Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 56f3a40a5e7586043260669cc794e56fa58339e1 / . / net / bluetooth / rfcomm / core.c
blob: 5b4253c61f628d2c7256f5ac5f196bd20b40f5ce [file] [log] [blame]
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1/*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22*/
23
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]24/*
25 * Bluetooth RFCOMM core.
26 *
27 * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $
28 */
29
30#include <linux/config.h>
31#include <linux/module.h>
32#include <linux/errno.h>
33#include <linux/kernel.h>
34#include <linux/sched.h>
35#include <linux/signal.h>
36#include <linux/init.h>
37#include <linux/wait.h>
Marcel Holtmannbe9d1222005-11-08 09:57:38 -0800[diff] [blame]38#include <linux/device.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]39#include <linux/net.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]40#include <net/sock.h>
41#include <asm/uaccess.h>
42#include <asm/unaligned.h>
43
44#include <net/bluetooth/bluetooth.h>
45#include <net/bluetooth/hci_core.h>
46#include <net/bluetooth/l2cap.h>
47#include <net/bluetooth/rfcomm.h>
48
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]49#ifndef CONFIG_BT_RFCOMM_DEBUG
50#undef BT_DBG
51#define BT_DBG(D...)
52#endif
53
Marcel Holtmann56f3a402006-02-13 11:39:57 +0100[diff] [blame^]54#define VERSION "1.7"
55
56static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
57
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]58static struct task_struct *rfcomm_thread;
59
60static DECLARE_MUTEX(rfcomm_sem);
61#define rfcomm_lock() down(&rfcomm_sem);
62#define rfcomm_unlock() up(&rfcomm_sem);
63
64static unsigned long rfcomm_event;
65
66static LIST_HEAD(session_list);
67static atomic_t terminate, running;
68
69static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
70static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
71static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
72static int rfcomm_queue_disc(struct rfcomm_dlc *d);
73static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
74static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
75static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
76static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
77static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
78static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
79
80static void rfcomm_process_connect(struct rfcomm_session *s);
81
82static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
83static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
84static void rfcomm_session_del(struct rfcomm_session *s);
85
86/* ---- RFCOMM frame parsing macros ---- */
87#define __get_dlci(b) ((b & 0xfc) >> 2)
88#define __get_channel(b) ((b & 0xf8) >> 3)
89#define __get_dir(b) ((b & 0x04) >> 2)
90#define __get_type(b) ((b & 0xef))
91
92#define __test_ea(b) ((b & 0x01))
93#define __test_cr(b) ((b & 0x02))
94#define __test_pf(b) ((b & 0x10))
95
96#define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
97#define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
98#define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
99#define __srv_channel(dlci) (dlci >> 1)
100#define __dir(dlci) (dlci & 0x01)
101
102#define __len8(len) (((len) << 1) | 1)
103#define __len16(len) ((len) << 1)
104
105/* MCC macros */
106#define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
107#define __get_mcc_type(b) ((b & 0xfc) >> 2)
108#define __get_mcc_len(b) ((b & 0xfe) >> 1)
109
110/* RPN macros */
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]111#define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]112#define __get_rpn_data_bits(line) ((line) & 0x3)
113#define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]114#define __get_rpn_parity(line) (((line) >> 3) & 0x7)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]115
116static inline void rfcomm_schedule(uint event)
117{
118 if (!rfcomm_thread)
119 return;
120 //set_bit(event, &rfcomm_event);
121 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
122 wake_up_process(rfcomm_thread);
123}
124
125static inline void rfcomm_session_put(struct rfcomm_session *s)
126{
127 if (atomic_dec_and_test(&s->refcnt))
128 rfcomm_session_del(s);
129}
130
131/* ---- RFCOMM FCS computation ---- */
132
Marcel Holtmann408c1ce2005-10-28 19:20:36 +0200[diff] [blame]133/* reversed, 8-bit, poly=0x07 */
134static unsigned char rfcomm_crc_table[256] = {
135 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
136 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
137 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
138 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
139
140 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
141 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
142 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
143 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
144
145 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
146 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
147 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
148 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
149
150 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
151 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
152 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
153 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
154
155 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
156 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
157 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
158 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
159
160 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
161 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
162 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
163 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
164
165 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
166 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
167 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
168 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
169
170 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
171 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
172 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
173 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
174};
175
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]176/* CRC on 2 bytes */
177#define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
178
179/* FCS on 2 bytes */
180static inline u8 __fcs(u8 *data)
181{
182 return (0xff - __crc(data));
183}
184
185/* FCS on 3 bytes */
186static inline u8 __fcs2(u8 *data)
187{
188 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
189}
190
191/* Check FCS */
192static inline int __check_fcs(u8 *data, int type, u8 fcs)
193{
194 u8 f = __crc(data);
195
196 if (type != RFCOMM_UIH)
197 f = rfcomm_crc_table[f ^ data[2]];
198
199 return rfcomm_crc_table[f ^ fcs] != 0xcf;
200}
201
202/* ---- L2CAP callbacks ---- */
203static void rfcomm_l2state_change(struct sock *sk)
204{
205 BT_DBG("%p state %d", sk, sk->sk_state);
206 rfcomm_schedule(RFCOMM_SCHED_STATE);
207}
208
209static void rfcomm_l2data_ready(struct sock *sk, int bytes)
210{
211 BT_DBG("%p bytes %d", sk, bytes);
212 rfcomm_schedule(RFCOMM_SCHED_RX);
213}
214
215static int rfcomm_l2sock_create(struct socket **sock)
216{
217 int err;
218
219 BT_DBG("");
220
