Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-5.4 / 7c2660b00fae0575dd4ce5c7b6bf30762b632045 / . / net / bluetooth / rfcomm / core.c
blob: fe18dc2dd3c110205380eec1bd859918e16c1835 [file] [log] [blame]
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1/*
2 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
14 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
19 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
21 SOFTWARE IS DISCLAIMED.
22*/
23
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]24/*
25 * Bluetooth RFCOMM core.
26 *
27 * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $
28 */
29
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]30#include <linux/module.h>
31#include <linux/errno.h>
32#include <linux/kernel.h>
33#include <linux/sched.h>
34#include <linux/signal.h>
35#include <linux/init.h>
36#include <linux/wait.h>
Marcel Holtmannbe9d1222005-11-08 09:57:38 -0800[diff] [blame]37#include <linux/device.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]38#include <linux/net.h>
Arjan van de Ven4a3e2f72006-03-20 22:33:17 -0800[diff] [blame]39#include <linux/mutex.h>
40
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]41#include <net/sock.h>
42#include <asm/uaccess.h>
43#include <asm/unaligned.h>
44
45#include <net/bluetooth/bluetooth.h>
46#include <net/bluetooth/hci_core.h>
47#include <net/bluetooth/l2cap.h>
48#include <net/bluetooth/rfcomm.h>
49
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]50#ifndef CONFIG_BT_RFCOMM_DEBUG
51#undef BT_DBG
52#define BT_DBG(D...)
53#endif
54
Marcel Holtmann7c2660b2006-07-03 10:02:51 +0200[diff] [blame^]55#define VERSION "1.8"
Marcel Holtmann56f3a402006-02-13 11:39:57 +0100[diff] [blame]56
Marcel Holtmann7c2660b2006-07-03 10:02:51 +0200[diff] [blame^]57static int disable_cfc = 0;
Marcel Holtmann56f3a402006-02-13 11:39:57 +0100[diff] [blame]58static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
59
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]60static struct task_struct *rfcomm_thread;
61
Arjan van de Ven4a3e2f72006-03-20 22:33:17 -0800[diff] [blame]62static DEFINE_MUTEX(rfcomm_mutex);
63#define rfcomm_lock() mutex_lock(&rfcomm_mutex)
64#define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]65
66static unsigned long rfcomm_event;
67
68static LIST_HEAD(session_list);
69static atomic_t terminate, running;
70
71static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
72static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
73static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
74static int rfcomm_queue_disc(struct rfcomm_dlc *d);
75static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
76static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
77static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
78static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
79static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
80static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
81
82static void rfcomm_process_connect(struct rfcomm_session *s);
83
84static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
85static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
86static void rfcomm_session_del(struct rfcomm_session *s);
87
88/* ---- RFCOMM frame parsing macros ---- */
89#define __get_dlci(b) ((b & 0xfc) >> 2)
90#define __get_channel(b) ((b & 0xf8) >> 3)
91#define __get_dir(b) ((b & 0x04) >> 2)
92#define __get_type(b) ((b & 0xef))
93
94#define __test_ea(b) ((b & 0x01))
95#define __test_cr(b) ((b & 0x02))
96#define __test_pf(b) ((b & 0x10))
97
98#define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
99#define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
100#define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
101#define __srv_channel(dlci) (dlci >> 1)
102#define __dir(dlci) (dlci & 0x01)
103
104#define __len8(len) (((len) << 1) | 1)
105#define __len16(len) ((len) << 1)
106
107/* MCC macros */
108#define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
109#define __get_mcc_type(b) ((b & 0xfc) >> 2)
110#define __get_mcc_len(b) ((b & 0xfe) >> 1)
111
112/* RPN macros */
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]113#define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]114#define __get_rpn_data_bits(line) ((line) & 0x3)
115#define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]116#define __get_rpn_parity(line) (((line) >> 3) & 0x7)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]117
118static inline void rfcomm_schedule(uint event)
119{
120 if (!rfcomm_thread)
121 return;
122 //set_bit(event, &rfcomm_event);
123 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
124 wake_up_process(rfcomm_thread);
125}
126
127static inline void rfcomm_session_put(struct rfcomm_session *s)
128{
129 if (atomic_dec_and_test(&s->refcnt))
130 rfcomm_session_del(s);
131}
132
133/* ---- RFCOMM FCS computation ---- */
134
Marcel Holtmann408c1ce2005-10-28 19:20:36 +0200[diff] [blame]135/* reversed, 8-bit, poly=0x07 */
136static unsigned char rfcomm_crc_table[256] = {
137 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
138 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
139 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
140 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
141
142 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
143 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
144 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
145 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
146
147 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
148 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
149 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
150 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
151
152 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
153 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
154 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
155 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
156
157 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
158 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
159 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
160 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
161
162 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
163 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
164 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
165 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
166
167 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
168 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
169 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
170 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
171
172 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
173 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
174 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
175 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
176};
177
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]178/* CRC on 2 bytes */
179#define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
180
181/* FCS on 2 bytes */
182static inline u8 __fcs(u8 *data)
183{
184 return (0xff - __crc(data));
185}
186
187/* FCS on 3 bytes */
188static inline u8 __fcs2(u8 *data)
189{
190 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
191}
192
193/* Check FCS */
194static inline int __check_fcs(u8 *data, int type, u8 fcs)
195{
196 u8 f = __crc(data);
197
198 if (type != RFCOMM_UIH)
199 f = rfcomm_crc_table[f ^ data[2]];
200
201 return rfcomm_crc_table[f ^ fcs] != 0xcf;
202}
203
204/* ---- L2CAP callbacks ---- */
205static void rfcomm_l2state_change(struct sock *sk)
206{
207 BT_DBG("%p state %d", sk, sk->sk_state);
208 rfcomm_schedule(RFCOMM_SCHED_STATE);
209}
210
