blob: 201fdf73720933f9fbbbb3bea3bedd1db6d5bbcf [file] [log] [blame]
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001/*
Linus Torvalds1da177e2005-04-16 15:20:36 -07002 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +090014 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
Linus Torvalds1da177e2005-04-16 15:20:36 -070017 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +090019 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
Linus Torvalds1da177e2005-04-16 15:20:36 -070021 SOFTWARE IS DISCLAIMED.
22*/
23
Linus Torvalds1da177e2005-04-16 15:20:36 -070024/*
25 * Bluetooth RFCOMM core.
Linus Torvalds1da177e2005-04-16 15:20:36 -070026 */
27
Linus Torvalds1da177e2005-04-16 15:20:36 -070028#include <linux/module.h>
Marcel Holtmannaef7d972010-03-21 05:27:45 +010029#include <linux/debugfs.h>
Marcel Holtmanna524ecc2007-10-20 21:37:20 +020030#include <linux/kthread.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070031#include <asm/unaligned.h>
32
33#include <net/bluetooth/bluetooth.h>
34#include <net/bluetooth/hci_core.h>
35#include <net/bluetooth/l2cap.h>
36#include <net/bluetooth/rfcomm.h>
37
Marcel Holtmann5f9018a2009-01-16 10:09:50 +010038#define VERSION "1.11"
Marcel Holtmann56f3a402006-02-13 11:39:57 +010039
Rusty Russelleb939922011-12-19 14:08:01 +000040static bool disable_cfc;
41static bool l2cap_ertm;
Marcel Holtmann98bcd082006-07-14 11:42:12 +020042static int channel_mtu = -1;
Marcel Holtmann56f3a402006-02-13 11:39:57 +010043static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
44
Linus Torvalds1da177e2005-04-16 15:20:36 -070045static struct task_struct *rfcomm_thread;
46
Arjan van de Ven4a3e2f72006-03-20 22:33:17 -080047static DEFINE_MUTEX(rfcomm_mutex);
48#define rfcomm_lock() mutex_lock(&rfcomm_mutex)
49#define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
Linus Torvalds1da177e2005-04-16 15:20:36 -070050
Linus Torvalds1da177e2005-04-16 15:20:36 -070051
52static LIST_HEAD(session_list);
Linus Torvalds1da177e2005-04-16 15:20:36 -070053
Gustavo F. Padovan54365382011-12-20 16:30:44 -020054static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
Linus Torvalds1da177e2005-04-16 15:20:36 -070055static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
56static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
57static int rfcomm_queue_disc(struct rfcomm_dlc *d);
58static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
59static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
60static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
61static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
62static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
63static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
64
65static void rfcomm_process_connect(struct rfcomm_session *s);
66
Luiz Augusto von Dentz63ce0902010-08-19 14:06:10 +030067static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
68 bdaddr_t *dst,
69 u8 sec_level,
70 int *err);
Linus Torvalds1da177e2005-04-16 15:20:36 -070071static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
72static void rfcomm_session_del(struct rfcomm_session *s);
73
74/* ---- RFCOMM frame parsing macros ---- */
75#define __get_dlci(b) ((b & 0xfc) >> 2)
76#define __get_channel(b) ((b & 0xf8) >> 3)
77#define __get_dir(b) ((b & 0x04) >> 2)
78#define __get_type(b) ((b & 0xef))
79
80#define __test_ea(b) ((b & 0x01))
81#define __test_cr(b) ((b & 0x02))
82#define __test_pf(b) ((b & 0x10))
83
84#define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
85#define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
86#define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
87#define __srv_channel(dlci) (dlci >> 1)
88#define __dir(dlci) (dlci & 0x01)
89
90#define __len8(len) (((len) << 1) | 1)
91#define __len16(len) ((len) << 1)
92
93/* MCC macros */
94#define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
95#define __get_mcc_type(b) ((b & 0xfc) >> 2)
96#define __get_mcc_len(b) ((b & 0xfe) >> 1)
97
98/* RPN macros */
J. Suter3a5e9032005-08-09 20:28:46 -070099#define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
Linus Torvalds1da177e2005-04-16 15:20:36 -0700100#define __get_rpn_data_bits(line) ((line) & 0x3)
101#define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
J. Suter3a5e9032005-08-09 20:28:46 -0700102#define __get_rpn_parity(line) (((line) >> 3) & 0x7)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700103
Gustavo Padovan6039aa732012-05-23 04:04:18 -0300104static void rfcomm_schedule(void)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700105{
106 if (!rfcomm_thread)
107 return;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700108 wake_up_process(rfcomm_thread);
109}
110
Gustavo Padovan6039aa732012-05-23 04:04:18 -0300111static void rfcomm_session_put(struct rfcomm_session *s)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700112{
113 if (atomic_dec_and_test(&s->refcnt))
114 rfcomm_session_del(s);
115}
116
117/* ---- RFCOMM FCS computation ---- */
118
Marcel Holtmann408c1ce2005-10-28 19:20:36 +0200119/* reversed, 8-bit, poly=0x07 */
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900120static unsigned char rfcomm_crc_table[256] = {
Marcel Holtmann408c1ce2005-10-28 19:20:36 +0200121 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
122 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
123 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
124 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
125
126 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
127 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
128 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
129 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
130
131 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
132 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
133 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
134 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
135
136 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
137 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
138 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
139 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
140
141 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
142 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
143 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
144 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
145
146 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
147 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
148 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
149 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
150
151 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
152 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
153 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
154 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
155
156 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
157 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
158 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
159 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
160};
161
Linus Torvalds1da177e2005-04-16 15:20:36 -0700162/* CRC on 2 bytes */
163#define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
164
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900165/* FCS on 2 bytes */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700166static inline u8 __fcs(u8 *data)
167{
Eric Dumazeta02cec22010-09-22 20:43:57 +0000168 return 0xff - __crc(data);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700169}
170
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900171/* FCS on 3 bytes */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700172static inline u8 __fcs2(u8 *data)
173{
Eric Dumazeta02cec22010-09-22 20:43:57 +0000174 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
Linus Torvalds1da177e2005-04-16 15:20:36 -0700175}
176
177/* Check FCS */
178static inline int __check_fcs(u8 *data, int type, u8 fcs)
179{
180 u8 f = __crc(data);
181
182 if (type != RFCOMM_UIH)
183 f = rfcomm_crc_table[f ^ data[2]];
184
185 return rfcomm_crc_table[f ^ fcs] != 0xcf;
186}
187
188/* ---- L2CAP callbacks ---- */
189static void rfcomm_l2state_change(struct sock *sk)
190{
191 BT_DBG("%p state %d", sk, sk->sk_state);
Andrei Emeltchenko534c92f2010-10-01 12:05:11 +0300192 rfcomm_schedule();
Linus Torvalds1da177e2005-04-16 15:20:36 -0700193}
194
195static void rfcomm_l2data_ready(struct sock *sk, int bytes)
196{
197 BT_DBG("%p bytes %d", sk, bytes);
Andrei Emeltchenko534c92f2010-10-01 12:05:11 +0300198 rfcomm_schedule();
Linus Torvalds1da177e2005-04-16 15:20:36 -0700199}
200
201static int rfcomm_l2sock_create(struct socket **sock)
202{
203 int err;
204
205 BT_DBG("");
206
207 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
208 if (!err) {
209 struct sock *sk = (*sock)->sk;
210 sk->sk_data_ready = rfcomm_l2data_ready;
211 sk->sk_state_change = rfcomm_l2state_change;
212 }
213 return err;
214}
215
Gustavo Padovan6039aa732012-05-23 04:04:18 -0300216static int rfcomm_check_security(struct rfcomm_dlc *d)
Marcel Holtmann77db1982008-07-14 20:13:45 +0200217{
218 struct sock *sk = d->session->sock->sk;
Gustavo F. Padovan8c1d7872011-04-13 20:23:55 -0300219 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
220
Marcel Holtmann0684e5f2009-02-09 02:48:38 +0100221 __u8 auth_type;
Marcel Holtmann77db1982008-07-14 20:13:45 +0200222
Marcel Holtmann0684e5f2009-02-09 02:48:38 +0100223 switch (d->sec_level) {
224 case BT_SECURITY_HIGH:
225 auth_type = HCI_AT_GENERAL_BONDING_MITM;
226 break;
227 case BT_SECURITY_MEDIUM:
228 auth_type = HCI_AT_GENERAL_BONDING;
229 break;
230 default:
231 auth_type = HCI_AT_NO_BONDING;
232 break;
233 }
234
Gustavo F. Padovan8c1d7872011-04-13 20:23:55 -0300235 return hci_conn_security(conn->hcon, d->sec_level, auth_type);
Marcel Holtmann77db1982008-07-14 20:13:45 +0200236}
237
Luiz Augusto von Dentz9e726b12009-07-15 13:50:58 -0300238static void rfcomm_session_timeout(unsigned long arg)
239{
240 struct rfcomm_session *s = (void *) arg;
241
242 BT_DBG("session %p state %ld", s, s->state);
243