221 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
222 if (!err) {
223 struct sock *sk = (*sock)->sk;
224 sk->sk_data_ready = rfcomm_l2data_ready;
225 sk->sk_state_change = rfcomm_l2state_change;
226 }
227 return err;
228}
229
230/* ---- RFCOMM DLCs ---- */
231static void rfcomm_dlc_timeout(unsigned long arg)
232{
233 struct rfcomm_dlc *d = (void *) arg;
234
235 BT_DBG("dlc %p state %ld", d, d->state);
236
237 set_bit(RFCOMM_TIMED_OUT, &d->flags);
238 rfcomm_dlc_put(d);
239 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
240}
241
242static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
243{
244 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
245
246 if (!mod_timer(&d->timer, jiffies + timeout))
247 rfcomm_dlc_hold(d);
248}
249
250static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
251{
252 BT_DBG("dlc %p state %ld", d, d->state);
253
254 if (timer_pending(&d->timer) && del_timer(&d->timer))
255 rfcomm_dlc_put(d);
256}
257
258static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
259{
260 BT_DBG("%p", d);
261
262 d->state = BT_OPEN;
263 d->flags = 0;
264 d->mscex = 0;
265 d->mtu = RFCOMM_DEFAULT_MTU;
266 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
267
268 d->cfc = RFCOMM_CFC_DISABLED;
269 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
270}
271
Al Virodd0fc662005-10-07 07:46:04 +0100[diff] [blame]272struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]273{
274 struct rfcomm_dlc *d = kmalloc(sizeof(*d), prio);
275 if (!d)
276 return NULL;
277 memset(d, 0, sizeof(*d));
278
279 init_timer(&d->timer);
280 d->timer.function = rfcomm_dlc_timeout;
281 d->timer.data = (unsigned long) d;
282
283 skb_queue_head_init(&d->tx_queue);
284 spin_lock_init(&d->lock);
285 atomic_set(&d->refcnt, 1);
286
287 rfcomm_dlc_clear_state(d);
288
289 BT_DBG("%p", d);
290 return d;
291}
292
293void rfcomm_dlc_free(struct rfcomm_dlc *d)
294{
295 BT_DBG("%p", d);
296
297 skb_queue_purge(&d->tx_queue);
298 kfree(d);
299}
300
301static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
302{
303 BT_DBG("dlc %p session %p", d, s);
304
305 rfcomm_session_hold(s);
306
307 rfcomm_dlc_hold(d);
308 list_add(&d->list, &s->dlcs);
309 d->session = s;
310}
311
312static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
313{
314 struct rfcomm_session *s = d->session;
315
316 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
317
318 list_del(&d->list);
319 d->session = NULL;
320 rfcomm_dlc_put(d);
321
322 rfcomm_session_put(s);
323}
324
325static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
326{
327 struct rfcomm_dlc *d;
328 struct list_head *p;
329
330 list_for_each(p, &s->dlcs) {
331 d = list_entry(p, struct rfcomm_dlc, list);
332 if (d->dlci == dlci)
333 return d;
334 }
335 return NULL;
336}
337
338static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
339{
340 struct rfcomm_session *s;
341 int err = 0;
342 u8 dlci;
343
344 BT_DBG("dlc %p state %ld %s %s channel %d",
345 d, d->state, batostr(src), batostr(dst), channel);
346
347 if (channel < 1 || channel > 30)
348 return -EINVAL;
349
350 if (d->state != BT_OPEN && d->state != BT_CLOSED)
351 return 0;
352
353 s = rfcomm_session_get(src, dst);
354 if (!s) {
355 s = rfcomm_session_create(src, dst, &err);
356 if (!s)
357 return err;
358 }
359
360 dlci = __dlci(!s->initiator, channel);
361
362 /* Check if DLCI already exists */
363 if (rfcomm_dlc_get(s, dlci))
364 return -EBUSY;
365
366 rfcomm_dlc_clear_state(d);
367
368 d->dlci = dlci;
369 d->addr = __addr(s->initiator, dlci);
370 d->priority = 7;
371
372 d->state = BT_CONFIG;
373 rfcomm_dlc_link(s, d);
374
375 d->mtu = s->mtu;
376 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
377
378 if (s->state == BT_CONNECTED)
379 rfcomm_send_pn(s, 1, d);
380 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
381 return 0;
382}
383
384int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
385{
386 int r;
387
388 rfcomm_lock();
389
390 r = __rfcomm_dlc_open(d, src, dst, channel);
391
392 rfcomm_unlock();
393 return r;
394}
395
396static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
397{
398 struct rfcomm_session *s = d->session;
399 if (!s)
400 return 0;
401
402 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
403 d, d->state, d->dlci, err, s);
404
405 switch (d->state) {
406 case BT_CONNECTED:
407 case BT_CONFIG:
408 case BT_CONNECT:
409 d->state = BT_DISCONN;
410 if (skb_queue_empty(&d->tx_queue)) {
411 rfcomm_send_disc(s, d->dlci);
412 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
413 } else {
414 rfcomm_queue_disc(d);
415 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
416 }
417 break;
418
419 default:
420 rfcomm_dlc_clear_timer(d);
421
422 rfcomm_dlc_lock(d);
423 d->state = BT_CLOSED;
424 d->state_change(d, err);
425 rfcomm_dlc_unlock(d);
426
427 skb_queue_purge(&d->tx_queue);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]428 rfcomm_dlc_unlink(d);
429 }
430
431 return 0;
432}
433
434int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
435{
436 int r;
437
438 rfcomm_lock();
439
440 r = __rfcomm_dlc_close(d, err);
441
442 rfcomm_unlock();
443 return r;
444}
445
446int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
447{
448 int len = skb->len;
449
450 if (d->state != BT_CONNECTED)
451 return -ENOTCONN;
452
453 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
454
455 if (len > d->mtu)
456 return -EINVAL;
457
458 rfcomm_make_uih(skb, d->addr);
459 skb_queue_tail(&d->tx_queue, skb);
460
461 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
462 rfcomm_schedule(RFCOMM_SCHED_TX);
463 return len;
464}
465
466void fastcall __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
467{
468 BT_DBG("dlc %p state %ld", d, d->state);
469
470 if (!d->cfc) {
471 d->v24_sig |= RFCOMM_V24_FC;
472 set_bit(RFCOMM_MSC_PENDING, &d->flags);
473 }
474 rfcomm_schedule(RFCOMM_SCHED_TX);
475}
476
477void fastcall __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
478{
479 BT_DBG("dlc %p state %ld", d, d->state);
480
481 if (!d->cfc) {
482 d->v24_sig &= ~RFCOMM_V24_FC;
483 set_bit(RFCOMM_MSC_PENDING, &d->flags);
484 }
485 rfcomm_schedule(RFCOMM_SCHED_TX);
486}
487
488/*
489 Set/get modem status functions use _local_ status i.e. what we report
490 to the other side.
491 Remote status is provided by dlc->modem_status() callback.
492 */
493int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
494{
495 BT_DBG("dlc %p state %ld v24_sig 0x%x",
496 d, d->state, v24_sig);
497
498 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
499 v24_sig |= RFCOMM_V24_FC;
500 else
501 v24_sig &= ~RFCOMM_V24_FC;
502
503 d->v24_sig = v24_sig;
504
505 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
506 rfcomm_schedule(RFCOMM_SCHED_TX);
507
508 return 0;
509}
510
511int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
512{
513 BT_DBG("dlc %p state %ld v24_sig 0x%x",
514 d, d->state, d->v24_sig);
515
516 *v24_sig = d->v24_sig;
517 return 0;
518}
519
520/* ---- RFCOMM sessions ---- */
521static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
522{
523 struct rfcomm_session *s = kmalloc(sizeof(*s), GFP_KERNEL);
524 if (!s)
525 return NULL;
526 memset(s, 0, sizeof(*s));
527
528 BT_DBG("session %p sock %p", s, sock);
529
530 INIT_LIST_HEAD(&s->dlcs);
531 s->state = state;
532 s->sock = sock;
533
534 s->mtu = RFCOMM_DEFAULT_MTU;
535 s->cfc = RFCOMM_CFC_UNKNOWN;
536
537 /* Do not increment module usage count for listening sessions.