211static void rfcomm_l2data_ready(struct sock *sk, int bytes)
212{
213 BT_DBG("%p bytes %d", sk, bytes);
214 rfcomm_schedule(RFCOMM_SCHED_RX);
215}
216
217static int rfcomm_l2sock_create(struct socket **sock)
218{
219 int err;
220
221 BT_DBG("");
222
223 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
224 if (!err) {
225 struct sock *sk = (*sock)->sk;
226 sk->sk_data_ready = rfcomm_l2data_ready;
227 sk->sk_state_change = rfcomm_l2state_change;
228 }
229 return err;
230}
231
232/* ---- RFCOMM DLCs ---- */
233static void rfcomm_dlc_timeout(unsigned long arg)
234{
235 struct rfcomm_dlc *d = (void *) arg;
236
237 BT_DBG("dlc %p state %ld", d, d->state);
238
239 set_bit(RFCOMM_TIMED_OUT, &d->flags);
240 rfcomm_dlc_put(d);
241 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
242}
243
244static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
245{
246 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
247
248 if (!mod_timer(&d->timer, jiffies + timeout))
249 rfcomm_dlc_hold(d);
250}
251
252static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
253{
254 BT_DBG("dlc %p state %ld", d, d->state);
255
256 if (timer_pending(&d->timer) && del_timer(&d->timer))
257 rfcomm_dlc_put(d);
258}
259
260static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
261{
262 BT_DBG("%p", d);
263
264 d->state = BT_OPEN;
265 d->flags = 0;
266 d->mscex = 0;
267 d->mtu = RFCOMM_DEFAULT_MTU;
268 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
269
270 d->cfc = RFCOMM_CFC_DISABLED;
271 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
272}
273
Al Virodd0fc662005-10-07 07:46:04 +0100[diff] [blame]274struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]275{
276 struct rfcomm_dlc *d = kmalloc(sizeof(*d), prio);
277 if (!d)
278 return NULL;
279 memset(d, 0, sizeof(*d));
280
281 init_timer(&d->timer);
282 d->timer.function = rfcomm_dlc_timeout;
283 d->timer.data = (unsigned long) d;
284
285 skb_queue_head_init(&d->tx_queue);
286 spin_lock_init(&d->lock);
287 atomic_set(&d->refcnt, 1);
288
289 rfcomm_dlc_clear_state(d);
290
291 BT_DBG("%p", d);
292 return d;
293}
294
295void rfcomm_dlc_free(struct rfcomm_dlc *d)
296{
297 BT_DBG("%p", d);
298
299 skb_queue_purge(&d->tx_queue);
300 kfree(d);
301}
302
303static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
304{
305 BT_DBG("dlc %p session %p", d, s);
306
307 rfcomm_session_hold(s);
308
309 rfcomm_dlc_hold(d);
310 list_add(&d->list, &s->dlcs);
311 d->session = s;
312}
313
314static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
315{
316 struct rfcomm_session *s = d->session;
317
318 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
319
320 list_del(&d->list);
321 d->session = NULL;
322 rfcomm_dlc_put(d);
323
324 rfcomm_session_put(s);
325}
326
327static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
328{
329 struct rfcomm_dlc *d;
330 struct list_head *p;
331
332 list_for_each(p, &s->dlcs) {
333 d = list_entry(p, struct rfcomm_dlc, list);
334 if (d->dlci == dlci)
335 return d;
336 }
337 return NULL;
338}
339
340static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
341{
342 struct rfcomm_session *s;
343 int err = 0;
344 u8 dlci;
345
346 BT_DBG("dlc %p state %ld %s %s channel %d",
347 d, d->state, batostr(src), batostr(dst), channel);
348
349 if (channel < 1 || channel > 30)
350 return -EINVAL;
351
352 if (d->state != BT_OPEN && d->state != BT_CLOSED)
353 return 0;
354
355 s = rfcomm_session_get(src, dst);
356 if (!s) {
357 s = rfcomm_session_create(src, dst, &err);
358 if (!s)
359 return err;
360 }
361
362 dlci = __dlci(!s->initiator, channel);
363
364 /* Check if DLCI already exists */
365 if (rfcomm_dlc_get(s, dlci))
366 return -EBUSY;
367
368 rfcomm_dlc_clear_state(d);
369
370 d->dlci = dlci;
371 d->addr = __addr(s->initiator, dlci);
372 d->priority = 7;
373
374 d->state = BT_CONFIG;
375 rfcomm_dlc_link(s, d);
376
377 d->mtu = s->mtu;
378 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
379
380 if (s->state == BT_CONNECTED)
381 rfcomm_send_pn(s, 1, d);
382 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
383 return 0;
384}
385
386int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
387{
388 int r;
389
390 rfcomm_lock();
391
392 r = __rfcomm_dlc_open(d, src, dst, channel);
393
394 rfcomm_unlock();
395 return r;
396}
397
398static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
399{
400 struct rfcomm_session *s = d->session;
401 if (!s)
402 return 0;
403
404 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
405 d, d->state, d->dlci, err, s);
406
407 switch (d->state) {
408 case BT_CONNECTED:
409 case BT_CONFIG:
410 case BT_CONNECT:
411 d->state = BT_DISCONN;
412 if (skb_queue_empty(&d->tx_queue)) {
413 rfcomm_send_disc(s, d->dlci);
414 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
415 } else {
416 rfcomm_queue_disc(d);
417 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
418 }
419 break;
420
421 default:
422 rfcomm_dlc_clear_timer(d);
423
424 rfcomm_dlc_lock(d);
425 d->state = BT_CLOSED;
426 d->state_change(d, err);
427 rfcomm_dlc_unlock(d);
428
429 skb_queue_purge(&d->tx_queue);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]430 rfcomm_dlc_unlink(d);
431 }
432
433 return 0;
434}
435
436int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
437{
438 int r;
439
440 rfcomm_lock();
441
442 r = __rfcomm_dlc_close(d, err);
443
444 rfcomm_unlock();
445 return r;
446}
447
448int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
449{
450 int len = skb->len;
451
452 if (d->state != BT_CONNECTED)
453 return -ENOTCONN;
454
455 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
456
457 if (len > d->mtu)
458 return -EINVAL;
459
460 rfcomm_make_uih(skb, d->addr);
461 skb_queue_tail(&d->tx_queue, skb);
462
463 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
464 rfcomm_schedule(RFCOMM_SCHED_TX);
465 return len;
466}
467
468void fastcall __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
469{
470 BT_DBG("dlc %p state %ld", d, d->state);
471
472 if (!d->cfc) {
473 d->v24_sig |= RFCOMM_V24_FC;
474 set_bit(RFCOMM_MSC_PENDING, &d->flags);
475 }
476 rfcomm_schedule(RFCOMM_SCHED_TX);
477}
478
479void fastcall __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
480{
481 BT_DBG("dlc %p state %ld", d, d->state);
482
483 if (!d->cfc) {
484 d->v24_sig &= ~RFCOMM_V24_FC;
485 set_bit(RFCOMM_MSC_PENDING, &d->flags);
486 }
487 rfcomm_schedule(RFCOMM_SCHED_TX);
488}
489
490/*
491 Set/get modem status functions use _local_ status i.e. what we report
492 to the other side.
493 Remote status is provided by dlc->modem_status() callback.
494 */
495int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
496{
497 BT_DBG("dlc %p state %ld v24_sig 0x%x",
498 d, d->state, v24_sig);
499
500 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
501 v24_sig |= RFCOMM_V24_FC;
502 else
503 v24_sig &= ~RFCOMM_V24_FC;
504
505 d->v24_sig = v24_sig;
506
507 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
508 rfcomm_schedule(RFCOMM_SCHED_TX);
509
510 return 0;
511}
512
513int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
514{
515 BT_DBG("dlc %p state %ld v24_sig 0x%x",
516 d, d->state, d->v24_sig);
517
518 *v24_sig = d->v24_sig;
519 return 0;
520}
521
522/* ---- RFCOMM sessions ---- */
523static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
524{
525 struct rfcomm_session *s = kmalloc(sizeof(*s), GFP_KERNEL);
526 if (!s)
527 return NULL;
528 memset(s, 0, sizeof(*s));
529
530 BT_DBG("session %p sock %p", s, sock);
531
532 INIT_LIST_HEAD(&s->dlcs);
533 s->state = state;
534 s->sock = sock;
535
536 s->mtu = RFCOMM_DEFAULT_MTU;
Marcel Holtmann7c2660b2006-07-03 10:02:51 +0200[diff] [blame^]537 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]538
539 /* Do not increment module usage count for listening sessions.