244 set_bit(RFCOMM_TIMED_OUT, &s->flags);
Andrei Emeltchenko534c92f2010-10-01 12:05:11 +0300245 rfcomm_schedule();
Luiz Augusto von Dentz9e726b12009-07-15 13:50:58 -0300246}
247
248static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
249{
250 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
251
252 if (!mod_timer(&s->timer, jiffies + timeout))
253 rfcomm_session_hold(s);
254}
255
256static void rfcomm_session_clear_timer(struct rfcomm_session *s)
257{
258 BT_DBG("session %p state %ld", s, s->state);
259
260 if (timer_pending(&s->timer) && del_timer(&s->timer))
261 rfcomm_session_put(s);
262}
263
Linus Torvalds1da177e2005-04-16 15:20:36 -0700264/* ---- RFCOMM DLCs ---- */
265static void rfcomm_dlc_timeout(unsigned long arg)
266{
267 struct rfcomm_dlc *d = (void *) arg;
268
269 BT_DBG("dlc %p state %ld", d, d->state);
270
271 set_bit(RFCOMM_TIMED_OUT, &d->flags);
272 rfcomm_dlc_put(d);
Andrei Emeltchenko534c92f2010-10-01 12:05:11 +0300273 rfcomm_schedule();
Linus Torvalds1da177e2005-04-16 15:20:36 -0700274}
275
276static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
277{
278 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
279
280 if (!mod_timer(&d->timer, jiffies + timeout))
281 rfcomm_dlc_hold(d);
282}
283
284static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
285{
286 BT_DBG("dlc %p state %ld", d, d->state);
287
288 if (timer_pending(&d->timer) && del_timer(&d->timer))
289 rfcomm_dlc_put(d);
290}
291
292static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
293{
294 BT_DBG("%p", d);
295
296 d->state = BT_OPEN;
297 d->flags = 0;
298 d->mscex = 0;
Johan Hedberg183f7322010-12-06 15:56:17 +0200299 d->sec_level = BT_SECURITY_LOW;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700300 d->mtu = RFCOMM_DEFAULT_MTU;
301 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
302
303 d->cfc = RFCOMM_CFC_DISABLED;
304 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
305}
306
Al Virodd0fc662005-10-07 07:46:04 +0100307struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700308{
Marcel Holtmann25ea6db2006-07-06 15:40:09 +0200309 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
310
Linus Torvalds1da177e2005-04-16 15:20:36 -0700311 if (!d)
312 return NULL;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700313
Pavel Emelyanovb24b8a22008-01-23 21:20:07 -0800314 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700315
316 skb_queue_head_init(&d->tx_queue);
317 spin_lock_init(&d->lock);
318 atomic_set(&d->refcnt, 1);
319
320 rfcomm_dlc_clear_state(d);
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900321
Linus Torvalds1da177e2005-04-16 15:20:36 -0700322 BT_DBG("%p", d);
Marcel Holtmann25ea6db2006-07-06 15:40:09 +0200323
Linus Torvalds1da177e2005-04-16 15:20:36 -0700324 return d;
325}
326
327void rfcomm_dlc_free(struct rfcomm_dlc *d)
328{
329 BT_DBG("%p", d);
330
331 skb_queue_purge(&d->tx_queue);
332 kfree(d);
333}
334
335static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
336{
337 BT_DBG("dlc %p session %p", d, s);
338
339 rfcomm_session_hold(s);
340
Luiz Augusto von Dentz9e726b12009-07-15 13:50:58 -0300341 rfcomm_session_clear_timer(s);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700342 rfcomm_dlc_hold(d);
343 list_add(&d->list, &s->dlcs);
344 d->session = s;
345}
346
347static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
348{
349 struct rfcomm_session *s = d->session;
350
351 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
352
353 list_del(&d->list);
354 d->session = NULL;
355 rfcomm_dlc_put(d);
356
Luiz Augusto von Dentz9e726b12009-07-15 13:50:58 -0300357 if (list_empty(&s->dlcs))
358 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
359
Linus Torvalds1da177e2005-04-16 15:20:36 -0700360 rfcomm_session_put(s);
361}
362
363static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
364{
365 struct rfcomm_dlc *d;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700366
Luiz Augusto von Dentz8035ded2011-11-01 10:58:56 +0200367 list_for_each_entry(d, &s->dlcs, list)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700368 if (d->dlci == dlci)
369 return d;
Luiz Augusto von Dentz8035ded2011-11-01 10:58:56 +0200370
Linus Torvalds1da177e2005-04-16 15:20:36 -0700371 return NULL;
372}
373
374static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
375{
376 struct rfcomm_session *s;
377 int err = 0;
378 u8 dlci;
379
Andrei Emeltchenko6ed93dc2012-09-25 12:49:43 +0300380 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d",
381 d, d->state, src, dst, channel);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700382
383 if (channel < 1 || channel > 30)
384 return -EINVAL;
385
386 if (d->state != BT_OPEN && d->state != BT_CLOSED)
387 return 0;
388
389 s = rfcomm_session_get(src, dst);
390 if (!s) {
Luiz Augusto von Dentz63ce0902010-08-19 14:06:10 +0300391 s = rfcomm_session_create(src, dst, d->sec_level, &err);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700392 if (!s)
393 return err;
394 }
395
396 dlci = __dlci(!s->initiator, channel);
397
398 /* Check if DLCI already exists */
399 if (rfcomm_dlc_get(s, dlci))
400 return -EBUSY;
401
402 rfcomm_dlc_clear_state(d);
403
404 d->dlci = dlci;
405 d->addr = __addr(s->initiator, dlci);
406 d->priority = 7;
407
Marcel Holtmann77db1982008-07-14 20:13:45 +0200408 d->state = BT_CONFIG;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700409 rfcomm_dlc_link(s, d);
410
Marcel Holtmann77db1982008-07-14 20:13:45 +0200411 d->out = 1;
412
Linus Torvalds1da177e2005-04-16 15:20:36 -0700413 d->mtu = s->mtu;
414 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
415
Marcel Holtmann77db1982008-07-14 20:13:45 +0200416 if (s->state == BT_CONNECTED) {
Marcel Holtmann9f2c8a02009-01-15 21:58:40 +0100417 if (rfcomm_check_security(d))
Marcel Holtmann77db1982008-07-14 20:13:45 +0200418 rfcomm_send_pn(s, 1, d);
Marcel Holtmann8c1b2352009-01-15 21:58:04 +0100419 else
420 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
Marcel Holtmann77db1982008-07-14 20:13:45 +0200421 }
422
Linus Torvalds1da177e2005-04-16 15:20:36 -0700423 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
Marcel Holtmann77db1982008-07-14 20:13:45 +0200424
Linus Torvalds1da177e2005-04-16 15:20:36 -0700425 return 0;
426}
427
428int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
429{
430 int r;
431
432 rfcomm_lock();
433
434 r = __rfcomm_dlc_open(d, src, dst, channel);
435
436 rfcomm_unlock();
437 return r;
438}
439
440static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
441{
442 struct rfcomm_session *s = d->session;
443 if (!s)
444 return 0;
445
446 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
447 d, d->state, d->dlci, err, s);
448
449 switch (d->state) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700450 case BT_CONNECT:
Marcel Holtmannbb23c0a2009-01-15 21:56:48 +0100451 case BT_CONFIG:
452 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
453 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
Andrei Emeltchenko534c92f2010-10-01 12:05:11 +0300454 rfcomm_schedule();
Marcel Holtmannbb23c0a2009-01-15 21:56:48 +0100455 break;
456 }
457 /* Fall through */
458
459 case BT_CONNECTED:
Linus Torvalds1da177e2005-04-16 15:20:36 -0700460 d->state = BT_DISCONN;
461 if (skb_queue_empty(&d->tx_queue)) {
462 rfcomm_send_disc(s, d->dlci);
463 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
464 } else {
465 rfcomm_queue_disc(d);
466 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
467 }
468 break;
469
Marcel Holtmannbb23c0a2009-01-15 21:56:48 +0100470 case BT_OPEN:
Marcel Holtmann8bf47942009-02-16 02:59:49 +0100471 case BT_CONNECT2:
Marcel Holtmannbb23c0a2009-01-15 21:56:48 +0100472 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
473 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
Andrei Emeltchenko534c92f2010-10-01 12:05:11 +0300474 rfcomm_schedule();
Marcel Holtmannbb23c0a2009-01-15 21:56:48 +0100475 break;
476 }
477 /* Fall through */
478
Linus Torvalds1da177e2005-04-16 15:20:36 -0700479 default:
480 rfcomm_dlc_clear_timer(d);
481
482 rfcomm_dlc_lock(d);
483 d->state = BT_CLOSED;
Dave Young1905f6c2008-04-01 23:59:06 -0700484 d->state_change(d, err);
Arjan van de Ven4c8411f2008-05-29 01:32:47 -0700485 rfcomm_dlc_unlock(d);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700486
487 skb_queue_purge(&d->tx_queue);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700488 rfcomm_dlc_unlink(d);
489 }
490
491 return 0;
492}
493
494int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
495{
496 int r;
497
498 rfcomm_lock();
499
500 r = __rfcomm_dlc_close(d, err);
501
502 rfcomm_unlock();
503 return r;
504}
505
506int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
507{
508 int len = skb->len;
509
510 if (d->state != BT_CONNECTED)
511 return -ENOTCONN;
512
513 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
514
515 if (len > d->mtu)
516 return -EINVAL;
517
518 rfcomm_make_uih(skb, d->addr);
519 skb_queue_tail(&d->tx_queue, skb);
520
521 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
Andrei Emeltchenko534c92f2010-10-01 12:05:11 +0300522 rfcomm_schedule();
Linus Torvalds1da177e2005-04-16 15:20:36 -0700523 return len;
524}
525
Harvey Harrisonb5606c22008-02-13 15:03:16 -0800526void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700527{
528 BT_DBG("dlc %p state %ld", d, d->state);
529
530 if (!d->cfc) {
531 d->v24_sig |= RFCOMM_V24_FC;
532 set_bit(RFCOMM_MSC_PENDING, &d->flags);
533 }
Andrei Emeltchenko534c92f2010-10-01 12:05:11 +0300534 rfcomm_schedule();
Linus Torvalds1da177e2005-04-16 15:20:36 -0700535}
536
Harvey Harrisonb5606c22008-02-13 15:03:16 -0800537void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700538{
539 BT_DBG("dlc %p state %ld", d, d->state);
540
541 if (!d->cfc) {
542 d->v24_sig &= ~RFCOMM_V24_FC;
543 set_bit(RFCOMM_MSC_PENDING, &d->flags);
544 }
Andrei Emeltchenko534c92f2010-10-01 12:05:11 +0300545 rfcomm_schedule();
Linus Torvalds1da177e2005-04-16 15:20:36 -0700546}
547
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900548/*
Linus Torvalds1da177e2005-04-16 15:20:36 -0700549 Set/get modem status functions use _local_ status i.e. what we report
550 to the other side.