538 * Otherwise we won't be able to unload the module. */
539 if (state != BT_LISTEN)
540 if (!try_module_get(THIS_MODULE)) {
541 kfree(s);
542 return NULL;
543 }
544
545 list_add(&s->list, &session_list);
546
547 return s;
548}
549
550static void rfcomm_session_del(struct rfcomm_session *s)
551{
552 int state = s->state;
553
554 BT_DBG("session %p state %ld", s, s->state);
555
556 list_del(&s->list);
557
558 if (state == BT_CONNECTED)
559 rfcomm_send_disc(s, 0);
560
561 sock_release(s->sock);
562 kfree(s);
563
564 if (state != BT_LISTEN)
565 module_put(THIS_MODULE);
566}
567
568static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
569{
570 struct rfcomm_session *s;
571 struct list_head *p, *n;
572 struct bt_sock *sk;
573 list_for_each_safe(p, n, &session_list) {
574 s = list_entry(p, struct rfcomm_session, list);
575 sk = bt_sk(s->sock->sk);
576
577 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
578 !bacmp(&sk->dst, dst))
579 return s;
580 }
581 return NULL;
582}
583
584static void rfcomm_session_close(struct rfcomm_session *s, int err)
585{
586 struct rfcomm_dlc *d;
587 struct list_head *p, *n;
588
589 BT_DBG("session %p state %ld err %d", s, s->state, err);
590
591 rfcomm_session_hold(s);
592
593 s->state = BT_CLOSED;
594
595 /* Close all dlcs */
596 list_for_each_safe(p, n, &s->dlcs) {
597 d = list_entry(p, struct rfcomm_dlc, list);
598 d->state = BT_CLOSED;
599 __rfcomm_dlc_close(d, err);
600 }
601
602 rfcomm_session_put(s);
603}
604
605static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
606{
607 struct rfcomm_session *s = NULL;
608 struct sockaddr_l2 addr;
609 struct socket *sock;
610 struct sock *sk;
611
612 BT_DBG("%s %s", batostr(src), batostr(dst));
613
614 *err = rfcomm_l2sock_create(&sock);
615 if (*err < 0)
616 return NULL;
617
618 bacpy(&addr.l2_bdaddr, src);
619 addr.l2_family = AF_BLUETOOTH;
620 addr.l2_psm = 0;
621 *err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
622 if (*err < 0)
623 goto failed;
624
625 /* Set L2CAP options */
626 sk = sock->sk;
627 lock_sock(sk);
Marcel Holtmann56f3a402006-02-13 11:39:57 +0100[diff] [blame^]628 l2cap_pi(sk)->imtu = l2cap_mtu;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]629 release_sock(sk);
630
631 s = rfcomm_session_add(sock, BT_BOUND);
632 if (!s) {
633 *err = -ENOMEM;
634 goto failed;
635 }
636
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]637 s->initiator = 1;
638
639 bacpy(&addr.l2_bdaddr, dst);
640 addr.l2_family = AF_BLUETOOTH;
641 addr.l2_psm = htobs(RFCOMM_PSM);
642 *err = sock->ops->connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
643 if (*err == 0 || *err == -EAGAIN)
644 return s;
645
646 rfcomm_session_del(s);
647 return NULL;
648
649failed:
650 sock_release(sock);
651 return NULL;
652}
653
654void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
655{
656 struct sock *sk = s->sock->sk;
657 if (src)
658 bacpy(src, &bt_sk(sk)->src);
659 if (dst)
660 bacpy(dst, &bt_sk(sk)->dst);
661}
662
663/* ---- RFCOMM frame sending ---- */
664static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
665{
666 struct socket *sock = s->sock;
667 struct kvec iv = { data, len };
668 struct msghdr msg;
669
670 BT_DBG("session %p len %d", s, len);
671
672 memset(&msg, 0, sizeof(msg));
673
674 return kernel_sendmsg(sock, &msg, &iv, 1, len);
675}
676
677static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
678{
679 struct rfcomm_cmd cmd;
680
681 BT_DBG("%p dlci %d", s, dlci);
682
683 cmd.addr = __addr(s->initiator, dlci);
684 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
685 cmd.len = __len8(0);
686 cmd.fcs = __fcs2((u8 *) &cmd);
687
688 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
689}
690
691static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
692{
693 struct rfcomm_cmd cmd;
694
695 BT_DBG("%p dlci %d", s, dlci);
696
697 cmd.addr = __addr(!s->initiator, dlci);
698 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
699 cmd.len = __len8(0);
700 cmd.fcs = __fcs2((u8 *) &cmd);
701
702 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
703}
704
705static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
706{
707 struct rfcomm_cmd cmd;
708
709 BT_DBG("%p dlci %d", s, dlci);
710
711 cmd.addr = __addr(s->initiator, dlci);
712 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
713 cmd.len = __len8(0);
714 cmd.fcs = __fcs2((u8 *) &cmd);
715
716 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
717}
718
719static int rfcomm_queue_disc(struct rfcomm_dlc *d)
720{
721 struct rfcomm_cmd *cmd;
722 struct sk_buff *skb;
723
724 BT_DBG("dlc %p dlci %d", d, d->dlci);
725
726 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
727 if (!skb)
728 return -ENOMEM;
729
730 cmd = (void *) __skb_put(skb, sizeof(*cmd));
731 cmd->addr = d->addr;
732 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
733 cmd->len = __len8(0);
734 cmd->fcs = __fcs2((u8 *) cmd);
735
736 skb_queue_tail(&d->tx_queue, skb);
737 rfcomm_schedule(RFCOMM_SCHED_TX);
738 return 0;
739}
740
741static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
742{
743 struct rfcomm_cmd cmd;
744
745 BT_DBG("%p dlci %d", s, dlci);
746
747 cmd.addr = __addr(!s->initiator, dlci);
748 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
749 cmd.len = __len8(0);
750 cmd.fcs = __fcs2((u8 *) &cmd);
751
752 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
753}
754
755static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
756{
757 struct rfcomm_hdr *hdr;
758 struct rfcomm_mcc *mcc;
759 u8 buf[16], *ptr = buf;
760
761 BT_DBG("%p cr %d type %d", s, cr, type);
762
763 hdr = (void *) ptr; ptr += sizeof(*hdr);
764 hdr->addr = __addr(s->initiator, 0);
765 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
766 hdr->len = __len8(sizeof(*mcc) + 1);
767
768 mcc = (void *) ptr; ptr += sizeof(*mcc);
769 mcc->type = __mcc_type(cr, RFCOMM_NSC);
770 mcc->len = __len8(1);
771
772 /* Type that we didn't like */
773 *ptr = __mcc_type(cr, type); ptr++;
774
775 *ptr = __fcs(buf); ptr++;
776
777 return rfcomm_send_frame(s, buf, ptr - buf);
778}
779
780static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
781{
782 struct rfcomm_hdr *hdr;
783 struct rfcomm_mcc *mcc;
784 struct rfcomm_pn *pn;
785 u8 buf[16], *ptr = buf;
786
787 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
