1 /* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22 */ 23 24 /* 25 * Bluetooth RFCOMM core. 26 */ 27 28 #include <linux/module.h> 29 #include <linux/errno.h> 30 #include <linux/kernel.h> 31 #include <linux/sched.h> 32 #include <linux/signal.h> 33 #include <linux/init.h> 34 #include <linux/wait.h> 35 #include <linux/device.h> 36 #include <linux/net.h> 37 #include <linux/mutex.h> 38 #include <linux/kthread.h> 39 40 #include <net/sock.h> 41 #include <asm/uaccess.h> 42 #include <asm/unaligned.h> 43 44 #include <net/bluetooth/bluetooth.h> 45 #include <net/bluetooth/hci_core.h> 46 #include <net/bluetooth/l2cap.h> 47 #include <net/bluetooth/rfcomm.h> 48 49 #ifndef CONFIG_BT_RFCOMM_DEBUG 50 #undef BT_DBG 51 #define BT_DBG(D...) 52 #endif 53 54 #define VERSION "1.10" 55 56 static int disable_cfc = 0; 57 static int channel_mtu = -1; 58 static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU; 59 60 static struct task_struct *rfcomm_thread; 61 62 static DEFINE_MUTEX(rfcomm_mutex); 63 #define rfcomm_lock() mutex_lock(&rfcomm_mutex) 64 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex) 65 66 static unsigned long rfcomm_event; 67 68 static LIST_HEAD(session_list); 69 70 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len); 71 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci); 72 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci); 73 static int rfcomm_queue_disc(struct rfcomm_dlc *d); 74 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type); 75 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d); 76 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig); 77 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len); 78 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits); 79 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr); 80 81 static void rfcomm_process_connect(struct rfcomm_session *s); 82 83 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err); 84 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst); 85 static void rfcomm_session_del(struct rfcomm_session *s); 86 87 /* ---- RFCOMM frame parsing macros ---- */ 88 #define __get_dlci(b) ((b & 0xfc) >> 2) 89 #define __get_channel(b) ((b & 0xf8) >> 3) 90 #define __get_dir(b) ((b & 0x04) >> 2) 91 #define __get_type(b) ((b & 0xef)) 92 93 #define __test_ea(b) ((b & 0x01)) 94 #define __test_cr(b) ((b & 0x02)) 95 #define __test_pf(b) ((b & 0x10)) 96 97 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01) 98 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4))) 99 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir) 100 #define __srv_channel(dlci) (dlci >> 1) 101 #define __dir(dlci) (dlci & 0x01) 102 103 #define __len8(len) (((len) << 1) | 1) 104 #define __len16(len) ((len) << 1) 105 106 /* MCC macros */ 107 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01)) 108 #define __get_mcc_type(b) ((b & 0xfc) >> 2) 109 #define __get_mcc_len(b) ((b & 0xfe) >> 1) 110 111 /* RPN macros */ 112 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3)) 113 #define __get_rpn_data_bits(line) ((line) & 0x3) 114 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1) 115 #define __get_rpn_parity(line) (((line) >> 3) & 0x7) 116 117 static inline void rfcomm_schedule(uint event) 118 { 119 if (!rfcomm_thread) 120 return; 121 //set_bit(event, &rfcomm_event); 122 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 123 wake_up_process(rfcomm_thread); 124 } 125 126 static inline void rfcomm_session_put(struct rfcomm_session *s) 127 { 128 if (atomic_dec_and_test(&s->refcnt)) 129 rfcomm_session_del(s); 130 } 131 132 /* ---- RFCOMM FCS computation ---- */ 133 134 /* reversed, 8-bit, poly=0x07 */ 135 static unsigned char rfcomm_crc_table[256] = { 136 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75, 137 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b, 138 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69, 139 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67, 140 141 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d, 142 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43, 143 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51, 144 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f, 145 146 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05, 147 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b, 148 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19, 149 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17, 150 151 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d, 152 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33, 153 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21, 154 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f, 155 156 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95, 157 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b, 158 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89, 159 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87, 160 161 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad, 162 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3, 163 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1, 164 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf, 165 166 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5, 167 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb, 168 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9, 169 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7, 170 171 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd, 172 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3, 173 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1, 174 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf 175 }; 176 177 /* CRC on 2 bytes */ 178 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]]) 179 180 /* FCS on 2 bytes */ 181 static inline u8 __fcs(u8 *data) 182 { 183 return (0xff - __crc(data)); 184 } 185 186 /* FCS on 3 bytes */ 187 static inline u8 __fcs2(u8 *data) 188 { 189 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]); 190 } 191 192 /* Check FCS */ 193 static inline int __check_fcs(u8 *data, int type, u8 fcs) 194 { 195 u8 f = __crc(data); 196 197 if (type != RFCOMM_UIH) 198 f = rfcomm_crc_table[f ^ data[2]]; 199 200 return rfcomm_crc_table[f ^ fcs] != 0xcf; 201 } 202 203 /* ---- L2CAP callbacks ---- */ 204 static void rfcomm_l2state_change(struct sock *sk) 205 { 206 BT_DBG("%p state %d", sk, sk->sk_state); 207 rfcomm_schedule(RFCOMM_SCHED_STATE); 208 } 209 210 static void rfcomm_l2data_ready(struct sock *sk, int bytes) 211 { 212 BT_DBG("%p bytes %d", sk, bytes); 213 rfcomm_schedule(RFCOMM_SCHED_RX); 214 } 215 216 static int rfcomm_l2sock_create(struct socket **sock) 217 { 218 int err; 219 220 BT_DBG(""); 221 222 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock); 