551 Remote status is provided by dlc->modem_status() callback.
552 */
553int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
554{
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900555 BT_DBG("dlc %p state %ld v24_sig 0x%x",
Linus Torvalds1da177e2005-04-16 15:20:36 -0700556 d, d->state, v24_sig);
557
558 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
559 v24_sig |= RFCOMM_V24_FC;
560 else
561 v24_sig &= ~RFCOMM_V24_FC;
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900562
Linus Torvalds1da177e2005-04-16 15:20:36 -0700563 d->v24_sig = v24_sig;
564
565 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
Andrei Emeltchenko534c92f2010-10-01 12:05:11 +0300566 rfcomm_schedule();
Linus Torvalds1da177e2005-04-16 15:20:36 -0700567
568 return 0;
569}
570
571int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
572{
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900573 BT_DBG("dlc %p state %ld v24_sig 0x%x",
Linus Torvalds1da177e2005-04-16 15:20:36 -0700574 d, d->state, d->v24_sig);
575
576 *v24_sig = d->v24_sig;
577 return 0;
578}
579
580/* ---- RFCOMM sessions ---- */
581static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
582{
Marcel Holtmann25ea6db2006-07-06 15:40:09 +0200583 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
584
Linus Torvalds1da177e2005-04-16 15:20:36 -0700585 if (!s)
586 return NULL;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700587
588 BT_DBG("session %p sock %p", s, sock);
589
Luiz Augusto von Dentz9e726b12009-07-15 13:50:58 -0300590 setup_timer(&s->timer, rfcomm_session_timeout, (unsigned long) s);
591
Linus Torvalds1da177e2005-04-16 15:20:36 -0700592 INIT_LIST_HEAD(&s->dlcs);
593 s->state = state;
594 s->sock = sock;
595
596 s->mtu = RFCOMM_DEFAULT_MTU;
Marcel Holtmann7c2660b2006-07-03 10:02:51 +0200597 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700598
599 /* Do not increment module usage count for listening sessions.
600 * Otherwise we won't be able to unload the module. */
601 if (state != BT_LISTEN)
602 if (!try_module_get(THIS_MODULE)) {
603 kfree(s);
604 return NULL;
605 }
606
607 list_add(&s->list, &session_list);
608
609 return s;
610}
611
612static void rfcomm_session_del(struct rfcomm_session *s)
613{
614 int state = s->state;
615
616 BT_DBG("session %p state %ld", s, s->state);
617
618 list_del(&s->list);
619
620 if (state == BT_CONNECTED)
621 rfcomm_send_disc(s, 0);
622
Luiz Augusto von Dentz9e726b12009-07-15 13:50:58 -0300623 rfcomm_session_clear_timer(s);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700624 sock_release(s->sock);
625 kfree(s);
626
627 if (state != BT_LISTEN)
628 module_put(THIS_MODULE);
629}
630
631static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
632{
633 struct rfcomm_session *s;
634 struct list_head *p, *n;
635 struct bt_sock *sk;
636 list_for_each_safe(p, n, &session_list) {
637 s = list_entry(p, struct rfcomm_session, list);
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900638 sk = bt_sk(s->sock->sk);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700639
640 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
641 !bacmp(&sk->dst, dst))
642 return s;
643 }
644 return NULL;
645}
646
647static void rfcomm_session_close(struct rfcomm_session *s, int err)
648{
649 struct rfcomm_dlc *d;
650 struct list_head *p, *n;
651
652 BT_DBG("session %p state %ld err %d", s, s->state, err);
653
654 rfcomm_session_hold(s);
655
656 s->state = BT_CLOSED;
657
658 /* Close all dlcs */
659 list_for_each_safe(p, n, &s->dlcs) {
660 d = list_entry(p, struct rfcomm_dlc, list);
661 d->state = BT_CLOSED;
662 __rfcomm_dlc_close(d, err);
663 }
664
Luiz Augusto von Dentz9e726b12009-07-15 13:50:58 -0300665 rfcomm_session_clear_timer(s);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700666 rfcomm_session_put(s);
667}
668
Luiz Augusto von Dentz63ce0902010-08-19 14:06:10 +0300669static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
670 bdaddr_t *dst,
671 u8 sec_level,
672 int *err)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700673{
674 struct rfcomm_session *s = NULL;
675 struct sockaddr_l2 addr;
676 struct socket *sock;
677 struct sock *sk;
678
Andrei Emeltchenko6ed93dc2012-09-25 12:49:43 +0300679 BT_DBG("%pMR -> %pMR", src, dst);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700680
681 *err = rfcomm_l2sock_create(&sock);
682 if (*err < 0)
683 return NULL;
684
685 bacpy(&addr.l2_bdaddr, src);
686 addr.l2_family = AF_BLUETOOTH;
687 addr.l2_psm = 0;
Marcel Holtmann37e62f52009-02-17 21:49:33 +0100688 addr.l2_cid = 0;
Marcel Holtmann48db9ca2007-05-05 00:36:06 +0200689 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
Linus Torvalds1da177e2005-04-16 15:20:36 -0700690 if (*err < 0)
691 goto failed;
692
693 /* Set L2CAP options */
694 sk = sock->sk;
695 lock_sock(sk);
Gustavo F. Padovan0c1bc5c2011-04-13 17:20:49 -0300696 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
Gustavo F. Padovan47d1ec62011-04-13 15:57:03 -0300697 l2cap_pi(sk)->chan->sec_level = sec_level;
Marcel Holtmanneae38ee2009-10-05 12:23:48 +0200698 if (l2cap_ertm)
Gustavo F. Padovan0c1bc5c2011-04-13 17:20:49 -0300699 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700700 release_sock(sk);
701
702 s = rfcomm_session_add(sock, BT_BOUND);
703 if (!s) {
704 *err = -ENOMEM;
705 goto failed;
706 }
707
Linus Torvalds1da177e2005-04-16 15:20:36 -0700708 s->initiator = 1;
709
710 bacpy(&addr.l2_bdaddr, dst);
711 addr.l2_family = AF_BLUETOOTH;
Syam Sidhardhan5bcb8092012-10-10 22:09:29 +0530712 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
Marcel Holtmann37e62f52009-02-17 21:49:33 +0100713 addr.l2_cid = 0;
Marcel Holtmann48db9ca2007-05-05 00:36:06 +0200714 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
Marcel Holtmannb4c612a2006-09-23 09:54:38 +0200715 if (*err == 0 || *err == -EINPROGRESS)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700716 return s;
717
718 rfcomm_session_del(s);
719 return NULL;
720
721failed:
722 sock_release(sock);
723 return NULL;
724}
725
726void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
727{
728 struct sock *sk = s->sock->sk;
729 if (src)
730 bacpy(src, &bt_sk(sk)->src);
731 if (dst)
732 bacpy(dst, &bt_sk(sk)->dst);
733}
734
735/* ---- RFCOMM frame sending ---- */
Gustavo F. Padovan54365382011-12-20 16:30:44 -0200736static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700737{
Linus Torvalds1da177e2005-04-16 15:20:36 -0700738 struct kvec iv = { data, len };
739 struct msghdr msg;
740
Gustavo F. Padovan54365382011-12-20 16:30:44 -0200741 BT_DBG("session %p len %d", s, len);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700742
743 memset(&msg, 0, sizeof(msg));
744
Gustavo F. Padovan54365382011-12-20 16:30:44 -0200745 return kernel_sendmsg(s->sock, &msg, &iv, 1, len);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700746}
747
Luiz Augusto von Dentz262038f2011-11-01 10:58:58 +0200748static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd)
749{
750 BT_DBG("%p cmd %u", s, cmd->ctrl);
751
Gustavo F. Padovan54365382011-12-20 16:30:44 -0200752 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd));
Luiz Augusto von Dentz262038f2011-11-01 10:58:58 +0200753}
754
Linus Torvalds1da177e2005-04-16 15:20:36 -0700755static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
756{
757 struct rfcomm_cmd cmd;
758
759 BT_DBG("%p dlci %d", s, dlci);
760
761 cmd.addr = __addr(s->initiator, dlci);
762 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
763 cmd.len = __len8(0);
764 cmd.fcs = __fcs2((u8 *) &cmd);
765
Luiz Augusto von Dentz262038f2011-11-01 10:58:58 +0200766 return rfcomm_send_cmd(s, &cmd);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700767}
768
769static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
770{
771 struct rfcomm_cmd cmd;
772
773 BT_DBG("%p dlci %d", s, dlci);
774
775 cmd.addr = __addr(!s->initiator, dlci);
776 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
777 cmd.len = __len8(0);
778 cmd.fcs = __fcs2((u8 *) &cmd);
779
Luiz Augusto von Dentz262038f2011-11-01 10:58:58 +0200780 return rfcomm_send_cmd(s, &cmd);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700781}
782
783static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
784{
785 struct rfcomm_cmd cmd;
786
787 BT_DBG("%p dlci %d", s, dlci);
788
789 cmd.addr = __addr(s->initiator, dlci);
790 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
791 cmd.len = __len8(0);
792 cmd.fcs = __fcs2((u8 *) &cmd);
793
Luiz Augusto von Dentz262038f2011-11-01 10:58:58 +0200794 return rfcomm_send_cmd(s, &cmd);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700795}
796
797static int rfcomm_queue_disc(struct rfcomm_dlc *d)
798{
799 struct rfcomm_cmd *cmd;
800 struct sk_buff *skb;
801
802 BT_DBG("dlc %p dlci %d", d, d->dlci);
803
804 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
805 if (!skb)
806 return -ENOMEM;
807
808 cmd = (void *) __skb_put(skb, sizeof(*cmd));
809 cmd->addr = d->addr;
810 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
811 cmd->len = __len8(0);
812 cmd->fcs = __fcs2((u8 *) cmd);
813
814 skb_queue_tail(&d->tx_queue, skb);
Andrei Emeltchenko534c92f2010-10-01 12:05:11 +0300815 rfcomm_schedule();
Linus Torvalds1da177e2005-04-16 15:20:36 -0700816 return 0;
817}
818
819static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
820{
821 struct rfcomm_cmd cmd;
822
823 BT_DBG("%p dlci %d", s, dlci);
824
825 cmd.addr = __addr(!s->initiator, dlci);
826 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
827 cmd.len = __len8(0);
828 cmd.fcs = __fcs2((u8 *) &cmd);
829
Luiz Augusto von Dentz262038f2011-11-01 10:58:58 +0200830 return rfcomm_send_cmd(s, &cmd);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700831}
832
833static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
834{
835 struct rfcomm_hdr *hdr;
836 struct rfcomm_mcc *mcc;
837 u8 buf[16], *ptr = buf;
838
839 BT_DBG("%p cr %d type %d", s, cr, type);
840
841 hdr = (void *) ptr; ptr += sizeof(*hdr);
842 hdr->addr = __addr(s->initiator, 0);
843 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
844 hdr->len = __len8(sizeof(*mcc) + 1);
845
846 mcc = (void *) ptr; ptr += sizeof(*mcc);
847 mcc->type = __mcc_type(cr, RFCOMM_NSC);
848 mcc->len = __len8(1);
849
850 /* Type that we didn't like */
851 *ptr = __mcc_type(cr, type); ptr++;
852
853 *ptr = __fcs(buf); ptr++;
854