788
789 hdr = (void *) ptr; ptr += sizeof(*hdr);
790 hdr->addr = __addr(s->initiator, 0);
791 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
792 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
793
794 mcc = (void *) ptr; ptr += sizeof(*mcc);
795 mcc->type = __mcc_type(cr, RFCOMM_PN);
796 mcc->len = __len8(sizeof(*pn));
797
798 pn = (void *) ptr; ptr += sizeof(*pn);
799 pn->dlci = d->dlci;
800 pn->priority = d->priority;
801 pn->ack_timer = 0;
802 pn->max_retrans = 0;
803
804 if (s->cfc) {
805 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
806 pn->credits = RFCOMM_DEFAULT_CREDITS;
807 } else {
808 pn->flow_ctrl = 0;
809 pn->credits = 0;
810 }
811
812 pn->mtu = htobs(d->mtu);
813
814 *ptr = __fcs(buf); ptr++;
815
816 return rfcomm_send_frame(s, buf, ptr - buf);
817}
818
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]819int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
820 u8 bit_rate, u8 data_bits, u8 stop_bits,
821 u8 parity, u8 flow_ctrl_settings,
822 u8 xon_char, u8 xoff_char, u16 param_mask)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]823{
824 struct rfcomm_hdr *hdr;
825 struct rfcomm_mcc *mcc;
826 struct rfcomm_rpn *rpn;
827 u8 buf[16], *ptr = buf;
828
829 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]830 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
831 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
832 flow_ctrl_settings, xon_char, xoff_char, param_mask);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]833
834 hdr = (void *) ptr; ptr += sizeof(*hdr);
835 hdr->addr = __addr(s->initiator, 0);
836 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
837 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
838
839 mcc = (void *) ptr; ptr += sizeof(*mcc);
840 mcc->type = __mcc_type(cr, RFCOMM_RPN);
841 mcc->len = __len8(sizeof(*rpn));
842
843 rpn = (void *) ptr; ptr += sizeof(*rpn);
844 rpn->dlci = __addr(1, dlci);
845 rpn->bit_rate = bit_rate;
846 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
847 rpn->flow_ctrl = flow_ctrl_settings;
848 rpn->xon_char = xon_char;
849 rpn->xoff_char = xoff_char;
850 rpn->param_mask = param_mask;
851
852 *ptr = __fcs(buf); ptr++;
853
854 return rfcomm_send_frame(s, buf, ptr - buf);
855}
856
857static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
858{
859 struct rfcomm_hdr *hdr;
860 struct rfcomm_mcc *mcc;
861 struct rfcomm_rls *rls;
862 u8 buf[16], *ptr = buf;
863
864 BT_DBG("%p cr %d status 0x%x", s, cr, status);
865
866 hdr = (void *) ptr; ptr += sizeof(*hdr);
867 hdr->addr = __addr(s->initiator, 0);
868 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
869 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
870
871 mcc = (void *) ptr; ptr += sizeof(*mcc);
872 mcc->type = __mcc_type(cr, RFCOMM_RLS);
873 mcc->len = __len8(sizeof(*rls));
874
875 rls = (void *) ptr; ptr += sizeof(*rls);
876 rls->dlci = __addr(1, dlci);
877 rls->status = status;
878
879 *ptr = __fcs(buf); ptr++;
880
881 return rfcomm_send_frame(s, buf, ptr - buf);
882}
883
884static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
885{
886 struct rfcomm_hdr *hdr;
887 struct rfcomm_mcc *mcc;
888 struct rfcomm_msc *msc;
889 u8 buf[16], *ptr = buf;
890
891 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
892
893 hdr = (void *) ptr; ptr += sizeof(*hdr);
894 hdr->addr = __addr(s->initiator, 0);
895 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
896 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
897
898 mcc = (void *) ptr; ptr += sizeof(*mcc);
899 mcc->type = __mcc_type(cr, RFCOMM_MSC);
900 mcc->len = __len8(sizeof(*msc));
901
902 msc = (void *) ptr; ptr += sizeof(*msc);
903 msc->dlci = __addr(1, dlci);
904 msc->v24_sig = v24_sig | 0x01;
905
906 *ptr = __fcs(buf); ptr++;
907
908 return rfcomm_send_frame(s, buf, ptr - buf);
909}
910
911static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
912{
913 struct rfcomm_hdr *hdr;
914 struct rfcomm_mcc *mcc;
915 u8 buf[16], *ptr = buf;
916
917 BT_DBG("%p cr %d", s, cr);
918
919 hdr = (void *) ptr; ptr += sizeof(*hdr);
920 hdr->addr = __addr(s->initiator, 0);
921 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
922 hdr->len = __len8(sizeof(*mcc));
923
924 mcc = (void *) ptr; ptr += sizeof(*mcc);
925 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
926 mcc->len = __len8(0);
927
928 *ptr = __fcs(buf); ptr++;
929
930 return rfcomm_send_frame(s, buf, ptr - buf);
931}
932
933static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
934{
935 struct rfcomm_hdr *hdr;
936 struct rfcomm_mcc *mcc;
937 u8 buf[16], *ptr = buf;
938
939 BT_DBG("%p cr %d", s, cr);
940
941 hdr = (void *) ptr; ptr += sizeof(*hdr);
942 hdr->addr = __addr(s->initiator, 0);
943 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
944 hdr->len = __len8(sizeof(*mcc));
945
946 mcc = (void *) ptr; ptr += sizeof(*mcc);
947 mcc->type = __mcc_type(cr, RFCOMM_FCON);
948 mcc->len = __len8(0);
949
950 *ptr = __fcs(buf); ptr++;
951
952 return rfcomm_send_frame(s, buf, ptr - buf);
953}
954
955static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
956{
957 struct socket *sock = s->sock;
958 struct kvec iv[3];
959 struct msghdr msg;
960 unsigned char hdr[5], crc[1];
961
962 if (len > 125)
963 return -EINVAL;
964
965 BT_DBG("%p cr %d", s, cr);
966
967 hdr[0] = __addr(s->initiator, 0);
968 hdr[1] = __ctrl(RFCOMM_UIH, 0);
969 hdr[2] = 0x01 | ((len + 2) << 1);
970 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
971 hdr[4] = 0x01 | (len << 1);
972
973 crc[0] = __fcs(hdr);
974
975 iv[0].iov_base = hdr;
976 iv[0].iov_len = 5;
977 iv[1].iov_base = pattern;
978 iv[1].iov_len = len;
979 iv[2].iov_base = crc;
980 iv[2].iov_len = 1;
981
982 memset(&msg, 0, sizeof(msg));
983
984 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
985}
986
987static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
988{
989 struct rfcomm_hdr *hdr;
990 u8 buf[16], *ptr = buf;
991
992 BT_DBG("%p addr %d credits %d", s, addr, credits);
993
994 hdr = (void *) ptr; ptr += sizeof(*hdr);
995 hdr->addr = addr;
996 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
997 hdr->len = __len8(0);
998
999 *ptr = credits; ptr++;
1000
1001 *ptr = __fcs(buf); ptr++;
1002
1003 return rfcomm_send_frame(s, buf, ptr - buf);
1004}
