Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / 2a517ca687232adc8f14893730644da712010ffc / . / net / bluetooth / rfcomm / core.c
blob: 5576c8191507a15c4568ef6f83e64323d43d86f0 [file] [log] [blame]
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900[diff] [blame]1/*
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900[diff] [blame]14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900[diff] [blame]19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]21 SOFTWARE IS DISCLAIMED.
22*/
23
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]24/*
25 * Bluetooth RFCOMM core.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]26 */
27
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]28#include <linux/module.h>
29#include <linux/errno.h>
30#include <linux/kernel.h>
31#include <linux/sched.h>
32#include <linux/signal.h>
33#include <linux/init.h>
34#include <linux/wait.h>
Marcel Holtmannbe9d1222005-11-08 09:57:38 -0800[diff] [blame]35#include <linux/device.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]36#include <linux/net.h>
Arjan van de Ven4a3e2f72006-03-20 22:33:17 -0800[diff] [blame]37#include <linux/mutex.h>
Marcel Holtmanna524ecc2007-10-20 21:37:20 +0200[diff] [blame]38#include <linux/kthread.h>
Arjan van de Ven4a3e2f72006-03-20 22:33:17 -0800[diff] [blame]39
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]40#include <net/sock.h>
41#include <asm/uaccess.h>
42#include <asm/unaligned.h>
43
44#include <net/bluetooth/bluetooth.h>
45#include <net/bluetooth/hci_core.h>
46#include <net/bluetooth/l2cap.h>
47#include <net/bluetooth/rfcomm.h>
48
Marcel Holtmann5f9018a2009-01-16 10:09:50 +0100[diff] [blame]49#define VERSION "1.11"
Marcel Holtmann56f3a402006-02-13 11:39:57 +0100[diff] [blame]50
Marcel Holtmann7c2660b2006-07-03 10:02:51 +0200[diff] [blame]51static int disable_cfc = 0;
Marcel Holtmann98bcd082006-07-14 11:42:12 +0200[diff] [blame]52static int channel_mtu = -1;
Marcel Holtmann56f3a402006-02-13 11:39:57 +0100[diff] [blame]53static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
54
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]55static struct task_struct *rfcomm_thread;
56
Arjan van de Ven4a3e2f72006-03-20 22:33:17 -0800[diff] [blame]57static DEFINE_MUTEX(rfcomm_mutex);
58#define rfcomm_lock() mutex_lock(&rfcomm_mutex)
59#define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]60
61static unsigned long rfcomm_event;
62
63static LIST_HEAD(session_list);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]64
65static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
66static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
67static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
68static int rfcomm_queue_disc(struct rfcomm_dlc *d);
69static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
70static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
71static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
72static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
73static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
74static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
75
76static void rfcomm_process_connect(struct rfcomm_session *s);
77
78static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
79static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
80static void rfcomm_session_del(struct rfcomm_session *s);
81
82/* ---- RFCOMM frame parsing macros ---- */
83#define __get_dlci(b) ((b & 0xfc) >> 2)
84#define __get_channel(b) ((b & 0xf8) >> 3)
85#define __get_dir(b) ((b & 0x04) >> 2)
86#define __get_type(b) ((b & 0xef))
87
88#define __test_ea(b) ((b & 0x01))
89#define __test_cr(b) ((b & 0x02))
90#define __test_pf(b) ((b & 0x10))
91
92#define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
93#define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
94#define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
95#define __srv_channel(dlci) (dlci >> 1)
96#define __dir(dlci) (dlci & 0x01)
97
98#define __len8(len) (((len) << 1) | 1)
99#define __len16(len) ((len) << 1)
100
101/* MCC macros */
102#define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
103#define __get_mcc_type(b) ((b & 0xfc) >> 2)
104#define __get_mcc_len(b) ((b & 0xfe) >> 1)
105
106/* RPN macros */
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]107#define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]108#define __get_rpn_data_bits(line) ((line) & 0x3)
109#define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]110#define __get_rpn_parity(line) (((line) >> 3) & 0x7)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]111
112static inline void rfcomm_schedule(uint event)
113{
114 if (!rfcomm_thread)
115 return;
116 //set_bit(event, &rfcomm_event);
117 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
118 wake_up_process(rfcomm_thread);
119}
120
121static inline void rfcomm_session_put(struct rfcomm_session *s)
122{
123 if (atomic_dec_and_test(&s->refcnt))
124 rfcomm_session_del(s);
125}
126
127/* ---- RFCOMM FCS computation ---- */
128
Marcel Holtmann408c1ce2005-10-28 19:20:36 +0200[diff] [blame]129/* reversed, 8-bit, poly=0x07 */
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900[diff] [blame]130static unsigned char rfcomm_crc_table[256] = {
Marcel Holtmann408c1ce2005-10-28 19:20:36 +0200[diff] [blame]131 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
132 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
133 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
134 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
135
136 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
137 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
138 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
139 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
140
141 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
142 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
143 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
144 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
145
146 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
147 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
148 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
149 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
150
151 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
152 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
153 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
154 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
155
156 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
157 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
158 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
159 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
160
161 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
162 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
163 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
164 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
165
166 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
167 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
168 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
169 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
170};
171
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]172/* CRC on 2 bytes */
173#define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
174
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900[diff] [blame]175/* FCS on 2 bytes */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]176static inline u8 __fcs(u8 *data)
177{
178 return (0xff - __crc(data));
179}
180
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900[diff] [blame]181/* FCS on 3 bytes */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]182static inline u8 __fcs2(u8 *data)
183{
184 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
185}
186
187/* Check FCS */
188static inline int __check_fcs(u8 *data, int type, u8 fcs)
189{
190 u8 f = __crc(data);
191
192 if (type != RFCOMM_UIH)
193 f = rfcomm_crc_table[f ^ data[2]];
194
195 return rfcomm_crc_table[f ^ fcs] != 0xcf;
196}
197
198/* ---- L2CAP callbacks ---- */
199static void rfcomm_l2state_change(struct sock *sk)
200{
201 BT_DBG("%p state %d", sk, sk->sk_state);
202 rfcomm_schedule(RFCOMM_SCHED_STATE);
203}
204
205static void rfcomm_l2data_ready(struct sock *sk, int bytes)
206{
207 BT_DBG("%p bytes %d", sk, bytes);
208 rfcomm_schedule(RFCOMM_SCHED_RX);
209}
210
211static int rfcomm_l2sock_create(struct socket **sock)
212{
213 int err;
214
215 BT_DBG("");
216
217 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
218 if (!err) {
219 struct sock *sk = (*sock)->sk;
220 sk->sk_data_ready = rfcomm_l2data_ready;
221 sk->sk_state_change = rfcomm_l2state_change;
222 }
223 return err;
224}
225
Marcel Holtmann9f2c8a02009-01-15 21:58:40 +0100[diff] [blame]226static inline int rfcomm_check_security(struct rfcomm_dlc *d)
Marcel Holtmann77db1982008-07-14 20:13:45 +0200[diff] [blame]227{
228 struct sock *sk = d->session->sock->sk;
Marcel Holtmann0684e5f2009-02-09 02:48:38 +0100[diff] [blame]229 __u8 auth_type;
Marcel Holtmann77db1982008-07-14 20:13:45 +0200[diff] [blame]230