540 * Otherwise we won't be able to unload the module. */
541 if (state != BT_LISTEN)
542 if (!try_module_get(THIS_MODULE)) {
543 kfree(s);
544 return NULL;
545 }
546
547 list_add(&s->list, &session_list);
548
549 return s;
550}
551
552static void rfcomm_session_del(struct rfcomm_session *s)
553{
554 int state = s->state;
555
556 BT_DBG("session %p state %ld", s, s->state);
557
558 list_del(&s->list);
559
560 if (state == BT_CONNECTED)
561 rfcomm_send_disc(s, 0);
562
563 sock_release(s->sock);
564 kfree(s);
565
566 if (state != BT_LISTEN)
567 module_put(THIS_MODULE);
568}
569
570static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
571{
572 struct rfcomm_session *s;
573 struct list_head *p, *n;
574 struct bt_sock *sk;
575 list_for_each_safe(p, n, &session_list) {
576 s = list_entry(p, struct rfcomm_session, list);
577 sk = bt_sk(s->sock->sk);
578
579 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
580 !bacmp(&sk->dst, dst))
581 return s;
582 }
583 return NULL;
584}
585
586static void rfcomm_session_close(struct rfcomm_session *s, int err)
587{
588 struct rfcomm_dlc *d;
589 struct list_head *p, *n;
590
591 BT_DBG("session %p state %ld err %d", s, s->state, err);
592
593 rfcomm_session_hold(s);
594
595 s->state = BT_CLOSED;
596
597 /* Close all dlcs */
598 list_for_each_safe(p, n, &s->dlcs) {
599 d = list_entry(p, struct rfcomm_dlc, list);
600 d->state = BT_CLOSED;
601 __rfcomm_dlc_close(d, err);
602 }
603
604 rfcomm_session_put(s);
605}
606
607static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
608{
609 struct rfcomm_session *s = NULL;
610 struct sockaddr_l2 addr;
611 struct socket *sock;
612 struct sock *sk;
613
614 BT_DBG("%s %s", batostr(src), batostr(dst));
615
616 *err = rfcomm_l2sock_create(&sock);
617 if (*err < 0)
618 return NULL;
619
620 bacpy(&addr.l2_bdaddr, src);
621 addr.l2_family = AF_BLUETOOTH;
622 addr.l2_psm = 0;
623 *err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
624 if (*err < 0)
625 goto failed;
626
627 /* Set L2CAP options */
628 sk = sock->sk;
629 lock_sock(sk);
Marcel Holtmann56f3a402006-02-13 11:39:57 +0100[diff] [blame]630 l2cap_pi(sk)->imtu = l2cap_mtu;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]631 release_sock(sk);
632
633 s = rfcomm_session_add(sock, BT_BOUND);
634 if (!s) {
635 *err = -ENOMEM;
636 goto failed;
637 }
638
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]639 s->initiator = 1;
640
641 bacpy(&addr.l2_bdaddr, dst);
642 addr.l2_family = AF_BLUETOOTH;
643 addr.l2_psm = htobs(RFCOMM_PSM);
644 *err = sock->ops->connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
645 if (*err == 0 || *err == -EAGAIN)
646 return s;
647
648 rfcomm_session_del(s);
649 return NULL;
650
651failed:
652 sock_release(sock);
653 return NULL;
654}
655
656void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
657{
658 struct sock *sk = s->sock->sk;
659 if (src)
660 bacpy(src, &bt_sk(sk)->src);
661 if (dst)
662 bacpy(dst, &bt_sk(sk)->dst);
663}
664
665/* ---- RFCOMM frame sending ---- */
666static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
667{
668 struct socket *sock = s->sock;
669 struct kvec iv = { data, len };
670 struct msghdr msg;
671
672 BT_DBG("session %p len %d", s, len);
673
674 memset(&msg, 0, sizeof(msg));
675
676 return kernel_sendmsg(sock, &msg, &iv, 1, len);
677}
678
679static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
680{
681 struct rfcomm_cmd cmd;
682
683 BT_DBG("%p dlci %d", s, dlci);
684
685 cmd.addr = __addr(s->initiator, dlci);
686 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
687 cmd.len = __len8(0);
688 cmd.fcs = __fcs2((u8 *) &cmd);
689
690 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
691}
692
693static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
694{
695 struct rfcomm_cmd cmd;
696
697 BT_DBG("%p dlci %d", s, dlci);
698
699 cmd.addr = __addr(!s->initiator, dlci);
700 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
701 cmd.len = __len8(0);
702 cmd.fcs = __fcs2((u8 *) &cmd);
703
704 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
705}
706
707static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
708{
709 struct rfcomm_cmd cmd;
710
711 BT_DBG("%p dlci %d", s, dlci);
712
713 cmd.addr = __addr(s->initiator, dlci);
714 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
715 cmd.len = __len8(0);
716 cmd.fcs = __fcs2((u8 *) &cmd);
717
718 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
719}
720
721static int rfcomm_queue_disc(struct rfcomm_dlc *d)
722{
723 struct rfcomm_cmd *cmd;
724 struct sk_buff *skb;
725
726 BT_DBG("dlc %p dlci %d", d, d->dlci);
727
728 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
729 if (!skb)
730 return -ENOMEM;
731
732 cmd = (void *) __skb_put(skb, sizeof(*cmd));
733 cmd->addr = d->addr;
734 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
735 cmd->len = __len8(0);
736 cmd->fcs = __fcs2((u8 *) cmd);
737
738 skb_queue_tail(&d->tx_queue, skb);
739 rfcomm_schedule(RFCOMM_SCHED_TX);
740 return 0;
741}
742
743static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
744{
745 struct rfcomm_cmd cmd;
746
747 BT_DBG("%p dlci %d", s, dlci);
748
749 cmd.addr = __addr(!s->initiator, dlci);
750 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
751 cmd.len = __len8(0);
752 cmd.fcs = __fcs2((u8 *) &cmd);
753
754 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
755}
756
757static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
758{
759 struct rfcomm_hdr *hdr;
760 struct rfcomm_mcc *mcc;
761 u8 buf[16], *ptr = buf;
762
763 BT_DBG("%p cr %d type %d", s, cr, type);
764
765 hdr = (void *) ptr; ptr += sizeof(*hdr);
766 hdr->addr = __addr(s->initiator, 0);
767 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
768 hdr->len = __len8(sizeof(*mcc) + 1);
769
770 mcc = (void *) ptr; ptr += sizeof(*mcc);
771 mcc->type = __mcc_type(cr, RFCOMM_NSC);
772 mcc->len = __len8(1);
773
774 /* Type that we didn't like */
775 *ptr = __mcc_type(cr, type); ptr++;
776
777 *ptr = __fcs(buf); ptr++;
778
779 return rfcomm_send_frame(s, buf, ptr - buf);
780}
781
782static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
783{
784 struct rfcomm_hdr *hdr;
785 struct rfcomm_mcc *mcc;
786 struct rfcomm_pn *pn;
787 u8 buf[16], *ptr = buf;
788
789 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
790
791 hdr = (void *) ptr; ptr += sizeof(*hdr);
792 hdr->addr = __addr(s->initiator, 0);
793 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