1005
1006static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1007{
1008 struct rfcomm_hdr *hdr;
1009 int len = skb->len;
1010 u8 *crc;
1011
1012 if (len > 127) {
1013 hdr = (void *) skb_push(skb, 4);
1014 put_unaligned(htobs(__len16(len)), (u16 *) &hdr->len);
1015 } else {
1016 hdr = (void *) skb_push(skb, 3);
1017 hdr->len = __len8(len);
1018 }
1019 hdr->addr = addr;
1020 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1021
1022 crc = skb_put(skb, 1);
1023 *crc = __fcs((void *) hdr);
1024}
1025
1026/* ---- RFCOMM frame reception ---- */
1027static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1028{
1029 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1030
1031 if (dlci) {
1032 /* Data channel */
1033 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1034 if (!d) {
1035 rfcomm_send_dm(s, dlci);
1036 return 0;
1037 }
1038
1039 switch (d->state) {
1040 case BT_CONNECT:
1041 rfcomm_dlc_clear_timer(d);
1042
1043 rfcomm_dlc_lock(d);
1044 d->state = BT_CONNECTED;
1045 d->state_change(d, 0);
1046 rfcomm_dlc_unlock(d);
1047
1048 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1049 break;
1050
1051 case BT_DISCONN:
1052 d->state = BT_CLOSED;
1053 __rfcomm_dlc_close(d, 0);
1054 break;
1055 }
1056 } else {
1057 /* Control channel */
1058 switch (s->state) {
1059 case BT_CONNECT:
1060 s->state = BT_CONNECTED;
1061 rfcomm_process_connect(s);
1062 break;
1063 }
1064 }
1065 return 0;
1066}
1067
1068static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1069{
1070 int err = 0;
1071
1072 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1073
1074 if (dlci) {
1075 /* Data DLC */
1076 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1077 if (d) {
1078 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1079 err = ECONNREFUSED;
1080 else
1081 err = ECONNRESET;
1082
1083 d->state = BT_CLOSED;
1084 __rfcomm_dlc_close(d, err);
1085 }
1086 } else {
1087 if (s->state == BT_CONNECT)
1088 err = ECONNREFUSED;
1089 else
1090 err = ECONNRESET;
1091
1092 s->state = BT_CLOSED;
1093 rfcomm_session_close(s, err);
1094 }
1095 return 0;
1096}
1097
1098static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1099{
1100 int err = 0;
1101
1102 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1103
1104 if (dlci) {
1105 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1106 if (d) {
1107 rfcomm_send_ua(s, dlci);
1108
1109 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1110 err = ECONNREFUSED;
1111 else
1112 err = ECONNRESET;
1113
1114 d->state = BT_CLOSED;
1115 __rfcomm_dlc_close(d, err);
1116 } else
1117 rfcomm_send_dm(s, dlci);
1118
1119 } else {
1120 rfcomm_send_ua(s, 0);
1121
1122 if (s->state == BT_CONNECT)
1123 err = ECONNREFUSED;
1124 else
1125 err = ECONNRESET;
1126
1127 s->state = BT_CLOSED;
1128 rfcomm_session_close(s, err);
1129 }
1130
1131 return 0;
1132}
1133
1134static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
1135{
1136 struct sock *sk = d->session->sock->sk;
1137
1138 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
1139 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
1140 return 1;
1141 } else if (d->link_mode & RFCOMM_LM_AUTH) {
1142 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
1143 return 1;
1144 }
1145
1146 return 0;
1147}
1148
1149static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1150{
1151 BT_DBG("dlc %p", d);
1152
1153 rfcomm_send_ua(d->session, d->dlci);
1154
1155 rfcomm_dlc_lock(d);
1156 d->state = BT_CONNECTED;
1157 d->state_change(d, 0);
1158 rfcomm_dlc_unlock(d);
1159
1160 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1161}
1162
1163static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1164{
1165 struct rfcomm_dlc *d;
1166 u8 channel;
1167
1168 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1169
1170 if (!dlci) {
1171 rfcomm_send_ua(s, 0);
1172
1173 if (s->state == BT_OPEN) {
1174 s->state = BT_CONNECTED;
1175 rfcomm_process_connect(s);
1176 }
1177 return 0;
1178 }
1179
1180 /* Check if DLC exists */
1181 d = rfcomm_dlc_get(s, dlci);
1182 if (d) {
1183 if (d->state == BT_OPEN) {
1184 /* DLC was previously opened by PN request */
1185 if (rfcomm_check_link_mode(d)) {
1186 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1187 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1188 return 0;
1189 }
1190
1191 rfcomm_dlc_accept(d);
1192 }
1193 return 0;
1194 }
1195
1196 /* Notify socket layer about incoming connection */
1197 channel = __srv_channel(dlci);
1198 if (rfcomm_connect_ind(s, channel, &d)) {
1199 d->dlci = dlci;
1200 d->addr = __addr(s->initiator, dlci);
1201 rfcomm_dlc_link(s, d);
1202
1203 if (rfcomm_check_link_mode(d)) {
1204 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1205 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1206 return 0;
1207 }
1208
1209 rfcomm_dlc_accept(d);
1210 } else {
1211 rfcomm_send_dm(s, dlci);
1212 }
1213
1214 return 0;
1215}
1216
1217static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1218{
1219 struct rfcomm_session *s = d->session;
1220
1221 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1222 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1223
1224 if (pn->flow_ctrl == 0xf0 || pn->flow_ctrl == 0xe0) {
1225 d->cfc = s->cfc = RFCOMM_CFC_ENABLED;
1226 d->tx_credits = pn->credits;
1227 } else {
1228 d->cfc = s->cfc = RFCOMM_CFC_DISABLED;
1229 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1230 }
1231
1232 d->priority = pn->priority;
1233
1234 d->mtu = s->mtu = btohs(pn->mtu);
1235
1236 return 0;
1237}
1238
1239static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1240{
1241 struct rfcomm_pn *pn = (void *) skb->data;
1242 struct rfcomm_dlc *d;
1243 u8 dlci = pn->dlci;
1244
1245 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1246
1247 if (!dlci)
1248 return 0;
1249
1250 d = rfcomm_dlc_get(s, dlci);
1251 if (d) {
1252 if (cr) {
1253 /* PN request */
1254 rfcomm_apply_pn(d, cr, pn);
1255 rfcomm_send_pn(s, 0, d);
1256 } else {
1257 /* PN response */
1258 switch (d->state) {
1259 case BT_CONFIG:
1260 rfcomm_apply_pn(d, cr, pn);
1261
1262 d->state = BT_CONNECT;
1263 rfcomm_send_sabm(s, d->dlci);
1264 break;
1265 }
1266 }
1267 } else {
1268 u8 channel = __srv_channel(dlci);
1269
1270 if (!cr)
1271 return 0;
1272
1273 /* PN request for non existing DLC.