Marcel Holtmann0684e5f2009-02-09 02:48:38 +0100[diff] [blame]231 switch (d->sec_level) {
232 case BT_SECURITY_HIGH:
233 auth_type = HCI_AT_GENERAL_BONDING_MITM;
234 break;
235 case BT_SECURITY_MEDIUM:
236 auth_type = HCI_AT_GENERAL_BONDING;
237 break;
238 default:
239 auth_type = HCI_AT_NO_BONDING;
240 break;
241 }
242
243 return hci_conn_security(l2cap_pi(sk)->conn->hcon, d->sec_level,
244 auth_type);
Marcel Holtmann77db1982008-07-14 20:13:45 +0200[diff] [blame]245}
246
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]247/* ---- RFCOMM DLCs ---- */
248static void rfcomm_dlc_timeout(unsigned long arg)
249{
250 struct rfcomm_dlc *d = (void *) arg;
251
252 BT_DBG("dlc %p state %ld", d, d->state);
253
254 set_bit(RFCOMM_TIMED_OUT, &d->flags);
255 rfcomm_dlc_put(d);
256 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
257}
258
259static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
260{
261 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
262
263 if (!mod_timer(&d->timer, jiffies + timeout))
264 rfcomm_dlc_hold(d);
265}
266
267static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
268{
269 BT_DBG("dlc %p state %ld", d, d->state);
270
271 if (timer_pending(&d->timer) && del_timer(&d->timer))
272 rfcomm_dlc_put(d);
273}
274
275static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
276{
277 BT_DBG("%p", d);
278
279 d->state = BT_OPEN;
280 d->flags = 0;
281 d->mscex = 0;
282 d->mtu = RFCOMM_DEFAULT_MTU;
283 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
284
285 d->cfc = RFCOMM_CFC_DISABLED;
286 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
287}
288
Al Virodd0fc662005-10-07 07:46:04 +0100[diff] [blame]289struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]290{
Marcel Holtmann25ea6db2006-07-06 15:40:09 +0200[diff] [blame]291 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
292
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]293 if (!d)
294 return NULL;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]295
Pavel Emelyanovb24b8a22008-01-23 21:20:07 -0800[diff] [blame]296 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]297
298 skb_queue_head_init(&d->tx_queue);
299 spin_lock_init(&d->lock);
300 atomic_set(&d->refcnt, 1);
301
302 rfcomm_dlc_clear_state(d);
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900[diff] [blame]303
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]304 BT_DBG("%p", d);
Marcel Holtmann25ea6db2006-07-06 15:40:09 +0200[diff] [blame]305
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]306 return d;
307}
308
309void rfcomm_dlc_free(struct rfcomm_dlc *d)
310{
311 BT_DBG("%p", d);
312
313 skb_queue_purge(&d->tx_queue);
314 kfree(d);
315}
316
317static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
318{
319 BT_DBG("dlc %p session %p", d, s);
320
321 rfcomm_session_hold(s);
322
323 rfcomm_dlc_hold(d);
324 list_add(&d->list, &s->dlcs);
325 d->session = s;
326}
327
328static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
329{
330 struct rfcomm_session *s = d->session;
331
332 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
333
334 list_del(&d->list);
335 d->session = NULL;
336 rfcomm_dlc_put(d);
337
338 rfcomm_session_put(s);
339}
340
341static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
342{
343 struct rfcomm_dlc *d;
344 struct list_head *p;
345
346 list_for_each(p, &s->dlcs) {
347 d = list_entry(p, struct rfcomm_dlc, list);
348 if (d->dlci == dlci)
349 return d;
350 }
351 return NULL;
352}
353
354static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
355{
356 struct rfcomm_session *s;
357 int err = 0;
358 u8 dlci;
359
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900[diff] [blame]360 BT_DBG("dlc %p state %ld %s %s channel %d",
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]361 d, d->state, batostr(src), batostr(dst), channel);
362
363 if (channel < 1 || channel > 30)
364 return -EINVAL;
365
366 if (d->state != BT_OPEN && d->state != BT_CLOSED)
367 return 0;
368
369 s = rfcomm_session_get(src, dst);
370 if (!s) {
371 s = rfcomm_session_create(src, dst, &err);
372 if (!s)
373 return err;
374 }
375
376 dlci = __dlci(!s->initiator, channel);
377
378 /* Check if DLCI already exists */
379 if (rfcomm_dlc_get(s, dlci))
380 return -EBUSY;
381
382 rfcomm_dlc_clear_state(d);
383
384 d->dlci = dlci;
385 d->addr = __addr(s->initiator, dlci);
386 d->priority = 7;
387
Marcel Holtmann77db1982008-07-14 20:13:45 +0200[diff] [blame]388 d->state = BT_CONFIG;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]389 rfcomm_dlc_link(s, d);
390
Marcel Holtmann77db1982008-07-14 20:13:45 +0200[diff] [blame]391 d->out = 1;
392
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]393 d->mtu = s->mtu;
394 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
395
Marcel Holtmann77db1982008-07-14 20:13:45 +0200[diff] [blame]396 if (s->state == BT_CONNECTED) {
Marcel Holtmann9f2c8a02009-01-15 21:58:40 +0100[diff] [blame]397 if (rfcomm_check_security(d))
Marcel Holtmann77db1982008-07-14 20:13:45 +0200[diff] [blame]398 rfcomm_send_pn(s, 1, d);
Marcel Holtmann8c1b2352009-01-15 21:58:04 +0100[diff] [blame]399 else
400 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
Marcel Holtmann77db1982008-07-14 20:13:45 +0200[diff] [blame]401 }
402
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]403 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
Marcel Holtmann77db1982008-07-14 20:13:45 +0200[diff] [blame]404
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]405 return 0;
406}
407
408int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
409{
410 int r;
411
412 rfcomm_lock();
413
414 r = __rfcomm_dlc_open(d, src, dst, channel);
415
416 rfcomm_unlock();
417 return r;
418}
419
420static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
421{
422 struct rfcomm_session *s = d->session;
423 if (!s)
424 return 0;
425
426 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
427 d, d->state, d->dlci, err, s);
428
429 switch (d->state) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]430 case BT_CONNECT:
Marcel Holtmannbb23c0a2009-01-15 21:56:48 +0100[diff] [blame]431 case BT_CONFIG:
432 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
433 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
434 rfcomm_schedule(RFCOMM_SCHED_AUTH);
435 break;
436 }
437 /* Fall through */
438
439 case BT_CONNECTED:
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]440 d->state = BT_DISCONN;
441 if (skb_queue_empty(&d->tx_queue)) {
442 rfcomm_send_disc(s, d->dlci);
443 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
444 } else {
445 rfcomm_queue_disc(d);
446 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
447 }
448 break;
449
Marcel Holtmannbb23c0a2009-01-15 21:56:48 +0100[diff] [blame]450 case BT_OPEN:
Marcel Holtmann8bf47942009-02-16 02:59:49 +0100[diff] [blame]451 case BT_CONNECT2:
Marcel Holtmannbb23c0a2009-01-15 21:56:48 +0100[diff] [blame]452 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
453 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
454 rfcomm_schedule(RFCOMM_SCHED_AUTH);
455 break;
456 }
457 /* Fall through */
458
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]459 default:
460 rfcomm_dlc_clear_timer(d);
461
462 rfcomm_dlc_lock(d);
463 d->state = BT_CLOSED;
Dave Young1905f6c2008-04-01 23:59:06 -0700[diff] [blame]464 d->state_change(d, err);
Arjan van de Ven4c8411f2008-05-29 01:32:47 -0700[diff] [blame]465 rfcomm_dlc_unlock(d);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]466
467 skb_queue_purge(&d->tx_queue);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]468 rfcomm_dlc_unlink(d);
469 }
470
471 return 0;
472}
473
474int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
475{
476 int r;
477
478 rfcomm_lock();
479
480 r = __rfcomm_dlc_close(d, err);
481
482 rfcomm_unlock();
483 return r;
484}
485
486int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
487{
488 int len = skb->len;
489
490 if (d->state != BT_CONNECTED)
491 return -ENOTCONN;
492
493 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
494
495 if (len > d->mtu)
496 return -EINVAL;
497
498 rfcomm_make_uih(skb, d->addr);
499 skb_queue_tail(&d->tx_queue, skb);
500
501 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
502 rfcomm_schedule(RFCOMM_SCHED_TX);
503 return len;
504}
505
Harvey Harrisonb5606c22008-02-13 15:03:16 -0800[diff] [blame]506void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]507{
508 BT_DBG("dlc %p state %ld", d, d->state);
509
510 if (!d->cfc) {
511 d->v24_sig |= RFCOMM_V24_FC;
512 set_bit(RFCOMM_MSC_PENDING, &d->flags);
513 }
514 rfcomm_schedule(RFCOMM_SCHED_TX);
515}
516
Harvey Harrisonb5606c22008-02-13 15:03:16 -0800[diff] [blame]517void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]518{
519 BT_DBG("dlc %p state %ld", d, d->state);
520
521 if (!d->cfc) {
522 d->v24_sig &= ~RFCOMM_V24_FC;
523 set_bit(RFCOMM_MSC_PENDING, &d->flags);
524 }
525 rfcomm_schedule(RFCOMM_SCHED_TX);
526}
527
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900[diff] [blame]528/*
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]529 Set/get modem status functions use _local_ status i.e. what we report
530 to the other side.
