blob: e7a6a03cea37e891d81c3c036140f9e30300108d [file] [log] [blame]
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001/*
Linus Torvalds1da177e2005-04-16 15:20:36 -07002 RFCOMM implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2002 Maxim Krasnyansky <maxk@qualcomm.com>
4 Copyright (C) 2002 Marcel Holtmann <marcel@holtmann.org>
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License version 2 as
8 published by the Free Software Foundation;
9
10 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
11 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
12 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
13 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +090014 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
15 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
Linus Torvalds1da177e2005-04-16 15:20:36 -070017 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +090019 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
20 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
Linus Torvalds1da177e2005-04-16 15:20:36 -070021 SOFTWARE IS DISCLAIMED.
22*/
23
Linus Torvalds1da177e2005-04-16 15:20:36 -070024/*
25 * Bluetooth RFCOMM core.
26 *
27 * $Id: core.c,v 1.42 2002/10/01 23:26:25 maxk Exp $
28 */
29
Linus Torvalds1da177e2005-04-16 15:20:36 -070030#include <linux/module.h>
31#include <linux/errno.h>
32#include <linux/kernel.h>
33#include <linux/sched.h>
34#include <linux/signal.h>
35#include <linux/init.h>
36#include <linux/wait.h>
Marcel Holtmannbe9d1222005-11-08 09:57:38 -080037#include <linux/device.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070038#include <linux/net.h>
Arjan van de Ven4a3e2f72006-03-20 22:33:17 -080039#include <linux/mutex.h>
Marcel Holtmanna524ecc2007-10-20 21:37:20 +020040#include <linux/kthread.h>
Arjan van de Ven4a3e2f72006-03-20 22:33:17 -080041
Linus Torvalds1da177e2005-04-16 15:20:36 -070042#include <net/sock.h>
43#include <asm/uaccess.h>
44#include <asm/unaligned.h>
45
46#include <net/bluetooth/bluetooth.h>
47#include <net/bluetooth/hci_core.h>
48#include <net/bluetooth/l2cap.h>
49#include <net/bluetooth/rfcomm.h>
50
Linus Torvalds1da177e2005-04-16 15:20:36 -070051#ifndef CONFIG_BT_RFCOMM_DEBUG
52#undef BT_DBG
53#define BT_DBG(D...)
54#endif
55
Marcel Holtmann77db1982008-07-14 20:13:45 +020056#define VERSION "1.9"
Marcel Holtmann56f3a402006-02-13 11:39:57 +010057
Marcel Holtmann7c2660b2006-07-03 10:02:51 +020058static int disable_cfc = 0;
Marcel Holtmann98bcd082006-07-14 11:42:12 +020059static int channel_mtu = -1;
Marcel Holtmann56f3a402006-02-13 11:39:57 +010060static unsigned int l2cap_mtu = RFCOMM_MAX_L2CAP_MTU;
61
Linus Torvalds1da177e2005-04-16 15:20:36 -070062static struct task_struct *rfcomm_thread;
63
Arjan van de Ven4a3e2f72006-03-20 22:33:17 -080064static DEFINE_MUTEX(rfcomm_mutex);
65#define rfcomm_lock() mutex_lock(&rfcomm_mutex)
66#define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
Linus Torvalds1da177e2005-04-16 15:20:36 -070067
68static unsigned long rfcomm_event;
69
70static LIST_HEAD(session_list);
Linus Torvalds1da177e2005-04-16 15:20:36 -070071
72static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
73static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
74static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
75static int rfcomm_queue_disc(struct rfcomm_dlc *d);
76static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
77static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
78static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
79static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
80static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
81static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
82
83static void rfcomm_process_connect(struct rfcomm_session *s);
84
85static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err);
86static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
87static void rfcomm_session_del(struct rfcomm_session *s);
88
89/* ---- RFCOMM frame parsing macros ---- */
90#define __get_dlci(b) ((b & 0xfc) >> 2)
91#define __get_channel(b) ((b & 0xf8) >> 3)
92#define __get_dir(b) ((b & 0x04) >> 2)
93#define __get_type(b) ((b & 0xef))
94
95#define __test_ea(b) ((b & 0x01))
96#define __test_cr(b) ((b & 0x02))
97#define __test_pf(b) ((b & 0x10))
98
99#define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
100#define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
101#define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
102#define __srv_channel(dlci) (dlci >> 1)
103#define __dir(dlci) (dlci & 0x01)
104
105#define __len8(len) (((len) << 1) | 1)
106#define __len16(len) ((len) << 1)
107
108/* MCC macros */
109#define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
110#define __get_mcc_type(b) ((b & 0xfc) >> 2)
111#define __get_mcc_len(b) ((b & 0xfe) >> 1)
112
113/* RPN macros */
J. Suter3a5e9032005-08-09 20:28:46 -0700114#define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
Linus Torvalds1da177e2005-04-16 15:20:36 -0700115#define __get_rpn_data_bits(line) ((line) & 0x3)
116#define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