223 if (!err) { 224 struct sock *sk = (*sock)->sk; 225 sk->sk_data_ready = rfcomm_l2data_ready; 226 sk->sk_state_change = rfcomm_l2state_change; 227 } 228 return err; 229 } 230 231 static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d) 232 { 233 struct sock *sk = d->session->sock->sk; 234 235 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) { 236 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon)) 237 return 1; 238 } else if (d->link_mode & RFCOMM_LM_AUTH) { 239 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon)) 240 return 1; 241 } 242 243 return 0; 244 } 245 246 /* ---- RFCOMM DLCs ---- */ 247 static void rfcomm_dlc_timeout(unsigned long arg) 248 { 249 struct rfcomm_dlc *d = (void *) arg; 250 251 BT_DBG("dlc %p state %ld", d, d->state); 252 253 set_bit(RFCOMM_TIMED_OUT, &d->flags); 254 rfcomm_dlc_put(d); 255 rfcomm_schedule(RFCOMM_SCHED_TIMEO); 256 } 257 258 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout) 259 { 260 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout); 261 262 if (!mod_timer(&d->timer, jiffies + timeout)) 263 rfcomm_dlc_hold(d); 264 } 265 266 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d) 267 { 268 BT_DBG("dlc %p state %ld", d, d->state); 269 270 if (timer_pending(&d->timer) && del_timer(&d->timer)) 271 rfcomm_dlc_put(d); 272 } 273 274 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d) 275 { 276 BT_DBG("%p", d); 277 278 d->state = BT_OPEN; 279 d->flags = 0; 280 d->mscex = 0; 281 d->mtu = RFCOMM_DEFAULT_MTU; 282 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV; 283 284 d->cfc = RFCOMM_CFC_DISABLED; 285 d->rx_credits = RFCOMM_DEFAULT_CREDITS; 286 } 287 288 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio) 289 { 290 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio); 291 292 if (!d) 293 return NULL; 294 295 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d); 296 297 skb_queue_head_init(&d->tx_queue); 298 spin_lock_init(&d->lock); 299 atomic_set(&d->refcnt, 1); 300 301 rfcomm_dlc_clear_state(d); 302 303 BT_DBG("%p", d); 304 305 return d; 306 } 307 308 void rfcomm_dlc_free(struct rfcomm_dlc *d) 309 { 310 BT_DBG("%p", d); 311 312 skb_queue_purge(&d->tx_queue); 313 kfree(d); 314 } 315 316 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d) 317 { 318 BT_DBG("dlc %p session %p", d, s); 319 320 rfcomm_session_hold(s); 321 322 rfcomm_dlc_hold(d); 323 list_add(&d->list, &s->dlcs); 324 d->session = s; 325 } 326 327 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d) 328 { 329 struct rfcomm_session *s = d->session; 330 331 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s); 332 333 list_del(&d->list); 334 d->session = NULL; 335 rfcomm_dlc_put(d); 336 337 rfcomm_session_put(s); 338 } 339 340 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci) 341 { 342 struct rfcomm_dlc *d; 343 struct list_head *p; 344 345 list_for_each(p, &s->dlcs) { 346 d = list_entry(p, struct rfcomm_dlc, list); 347 if (d->dlci == dlci) 348 return d; 349 } 350 return NULL; 351 } 352 353 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 354 { 355 struct rfcomm_session *s; 356 int err = 0; 357 u8 dlci; 358 359 BT_DBG("dlc %p state %ld %s %s channel %d", 360 d, d->state, batostr(src), batostr(dst), channel); 361 362 if (channel < 1 || channel > 30) 363 return -EINVAL; 364 365 if (d->state != BT_OPEN && d->state != BT_CLOSED) 366 return 0; 367 368 s = rfcomm_session_get(src, dst); 369 if (!s) { 370 s = rfcomm_session_create(src, dst, &err); 371 if (!s) 372 return err; 373 } 374 375 dlci = __dlci(!s->initiator, channel); 376 377 /* Check if DLCI already exists */ 378 if (rfcomm_dlc_get(s, dlci)) 379 return -EBUSY; 380 381 rfcomm_dlc_clear_state(d); 382 383 d->dlci = dlci; 384 d->addr = __addr(s->initiator, dlci); 385 d->priority = 7; 386 387 d->state = BT_CONFIG; 388 rfcomm_dlc_link(s, d); 389 390 d->out = 1; 391 392 d->mtu = s->mtu; 393 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc; 394 395 if (s->state == BT_CONNECTED) { 396 if (rfcomm_check_link_mode(d)) 397 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 398 else 399 rfcomm_send_pn(s, 1, d); 400 } 401 402 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 403 404 return 0; 405 } 406 407 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 408 { 409 int r; 410 411 rfcomm_lock(); 412 413 r = __rfcomm_dlc_open(d, src, dst, channel); 414 415 rfcomm_unlock(); 416 return r; 417 } 418 419 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 420 { 421 struct rfcomm_session *s = d->session; 422 if (!s) 423 return 0; 424 425 BT_DBG("dlc %p state %ld dlci %d err %d session %p", 426 d, d->state, d->dlci, err, s); 427 428 switch (d->state) { 429 case BT_CONNECTED: 430 case BT_CONFIG: 431 case BT_CONNECT: 432 d->state = BT_DISCONN; 433 if (skb_queue_empty(&d->tx_queue)) { 434 rfcomm_send_disc(s, d->dlci); 435 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT); 436 } else { 437 rfcomm_queue_disc(d); 438 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2); 439 } 440 break; 441 442 default: 443 rfcomm_dlc_clear_timer(d); 444 445 rfcomm_dlc_lock(d); 446 d->state = BT_CLOSED; 447 d->state_change(d, err); 448 rfcomm_dlc_unlock(d); 449 450 skb_queue_purge(&d->tx_queue); 451 rfcomm_dlc_unlink(d); 452 } 453 454 return 0; 455 } 456 457 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 458 { 459 int r; 460 461 rfcomm_lock(); 462 463 r = __rfcomm_dlc_close(d, err); 464 465 rfcomm_unlock(); 466 return r; 467 } 468 469 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb) 470 { 471 int len = skb->len; 472 473 if (d->state != BT_CONNECTED) 474 return -ENOTCONN; 475 476 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len); 477 478 if (len > d->mtu) 479 return -EINVAL; 480 481 rfcomm_make_uih(skb, d->addr); 482 skb_queue_tail(&d->tx_queue, skb); 483 484 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 485 rfcomm_schedule(RFCOMM_SCHED_TX); 486 return len; 487 } 488 489 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d) 490 { 491 BT_DBG("dlc %p state %ld", d, d->state); 492 493 if (!d->cfc) { 494 d->v24_sig |= RFCOMM_V24_FC; 495 set_bit(RFCOMM_MSC_PENDING, &d->flags); 496 } 497 rfcomm_schedule(RFCOMM_SCHED_TX); 498 } 499 500 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d) 501 { 502 BT_DBG("dlc %p state %ld", d, d->state); 503 504 if (!d->cfc) { 505 d->v24_sig &= ~RFCOMM_V24_FC; 506 set_bit(RFCOMM_MSC_PENDING, &d->flags); 507 } 508 rfcomm_schedule(RFCOMM_SCHED_TX); 509 } 510 511 /* 512 Set/get modem status functions use _local_ status i.e. what we report 513 to the other side. 514 Remote status is provided by dlc->modem_status() callback. 