794 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
795
796 mcc = (void *) ptr; ptr += sizeof(*mcc);
797 mcc->type = __mcc_type(cr, RFCOMM_PN);
798 mcc->len = __len8(sizeof(*pn));
799
800 pn = (void *) ptr; ptr += sizeof(*pn);
801 pn->dlci = d->dlci;
802 pn->priority = d->priority;
803 pn->ack_timer = 0;
804 pn->max_retrans = 0;
805
806 if (s->cfc) {
807 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
808 pn->credits = RFCOMM_DEFAULT_CREDITS;
809 } else {
810 pn->flow_ctrl = 0;
811 pn->credits = 0;
812 }
813
814 pn->mtu = htobs(d->mtu);
815
816 *ptr = __fcs(buf); ptr++;
817
818 return rfcomm_send_frame(s, buf, ptr - buf);
819}
820
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]821int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
822 u8 bit_rate, u8 data_bits, u8 stop_bits,
823 u8 parity, u8 flow_ctrl_settings,
824 u8 xon_char, u8 xoff_char, u16 param_mask)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]825{
826 struct rfcomm_hdr *hdr;
827 struct rfcomm_mcc *mcc;
828 struct rfcomm_rpn *rpn;
829 u8 buf[16], *ptr = buf;
830
831 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]832 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
833 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
834 flow_ctrl_settings, xon_char, xoff_char, param_mask);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]835
836 hdr = (void *) ptr; ptr += sizeof(*hdr);
837 hdr->addr = __addr(s->initiator, 0);
838 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
839 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
840
841 mcc = (void *) ptr; ptr += sizeof(*mcc);
842 mcc->type = __mcc_type(cr, RFCOMM_RPN);
843 mcc->len = __len8(sizeof(*rpn));
844
845 rpn = (void *) ptr; ptr += sizeof(*rpn);
846 rpn->dlci = __addr(1, dlci);
847 rpn->bit_rate = bit_rate;
848 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
849 rpn->flow_ctrl = flow_ctrl_settings;
850 rpn->xon_char = xon_char;
851 rpn->xoff_char = xoff_char;
852 rpn->param_mask = param_mask;
853
854 *ptr = __fcs(buf); ptr++;
855
856 return rfcomm_send_frame(s, buf, ptr - buf);
857}
858
859static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
860{
861 struct rfcomm_hdr *hdr;
862 struct rfcomm_mcc *mcc;
863 struct rfcomm_rls *rls;
864 u8 buf[16], *ptr = buf;
865
866 BT_DBG("%p cr %d status 0x%x", s, cr, status);
867
868 hdr = (void *) ptr; ptr += sizeof(*hdr);
869 hdr->addr = __addr(s->initiator, 0);
870 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
871 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
872
873 mcc = (void *) ptr; ptr += sizeof(*mcc);
874 mcc->type = __mcc_type(cr, RFCOMM_RLS);
875 mcc->len = __len8(sizeof(*rls));
876
877 rls = (void *) ptr; ptr += sizeof(*rls);
878 rls->dlci = __addr(1, dlci);
879 rls->status = status;
880
881 *ptr = __fcs(buf); ptr++;
882
883 return rfcomm_send_frame(s, buf, ptr - buf);
884}
885
886static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
887{
888 struct rfcomm_hdr *hdr;
889 struct rfcomm_mcc *mcc;
890 struct rfcomm_msc *msc;
891 u8 buf[16], *ptr = buf;
892
893 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
894
895 hdr = (void *) ptr; ptr += sizeof(*hdr);
896 hdr->addr = __addr(s->initiator, 0);
897 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
898 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
899
900 mcc = (void *) ptr; ptr += sizeof(*mcc);
901 mcc->type = __mcc_type(cr, RFCOMM_MSC);
902 mcc->len = __len8(sizeof(*msc));
903
904 msc = (void *) ptr; ptr += sizeof(*msc);
905 msc->dlci = __addr(1, dlci);
906 msc->v24_sig = v24_sig | 0x01;
907
908 *ptr = __fcs(buf); ptr++;
909
910 return rfcomm_send_frame(s, buf, ptr - buf);
911}
912
913static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
914{
915 struct rfcomm_hdr *hdr;
916 struct rfcomm_mcc *mcc;
917 u8 buf[16], *ptr = buf;
918
919 BT_DBG("%p cr %d", s, cr);
920
921 hdr = (void *) ptr; ptr += sizeof(*hdr);
922 hdr->addr = __addr(s->initiator, 0);
923 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
924 hdr->len = __len8(sizeof(*mcc));
925
926 mcc = (void *) ptr; ptr += sizeof(*mcc);
927 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
928 mcc->len = __len8(0);
929
930 *ptr = __fcs(buf); ptr++;
931
932 return rfcomm_send_frame(s, buf, ptr - buf);
933}
934
935static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
936{
937 struct rfcomm_hdr *hdr;
938 struct rfcomm_mcc *mcc;
939 u8 buf[16], *ptr = buf;
940
941 BT_DBG("%p cr %d", s, cr);
942
943 hdr = (void *) ptr; ptr += sizeof(*hdr);
944 hdr->addr = __addr(s->initiator, 0);
945 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
946 hdr->len = __len8(sizeof(*mcc));
947
948 mcc = (void *) ptr; ptr += sizeof(*mcc);
949 mcc->type = __mcc_type(cr, RFCOMM_FCON);
950 mcc->len = __len8(0);
951
952 *ptr = __fcs(buf); ptr++;
953
954 return rfcomm_send_frame(s, buf, ptr - buf);
955}
956
957static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
958{
959 struct socket *sock = s->sock;
960 struct kvec iv[3];
961 struct msghdr msg;
962 unsigned char hdr[5], crc[1];
963
964 if (len > 125)
965 return -EINVAL;
966
967 BT_DBG("%p cr %d", s, cr);
968
969 hdr[0] = __addr(s->initiator, 0);
970 hdr[1] = __ctrl(RFCOMM_UIH, 0);
971 hdr[2] = 0x01 | ((len + 2) << 1);
972 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
973 hdr[4] = 0x01 | (len << 1);
974
975 crc[0] = __fcs(hdr);
976
977 iv[0].iov_base = hdr;
978 iv[0].iov_len = 5;
979 iv[1].iov_base = pattern;
980 iv[1].iov_len = len;
981 iv[2].iov_base = crc;
982 iv[2].iov_len = 1;
983
984 memset(&msg, 0, sizeof(msg));
985
986 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
987}
988
989static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
990{
991 struct rfcomm_hdr *hdr;
992 u8 buf[16], *ptr = buf;
993
994 BT_DBG("%p addr %d credits %d", s, addr, credits);
995
996 hdr = (void *) ptr; ptr += sizeof(*hdr);
997 hdr->addr = addr;
998 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
999 hdr->len = __len8(0);
1000
1001 *ptr = credits; ptr++;
1002
1003 *ptr = __fcs(buf); ptr++;
1004
1005 return rfcomm_send_frame(s, buf, ptr - buf);
1006}
1007
1008static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1009{
1010 struct rfcomm_hdr *hdr;
1011 int len = skb->len;
1012 u8 *crc;
1013
1014 if (len > 127) {
1015 hdr = (void *) skb_push(skb, 4);
1016 put_unaligned(htobs(__len16(len)), (u16 *) &hdr->len);
1017 } else {
