core.c revision 5f9018af004fa8635bbbe3ab2dc61e8a686edfaa
1/* 2 RFCOMM implementation for Linux Bluetooth stack (BlueZ). 3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com> 4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org> 5 6 This program is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License version 2 as 8 published by the Free Software Foundation; 9 10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY 14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES 15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, 20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS 21 SOFTWARE IS DISCLAIMED. 22*/ 23 24/* 25 * Bluetooth RFCOMM core. 26 */ 27 28#include <linux/module.h> 29#include <linux/errno.h> 30#include <linux/kernel.h> 31#include <linux/sched.h> 32#include <linux/signal.h> 33#include <linux/init.h> 34#include <linux/wait.h> 35#include <linux/device.h> 36#include <linux/net.h> 37#include <linux/mutex.h> 38#include <linux/kthread.h> 39 40#include <net/sock.h> 41#include <asm/uaccess.h> 42#include <asm/unaligned.h> 43 44#include <net/bluetooth/bluetooth.h> 45#include <net/bluetooth/hci_core.h> 46#include <net/bluetooth/l2cap.h> 47#include <net/bluetooth/rfcomm.h> 48 49#define VERSION "1.11" 50 51static int disable_cfc = 0; 52static int channel_mtu = -1; 53static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU; 54 55static struct task_struct *rfcomm_thread; 56 57static DEFINE_MUTEX(rfcomm_mutex); 58#define rfcomm_lock() mutex_lock(&rfcomm_mutex) 59#define rfcomm_unlock() mutex_unlock(&rfcomm_mutex) 60 61static unsigned long rfcomm_event; 62 63static LIST_HEAD(session_list); 64 65static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len); 66static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci); 67static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci); 68static int rfcomm_queue_disc(struct rfcomm_dlc *d); 69static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type); 70static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d); 71static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig); 72static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len); 73static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits); 74static void rfcomm_make_uih(struct sk_buff *skb, u8 addr); 75 76static void rfcomm_process_connect(struct rfcomm_session *s); 77 78static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err); 79static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst); 80static void rfcomm_session_del(struct rfcomm_session *s); 81 82/* ---- RFCOMM frame parsing macros ---- */ 83#define __get_dlci(b) ((b & 0xfc) >> 2) 84#define __get_channel(b) ((b & 0xf8) >> 3) 85#define __get_dir(b) ((b & 0x04) >> 2) 86#define __get_type(b) ((b & 0xef)) 87 88#define __test_ea(b) ((b & 0x01)) 89#define __test_cr(b) ((b & 0x02)) 90#define __test_pf(b) ((b & 0x10)) 91 92#define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01) 93#define __ctrl(type, pf) (((type & 0xef) | (pf << 4))) 94#define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir) 95#define __srv_channel(dlci) (dlci >> 1) 96#define __dir(dlci) (dlci & 0x01) 97 98#define __len8(len) (((len) << 1) | 1) 99#define __len16(len) ((len) << 1) 100 101/* MCC macros */ 102#define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01)) 103#define __get_mcc_type(b) ((b & 0xfc) >> 2) 104#define __get_mcc_len(b) ((b & 0xfe) >> 1) 105 106/* RPN macros */ 107#define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3)) 108#define __get_rpn_data_bits(line) ((line) & 0x3) 109#define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1) 110#define __get_rpn_parity(line) (((line) >> 3) & 0x7) 111 112static inline void rfcomm_schedule(uint event) 113{ 114 if (!rfcomm_thread) 115 return; 116 //set_bit(event, &rfcomm_event); 117 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 118 wake_up_process(rfcomm_thread); 119} 120 121static inline void rfcomm_session_put(struct rfcomm_session *s) 122{ 123 if (atomic_dec_and_test(&s->refcnt)) 124 rfcomm_session_del(s); 125} 126 127/* ---- RFCOMM FCS computation ---- */ 128 129/* reversed, 8-bit, poly=0x07 */ 130static unsigned char rfcomm_crc_table[256] = { 131 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75, 132 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b, 133 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69, 134 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67, 135 136 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d, 137 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43, 138 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51, 139 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f, 140 141 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05, 142 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b, 143 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19, 144 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17, 145 146 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d, 147 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33, 148 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21, 149 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f, 150 151 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95, 152 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b, 153 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89, 154 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87, 155 156 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad, 157 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3, 158 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1, 159 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf, 160 161 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5, 162 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb, 163 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9, 164 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7, 165 166 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd, 167 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3, 168 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1, 169 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf 170}; 171 172/* CRC on 2 bytes */ 173#define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]]) 174 175/* FCS on 2 bytes */ 176static inline u8 __fcs(u8 *data) 177{ 178 return (0xff - __crc(data)); 179} 180 181/* FCS on 3 bytes */ 182static inline u8 __fcs2(u8 *data) 183{ 184 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]); 185} 186 187/* Check FCS */ 188static inline int __check_fcs(u8 *data, int type, u8 fcs) 189{ 190 u8 f = __crc(data); 191 192 if (type != RFCOMM_UIH) 193 f = rfcomm_crc_table[f ^ data[2]]; 194 195 return rfcomm_crc_table[f ^ fcs] != 0xcf; 196} 197 198/* ---- L2CAP