531 Remote status is provided by dlc->modem_status() callback.
532 */
533int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
534{
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900[diff] [blame]535 BT_DBG("dlc %p state %ld v24_sig 0x%x",
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]536 d, d->state, v24_sig);
537
538 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
539 v24_sig |= RFCOMM_V24_FC;
540 else
541 v24_sig &= ~RFCOMM_V24_FC;
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900[diff] [blame]542
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]543 d->v24_sig = v24_sig;
544
545 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
546 rfcomm_schedule(RFCOMM_SCHED_TX);
547
548 return 0;
549}
550
551int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
552{
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900[diff] [blame]553 BT_DBG("dlc %p state %ld v24_sig 0x%x",
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]554 d, d->state, d->v24_sig);
555
556 *v24_sig = d->v24_sig;
557 return 0;
558}
559
560/* ---- RFCOMM sessions ---- */
561static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
562{
Marcel Holtmann25ea6db2006-07-06 15:40:09 +0200[diff] [blame]563 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
564
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]565 if (!s)
566 return NULL;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]567
568 BT_DBG("session %p sock %p", s, sock);
569
570 INIT_LIST_HEAD(&s->dlcs);
571 s->state = state;
572 s->sock = sock;
573
574 s->mtu = RFCOMM_DEFAULT_MTU;
Marcel Holtmann7c2660b2006-07-03 10:02:51 +0200[diff] [blame]575 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]576
577 /* Do not increment module usage count for listening sessions.
578 * Otherwise we won't be able to unload the module. */
579 if (state != BT_LISTEN)
580 if (!try_module_get(THIS_MODULE)) {
581 kfree(s);
582 return NULL;
583 }
584
585 list_add(&s->list, &session_list);
586
587 return s;
588}
589
590static void rfcomm_session_del(struct rfcomm_session *s)
591{
592 int state = s->state;
593
594 BT_DBG("session %p state %ld", s, s->state);
595
596 list_del(&s->list);
597
598 if (state == BT_CONNECTED)
599 rfcomm_send_disc(s, 0);
600
601 sock_release(s->sock);
602 kfree(s);
603
604 if (state != BT_LISTEN)
605 module_put(THIS_MODULE);
606}
607
608static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
609{
610 struct rfcomm_session *s;
611 struct list_head *p, *n;
612 struct bt_sock *sk;
613 list_for_each_safe(p, n, &session_list) {
614 s = list_entry(p, struct rfcomm_session, list);
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900[diff] [blame]615 sk = bt_sk(s->sock->sk);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]616
617 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
618 !bacmp(&sk->dst, dst))
619 return s;
620 }
621 return NULL;
622}
623
624static void rfcomm_session_close(struct rfcomm_session *s, int err)
625{
626 struct rfcomm_dlc *d;
627 struct list_head *p, *n;
628
629 BT_DBG("session %p state %ld err %d", s, s->state, err);
630
631 rfcomm_session_hold(s);
632
633 s->state = BT_CLOSED;
634
635 /* Close all dlcs */
636 list_for_each_safe(p, n, &s->dlcs) {
637 d = list_entry(p, struct rfcomm_dlc, list);
638 d->state = BT_CLOSED;
639 __rfcomm_dlc_close(d, err);
640 }
641
642 rfcomm_session_put(s);
643}
644
645static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
646{
647 struct rfcomm_session *s = NULL;
648 struct sockaddr_l2 addr;
649 struct socket *sock;
650 struct sock *sk;
651
652 BT_DBG("%s %s", batostr(src), batostr(dst));
653
654 *err = rfcomm_l2sock_create(&sock);
655 if (*err < 0)
656 return NULL;
657
658 bacpy(&addr.l2_bdaddr, src);
659 addr.l2_family = AF_BLUETOOTH;
660 addr.l2_psm = 0;
Marcel Holtmann48db9ca2007-05-05 00:36:06 +0200[diff] [blame]661 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]662 if (*err < 0)
663 goto failed;
664
665 /* Set L2CAP options */
666 sk = sock->sk;
667 lock_sock(sk);
Marcel Holtmann56f3a402006-02-13 11:39:57 +0100[diff] [blame]668 l2cap_pi(sk)->imtu = l2cap_mtu;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]669 release_sock(sk);
670
671 s = rfcomm_session_add(sock, BT_BOUND);
672 if (!s) {
673 *err = -ENOMEM;
674 goto failed;
675 }
676
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]677 s->initiator = 1;
678
679 bacpy(&addr.l2_bdaddr, dst);
680 addr.l2_family = AF_BLUETOOTH;
681 addr.l2_psm = htobs(RFCOMM_PSM);
Marcel Holtmann48db9ca2007-05-05 00:36:06 +0200[diff] [blame]682 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
Marcel Holtmannb4c612a2006-09-23 09:54:38 +0200[diff] [blame]683 if (*err == 0 || *err == -EINPROGRESS)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]684 return s;
685
686 rfcomm_session_del(s);
687 return NULL;
688
689failed:
690 sock_release(sock);
691 return NULL;
692}
693
694void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
695{
696 struct sock *sk = s->sock->sk;
697 if (src)
698 bacpy(src, &bt_sk(sk)->src);
699 if (dst)
700 bacpy(dst, &bt_sk(sk)->dst);
701}
702
703/* ---- RFCOMM frame sending ---- */
704static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
705{
706 struct socket *sock = s->sock;
707 struct kvec iv = { data, len };
708 struct msghdr msg;
709
710 BT_DBG("session %p len %d", s, len);
711
712 memset(&msg, 0, sizeof(msg));
713
714 return kernel_sendmsg(sock, &msg, &iv, 1, len);
715}
716
717static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
718{
719 struct rfcomm_cmd cmd;
720
721 BT_DBG("%p dlci %d", s, dlci);
722
723 cmd.addr = __addr(s->initiator, dlci);
724 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
725 cmd.len = __len8(0);
726 cmd.fcs = __fcs2((u8 *) &cmd);
727
728 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
729}
730
731static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
732{
733 struct rfcomm_cmd cmd;
734
735 BT_DBG("%p dlci %d", s, dlci);
736
737 cmd.addr = __addr(!s->initiator, dlci);
738 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
739 cmd.len = __len8(0);
740 cmd.fcs = __fcs2((u8 *) &cmd);
741
742 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
743}
744
745static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
746{
747 struct rfcomm_cmd cmd;
748
749 BT_DBG("%p dlci %d", s, dlci);
750
751 cmd.addr = __addr(s->initiator, dlci);
752 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
753 cmd.len = __len8(0);
754 cmd.fcs = __fcs2((u8 *) &cmd);
755
756 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
757}
758
759static int rfcomm_queue_disc(struct rfcomm_dlc *d)
760{
761 struct rfcomm_cmd *cmd;
762 struct sk_buff *skb;
763
764 BT_DBG("dlc %p dlci %d", d, d->dlci);
765
766 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
767 if (!skb)
768 return -ENOMEM;
769
770 cmd = (void *) __skb_put(skb, sizeof(*cmd));
771 cmd->addr = d->addr;
772 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
773 cmd->len = __len8(0);
774 cmd->fcs = __fcs2((u8 *) cmd);
775
776 skb_queue_tail(&d->tx_queue, skb);
777 rfcomm_schedule(RFCOMM_SCHED_TX);
778 return 0;
779}
780
781static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
782{
783 struct rfcomm_cmd cmd;
784
785 BT_DBG("%p dlci %d", s, dlci);
786
787 cmd.addr = __addr(!s->initiator, dlci);
788 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
789 cmd.len = __len8(0);
790 cmd.fcs = __fcs2((u8 *) &cmd);
791
792 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
793}
794
795static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
796{
797 struct rfcomm_hdr *hdr;
798 struct rfcomm_mcc *mcc;
799 u8 buf[16], *ptr = buf;
800
801 BT_DBG("%p cr %d type %d", s, cr, type);
802
803 hdr = (void *) ptr; ptr += sizeof(*hdr);
804 hdr->addr = __addr(s->initiator, 0);
805 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
806 hdr->len = __len8(sizeof(*mcc) + 1);
807
808 mcc = (void *) ptr; ptr += sizeof(*mcc);
809 mcc->type = __mcc_type(cr, RFCOMM_NSC);