1018 hdr = (void *) skb_push(skb, 3);
1019 hdr->len = __len8(len);
1020 }
1021 hdr->addr = addr;
1022 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1023
1024 crc = skb_put(skb, 1);
1025 *crc = __fcs((void *) hdr);
1026}
1027
1028/* ---- RFCOMM frame reception ---- */
1029static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1030{
1031 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1032
1033 if (dlci) {
1034 /* Data channel */
1035 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1036 if (!d) {
1037 rfcomm_send_dm(s, dlci);
1038 return 0;
1039 }
1040
1041 switch (d->state) {
1042 case BT_CONNECT:
1043 rfcomm_dlc_clear_timer(d);
1044
1045 rfcomm_dlc_lock(d);
1046 d->state = BT_CONNECTED;
1047 d->state_change(d, 0);
1048 rfcomm_dlc_unlock(d);
1049
1050 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1051 break;
1052
1053 case BT_DISCONN:
1054 d->state = BT_CLOSED;
1055 __rfcomm_dlc_close(d, 0);
1056 break;
1057 }
1058 } else {
1059 /* Control channel */
1060 switch (s->state) {
1061 case BT_CONNECT:
1062 s->state = BT_CONNECTED;
1063 rfcomm_process_connect(s);
1064 break;
1065 }
1066 }
1067 return 0;
1068}
1069
1070static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1071{
1072 int err = 0;
1073
1074 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1075
1076 if (dlci) {
1077 /* Data DLC */
1078 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1079 if (d) {
1080 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1081 err = ECONNREFUSED;
1082 else
1083 err = ECONNRESET;
1084
1085 d->state = BT_CLOSED;
1086 __rfcomm_dlc_close(d, err);
1087 }
1088 } else {
1089 if (s->state == BT_CONNECT)
1090 err = ECONNREFUSED;
1091 else
1092 err = ECONNRESET;
1093
1094 s->state = BT_CLOSED;
1095 rfcomm_session_close(s, err);
1096 }
1097 return 0;
1098}
1099
1100static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1101{
1102 int err = 0;
1103
1104 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1105
1106 if (dlci) {
1107 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1108 if (d) {
1109 rfcomm_send_ua(s, dlci);
1110
1111 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1112 err = ECONNREFUSED;
1113 else
1114 err = ECONNRESET;
1115
1116 d->state = BT_CLOSED;
1117 __rfcomm_dlc_close(d, err);
1118 } else
1119 rfcomm_send_dm(s, dlci);
1120
1121 } else {
1122 rfcomm_send_ua(s, 0);
1123
1124 if (s->state == BT_CONNECT)
1125 err = ECONNREFUSED;
1126 else
1127 err = ECONNRESET;
1128
1129 s->state = BT_CLOSED;
1130 rfcomm_session_close(s, err);
1131 }
1132
1133 return 0;
1134}
1135
1136static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
1137{
1138 struct sock *sk = d->session->sock->sk;
1139
1140 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
1141 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
1142 return 1;
1143 } else if (d->link_mode & RFCOMM_LM_AUTH) {
1144 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
1145 return 1;
1146 }
1147
1148 return 0;
1149}
1150
1151static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1152{
1153 BT_DBG("dlc %p", d);
1154
1155 rfcomm_send_ua(d->session, d->dlci);
1156
1157 rfcomm_dlc_lock(d);
1158 d->state = BT_CONNECTED;
1159 d->state_change(d, 0);
1160 rfcomm_dlc_unlock(d);
1161
1162 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1163}
1164
1165static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1166{
1167 struct rfcomm_dlc *d;
1168 u8 channel;
1169
1170 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1171
1172 if (!dlci) {
1173 rfcomm_send_ua(s, 0);
1174
1175 if (s->state == BT_OPEN) {
1176 s->state = BT_CONNECTED;
1177 rfcomm_process_connect(s);
1178 }
1179 return 0;
1180 }
1181
1182 /* Check if DLC exists */
1183 d = rfcomm_dlc_get(s, dlci);
1184 if (d) {
1185 if (d->state == BT_OPEN) {
1186 /* DLC was previously opened by PN request */
1187 if (rfcomm_check_link_mode(d)) {
1188 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1189 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1190 return 0;
1191 }
1192
1193 rfcomm_dlc_accept(d);
1194 }
1195 return 0;
1196 }
1197
1198 /* Notify socket layer about incoming connection */
1199 channel = __srv_channel(dlci);
1200 if (rfcomm_connect_ind(s, channel, &d)) {
1201 d->dlci = dlci;
1202 d->addr = __addr(s->initiator, dlci);
1203 rfcomm_dlc_link(s, d);
1204
1205 if (rfcomm_check_link_mode(d)) {
1206 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1207 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1208 return 0;
1209 }
1210
1211 rfcomm_dlc_accept(d);
1212 } else {
1213 rfcomm_send_dm(s, dlci);
1214 }
1215
1216 return 0;
1217}
1218
1219static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1220{
1221 struct rfcomm_session *s = d->session;
1222
1223 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1224 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1225
Marcel Holtmann7c2660b2006-07-03 10:02:51 +0200[diff] [blame^]1226 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1227 pn->flow_ctrl == 0xe0) {
1228 d->cfc = RFCOMM_CFC_ENABLED;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1229 d->tx_credits = pn->credits;
1230 } else {
Marcel Holtmann7c2660b2006-07-03 10:02:51 +0200[diff] [blame^]1231 d->cfc = RFCOMM_CFC_DISABLED;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1232 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1233 }
1234
Marcel Holtmann7c2660b2006-07-03 10:02:51 +0200[diff] [blame^]1235 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1236 s->cfc = d->cfc;
1237
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1238 d->priority = pn->priority;
1239
1240 d->mtu = s->mtu = btohs(pn->mtu);
1241
1242 return 0;
1243}
1244
1245static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1246{
1247 struct rfcomm_pn *pn = (void *) skb->data;
1248 struct rfcomm_dlc *d;
1249 u8 dlci = pn->dlci;
1250
1251 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1252
1253 if (!dlci)
1254 return 0;
1255
1256 d = rfcomm_dlc_get(s, dlci);
1257 if (d) {
1258 if (cr) {
1259 /* PN request */
1260 rfcomm_apply_pn(d, cr, pn);
1261 rfcomm_send_pn(s, 0, d);
1262 } else {
1263 /* PN response */
1264 switch (d->state) {
1265 case BT_CONFIG:
1266 rfcomm_apply_pn(d, cr, pn);
1267
1268 d->state = BT_CONNECT;
1269 rfcomm_send_sabm(s, d->dlci);
1270 break;
1271 }
1272 }
1273 } else {
1274 u8 channel = __srv_channel(dlci);
1275
1276 if (!cr)
1277 return 0;
1278
1279 /* PN request for non existing DLC.