callbacks ---- */ 199static void rfcomm_l2state_change(struct sock *sk) 200{ 201 BT_DBG("%p state %d", sk, sk->sk_state); 202 rfcomm_schedule(RFCOMM_SCHED_STATE); 203} 204 205static void rfcomm_l2data_ready(struct sock *sk, int bytes) 206{ 207 BT_DBG("%p bytes %d", sk, bytes); 208 rfcomm_schedule(RFCOMM_SCHED_RX); 209} 210 211static int rfcomm_l2sock_create(struct socket **sock) 212{ 213 int err; 214 215 BT_DBG(""); 216 217 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock); 218 if (!err) { 219 struct sock *sk = (*sock)->sk; 220 sk->sk_data_ready = rfcomm_l2data_ready; 221 sk->sk_state_change = rfcomm_l2state_change; 222 } 223 return err; 224} 225 226static inline int rfcomm_check_security(struct rfcomm_dlc *d) 227{ 228 struct sock *sk = d->session->sock->sk; 229 230 return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level); 231} 232 233/* ---- RFCOMM DLCs ---- */ 234static void rfcomm_dlc_timeout(unsigned long arg) 235{ 236 struct rfcomm_dlc *d = (void *) arg; 237 238 BT_DBG("dlc %p state %ld", d, d->state); 239 240 set_bit(RFCOMM_TIMED_OUT, &d->flags); 241 rfcomm_dlc_put(d); 242 rfcomm_schedule(RFCOMM_SCHED_TIMEO); 243} 244 245static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout) 246{ 247 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout); 248 249 if (!mod_timer(&d->timer, jiffies + timeout)) 250 rfcomm_dlc_hold(d); 251} 252 253static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d) 254{ 255 BT_DBG("dlc %p state %ld", d, d->state); 256 257 if (timer_pending(&d->timer) && del_timer(&d->timer)) 258 rfcomm_dlc_put(d); 259} 260 261static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d) 262{ 263 BT_DBG("%p", d); 264 265 d->state = BT_OPEN; 266 d->flags = 0; 267 d->mscex = 0; 268 d->mtu = RFCOMM_DEFAULT_MTU; 269 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV; 270 271 d->cfc = RFCOMM_CFC_DISABLED; 272 d->rx_credits = RFCOMM_DEFAULT_CREDITS; 273} 274 275struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio) 276{ 277 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio); 278 279 if (!d) 280 return NULL; 281 282 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d); 283 284 skb_queue_head_init(&d->tx_queue); 285 spin_lock_init(&d->lock); 286 atomic_set(&d->refcnt, 1); 287 288 rfcomm_dlc_clear_state(d); 289 290 BT_DBG("%p", d); 291 292 return d; 293} 294 295void rfcomm_dlc_free(struct rfcomm_dlc *d) 296{ 297 BT_DBG("%p", d); 298 299 skb_queue_purge(&d->tx_queue); 300 kfree(d); 301} 302 303static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d) 304{ 305 BT_DBG("dlc %p session %p", d, s); 306 307 rfcomm_session_hold(s); 308 309 rfcomm_dlc_hold(d); 310 list_add(&d->list, &s->dlcs); 311 d->session = s; 312} 313 314static void rfcomm_dlc_unlink(struct rfcomm_dlc *d) 315{ 316 struct rfcomm_session *s = d->session; 317 318 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s); 319 320 list_del(&d->list); 321 d->session = NULL; 322 rfcomm_dlc_put(d); 323 324 rfcomm_session_put(s); 325} 326 327static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci) 328{ 329 struct rfcomm_dlc *d; 330 struct list_head *p; 331 332 list_for_each(p, &s->dlcs) { 333 d = list_entry(p, struct rfcomm_dlc, list); 334 if (d->dlci == dlci) 335 return d; 336 } 337 return NULL; 338} 339 340static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 341{ 342 struct rfcomm_session *s; 343 int err = 0; 344 u8 dlci; 345 346 BT_DBG("dlc %p state %ld %s %s channel %d", 347 d, d->state, batostr(src), batostr(dst), channel); 348 349 if (channel < 1 || channel > 30) 350 return -EINVAL; 351 352 if (d->state != BT_OPEN && d->state != BT_CLOSED) 353 return 0; 354 355 s = rfcomm_session_get(src, dst); 356 if (!s) { 357 s = rfcomm_session_create(src, dst, &err); 358 if (!s) 359 return err; 360 } 361 362 dlci = __dlci(!s->initiator, channel); 363 364 /* Check if DLCI already exists */ 365 if (rfcomm_dlc_get(s, dlci)) 366 return -EBUSY; 367 368 rfcomm_dlc_clear_state(d); 369 370 d->dlci = dlci; 371 d->addr = __addr(s->initiator, dlci); 372 d->priority = 7; 373 374 d->state = BT_CONFIG; 375 rfcomm_dlc_link(s, d); 376 377 d->out = 1; 378 379 d->mtu = s->mtu; 380 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc; 381 382 if (s->state == BT_CONNECTED) { 383 if (rfcomm_check_security(d)) 384 rfcomm_send_pn(s, 1, d); 385 else 386 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 387 } 388 389 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 390 391 return 0; 392} 393 394int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel) 395{ 396 int r; 397 398 rfcomm_lock(); 399 400 r = __rfcomm_dlc_open(d, src, dst, channel); 401 402 rfcomm_unlock(); 403 return r; 404} 405 406static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 407{ 408 struct rfcomm_session *s = d->session; 409 if (!s) 410 return 0; 411 412 BT_DBG("dlc %p state %ld dlci %d err %d session %p", 413 d, d->state, d->dlci, err, s); 414 415 switch (d->state) { 416 case BT_CONNECT: 417 case BT_CONFIG: 418 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 419 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 420 rfcomm_schedule(RFCOMM_SCHED_AUTH); 421 break; 422 } 423 /* Fall through */ 424 425 case BT_CONNECTED: 426 d->state = BT_DISCONN; 427 if (skb_queue_empty(&d->tx_queue)) { 428 rfcomm_send_disc(s, d->dlci); 429 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT); 430 } else { 431 rfcomm_queue_disc(d); 432 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2); 433 } 434 break; 435 436 case BT_OPEN: 437 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 438 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 439 rfcomm_schedule(RFCOMM_SCHED_AUTH); 440 break; 441 } 442 /* Fall through */ 443 444 default: 445 rfcomm_dlc_clear_timer(d); 446 447 rfcomm_dlc_lock(d); 448 d->state = BT_CLOSED; 449 d->state_change(d, err); 450 rfcomm_dlc_unlock(d); 451 452 skb_queue_purge(&d->tx_queue); 453 rfcomm_dlc_unlink(d); 454 } 455 456 return 0; 457} 458 459int rfcomm_dlc_close(struct rfcomm_dlc *d, int err) 460{ 461 int r; 462 463 rfcomm_lock(); 464 465 r = __rfcomm_dlc_close(d, err); 466 467 rfcomm_unlock(); 468 return r; 469} 470 471int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb) 472{ 473 int len = skb->len; 474 475 if (d->state != BT_CONNECTED) 476 return -ENOTCONN; 477 478 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len); 479 480 if (len > d->mtu) 481 return -EINVAL; 482 483 rfcomm_make_uih(skb, d->addr); 484 skb_queue_tail(&d->tx_queue, skb); 485 486 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 487 rfcomm_schedule(RFCOMM_SCHED_TX); 488 return len; 489} 490 491void __rfcomm_dlc_throttle(struct rfcomm_dlc *d) 492{ 493 BT_DBG("dlc %p state %ld", d, d->state); 494 495 if (!d->cfc) { 496 d->v24_sig |= RFCOMM_V24_FC; 497 set_bit(RFCOMM_MSC_PENDING, &d->flags); 498 } 499 rfcomm_schedule(RFCOMM_SCHED_TX); 500} 501 502void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d) 503{ 504 BT_DBG("dlc %p state %ld", d, d->state); 505 506 if (!d->cfc) { 507 d->v24_sig &= ~RFCOMM_V24_FC; 508 set_bit(RFCOMM_MSC_PENDING, &d->flags); 509 } 510 rfcomm_schedule(RFCOMM_SCHED_TX); 511} 512 513/* 514 Set/get modem status functions use _local_ status i.e. what we report 515 to the other side. 516 Remote status is provided by dlc->modem_status() callback. 