515 */ 516 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig) 517 { 518 BT_DBG("dlc %p state %ld v24_sig 0x%x", 519 d, d->state, v24_sig); 520 521 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags)) 522 v24_sig |= RFCOMM_V24_FC; 523 else 524 v24_sig &= ~RFCOMM_V24_FC; 525 526 d->v24_sig = v24_sig; 527 528 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags)) 529 rfcomm_schedule(RFCOMM_SCHED_TX); 530 531 return 0; 532 } 533 534 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig) 535 { 536 BT_DBG("dlc %p state %ld v24_sig 0x%x", 537 d, d->state, d->v24_sig); 538 539 *v24_sig = d->v24_sig; 540 return 0; 541 } 542 543 /* ---- RFCOMM sessions ---- */ 544 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state) 545 { 546 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL); 547 548 if (!s) 549 return NULL; 550 551 BT_DBG("session %p sock %p", s, sock); 552 553 INIT_LIST_HEAD(&s->dlcs); 554 s->state = state; 555 s->sock = sock; 556 557 s->mtu = RFCOMM_DEFAULT_MTU; 558 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN; 559 560 /* Do not increment module usage count for listening sessions. 561 * Otherwise we won't be able to unload the module. */ 562 if (state != BT_LISTEN) 563 if (!try_module_get(THIS_MODULE)) { 564 kfree(s); 565 return NULL; 566 } 567 568 list_add(&s->list, &session_list); 569 570 return s; 571 } 572 573 static void rfcomm_session_del(struct rfcomm_session *s) 574 { 575 int state = s->state; 576 577 BT_DBG("session %p state %ld", s, s->state); 578 579 list_del(&s->list); 580 581 if (state == BT_CONNECTED) 582 rfcomm_send_disc(s, 0); 583 584 sock_release(s->sock); 585 kfree(s); 586 587 if (state != BT_LISTEN) 588 module_put(THIS_MODULE); 589 } 590 591 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst) 592 { 593 struct rfcomm_session *s; 594 struct list_head *p, *n; 595 struct bt_sock *sk; 596 list_for_each_safe(p, n, &session_list) { 597 s = list_entry(p, struct rfcomm_session, list); 598 sk = bt_sk(s->sock->sk); 599 600 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) && 601 !bacmp(&sk->dst, dst)) 602 return s; 603 } 604 return NULL; 605 } 606 607 static void rfcomm_session_close(struct rfcomm_session *s, int err) 608 { 609 struct rfcomm_dlc *d; 610 struct list_head *p, *n; 611 612 BT_DBG("session %p state %ld err %d", s, s->state, err); 613 614 rfcomm_session_hold(s); 615 616 s->state = BT_CLOSED; 617 618 /* Close all dlcs */ 619 list_for_each_safe(p, n, &s->dlcs) { 620 d = list_entry(p, struct rfcomm_dlc, list); 621 d->state = BT_CLOSED; 622 __rfcomm_dlc_close(d, err); 623 } 624 625 rfcomm_session_put(s); 626 } 627 628 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err) 629 { 630 struct rfcomm_session *s = NULL; 631 struct sockaddr_l2 addr; 632 struct socket *sock; 633 struct sock *sk; 634 635 BT_DBG("%s %s", batostr(src), batostr(dst)); 636 637 *err = rfcomm_l2sock_create(&sock); 638 if (*err < 0) 639 return NULL; 640 641 bacpy(&addr.l2_bdaddr, src); 642 addr.l2_family = AF_BLUETOOTH; 643 addr.l2_psm = 0; 644 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 645 if (*err < 0) 646 goto failed; 647 648 /* Set L2CAP options */ 649 sk = sock->sk; 650 lock_sock(sk); 651 l2cap_pi(sk)->imtu = l2cap_mtu; 652 release_sock(sk); 653 654 s = rfcomm_session_add(sock, BT_BOUND); 655 if (!s) { 656 *err = -ENOMEM; 657 goto failed; 658 } 659 660 s->initiator = 1; 661 662 bacpy(&addr.l2_bdaddr, dst); 663 addr.l2_family = AF_BLUETOOTH; 664 addr.l2_psm = htobs(RFCOMM_PSM); 665 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); 666 if (*err == 0 || *err == -EINPROGRESS) 667 return s; 668 669 rfcomm_session_del(s); 670 return NULL; 671 672 failed: 673 sock_release(sock); 674 return NULL; 675 } 676 677 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst) 678 { 679 struct sock *sk = s->sock->sk; 680 if (src) 681 bacpy(src, &bt_sk(sk)->src); 682 if (dst) 683 bacpy(dst, &bt_sk(sk)->dst); 684 } 685 686 /* ---- RFCOMM frame sending ---- */ 687 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len) 688 { 689 struct socket *sock = s->sock; 690 struct kvec iv = { data, len }; 691 struct msghdr msg; 692 693 BT_DBG("session %p len %d", s, len); 694 695 memset(&msg, 0, sizeof(msg)); 696 697 return kernel_sendmsg(sock, &msg, &iv, 1, len); 698 } 699 700 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci) 701 { 702 struct rfcomm_cmd cmd; 703 704 BT_DBG("%p dlci %d", s, dlci); 705 706 cmd.addr = __addr(s->initiator, dlci); 707 cmd.ctrl = __ctrl(RFCOMM_SABM, 1); 708 cmd.len = __len8(0); 709 cmd.fcs = __fcs2((u8 *) &cmd); 710 711 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 712 } 713 714 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci) 715 { 716 struct rfcomm_cmd cmd; 717 718 BT_DBG("%p dlci %d", s, dlci); 719 720 cmd.addr = __addr(!s->initiator, dlci); 721 cmd.ctrl = __ctrl(RFCOMM_UA, 1); 722 cmd.len = __len8(0); 723 cmd.fcs = __fcs2((u8 *) &cmd); 724 725 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 726 } 727 728 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci) 729 { 730 struct rfcomm_cmd cmd; 731 732 BT_DBG("%p dlci %d", s, dlci); 733 734 cmd.addr = __addr(s->initiator, dlci); 735 cmd.ctrl = __ctrl(RFCOMM_DISC, 1); 736 cmd.len = __len8(0); 737 cmd.fcs = __fcs2((u8 *) &cmd); 738 739 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 740 } 741 742 static int rfcomm_queue_disc(struct rfcomm_dlc *d) 743 { 744 struct rfcomm_cmd *cmd; 745 struct sk_buff *skb; 746 747 BT_DBG("dlc %p dlci %d", d, d->dlci); 748 749 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL); 750 if (!skb) 751 return -ENOMEM; 752 753 cmd = (void *) __skb_put(skb, sizeof(*cmd)); 754 cmd->addr = d->addr; 755 cmd->ctrl = __ctrl(RFCOMM_DISC, 1); 756 cmd->len = __len8(0); 757 cmd->fcs = __fcs2((u8 *) cmd); 758 759 skb_queue_tail(&d->tx_queue, skb); 760 rfcomm_schedule(RFCOMM_SCHED_TX); 761 return 0; 762 } 763 764 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci) 765 { 766 struct rfcomm_cmd cmd; 767 768 BT_DBG("%p dlci %d", s, dlci); 769 770 cmd.addr = __addr(!s->initiator, dlci); 771 cmd.ctrl = __ctrl(RFCOMM_DM, 1); 772 cmd.len = __len8(0); 773 cmd.fcs = __fcs2((u8 *) &cmd); 774 775 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 776 } 777 778 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type) 779 { 780 struct rfcomm_hdr *hdr; 781 struct rfcomm_mcc *mcc; 782 u8 buf[16], *ptr = buf; 783 784 BT_DBG("%p cr %d type %d", s, cr, type); 785 786 hdr = (void *) ptr; ptr += sizeof(*hdr); 787 hdr->addr = __addr(s->initiator, 0); 788 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 789 hdr->len = __len8(sizeof(*mcc) + 1); 790 791 mcc = (void *) ptr; ptr += sizeof(*mcc); 792 mcc->type = __mcc_type(cr, RFCOMM_NSC); 793 mcc->len = __len8(1); 794 795 /* Type that we didn't like */ 796 *ptr = __mcc_type(cr, type); ptr++; 797 798 *ptr = __fcs(buf); ptr++; 799 800 return rfcomm_send_frame(s, buf, ptr - buf); 801 } 802 803 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d) 804 { 805 struct rfcomm_hdr *hdr; 806 struct rfcomm_mcc *mcc; 807 struct rfcomm_pn *pn; 808 u8 buf[16], *ptr = buf; 809 810 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu); 811 812 hdr = (void *) ptr; ptr += sizeof(*hdr); 813 hdr->addr = __addr(s->initiator, 0); 814 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 815 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn)); 816 817 mcc = (void *) ptr; ptr += sizeof(*mcc); 818 mcc->type = __mcc_type(cr, RFCOMM_PN); 819 mcc->len = __len8(sizeof(*pn)); 820 821 pn = (void *) ptr; ptr += sizeof(*pn); 822 pn->dlci = d->dlci; 823 pn->priority = d->priority; 824 pn->ack_timer = 0; 825 pn->max_retrans = 0; 826 827 if (s->cfc) { 828 pn->flow_ctrl = cr ? 