810 mcc->len = __len8(1);
811
812 /* Type that we didn't like */
813 *ptr = __mcc_type(cr, type); ptr++;
814
815 *ptr = __fcs(buf); ptr++;
816
817 return rfcomm_send_frame(s, buf, ptr - buf);
818}
819
820static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
821{
822 struct rfcomm_hdr *hdr;
823 struct rfcomm_mcc *mcc;
824 struct rfcomm_pn *pn;
825 u8 buf[16], *ptr = buf;
826
827 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
828
829 hdr = (void *) ptr; ptr += sizeof(*hdr);
830 hdr->addr = __addr(s->initiator, 0);
831 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
832 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
833
834 mcc = (void *) ptr; ptr += sizeof(*mcc);
835 mcc->type = __mcc_type(cr, RFCOMM_PN);
836 mcc->len = __len8(sizeof(*pn));
837
838 pn = (void *) ptr; ptr += sizeof(*pn);
839 pn->dlci = d->dlci;
840 pn->priority = d->priority;
841 pn->ack_timer = 0;
842 pn->max_retrans = 0;
843
844 if (s->cfc) {
845 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
846 pn->credits = RFCOMM_DEFAULT_CREDITS;
847 } else {
848 pn->flow_ctrl = 0;
849 pn->credits = 0;
850 }
851
Marcel Holtmann98bcd082006-07-14 11:42:12 +0200[diff] [blame]852 if (cr && channel_mtu >= 0)
853 pn->mtu = htobs(channel_mtu);
854 else
855 pn->mtu = htobs(d->mtu);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]856
857 *ptr = __fcs(buf); ptr++;
858
859 return rfcomm_send_frame(s, buf, ptr - buf);
860}
861
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]862int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
863 u8 bit_rate, u8 data_bits, u8 stop_bits,
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900[diff] [blame]864 u8 parity, u8 flow_ctrl_settings,
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]865 u8 xon_char, u8 xoff_char, u16 param_mask)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]866{
867 struct rfcomm_hdr *hdr;
868 struct rfcomm_mcc *mcc;
869 struct rfcomm_rpn *rpn;
870 u8 buf[16], *ptr = buf;
871
872 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900[diff] [blame]873 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
874 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]875 flow_ctrl_settings, xon_char, xoff_char, param_mask);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]876
877 hdr = (void *) ptr; ptr += sizeof(*hdr);
878 hdr->addr = __addr(s->initiator, 0);
879 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
880 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
881
882 mcc = (void *) ptr; ptr += sizeof(*mcc);
883 mcc->type = __mcc_type(cr, RFCOMM_RPN);
884 mcc->len = __len8(sizeof(*rpn));
885
886 rpn = (void *) ptr; ptr += sizeof(*rpn);
887 rpn->dlci = __addr(1, dlci);
888 rpn->bit_rate = bit_rate;
889 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
890 rpn->flow_ctrl = flow_ctrl_settings;
891 rpn->xon_char = xon_char;
892 rpn->xoff_char = xoff_char;
Al Viroe8db8c92006-11-08 00:28:44 -0800[diff] [blame]893 rpn->param_mask = cpu_to_le16(param_mask);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]894
895 *ptr = __fcs(buf); ptr++;
896
897 return rfcomm_send_frame(s, buf, ptr - buf);
898}
899
900static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
901{
902 struct rfcomm_hdr *hdr;
903 struct rfcomm_mcc *mcc;
904 struct rfcomm_rls *rls;
905 u8 buf[16], *ptr = buf;
906
907 BT_DBG("%p cr %d status 0x%x", s, cr, status);
908
909 hdr = (void *) ptr; ptr += sizeof(*hdr);
910 hdr->addr = __addr(s->initiator, 0);
911 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
912 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
913
914 mcc = (void *) ptr; ptr += sizeof(*mcc);
915 mcc->type = __mcc_type(cr, RFCOMM_RLS);
916 mcc->len = __len8(sizeof(*rls));
917
918 rls = (void *) ptr; ptr += sizeof(*rls);
919 rls->dlci = __addr(1, dlci);
920 rls->status = status;
921
922 *ptr = __fcs(buf); ptr++;
923
924 return rfcomm_send_frame(s, buf, ptr - buf);
925}
926
927static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
928{
929 struct rfcomm_hdr *hdr;
930 struct rfcomm_mcc *mcc;
931 struct rfcomm_msc *msc;
932 u8 buf[16], *ptr = buf;
933
934 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
935
936 hdr = (void *) ptr; ptr += sizeof(*hdr);
937 hdr->addr = __addr(s->initiator, 0);
938 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
939 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
940
941 mcc = (void *) ptr; ptr += sizeof(*mcc);
942 mcc->type = __mcc_type(cr, RFCOMM_MSC);
943 mcc->len = __len8(sizeof(*msc));
944
945 msc = (void *) ptr; ptr += sizeof(*msc);
946 msc->dlci = __addr(1, dlci);
947 msc->v24_sig = v24_sig | 0x01;
948
949 *ptr = __fcs(buf); ptr++;
950
951 return rfcomm_send_frame(s, buf, ptr - buf);
952}
953
954static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
955{
956 struct rfcomm_hdr *hdr;
957 struct rfcomm_mcc *mcc;
958 u8 buf[16], *ptr = buf;
959
960 BT_DBG("%p cr %d", s, cr);
961
962 hdr = (void *) ptr; ptr += sizeof(*hdr);
963 hdr->addr = __addr(s->initiator, 0);
964 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
965 hdr->len = __len8(sizeof(*mcc));
966
967 mcc = (void *) ptr; ptr += sizeof(*mcc);
968 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
969 mcc->len = __len8(0);
970
971 *ptr = __fcs(buf); ptr++;
972
973 return rfcomm_send_frame(s, buf, ptr - buf);
974}
975
976static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
977{
978 struct rfcomm_hdr *hdr;
979 struct rfcomm_mcc *mcc;
980 u8 buf[16], *ptr = buf;
981
982 BT_DBG("%p cr %d", s, cr);
983
984 hdr = (void *) ptr; ptr += sizeof(*hdr);
985 hdr->addr = __addr(s->initiator, 0);
986 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
987 hdr->len = __len8(sizeof(*mcc));
988
989 mcc = (void *) ptr; ptr += sizeof(*mcc);
990 mcc->type = __mcc_type(cr, RFCOMM_FCON);
991 mcc->len = __len8(0);
992
993 *ptr = __fcs(buf); ptr++;
994
995 return rfcomm_send_frame(s, buf, ptr - buf);
996}
997
998static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
999{
1000 struct socket *sock = s->sock;
1001 struct kvec iv[3];
1002 struct msghdr msg;
1003 unsigned char hdr[5], crc[1];
1004
1005 if (len > 125)
1006 return -EINVAL;
1007
1008 BT_DBG("%p cr %d", s, cr);
1009
1010 hdr[0] = __addr(s->initiator, 0);
1011 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1012 hdr[2] = 0x01 | ((len + 2) << 1);
1013 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1014 hdr[4] = 0x01 | (len << 1);
1015
1016 crc[0] = __fcs(hdr);
1017
1018 iv[0].iov_base = hdr;
1019 iv[0].iov_len = 5;
1020 iv[1].iov_base = pattern;
1021 iv[1].iov_len = len;
1022 iv[2].iov_base = crc;
1023 iv[2].iov_len = 1;
1024
1025 memset(&msg, 0, sizeof(msg));
1026
1027 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1028}
1029
1030static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1031{
1032 struct rfcomm_hdr *hdr;
1033 u8 buf[16], *ptr = buf;
1034
1035 BT_DBG("%p addr %d credits %d", s, addr, credits);
1036
1037 hdr = (void *) ptr; ptr += sizeof(*hdr);
1038 hdr->addr = addr;
1039 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1040 hdr->len = __len8(0);
1041
1042 *ptr = credits; ptr++;
1043
1044 *ptr = __fcs(buf); ptr++;
1045
1046 return rfcomm_send_frame(s, buf, ptr - buf);
1047}
1048
1049static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1050{
1051 struct rfcomm_hdr *hdr;
1052 int len = skb->len;
1053 u8 *crc;
1054
1055 if (len > 127) {
1056 hdr = (void *) skb_push(skb, 4);
Al Viro6ba9c752006-11-08 00:28:19 -0800[diff] [blame]1057 put_unaligned(htobs(__len16(len)), (__le16 *) &hdr->len);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1058 } else {
1059 hdr = (void *) skb_push(skb, 3);
1060 hdr->len = __len8(len);
1061 }
1062 hdr->addr = addr;
1063 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1064
1065 crc = skb_put(skb, 1);
1066 *crc = __fcs((void *) hdr);
1067}
1068
1069/* ---- RFCOMM frame reception ---- */
1070static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1071{