517 */ 518int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig) 519{ 520 BT_DBG("dlc %p state %ld v24_sig 0x%x", 521 d, d->state, v24_sig); 522 523 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags)) 524 v24_sig |= RFCOMM_V24_FC; 525 else 526 v24_sig &= ~RFCOMM_V24_FC; 527 528 d->v24_sig = v24_sig; 529 530 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags)) 531 rfcomm_schedule(RFCOMM_SCHED_TX); 532 533 return 0; 534} 535 536int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig) 537{ 538 BT_DBG("dlc %p state %ld v24_sig 0x%x", 539 d, d->state, d->v24_sig); 540 541 *v24_sig = d->v24_sig; 542 return 0; 543} 544 545/* ---- RFCOMM sessions ---- */ 546static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state) 547{ 548 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL); 549 550 if (!s) 551 return NULL; 552 553 BT_DBG("session %p sock %p", s, sock); 554 555 INIT_LIST_HEAD(&s->dlcs); 556 s->state = state; 557 s->sock = sock; 558 559 s->mtu = RFCOMM_DEFAULT_MTU; 560 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN; 561 562 /* Do not increment module usage count for listening sessions. 563 * Otherwise we won't be able to unload the module. */ 564 if (state != BT_LISTEN) 565 if (!try_module_get(THIS_MODULE)) { 566 kfree(s); 567 return NULL; 568 } 569 570 list_add(&s->list, &session_list); 571 572 return s; 573} 574 575static void rfcomm_session_del(struct rfcomm_session *s) 576{ 577 int state = s->state; 578 579 BT_DBG("session %p state %ld", s, s->state); 580 581 list_del(&s->list); 582 583 if (state == BT_CONNECTED) 584 rfcomm_send_disc(s, 0); 585 586 sock_release(s->sock); 587 kfree(s); 588 589 if (state != BT_LISTEN) 590 module_put(THIS_MODULE); 591} 592 593static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst) 594{ 595 struct rfcomm_session *s; 596 struct list_head *p, *n; 597 struct bt_sock *sk; 598 list_for_each_safe(p, n, &session_list) { 599 s = list_entry(p, struct rfcomm_session, list); 600 sk = bt_sk(s->sock->sk); 601 602 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) && 603 !bacmp(&sk->dst, dst)) 604 return s; 605 } 606 return NULL; 607} 608 609static void rfcomm_session_close(struct rfcomm_session *s, int err) 610{ 611 struct rfcomm_dlc *d; 612 struct list_head *p, *n; 613 614 BT_DBG("session %p state %ld err %d", s, s->state, err); 615 616 rfcomm_session_hold(s); 617 618 s->state = BT_CLOSED; 619 620 /* Close all dlcs */ 621 list_for_each_safe(p, n, &s->dlcs) { 622 d = list_entry(p, struct rfcomm_dlc, list); 623 d->state = BT_CLOSED; 624 __rfcomm_dlc_close(d, err); 625 } 626 627 rfcomm_session_put(s); 628} 629 630static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err) 631{ 632 struct rfcomm_session *s = NULL; 633 struct sockaddr_l2 addr; 634 struct socket *sock; 635 struct sock *sk; 636 637 BT_DBG("%s %s", batostr(src), batostr(dst)); 638 639 *err = rfcomm_l2sock_create(&sock); 640 if (*err < 0) 641 return NULL; 642 643 bacpy(&addr.l2_bdaddr, src); 644 addr.l2_family = AF_BLUETOOTH; 645 addr.l2_psm = 0; 646 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 647 if (*err < 0) 648 goto failed; 649 650 /* Set L2CAP options */ 651 sk = sock->sk; 652 lock_sock(sk); 653 l2cap_pi(sk)->imtu = l2cap_mtu; 654 release_sock(sk); 655 656 s = rfcomm_session_add(sock, BT_BOUND); 657 if (!s) { 658 *err = -ENOMEM; 659 goto failed; 660 } 661 662 s->initiator = 1; 663 664 bacpy(&addr.l2_bdaddr, dst); 665 addr.l2_family = AF_BLUETOOTH; 666 addr.l2_psm = htobs(RFCOMM_PSM); 667 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK); 668 if (*err == 0 || *err == -EINPROGRESS) 669 return s; 670 671 rfcomm_session_del(s); 672 return NULL; 673 674failed: 675 sock_release(sock); 676 return NULL; 677} 678 679void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst) 680{ 681 struct sock *sk = s->sock->sk; 682 if (src) 683 bacpy(src, &bt_sk(sk)->src); 684 if (dst) 685 bacpy(dst, &bt_sk(sk)->dst); 686} 687 688/* ---- RFCOMM frame sending ---- */ 689static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len) 690{ 691 struct socket *sock = s->sock; 692 struct kvec iv = { data, len }; 693 struct msghdr msg; 694 695 BT_DBG("session %p len %d", s, len); 696 697 memset(&msg, 0, sizeof(msg)); 698 699 return kernel_sendmsg(sock, &msg, &iv, 1, len); 700} 701 702static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci) 703{ 704 struct rfcomm_cmd cmd; 705 706 BT_DBG("%p dlci %d", s, dlci); 707 708 cmd.addr = __addr(s->initiator, dlci); 709 cmd.ctrl = __ctrl(RFCOMM_SABM, 1); 710 cmd.len = __len8(0); 711 cmd.fcs = __fcs2((u8 *) &cmd); 712 713 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 714} 715 716static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci) 717{ 718 struct rfcomm_cmd cmd; 719 720 BT_DBG("%p dlci %d", s, dlci); 721 722 cmd.addr = __addr(!s->initiator, dlci); 723 cmd.ctrl = __ctrl(RFCOMM_UA, 1); 724 cmd.len = __len8(0); 725 cmd.fcs = __fcs2((u8 *) &cmd); 726 727 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 728} 729 730static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci) 731{ 732 struct rfcomm_cmd cmd; 733 734 BT_DBG("%p dlci %d", s, dlci); 735 736 cmd.addr = __addr(s->initiator, dlci); 737 cmd.ctrl = __ctrl(RFCOMM_DISC, 1); 738 cmd.len = __len8(0); 739 cmd.fcs = __fcs2((u8 *) &cmd); 740 741 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 742} 743 744static int rfcomm_queue_disc(struct rfcomm_dlc *d) 745{ 746 struct rfcomm_cmd *cmd; 747 struct sk_buff *skb; 748 749 BT_DBG("dlc %p dlci %d", d, d->dlci); 750 751 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL); 752 if (!skb) 753 return -ENOMEM; 754 755 cmd = (void *) __skb_put(skb, sizeof(*cmd)); 756 cmd->addr = d->addr; 757 cmd->ctrl = __ctrl(RFCOMM_DISC, 1); 758 cmd->len = __len8(0); 759 cmd->fcs = __fcs2((u8 *) cmd); 760 761 skb_queue_tail(&d->tx_queue, skb); 762 rfcomm_schedule(RFCOMM_SCHED_TX); 763 return 0; 764} 765 766static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci) 767{ 768 struct rfcomm_cmd cmd; 769 770 BT_DBG("%p dlci %d", s, dlci); 771 772 cmd.addr = __addr(!s->initiator, dlci); 773 cmd.ctrl = __ctrl(RFCOMM_DM, 1); 774 cmd.len = __len8(0); 775 cmd.fcs = __fcs2((u8 *) &cmd); 776 777 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd)); 778} 779 