J. Suter3a5e9032005-08-09 20:28:46 -0700117#define __get_rpn_parity(line) (((line) >> 3) & 0x7)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700118
119static inline void rfcomm_schedule(uint event)
120{
121 if (!rfcomm_thread)
122 return;
123 //set_bit(event, &rfcomm_event);
124 set_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
125 wake_up_process(rfcomm_thread);
126}
127
128static inline void rfcomm_session_put(struct rfcomm_session *s)
129{
130 if (atomic_dec_and_test(&s->refcnt))
131 rfcomm_session_del(s);
132}
133
134/* ---- RFCOMM FCS computation ---- */
135
Marcel Holtmann408c1ce2005-10-28 19:20:36 +0200136/* reversed, 8-bit, poly=0x07 */
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900137static unsigned char rfcomm_crc_table[256] = {
Marcel Holtmann408c1ce2005-10-28 19:20:36 +0200138 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
139 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
140 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
141 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
142
143 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
144 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
145 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
146 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
147
148 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
149 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
150 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
151 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
152
153 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
154 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
155 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
156 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
157
158 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
159 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
160 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
161 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
162
163 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
164 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
165 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
166 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
167
168 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
169 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
170 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
171 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
172
173 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
174 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
175 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
176 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
177};
178
Linus Torvalds1da177e2005-04-16 15:20:36 -0700179/* CRC on 2 bytes */
180#define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
181
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900182/* FCS on 2 bytes */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700183static inline u8 __fcs(u8 *data)
184{
185 return (0xff - __crc(data));
186}
187
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900188/* FCS on 3 bytes */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700189static inline u8 __fcs2(u8 *data)
190{
191 return (0xff - rfcomm_crc_table[__crc(data) ^ data[2]]);
192}
193
194/* Check FCS */
195static inline int __check_fcs(u8 *data, int type, u8 fcs)
196{
197 u8 f = __crc(data);
198
199 if (type != RFCOMM_UIH)
200 f = rfcomm_crc_table[f ^ data[2]];
201
202 return rfcomm_crc_table[f ^ fcs] != 0xcf;
203}
204
205/* ---- L2CAP callbacks ---- */
206static void rfcomm_l2state_change(struct sock *sk)
207{
208 BT_DBG("%p state %d", sk, sk->sk_state);
209 rfcomm_schedule(RFCOMM_SCHED_STATE);
210}
211
212static void rfcomm_l2data_ready(struct sock *sk, int bytes)
213{
214 BT_DBG("%p bytes %d", sk, bytes);
215 rfcomm_schedule(RFCOMM_SCHED_RX);
216}
217
218static int rfcomm_l2sock_create(struct socket **sock)
219{
220 int err;
221
222 BT_DBG("");
223
224 err = sock_create_kern(PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
225 if (!err) {
226 struct sock *sk = (*sock)->sk;
227 sk->sk_data_ready = rfcomm_l2data_ready;
228 sk->sk_state_change = rfcomm_l2state_change;
229 }
230 return err;
231}
232
Marcel Holtmann77db1982008-07-14 20:13:45 +0200233static inline int rfcomm_check_link_mode(struct rfcomm_dlc *d)
234{
235 struct sock *sk = d->session->sock->sk;
236
237 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) {
238 if (!hci_conn_encrypt(l2cap_pi(sk)->conn->hcon))
239 return 1;
240 } else if (d->link_mode & RFCOMM_LM_AUTH) {
241 if (!hci_conn_auth(l2cap_pi(sk)->conn->hcon))
242 return 1;
243 }
244
245 return 0;
246}
247
Linus Torvalds1da177e2005-04-16 15:20:36 -0700248/* ---- RFCOMM DLCs ---- */
249static void rfcomm_dlc_timeout(unsigned long arg)
250{
251 struct rfcomm_dlc *d = (void *) arg;
252
253 BT_DBG("dlc %p state %ld", d, d->state);
254
255 set_bit(RFCOMM_TIMED_OUT, &d->flags);
256 rfcomm_dlc_put(d);
257 rfcomm_schedule(RFCOMM_SCHED_TIMEO);
258}
259
260static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