1072 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1073
1074 if (dlci) {
1075 /* Data channel */
1076 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1077 if (!d) {
1078 rfcomm_send_dm(s, dlci);
1079 return 0;
1080 }
1081
1082 switch (d->state) {
1083 case BT_CONNECT:
1084 rfcomm_dlc_clear_timer(d);
1085
1086 rfcomm_dlc_lock(d);
1087 d->state = BT_CONNECTED;
1088 d->state_change(d, 0);
1089 rfcomm_dlc_unlock(d);
1090
1091 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1092 break;
1093
1094 case BT_DISCONN:
1095 d->state = BT_CLOSED;
1096 __rfcomm_dlc_close(d, 0);
Marcel Holtmann9cf5b0e2007-05-05 00:36:13 +0200[diff] [blame]1097
1098 if (list_empty(&s->dlcs)) {
1099 s->state = BT_DISCONN;
1100 rfcomm_send_disc(s, 0);
1101 }
1102
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1103 break;
1104 }
1105 } else {
1106 /* Control channel */
1107 switch (s->state) {
1108 case BT_CONNECT:
1109 s->state = BT_CONNECTED;
1110 rfcomm_process_connect(s);
1111 break;
Marcel Holtmann9cf5b0e2007-05-05 00:36:13 +0200[diff] [blame]1112
1113 case BT_DISCONN:
1114 rfcomm_session_put(s);
1115 break;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1116 }
1117 }
1118 return 0;
1119}
1120
1121static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1122{
1123 int err = 0;
1124
1125 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1126
1127 if (dlci) {
1128 /* Data DLC */
1129 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1130 if (d) {
1131 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1132 err = ECONNREFUSED;
1133 else
1134 err = ECONNRESET;
1135
1136 d->state = BT_CLOSED;
1137 __rfcomm_dlc_close(d, err);
1138 }
1139 } else {
1140 if (s->state == BT_CONNECT)
1141 err = ECONNREFUSED;
1142 else
1143 err = ECONNRESET;
1144
1145 s->state = BT_CLOSED;
1146 rfcomm_session_close(s, err);
1147 }
1148 return 0;
1149}
1150
1151static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1152{
1153 int err = 0;
1154
1155 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1156
1157 if (dlci) {
1158 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1159 if (d) {
1160 rfcomm_send_ua(s, dlci);
1161
1162 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1163 err = ECONNREFUSED;
1164 else
1165 err = ECONNRESET;
1166
1167 d->state = BT_CLOSED;
1168 __rfcomm_dlc_close(d, err);
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900[diff] [blame]1169 } else
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1170 rfcomm_send_dm(s, dlci);
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900[diff] [blame]1171
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1172 } else {
1173 rfcomm_send_ua(s, 0);
1174
1175 if (s->state == BT_CONNECT)
1176 err = ECONNREFUSED;
1177 else
1178 err = ECONNRESET;
1179
1180 s->state = BT_CLOSED;
1181 rfcomm_session_close(s, err);
1182 }
1183
1184 return 0;
1185}
1186
Marcel Holtmannbb23c0a2009-01-15 21:56:48 +0100[diff] [blame]1187void rfcomm_dlc_accept(struct rfcomm_dlc *d)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1188{
Marcel Holtmann300b9392006-07-03 10:37:55 +0200[diff] [blame]1189 struct sock *sk = d->session->sock->sk;
1190
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1191 BT_DBG("dlc %p", d);
1192
1193 rfcomm_send_ua(d->session, d->dlci);
1194
1195 rfcomm_dlc_lock(d);
1196 d->state = BT_CONNECTED;
1197 d->state_change(d, 0);
1198 rfcomm_dlc_unlock(d);
1199
Marcel Holtmann9f2c8a02009-01-15 21:58:40 +0100[diff] [blame]1200 if (d->role_switch)
Marcel Holtmann300b9392006-07-03 10:37:55 +0200[diff] [blame]1201 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);
1202
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1203 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1204}
1205
Marcel Holtmannbb23c0a2009-01-15 21:56:48 +0100[diff] [blame]1206static void rfcomm_check_accept(struct rfcomm_dlc *d)
1207{
Marcel Holtmann9f2c8a02009-01-15 21:58:40 +0100[diff] [blame]1208 if (rfcomm_check_security(d)) {
Marcel Holtmannbb23c0a2009-01-15 21:56:48 +0100[diff] [blame]1209 if (d->defer_setup) {
1210 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1211 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
Marcel Holtmann8bf47942009-02-16 02:59:49 +0100[diff] [blame]1212
1213 rfcomm_dlc_lock(d);
1214 d->state = BT_CONNECT2;
1215 d->state_change(d, 0);
1216 rfcomm_dlc_unlock(d);
Marcel Holtmannbb23c0a2009-01-15 21:56:48 +0100[diff] [blame]1217 } else
1218 rfcomm_dlc_accept(d);
Marcel Holtmann8c1b2352009-01-15 21:58:04 +0100[diff] [blame]1219 } else {
1220 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1221 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
Marcel Holtmannbb23c0a2009-01-15 21:56:48 +0100[diff] [blame]1222 }
1223}
1224
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1225static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1226{
1227 struct rfcomm_dlc *d;
1228 u8 channel;
1229
1230 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1231
1232 if (!dlci) {
1233 rfcomm_send_ua(s, 0);
1234
1235 if (s->state == BT_OPEN) {
1236 s->state = BT_CONNECTED;
1237 rfcomm_process_connect(s);
1238 }
1239 return 0;
1240 }
1241
1242 /* Check if DLC exists */
1243 d = rfcomm_dlc_get(s, dlci);
1244 if (d) {
1245 if (d->state == BT_OPEN) {
1246 /* DLC was previously opened by PN request */
Marcel Holtmannbb23c0a2009-01-15 21:56:48 +0100[diff] [blame]1247 rfcomm_check_accept(d);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1248 }
1249 return 0;
1250 }
1251
1252 /* Notify socket layer about incoming connection */
1253 channel = __srv_channel(dlci);
1254 if (rfcomm_connect_ind(s, channel, &d)) {
1255 d->dlci = dlci;
1256 d->addr = __addr(s->initiator, dlci);
1257 rfcomm_dlc_link(s, d);
1258
Marcel Holtmannbb23c0a2009-01-15 21:56:48 +0100[diff] [blame]1259 rfcomm_check_accept(d);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1260 } else {
1261 rfcomm_send_dm(s, dlci);
1262 }
1263
1264 return 0;
1265}
1266
1267static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1268{
1269 struct rfcomm_session *s = d->session;
1270
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900[diff] [blame]1271 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1272 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1273
Marcel Holtmann7c2660b2006-07-03 10:02:51 +0200[diff] [blame]1274 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1275 pn->flow_ctrl == 0xe0) {
1276 d->cfc = RFCOMM_CFC_ENABLED;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1277 d->tx_credits = pn->credits;
1278 } else {
Marcel Holtmann7c2660b2006-07-03 10:02:51 +0200[diff] [blame]1279 d->cfc = RFCOMM_CFC_DISABLED;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1280 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1281 }
1282
Marcel Holtmann7c2660b2006-07-03 10:02:51 +0200[diff] [blame]1283 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1284 s->cfc = d->cfc;
1285
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1286 d->priority = pn->priority;
1287
Marcel Holtmann98bcd082006-07-14 11:42:12 +0200[diff] [blame]1288 d->mtu = btohs(pn->mtu);
1289
1290 if (cr && d->mtu > s->mtu)
1291 d->mtu = s->mtu;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1292
1293 return 0;
1294}
1295
1296static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1297{
1298 struct rfcomm_pn *pn = (void *) skb->data;
1299 struct rfcomm_dlc *d;
1300 u8 dlci = pn->dlci;
1301
1302 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1303
1304 if (!dlci)
1305 return 0;
1306
1307 d = rfcomm_dlc_get(s, dlci);
1308 if (d) {
1309 if (cr) {
1310 /* PN request */
1311 rfcomm_apply_pn(d, cr, pn);
1312 rfcomm_send_pn(s, 0, d);
1313 } else {
1314 /* PN response */
1315 switch (d->state) {
1316 case BT_CONFIG:
1317 rfcomm_apply_pn(d, cr, pn);
1318
1319 d->state = BT_CONNECT;
1320 rfcomm_send_sabm(s, d->dlci);
1321 break;
1322 }
1323 }
1324 } else {
1325 u8 channel = __srv_channel(dlci);
1326
1327 if (!cr)
1328 return 0;
1329
1330 /* PN request for non existing DLC.