780static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type) 781{ 782 struct rfcomm_hdr *hdr; 783 struct rfcomm_mcc *mcc; 784 u8 buf[16], *ptr = buf; 785 786 BT_DBG("%p cr %d type %d", s, cr, type); 787 788 hdr = (void *) ptr; ptr += sizeof(*hdr); 789 hdr->addr = __addr(s->initiator, 0); 790 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 791 hdr->len = __len8(sizeof(*mcc) + 1); 792 793 mcc = (void *) ptr; ptr += sizeof(*mcc); 794 mcc->type = __mcc_type(cr, RFCOMM_NSC); 795 mcc->len = __len8(1); 796 797 /* Type that we didn't like */ 798 *ptr = __mcc_type(cr, type); ptr++; 799 800 *ptr = __fcs(buf); ptr++; 801 802 return rfcomm_send_frame(s, buf, ptr - buf); 803} 804 805static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d) 806{ 807 struct rfcomm_hdr *hdr; 808 struct rfcomm_mcc *mcc; 809 struct rfcomm_pn *pn; 810 u8 buf[16], *ptr = buf; 811 812 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu); 813 814 hdr = (void *) ptr; ptr += sizeof(*hdr); 815 hdr->addr = __addr(s->initiator, 0); 816 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 817 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn)); 818 819 mcc = (void *) ptr; ptr += sizeof(*mcc); 820 mcc->type = __mcc_type(cr, RFCOMM_PN); 821 mcc->len = __len8(sizeof(*pn)); 822 823 pn = (void *) ptr; ptr += sizeof(*pn); 824 pn->dlci = d->dlci; 825 pn->priority = d->priority; 826 pn->ack_timer = 0; 827 pn->max_retrans = 0; 828 829 if (s->cfc) { 830 pn->flow_ctrl = cr ? 0xf0 : 0xe0; 831 pn->credits = RFCOMM_DEFAULT_CREDITS; 832 } else { 833 pn->flow_ctrl = 0; 834 pn->credits = 0; 835 } 836 837 if (cr && channel_mtu >= 0) 838 pn->mtu = htobs(channel_mtu); 839 else 840 pn->mtu = htobs(d->mtu); 841 842 *ptr = __fcs(buf); ptr++; 843 844 return rfcomm_send_frame(s, buf, ptr - buf); 845} 846 847int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci, 848 u8 bit_rate, u8 data_bits, u8 stop_bits, 849 u8 parity, u8 flow_ctrl_settings, 850 u8 xon_char, u8 xoff_char, u16 param_mask) 851{ 852 struct rfcomm_hdr *hdr; 853 struct rfcomm_mcc *mcc; 854 struct rfcomm_rpn *rpn; 855 u8 buf[16], *ptr = buf; 856 857 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x" 858 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x", 859 s, cr, dlci, bit_rate, data_bits, stop_bits, parity, 860 flow_ctrl_settings, xon_char, xoff_char, param_mask); 861 862 hdr = (void *) ptr; ptr += sizeof(*hdr); 863 hdr->addr = __addr(s->initiator, 0); 864 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 865 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn)); 866 867 mcc = (void *) ptr; ptr += sizeof(*mcc); 868 mcc->type = __mcc_type(cr, RFCOMM_RPN); 869 mcc->len = __len8(sizeof(*rpn)); 870 871 rpn = (void *) ptr; ptr += sizeof(*rpn); 872 rpn->dlci = __addr(1, dlci); 873 rpn->bit_rate = bit_rate; 874 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity); 875 rpn->flow_ctrl = flow_ctrl_settings; 876 rpn->xon_char = xon_char; 877 rpn->xoff_char = xoff_char; 878 rpn->param_mask = cpu_to_le16(param_mask); 879 880 *ptr = __fcs(buf); ptr++; 881 882 return rfcomm_send_frame(s, buf, ptr - buf); 883} 884 885static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status) 886{ 887 struct rfcomm_hdr *hdr; 888 struct rfcomm_mcc *mcc; 889 struct rfcomm_rls *rls; 890 u8 buf[16], *ptr = buf; 891 892 BT_DBG("%p cr %d status 0x%x", s, cr, status); 893 894 hdr = (void *) ptr; ptr += sizeof(*hdr); 895 hdr->addr = __addr(s->initiator, 0); 896 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 897 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls)); 898 899 mcc = (void *) ptr; ptr += sizeof(*mcc); 900 mcc->type = __mcc_type(cr, RFCOMM_RLS); 901 mcc->len = __len8(sizeof(*rls)); 902 903 rls = (void *) ptr; ptr += sizeof(*rls); 904 rls->dlci = __addr(1, dlci); 905 rls->status = status; 906 907 *ptr = __fcs(buf); ptr++; 908 909 return rfcomm_send_frame(s, buf, ptr - buf); 910} 911 912static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig) 913{ 914 struct rfcomm_hdr *hdr; 915 struct rfcomm_mcc *mcc; 916 struct rfcomm_msc *msc; 917 u8 buf[16], *ptr = buf; 918 919 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig); 920 921 hdr = (void *) ptr; ptr += sizeof(*hdr); 922 hdr->addr = __addr(s->initiator, 0); 923 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 924 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc)); 925 926 mcc = (void *) ptr; ptr += sizeof(*mcc); 927 mcc->type = __mcc_type(cr, RFCOMM_MSC); 928 mcc->len = __len8(sizeof(*msc)); 929 930 msc = (void *) ptr; ptr += sizeof(*msc); 931 msc->dlci = __addr(1, dlci); 932 msc->v24_sig = v24_sig | 0x01; 933 934 *ptr = __fcs(buf); ptr++; 935 936 return rfcomm_send_frame(s, buf, ptr - buf); 937} 938 939static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr) 940{ 941 struct rfcomm_hdr *hdr; 942 struct rfcomm_mcc *mcc; 943 u8 buf[16], *ptr = buf; 944 945 BT_DBG("%p cr %d", s, cr); 946 947 hdr = (void *) ptr; ptr += sizeof(*hdr); 948 hdr->addr = __addr(s->initiator, 0); 949 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 950 hdr->len = __len8(sizeof(*mcc)); 951 952 mcc = (void *) ptr; ptr += sizeof(*mcc); 953 mcc->type = __mcc_type(cr, RFCOMM_FCOFF); 954 mcc->len = __len8(0); 955 956 *ptr = __fcs(buf); ptr++; 957 958 return rfcomm_send_frame(s, buf, ptr - buf); 959} 960 961static int rfcomm_send_fcon(struct rfcomm_session *s, int cr) 962{ 963 struct rfcomm_hdr *hdr; 964 struct rfcomm_mcc *mcc; 965 u8 buf[16], *ptr = buf; 966 967 BT_DBG("%p cr %d", s, cr); 968 969 hdr = (void *) ptr; ptr += sizeof(*hdr); 970 hdr->addr = __addr(s->initiator, 0); 971 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 972 hdr->len = __len8(sizeof(*mcc)); 973 974 mcc = (void *) ptr; ptr += sizeof(*mcc); 975 mcc->type = __mcc_type(cr, RFCOMM_FCON); 976 mcc->len = __len8(0); 977 978 *ptr = __fcs(buf); ptr++; 979 980 return rfcomm_send_frame(s, buf, ptr - buf); 981} 982 983static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len) 984{ 985 struct socket *sock = s->sock; 986 struct kvec iv[3]; 987 struct msghdr msg; 988 unsigned char hdr[5], crc[1]; 989 990 if (len > 125) 991 return -EINVAL; 992 993 BT_DBG("%p cr %d", s, cr); 994 995 hdr[0] = __addr(s->initiator, 0); 996 hdr[1] = __ctrl(RFCOMM_UIH, 0); 997 hdr[2] = 0x01 | ((len + 2) << 1); 998 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2); 999 hdr[4] = 0x01 | (len << 1); 1000 1001 crc[0] = __fcs(hdr); 1002 1003 iv[0].iov_base = hdr; 1004 iv[0].iov_len = 5; 1005 iv[1].iov_base = pattern; 1006 iv[1].iov_len = len; 1007 iv[2].iov_base = crc; 1008 iv[2].iov_len = 1; 1009 1010 memset(&msg, 0, sizeof(msg)); 1011 1012 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len); 1013} 1014 1015static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits) 1016{ 1017 struct rfcomm_hdr *hdr; 1018 u8 buf[16], *ptr = buf; 1019 1020 BT_DBG("%p addr %d credits %d", s, addr, credits); 1021 1022 hdr = (void *) ptr; ptr += sizeof(*hdr); 1023 hdr->addr = addr; 1024 hdr->ctrl = __ctrl(RFCOMM_UIH, 1); 1025 hdr->len = __len8(0); 1026 1027 *ptr = credits; ptr++; 1028 1029 *ptr = __fcs(buf); ptr++; 1030 1031 return rfcomm_send_frame(s, buf, ptr - buf); 1032} 1033 1034static void rfcomm_make_uih(struct sk_buff *skb, u8 addr) 1035{ 1036 struct rfcomm_hdr *hdr; 1037 int len = skb->len; 1038 u8 *crc; 1039 1040 if (len > 127) { 1041 hdr = (void *) skb_push(skb, 4); 1042 put_unaligned(htobs(__len16(len)), (__le16 *) &hdr->len); 1043 } else { 1044 hdr = (void *) skb_push(skb, 3); 1045 hdr->len = __len8(len); 1046 } 1047 hdr->addr = addr; 1048 hdr->ctrl = __ctrl(RFCOMM_UIH, 0); 1049 1050 crc = skb_put(skb, 1); 1051 *crc = __fcs((void *) hdr); 1052} 1053 1054/* ---- RFCOMM frame reception ---- */ 1055static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci) 1056{ 1057 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1058 1059 if (dlci) { 1060 /* Data channel */ 1061 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1062 if (!d) { 1063 rfcomm_send_dm(s, dlci); 1064 return 0; 1065 } 1066 1067 switch (d->state) { 1068 case BT_CONNECT: 1069 rfcomm_dlc_clear_timer(d); 1070 1071 rfcomm_dlc_lock(d); 1072 d->state = BT_CONNECTED; 1073 d->state_change(d, 0); 1074 rfcomm_dlc_unlock(d); 1075 1076 rfcomm_send_msc(s, 1, dlci, d->v24_sig); 1077 break; 1078 1079 case BT_DISCONN: 1080 d->state = BT_CLOSED; 1081 __rfcomm_dlc_close(d, 0); 1082 1083 if (list_empty(&s->dlcs)) { 1084 s->state = BT_DISCONN; 1085 rfcomm_send_disc(s, 0); 1086 } 1087 1088 break; 1089 } 1090 } else { 1091 /* Control channel */ 1092 switch (s->state) { 1093 case BT_CONNECT: 1094 s->state = BT_CONNECTED; 1095 rfcomm_process_connect(s); 1096 break; 1097 1098 case BT_DISCONN: 1099 rfcomm_session_put(s); 1100 break; 1101 } 1102 } 1103 return 0; 1104} 1105 1106static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci) 1107{ 1108 int err = 0; 1109 1110 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1111 1112 if (dlci) { 1113 /* Data DLC */ 1114 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1115 if (d) { 1116 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1117 err = ECONNREFUSED; 1118 else 1119 err = ECONNRESET; 1120 1121 d->state = BT_CLOSED; 1122 __rfcomm_dlc_close(d, err); 1123 } 1124 } else { 1125 if (s->state == BT_CONNECT) 1126 err = ECONNREFUSED; 1127 else 1128 err = ECONNRESET; 1129 1130 s->state = BT_CLOSED; 1131 rfcomm_session_close(s, err); 1132 } 1133 return 0; 1134} 1135 1136static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci) 1137{ 1138 int err = 0; 1139 1140 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1141 1142 if (dlci) { 1143 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci); 1144 if (d) { 1145 rfcomm_send_ua(s, dlci); 1146 1147 if (d->state == BT_CONNECT || d->state == BT_CONFIG) 1148 err = ECONNREFUSED; 1149 else 1150 err = ECONNRESET; 1151 1152 d->state = BT_CLOSED; 1153 __rfcomm_dlc_close(d, err); 1154 } else 1155 rfcomm_send_dm(s, dlci); 1156 1157 } else { 1158 rfcomm_send_ua(s, 0); 1159 1160 if (s->state == BT_CONNECT) 1161 err = ECONNREFUSED; 1162 else 1163 err = ECONNRESET; 1164 1165 s->state = BT_CLOSED; 1166 rfcomm_session_close(s, err); 1167 } 1168 1169 return 0; 1170} 1171 1172void rfcomm_dlc_accept(struct rfcomm_dlc *d) 1173{ 1174 struct sock *sk = d->session->sock->sk; 1175 1176 BT_DBG("dlc %p", d); 1177 1178 rfcomm_send_ua(d->session, d->dlci); 1179 1180 rfcomm_dlc_lock(d); 1181 d->state = BT_CONNECTED; 1182 d->state_change(d, 0); 1183 rfcomm_dlc_unlock(d); 1184 1185 if (d->role_switch) 1186 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00); 1187 1188 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1189} 1190 1191static void rfcomm_check_accept(struct rfcomm_dlc *d) 1192{ 1193 if (rfcomm_check_security(d)) { 1194 if (d->defer_setup) { 1195 set_bit(RFCOMM_DEFER_SETUP, &d->flags); 1196 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1197 } else 1198 rfcomm_dlc_accept(d); 1199 } else { 1200 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1201 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1202 } 1203} 1204 1205static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci) 1206{ 1207 struct rfcomm_dlc *d; 1208 u8 channel; 1209 1210 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1211 1212 if (!dlci) { 1213 rfcomm_send_ua(s, 0); 1214 1215 if (s->state == BT_OPEN) { 1216 s->state = BT_CONNECTED; 1217 rfcomm_process_connect(s); 1218 } 1219 return 0; 1220 } 1221 1222 /* Check if DLC exists */ 1223 d = rfcomm_dlc_get(s, dlci); 1224 if (d) { 1225 if (d->state == BT_OPEN) { 1226 /* DLC was previously opened by PN request */ 1227 rfcomm_check_accept(d); 1228 } 1229 return 0; 1230 } 1231 1232 /* Notify socket layer about incoming connection */ 1233 channel = __srv_channel(dlci); 1234 if (rfcomm_connect_ind(s, channel, &d)) { 1235 d->dlci = dlci; 1236 d->addr = __addr(s->initiator, dlci); 1237 rfcomm_dlc_link(s, d); 1238 1239 rfcomm_check_accept(d); 1240 } else { 1241 rfcomm_send_dm(s, dlci); 1242 } 1243 1244 return 0; 1245} 1246 1247static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn) 1248{ 1249 struct rfcomm_session *s = d->session; 1250 1251 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d", 1252 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits); 1253 1254 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) || 1255 pn->flow_ctrl == 0xe0) { 1256 d->cfc = RFCOMM_CFC_ENABLED; 1257 d->tx_credits = pn->credits; 1258 } else { 1259 d->cfc = RFCOMM_CFC_DISABLED; 1260 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1261 } 1262 1263 if (s->cfc == RFCOMM_CFC_UNKNOWN) 1264 s->cfc = d->cfc; 1265 1266 d->priority = pn->priority; 1267 1268 d->mtu = btohs(pn->mtu); 1269 1270 if (cr && d->mtu > s->mtu) 1271 d->mtu = s->mtu; 1272 1273 return 0; 1274} 1275 1276static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1277{ 1278 struct rfcomm_pn *pn = (void *) skb->data; 1279 struct rfcomm_dlc *d; 1280 u8 dlci = pn->dlci; 1281 1282 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci); 1283 1284 if (!dlci) 1285 return 0; 1286 1287 d = rfcomm_dlc_get(s, dlci); 1288 if (d) { 1289 if (cr) { 1290 /* PN request */ 1291 rfcomm_apply_pn(d, cr, pn); 1292 rfcomm_send_pn(s, 0, d); 1293 } else { 1294 /* PN response */ 1295 switch (d->state) { 1296 case BT_CONFIG: 1297 rfcomm_apply_pn(d, cr, pn); 1298 1299 d->state = BT_CONNECT; 1300 rfcomm_send_sabm(s, d->dlci); 1301 break; 1302 } 1303 } 1304 } else { 1305 u8 channel = __srv_channel(dlci); 1306 1307 if (!cr) 1308 return 0; 1309 1310 /* PN request for non existing DLC. 1311 * Assume incoming connection. */ 1312 if (rfcomm_connect_ind(s, channel, &d)) { 1313 d->dlci = dlci; 1314 d->addr = __addr(s->initiator, dlci); 1315 rfcomm_dlc_link(s, d); 1316 1317 rfcomm_apply_pn(d, cr, pn); 1318 1319 d->state = BT_OPEN; 1320 rfcomm_send_pn(s, 0, d); 1321 } else { 1322 rfcomm_send_dm(s, dlci); 1323 } 1324 } 1325 return 0; 1326} 1327 1328static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb) 1329{ 1330 struct rfcomm_rpn *rpn = (void *) skb->data; 1331 u8 dlci = __get_dlci(rpn->dlci); 1332 1333 u8 bit_rate = 0; 1334 u8 data_bits = 0; 1335 u8 stop_bits = 0; 1336 u8 parity = 0; 1337 u8 flow_ctrl = 0; 1338 u8 xon_char = 0; 1339 u8 xoff_char = 0; 1340 u16 rpn_mask = RFCOMM_RPN_PM_ALL; 1341 1342 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x", 1343 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl, 1344 rpn->xon_char, rpn->xoff_char, rpn->param_mask); 1345 1346 if (!cr) 1347 return 0; 1348 1349 if (len == 1) { 1350 /* This is a request, return default settings */ 1351 bit_rate = RFCOMM_RPN_BR_115200; 1352 data_bits = RFCOMM_RPN_DATA_8; 1353 stop_bits = RFCOMM_RPN_STOP_1; 1354 parity = RFCOMM_RPN_PARITY_NONE; 1355 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1356 xon_char = RFCOMM_RPN_XON_CHAR; 1357 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1358 goto rpn_out; 1359 } 1360 1361 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit, 1362 * no parity, no flow control lines, normal XON/XOFF chars */ 1363 1364 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) { 1365 bit_rate = rpn->bit_rate; 1366 if (bit_rate != RFCOMM_RPN_BR_115200) { 1367 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate); 1368 bit_rate = RFCOMM_RPN_BR_115200; 1369 rpn_mask ^= RFCOMM_RPN_PM_BITRATE; 1370 } 1371 } 1372 1373 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) { 1374 data_bits = __get_rpn_data_bits(rpn->line_settings); 1375 if (data_bits != RFCOMM_RPN_DATA_8) { 1376 BT_DBG("RPN data bits mismatch 0x%x", data_bits); 1377 data_bits = RFCOMM_RPN_DATA_8; 1378 rpn_mask ^= RFCOMM_RPN_PM_DATA; 1379 } 1380 } 1381 1382 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) { 1383 stop_bits = __get_rpn_stop_bits(rpn->line_settings); 1384 if (stop_bits != RFCOMM_RPN_STOP_1) { 1385 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits); 1386 stop_bits = RFCOMM_RPN_STOP_1; 1387 rpn_mask ^= RFCOMM_RPN_PM_STOP; 1388 } 1389 } 1390 1391 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) { 1392 parity = __get_rpn_parity(rpn->line_settings); 1393 if (parity != RFCOMM_RPN_PARITY_NONE) { 1394 BT_DBG("RPN parity mismatch 0x%x", parity); 1395 parity = RFCOMM_RPN_PARITY_NONE; 1396 rpn_mask ^= RFCOMM_RPN_PM_PARITY; 1397 } 1398 } 1399 1400 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) { 1401 flow_ctrl = rpn->flow_ctrl; 1402 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) { 1403 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl); 1404 flow_ctrl = RFCOMM_RPN_FLOW_NONE; 1405 rpn_mask ^= RFCOMM_RPN_PM_FLOW; 1406 } 1407 } 1408 1409 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) { 1410 xon_char = rpn->xon_char; 1411 if (xon_char != RFCOMM_RPN_XON_CHAR) { 1412 BT_DBG("RPN XON char mismatch 0x%x", xon_char); 1413 xon_char = RFCOMM_RPN_XON_CHAR; 1414 rpn_mask ^= RFCOMM_RPN_PM_XON; 1415 } 1416 } 1417 1418 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) { 1419 xoff_char = rpn->xoff_char; 1420 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) { 1421 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char); 1422 xoff_char = RFCOMM_RPN_XOFF_CHAR; 1423 rpn_mask ^= RFCOMM_RPN_PM_XOFF; 1424 } 1425 } 1426 1427rpn_out: 1428 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits, 1429 parity, flow_ctrl, xon_char, xoff_char, rpn_mask); 1430 1431 return 0; 1432} 1433 1434static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1435{ 1436 struct rfcomm_rls *rls = (void *) skb->data; 1437 u8 dlci = __get_dlci(rls->dlci); 1438 1439 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status); 1440 1441 if (!cr) 1442 return 0; 1443 1444 /* We should probably do something with this information here. But 1445 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's 1446 * mandatory to recognise and respond to RLS */ 1447 1448 rfcomm_send_rls(s, 0, dlci, rls->status); 1449 1450 return 0; 1451} 1452 1453static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb) 1454{ 1455 struct rfcomm_msc *msc = (void *) skb->data; 1456 struct rfcomm_dlc *d; 1457 u8 dlci = __get_dlci(msc->dlci); 1458 1459 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig); 1460 1461 d = rfcomm_dlc_get(s, dlci); 1462 if (!d) 1463 return 0; 1464 1465 if (cr) { 1466 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc) 1467 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1468 else 1469 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1470 1471 rfcomm_dlc_lock(d); 1472 1473 d->remote_v24_sig = msc->v24_sig; 1474 1475 if (d->modem_status) 1476 d->modem_status(d, msc->v24_sig); 1477 1478 rfcomm_dlc_unlock(d); 1479 1480 rfcomm_send_msc(s, 0, dlci, msc->v24_sig); 1481 1482 d->mscex |= RFCOMM_MSCEX_RX; 1483 } else 1484 d->mscex |= RFCOMM_MSCEX_TX; 1485 1486 return 0; 1487} 1488 1489static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb) 1490{ 1491 struct rfcomm_mcc *mcc = (void *) skb->data; 1492 u8 type, cr, len; 1493 1494 cr = __test_cr(mcc->type); 1495 type = __get_mcc_type(mcc->type); 1496 len = __get_mcc_len(mcc->len); 1497 1498 BT_DBG("%p type 0x%x cr %d", s, type, cr); 1499 1500 skb_pull(skb, 2); 1501 1502 switch (type) { 1503 case RFCOMM_PN: 1504 rfcomm_recv_pn(s, cr, skb); 1505 break; 1506 1507 case RFCOMM_RPN: 1508 rfcomm_recv_rpn(s, cr, len, skb); 1509 break; 1510 1511 case RFCOMM_RLS: 1512 rfcomm_recv_rls(s, cr, skb); 1513 break; 1514 1515 case RFCOMM_MSC: 1516 rfcomm_recv_msc(s, cr, skb); 1517 break; 1518 1519 case RFCOMM_FCOFF: 1520 if (cr) { 1521 set_bit(RFCOMM_TX_THROTTLED, &s->flags); 1522 rfcomm_send_fcoff(s, 0); 1523 } 1524 break; 1525 1526 case RFCOMM_FCON: 1527 if (cr) { 1528 clear_bit(RFCOMM_TX_THROTTLED, &s->flags); 1529 rfcomm_send_fcon(s, 0); 1530 } 1531 break; 1532 1533 case RFCOMM_TEST: 1534 if (cr) 1535 rfcomm_send_test(s, 0, skb->data, skb->len); 1536 break; 1537 1538 case RFCOMM_NSC: 1539 break; 1540 1541 default: 1542 BT_ERR("Unknown control type 0x%02x", type); 1543 rfcomm_send_nsc(s, cr, type); 1544 break; 1545 } 1546 return 0; 1547} 1548 1549static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb) 1550{ 1551 struct rfcomm_dlc *d; 1552 1553 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf); 1554 1555 d = rfcomm_dlc_get(s, dlci); 1556 if (!d) { 1557 rfcomm_send_dm(s, dlci); 1558 goto drop; 1559 } 1560 1561 if (pf && d->cfc) { 1562 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1); 1563 1564 d->tx_credits += credits; 