1280 * Assume incoming connection. */
1281 if (rfcomm_connect_ind(s, channel, &d)) {
1282 d->dlci = dlci;
1283 d->addr = __addr(s->initiator, dlci);
1284 rfcomm_dlc_link(s, d);
1285
1286 rfcomm_apply_pn(d, cr, pn);
1287
1288 d->state = BT_OPEN;
1289 rfcomm_send_pn(s, 0, d);
1290 } else {
1291 rfcomm_send_dm(s, dlci);
1292 }
1293 }
1294 return 0;
1295}
1296
1297static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1298{
1299 struct rfcomm_rpn *rpn = (void *) skb->data;
1300 u8 dlci = __get_dlci(rpn->dlci);
1301
1302 u8 bit_rate = 0;
1303 u8 data_bits = 0;
1304 u8 stop_bits = 0;
1305 u8 parity = 0;
1306 u8 flow_ctrl = 0;
1307 u8 xon_char = 0;
1308 u8 xoff_char = 0;
1309 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1310
1311 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1312 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1313 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1314
1315 if (!cr)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1316 return 0;
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1317
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1318 if (len == 1) {
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1319 /* This is a request, return default settings */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1320 bit_rate = RFCOMM_RPN_BR_115200;
1321 data_bits = RFCOMM_RPN_DATA_8;
1322 stop_bits = RFCOMM_RPN_STOP_1;
1323 parity = RFCOMM_RPN_PARITY_NONE;
1324 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1325 xon_char = RFCOMM_RPN_XON_CHAR;
1326 xoff_char = RFCOMM_RPN_XOFF_CHAR;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1327 goto rpn_out;
1328 }
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1329
1330 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1331 * no parity, no flow control lines, normal XON/XOFF chars */
1332
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1333 if (rpn->param_mask & RFCOMM_RPN_PM_BITRATE) {
1334 bit_rate = rpn->bit_rate;
1335 if (bit_rate != RFCOMM_RPN_BR_115200) {
1336 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1337 bit_rate = RFCOMM_RPN_BR_115200;
1338 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1339 }
1340 }
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1341
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1342 if (rpn->param_mask & RFCOMM_RPN_PM_DATA) {
1343 data_bits = __get_rpn_data_bits(rpn->line_settings);
1344 if (data_bits != RFCOMM_RPN_DATA_8) {
1345 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1346 data_bits = RFCOMM_RPN_DATA_8;
1347 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1348 }
1349 }
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1350
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1351 if (rpn->param_mask & RFCOMM_RPN_PM_STOP) {
1352 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1353 if (stop_bits != RFCOMM_RPN_STOP_1) {
1354 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1355 stop_bits = RFCOMM_RPN_STOP_1;
1356 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1357 }
1358 }
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1359
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1360 if (rpn->param_mask & RFCOMM_RPN_PM_PARITY) {
1361 parity = __get_rpn_parity(rpn->line_settings);
1362 if (parity != RFCOMM_RPN_PARITY_NONE) {
1363 BT_DBG("RPN parity mismatch 0x%x", parity);
1364 parity = RFCOMM_RPN_PARITY_NONE;
1365 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1366 }
1367 }
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1368
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1369 if (rpn->param_mask & RFCOMM_RPN_PM_FLOW) {
1370 flow_ctrl = rpn->flow_ctrl;
1371 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1372 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1373 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1374 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1375 }
1376 }
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1377
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1378 if (rpn->param_mask & RFCOMM_RPN_PM_XON) {
1379 xon_char = rpn->xon_char;
1380 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1381 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1382 xon_char = RFCOMM_RPN_XON_CHAR;
1383 rpn_mask ^= RFCOMM_RPN_PM_XON;
1384 }
1385 }
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1386
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1387 if (rpn->param_mask & RFCOMM_RPN_PM_XOFF) {
1388 xoff_char = rpn->xoff_char;
1389 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1390 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1391 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1392 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1393 }
1394 }
1395
1396rpn_out:
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1397 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1398 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1399
1400 return 0;
1401}
1402
1403static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1404{
1405 struct rfcomm_rls *rls = (void *) skb->data;
1406 u8 dlci = __get_dlci(rls->dlci);
1407
1408 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1409
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1410 if (!cr)
1411 return 0;
1412
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1413 /* We should probably do something with this information here. But
1414 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1415 * mandatory to recognise and respond to RLS */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1416
1417 rfcomm_send_rls(s, 0, dlci, rls->status);
1418
1419 return 0;
1420}
1421
1422static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1423{
1424 struct rfcomm_msc *msc = (void *) skb->data;
1425 struct rfcomm_dlc *d;
1426 u8 dlci = __get_dlci(msc->dlci);
1427
1428 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1429
1430 d = rfcomm_dlc_get(s, dlci);
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1431 if (!d)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1432 return 0;
1433
1434 if (cr) {
1435 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1436 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1437 else
1438 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1439
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1440 rfcomm_dlc_lock(d);
1441 if (d->modem_status)
1442 d->modem_status(d, msc->v24_sig);
1443 rfcomm_dlc_unlock(d);
1444
1445 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1446
1447 d->mscex |= RFCOMM_MSCEX_RX;
J. Suter3a5e9032005-08-09 20:28:46 -0700[diff] [blame]1448 } else
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1449 d->mscex |= RFCOMM_MSCEX_TX;
1450
1451 return 0;
1452}
1453
1454static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1455{
1456 struct rfcomm_mcc *mcc = (void *) skb->data;
1457 u8 type, cr, len;
1458
1459 cr = __test_cr(mcc->type);
1460 type = __get_mcc_type(mcc->type);
1461 len = __get_mcc_len(mcc->len);
1462
1463 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1464
1465 skb_pull(skb, 2);
1466
1467 switch (type) {
1468 case RFCOMM_PN:
1469 rfcomm_recv_pn(s, cr, skb);
1470 break;
1471
1472 case RFCOMM_RPN:
1473 rfcomm_recv_rpn(s, cr, len, skb);
1474 break;
1475
1476 case RFCOMM_RLS:
1477 rfcomm_recv_rls(s, cr, skb);
1478 break;
1479
1480 case RFCOMM_MSC:
1481 rfcomm_recv_msc(s, cr, skb);
1482 break;
1483
1484 case RFCOMM_FCOFF:
1485 if (cr) {
1486 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1487 rfcomm_send_fcoff(s, 0);
1488 }
1489 break;
1490
1491 case RFCOMM_FCON:
1492 if (cr) {
1493 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1494 rfcomm_send_fcon(s, 0);
1495 }
1496 break;
1497
1498 case RFCOMM_TEST:
1499 if (cr)
1500 rfcomm_send_test(s, 0, skb->data, skb->len);
1501 break;
1502
1503 case RFCOMM_NSC:
1504 break;
1505
1506 default:
1507 BT_ERR("Unknown control type 0x%02x", type);
1508 rfcomm_send_nsc(s, cr, type);
1509 break;
1510 }
1511 return 0;
1512}
1513
1514static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1515{
1516 struct rfcomm_dlc *d;
1517
1518 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1519
1520 d = rfcomm_dlc_get(s, dlci);
1521 if (!d) {
1522 rfcomm_send_dm(s, dlci);
1523 goto drop;
1524 }
1525
1526 if (pf && d->cfc) {
1527 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1528
1529 d->tx_credits += credits;
1530 if (d->tx_credits)
1531 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1532 }
1533
1534 if (skb->len && d->state == BT_CONNECTED) {
1535 rfcomm_dlc_lock(d);
1536 d->rx_credits--;
1537 d->data_ready(d, skb);
1538 rfcomm_dlc_unlock(d);
1539 return 0;
1540 }
1541
1542drop:
1543 kfree_skb(skb);
1544 return 0;
1545}
1546
1547static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1548{
1549 struct rfcomm_hdr *hdr = (void *) skb->data;
1550 u8 type, dlci, fcs;
1551
1552 dlci = __get_dlci(hdr->addr);
1553 type = __get_type(hdr->ctrl);
1554
1555 /* Trim FCS */
1556 skb->len--; skb->tail--;
1557 fcs = *(u8 *) skb->tail;
1558
1559 if (__check_fcs(skb->data, type, fcs)) {
1560 BT_ERR("bad checksum in packet");
1561 kfree_skb(skb);
1562 return -EILSEQ;
1563 }
1564
1565 if (__test_ea(hdr->len))
1566 skb_pull(skb, 3);
1567 else
1568 skb_pull(skb, 4);
1569
1570 switch (type) {
1571 case RFCOMM_SABM:
1572 if (__test_pf(hdr->ctrl))
1573 rfcomm_recv_sabm(s, dlci);
1574 break;
1575
1576 case RFCOMM_DISC:
1577 if (__test_pf(hdr->ctrl))
1578 rfcomm_recv_disc(s, dlci);
1579 break;
1580
1581 case RFCOMM_UA:
1582 if (__test_pf(hdr->ctrl))
1583 rfcomm_recv_ua(s, dlci);
1584 break;
1585
1586 case RFCOMM_DM:
1587 rfcomm_recv_dm(s, dlci);
1588 break;
1589
1590 case RFCOMM_UIH:
1591 if (dlci)
1592 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1593
1594 rfcomm_recv_mcc(s, skb);
1595 break;
1596
1597 default:
1598 BT_ERR("Unknown packet type 0x%02x\n", type);
1599 break;
1600 }
1601 kfree_skb(skb);
1602 return 0;
1603}
1604
1605/* ---- Connection and data processing ---- */
1606
1607static void rfcomm_process_connect(struct rfcomm_session *s)
1608{
1609 struct rfcomm_dlc *d;
1610 struct list_head *p, *n;
1611
1612 BT_DBG("session %p state %ld", s, s->state);
1613
1614 list_for_each_safe(p, n, &s->dlcs) {
1615 d = list_entry(p, struct rfcomm_dlc, list);
1616 if (d->state == BT_CONFIG) {
1617 d->mtu = s->mtu;
1618 rfcomm_send_pn(s, 1, d);
1619 }
1620 }
1621}
1622
1623/* Send data queued for the DLC.