1331 * Assume incoming connection. */
1332 if (rfcomm_connect_ind(s, channel, &d)) {
1333 d->dlci = dlci;
1334 d->addr = __addr(s->initiator, dlci);
1335 rfcomm_dlc_link(s, d);
1336
1337 rfcomm_apply_pn(d, cr, pn);
1338
1339 d->state = BT_OPEN;
1340 rfcomm_send_pn(s, 0, d);
1341 } else {
1342 rfcomm_send_dm(s, dlci);
1343 }
1344 }
1345 return 0;
1346}
1347
1348static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1349{
1350 struct rfcomm_rpn *rpn = (void *) skb->data;
1351 u8 dlci = __get_dlci(rpn->dlci);
1352
1353 u8 bit_rate = 0;
1354 u8 data_bits = 0;
1355 u8 stop_bits = 0;
1356 u8 parity = 0;
1357 u8 flow_ctrl = 0;
1358 u8 xon_char = 0;
1359 u8 xoff_char = 0;
1360 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1361
1362 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1363 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1364 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1365
1366 if (!cr)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1367 return 0;
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1368
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1369 if (len == 1) {
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1370 /* This is a request, return default settings */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1371 bit_rate = RFCOMM_RPN_BR_115200;
1372 data_bits = RFCOMM_RPN_DATA_8;
1373 stop_bits = RFCOMM_RPN_STOP_1;
1374 parity = RFCOMM_RPN_PARITY_NONE;
1375 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1376 xon_char = RFCOMM_RPN_XON_CHAR;
1377 xoff_char = RFCOMM_RPN_XOFF_CHAR;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1378 goto rpn_out;
1379 }
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1380
1381 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1382 * no parity, no flow control lines, normal XON/XOFF chars */
1383
Al Viroe8db8c92006-11-08 00:28:44 -0800[diff] [blame]1384 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1385 bit_rate = rpn->bit_rate;
1386 if (bit_rate != RFCOMM_RPN_BR_115200) {
1387 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1388 bit_rate = RFCOMM_RPN_BR_115200;
1389 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1390 }
1391 }
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1392
Al Viroe8db8c92006-11-08 00:28:44 -0800[diff] [blame]1393 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1394 data_bits = __get_rpn_data_bits(rpn->line_settings);
1395 if (data_bits != RFCOMM_RPN_DATA_8) {
1396 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1397 data_bits = RFCOMM_RPN_DATA_8;
1398 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1399 }
1400 }
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1401
Al Viroe8db8c92006-11-08 00:28:44 -0800[diff] [blame]1402 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1403 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1404 if (stop_bits != RFCOMM_RPN_STOP_1) {
1405 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1406 stop_bits = RFCOMM_RPN_STOP_1;
1407 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1408 }
1409 }
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1410
Al Viroe8db8c92006-11-08 00:28:44 -0800[diff] [blame]1411 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1412 parity = __get_rpn_parity(rpn->line_settings);
1413 if (parity != RFCOMM_RPN_PARITY_NONE) {
1414 BT_DBG("RPN parity mismatch 0x%x", parity);
1415 parity = RFCOMM_RPN_PARITY_NONE;
1416 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1417 }
1418 }
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1419
Al Viroe8db8c92006-11-08 00:28:44 -0800[diff] [blame]1420 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1421 flow_ctrl = rpn->flow_ctrl;
1422 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1423 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1424 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1425 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1426 }
1427 }
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1428
Al Viroe8db8c92006-11-08 00:28:44 -0800[diff] [blame]1429 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1430 xon_char = rpn->xon_char;
1431 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1432 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1433 xon_char = RFCOMM_RPN_XON_CHAR;
1434 rpn_mask ^= RFCOMM_RPN_PM_XON;
1435 }
1436 }
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1437
Al Viroe8db8c92006-11-08 00:28:44 -0800[diff] [blame]1438 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1439 xoff_char = rpn->xoff_char;
1440 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1441 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1442 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1443 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1444 }
1445 }
1446
1447rpn_out:
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1448 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1449 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1450
1451 return 0;
1452}
1453
1454static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1455{
1456 struct rfcomm_rls *rls = (void *) skb->data;
1457 u8 dlci = __get_dlci(rls->dlci);
1458
1459 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1460
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1461 if (!cr)
1462 return 0;
1463
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1464 /* We should probably do something with this information here. But
1465 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1466 * mandatory to recognise and respond to RLS */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1467
1468 rfcomm_send_rls(s, 0, dlci, rls->status);
1469
1470 return 0;
1471}
1472
1473static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1474{
1475 struct rfcomm_msc *msc = (void *) skb->data;
1476 struct rfcomm_dlc *d;
1477 u8 dlci = __get_dlci(msc->dlci);
1478
1479 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1480
1481 d = rfcomm_dlc_get(s, dlci);
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1482 if (!d)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1483 return 0;
1484
1485 if (cr) {
1486 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1487 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1488 else
1489 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1490
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1491 rfcomm_dlc_lock(d);
Marcel Holtmann8b6b3da2008-07-14 20:13:52 +0200[diff] [blame]1492
1493 d->remote_v24_sig = msc->v24_sig;
1494
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1495 if (d->modem_status)
1496 d->modem_status(d, msc->v24_sig);
Marcel Holtmann8b6b3da2008-07-14 20:13:52 +0200[diff] [blame]1497
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1498 rfcomm_dlc_unlock(d);
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900[diff] [blame]1499
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1500 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1501
1502 d->mscex |= RFCOMM_MSCEX_RX;
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1503 } else
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1504 d->mscex |= RFCOMM_MSCEX_TX;
1505
1506 return 0;
1507}
1508
1509static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1510{
1511 struct rfcomm_mcc *mcc = (void *) skb->data;
1512 u8 type, cr, len;
1513
1514 cr = __test_cr(mcc->type);
1515 type = __get_mcc_type(mcc->type);
1516 len = __get_mcc_len(mcc->len);
1517
1518 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1519
1520 skb_pull(skb, 2);
1521
1522 switch (type) {
1523 case RFCOMM_PN:
1524 rfcomm_recv_pn(s, cr, skb);
1525 break;
1526
1527 case RFCOMM_RPN:
1528 rfcomm_recv_rpn(s, cr, len, skb);
1529 break;
1530
1531 case RFCOMM_RLS:
1532 rfcomm_recv_rls(s, cr, skb);
1533 break;
1534
1535 case RFCOMM_MSC:
1536 rfcomm_recv_msc(s, cr, skb);
1537 break;
1538
1539 case RFCOMM_FCOFF:
1540 if (cr) {
1541 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1542 rfcomm_send_fcoff(s, 0);
1543 }
1544 break;
1545
1546 case RFCOMM_FCON:
1547 if (cr) {
1548 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1549 rfcomm_send_fcon(s, 0);
1550 }
1551 break;
1552
1553 case RFCOMM_TEST:
1554 if (cr)
1555 rfcomm_send_test(s, 0, skb->data, skb->len);
1556 break;
1557
1558 case RFCOMM_NSC:
1559 break;
1560
1561 default:
1562 BT_ERR("Unknown control type 0x%02x", type);
1563 rfcomm_send_nsc(s, cr, type);
1564 break;
1565 }
1566 return 0;
1567}
1568
1569static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1570{
1571 struct rfcomm_dlc *d;
1572
1573 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1574
1575 d = rfcomm_dlc_get(s, dlci);
1576 if (!d) {
1577 rfcomm_send_dm(s, dlci);
1578 goto drop;
1579 }
1580
1581 if (pf && d->cfc) {
1582 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1583
1584 d->tx_credits += credits;
1585 if (d->tx_credits)
1586 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1587 }
1588
1589 if (skb->len && d->state == BT_CONNECTED) {
1590 rfcomm_dlc_lock(d);
1591 d->rx_credits--;
1592 d->data_ready(d, skb);
1593 rfcomm_dlc_unlock(d);
1594 return 0;
1595 }
1596
1597drop:
1598 kfree_skb(skb);
1599 return 0;
1600}
1601
1602static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1603{
1604 struct rfcomm_hdr *hdr = (void *) skb->data;
1605 u8 type, dlci, fcs;
1606
1607 dlci = __get_dlci(hdr->addr);
1608 type = __get_type(hdr->ctrl);
1609
1610 /* Trim FCS */
1611 skb->len--; skb->tail--;
Arnaldo Carvalho de Melo27a884d2007-04-19 20:29:13 -0700[diff] [blame]1612 fcs = *(u8 *)skb_tail_pointer(skb);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1613
1614 if (__check_fcs(skb->data, type, fcs)) {
1615 BT_ERR("bad checksum in packet");
1616 kfree_skb(skb);
1617 return -EILSEQ;
1618 }
1619
1620 if (__test_ea(hdr->len))
1621 skb_pull(skb, 3);
1622 else
1623 skb_pull(skb, 4);
1624
1625 switch (type) {
1626 case RFCOMM_SABM:
1627 if (__test_pf(hdr->ctrl))
1628 rfcomm_recv_sabm(s, dlci);
1629 break;
1630
1631 case RFCOMM_DISC:
1632 if (__test_pf(hdr->ctrl))
1633 rfcomm_recv_disc(s, dlci);
1634 break;
1635
1636 case RFCOMM_UA:
1637 if (__test_pf(hdr->ctrl))
1638 rfcomm_recv_ua(s, dlci);
1639 break;
1640
1641 case RFCOMM_DM:
1642 rfcomm_recv_dm(s, dlci);
1643 break;
1644
1645 case RFCOMM_UIH:
1646 if (dlci)
1647 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1648
1649 rfcomm_recv_mcc(s, skb);
1650 break;
1651
1652 default:
1653 BT_ERR("Unknown packet type 0x%02x\n", type);
1654 break;
1655 }
1656 kfree_skb(skb);
1657 return 0;
1658}
1659
1660/* ---- Connection and data processing ---- */
1661
1662static void rfcomm_process_connect(struct rfcomm_session *s)
1663{
1664 struct rfcomm_dlc *d;
1665 struct list_head *p, *n;
1666
1667 BT_DBG("session %p state %ld", s, s->state);
1668
1669 list_for_each_safe(p, n, &s->dlcs) {
1670 d = list_entry(p, struct rfcomm_dlc, list);
1671 if (d->state == BT_CONFIG) {
1672 d->mtu = s->mtu;
Marcel Holtmann9f2c8a02009-01-15 21:58:40 +0100[diff] [blame]1673 if (rfcomm_check_security(d)) {
Marcel Holtmann8c1b2352009-01-15 21:58:04 +0100[diff] [blame]1674 rfcomm_send_pn(s, 1, d);
1675 } else {
Marcel Holtmann77db1982008-07-14 20:13:45 +0200[diff] [blame]1676 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1677 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
Marcel Holtmann8c1b2352009-01-15 21:58:04 +0100[diff] [blame]1678 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1679 }
1680 }
1681}
1682
1683/* Send data queued for the DLC.