0xf0 : 0xe0; 829 pn->credits = RFCOMM_DEFAULT_CREDITS; 830 } else { 831 pn->flow_ctrl = 0; 832 pn->credits = 0; 833 } 834 835 if (cr && channel_mtu >= 0) 836 pn->mtu = htobs(channel_mtu); 837 else 838 pn->mtu = htobs(d->mtu); 839 840 *ptr = __fcs(buf); ptr++; 841 842 return rfcomm_send_frame(s, buf, ptr - buf); 843 } 844 845 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci, 846 u8 bit_rate, u8 data_bits, u8 stop_bits, 847 u8 parity, u8 flow_ctrl_settings, 848 u8 xon_char, u8 xoff_char, u16 param_mask) 849 { 850 struct rfcomm_hdr *hdr; 851 struct rfcomm_mcc *mcc; 852 struct rfcomm_rpn *rpn; 853 u8 buf[16], *ptr = buf; 854 855 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x" 856 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x", 857 s, cr, dlci, bit_rate, data_bits, stop_bits, parity, 858 flow_ctrl_settings, xon_char, xoff_char, param_mask); 859 860 hdr = (void *) ptr; ptr += sizeof(*hdr); 861 hdr->addr = __addr(s->initiator, 0); 862 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 863 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn)); 864 865 mcc = (void *) ptr; ptr += sizeof(*mcc); 866 mcc->type = __mcc_type(cr, RFCOMM_RPN); 867 mcc->len = __len8(sizeof(*rpn)); 868 869 rpn = (void *) ptr; ptr += sizeof(*rpn); 870 rpn->dlci = __addr(1, dlci); 871 rpn->bit_rate = bit_rate; 872 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity); 873 rpn->flow_ctrl = flow_ctrl_settings; 874 rpn->xon_char = xon_char; 875 rpn->xoff_char = xoff_char; 876 rpn->param_mask = cpu_to_le16(param_mask); 877 878 *ptr = __fcs(buf); ptr++; 879 880 return rfcomm_send_frame(s, buf, ptr - buf); 881 } 882 883 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status) 884 { 885 struct rfcomm_hdr *hdr; 886 struct rfcomm_mcc *mcc; 887 struct rfcomm_rls *rls; 888 u8 buf[16], *ptr = buf; 889 890 BT_DBG("%p cr %d status 0x%x", s, cr, status); 891 892 hdr = (void *) ptr; ptr += sizeof(*hdr); 893 hdr->addr = __addr(s->initiator, 0); 894 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 895 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls)); 896 897 mcc = (void *) ptr; ptr += sizeof(*mcc); 898 mcc->type = __mcc_type(cr, RFCOMM_RLS); 899 mcc->len = __len8(sizeof(*rls)); 900 901 rls = (void *) ptr; ptr += sizeof(*rls); 902 rls->dlci = __addr(1, dlci); 903 rls->status = status; 904 905 *ptr = __fcs(buf); ptr++; 906 907 return rfcomm_send_frame(s, buf, ptr - buf); 908 } 909 910 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig) 911 { 912 struct rfcomm_hdr *hdr; 913 struct rfcomm_mcc *mcc; 914 struct rfcomm_msc *msc; 915 u8 buf[16], *ptr = buf; 916 917 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig); 918 919 hdr = (void *) ptr; ptr += sizeof(*hdr); 920 hdr->addr = __addr(s->initiator, 0); 921 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 922 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc)); 923 924 mcc = (void *) ptr; ptr += sizeof(*mcc); 925 mcc->type = __mcc_type(cr, RFCOMM_MSC); 926 mcc->len = __len8(sizeof(*msc)); 927 928 msc = (void *) ptr; ptr += sizeof(*msc); 929 msc->dlci = __addr(1, dlci); 930 msc->v24_sig = v24_sig | 0x01; 931 932 *ptr = __fcs(buf); ptr++; 933 934 return rfcomm_send_frame(s, buf, ptr - buf); 935 } 936 937 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr) 938 { 939 struct rfcomm_hdr *hdr; 940 struct rfcomm_mcc *mcc; 941 u8 buf[16], *ptr = buf; 942 943 BT_DBG("%p cr %d", s, cr); 944 945 hdr = (void *) ptr; ptr += sizeof(*hdr); 946 hdr->addr = __addr(s->initiator, 0); 947 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 948 hdr->len = __len8(sizeof(*mcc)); 949 950 mcc = (void *) ptr; ptr += sizeof(*mcc); 951 mcc->type = __mcc_type(cr, RFCOMM_FCOFF); 952 mcc->len = __len8(0); 953 954 *ptr = __fcs(buf); ptr++; 955 956 return rfcomm_send_frame(s, buf, ptr - buf); 957 } 958 959 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr) 960 { 961 struct rfcomm_hdr *hdr; 962 struct rfcomm_mcc *mcc; 963 u8 buf[16], *ptr = buf; 964 965 BT_DBG("%p cr %d", s, cr); 966 967 hdr = (void *) ptr; ptr += sizeof(*hdr); 968 hdr->addr = __addr(s->initiator, 0); 969 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 970 hdr->len = __len8(sizeof(*mcc)); 971 972 mcc = (void *) ptr; ptr += sizeof(*mcc); 973 mcc->type = __mcc_type(cr, RFCOMM_FCON); 974 mcc->len = __len8(0); 975 976 *ptr = __fcs(buf); ptr++; 977 978 return rfcomm_send_frame(s, buf, ptr - buf); 979 } 980 981 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len) 982 { 983 struct socket *sock = s->sock; 984 struct kvec iv[3]; 985 struct msghdr msg; 986 unsigned char hdr[5], crc[1]; 987 988 if (len > 125) 989 return -EINVAL; 990 991 BT_DBG("%p cr %d", s, cr); 992 993 hdr[0] = __addr(s->initiator, 0); 994 hdr[1] = __ctrl(RFCOMM_UIH, 0); 995 hdr[2] = 0x01 | ((len + 2) << 1); 996 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2); 997 hdr[4] = 0x01 | (len << 1); 998 999 crc[0] = __fcs(hdr); 1000 1001 iv[0].iov_base = hdr; 1002 iv[0].iov_len = 5; 1003 iv[1].iov_base = pattern; 1004 iv[1].iov_len = len; 1005 iv[2].iov_base = crc; 1006 iv[2].iov_len = 1; 1007 1008 memset(&msg, 0, sizeof(msg)); 1009 1010 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len); 1011 } 1012 1013 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits) 1014 { 1015 struct rfcomm_hdr *hdr; 1016 u8 buf[16], *ptr = buf; 1017 1018 BT_DBG("%p addr %d credits %d", s, addr, credits); 1019 1020 hdr = (void *) ptr; ptr += sizeof(*hdr); 1021 hdr->addr = addr; 1022 hdr->ctrl = __ctrl(RFCOMM_UIH, 1); 1023 hdr->len = __len8(0); 1024 1025 *ptr = credits; ptr++; 1026 1027 *ptr = __fcs(buf); ptr++; 1028 1029 return rfcomm_send_frame(s, buf, ptr - buf); 1030 } 1031 1032 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr) 1033 { 1034 struct rfcomm_hdr *hdr; 1035 int len = skb->len; 1036 u8 *crc; 1037 1038 if (len > 127) { 1039 hdr = (void *) skb_push(skb, 4); 1040 put_unaligned(htobs(__len16(len)), (__le16 *) &hdr->len); 1041 } else { 1042 hdr = (void *) skb_push(skb, 3); 1043 hdr->len = __len8(len); 