Gustavo F. Padovan54365382011-12-20 16:30:44 -0200855 return rfcomm_send_frame(s, buf, ptr - buf);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700856}
857
858static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
859{
860 struct rfcomm_hdr *hdr;
861 struct rfcomm_mcc *mcc;
862 struct rfcomm_pn *pn;
863 u8 buf[16], *ptr = buf;
864
865 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
866
867 hdr = (void *) ptr; ptr += sizeof(*hdr);
868 hdr->addr = __addr(s->initiator, 0);
869 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
870 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
871
872 mcc = (void *) ptr; ptr += sizeof(*mcc);
873 mcc->type = __mcc_type(cr, RFCOMM_PN);
874 mcc->len = __len8(sizeof(*pn));
875
876 pn = (void *) ptr; ptr += sizeof(*pn);
877 pn->dlci = d->dlci;
878 pn->priority = d->priority;
879 pn->ack_timer = 0;
880 pn->max_retrans = 0;
881
882 if (s->cfc) {
883 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
884 pn->credits = RFCOMM_DEFAULT_CREDITS;
885 } else {
886 pn->flow_ctrl = 0;
887 pn->credits = 0;
888 }
889
Marcel Holtmann98bcd082006-07-14 11:42:12 +0200890 if (cr && channel_mtu >= 0)
Marcel Holtmannb4324b52009-06-07 18:06:51 +0200891 pn->mtu = cpu_to_le16(channel_mtu);
Marcel Holtmann98bcd082006-07-14 11:42:12 +0200892 else
Marcel Holtmannb4324b52009-06-07 18:06:51 +0200893 pn->mtu = cpu_to_le16(d->mtu);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700894
895 *ptr = __fcs(buf); ptr++;
896
Gustavo F. Padovan54365382011-12-20 16:30:44 -0200897 return rfcomm_send_frame(s, buf, ptr - buf);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700898}
899
J. Suter3a5e9032005-08-09 20:28:46 -0700900int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
901 u8 bit_rate, u8 data_bits, u8 stop_bits,
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900902 u8 parity, u8 flow_ctrl_settings,
J. Suter3a5e9032005-08-09 20:28:46 -0700903 u8 xon_char, u8 xoff_char, u16 param_mask)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700904{
905 struct rfcomm_hdr *hdr;
906 struct rfcomm_mcc *mcc;
907 struct rfcomm_rpn *rpn;
908 u8 buf[16], *ptr = buf;
909
910 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900911 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
912 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
J. Suter3a5e9032005-08-09 20:28:46 -0700913 flow_ctrl_settings, xon_char, xoff_char, param_mask);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700914
915 hdr = (void *) ptr; ptr += sizeof(*hdr);
916 hdr->addr = __addr(s->initiator, 0);
917 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
918 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
919
920 mcc = (void *) ptr; ptr += sizeof(*mcc);
921 mcc->type = __mcc_type(cr, RFCOMM_RPN);
922 mcc->len = __len8(sizeof(*rpn));
923
924 rpn = (void *) ptr; ptr += sizeof(*rpn);
925 rpn->dlci = __addr(1, dlci);
926 rpn->bit_rate = bit_rate;
927 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
928 rpn->flow_ctrl = flow_ctrl_settings;
929 rpn->xon_char = xon_char;
930 rpn->xoff_char = xoff_char;
Al Viroe8db8c92006-11-08 00:28:44 -0800931 rpn->param_mask = cpu_to_le16(param_mask);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700932
933 *ptr = __fcs(buf); ptr++;
934
Gustavo F. Padovan54365382011-12-20 16:30:44 -0200935 return rfcomm_send_frame(s, buf, ptr - buf);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700936}
937
938static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
939{
940 struct rfcomm_hdr *hdr;
941 struct rfcomm_mcc *mcc;
942 struct rfcomm_rls *rls;
943 u8 buf[16], *ptr = buf;
944
945 BT_DBG("%p cr %d status 0x%x", s, cr, status);
946
947 hdr = (void *) ptr; ptr += sizeof(*hdr);
948 hdr->addr = __addr(s->initiator, 0);
949 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
950 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
951
952 mcc = (void *) ptr; ptr += sizeof(*mcc);
953 mcc->type = __mcc_type(cr, RFCOMM_RLS);
954 mcc->len = __len8(sizeof(*rls));
955
956 rls = (void *) ptr; ptr += sizeof(*rls);
957 rls->dlci = __addr(1, dlci);
958 rls->status = status;
959
960 *ptr = __fcs(buf); ptr++;
961
Gustavo F. Padovan54365382011-12-20 16:30:44 -0200962 return rfcomm_send_frame(s, buf, ptr - buf);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700963}
964
965static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
966{
967 struct rfcomm_hdr *hdr;
968 struct rfcomm_mcc *mcc;
969 struct rfcomm_msc *msc;
970 u8 buf[16], *ptr = buf;
971
972 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
973
974 hdr = (void *) ptr; ptr += sizeof(*hdr);
975 hdr->addr = __addr(s->initiator, 0);
976 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
977 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
978
979 mcc = (void *) ptr; ptr += sizeof(*mcc);
980 mcc->type = __mcc_type(cr, RFCOMM_MSC);
981 mcc->len = __len8(sizeof(*msc));
982
983 msc = (void *) ptr; ptr += sizeof(*msc);
984 msc->dlci = __addr(1, dlci);
985 msc->v24_sig = v24_sig | 0x01;
986
987 *ptr = __fcs(buf); ptr++;
988
Gustavo F. Padovan54365382011-12-20 16:30:44 -0200989 return rfcomm_send_frame(s, buf, ptr - buf);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700990}
991
992static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
993{
994 struct rfcomm_hdr *hdr;
995 struct rfcomm_mcc *mcc;
996 u8 buf[16], *ptr = buf;
997
998 BT_DBG("%p cr %d", s, cr);
999
1000 hdr = (void *) ptr; ptr += sizeof(*hdr);
1001 hdr->addr = __addr(s->initiator, 0);
1002 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1003 hdr->len = __len8(sizeof(*mcc));
1004
1005 mcc = (void *) ptr; ptr += sizeof(*mcc);
1006 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1007 mcc->len = __len8(0);
1008
1009 *ptr = __fcs(buf); ptr++;
1010
Gustavo F. Padovan54365382011-12-20 16:30:44 -02001011 return rfcomm_send_frame(s, buf, ptr - buf);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001012}
1013
1014static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1015{
1016 struct rfcomm_hdr *hdr;
1017 struct rfcomm_mcc *mcc;
1018 u8 buf[16], *ptr = buf;
1019
1020 BT_DBG("%p cr %d", s, cr);
1021
1022 hdr = (void *) ptr; ptr += sizeof(*hdr);
1023 hdr->addr = __addr(s->initiator, 0);
1024 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1025 hdr->len = __len8(sizeof(*mcc));
1026
1027 mcc = (void *) ptr; ptr += sizeof(*mcc);
1028 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1029 mcc->len = __len8(0);
1030
1031 *ptr = __fcs(buf); ptr++;
1032
Gustavo F. Padovan54365382011-12-20 16:30:44 -02001033 return rfcomm_send_frame(s, buf, ptr - buf);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001034}
1035
1036static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1037{
1038 struct socket *sock = s->sock;
1039 struct kvec iv[3];
1040 struct msghdr msg;
1041 unsigned char hdr[5], crc[1];
1042
1043 if (len > 125)
1044 return -EINVAL;
1045
1046 BT_DBG("%p cr %d", s, cr);
1047
1048 hdr[0] = __addr(s->initiator, 0);
1049 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1050 hdr[2] = 0x01 | ((len + 2) << 1);
1051 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1052 hdr[4] = 0x01 | (len << 1);
1053
1054 crc[0] = __fcs(hdr);
1055
1056 iv[0].iov_base = hdr;
1057 iv[0].iov_len = 5;
1058 iv[1].iov_base = pattern;
1059 iv[1].iov_len = len;
1060 iv[2].iov_base = crc;
1061 iv[2].iov_len = 1;
1062
1063 memset(&msg, 0, sizeof(msg));
1064
1065 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1066}
1067
1068static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1069{
1070 struct rfcomm_hdr *hdr;
1071 u8 buf[16], *ptr = buf;
1072
1073 BT_DBG("%p addr %d credits %d", s, addr, credits);
1074
1075 hdr = (void *) ptr; ptr += sizeof(*hdr);
1076 hdr->addr = addr;
1077 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1078 hdr->len = __len8(0);
1079
1080 *ptr = credits; ptr++;
1081
1082 *ptr = __fcs(buf); ptr++;
1083
Gustavo F. Padovan54365382011-12-20 16:30:44 -02001084 return rfcomm_send_frame(s, buf, ptr - buf);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001085}
1086
1087static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1088{
1089 struct rfcomm_hdr *hdr;
1090 int len = skb->len;
1091 u8 *crc;
1092
1093 if (len > 127) {
1094 hdr = (void *) skb_push(skb, 4);
Marcel Holtmannb4324b52009-06-07 18:06:51 +02001095 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001096 } else {
1097 hdr = (void *) skb_push(skb, 3);
1098 hdr->len = __len8(len);
1099 }
1100 hdr->addr = addr;
1101 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1102
1103 crc = skb_put(skb, 1);
1104 *crc = __fcs((void *) hdr);
1105}
1106
1107/* ---- RFCOMM frame reception ---- */
1108static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1109{
1110 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1111
1112 if (dlci) {
1113 /* Data channel */
1114 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1115 if (!d) {
1116 rfcomm_send_dm(s, dlci);
1117 return 0;
1118 }
1119
1120 switch (d->state) {
1121 case BT_CONNECT:
1122 rfcomm_dlc_clear_timer(d);
1123
1124 rfcomm_dlc_lock(d);
1125 d->state = BT_CONNECTED;
1126 d->state_change(d, 0);
1127 rfcomm_dlc_unlock(d);
1128
1129 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1130 break;
1131
1132 case BT_DISCONN:
1133 d->state = BT_CLOSED;
1134 __rfcomm_dlc_close(d, 0);
Marcel Holtmann9cf5b0e2007-05-05 00:36:13 +02001135
1136 if (list_empty(&s->dlcs)) {
1137 s->state = BT_DISCONN;
1138 rfcomm_send_disc(s, 0);
Mat Martineau79e65472011-12-06 16:23:26 -08001139 rfcomm_session_clear_timer(s);
Marcel Holtmann9cf5b0e2007-05-05 00:36:13 +02001140 }
1141
Linus Torvalds1da177e2005-04-16 15:20:36 -07001142 break;
1143 }
1144 } else {
1145 /* Control channel */
1146 switch (s->state) {
1147 case BT_CONNECT:
1148 s->state = BT_CONNECTED;
1149 rfcomm_process_connect(s);
1150 break;
Marcel Holtmann9cf5b0e2007-05-05 00:36:13 +02001151
1152 case BT_DISCONN:
Octavian Purdilacf33e772012-01-27 19:32:39 +02001153 /* rfcomm_session_put is called later so don't do
1154 * anything here otherwise we will mess up the session
1155 * reference counter:
1156 *
1157 * (a) when we are the initiator dlc_unlink will drive
1158 * the reference counter to 0 (there is no initial put
1159 * after session_add)
1160 *
1161 * (b) when we are not the initiator rfcomm_rx_process
1162 * will explicitly call put to balance the initial hold
1163 * done after session add.
