err); 1865 goto failed; 1866 } 1867 1868 /* Set L2CAP options */ 1869 sk = sock->sk; 1870 lock_sock(sk); 1871 l2cap_pi(sk)->imtu = RFCOMM_MAX_L2CAP_MTU; 1872 release_sock(sk); 1873 1874 /* Start listening on the socket */ 1875 err = sock->ops->listen(sock, 10); 1876 if (err) { 1877 BT_ERR("Listen failed %d", err); 1878 goto failed; 1879 } 1880 1881 /* Add listening session */ 1882 s = rfcomm_session_add(sock, BT_LISTEN); 1883 if (!s) 1884 goto failed; 1885 1886 rfcomm_session_hold(s); 1887 return 0; 1888 failed: 1889 sock_release(sock); 1890 return err; 1891 } 1892 1893 static void rfcomm_kill_listener(void) 1894 { 1895 struct rfcomm_session *s; 1896 struct list_head *p, *n; 1897 1898 BT_DBG(""); 1899 1900 list_for_each_safe(p, n, &session_list) { 1901 s = list_entry(p, struct rfcomm_session, list); 1902 rfcomm_session_del(s); 1903 } 1904 } 1905 1906 static int rfcomm_run(void *unused) 1907 { 1908 rfcomm_thread = current; 1909 1910 atomic_inc(&running); 1911 1912 daemonize("krfcommd"); 1913 set_user_nice(current, -10); 1914 current->flags |= PF_NOFREEZE; 1915 1916 BT_DBG(""); 1917 1918 rfcomm_add_listener(BDADDR_ANY); 1919 1920 rfcomm_worker(); 1921 1922 rfcomm_kill_listener(); 1923 1924 atomic_dec(&running); 1925 return 0; 1926 } 1927 1928 static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status) 1929 { 1930 struct rfcomm_session *s; 1931 struct rfcomm_dlc *d; 1932 struct list_head *p, *n; 1933 1934 BT_DBG("conn %p status 0x%02x", conn, status); 1935 1936 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); 1937 if (!s) 1938 return; 1939 1940 rfcomm_session_hold(s); 1941 1942 list_for_each_safe(p, n, &s->dlcs) { 1943 d = list_entry(p, struct rfcomm_dlc, list); 1944 1945 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) 1946 continue; 1947 1948 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 1949 continue; 1950 1951 if (!status) 1952 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 1953 else 1954 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 1955 } 1956 1957 rfcomm_session_put(s); 1958 1959 rfcomm_schedule(RFCOMM_SCHED_AUTH); 1960 } 1961 1962 static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt) 1963 { 1964 struct rfcomm_session *s; 1965 struct rfcomm_dlc *d; 1966 struct list_head *p, *n; 1967 1968 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt); 1969 1970 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); 1971 if (!s) 1972 return; 1973 1974 rfcomm_session_hold(s); 1975 1976 list_for_each_safe(p, n, &s->dlcs) { 1977 d = list_entry(p, struct rfcomm_dlc, list); 1978 1979 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 1980 continue; 1981 1982 if (!status && encrypt) 1983 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 1984 else 1985 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 1986 } 1987 1988 rfcomm_session_put(s); 1989 1990 rfcomm_schedule(RFCOMM_SCHED_AUTH); 1991 } 1992 1993 static struct hci_cb rfcomm_cb = { 1994 .name = "RFCOMM", 1995 .auth_cfm = rfcomm_auth_cfm, 1996 .encrypt_cfm = rfcomm_encrypt_cfm 1997 }; 1998 1999 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf) 2000 { 2001 struct rfcomm_session *s; 2002 struct list_head *pp, *p; 2003 char *str = buf; 2004 2005 rfcomm_lock(); 2006 2007 list_for_each(p, &session_list) { 2008 s = list_entry(p, struct rfcomm_session, list); 2009 list_for_each(pp, &s->dlcs) { 2010 struct sock *sk = s->sock->sk; 2011 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list); 2012 2013 str += sprintf(str, "%s %s %ld %d %d %d %d\n", 2014 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), 2015 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits); 2016 } 2017 } 2018 2019 rfcomm_unlock(); 2020 2021 return (str - buf); 2022 } 2023 2024 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL); 2025 2026 /* ---- Initialization ---- */ 2027 static int __init rfcomm_init(void) 2028 { 2029 l2cap_load(); 2030 2031 hci_register_cb(&rfcomm_cb); 2032 2033 kernel_thread(rfcomm_run, NULL, CLONE_KERNEL); 2034 2035 class_create_file(&bt_class, &class_attr_rfcomm_dlc); 2036 2037 rfcomm_init_sockets(); 2038 2039 #ifdef CONFIG_BT_RFCOMM_TTY 2040 rfcomm_init_ttys(); 2041 #endif 2042 2043 BT_INFO("RFCOMM ver %s", VERSION); 2044 2045 return 0; 2046 } 2047 2048 static void __exit rfcomm_exit(void) 2049 { 2050 class_remove_file(&bt_class, &class_attr_rfcomm_dlc); 2051 2052 hci_unregister_cb(&rfcomm_cb); 2053 2054 /* Terminate working thread. 2055 * ie. Set terminate flag and wake it up */ 2056 atomic_inc(&terminate); 2057 rfcomm_schedule(RFCOMM_SCHED_STATE); 2058 2059 /* Wait until thread is running */ 2060 while (atomic_read(&running)) 2061 schedule(); 2062 2063 #ifdef CONFIG_BT_RFCOMM_TTY 2064 rfcomm_cleanup_ttys(); 2065 #endif 2066 2067 rfcomm_cleanup_sockets(); 2068 } 2069 2070 module_init(rfcomm_init); 2071 module_exit(rfcomm_exit); 2072 2073 MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>"); 2074 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION); 2075 MODULE_VERSION(VERSION); 2076 MODULE_LICENSE("GPL"); 2077 MODULE_ALIAS("bt-proto-3"); 2078