1684 * Return number of frames left in the queue.
1685 */
1686static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1687{
1688 struct sk_buff *skb;
1689 int err;
1690
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900[diff] [blame]1691 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1692 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1693
1694 /* Send pending MSC */
1695 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900[diff] [blame]1696 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1697
1698 if (d->cfc) {
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900[diff] [blame]1699 /* CFC enabled.
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1700 * Give them some credits */
1701 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900[diff] [blame]1702 d->rx_credits <= (d->cfc >> 2)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1703 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1704 d->rx_credits = d->cfc;
1705 }
1706 } else {
1707 /* CFC disabled.
1708 * Give ourselves some credits */
1709 d->tx_credits = 5;
1710 }
1711
1712 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1713 return skb_queue_len(&d->tx_queue);
1714
1715 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1716 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1717 if (err < 0) {
1718 skb_queue_head(&d->tx_queue, skb);
1719 break;
1720 }
1721 kfree_skb(skb);
1722 d->tx_credits--;
1723 }
1724
1725 if (d->cfc && !d->tx_credits) {
1726 /* We're out of TX credits.
1727 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1728 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1729 }
1730
1731 return skb_queue_len(&d->tx_queue);
1732}
1733
1734static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1735{
1736 struct rfcomm_dlc *d;
1737 struct list_head *p, *n;
1738
1739 BT_DBG("session %p state %ld", s, s->state);
1740
1741 list_for_each_safe(p, n, &s->dlcs) {
1742 d = list_entry(p, struct rfcomm_dlc, list);
1743
1744 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1745 __rfcomm_dlc_close(d, ETIMEDOUT);
1746 continue;
1747 }
1748
1749 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1750 rfcomm_dlc_clear_timer(d);
Marcel Holtmann77db1982008-07-14 20:13:45 +0200[diff] [blame]1751 if (d->out) {
1752 rfcomm_send_pn(s, 1, d);
1753 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
Marcel Holtmannbb23c0a2009-01-15 21:56:48 +0100[diff] [blame]1754 } else {
1755 if (d->defer_setup) {
1756 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1757 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
Marcel Holtmann8bf47942009-02-16 02:59:49 +0100[diff] [blame]1758
1759 rfcomm_dlc_lock(d);
1760 d->state = BT_CONNECT2;
1761 d->state_change(d, 0);
1762 rfcomm_dlc_unlock(d);
Marcel Holtmannbb23c0a2009-01-15 21:56:48 +0100[diff] [blame]1763 } else
1764 rfcomm_dlc_accept(d);
1765 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1766 continue;
1767 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1768 rfcomm_dlc_clear_timer(d);
Marcel Holtmann77db1982008-07-14 20:13:45 +0200[diff] [blame]1769 if (!d->out)
1770 rfcomm_send_dm(s, d->dlci);
1771 else
1772 d->state = BT_CLOSED;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1773 __rfcomm_dlc_close(d, ECONNREFUSED);
1774 continue;
1775 }
1776
Jaikumar Ganesh6e1031a2009-02-02 18:03:57 -0800[diff] [blame]1777 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1778 continue;
1779
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1780 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1781 continue;
1782
1783 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
Marcel Holtmann77db1982008-07-14 20:13:45 +0200[diff] [blame]1784 d->mscex == RFCOMM_MSCEX_OK)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1785 rfcomm_process_tx(d);
1786 }
1787}
1788
1789static inline void rfcomm_process_rx(struct rfcomm_session *s)
1790{
1791 struct socket *sock = s->sock;
1792 struct sock *sk = sock->sk;
1793 struct sk_buff *skb;
1794
1795 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1796
1797 /* Get data directly from socket receive queue without copying it. */
1798 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1799 skb_orphan(skb);
1800 rfcomm_recv_frame(s, skb);
1801 }
1802
1803 if (sk->sk_state == BT_CLOSED) {
1804 if (!s->initiator)
1805 rfcomm_session_put(s);
1806
1807 rfcomm_session_close(s, sk->sk_err);
1808 }
1809}
1810
1811static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1812{
1813 struct socket *sock = s->sock, *nsock;
1814 int err;
1815
1816 /* Fast check for a new connection.
1817 * Avoids unnesesary socket allocations. */
1818 if (list_empty(&bt_sk(sock->sk)->accept_q))
1819 return;
1820
1821 BT_DBG("session %p", s);
1822
Marcel Holtmann48db9ca2007-05-05 00:36:06 +0200[diff] [blame]1823 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1824 if (err < 0)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1825 return;
1826
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1827 /* Set our callbacks */
1828 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1829 nsock->sk->sk_state_change = rfcomm_l2state_change;
1830
1831 s = rfcomm_session_add(nsock, BT_OPEN);
1832 if (s) {
1833 rfcomm_session_hold(s);
Marcel Holtmann98bcd082006-07-14 11:42:12 +0200[diff] [blame]1834
1835 /* We should adjust MTU on incoming sessions.
1836 * L2CAP MTU minus UIH header and FCS. */
1837 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5;
1838
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1839 rfcomm_schedule(RFCOMM_SCHED_RX);
1840 } else
1841 sock_release(nsock);
1842}
1843
1844static inline void rfcomm_check_connection(struct rfcomm_session *s)
1845{
1846 struct sock *sk = s->sock->sk;
1847
1848 BT_DBG("%p state %ld", s, s->state);
1849
1850 switch(sk->sk_state) {
1851 case BT_CONNECTED:
1852 s->state = BT_CONNECT;
1853
1854 /* We can adjust MTU on outgoing sessions.