1044 } 1045 hdr->addr = addr; 1046 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1047 1048 crc = skb_put(skb, 1); 1049 *crc = __fcs((void *) hdr); 1050 } 1051 1052 /* ---- RFCOMM frame reception ---- */ 1053 static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci) 1054 { 1055 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1056 1057 if (dlci) { 1058 /* Data channel */ 1059 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1060 if (!d) { 1061 rfcomm_send_dm(s, dlci); 1062 return 0; 1063 } 1064 1065 switch (d->state) { 1066 case BT_CONNECT: 1067 rfcomm_dlc_clear_timer(d); 1068 1069 rfcomm_dlc_lock(d); 1070 d->state = BT_CONNECTED; 1071 d->state_change(d, 0); 1072 rfcomm_dlc_unlock(d); 1073 1074 rfcomm_send_msc(s, 1, dlci, d->v24_sig); 1075 break; 1076 1077 case BT_DISCONN: 1078 d->state = BT_CLOSED; 1079 __rfcomm_dlc_close(d, 0); 1080 1081 if (list_empty(&s->dlcs)) { 1082 s->state = BT_DISCONN; 1083 rfcomm_send_disc(s, 0); 1084 } 1085 1086 break; 1087 } 1088 } else { 1089 /* Control channel */ 1090 switch (s->state) { 1091 case BT_CONNECT: 1092 s->state = BT_CONNECTED; 1093 rfcomm_process_connect(s); 1094 break; 1095 1096 case BT_DISCONN: 1097 rfcomm_session_put(s); 1098 break; 1099 } 1100 } 1101 return 0; 1102 } 1103 1104 static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci) 1105 { 1106 int err = 0; 1107 1108 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1109 1110 if (dlci) { 1111 /* Data DLC */ 1112 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1113 if (d) { 1114 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1115 err = ECONNREFUSED; 1116 else 1117 err = ECONNRESET; 1118 1119 d->state = BT_CLOSED; 1120 __rfcomm_dlc_close(d, err); 1121 } 1122 } else { 1123 if (s->state == BT_CONNECT) 1124 err = ECONNREFUSED; 1125 else 1126 err = ECONNRESET; 1127 1128 s->state = BT_CLOSED; 1129 rfcomm_session_close(s, err); 1130 } 1131 return 0; 1132 } 1133 1134 static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci) 1135 { 1136 int err = 0; 1137 1138 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1139 1140 if (dlci) { 1141 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1142 if (d) { 1143 rfcomm_send_ua(s, dlci); 1144 1145 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1146 err = ECONNREFUSED; 1147 else 1148 err = ECONNRESET; 1149 1150 d->state = BT_CLOSED; 1151 __rfcomm_dlc_close(d, err); 1152 } else 1153 rfcomm_send_dm(s, dlci); 1154 1155 } else { 1156 rfcomm_send_ua(s, 0); 1157 1158 if (s->state == BT_CONNECT) 1159 err = ECONNREFUSED; 1160 else 1161 err = ECONNRESET; 1162 1163 s->state = BT_CLOSED; 1164 rfcomm_session_close(s, err); 1165 } 1166 1167 return 0; 1168 } 1169 1170 static void rfcomm_dlc_accept(struct rfcomm_dlc *d) 1171 { 1172 struct sock *sk = d->session->sock->sk; 1173 1174 BT_DBG("dlc %p", d); 1175 1176 rfcomm_send_ua(d->session, d->dlci); 1177 1178 rfcomm_dlc_lock(d); 1179 d->state = BT_CONNECTED; 1180 d->state_change(d, 0); 1181 rfcomm_dlc_unlock(d); 1182 1183 if (d->link_mode & RFCOMM_LM_MASTER) 1184 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00); 1185 1186 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1187 } 1188 1189 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci) 1190 { 1191 struct rfcomm_dlc *d; 1192 u8 channel; 1193 1194 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1195 1196 if (!dlci) { 1197 rfcomm_send_ua(s, 0); 1198 1199 if (s->state == BT_OPEN) { 1200 s->state = BT_CONNECTED; 1201 rfcomm_process_connect(s); 1202 } 1203 return 0; 1204 } 1205 1206 /* Check if DLC exists */ 1207 d = rfcomm_dlc_get(s, dlci); 1208 if (d) { 1209 if (d->state == BT_OPEN) { 1210 /* DLC was previously opened by PN request */ 1211 if (rfcomm_check_link_mode(d)) { 1212 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1213 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1214 } else 1215 rfcomm_dlc_accept(d); 1216 } 1217 return 0; 1218 } 1219 1220 /* Notify socket layer about incoming connection */ 1221 channel = __srv_channel(dlci); 1222 if (rfcomm_connect_ind(s, channel, &d)) { 1223 d->dlci = dlci; 1224 d->addr = __addr(s->initiator, dlci); 1225 rfcomm_dlc_link(s, d); 1226 1227 if (rfcomm_check_link_mode(d)) { 1228 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1229 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1230 } else 1231 rfcomm_dlc_accept(d); 1232 } else { 1233 rfcomm_send_dm(s, dlci); 1234 } 1235 1236 return 0; 1237 } 1238 1239 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn) 1240 { 1241 struct rfcomm_session *s = d->session; 1242 1243 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d", 1244 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits); 1245 1246 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) || 1247 pn->flow_ctrl == 0xe0) { 1248 d->cfc = RFCOMM_CFC_ENABLED; 1249 d->tx_credits = pn->credits; 1250 } else { 1251 d->cfc = RFCOMM_CFC_DISABLED; 1252 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1253 } 1254 1255 if (s->cfc == RFCOMM_CFC_UNKNOWN) 1256 s->cfc = d->cfc; 1257 1258 d->priority = pn->priority; 1259 1260 d->mtu = btohs(pn->mtu); 1261 1262 if (cr && d->mtu > s->mtu) 1263 d->mtu = s->mtu; 1264 1265 return 0; 1266 } 1267 1268 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1269 { 1270 struct rfcomm_pn *pn = (void *) skb->data; 1271 struct rfcomm_dlc *d; 1272 u8 dlci = pn->dlci; 1273 1274 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1275 1276 if (!dlci) 1277 return 0; 1278 1279 d = rfcomm_dlc_get(s, dlci); 1280 if (d) { 1281 if (cr) { 1282 /* PN request */ 1283 rfcomm_apply_pn(d, cr, pn); 1284 rfcomm_send_pn(s, 0, d); 1285 } else { 1286 /* PN response */ 1287 switch (d->state) { 1288 case BT_CONFIG: 1289 rfcomm_apply_pn(d, cr, pn); 1290 1291 d->state = BT_CONNECT; 1292 rfcomm_send_sabm(s, d->dlci); 1293 break; 1294 } 1295 } 1296 } else { 1297 u8 channel = __srv_channel(dlci); 1298 1299 if (!cr) 1300 return 0; 1301 1302 /* PN request for non existing DLC. 1303 * Assume incoming connection. */ 1304 if (rfcomm_connect_ind(s, channel, &d)) { 1305 d->dlci = dlci; 1306 d->addr = __addr(s->initiator, dlci); 1307 rfcomm_dlc_link(s, d); 1308 1309 rfcomm_apply_pn(d, cr, pn); 1310 1311 d->state = BT_OPEN; 1312 rfcomm_send_pn(s, 0, d); 1313 } else { 1314 rfcomm_send_dm(s, dlci); 1315 } 1316 } 1317 return 0; 1318 } 1319 1320 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb) 1321 { 1322 struct rfcomm_rpn *rpn = (void *) skb->data; 1323 u8 dlci = __get_dlci(rpn->dlci); 1324 1325 u8 bit_rate = 0; 1326 u8 data_bits = 0; 1327 u8 stop_bits = 0; 1328 u8 parity = 0; 1329 u8 flow_ctrl = 0; 1330 u8 xon_char = 0; 1331 u8 xoff_char = 0; 1332 u16 rpn_mask = RFCOMM_RPN_PM_ALL; 1333 1334 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x", 1335 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl, 