1164 */
Marcel Holtmann9cf5b0e2007-05-05 00:36:13 +02001165 break;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001166 }
1167 }
1168 return 0;
1169}
1170
1171static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1172{
1173 int err = 0;
1174
1175 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1176
1177 if (dlci) {
1178 /* Data DLC */
1179 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1180 if (d) {
1181 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1182 err = ECONNREFUSED;
1183 else
1184 err = ECONNRESET;
1185
1186 d->state = BT_CLOSED;
1187 __rfcomm_dlc_close(d, err);
1188 }
1189 } else {
1190 if (s->state == BT_CONNECT)
1191 err = ECONNREFUSED;
1192 else
1193 err = ECONNRESET;
1194
1195 s->state = BT_CLOSED;
1196 rfcomm_session_close(s, err);
1197 }
1198 return 0;
1199}
1200
1201static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1202{
1203 int err = 0;
1204
1205 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1206
1207 if (dlci) {
1208 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1209 if (d) {
1210 rfcomm_send_ua(s, dlci);
1211
1212 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1213 err = ECONNREFUSED;
1214 else
1215 err = ECONNRESET;
1216
1217 d->state = BT_CLOSED;
1218 __rfcomm_dlc_close(d, err);
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001219 } else
Linus Torvalds1da177e2005-04-16 15:20:36 -07001220 rfcomm_send_dm(s, dlci);
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001221
Linus Torvalds1da177e2005-04-16 15:20:36 -07001222 } else {
1223 rfcomm_send_ua(s, 0);
1224
1225 if (s->state == BT_CONNECT)
1226 err = ECONNREFUSED;
1227 else
1228 err = ECONNRESET;
1229
1230 s->state = BT_CLOSED;
1231 rfcomm_session_close(s, err);
1232 }
1233
1234 return 0;
1235}
1236
Marcel Holtmannbb23c0a2009-01-15 21:56:48 +01001237void rfcomm_dlc_accept(struct rfcomm_dlc *d)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001238{
Marcel Holtmann300b9392006-07-03 10:37:55 +02001239 struct sock *sk = d->session->sock->sk;
Gustavo F. Padovan8c1d7872011-04-13 20:23:55 -03001240 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
Marcel Holtmann300b9392006-07-03 10:37:55 +02001241
Linus Torvalds1da177e2005-04-16 15:20:36 -07001242 BT_DBG("dlc %p", d);
1243
1244 rfcomm_send_ua(d->session, d->dlci);
1245
Johan Hedberge2139b32009-03-26 16:41:56 +02001246 rfcomm_dlc_clear_timer(d);
1247
Linus Torvalds1da177e2005-04-16 15:20:36 -07001248 rfcomm_dlc_lock(d);
1249 d->state = BT_CONNECTED;
1250 d->state_change(d, 0);
1251 rfcomm_dlc_unlock(d);
1252
Marcel Holtmann9f2c8a02009-01-15 21:58:40 +01001253 if (d->role_switch)
Gustavo F. Padovan8c1d7872011-04-13 20:23:55 -03001254 hci_conn_switch_role(conn->hcon, 0x00);
Marcel Holtmann300b9392006-07-03 10:37:55 +02001255
Linus Torvalds1da177e2005-04-16 15:20:36 -07001256 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1257}
1258
Marcel Holtmannbb23c0a2009-01-15 21:56:48 +01001259static void rfcomm_check_accept(struct rfcomm_dlc *d)
1260{
Marcel Holtmann9f2c8a02009-01-15 21:58:40 +01001261 if (rfcomm_check_security(d)) {
Marcel Holtmannbb23c0a2009-01-15 21:56:48 +01001262 if (d->defer_setup) {
1263 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1264 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
Marcel Holtmann8bf47942009-02-16 02:59:49 +01001265
1266 rfcomm_dlc_lock(d);
1267 d->state = BT_CONNECT2;
1268 d->state_change(d, 0);
1269 rfcomm_dlc_unlock(d);
Marcel Holtmannbb23c0a2009-01-15 21:56:48 +01001270 } else
1271 rfcomm_dlc_accept(d);
Marcel Holtmann8c1b2352009-01-15 21:58:04 +01001272 } else {
1273 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1274 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
Marcel Holtmannbb23c0a2009-01-15 21:56:48 +01001275 }
1276}
1277
Linus Torvalds1da177e2005-04-16 15:20:36 -07001278static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1279{
1280 struct rfcomm_dlc *d;
1281 u8 channel;
1282
1283 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1284
1285 if (!dlci) {
1286 rfcomm_send_ua(s, 0);
1287
1288 if (s->state == BT_OPEN) {
1289 s->state = BT_CONNECTED;
1290 rfcomm_process_connect(s);
1291 }
1292 return 0;
1293 }
1294
1295 /* Check if DLC exists */
1296 d = rfcomm_dlc_get(s, dlci);
1297 if (d) {
1298 if (d->state == BT_OPEN) {
1299 /* DLC was previously opened by PN request */
Marcel Holtmannbb23c0a2009-01-15 21:56:48 +01001300 rfcomm_check_accept(d);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001301 }
1302 return 0;
1303 }
1304
1305 /* Notify socket layer about incoming connection */
1306 channel = __srv_channel(dlci);
1307 if (rfcomm_connect_ind(s, channel, &d)) {
1308 d->dlci = dlci;
1309 d->addr = __addr(s->initiator, dlci);
1310 rfcomm_dlc_link(s, d);
1311
Marcel Holtmannbb23c0a2009-01-15 21:56:48 +01001312 rfcomm_check_accept(d);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001313 } else {
1314 rfcomm_send_dm(s, dlci);
1315 }
1316
1317 return 0;
1318}
1319
1320static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1321{
1322 struct rfcomm_session *s = d->session;
1323
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001324 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
Linus Torvalds1da177e2005-04-16 15:20:36 -07001325 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1326
Marcel Holtmann7c2660b2006-07-03 10:02:51 +02001327 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1328 pn->flow_ctrl == 0xe0) {
1329 d->cfc = RFCOMM_CFC_ENABLED;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001330 d->tx_credits = pn->credits;
1331 } else {
Marcel Holtmann7c2660b2006-07-03 10:02:51 +02001332 d->cfc = RFCOMM_CFC_DISABLED;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001333 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1334 }
1335
Marcel Holtmann7c2660b2006-07-03 10:02:51 +02001336 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1337 s->cfc = d->cfc;
1338
Linus Torvalds1da177e2005-04-16 15:20:36 -07001339 d->priority = pn->priority;
1340
Marcel Holtmannb4324b52009-06-07 18:06:51 +02001341 d->mtu = __le16_to_cpu(pn->mtu);
Marcel Holtmann98bcd082006-07-14 11:42:12 +02001342
1343 if (cr && d->mtu > s->mtu)
1344 d->mtu = s->mtu;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001345
1346 return 0;
1347}
1348
1349static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1350{
1351 struct rfcomm_pn *pn = (void *) skb->data;
1352 struct rfcomm_dlc *d;
1353 u8 dlci = pn->dlci;
1354
1355 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1356
1357 if (!dlci)
1358 return 0;
1359
1360 d = rfcomm_dlc_get(s, dlci);
1361 if (d) {
1362 if (cr) {
1363 /* PN request */
1364 rfcomm_apply_pn(d, cr, pn);
1365 rfcomm_send_pn(s, 0, d);
1366 } else {
1367 /* PN response */
1368 switch (d->state) {
1369 case BT_CONFIG:
1370 rfcomm_apply_pn(d, cr, pn);
1371
1372 d->state = BT_CONNECT;
1373 rfcomm_send_sabm(s, d->dlci);
1374 break;
1375 }
1376 }
1377 } else {
1378 u8 channel = __srv_channel(dlci);
1379
1380 if (!cr)
1381 return 0;
1382
1383 /* PN request for non existing DLC.