1274 * Assume incoming connection. */
1275 if (rfcomm_connect_ind(s, channel, &d)) {
1276 d->dlci = dlci;
1277 d->addr = __addr(s->initiator, dlci);
1278 rfcomm_dlc_link(s, d);
1279
1280 rfcomm_apply_pn(d, cr, pn);
1281
1282 d->state = BT_OPEN;
1283 rfcomm_send_pn(s, 0, d);
1284 } else {
1285 rfcomm_send_dm(s, dlci);
1286 }
1287 }
1288 return 0;
1289}
1290
1291static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1292{
1293 struct rfcomm_rpn *rpn = (void *) skb->data;
1294 u8 dlci = __get_dlci(rpn->dlci);
1295
1296 u8 bit_rate = 0;
1297 u8 data_bits = 0;
1298 u8 stop_bits = 0;
1299 u8 parity = 0;
1300 u8 flow_ctrl = 0;
1301 u8 xon_char = 0;
1302 u8 xoff_char = 0;
1303 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1304
1305 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1306 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1307 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1308
1309 if (!cr)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1310 return 0;
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1311
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1312 if (len == 1) {
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1313 /* This is a request, return default settings */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1314 bit_rate = RFCOMM_RPN_BR_115200;
1315 data_bits = RFCOMM_RPN_DATA_8;
1316 stop_bits = RFCOMM_RPN_STOP_1;
1317 parity = RFCOMM_RPN_PARITY_NONE;
1318 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1319 xon_char = RFCOMM_RPN_XON_CHAR;
1320 xoff_char = RFCOMM_RPN_XOFF_CHAR;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1321 goto rpn_out;
1322 }
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1323
1324 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1325 * no parity, no flow control lines, normal XON/XOFF chars */
1326
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1327 if (rpn->param_mask & RFCOMM_RPN_PM_BITRATE) {
1328 bit_rate = rpn->bit_rate;
1329 if (bit_rate != RFCOMM_RPN_BR_115200) {
1330 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1331 bit_rate = RFCOMM_RPN_BR_115200;
1332 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1333 }
1334 }
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1335
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1336 if (rpn->param_mask & RFCOMM_RPN_PM_DATA) {
1337 data_bits = __get_rpn_data_bits(rpn->line_settings);
1338 if (data_bits != RFCOMM_RPN_DATA_8) {
1339 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1340 data_bits = RFCOMM_RPN_DATA_8;
1341 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1342 }
1343 }
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1344
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1345 if (rpn->param_mask & RFCOMM_RPN_PM_STOP) {
1346 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1347 if (stop_bits != RFCOMM_RPN_STOP_1) {
1348 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1349 stop_bits = RFCOMM_RPN_STOP_1;
1350 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1351 }
1352 }
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1353
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1354 if (rpn->param_mask & RFCOMM_RPN_PM_PARITY) {
1355 parity = __get_rpn_parity(rpn->line_settings);
1356 if (parity != RFCOMM_RPN_PARITY_NONE) {
1357 BT_DBG("RPN parity mismatch 0x%x", parity);
1358 parity = RFCOMM_RPN_PARITY_NONE;
1359 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1360 }
1361 }
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1362
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1363 if (rpn->param_mask & RFCOMM_RPN_PM_FLOW) {
1364 flow_ctrl = rpn->flow_ctrl;
1365 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1366 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1367 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1368 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1369 }
1370 }
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1371
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1372 if (rpn->param_mask & RFCOMM_RPN_PM_XON) {
1373 xon_char = rpn->xon_char;
1374 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1375 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1376 xon_char = RFCOMM_RPN_XON_CHAR;
1377 rpn_mask ^= RFCOMM_RPN_PM_XON;
1378 }
1379 }
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1380
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1381 if (rpn->param_mask & RFCOMM_RPN_PM_XOFF) {
1382 xoff_char = rpn->xoff_char;
1383 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1384 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1385 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1386 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1387 }
1388 }
1389
1390rpn_out:
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1391 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1392 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1393
1394 return 0;
1395}
1396
1397static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1398{
1399 struct rfcomm_rls *rls = (void *) skb->data;
1400 u8 dlci = __get_dlci(rls->dlci);
1401
1402 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1403
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1404 if (!cr)
1405 return 0;
1406
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1407 /* We should probably do something with this information here. But
1408 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1409 * mandatory to recognise and respond to RLS */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1410
1411 rfcomm_send_rls(s, 0, dlci, rls->status);
1412
1413 return 0;
1414}
1415
1416static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1417{
1418 struct rfcomm_msc *msc = (void *) skb->data;
1419 struct rfcomm_dlc *d;
1420 u8 dlci = __get_dlci(msc->dlci);
1421
1422 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1423
1424 d = rfcomm_dlc_get(s, dlci);
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1425 if (!d)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1426 return 0;
1427
1428 if (cr) {
1429 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1430 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1431 else
1432 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1433
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1434 rfcomm_dlc_lock(d);
1435 if (d->modem_status)
1436 d->modem_status(d, msc->v24_sig);
1437 rfcomm_dlc_unlock(d);
1438
1439 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1440
1441 d->mscex |= RFCOMM_MSCEX_RX;
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1442 } else
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1443 d->mscex |= RFCOMM_MSCEX_TX;
1444
1445 return 0;
1446}
1447
1448static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1449{
1450 struct rfcomm_mcc *mcc = (void *) skb->data;
1451 u8 type, cr, len;
1452
1453 cr = __test_cr(mcc->type);
1454 type = __get_mcc_type(mcc->type);
1455 len = __get_mcc_len(mcc->len);
1456
1457 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1458
1459 skb_pull(skb, 2);
1460
1461 switch (type) {
1462 case RFCOMM_PN:
1463 rfcomm_recv_pn(s, cr, skb);
1464 break;
1465
1466 case RFCOMM_RPN:
1467 rfcomm_recv_rpn(s, cr, len, skb);
1468 break;
1469
1470 case RFCOMM_RLS:
1471 rfcomm_recv_rls(s, cr, skb);
1472 break;
1473
1474 case RFCOMM_MSC:
1475 rfcomm_recv_msc(s, cr, skb);
1476 break;
1477
1478 case RFCOMM_FCOFF:
1479 if (cr) {
1480 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1481 rfcomm_send_fcoff(s, 0);
1482 }
1483 break;
1484
1485 case RFCOMM_FCON:
1486 if (cr) {
1487 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1488 rfcomm_send_fcon(s, 0);
1489 }
1490 break;
1491
1492 case RFCOMM_TEST:
1493 if (cr)
1494 rfcomm_send_test(s, 0, skb->data, skb->len);
1495 break;
1496
1497 case RFCOMM_NSC:
1498 break;
1499
1500 default:
1501 BT_ERR("Unknown control type 0x%02x", type);
1502 rfcomm_send_nsc(s, cr, type);
1503 break;
1504 }
1505 return 0;
1506}
1507
1508static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1509{
1510 struct rfcomm_dlc *d;
1511
1512 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1513
1514 d = rfcomm_dlc_get(s, dlci);
1515 if (!d) {
1516 rfcomm_send_dm(s, dlci);
1517 goto drop;
1518 }
1519
1520 if (pf && d->cfc) {
1521 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1522
1523 d->tx_credits += credits;
1524 if (d->tx_credits)
1525 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1526 }
1527
1528 if (skb->len && d->state == BT_CONNECTED) {
1529 rfcomm_dlc_lock(d);
1530 d->rx_credits--;
1531 d->data_ready(d, skb);
1532 rfcomm_dlc_unlock(d);
1533 return 0;
1534 }
1535
1536drop:
1537 kfree_skb(skb);
1538 return 0;
1539}
1540
1541static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1542{
1543 struct rfcomm_hdr *hdr = (void *) skb->data;
1544 u8 type, dlci, fcs;
1545
1546 dlci = __get_dlci(hdr->addr);
1547 type = __get_type(hdr->ctrl);
1548
1549 /* Trim FCS */
1550 skb->len--; skb->tail--;
1551 fcs = *(u8 *) skb->tail;
1552
1553 if (__check_fcs(skb->data, type, fcs)) {
1554 BT_ERR("bad checksum in packet");
1555 kfree_skb(skb);
1556 return -EILSEQ;
1557 }
1558
1559 if (__test_ea(hdr->len))
1560 skb_pull(skb, 3);
1561 else
1562 skb_pull(skb, 4);
1563
1564 switch (type) {
1565 case RFCOMM_SABM:
1566 if (__test_pf(hdr->ctrl))
1567 rfcomm_recv_sabm(s, dlci);
1568 break;
1569
1570 case RFCOMM_DISC:
1571 if (__test_pf(hdr->ctrl))
1572 rfcomm_recv_disc(s, dlci);
1573 break;
1574
1575 case RFCOMM_UA:
1576 if (__test_pf(hdr->ctrl))
1577 rfcomm_recv_ua(s, dlci);
1578 break;
1579
1580 case RFCOMM_DM:
1581 rfcomm_recv_dm(s, dlci);
1582 break;
1583
1584 case RFCOMM_UIH:
1585 if (dlci)
1586 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1587
1588 rfcomm_recv_mcc(s, skb);
1589 break;
1590
1591 default:
1592 BT_ERR("Unknown packet type 0x%02x\n", type);
1593 break;
1594 }
1595 kfree_skb(skb);
1596 return 0;
1597}
1598
1599/* ---- Connection and data processing ---- */
1600
1601static void rfcomm_process_connect(struct rfcomm_session *s)
1602{
1603 struct rfcomm_dlc *d;
1604 struct list_head *p, *n;
1605
1606 BT_DBG("session %p state %ld", s, s->state);
1607
1608 list_for_each_safe(p, n, &s->dlcs) {
1609 d = list_entry(p, struct rfcomm_dlc, list);
1610 if (d->state == BT_CONFIG) {
1611 d->mtu = s->mtu;
1612 rfcomm_send_pn(s, 1, d);
1613 }
1614 }
1615}
1616
1617/* Send data queued for the DLC.