1336 rpn->xon_char, rpn->xoff_char, rpn->param_mask); 1337 1338 if (!cr) 1339 return 0; 1340 1341 if (len == 1) { 1342 /* This is a request, return default settings */ 1343 bit_rate = RFCOMM_RPN_BR_115200; 1344 data_bits = RFCOMM_RPN_DATA_8; 1345 stop_bits = RFCOMM_RPN_STOP_1; 1346 parity = RFCOMM_RPN_PARITY_NONE; 1347 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1348 xon_char = RFCOMM_RPN_XON_CHAR; 1349 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1350 goto rpn_out; 1351 } 1352 1353 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit, 1354 * no parity, no flow control lines, normal XON/XOFF chars */ 1355 1356 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) { 1357 bit_rate = rpn->bit_rate; 1358 if (bit_rate != RFCOMM_RPN_BR_115200) { 1359 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate); 1360 bit_rate = RFCOMM_RPN_BR_115200; 1361 rpn_mask ^= RFCOMM_RPN_PM_BITRATE; 1362 } 1363 } 1364 1365 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) { 1366 data_bits = __get_rpn_data_bits(rpn->line_settings); 1367 if (data_bits != RFCOMM_RPN_DATA_8) { 1368 BT_DBG("RPN data bits mismatch 0x%x", data_bits); 1369 data_bits = RFCOMM_RPN_DATA_8; 1370 rpn_mask ^= RFCOMM_RPN_PM_DATA; 1371 } 1372 } 1373 1374 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) { 1375 stop_bits = __get_rpn_stop_bits(rpn->line_settings); 1376 if (stop_bits != RFCOMM_RPN_STOP_1) { 1377 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits); 1378 stop_bits = RFCOMM_RPN_STOP_1; 1379 rpn_mask ^= RFCOMM_RPN_PM_STOP; 1380 } 1381 } 1382 1383 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) { 1384 parity = __get_rpn_parity(rpn->line_settings); 1385 if (parity != RFCOMM_RPN_PARITY_NONE) { 1386 BT_DBG("RPN parity mismatch 0x%x", parity); 1387 parity = RFCOMM_RPN_PARITY_NONE; 1388 rpn_mask ^= RFCOMM_RPN_PM_PARITY; 1389 } 1390 } 1391 1392 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) { 1393 flow_ctrl = rpn->flow_ctrl; 1394 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) { 1395 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl); 1396 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1397 rpn_mask ^= RFCOMM_RPN_PM_FLOW; 1398 } 1399 } 1400 1401 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) { 1402 xon_char = rpn->xon_char; 1403 if (xon_char != RFCOMM_RPN_XON_CHAR) { 1404 BT_DBG("RPN XON char mismatch 0x%x", xon_char); 1405 xon_char = RFCOMM_RPN_XON_CHAR; 1406 rpn_mask ^= RFCOMM_RPN_PM_XON; 1407 } 1408 } 1409 1410 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) { 1411 xoff_char = rpn->xoff_char; 1412 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) { 1413 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char); 1414 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1415 rpn_mask ^= RFCOMM_RPN_PM_XOFF; 1416 } 1417 } 1418 1419 rpn_out: 1420 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits, 1421 parity, flow_ctrl, xon_char, xoff_char, rpn_mask); 1422 1423 return 0; 1424 } 1425 1426 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1427 { 1428 struct rfcomm_rls *rls = (void *) skb->data; 1429 u8 dlci = __get_dlci(rls->dlci); 1430 1431 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status); 1432 1433 if (!cr) 1434 return 0; 1435 1436 /* We should probably do something with this information here. But 1437 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's 1438 * mandatory to recognise and respond to RLS */ 1439 1440 rfcomm_send_rls(s, 0, dlci, rls->status); 1441 1442 return 0; 1443 } 1444 1445 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1446 { 1447 struct rfcomm_msc *msc = (void *) skb->data; 1448 struct rfcomm_dlc *d; 1449 u8 dlci = __get_dlci(msc->dlci); 1450 1451 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig); 1452 1453 d = rfcomm_dlc_get(s, dlci); 1454 if (!d) 1455 return 0; 1456 1457 if (cr) { 1458 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc) 1459 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1460 else 1461 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1462 1463 rfcomm_dlc_lock(d); 1464 1465 d->remote_v24_sig = msc->v24_sig; 1466 1467 if (d->modem_status) 1468 d->modem_status(d, msc->v24_sig); 1469 1470 rfcomm_dlc_unlock(d); 1471 1472 rfcomm_send_msc(s, 0, dlci, msc->v24_sig); 1473 1474 d->mscex |= RFCOMM_MSCEX_RX; 1475 } else 1476 d->mscex |= RFCOMM_MSCEX_TX; 1477 1478 return 0; 1479 } 1480 1481 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb) 1482 { 1483 struct rfcomm_mcc *mcc = (void *) skb->data; 1484 u8 type, cr, len; 1485 1486 cr = __test_cr(mcc->type); 1487 type = __get_mcc_type(mcc->type); 1488 len = __get_mcc_len(mcc->len); 1489 1490 BT_DBG("%p type 0x%x cr %d", s, type, cr); 1491 1492 skb_pull(skb, 2); 1493 1494 switch (type) { 1495 case RFCOMM_PN: 1496 rfcomm_recv_pn(s, cr, skb); 1497 break; 1498 1499 case RFCOMM_RPN: 1500 rfcomm_recv_rpn(s, cr, len, skb); 1501 break; 1502 1503 case RFCOMM_RLS: 1504 rfcomm_recv_rls(s, cr, skb); 1505 break; 1506 1507 case RFCOMM_MSC: 1508 rfcomm_recv_msc(s, cr, skb); 1509 break; 1510 1511 case RFCOMM_FCOFF: 1512 if (cr) { 1513 set_bit(RFCOMM_TX_THROTTLED, &s->flags); 1514 rfcomm_send_fcoff(s, 0); 1515 } 1516 break; 1517 1518 case RFCOMM_FCON: 1519 if (cr) { 1520 clear_bit(RFCOMM_TX_THROTTLED, &s->flags); 1521 rfcomm_send_fcon(s, 0); 1522 } 1523 break; 1524 1525 case RFCOMM_TEST: 1526 if (cr) 1527 rfcomm_send_test(s, 0, skb->data, skb->len); 1528 break; 1529 1530 case RFCOMM_NSC: 1531 break; 1532 1533 default: 1534 BT_ERR("Unknown control type 0x%02x", type); 1535 rfcomm_send_nsc(s, cr, type); 1536 break; 1537 } 1538 return 0; 1539 } 1540 1541 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb) 1542 { 1543 struct rfcomm_dlc *d; 1544 1545 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf); 1546 1547 d = rfcomm_dlc_get(s, dlci); 1548 if (!d) { 1549 rfcomm_send_dm(s, dlci); 1550 goto drop; 1551 } 1552 1553 if (pf && d->cfc) { 1554 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1); 1555 1556 d->tx_credits += credits; 1557 if (d->tx_credits) 1558 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1559 } 1560 1561 if (skb->len && d->state == BT_CONNECTED) { 1562 rfcomm_dlc_lock(d); 1563 d->rx_credits--; 1564 d->data_ready(d, skb); 1565 rfcomm_dlc_unlock(d); 1566 return 0; 1567 } 1568 1569 drop: 1570 kfree_skb(skb); 1571 return 0; 1572 } 1573 1574 static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb) 1575 { 1576 struct rfcomm_hdr *hdr = (void *) skb->data; 1577 u8 type, dlci, fcs; 1578 1579 dlci = __get_dlci(hdr->addr); 1580 type = __get_type(hdr->ctrl); 1581 1582 /* Trim FCS */ 1583 skb->len--; skb->tail--; 1584 fcs = *(u8 *)skb_tail_pointer(skb); 1585 1586 if (__check_fcs(skb->data, type, fcs)) { 1587 BT_ERR("bad checksum in packet"); 