1565 if (d->tx_credits) 1566 clear_bit(RFCOMM_TX_THROTTLED, &d->flags); 1567 } 1568 1569 if (skb->len && d->state == BT_CONNECTED) { 1570 rfcomm_dlc_lock(d); 1571 d->rx_credits--; 1572 d->data_ready(d, skb); 1573 rfcomm_dlc_unlock(d); 1574 return 0; 1575 } 1576 1577drop: 1578 kfree_skb(skb); 1579 return 0; 1580} 1581 1582static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb) 1583{ 1584 struct rfcomm_hdr *hdr = (void *) skb->data; 1585 u8 type, dlci, fcs; 1586 1587 dlci = __get_dlci(hdr->addr); 1588 type = __get_type(hdr->ctrl); 1589 1590 /* Trim FCS */ 1591 skb->len--; skb->tail--; 1592 fcs = *(u8 *)skb_tail_pointer(skb); 1593 1594 if (__check_fcs(skb->data, type, fcs)) { 1595 BT_ERR("bad checksum in packet"); 1596 kfree_skb(skb); 1597 return -EILSEQ; 1598 } 1599 1600 if (__test_ea(hdr->len)) 1601 skb_pull(skb, 3); 1602 else 1603 skb_pull(skb, 4); 1604 1605 switch (type) { 1606 case RFCOMM_SABM: 1607 if (__test_pf(hdr->ctrl)) 1608 rfcomm_recv_sabm(s, dlci); 1609 break; 1610 1611 case RFCOMM_DISC: 1612 if (__test_pf(hdr->ctrl)) 1613 rfcomm_recv_disc(s, dlci); 1614 break; 1615 1616 case RFCOMM_UA: 1617 if (__test_pf(hdr->ctrl)) 1618 rfcomm_recv_ua(s, dlci); 1619 break; 1620 1621 case RFCOMM_DM: 1622 rfcomm_recv_dm(s, dlci); 1623 break; 1624 1625 case RFCOMM_UIH: 1626 if (dlci) 1627 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb); 1628 1629 rfcomm_recv_mcc(s, skb); 1630 break; 1631 1632 default: 1633 BT_ERR("Unknown packet type 0x%02x\n", type); 1634 break; 1635 } 1636 kfree_skb(skb); 1637 return 0; 1638} 1639 1640/* ---- Connection and data processing ---- */ 1641 1642static void rfcomm_process_connect(struct rfcomm_session *s) 1643{ 1644 struct rfcomm_dlc *d; 1645 struct list_head *p, *n; 1646 1647 BT_DBG("session %p state %ld", s, s->state); 1648 1649 list_for_each_safe(p, n, &s->dlcs) { 1650 d = list_entry(p, struct rfcomm_dlc, list); 1651 if (d->state == BT_CONFIG) { 1652 d->mtu = s->mtu; 1653 if (rfcomm_check_security(d)) { 1654 rfcomm_send_pn(s, 1, d); 1655 } else { 1656 set_bit(RFCOMM_AUTH_PENDING, &d->flags); 1657 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1658 } 1659 } 1660 } 1661} 1662 1663/* Send data queued for the DLC. 1664 * Return number of frames left in the queue. 1665 */ 1666static inline int rfcomm_process_tx(struct rfcomm_dlc *d) 1667{ 1668 struct sk_buff *skb; 1669 int err; 1670 1671 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d", 1672 d, d->state, d->cfc, d->rx_credits, d->tx_credits); 1673 1674 /* Send pending MSC */ 1675 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags)) 1676 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig); 1677 1678 if (d->cfc) { 1679 /* CFC enabled. 1680 * Give them some credits */ 1681 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) && 1682 d->rx_credits <= (d->cfc >> 2)) { 1683 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits); 1684 d->rx_credits = d->cfc; 1685 } 1686 } else { 1687 /* CFC disabled. 1688 * Give ourselves some credits */ 1689 d->tx_credits = 5; 1690 } 1691 1692 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags)) 1693 return skb_queue_len(&d->tx_queue); 1694 1695 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) { 1696 err = rfcomm_send_frame(d->session, skb->data, skb->len); 1697 if (err < 0) { 1698 skb_queue_head(&d->tx_queue, skb); 1699 break; 1700 } 1701 kfree_skb(skb); 1702 d->tx_credits--; 1703 } 1704 1705 if (d->cfc && !d->tx_credits) { 1706 /* We're out of TX credits. 1707 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */ 1708 set_bit(RFCOMM_TX_THROTTLED, &d->flags); 1709 } 1710 1711 return skb_queue_len(&d->tx_queue); 1712} 1713 1714static inline void rfcomm_process_dlcs(struct rfcomm_session *s) 1715{ 1716 struct rfcomm_dlc *d; 1717 struct list_head *p, *n; 1718 1719 BT_DBG("session %p state %ld", s, s->state); 1720 1721 list_for_each_safe(p, n, &s->dlcs) { 1722 d = list_entry(p, struct rfcomm_dlc, list); 1723 1724 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) { 1725 __rfcomm_dlc_close(d, ETIMEDOUT); 1726 continue; 1727 } 1728 1729 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) { 1730 rfcomm_dlc_clear_timer(d); 1731 if (d->out) { 1732 rfcomm_send_pn(s, 1, d); 1733 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT); 1734 } else { 1735 if (d->defer_setup) { 1736 set_bit(RFCOMM_DEFER_SETUP, &d->flags); 1737 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1738 } else 1739 rfcomm_dlc_accept(d); 1740 } 1741 continue; 1742 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) { 1743 rfcomm_dlc_clear_timer(d); 1744 if (!d->out) 1745 rfcomm_send_dm(s, d->dlci); 1746 else 1747 d->state = BT_CLOSED; 1748 __rfcomm_dlc_close(d, ECONNREFUSED); 1749 continue; 1750 } 1751 1752 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags)) 1753 continue; 1754 1755 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) && 1756 d->mscex == RFCOMM_MSCEX_OK) 1757 rfcomm_process_tx(d); 1758 } 1759} 1760 1761static inline void rfcomm_process_rx(struct rfcomm_session *s) 1762{ 1763 struct socket *sock = s->sock; 1764 struct sock *sk = sock->sk; 1765 struct sk_buff *skb; 1766 1767 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue)); 1768 1769 /* Get data directly from socket receive queue without copying it. */ 1770 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 1771 skb_orphan(skb); 1772 rfcomm_recv_frame(s, skb); 1773 } 1774 1775 if (sk->sk_state == BT_CLOSED) { 1776 if (!s->initiator) 1777 rfcomm_session_put(s); 1778 1779 rfcomm_session_close(s, sk->sk_err); 1780 } 1781} 1782 1783static inline void rfcomm_accept_connection(struct rfcomm_session *s) 1784{ 1785 struct socket *sock = s->sock, *nsock; 1786 int err; 1787 1788 /* Fast check for a new connection. 1789 * Avoids unnesesary socket allocations. */ 1790 if (list_empty(&bt_sk(sock->sk)->accept_q)) 1791 return; 1792 1793 BT_DBG("session %p", s); 1794 1795 err = kernel_accept(sock, &nsock, O_NONBLOCK); 1796 if (err < 0) 1797 return; 1798 1799 /* Set our callbacks */ 1800 nsock->sk->sk_data_ready = rfcomm_l2data_ready; 1801 nsock->sk->sk_state_change = rfcomm_l2state_change; 1802 1803 s = rfcomm_session_add(nsock, BT_OPEN); 1804 if (s) { 1805 rfcomm_session_hold(s); 1806 1807 /* We should adjust MTU on incoming sessions. 1808 * L2CAP MTU minus UIH header and FCS. */ 1809 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5; 1810 1811 rfcomm_schedule(RFCOMM_SCHED_RX); 1812 } else 1813 sock_release(nsock); 1814} 1815 1816static inline void rfcomm_check_connection(struct rfcomm_session *s) 1817{ 1818 struct sock *sk = s->sock->sk; 1819 1820 BT_DBG("%p state %ld", s, s->state); 1821 1822 switch(sk->sk_state) { 1823 case BT_CONNECTED: 1824 s->state = BT_CONNECT; 1825 1826 /* We can adjust MTU on outgoing sessions. 