1618 * Return number of frames left in the queue.
1619 */
1620static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1621{
1622 struct sk_buff *skb;
1623 int err;
1624
1625 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1626 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1627
1628 /* Send pending MSC */
1629 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1630 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1631
1632 if (d->cfc) {
1633 /* CFC enabled.
1634 * Give them some credits */
1635 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1636 d->rx_credits <= (d->cfc >> 2)) {
1637 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1638 d->rx_credits = d->cfc;
1639 }
1640 } else {
1641 /* CFC disabled.
1642 * Give ourselves some credits */
1643 d->tx_credits = 5;
1644 }
1645
1646 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1647 return skb_queue_len(&d->tx_queue);
1648
1649 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1650 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1651 if (err < 0) {
1652 skb_queue_head(&d->tx_queue, skb);
1653 break;
1654 }
1655 kfree_skb(skb);
1656 d->tx_credits--;
1657 }
1658
1659 if (d->cfc && !d->tx_credits) {
1660 /* We're out of TX credits.
1661 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1662 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1663 }
1664
1665 return skb_queue_len(&d->tx_queue);
1666}
1667
1668static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1669{
1670 struct rfcomm_dlc *d;
1671 struct list_head *p, *n;
1672
1673 BT_DBG("session %p state %ld", s, s->state);
1674
1675 list_for_each_safe(p, n, &s->dlcs) {
1676 d = list_entry(p, struct rfcomm_dlc, list);
1677
1678 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1679 __rfcomm_dlc_close(d, ETIMEDOUT);
1680 continue;
1681 }
1682
1683 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1684 rfcomm_dlc_clear_timer(d);
1685 rfcomm_dlc_accept(d);
1686 if (d->link_mode & RFCOMM_LM_SECURE) {
1687 struct sock *sk = s->sock->sk;
1688 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
1689 }
1690 continue;
1691 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1692 rfcomm_dlc_clear_timer(d);
1693 rfcomm_send_dm(s, d->dlci);
1694 __rfcomm_dlc_close(d, ECONNREFUSED);
1695 continue;
1696 }
1697
1698 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1699 continue;
1700
1701 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1702 d->mscex == RFCOMM_MSCEX_OK)
1703 rfcomm_process_tx(d);
1704 }
1705}
1706
1707static inline void rfcomm_process_rx(struct rfcomm_session *s)
1708{
1709 struct socket *sock = s->sock;
1710 struct sock *sk = sock->sk;
1711 struct sk_buff *skb;
1712
1713 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1714
1715 /* Get data directly from socket receive queue without copying it. */
1716 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1717 skb_orphan(skb);
1718 rfcomm_recv_frame(s, skb);
1719 }
1720
1721 if (sk->sk_state == BT_CLOSED) {
1722 if (!s->initiator)
1723 rfcomm_session_put(s);
1724
1725 rfcomm_session_close(s, sk->sk_err);
1726 }
1727}
1728
1729static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1730{
1731 struct socket *sock = s->sock, *nsock;
1732 int err;
1733
1734 /* Fast check for a new connection.
1735 * Avoids unnesesary socket allocations. */
1736 if (list_empty(&bt_sk(sock->sk)->accept_q))
1737 return;
1738
1739 BT_DBG("session %p", s);
1740
1741 if (sock_create_lite(PF_BLUETOOTH, sock->type, BTPROTO_L2CAP, &nsock))
1742 return;
1743
1744 nsock->ops = sock->ops;
1745
1746 __module_get(nsock->ops->owner);
1747
1748 err = sock->ops->accept(sock, nsock, O_NONBLOCK);
1749 if (err < 0) {
1750 sock_release(nsock);
1751 return;
1752 }
1753
1754 /* Set our callbacks */
1755 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1756 nsock->sk->sk_state_change = rfcomm_l2state_change;
1757
1758 s = rfcomm_session_add(nsock, BT_OPEN);
1759 if (s) {
1760 rfcomm_session_hold(s);
1761 rfcomm_schedule(RFCOMM_SCHED_RX);
1762 } else
1763 sock_release(nsock);
1764}
1765
1766static inline void rfcomm_check_connection(struct rfcomm_session *s)
1767{
1768 struct sock *sk = s->sock->sk;
1769
1770 BT_DBG("%p state %ld", s, s->state);
1771
1772 switch(sk->sk_state) {
1773 case BT_CONNECTED:
1774 s->state = BT_CONNECT;
1775
1776 /* We can adjust MTU on outgoing sessions.
1777 * L2CAP MTU minus UIH header and FCS. */
1778 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1779
1780 rfcomm_send_sabm(s, 0);
1781 break;
1782
1783 case BT_CLOSED:
1784 s->state = BT_CLOSED;
1785 rfcomm_session_close(s, sk->sk_err);
1786 break;
1787 }
1788}
1789
1790static inline void rfcomm_process_sessions(void)
1791{
1792 struct list_head *p, *n;
1793
1794 rfcomm_lock();
1795
1796 list_for_each_safe(p, n, &session_list) {
1797 struct rfcomm_session *s;
1798 s = list_entry(p, struct rfcomm_session, list);
1799
1800 if (s->state == BT_LISTEN) {
1801 rfcomm_accept_connection(s);
1802 continue;
1803 }
1804
1805 rfcomm_session_hold(s);
1806
1807 switch (s->state) {
1808 case BT_BOUND:
1809 rfcomm_check_connection(s);
1810 break;
1811
1812 default:
1813 rfcomm_process_rx(s);
1814 break;
1815 }
1816
1817 rfcomm_process_dlcs(s);
1818
1819 rfcomm_session_put(s);
1820 }
1821
1822 rfcomm_unlock();
1823}
1824
1825static void rfcomm_worker(void)
1826{
1827 BT_DBG("");
1828
1829 while (!atomic_read(&terminate)) {
1830 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1831 /* No pending events. Let's sleep.