1384 * Assume incoming connection. */
1385 if (rfcomm_connect_ind(s, channel, &d)) {
1386 d->dlci = dlci;
1387 d->addr = __addr(s->initiator, dlci);
1388 rfcomm_dlc_link(s, d);
1389
1390 rfcomm_apply_pn(d, cr, pn);
1391
1392 d->state = BT_OPEN;
1393 rfcomm_send_pn(s, 0, d);
1394 } else {
1395 rfcomm_send_dm(s, dlci);
1396 }
1397 }
1398 return 0;
1399}
1400
1401static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1402{
1403 struct rfcomm_rpn *rpn = (void *) skb->data;
1404 u8 dlci = __get_dlci(rpn->dlci);
1405
1406 u8 bit_rate = 0;
1407 u8 data_bits = 0;
1408 u8 stop_bits = 0;
1409 u8 parity = 0;
1410 u8 flow_ctrl = 0;
1411 u8 xon_char = 0;
1412 u8 xoff_char = 0;
1413 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
J. Suter3a5e9032005-08-09 20:28:46 -07001414
1415 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1416 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1417 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1418
1419 if (!cr)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001420 return 0;
J. Suter3a5e9032005-08-09 20:28:46 -07001421
Linus Torvalds1da177e2005-04-16 15:20:36 -07001422 if (len == 1) {
Yuri Kululin08601462010-07-23 13:57:12 +04001423 /* This is a request, return default (according to ETSI TS 07.10) settings */
1424 bit_rate = RFCOMM_RPN_BR_9600;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001425 data_bits = RFCOMM_RPN_DATA_8;
1426 stop_bits = RFCOMM_RPN_STOP_1;
1427 parity = RFCOMM_RPN_PARITY_NONE;
1428 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1429 xon_char = RFCOMM_RPN_XON_CHAR;
1430 xoff_char = RFCOMM_RPN_XOFF_CHAR;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001431 goto rpn_out;
1432 }
J. Suter3a5e9032005-08-09 20:28:46 -07001433
1434 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1435 * no parity, no flow control lines, normal XON/XOFF chars */
1436
Al Viroe8db8c92006-11-08 00:28:44 -08001437 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07001438 bit_rate = rpn->bit_rate;
Yuri Kululin08601462010-07-23 13:57:12 +04001439 if (bit_rate > RFCOMM_RPN_BR_230400) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07001440 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
Yuri Kululin08601462010-07-23 13:57:12 +04001441 bit_rate = RFCOMM_RPN_BR_9600;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001442 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1443 }
1444 }
J. Suter3a5e9032005-08-09 20:28:46 -07001445
Al Viroe8db8c92006-11-08 00:28:44 -08001446 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07001447 data_bits = __get_rpn_data_bits(rpn->line_settings);
1448 if (data_bits != RFCOMM_RPN_DATA_8) {
1449 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1450 data_bits = RFCOMM_RPN_DATA_8;
1451 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1452 }
1453 }
J. Suter3a5e9032005-08-09 20:28:46 -07001454
Al Viroe8db8c92006-11-08 00:28:44 -08001455 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07001456 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1457 if (stop_bits != RFCOMM_RPN_STOP_1) {
1458 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1459 stop_bits = RFCOMM_RPN_STOP_1;
1460 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1461 }
1462 }
J. Suter3a5e9032005-08-09 20:28:46 -07001463
Al Viroe8db8c92006-11-08 00:28:44 -08001464 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07001465 parity = __get_rpn_parity(rpn->line_settings);
1466 if (parity != RFCOMM_RPN_PARITY_NONE) {
1467 BT_DBG("RPN parity mismatch 0x%x", parity);
1468 parity = RFCOMM_RPN_PARITY_NONE;
1469 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1470 }
1471 }
J. Suter3a5e9032005-08-09 20:28:46 -07001472
Al Viroe8db8c92006-11-08 00:28:44 -08001473 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07001474 flow_ctrl = rpn->flow_ctrl;
1475 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1476 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1477 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1478 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1479 }
1480 }
J. Suter3a5e9032005-08-09 20:28:46 -07001481
Al Viroe8db8c92006-11-08 00:28:44 -08001482 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07001483 xon_char = rpn->xon_char;
1484 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1485 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1486 xon_char = RFCOMM_RPN_XON_CHAR;
1487 rpn_mask ^= RFCOMM_RPN_PM_XON;
1488 }
1489 }
J. Suter3a5e9032005-08-09 20:28:46 -07001490
Al Viroe8db8c92006-11-08 00:28:44 -08001491 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07001492 xoff_char = rpn->xoff_char;
1493 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1494 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1495 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1496 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1497 }
1498 }
1499
1500rpn_out:
J. Suter3a5e9032005-08-09 20:28:46 -07001501 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1502 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001503
1504 return 0;
1505}
1506
1507static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1508{
1509 struct rfcomm_rls *rls = (void *) skb->data;
1510 u8 dlci = __get_dlci(rls->dlci);
1511
1512 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
J. Suter3a5e9032005-08-09 20:28:46 -07001513
Linus Torvalds1da177e2005-04-16 15:20:36 -07001514 if (!cr)
1515 return 0;
1516
J. Suter3a5e9032005-08-09 20:28:46 -07001517 /* We should probably do something with this information here. But
1518 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1519 * mandatory to recognise and respond to RLS */
Linus Torvalds1da177e2005-04-16 15:20:36 -07001520
1521 rfcomm_send_rls(s, 0, dlci, rls->status);
1522
1523 return 0;
1524}
1525
1526static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1527{
1528 struct rfcomm_msc *msc = (void *) skb->data;
1529 struct rfcomm_dlc *d;
1530 u8 dlci = __get_dlci(msc->dlci);
1531
1532 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1533
1534 d = rfcomm_dlc_get(s, dlci);
J. Suter3a5e9032005-08-09 20:28:46 -07001535 if (!d)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001536 return 0;
1537
1538 if (cr) {
1539 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1540 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1541 else
1542 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
J. Suter3a5e9032005-08-09 20:28:46 -07001543
Linus Torvalds1da177e2005-04-16 15:20:36 -07001544 rfcomm_dlc_lock(d);
Marcel Holtmann8b6b3da2008-07-14 20:13:52 +02001545
1546 d->remote_v24_sig = msc->v24_sig;
1547
Linus Torvalds1da177e2005-04-16 15:20:36 -07001548 if (d->modem_status)
1549 d->modem_status(d, msc->v24_sig);
Marcel Holtmann8b6b3da2008-07-14 20:13:52 +02001550
Linus Torvalds1da177e2005-04-16 15:20:36 -07001551 rfcomm_dlc_unlock(d);
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001552
Linus Torvalds1da177e2005-04-16 15:20:36 -07001553 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1554
1555 d->mscex |= RFCOMM_MSCEX_RX;
J. Suter3a5e9032005-08-09 20:28:46 -07001556 } else
Linus Torvalds1da177e2005-04-16 15:20:36 -07001557 d->mscex |= RFCOMM_MSCEX_TX;
1558
1559 return 0;
1560}
1561
1562static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1563{
1564 struct rfcomm_mcc *mcc = (void *) skb->data;
1565 u8 type, cr, len;
1566
1567 cr = __test_cr(mcc->type);
1568 type = __get_mcc_type(mcc->type);
1569 len = __get_mcc_len(mcc->len);
1570
1571 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1572
1573 skb_pull(skb, 2);
1574
1575 switch (type) {
1576 case RFCOMM_PN:
1577 rfcomm_recv_pn(s, cr, skb);
1578 break;
1579
1580 case RFCOMM_RPN:
1581 rfcomm_recv_rpn(s, cr, len, skb);
1582 break;
1583
1584 case RFCOMM_RLS:
1585 rfcomm_recv_rls(s, cr, skb);
1586 break;
1587
1588 case RFCOMM_MSC:
1589 rfcomm_recv_msc(s, cr, skb);
1590 break;
1591
1592 case RFCOMM_FCOFF:
1593 if (cr) {
1594 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1595 rfcomm_send_fcoff(s, 0);
1596 }
1597 break;
1598
1599 case RFCOMM_FCON:
1600 if (cr) {
1601 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1602 rfcomm_send_fcon(s, 0);
1603 }
1604 break;
1605
1606 case RFCOMM_TEST:
1607 if (cr)
1608 rfcomm_send_test(s, 0, skb->data, skb->len);
1609 break;
1610
1611 case RFCOMM_NSC:
1612 break;
1613
1614 default:
1615 BT_ERR("Unknown control type 0x%02x", type);
1616 rfcomm_send_nsc(s, cr, type);
1617 break;
1618 }
1619 return 0;
1620}
1621
1622static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1623{
1624 struct rfcomm_dlc *d;
1625
1626 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1627
1628 d = rfcomm_dlc_get(s, dlci);
1629 if (!d) {
1630 rfcomm_send_dm(s, dlci);
1631 goto drop;
1632 }
1633
1634 if (pf && d->cfc) {
1635 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1636
1637 d->tx_credits += credits;
1638 if (d->tx_credits)
1639 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1640 }
1641
1642 if (skb->len && d->state == BT_CONNECTED) {
1643 rfcomm_dlc_lock(d);
1644 d->rx_credits--;
1645 d->data_ready(d, skb);
1646 rfcomm_dlc_unlock(d);
1647 return 0;
1648 }
1649
1650drop:
1651 kfree_skb(skb);
1652 return 0;
1653}
1654
1655static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1656{
1657 struct rfcomm_hdr *hdr = (void *) skb->data;
1658 u8 type, dlci, fcs;
1659
1660 dlci = __get_dlci(hdr->addr);
1661 type = __get_type(hdr->ctrl);
1662
1663 /* Trim FCS */
1664 skb->len--; skb->tail--;
Arnaldo Carvalho de Melo27a884d2007-04-19 20:29:13 -07001665 fcs = *(u8 *)skb_tail_pointer(skb);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001666
1667 if (__check_fcs(skb->data, type, fcs)) {
1668 BT_ERR("bad checksum in packet");
1669 kfree_skb(skb);
1670 return -EILSEQ;
1671 }
1672
1673 if (__test_ea(hdr->len))
1674 skb_pull(skb, 3);
1675 else
1676 skb_pull(skb, 4);
1677
1678 switch (type) {
1679 case RFCOMM_SABM:
1680 if (__test_pf(hdr->ctrl))
1681 rfcomm_recv_sabm(s, dlci);
1682 break;
1683
1684 case RFCOMM_DISC:
1685 if (__test_pf(hdr->ctrl))
1686 rfcomm_recv_disc(s, dlci);
1687 break;
1688
1689 case RFCOMM_UA:
1690 if (__test_pf(hdr->ctrl))
1691 rfcomm_recv_ua(s, dlci);
1692 break;
1693
1694 case RFCOMM_DM:
1695 rfcomm_recv_dm(s, dlci);
1696 break;
1697
1698 case RFCOMM_UIH:
1699 if (dlci)
1700 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1701
1702 rfcomm_recv_mcc(s, skb);
1703 break;
1704
1705 default:
Andrei Emeltchenko5017d8d2010-09-08 16:26:53 +03001706 BT_ERR("Unknown packet type 0x%02x", type);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001707 break;
1708 }
1709 kfree_skb(skb);
1710 return 0;
1711}
1712
1713/* ---- Connection and data processing ---- */
1714
1715static void rfcomm_process_connect(struct rfcomm_session *s)
1716{
1717 struct rfcomm_dlc *d;
1718 struct list_head *p, *n;
1719
1720 BT_DBG("session %p state %ld", s, s->state);
1721
1722 list_for_each_safe(p, n, &s->dlcs) {
1723 d = list_entry(p, struct rfcomm_dlc, list);
1724 if (d->state == BT_CONFIG) {
1725 d->mtu = s->mtu;
Marcel Holtmann9f2c8a02009-01-15 21:58:40 +01001726 if (rfcomm_check_security(d)) {
Marcel Holtmann8c1b2352009-01-15 21:58:04 +01001727 rfcomm_send_pn(s, 1, d);
1728 } else {
Marcel Holtmann77db1982008-07-14 20:13:45 +02001729 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1730 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
Marcel Holtmann8c1b2352009-01-15 21:58:04 +01001731 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07001732 }
1733 }
1734}
1735
1736/* Send data queued for the DLC.