1827 * L2CAP MTU minus UIH header and FCS. */ 1828 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5; 1829 1830 rfcomm_send_sabm(s, 0); 1831 break; 1832 1833 case BT_CLOSED: 1834 s->state = BT_CLOSED; 1835 rfcomm_session_close(s, sk->sk_err); 1836 break; 1837 } 1838} 1839 1840static inline void rfcomm_process_sessions(void) 1841{ 1842 struct list_head *p, *n; 1843 1844 rfcomm_lock(); 1845 1846 list_for_each_safe(p, n, &session_list) { 1847 struct rfcomm_session *s; 1848 s = list_entry(p, struct rfcomm_session, list); 1849 1850 if (s->state == BT_LISTEN) { 1851 rfcomm_accept_connection(s); 1852 continue; 1853 } 1854 1855 rfcomm_session_hold(s); 1856 1857 switch (s->state) { 1858 case BT_BOUND: 1859 rfcomm_check_connection(s); 1860 break; 1861 1862 default: 1863 rfcomm_process_rx(s); 1864 break; 1865 } 1866 1867 rfcomm_process_dlcs(s); 1868 1869 rfcomm_session_put(s); 1870 } 1871 1872 rfcomm_unlock(); 1873} 1874 1875static int rfcomm_add_listener(bdaddr_t *ba) 1876{ 1877 struct sockaddr_l2 addr; 1878 struct socket *sock; 1879 struct sock *sk; 1880 struct rfcomm_session *s; 1881 int err = 0; 1882 1883 /* Create socket */ 1884 err = rfcomm_l2sock_create(&sock); 1885 if (err < 0) { 1886 BT_ERR("Create socket failed %d", err); 1887 return err; 1888 } 1889 1890 /* Bind socket */ 1891 bacpy(&addr.l2_bdaddr, ba); 1892 addr.l2_family = AF_BLUETOOTH; 1893 addr.l2_psm = htobs(RFCOMM_PSM); 1894 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr)); 1895 if (err < 0) { 1896 BT_ERR("Bind failed %d", err); 1897 goto failed; 1898 } 1899 1900 /* Set L2CAP options */ 1901 sk = sock->sk; 1902 lock_sock(sk); 1903 l2cap_pi(sk)->imtu = l2cap_mtu; 1904 release_sock(sk); 1905 1906 /* Start listening on the socket */ 1907 err = kernel_listen(sock, 10); 1908 if (err) { 1909 BT_ERR("Listen failed %d", err); 1910 goto failed; 1911 } 1912 1913 /* Add listening session */ 1914 s = rfcomm_session_add(sock, BT_LISTEN); 1915 if (!s) 1916 goto failed; 1917 1918 rfcomm_session_hold(s); 1919 return 0; 1920failed: 1921 sock_release(sock); 1922 return err; 1923} 1924 1925static void rfcomm_kill_listener(void) 1926{ 1927 struct rfcomm_session *s; 1928 struct list_head *p, *n; 1929 1930 BT_DBG(""); 1931 1932 list_for_each_safe(p, n, &session_list) { 1933 s = list_entry(p, struct rfcomm_session, list); 1934 rfcomm_session_del(s); 1935 } 1936} 1937 1938static int rfcomm_run(void *unused) 1939{ 1940 BT_DBG(""); 1941 1942 set_user_nice(current, -10); 1943 1944 rfcomm_add_listener(BDADDR_ANY); 1945 1946 while (!kthread_should_stop()) { 1947 set_current_state(TASK_INTERRUPTIBLE); 1948 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) { 1949 /* No pending events. Let's sleep. 1950 * Incoming connections and data will wake us up. */ 1951 schedule(); 1952 } 1953 set_current_state(TASK_RUNNING); 1954 1955 /* Process stuff */ 1956 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event); 1957 rfcomm_process_sessions(); 1958 } 1959 1960 rfcomm_kill_listener(); 1961 1962 return 0; 1963} 1964 1965static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt) 1966{ 1967 struct rfcomm_session *s; 1968 struct rfcomm_dlc *d; 1969 struct list_head *p, *n; 1970 1971 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt); 1972 1973 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst); 1974 if (!s) 1975 return; 1976 1977 rfcomm_session_hold(s); 1978 1979 list_for_each_safe(p, n, &s->dlcs) { 1980 d = list_entry(p, struct rfcomm_dlc, list); 1981 1982 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) { 1983 rfcomm_dlc_clear_timer(d); 1984 if (status || encrypt == 0x00) { 1985 __rfcomm_dlc_close(d, ECONNREFUSED); 1986 continue; 1987 } 1988 } 1989 1990 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) { 1991 if (d->sec_level == BT_SECURITY_MEDIUM) { 1992 set_bit(RFCOMM_SEC_PENDING, &d->flags); 1993 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT); 1994 continue; 1995 } else if (d->sec_level == BT_SECURITY_HIGH) { 1996 __rfcomm_dlc_close(d, ECONNREFUSED); 1997 continue; 1998 } 1999 } 2000 2001 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags)) 2002 continue; 2003 2004 if (!status) 2005 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags); 2006 else 2007 set_bit(RFCOMM_AUTH_REJECT, &d->flags); 2008 } 2009 2010 rfcomm_session_put(s); 2011 2012 rfcomm_schedule(RFCOMM_SCHED_AUTH); 2013} 2014 2015static struct hci_cb rfcomm_cb = { 2016 .name = "RFCOMM", 2017 .security_cfm = rfcomm_security_cfm 2018}; 2019 2020static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf) 2021{ 2022 struct rfcomm_session *s; 2023 struct list_head *pp, *p; 2024 char *str = buf; 2025 2026 rfcomm_lock(); 2027 2028 list_for_each(p, &session_list) { 2029 s = list_entry(p, struct rfcomm_session, list); 2030 list_for_each(pp, &s->dlcs) { 2031 struct sock *sk = s->sock->sk; 2032 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list); 2033 2034 str += sprintf(str, "%s %s %ld %d %d %d %d\n", 2035 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst), 2036 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits); 2037 } 2038 } 2039 2040 rfcomm_unlock(); 2041 2042 return (str - buf); 2043} 2044 2045static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL); 2046 2047/* ---- Initialization ---- */ 2048static int __init rfcomm_init(void) 2049{ 2050 l2cap_load(); 2051 2052 hci_register_cb(&rfcomm_cb); 2053 2054 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd"); 2055 if (IS_ERR(rfcomm_thread)) { 2056 hci_unregister_cb(&rfcomm_cb); 2057 return PTR_ERR(rfcomm_thread); 2058 } 2059 2060 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0) 2061 BT_ERR("Failed to create RFCOMM info file"); 2062 2063 rfcomm_init_sockets(); 2064 2065#ifdef CONFIG_BT_RFCOMM_TTY 2066 rfcomm_init_ttys(); 2067#endif 2068 2069 BT_INFO("RFCOMM ver %s", VERSION); 2070 2071 return 0; 2072} 2073 2074static void __exit rfcomm_exit(void) 2075{ 2076 class_remove_file(bt_class, &class_attr_rfcomm_dlc); 2077 2078 hci_unregister_cb(&rfcomm_cb); 2079 2080 kthread_stop(rfcomm_thread); 2081 2082#ifdef CONFIG_BT_RFCOMM_TTY 2083 rfcomm_cleanup_ttys(); 2084#endif 2085 2086 rfcomm_cleanup_sockets(); 2087} 2088 2089module_init(rfcomm_init); 2090module_exit(rfcomm_exit); 2091 2092module_param(disable_cfc, bool, 0644); 2093MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control"); 2094 2095module_param(channel_mtu, int, 0644); 2096MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel"); 2097 2098module_param(l2cap_mtu, uint, 0644); 2099MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection"); 2100 2101MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 2102MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION); 2103MODULE_VERSION(VERSION); 2104MODULE_LICENSE("GPL"); 2105MODULE_ALIAS("bt-proto-3"); 2106