1624 * Return number of frames left in the queue.
1625 */
1626static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1627{
1628 struct sk_buff *skb;
1629 int err;
1630
1631 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1632 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1633
1634 /* Send pending MSC */
1635 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1636 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1637
1638 if (d->cfc) {
1639 /* CFC enabled.
1640 * Give them some credits */
1641 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1642 d->rx_credits <= (d->cfc >> 2)) {
1643 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1644 d->rx_credits = d->cfc;
1645 }
1646 } else {
1647 /* CFC disabled.
1648 * Give ourselves some credits */
1649 d->tx_credits = 5;
1650 }
1651
1652 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1653 return skb_queue_len(&d->tx_queue);
1654
1655 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1656 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1657 if (err < 0) {
1658 skb_queue_head(&d->tx_queue, skb);
1659 break;
1660 }
1661 kfree_skb(skb);
1662 d->tx_credits--;
1663 }
1664
1665 if (d->cfc && !d->tx_credits) {
1666 /* We're out of TX credits.
1667 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1668 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1669 }
1670
1671 return skb_queue_len(&d->tx_queue);
1672}
1673
1674static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1675{
1676 struct rfcomm_dlc *d;
1677 struct list_head *p, *n;
1678
1679 BT_DBG("session %p state %ld", s, s->state);
1680
1681 list_for_each_safe(p, n, &s->dlcs) {
1682 d = list_entry(p, struct rfcomm_dlc, list);
1683
1684 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1685 __rfcomm_dlc_close(d, ETIMEDOUT);
1686 continue;
1687 }
1688
1689 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1690 rfcomm_dlc_clear_timer(d);
1691 rfcomm_dlc_accept(d);
1692 if (d->link_mode & RFCOMM_LM_SECURE) {
1693 struct sock *sk = s->sock->sk;
1694 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
1695 }
1696 continue;
1697 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1698 rfcomm_dlc_clear_timer(d);
1699 rfcomm_send_dm(s, d->dlci);
1700 __rfcomm_dlc_close(d, ECONNREFUSED);
1701 continue;
1702 }
1703
1704 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1705 continue;
1706
1707 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1708 d->mscex == RFCOMM_MSCEX_OK)
1709 rfcomm_process_tx(d);
1710 }
1711}
1712
1713static inline void rfcomm_process_rx(struct rfcomm_session *s)
1714{
1715 struct socket *sock = s->sock;
1716 struct sock *sk = sock->sk;
1717 struct sk_buff *skb;
1718
1719 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1720
1721 /* Get data directly from socket receive queue without copying it. */
1722 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1723 skb_orphan(skb);
1724 rfcomm_recv_frame(s, skb);
1725 }
1726
1727 if (sk->sk_state == BT_CLOSED) {
1728 if (!s->initiator)
1729 rfcomm_session_put(s);
1730
1731 rfcomm_session_close(s, sk->sk_err);
1732 }
1733}
1734
1735static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1736{
1737 struct socket *sock = s->sock, *nsock;
1738 int err;
1739
1740 /* Fast check for a new connection.
1741 * Avoids unnesesary socket allocations. */
1742 if (list_empty(&bt_sk(sock->sk)->accept_q))
1743 return;
1744
1745 BT_DBG("session %p", s);
1746
1747 if (sock_create_lite(PF_BLUETOOTH, sock->type, BTPROTO_L2CAP, &nsock))
1748 return;
1749
1750 nsock->ops = sock->ops;
1751
1752 __module_get(nsock->ops->owner);
1753
1754 err = sock->ops->accept(sock, nsock, O_NONBLOCK);
1755 if (err < 0) {
1756 sock_release(nsock);
1757 return;
1758 }
1759
1760 /* Set our callbacks */
1761 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1762 nsock->sk->sk_state_change = rfcomm_l2state_change;
1763
1764 s = rfcomm_session_add(nsock, BT_OPEN);
1765 if (s) {
1766 rfcomm_session_hold(s);
1767 rfcomm_schedule(RFCOMM_SCHED_RX);
1768 } else
1769 sock_release(nsock);
1770}
1771
1772static inline void rfcomm_check_connection(struct rfcomm_session *s)
1773{
1774 struct sock *sk = s->sock->sk;
1775
1776 BT_DBG("%p state %ld", s, s->state);
1777
1778 switch(sk->sk_state) {
1779 case BT_CONNECTED:
1780 s->state = BT_CONNECT;
1781
1782 /* We can adjust MTU on outgoing sessions.
1783 * L2CAP MTU minus UIH header and FCS. */
1784 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1785
1786 rfcomm_send_sabm(s, 0);
1787 break;
1788
1789 case BT_CLOSED:
1790 s->state = BT_CLOSED;
1791 rfcomm_session_close(s, sk->sk_err);
1792 break;
1793 }
1794}
1795
1796static inline void rfcomm_process_sessions(void)
1797{
1798 struct list_head *p, *n;
1799
1800 rfcomm_lock();
1801
1802 list_for_each_safe(p, n, &session_list) {
1803 struct rfcomm_session *s;
1804 s = list_entry(p, struct rfcomm_session, list);
1805
1806 if (s->state == BT_LISTEN) {
1807 rfcomm_accept_connection(s);
1808 continue;
1809 }
1810
1811 rfcomm_session_hold(s);
1812
1813 switch (s->state) {
1814 case BT_BOUND:
1815 rfcomm_check_connection(s);
1816 break;
1817
1818 default:
1819 rfcomm_process_rx(s);
1820 break;
1821 }
1822
1823 rfcomm_process_dlcs(s);
1824
1825 rfcomm_session_put(s);
1826 }
1827
1828 rfcomm_unlock();
1829}
1830
1831static void rfcomm_worker(void)
1832{
1833 BT_DBG("");
1834
1835 while (!atomic_read(&terminate)) {
1836 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1837 /* No pending events. Let's sleep.