1832 * Incoming connections and data will wake us up. */
1833 set_current_state(TASK_INTERRUPTIBLE);
1834 schedule();
1835 }
1836
1837 /* Process stuff */
1838 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1839 rfcomm_process_sessions();
1840 }
1841 set_current_state(TASK_RUNNING);
1842 return;
1843}
1844
1845static int rfcomm_add_listener(bdaddr_t *ba)
1846{
1847 struct sockaddr_l2 addr;
1848 struct socket *sock;
1849 struct sock *sk;
1850 struct rfcomm_session *s;
1851 int err = 0;
1852
1853 /* Create socket */
1854 err = rfcomm_l2sock_create(&sock);
1855 if (err < 0) {
1856 BT_ERR("Create socket failed %d", err);
1857 return err;
1858 }
1859
1860 /* Bind socket */
1861 bacpy(&addr.l2_bdaddr, ba);
1862 addr.l2_family = AF_BLUETOOTH;
1863 addr.l2_psm = htobs(RFCOMM_PSM);
1864 err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1865 if (err < 0) {
1866 BT_ERR("Bind failed %d", err);
1867 goto failed;
1868 }
1869
1870 /* Set L2CAP options */
1871 sk = sock->sk;
1872 lock_sock(sk);
Marcel Holtmann56f3a402006-02-13 11:39:57 +0100[diff] [blame^]1873 l2cap_pi(sk)->imtu = l2cap_mtu;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1874 release_sock(sk);
1875
1876 /* Start listening on the socket */
1877 err = sock->ops->listen(sock, 10);
1878 if (err) {
1879 BT_ERR("Listen failed %d", err);
1880 goto failed;
1881 }
1882
1883 /* Add listening session */
1884 s = rfcomm_session_add(sock, BT_LISTEN);
1885 if (!s)
1886 goto failed;
1887
1888 rfcomm_session_hold(s);
1889 return 0;
1890failed:
1891 sock_release(sock);
1892 return err;
1893}
1894
1895static void rfcomm_kill_listener(void)
1896{
1897 struct rfcomm_session *s;
1898 struct list_head *p, *n;
1899
1900 BT_DBG("");
1901
1902 list_for_each_safe(p, n, &session_list) {
1903 s = list_entry(p, struct rfcomm_session, list);
1904 rfcomm_session_del(s);
1905 }
1906}
1907
1908static int rfcomm_run(void *unused)
1909{
1910 rfcomm_thread = current;
1911
1912 atomic_inc(&running);
1913
1914 daemonize("krfcommd");
1915 set_user_nice(current, -10);
1916 current->flags |= PF_NOFREEZE;
1917
1918 BT_DBG("");
1919
1920 rfcomm_add_listener(BDADDR_ANY);
1921
1922 rfcomm_worker();
1923
1924 rfcomm_kill_listener();
1925
1926 atomic_dec(&running);
1927 return 0;
1928}
1929
1930static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
1931{
1932 struct rfcomm_session *s;
1933 struct rfcomm_dlc *d;
1934 struct list_head *p, *n;
1935
1936 BT_DBG("conn %p status 0x%02x", conn, status);
1937
1938 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1939 if (!s)
1940 return;
1941
1942 rfcomm_session_hold(s);
1943
1944 list_for_each_safe(p, n, &s->dlcs) {
1945 d = list_entry(p, struct rfcomm_dlc, list);
1946
1947 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE))
1948 continue;
1949
1950 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1951 continue;
1952
1953 if (!status)
1954 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1955 else
1956 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1957 }
1958
1959 rfcomm_session_put(s);
1960
1961 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1962}
1963
1964static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1965{
1966 struct rfcomm_session *s;
1967 struct rfcomm_dlc *d;
1968 struct list_head *p, *n;
1969
1970 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
1971
1972 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1973 if (!s)
1974 return;
1975
1976 rfcomm_session_hold(s);
1977
1978 list_for_each_safe(p, n, &s->dlcs) {
1979 d = list_entry(p, struct rfcomm_dlc, list);
1980
1981 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1982 continue;
1983
1984 if (!status && encrypt)
1985 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1986 else
1987 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1988 }
1989
1990 rfcomm_session_put(s);
1991
1992 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1993}
1994
1995static struct hci_cb rfcomm_cb = {
1996 .name = "RFCOMM",
1997 .auth_cfm = rfcomm_auth_cfm,
1998 .encrypt_cfm = rfcomm_encrypt_cfm
1999};
2000
Marcel Holtmannbe9d1222005-11-08 09:57:38 -0800[diff] [blame]2001static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2002{
2003 struct rfcomm_session *s;
2004 struct list_head *pp, *p;
Marcel Holtmannbe9d1222005-11-08 09:57:38 -0800[diff] [blame]2005 char *str = buf;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2006
2007 rfcomm_lock();
2008
2009 list_for_each(p, &session_list) {
2010 s = list_entry(p, struct rfcomm_session, list);
Marcel Holtmannbe9d1222005-11-08 09:57:38 -0800[diff] [blame]2011 list_for_each(pp, &s->dlcs) {
2012 struct sock *sk = s->sock->sk;
2013 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2014
Marcel Holtmannbe9d1222005-11-08 09:57:38 -0800[diff] [blame]2015 str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2016 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2017 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2018 }
2019 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2020
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2021 rfcomm_unlock();
Marcel Holtmannbe9d1222005-11-08 09:57:38 -0800[diff] [blame]2022
2023 return (str - buf);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2024}
2025
Marcel Holtmannbe9d1222005-11-08 09:57:38 -0800[diff] [blame]2026static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2027
2028/* ---- Initialization ---- */
2029static int __init rfcomm_init(void)
2030{
2031 l2cap_load();
2032
2033 hci_register_cb(&rfcomm_cb);
2034
2035 kernel_thread(rfcomm_run, NULL, CLONE_KERNEL);
2036
Marcel Holtmannbe9d1222005-11-08 09:57:38 -0800[diff] [blame]2037 class_create_file(&bt_class, &class_attr_rfcomm_dlc);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2038
2039 rfcomm_init_sockets();
2040
2041#ifdef CONFIG_BT_RFCOMM_TTY
2042 rfcomm_init_ttys();
2043#endif
2044
Marcel Holtmannbe9d1222005-11-08 09:57:38 -0800[diff] [blame]2045 BT_INFO("RFCOMM ver %s", VERSION);
2046
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2047 return 0;
2048}
2049
2050static void __exit rfcomm_exit(void)
2051{
Marcel Holtmannbe9d1222005-11-08 09:57:38 -0800[diff] [blame]2052 class_remove_file(&bt_class, &class_attr_rfcomm_dlc);
2053
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2054 hci_unregister_cb(&rfcomm_cb);
2055
2056 /* Terminate working thread.
2057 * ie. Set terminate flag and wake it up */
2058 atomic_inc(&terminate);
2059 rfcomm_schedule(RFCOMM_SCHED_STATE);
2060
2061 /* Wait until thread is running */
2062 while (atomic_read(&running))
2063 schedule();
2064
2065#ifdef CONFIG_BT_RFCOMM_TTY
2066 rfcomm_cleanup_ttys();
2067#endif
2068
2069 rfcomm_cleanup_sockets();
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2070}
2071
2072module_init(rfcomm_init);
2073module_exit(rfcomm_exit);
2074
Marcel Holtmann56f3a402006-02-13 11:39:57 +0100[diff] [blame^]2075module_param(l2cap_mtu, uint, 0644);
2076MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2077
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2078MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
2079MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2080MODULE_VERSION(VERSION);
2081MODULE_LICENSE("GPL");
2082MODULE_ALIAS("bt-proto-3");