1588 kfree_skb(skb); 1589 return -EILSEQ; 1590 } 1591 1592 if (__test_ea(hdr->len)) 1593 skb_pull(skb, 3); 1594 else 1595 skb_pull(skb, 4); 1596 1597 switch (type) { 1598 case RFCOMM_SABM: 1599 if (__test_pf(hdr->ctrl)) 1600 rfcomm_recv_sabm(s, dlci); 1601 break; 1602 1603 case RFCOMM_DISC: 1604 if (__test_pf(hdr->ctrl)) 1605 rfcomm_recv_disc(s, dlci); 1606 break; 1607 1608 case RFCOMM_UA: 1609 if (__test_pf(hdr->ctrl)) 1610 rfcomm_recv_ua(s, dlci); 1611 break; 1612 1613 case RFCOMM_DM: 1614 rfcomm_recv_dm(s, dlci); 1615 break; 1616 1617 case RFCOMM_UIH: 1618 if (dlci) 1619 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb); 1620 1621 rfcomm_recv_mcc(s, skb); 1622 break; 1623 1624 default: 1625 BT_ERR("Unknown packet type 0x%02x\n", type); 1626 break; 1627 } 1628 kfree_skb(skb); 1629 return 0; 1630 } 1631 1632 /* ---- Connection and data processing ---- */ 1633 1634 static void rfcomm_process_connect(struct rfcomm_session *s) 1635 { 1636 struct rfcomm_dlc *d; 1637 struct list_head *p, *n; 1638 1639 BT_DBG("session %p state %ld", s, s->state); 1640 1641 list_for_each_safe(p, n, &s->dlcs) { 1642 d = list_entry(p, struct rfcomm_dlc, list); 1643 if (d->state == BT_CONFIG) { 1644 d->mtu = s->mtu; 1645 if (rfcomm_check_link_mode(d)) { 1646 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1647 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1648 } else 1649 rfcomm_send_pn(s, 1, d); 1650 } 1651 } 1652 } 1653 1654 /* Send data queued for the DLC. 1655 * Return number of frames left in the queue. 1656 */ 1657 static inline int rfcomm_process_tx(struct rfcomm_dlc *d) 1658 { 1659 struct sk_buff *skb; 1660 int err; 1661 1662 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d", 1663 d, d->state, d->cfc, d->rx_credits, d->tx_credits); 1664 1665 /* Send pending MSC */ 1666 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags)) 1667 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1668 1669 if (d->cfc) { 1670 /* CFC enabled. 1671 * Give them some credits */ 1672 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) && 1673 d->rx_credits <= (d->cfc >> 2)) { 1674 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits); 1675 d->rx_credits = d->cfc; 1676 } 1677 } else { 1678 /* CFC disabled. 1679 * Give ourselves some credits */ 1680 d->tx_credits = 5; 1681 } 1682 1683 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 1684 return skb_queue_len(&d->tx_queue); 1685 1686 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) { 1687 err = rfcomm_send_frame(d->session, skb->data, skb->len); 1688 if (err < 0) { 1689 skb_queue_head(&d->tx_queue, skb); 1690 break; 1691 } 1692 kfree_skb(skb); 1693 d->tx_credits--; 1694 } 1695 1696 if (d->cfc && !d->tx_credits) { 1697 /* We're out of TX credits. 1698 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */ 1699 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1700 } 1701 1702 return skb_queue_len(&d->tx_queue); 1703 } 1704 1705 static inline void rfcomm_process_dlcs(struct rfcomm_session *s) 1706 { 1707 struct rfcomm_dlc *d; 1708 struct list_head *p, *n; 1709 1710 BT_DBG("session %p state %ld", s, s->state); 1711 1712 list_for_each_safe(p, n, &s->dlcs) { 1713 d = list_entry(p, struct rfcomm_dlc, list); 1714 1715 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) { 1716 __rfcomm_dlc_close(d, ETIMEDOUT); 1717 continue; 1718 } 1719 1720 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) { 1721 rfcomm_dlc_clear_timer(d); 1722 if (d->out) { 1723 rfcomm_send_pn(s, 1, d); 1724 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 1725 } else 1726 rfcomm_dlc_accept(d); 1727 if (d->link_mode & RFCOMM_LM_SECURE) { 1728 struct sock *sk = s->sock->sk; 1729 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon); 1730 } 1731 continue; 1732 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) { 1733 rfcomm_dlc_clear_timer(d); 1734 if (!d->out) 1735 rfcomm_send_dm(s, d->dlci); 1736 else 1737 d->state = BT_CLOSED; 1738 __rfcomm_dlc_close(d, ECONNREFUSED); 1739 continue; 1740 } 1741 1742 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags)) 1743 continue; 1744 1745 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) && 1746 d->mscex == RFCOMM_MSCEX_OK) 1747 rfcomm_process_tx(d); 1748 } 1749 } 1750 1751 static inline void rfcomm_process_rx(struct rfcomm_session *s) 1752 { 1753 struct socket *sock = s->sock; 1754 struct sock *sk = sock->sk; 1755 struct sk_buff *skb; 1756 1757 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue)); 1758 1759 /* Get data directly from socket receive queue without copying it. */ 1760 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 1761 skb_orphan(skb); 1762 rfcomm_recv_frame(s, skb); 1763 } 1764 1765 if (sk->sk_state == BT_CLOSED) { 1766 if (!s->initiator) 1767 rfcomm_session_put(s); 1768 1769 rfcomm_session_close(s, sk->sk_err); 1770 } 1771 } 1772 1773 static inline void rfcomm_accept_connection(struct rfcomm_session *s) 1774 { 1775 struct socket *sock = s->sock, *nsock; 1776 int err; 1777 1778 /* Fast check for a new connection. 1779 * Avoids unnesesary socket allocations. */ 1780 if (list_empty(&bt_sk(sock->sk)->accept_q)) 1781 return; 1782 1783 BT_DBG("session %p", s); 1784 1785 err = kernel_accept(sock, &nsock, O_NONBLOCK); 1786 if (err < 0) 1787 return; 1788 1789 __module_get(nsock->ops->owner); 1790 1791 /* Set our callbacks */ 1792 nsock->sk->sk_data_ready = rfcomm_l2data_ready; 1793 nsock->sk->sk_state_change = rfcomm_l2state_change; 1794 1795 s = rfcomm_session_add(nsock, BT_OPEN); 1796 if (s) { 1797 rfcomm_session_hold(s); 1798 1799 /* We should adjust MTU on incoming sessions. 1800 * L2CAP MTU minus UIH header and FCS. */ 1801 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5; 1802 1803 rfcomm_schedule(RFCOMM_SCHED_RX); 1804 } else 1805 sock_release(nsock); 1806 } 1807 1808 static inline void rfcomm_check_connection(struct rfcomm_session *s) 1809 { 1810 struct sock *sk = s->sock->sk; 1811 1812 BT_DBG("%p state %ld", s, s->state); 1813 1814 switch(sk->sk_state) { 1815 case BT_CONNECTED: 1816 s->state = BT_CONNECT; 1817 1818 /* We can adjust MTU on outgoing sessions. 