1737 * Return number of frames left in the queue.
1738 */
Gustavo Padovan6039aa732012-05-23 04:04:18 -03001739static int rfcomm_process_tx(struct rfcomm_dlc *d)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001740{
1741 struct sk_buff *skb;
1742 int err;
1743
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001744 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
Linus Torvalds1da177e2005-04-16 15:20:36 -07001745 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1746
1747 /* Send pending MSC */
1748 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001749 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001750
1751 if (d->cfc) {
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001752 /* CFC enabled.
Linus Torvalds1da177e2005-04-16 15:20:36 -07001753 * Give them some credits */
1754 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001755 d->rx_credits <= (d->cfc >> 2)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07001756 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1757 d->rx_credits = d->cfc;
1758 }
1759 } else {
1760 /* CFC disabled.
1761 * Give ourselves some credits */
1762 d->tx_credits = 5;
1763 }
1764
1765 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1766 return skb_queue_len(&d->tx_queue);
1767
1768 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
Gustavo F. Padovan54365382011-12-20 16:30:44 -02001769 err = rfcomm_send_frame(d->session, skb->data, skb->len);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001770 if (err < 0) {
1771 skb_queue_head(&d->tx_queue, skb);
1772 break;
1773 }
1774 kfree_skb(skb);
1775 d->tx_credits--;
1776 }
1777
1778 if (d->cfc && !d->tx_credits) {
1779 /* We're out of TX credits.
1780 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1781 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1782 }
1783
1784 return skb_queue_len(&d->tx_queue);
1785}
1786
Gustavo Padovan6039aa732012-05-23 04:04:18 -03001787static void rfcomm_process_dlcs(struct rfcomm_session *s)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001788{
1789 struct rfcomm_dlc *d;
1790 struct list_head *p, *n;
1791
1792 BT_DBG("session %p state %ld", s, s->state);
1793
1794 list_for_each_safe(p, n, &s->dlcs) {
1795 d = list_entry(p, struct rfcomm_dlc, list);
1796
1797 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1798 __rfcomm_dlc_close(d, ETIMEDOUT);
1799 continue;
1800 }
1801
Szymon Jancdb544672011-09-26 14:19:47 +02001802 if (test_bit(RFCOMM_ENC_DROP, &d->flags)) {
1803 __rfcomm_dlc_close(d, ECONNREFUSED);
1804 continue;
1805 }
1806
Linus Torvalds1da177e2005-04-16 15:20:36 -07001807 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1808 rfcomm_dlc_clear_timer(d);
Marcel Holtmann77db1982008-07-14 20:13:45 +02001809 if (d->out) {
1810 rfcomm_send_pn(s, 1, d);
1811 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
Marcel Holtmannbb23c0a2009-01-15 21:56:48 +01001812 } else {
1813 if (d->defer_setup) {
1814 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1815 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
Marcel Holtmann8bf47942009-02-16 02:59:49 +01001816
1817 rfcomm_dlc_lock(d);
1818 d->state = BT_CONNECT2;
1819 d->state_change(d, 0);
1820 rfcomm_dlc_unlock(d);
Marcel Holtmannbb23c0a2009-01-15 21:56:48 +01001821 } else
1822 rfcomm_dlc_accept(d);
1823 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07001824 continue;
1825 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1826 rfcomm_dlc_clear_timer(d);
Marcel Holtmann77db1982008-07-14 20:13:45 +02001827 if (!d->out)
1828 rfcomm_send_dm(s, d->dlci);
1829 else
1830 d->state = BT_CLOSED;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001831 __rfcomm_dlc_close(d, ECONNREFUSED);
1832 continue;
1833 }
1834
Jaikumar Ganesh6e1031a2009-02-02 18:03:57 -08001835 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1836 continue;
1837
Linus Torvalds1da177e2005-04-16 15:20:36 -07001838 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1839 continue;
1840
1841 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
Marcel Holtmann77db1982008-07-14 20:13:45 +02001842 d->mscex == RFCOMM_MSCEX_OK)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001843 rfcomm_process_tx(d);
1844 }
1845}
1846
Gustavo Padovan6039aa732012-05-23 04:04:18 -03001847static void rfcomm_process_rx(struct rfcomm_session *s)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001848{
1849 struct socket *sock = s->sock;
1850 struct sock *sk = sock->sk;
1851 struct sk_buff *skb;
1852
1853 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1854
1855 /* Get data directly from socket receive queue without copying it. */
1856 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1857 skb_orphan(skb);
Mat Martineau44935722011-07-22 14:53:58 -07001858 if (!skb_linearize(skb))
1859 rfcomm_recv_frame(s, skb);
1860 else
1861 kfree_skb(skb);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001862 }
1863
1864 if (sk->sk_state == BT_CLOSED) {
1865 if (!s->initiator)
1866 rfcomm_session_put(s);
1867
1868 rfcomm_session_close(s, sk->sk_err);
1869 }
1870}
1871
Gustavo Padovan6039aa732012-05-23 04:04:18 -03001872static void rfcomm_accept_connection(struct rfcomm_session *s)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001873{
1874 struct socket *sock = s->sock, *nsock;
1875 int err;
1876
1877 /* Fast check for a new connection.
1878 * Avoids unnesesary socket allocations. */
1879 if (list_empty(&bt_sk(sock->sk)->accept_q))
1880 return;
1881
1882 BT_DBG("session %p", s);
1883
Marcel Holtmann48db9ca2007-05-05 00:36:06 +02001884 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1885 if (err < 0)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001886 return;
1887
Linus Torvalds1da177e2005-04-16 15:20:36 -07001888 /* Set our callbacks */
1889 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1890 nsock->sk->sk_state_change = rfcomm_l2state_change;
1891
1892 s = rfcomm_session_add(nsock, BT_OPEN);
1893 if (s) {
1894 rfcomm_session_hold(s);
Marcel Holtmann98bcd082006-07-14 11:42:12 +02001895
1896 /* We should adjust MTU on incoming sessions.
1897 * L2CAP MTU minus UIH header and FCS. */
Gustavo F. Padovan0c1bc5c2011-04-13 17:20:49 -03001898 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1899 l2cap_pi(nsock->sk)->chan->imtu) - 5;
Marcel Holtmann98bcd082006-07-14 11:42:12 +02001900
Andrei Emeltchenko534c92f2010-10-01 12:05:11 +03001901 rfcomm_schedule();
Linus Torvalds1da177e2005-04-16 15:20:36 -07001902 } else
1903 sock_release(nsock);
1904}
1905
Gustavo Padovan6039aa732012-05-23 04:04:18 -03001906static void rfcomm_check_connection(struct rfcomm_session *s)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001907{
1908 struct sock *sk = s->sock->sk;
1909
1910 BT_DBG("%p state %ld", s, s->state);
1911
Andrei Emeltchenko285b4e92010-12-01 16:58:23 +02001912 switch (sk->sk_state) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07001913 case BT_CONNECTED:
1914 s->state = BT_CONNECT;
1915
1916 /* We can adjust MTU on outgoing sessions.
1917 * L2CAP MTU minus UIH header and FCS. */
Gustavo F. Padovan0c1bc5c2011-04-13 17:20:49 -03001918 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001919
1920 rfcomm_send_sabm(s, 0);
1921 break;
1922
1923 case BT_CLOSED:
1924 s->state = BT_CLOSED;
1925 rfcomm_session_close(s, sk->sk_err);
1926 break;
1927 }
1928}
1929
Gustavo Padovan6039aa732012-05-23 04:04:18 -03001930static void rfcomm_process_sessions(void)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001931{
1932 struct list_head *p, *n;
1933
1934 rfcomm_lock();
1935
1936 list_for_each_safe(p, n, &session_list) {
1937 struct rfcomm_session *s;
1938 s = list_entry(p, struct rfcomm_session, list);
1939
Luiz Augusto von Dentz9e726b12009-07-15 13:50:58 -03001940 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
1941 s->state = BT_DISCONN;
1942 rfcomm_send_disc(s, 0);
Marcel Holtmann485f1ef2010-02-03 15:52:18 -08001943 rfcomm_session_put(s);
Luiz Augusto von Dentz9e726b12009-07-15 13:50:58 -03001944 continue;
1945 }
1946
Linus Torvalds1da177e2005-04-16 15:20:36 -07001947 if (s->state == BT_LISTEN) {
1948 rfcomm_accept_connection(s);
1949 continue;
1950 }
1951
1952 rfcomm_session_hold(s);
1953
1954 switch (s->state) {
1955 case BT_BOUND:
1956 rfcomm_check_connection(s);
1957 break;
1958
1959 default:
1960 rfcomm_process_rx(s);
1961 break;
1962 }
1963
1964 rfcomm_process_dlcs(s);
1965
1966 rfcomm_session_put(s);
1967 }
1968
1969 rfcomm_unlock();
1970}
1971
Linus Torvalds1da177e2005-04-16 15:20:36 -07001972static int rfcomm_add_listener(bdaddr_t *ba)
1973{
1974 struct sockaddr_l2 addr;
1975 struct socket *sock;
1976 struct sock *sk;
1977 struct rfcomm_session *s;
1978 int err = 0;
1979
1980 /* Create socket */
1981 err = rfcomm_l2sock_create(&sock);
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001982 if (err < 0) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07001983 BT_ERR("Create socket failed %d", err);
1984 return err;
1985 }
1986
1987 /* Bind socket */
1988 bacpy(&addr.l2_bdaddr, ba);
1989 addr.l2_family = AF_BLUETOOTH;
Syam Sidhardhan5bcb8092012-10-10 22:09:29 +05301990 addr.l2_psm = __constant_cpu_to_le16(RFCOMM_PSM);
Marcel Holtmann37e62f52009-02-17 21:49:33 +01001991 addr.l2_cid = 0;
Marcel Holtmann48db9ca2007-05-05 00:36:06 +02001992 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
Linus Torvalds1da177e2005-04-16 15:20:36 -07001993 if (err < 0) {
1994 BT_ERR("Bind failed %d", err);
1995 goto failed;
1996 }
1997
1998 /* Set L2CAP options */
1999 sk = sock->sk;
2000 lock_sock(sk);