1855 * L2CAP MTU minus UIH header and FCS. */
1856 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1857
1858 rfcomm_send_sabm(s, 0);
1859 break;
1860
1861 case BT_CLOSED:
1862 s->state = BT_CLOSED;
1863 rfcomm_session_close(s, sk->sk_err);
1864 break;
1865 }
1866}
1867
1868static inline void rfcomm_process_sessions(void)
1869{
1870 struct list_head *p, *n;
1871
1872 rfcomm_lock();
1873
1874 list_for_each_safe(p, n, &session_list) {
1875 struct rfcomm_session *s;
1876 s = list_entry(p, struct rfcomm_session, list);
1877
1878 if (s->state == BT_LISTEN) {
1879 rfcomm_accept_connection(s);
1880 continue;
1881 }
1882
1883 rfcomm_session_hold(s);
1884
1885 switch (s->state) {
1886 case BT_BOUND:
1887 rfcomm_check_connection(s);
1888 break;
1889
1890 default:
1891 rfcomm_process_rx(s);
1892 break;
1893 }
1894
1895 rfcomm_process_dlcs(s);
1896
1897 rfcomm_session_put(s);
1898 }
1899
1900 rfcomm_unlock();
1901}
1902
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1903static int rfcomm_add_listener(bdaddr_t *ba)
1904{
1905 struct sockaddr_l2 addr;
1906 struct socket *sock;
1907 struct sock *sk;
1908 struct rfcomm_session *s;
1909 int err = 0;
1910
1911 /* Create socket */
1912 err = rfcomm_l2sock_create(&sock);
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900[diff] [blame]1913 if (err < 0) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1914 BT_ERR("Create socket failed %d", err);
1915 return err;
1916 }
1917
1918 /* Bind socket */
1919 bacpy(&addr.l2_bdaddr, ba);
1920 addr.l2_family = AF_BLUETOOTH;
1921 addr.l2_psm = htobs(RFCOMM_PSM);
Marcel Holtmann48db9ca2007-05-05 00:36:06 +0200[diff] [blame]1922 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1923 if (err < 0) {
1924 BT_ERR("Bind failed %d", err);
1925 goto failed;
1926 }
1927
1928 /* Set L2CAP options */
1929 sk = sock->sk;
1930 lock_sock(sk);
Marcel Holtmann56f3a402006-02-13 11:39:57 +0100[diff] [blame]1931 l2cap_pi(sk)->imtu = l2cap_mtu;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1932 release_sock(sk);
1933
1934 /* Start listening on the socket */
Marcel Holtmann48db9ca2007-05-05 00:36:06 +0200[diff] [blame]1935 err = kernel_listen(sock, 10);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1936 if (err) {
1937 BT_ERR("Listen failed %d", err);
1938 goto failed;
1939 }
1940
1941 /* Add listening session */
1942 s = rfcomm_session_add(sock, BT_LISTEN);
1943 if (!s)
1944 goto failed;
1945
1946 rfcomm_session_hold(s);
1947 return 0;
1948failed:
1949 sock_release(sock);
1950 return err;
1951}
1952
1953static void rfcomm_kill_listener(void)
1954{
1955 struct rfcomm_session *s;
1956 struct list_head *p, *n;
1957
1958 BT_DBG("");
1959
1960 list_for_each_safe(p, n, &session_list) {
1961 s = list_entry(p, struct rfcomm_session, list);
1962 rfcomm_session_del(s);
1963 }
1964}
1965
1966static int rfcomm_run(void *unused)
1967{
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1968 BT_DBG("");
1969
Marcel Holtmanna524ecc2007-10-20 21:37:20 +0200[diff] [blame]1970 set_user_nice(current, -10);
1971
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1972 rfcomm_add_listener(BDADDR_ANY);
1973
Marcel Holtmanna524ecc2007-10-20 21:37:20 +0200[diff] [blame]1974 while (!kthread_should_stop()) {
1975 set_current_state(TASK_INTERRUPTIBLE);
1976 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1977 /* No pending events. Let's sleep.
1978 * Incoming connections and data will wake us up. */
1979 schedule();
1980 }
1981 set_current_state(TASK_RUNNING);
1982
1983 /* Process stuff */
1984 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1985 rfcomm_process_sessions();
1986 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1987
1988 rfcomm_kill_listener();
1989
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1990 return 0;
1991}
1992
Marcel Holtmann8c1b2352009-01-15 21:58:04 +0100[diff] [blame]1993static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1994{
1995 struct rfcomm_session *s;
1996 struct rfcomm_dlc *d;
1997 struct list_head *p, *n;
1998
1999 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2000
2001 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2002 if (!s)
2003 return;
2004
2005 rfcomm_session_hold(s);
2006
2007 list_for_each_safe(p, n, &s->dlcs) {
2008 d = list_entry(p, struct rfcomm_dlc, list);
2009
Marcel Holtmann8c84b832009-01-16 08:17:51 +0100[diff] [blame]2010 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2011 rfcomm_dlc_clear_timer(d);
2012 if (status || encrypt == 0x00) {
2013 __rfcomm_dlc_close(d, ECONNREFUSED);
2014 continue;
2015 }
2016 }
2017
2018 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2019 if (d->sec_level == BT_SECURITY_MEDIUM) {
2020 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2021 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2022 continue;
2023 } else if (d->sec_level == BT_SECURITY_HIGH) {
2024 __rfcomm_dlc_close(d, ECONNREFUSED);
2025 continue;
2026 }
Marcel Holtmann9719f8a2008-07-14 20:13:45 +0200[diff] [blame]2027 }
2028
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2029 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2030 continue;
2031
Marcel Holtmann8c1b2352009-01-15 21:58:04 +0100[diff] [blame]2032 if (!status)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2033 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2034 else
2035 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2036 }
2037
2038 rfcomm_session_put(s);
2039
2040 rfcomm_schedule(RFCOMM_SCHED_AUTH);
2041}
2042
2043static struct hci_cb rfcomm_cb = {
2044 .name = "RFCOMM",
Marcel Holtmann8c1b2352009-01-15 21:58:04 +0100[diff] [blame]2045 .security_cfm = rfcomm_security_cfm
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2046};
2047
Marcel Holtmannbe9d1222005-11-08 09:57:38 -0800[diff] [blame]2048static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2049{
2050 struct rfcomm_session *s;
2051 struct list_head *pp, *p;
Marcel Holtmannbe9d1222005-11-08 09:57:38 -0800[diff] [blame]2052 char *str = buf;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2053
2054 rfcomm_lock();
2055
2056 list_for_each(p, &session_list) {
2057 s = list_entry(p, struct rfcomm_session, list);
Marcel Holtmannbe9d1222005-11-08 09:57:38 -0800[diff] [blame]2058 list_for_each(pp, &s->dlcs) {
2059 struct sock *sk = s->sock->sk;
2060 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2061
Marcel Holtmannbe9d1222005-11-08 09:57:38 -0800[diff] [blame]2062 str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2063 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2064 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2065 }
2066 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2067
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2068 rfcomm_unlock();
Marcel Holtmannbe9d1222005-11-08 09:57:38 -0800[diff] [blame]2069
2070 return (str - buf);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2071}
2072
Marcel Holtmannbe9d1222005-11-08 09:57:38 -0800[diff] [blame]2073static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2074
2075/* ---- Initialization ---- */
2076static int __init rfcomm_init(void)
2077{
2078 l2cap_load();
2079
2080 hci_register_cb(&rfcomm_cb);
2081
Marcel Holtmanna524ecc2007-10-20 21:37:20 +0200[diff] [blame]2082 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2083 if (IS_ERR(rfcomm_thread)) {
2084 hci_unregister_cb(&rfcomm_cb);
2085 return PTR_ERR(rfcomm_thread);
2086 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2087
Marcel Holtmanndf5c37e2006-10-15 17:30:45 +0200[diff] [blame]2088 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0)
2089 BT_ERR("Failed to create RFCOMM info file");
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2090
2091 rfcomm_init_sockets();
2092
2093#ifdef CONFIG_BT_RFCOMM_TTY
2094 rfcomm_init_ttys();
2095#endif
2096
Marcel Holtmannbe9d1222005-11-08 09:57:38 -0800[diff] [blame]2097 BT_INFO("RFCOMM ver %s", VERSION);
2098
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2099 return 0;
2100}
2101
2102static void __exit rfcomm_exit(void)
2103{
Marcel Holtmanna91f2e32006-07-03 10:02:41 +0200[diff] [blame]2104 class_remove_file(bt_class, &class_attr_rfcomm_dlc);
Marcel Holtmannbe9d1222005-11-08 09:57:38 -0800[diff] [blame]2105
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2106 hci_unregister_cb(&rfcomm_cb);
2107
Marcel Holtmanna524ecc2007-10-20 21:37:20 +0200[diff] [blame]2108 kthread_stop(rfcomm_thread);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2109
2110#ifdef CONFIG_BT_RFCOMM_TTY
2111 rfcomm_cleanup_ttys();
2112#endif
2113
2114 rfcomm_cleanup_sockets();
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2115}
2116
2117module_init(rfcomm_init);
2118module_exit(rfcomm_exit);
2119
Marcel Holtmann7c2660b2006-07-03 10:02:51 +0200[diff] [blame]2120module_param(disable_cfc, bool, 0644);
2121MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2122
Marcel Holtmann98bcd082006-07-14 11:42:12 +0200[diff] [blame]2123module_param(channel_mtu, int, 0644);
2124MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2125
Marcel Holtmann56f3a402006-02-13 11:39:57 +0100[diff] [blame]2126module_param(l2cap_mtu, uint, 0644);
2127MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2128
Marcel Holtmann63fbd242008-08-18 13:23:53 +0200[diff] [blame]2129MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2130MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2131MODULE_VERSION(VERSION);
2132MODULE_LICENSE("GPL");
2133MODULE_ALIAS("bt-proto-3");