1838 * Incoming connections and data will wake us up. */
1839 set_current_state(TASK_INTERRUPTIBLE);
1840 schedule();
1841 }
1842
1843 /* Process stuff */
1844 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1845 rfcomm_process_sessions();
1846 }
1847 set_current_state(TASK_RUNNING);
1848 return;
1849}
1850
1851static int rfcomm_add_listener(bdaddr_t *ba)
1852{
1853 struct sockaddr_l2 addr;
1854 struct socket *sock;
1855 struct sock *sk;
1856 struct rfcomm_session *s;
1857 int err = 0;
1858
1859 /* Create socket */
1860 err = rfcomm_l2sock_create(&sock);
1861 if (err < 0) {
1862 BT_ERR("Create socket failed %d", err);
1863 return err;
1864 }
1865
1866 /* Bind socket */
1867 bacpy(&addr.l2_bdaddr, ba);
1868 addr.l2_family = AF_BLUETOOTH;
1869 addr.l2_psm = htobs(RFCOMM_PSM);
1870 err = sock->ops->bind(sock, (struct sockaddr *) &addr, sizeof(addr));
1871 if (err < 0) {
1872 BT_ERR("Bind failed %d", err);
1873 goto failed;
1874 }
1875
1876 /* Set L2CAP options */
1877 sk = sock->sk;
1878 lock_sock(sk);
Marcel Holtmann56f3a402006-02-13 11:39:57 +0100[diff] [blame]1879 l2cap_pi(sk)->imtu = l2cap_mtu;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1880 release_sock(sk);
1881
1882 /* Start listening on the socket */
1883 err = sock->ops->listen(sock, 10);
1884 if (err) {
1885 BT_ERR("Listen failed %d", err);
1886 goto failed;
1887 }
1888
1889 /* Add listening session */
1890 s = rfcomm_session_add(sock, BT_LISTEN);
1891 if (!s)
1892 goto failed;
1893
1894 rfcomm_session_hold(s);
1895 return 0;
1896failed:
1897 sock_release(sock);
1898 return err;
1899}
1900
1901static void rfcomm_kill_listener(void)
1902{
1903 struct rfcomm_session *s;
1904 struct list_head *p, *n;
1905
1906 BT_DBG("");
1907
1908 list_for_each_safe(p, n, &session_list) {
1909 s = list_entry(p, struct rfcomm_session, list);
1910 rfcomm_session_del(s);
1911 }
1912}
1913
1914static int rfcomm_run(void *unused)
1915{
1916 rfcomm_thread = current;
1917
1918 atomic_inc(&running);
1919
1920 daemonize("krfcommd");
1921 set_user_nice(current, -10);
1922 current->flags |= PF_NOFREEZE;
1923
1924 BT_DBG("");
1925
1926 rfcomm_add_listener(BDADDR_ANY);
1927
1928 rfcomm_worker();
1929
1930 rfcomm_kill_listener();
1931
1932 atomic_dec(&running);
1933 return 0;
1934}
1935
1936static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
1937{
1938 struct rfcomm_session *s;
1939 struct rfcomm_dlc *d;
1940 struct list_head *p, *n;
1941
1942 BT_DBG("conn %p status 0x%02x", conn, status);
1943
1944 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1945 if (!s)
1946 return;
1947
1948 rfcomm_session_hold(s);
1949
1950 list_for_each_safe(p, n, &s->dlcs) {
1951 d = list_entry(p, struct rfcomm_dlc, list);
1952
1953 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE))
1954 continue;
1955
1956 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1957 continue;
1958
1959 if (!status)
1960 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1961 else
1962 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1963 }
1964
1965 rfcomm_session_put(s);
1966
1967 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1968}
1969
1970static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1971{
1972 struct rfcomm_session *s;
1973 struct rfcomm_dlc *d;
1974 struct list_head *p, *n;
1975
1976 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
1977
1978 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1979 if (!s)
1980 return;
1981
1982 rfcomm_session_hold(s);
1983
1984 list_for_each_safe(p, n, &s->dlcs) {
1985 d = list_entry(p, struct rfcomm_dlc, list);
1986
1987 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1988 continue;
1989
1990 if (!status && encrypt)
1991 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1992 else
1993 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1994 }
1995
1996 rfcomm_session_put(s);
1997
1998 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1999}
2000
2001static struct hci_cb rfcomm_cb = {
2002 .name = "RFCOMM",
2003 .auth_cfm = rfcomm_auth_cfm,
2004 .encrypt_cfm = rfcomm_encrypt_cfm
2005};
2006
Marcel Holtmannbe9d1222005-11-08 09:57:38 -0800[diff] [blame]2007static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2008{
2009 struct rfcomm_session *s;
2010 struct list_head *pp, *p;
Marcel Holtmannbe9d1222005-11-08 09:57:38 -0800[diff] [blame]2011 char *str = buf;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2012
2013 rfcomm_lock();
2014
2015 list_for_each(p, &session_list) {
2016 s = list_entry(p, struct rfcomm_session, list);
Marcel Holtmannbe9d1222005-11-08 09:57:38 -0800[diff] [blame]2017 list_for_each(pp, &s->dlcs) {
2018 struct sock *sk = s->sock->sk;
2019 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2020
Marcel Holtmannbe9d1222005-11-08 09:57:38 -0800[diff] [blame]2021 str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2022 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2023 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2024 }
2025 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2026
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2027 rfcomm_unlock();
Marcel Holtmannbe9d1222005-11-08 09:57:38 -0800[diff] [blame]2028
2029 return (str - buf);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2030}
2031
Marcel Holtmannbe9d1222005-11-08 09:57:38 -0800[diff] [blame]2032static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2033
2034/* ---- Initialization ---- */
2035static int __init rfcomm_init(void)
2036{
2037 l2cap_load();
2038
2039 hci_register_cb(&rfcomm_cb);
2040
2041 kernel_thread(rfcomm_run, NULL, CLONE_KERNEL);
2042
Marcel Holtmanna91f2e32006-07-03 10:02:41 +0200[diff] [blame]2043 class_create_file(bt_class, &class_attr_rfcomm_dlc);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2044
2045 rfcomm_init_sockets();
2046
2047#ifdef CONFIG_BT_RFCOMM_TTY
2048 rfcomm_init_ttys();
2049#endif
2050
Marcel Holtmannbe9d1222005-11-08 09:57:38 -0800[diff] [blame]2051 BT_INFO("RFCOMM ver %s", VERSION);
2052
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2053 return 0;
2054}
2055
2056static void __exit rfcomm_exit(void)
2057{
Marcel Holtmanna91f2e32006-07-03 10:02:41 +0200[diff] [blame]2058 class_remove_file(bt_class, &class_attr_rfcomm_dlc);
Marcel Holtmannbe9d1222005-11-08 09:57:38 -0800[diff] [blame]2059
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2060 hci_unregister_cb(&rfcomm_cb);
2061
2062 /* Terminate working thread.
2063 * ie. Set terminate flag and wake it up */
2064 atomic_inc(&terminate);
2065 rfcomm_schedule(RFCOMM_SCHED_STATE);
2066
2067 /* Wait until thread is running */
2068 while (atomic_read(&running))
2069 schedule();
2070
2071#ifdef CONFIG_BT_RFCOMM_TTY
2072 rfcomm_cleanup_ttys();
2073#endif
2074
2075 rfcomm_cleanup_sockets();
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2076}
2077
2078module_init(rfcomm_init);
2079module_exit(rfcomm_exit);
2080
Marcel Holtmann7c2660b2006-07-03 10:02:51 +0200[diff] [blame^]2081module_param(disable_cfc, bool, 0644);
2082MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2083
Marcel Holtmann56f3a402006-02-13 11:39:57 +0100[diff] [blame]2084module_param(l2cap_mtu, uint, 0644);
2085MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2086
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]2087MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
2088MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2089MODULE_VERSION(VERSION);
2090MODULE_LICENSE("GPL");
2091MODULE_ALIAS("bt-proto-3");