Gustavo F. Padovan0c1bc5c2011-04-13 17:20:49 -03002001 l2cap_pi(sk)->chan->imtu = l2cap_mtu;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002002 release_sock(sk);
2003
2004 /* Start listening on the socket */
Marcel Holtmann48db9ca2007-05-05 00:36:06 +02002005 err = kernel_listen(sock, 10);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002006 if (err) {
2007 BT_ERR("Listen failed %d", err);
2008 goto failed;
2009 }
2010
2011 /* Add listening session */
2012 s = rfcomm_session_add(sock, BT_LISTEN);
2013 if (!s)
2014 goto failed;
2015
2016 rfcomm_session_hold(s);
2017 return 0;
2018failed:
2019 sock_release(sock);
2020 return err;
2021}
2022
2023static void rfcomm_kill_listener(void)
2024{
2025 struct rfcomm_session *s;
2026 struct list_head *p, *n;
2027
2028 BT_DBG("");
2029
2030 list_for_each_safe(p, n, &session_list) {
2031 s = list_entry(p, struct rfcomm_session, list);
2032 rfcomm_session_del(s);
2033 }
2034}
2035
2036static int rfcomm_run(void *unused)
2037{
Linus Torvalds1da177e2005-04-16 15:20:36 -07002038 BT_DBG("");
2039
Marcel Holtmanna524ecc2007-10-20 21:37:20 +02002040 set_user_nice(current, -10);
2041
Linus Torvalds1da177e2005-04-16 15:20:36 -07002042 rfcomm_add_listener(BDADDR_ANY);
2043
Peter Hurleye5842cd2011-07-24 00:10:35 -04002044 while (1) {
Marcel Holtmanna524ecc2007-10-20 21:37:20 +02002045 set_current_state(TASK_INTERRUPTIBLE);
Peter Hurleye5842cd2011-07-24 00:10:35 -04002046
2047 if (kthread_should_stop())
2048 break;
Marcel Holtmanna524ecc2007-10-20 21:37:20 +02002049
2050 /* Process stuff */
Marcel Holtmanna524ecc2007-10-20 21:37:20 +02002051 rfcomm_process_sessions();
Peter Hurleye5842cd2011-07-24 00:10:35 -04002052
2053 schedule();
Marcel Holtmanna524ecc2007-10-20 21:37:20 +02002054 }
Peter Hurleye5842cd2011-07-24 00:10:35 -04002055 __set_current_state(TASK_RUNNING);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002056
2057 rfcomm_kill_listener();
2058
Linus Torvalds1da177e2005-04-16 15:20:36 -07002059 return 0;
2060}
2061
Marcel Holtmann8c1b2352009-01-15 21:58:04 +01002062static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002063{
2064 struct rfcomm_session *s;
2065 struct rfcomm_dlc *d;
2066 struct list_head *p, *n;
2067
2068 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2069
2070 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2071 if (!s)
2072 return;
2073
2074 rfcomm_session_hold(s);
2075
2076 list_for_each_safe(p, n, &s->dlcs) {
2077 d = list_entry(p, struct rfcomm_dlc, list);
2078
Marcel Holtmann8c84b832009-01-16 08:17:51 +01002079 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2080 rfcomm_dlc_clear_timer(d);
2081 if (status || encrypt == 0x00) {
Szymon Jancdb544672011-09-26 14:19:47 +02002082 set_bit(RFCOMM_ENC_DROP, &d->flags);
Marcel Holtmann8c84b832009-01-16 08:17:51 +01002083 continue;
2084 }
2085 }
2086
2087 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2088 if (d->sec_level == BT_SECURITY_MEDIUM) {
2089 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2090 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2091 continue;
2092 } else if (d->sec_level == BT_SECURITY_HIGH) {
Szymon Jancdb544672011-09-26 14:19:47 +02002093 set_bit(RFCOMM_ENC_DROP, &d->flags);
Marcel Holtmann8c84b832009-01-16 08:17:51 +01002094 continue;
2095 }
Marcel Holtmann9719f8a2008-07-14 20:13:45 +02002096 }
2097
Linus Torvalds1da177e2005-04-16 15:20:36 -07002098 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2099 continue;
2100
Waldemar Rymarkiewiczb3b1b062011-05-06 09:42:31 +02002101 if (!status && hci_conn_check_secure(conn, d->sec_level))
Linus Torvalds1da177e2005-04-16 15:20:36 -07002102 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2103 else
2104 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2105 }
2106
2107 rfcomm_session_put(s);
2108
Andrei Emeltchenko534c92f2010-10-01 12:05:11 +03002109 rfcomm_schedule();
Linus Torvalds1da177e2005-04-16 15:20:36 -07002110}
2111
2112static struct hci_cb rfcomm_cb = {
2113 .name = "RFCOMM",
Marcel Holtmann8c1b2352009-01-15 21:58:04 +01002114 .security_cfm = rfcomm_security_cfm
Linus Torvalds1da177e2005-04-16 15:20:36 -07002115};
2116
Marcel Holtmannaef7d972010-03-21 05:27:45 +01002117static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002118{
2119 struct rfcomm_session *s;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002120
2121 rfcomm_lock();
2122
Luiz Augusto von Dentz8035ded2011-11-01 10:58:56 +02002123 list_for_each_entry(s, &session_list, list) {
2124 struct rfcomm_dlc *d;
2125 list_for_each_entry(d, &s->dlcs, list) {
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002126 struct sock *sk = s->sock->sk;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002127
Andrei Emeltchenkofcb73332012-09-25 12:49:44 +03002128 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n",
2129 &bt_sk(sk)->src, &bt_sk(sk)->dst,
2130 d->state, d->dlci, d->mtu,
2131 d->rx_credits, d->tx_credits);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002132 }
2133 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07002134
Linus Torvalds1da177e2005-04-16 15:20:36 -07002135 rfcomm_unlock();
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002136
Marcel Holtmannaef7d972010-03-21 05:27:45 +01002137 return 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002138}
2139
Marcel Holtmannaef7d972010-03-21 05:27:45 +01002140static int rfcomm_dlc_debugfs_open(struct inode *inode, struct file *file)
2141{
2142 return single_open(file, rfcomm_dlc_debugfs_show, inode->i_private);
2143}
2144
2145static const struct file_operations rfcomm_dlc_debugfs_fops = {
2146 .open = rfcomm_dlc_debugfs_open,
2147 .read = seq_read,
2148 .llseek = seq_lseek,
2149 .release = single_release,
2150};
2151
2152static struct dentry *rfcomm_dlc_debugfs;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002153
2154/* ---- Initialization ---- */
2155static int __init rfcomm_init(void)
2156{
Marcel Holtmann52d18342009-08-22 14:49:36 -07002157 int err;
Dave Youngaf0d3b12009-08-03 04:26:16 +00002158
Linus Torvalds1da177e2005-04-16 15:20:36 -07002159 hci_register_cb(&rfcomm_cb);
2160
Marcel Holtmanna524ecc2007-10-20 21:37:20 +02002161 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2162 if (IS_ERR(rfcomm_thread)) {
Marcel Holtmann52d18342009-08-22 14:49:36 -07002163 err = PTR_ERR(rfcomm_thread);
2164 goto unregister;
Marcel Holtmanna524ecc2007-10-20 21:37:20 +02002165 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07002166
Marcel Holtmannaef7d972010-03-21 05:27:45 +01002167 if (bt_debugfs) {
2168 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2169 bt_debugfs, NULL, &rfcomm_dlc_debugfs_fops);
2170 if (!rfcomm_dlc_debugfs)
2171 BT_ERR("Failed to create RFCOMM debug file");
2172 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07002173
Marcel Holtmann52d18342009-08-22 14:49:36 -07002174 err = rfcomm_init_ttys();
2175 if (err < 0)
2176 goto stop;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002177
Marcel Holtmann52d18342009-08-22 14:49:36 -07002178 err = rfcomm_init_sockets();
2179 if (err < 0)
2180 goto cleanup;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002181
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002182 BT_INFO("RFCOMM ver %s", VERSION);
2183
Linus Torvalds1da177e2005-04-16 15:20:36 -07002184 return 0;
Dave Youngaf0d3b12009-08-03 04:26:16 +00002185
Marcel Holtmann52d18342009-08-22 14:49:36 -07002186cleanup:
Dave Youngaf0d3b12009-08-03 04:26:16 +00002187 rfcomm_cleanup_ttys();
Marcel Holtmann52d18342009-08-22 14:49:36 -07002188
2189stop:
Dave Youngaf0d3b12009-08-03 04:26:16 +00002190 kthread_stop(rfcomm_thread);
Marcel Holtmann52d18342009-08-22 14:49:36 -07002191
2192unregister:
Dave Youngaf0d3b12009-08-03 04:26:16 +00002193 hci_unregister_cb(&rfcomm_cb);
2194
Marcel Holtmann52d18342009-08-22 14:49:36 -07002195 return err;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002196}
2197
2198static void __exit rfcomm_exit(void)
2199{
Marcel Holtmannaef7d972010-03-21 05:27:45 +01002200 debugfs_remove(rfcomm_dlc_debugfs);
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002201
Linus Torvalds1da177e2005-04-16 15:20:36 -07002202 hci_unregister_cb(&rfcomm_cb);
2203
Marcel Holtmanna524ecc2007-10-20 21:37:20 +02002204 kthread_stop(rfcomm_thread);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002205
Linus Torvalds1da177e2005-04-16 15:20:36 -07002206 rfcomm_cleanup_ttys();
Linus Torvalds1da177e2005-04-16 15:20:36 -07002207
2208 rfcomm_cleanup_sockets();
Linus Torvalds1da177e2005-04-16 15:20:36 -07002209}
2210
2211module_init(rfcomm_init);
2212module_exit(rfcomm_exit);
2213
Marcel Holtmann7c2660b2006-07-03 10:02:51 +02002214module_param(disable_cfc, bool, 0644);
2215MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2216
Marcel Holtmann98bcd082006-07-14 11:42:12 +02002217module_param(channel_mtu, int, 0644);
2218MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2219
Marcel Holtmann56f3a402006-02-13 11:39:57 +01002220module_param(l2cap_mtu, uint, 0644);
2221MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2222
Marcel Holtmanneae38ee2009-10-05 12:23:48 +02002223module_param(l2cap_ertm, bool, 0644);
2224MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2225
Marcel Holtmann63fbd242008-08-18 13:23:53 +02002226MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
Linus Torvalds1da177e2005-04-16 15:20:36 -07002227MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2228MODULE_VERSION(VERSION);
2229MODULE_LICENSE("GPL");
2230MODULE_ALIAS("bt-proto-3");