1819 * L2CAP MTU minus UIH header and FCS. */ 1820 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5; 1821 1822 rfcomm_send_sabm(s, 0); 1823 break; 1824 1825 case BT_CLOSED: 1826 s->state = BT_CLOSED; 1827 rfcomm_session_close(s, sk->sk_err); 1828 break; 1829 } 1830 } 1831 1832 static inline void rfcomm_process_sessions(void) 1833 { 1834 struct list_head *p, *n; 1835 1836 rfcomm_lock(); 1837 1838 list_for_each_safe(p, n, &session_list) { 1839 struct rfcomm_session *s; 1840 s = list_entry(p, struct rfcomm_session, list); 1841 1842 if (s->state == BT_LISTEN) { 1843 rfcomm_accept_connection(s); 1844 continue; 1845 } 1846 1847 rfcomm_session_hold(s); 1848 1849 switch (s->state) { 1850 case BT_BOUND: 1851 rfcomm_check_connection(s); 1852 break; 1853 1854 default: 1855 rfcomm_process_rx(s); 1856 break; 1857 } 1858 1859 rfcomm_process_dlcs(s); 1860 1861 rfcomm_session_put(s); 1862 } 1863 1864 rfcomm_unlock(); 1865 } 1866 1867 static int rfcomm_add_listener(bdaddr_t *ba) 1868 { 1869 struct sockaddr_l2 addr; 1870 struct socket *sock; 1871 struct sock *sk; 1872 struct rfcomm_session *s; 1873 int err = 0; 1874 1875 /* Create socket */ 1876 err = rfcomm_l2sock_create(&sock); 1877 if (err < 0) { 1878 BT_ERR("Create socket failed %d", err); 1879 return err; 1880 } 1881 1882 /* Bind socket */ 1883 bacpy(&addr.l2_bdaddr, ba); 1884 addr.l2_family = AF_BLUETOOTH; 1885 addr.l2_psm = htobs(RFCOMM_PSM); 1886 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 1887 if (err < 0) { 1888 BT_ERR("Bind failed %d", err); 1889 goto failed; 1890 } 1891 1892 /* Set L2CAP options */ 1893 sk = sock->sk; 1894 lock_sock(sk); 1895 l2cap_pi(sk)->imtu = l2cap_mtu; 1896 release_sock(sk); 1897 1898 /* Start listening on the socket */ 1899 err = kernel_listen(sock, 10); 1900 if (err) { 1901 BT_ERR("Listen failed %d", err); 1902 goto failed; 1903 } 1904 1905 /* Add listening session */ 1906 s = rfcomm_session_add(sock, BT_LISTEN); 1907 if (!s) 1908 goto failed; 1909 1910 rfcomm_session_hold(s); 1911 return 0; 1912 failed: 1913 sock_release(sock); 1914 return err; 1915 } 1916 1917 static void rfcomm_kill_listener(void) 1918 { 1919 struct rfcomm_session *s; 1920 struct list_head *p, *n; 1921 1922 BT_DBG(""); 1923 1924 list_for_each_safe(p, n, &session_list) { 1925 s = list_entry(p, struct rfcomm_session, list); 1926 rfcomm_session_del(s); 1927 } 1928 } 1929 1930 static int rfcomm_run(void *unused) 1931 { 1932 BT_DBG(""); 1933 1934 set_user_nice(current, -10); 1935 1936 rfcomm_add_listener(BDADDR_ANY); 1937 1938 while (!kthread_should_stop()) { 1939 set_current_state(TASK_INTERRUPTIBLE); 1940 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) { 1941 /* No pending events. Let's sleep. 1942 * Incoming connections and data will wake us up. */ 1943 schedule(); 1944 } 1945 set_current_state(TASK_RUNNING); 1946 1947 /* Process stuff */ 1948 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 1949 rfcomm_process_sessions(); 1950 } 1951 1952 rfcomm_kill_listener(); 1953 1954 return 0; 1955 } 1956 1957 static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status) 1958 { 1959 struct rfcomm_session *s; 1960 struct rfcomm_dlc *d; 1961 struct list_head *p, *n; 1962 1963 BT_DBG("conn %p status 0x%02x", conn, status); 1964 1965 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); 1966 if (!s) 1967 return; 1968 1969 rfcomm_session_hold(s); 1970 1971 list_for_each_safe(p, n, &s->dlcs) { 1972 d = list_entry(p, struct rfcomm_dlc, list); 1973 1974 if ((d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) && 1975 !(conn->link_mode & HCI_LM_ENCRYPT) && !status) 1976 continue; 1977 1978 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 1979 continue; 1980 1981 if (!status) 1982 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 1983 else 1984 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 1985 } 1986 1987 rfcomm_session_put(s); 1988 1989 rfcomm_schedule(RFCOMM_SCHED_AUTH); 1990 } 1991 1992 static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt) 1993 { 1994 struct rfcomm_session *s; 1995 struct rfcomm_dlc *d; 1996 struct list_head *p, *n; 1997 1998 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt); 1999 2000 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); 2001 if (!s) 2002 return; 2003 2004 rfcomm_session_hold(s); 2005 2006 list_for_each_safe(p, n, &s->dlcs) { 2007 d = list_entry(p, struct rfcomm_dlc, list); 2008 2009 if ((d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) && 2010 (d->state == BT_CONNECTED || 2011 d->state == BT_CONFIG) && 2012 !status && encrypt == 0x00) { 2013 __rfcomm_dlc_close(d, ECONNREFUSED); 2014 continue; 2015 } 2016 2017 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 2018 continue; 2019 2020 if (!status && encrypt) 2021 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 2022 else 2023 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 2024 } 2025 2026 rfcomm_session_put(s); 2027 2028 rfcomm_schedule(RFCOMM_SCHED_AUTH); 2029 } 2030 2031 static struct hci_cb rfcomm_cb = { 2032 .name = "RFCOMM", 2033 .auth_cfm = rfcomm_auth_cfm, 2034 .encrypt_cfm = rfcomm_encrypt_cfm 2035 }; 2036 2037 static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf) 2038 { 2039 struct rfcomm_session *s; 2040 struct list_head *pp, *p; 2041 char *str = buf; 2042 2043 rfcomm_lock(); 2044 2045 list_for_each(p, &session_list) { 2046 s = list_entry(p, struct rfcomm_session, list); 2047 list_for_each(pp, &s->dlcs) { 2048 struct sock *sk = s->sock->sk; 2049 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list); 2050 2051 str += sprintf(str, "%s %s %ld %d %d %d %d\n", 2052 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), 2053 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits); 2054 } 2055 } 2056 2057 rfcomm_unlock(); 2058 2059 return (str - buf); 2060 } 2061 2062 static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL); 2063 2064 /* ---- Initialization ---- */ 2065 static int __init rfcomm_init(void) 2066 { 2067 l2cap_load(); 2068 2069 hci_register_cb(&rfcomm_cb); 2070 2071 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd"); 2072 if (IS_ERR(rfcomm_thread)) { 2073 hci_unregister_cb(&rfcomm_cb); 2074 return PTR_ERR(rfcomm_thread); 2075 } 2076 2077 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0) 2078 BT_ERR("Failed to create RFCOMM info file"); 2079 2080 rfcomm_init_sockets(); 2081 2082 #ifdef CONFIG_BT_RFCOMM_TTY 2083 rfcomm_init_ttys(); 2084 #endif 2085 2086 BT_INFO("RFCOMM ver %s", VERSION); 2087 2088 return 0; 2089 } 2090 2091 static void __exit rfcomm_exit(void) 2092 { 2093 class_remove_file(bt_class, &class_attr_rfcomm_dlc); 2094 2095 hci_unregister_cb(&rfcomm_cb); 2096 2097 kthread_stop(rfcomm_thread); 2098 2099 #ifdef CONFIG_BT_RFCOMM_TTY 2100 rfcomm_cleanup_ttys(); 2101 #endif 2102 2103 rfcomm_cleanup_sockets(); 2104 } 2105 2106 module_init(rfcomm_init); 2107 module_exit(rfcomm_exit); 2108 2109 module_param(disable_cfc, bool, 0644); 2110 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control"); 2111 2112 module_param(channel_mtu, int, 0644); 2113 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel"); 2114 2115 module_param(l2cap_mtu, uint, 0644); 2116 MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection"); 2117 2118 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 2119 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION); 2120 MODULE_VERSION(VERSION); 2121 MODULE_LICENSE("GPL"); 2122 MODULE_ALIAS("bt-proto-3"); 2123