261{
262 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
263
264 if (!mod_timer(&d->timer, jiffies + timeout))
265 rfcomm_dlc_hold(d);
266}
267
268static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
269{
270 BT_DBG("dlc %p state %ld", d, d->state);
271
272 if (timer_pending(&d->timer) && del_timer(&d->timer))
273 rfcomm_dlc_put(d);
274}
275
276static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
277{
278 BT_DBG("%p", d);
279
280 d->state = BT_OPEN;
281 d->flags = 0;
282 d->mscex = 0;
283 d->mtu = RFCOMM_DEFAULT_MTU;
284 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
285
286 d->cfc = RFCOMM_CFC_DISABLED;
287 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
288}
289
Al Virodd0fc662005-10-07 07:46:04 +0100290struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700291{
Marcel Holtmann25ea6db2006-07-06 15:40:09 +0200292 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
293
Linus Torvalds1da177e2005-04-16 15:20:36 -0700294 if (!d)
295 return NULL;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700296
Pavel Emelyanovb24b8a22008-01-23 21:20:07 -0800297 setup_timer(&d->timer, rfcomm_dlc_timeout, (unsigned long)d);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700298
299 skb_queue_head_init(&d->tx_queue);
300 spin_lock_init(&d->lock);
301 atomic_set(&d->refcnt, 1);
302
303 rfcomm_dlc_clear_state(d);
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900304
Linus Torvalds1da177e2005-04-16 15:20:36 -0700305 BT_DBG("%p", d);
Marcel Holtmann25ea6db2006-07-06 15:40:09 +0200306
Linus Torvalds1da177e2005-04-16 15:20:36 -0700307 return d;
308}
309
310void rfcomm_dlc_free(struct rfcomm_dlc *d)
311{
312 BT_DBG("%p", d);
313
314 skb_queue_purge(&d->tx_queue);
315 kfree(d);
316}
317
318static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
319{
320 BT_DBG("dlc %p session %p", d, s);
321
322 rfcomm_session_hold(s);
323
324 rfcomm_dlc_hold(d);
325 list_add(&d->list, &s->dlcs);
326 d->session = s;
327}
328
329static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
330{
331 struct rfcomm_session *s = d->session;
332
333 BT_DBG("dlc %p refcnt %d session %p", d, atomic_read(&d->refcnt), s);
334
335 list_del(&d->list);
336 d->session = NULL;
337 rfcomm_dlc_put(d);
338
339 rfcomm_session_put(s);
340}
341
342static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
343{
344 struct rfcomm_dlc *d;
345 struct list_head *p;
346
347 list_for_each(p, &s->dlcs) {
348 d = list_entry(p, struct rfcomm_dlc, list);
349 if (d->dlci == dlci)
350 return d;
351 }
352 return NULL;
353}
354
355static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
356{
357 struct rfcomm_session *s;
358 int err = 0;
359 u8 dlci;
360
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900361 BT_DBG("dlc %p state %ld %s %s channel %d",
Linus Torvalds1da177e2005-04-16 15:20:36 -0700362 d, d->state, batostr(src), batostr(dst), channel);
363
364 if (channel < 1 || channel > 30)
365 return -EINVAL;
366
367 if (d->state != BT_OPEN && d->state != BT_CLOSED)
368 return 0;
369
370 s = rfcomm_session_get(src, dst);
371 if (!s) {
372 s = rfcomm_session_create(src, dst, &err);
373 if (!s)
374 return err;
375 }
376
377 dlci = __dlci(!s->initiator, channel);
378
379 /* Check if DLCI already exists */
380 if (rfcomm_dlc_get(s, dlci))
381 return -EBUSY;
382
383 rfcomm_dlc_clear_state(d);
384
385 d->dlci = dlci;
386 d->addr = __addr(s->initiator, dlci);
387 d->priority = 7;
388
Marcel Holtmann77db1982008-07-14 20:13:45 +0200389 d->state = BT_CONFIG;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700390 rfcomm_dlc_link(s, d);
391
Marcel Holtmann77db1982008-07-14 20:13:45 +0200392 d->out = 1;
393
Linus Torvalds1da177e2005-04-16 15:20:36 -0700394 d->mtu = s->mtu;
395 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
396
Marcel Holtmann77db1982008-07-14 20:13:45 +0200397 if (s->state == BT_CONNECTED) {
398 if (rfcomm_check_link_mode(d))
399 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
400 else
401 rfcomm_send_pn(s, 1, d);
402 }
403
Linus Torvalds1da177e2005-04-16 15:20:36 -0700404 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
Marcel Holtmann77db1982008-07-14 20:13:45 +0200405
Linus Torvalds1da177e2005-04-16 15:20:36 -0700406 return 0;
407}
408
409int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
410{
411 int r;
412
413 rfcomm_lock();
414
415 r = __rfcomm_dlc_open(d, src, dst, channel);
416
417 rfcomm_unlock();
418 return r;
419}
420
421static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
422{
423 struct rfcomm_session *s = d->session;
424 if (!s)
425 return 0;
426
427 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
428 d, d->state, d->dlci, err, s);
429
430 switch (d->state) {
431 case BT_CONNECTED:
432 case BT_CONFIG:
433 case BT_CONNECT:
434 d->state = BT_DISCONN;
435 if (skb_queue_empty(&d->tx_queue)) {
436 rfcomm_send_disc(s, d->dlci);
437 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
438 } else {
439 rfcomm_queue_disc(d);
440 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
441 }
442 break;
443
444 default:
445 rfcomm_dlc_clear_timer(d);
446
447 rfcomm_dlc_lock(d);
448 d->state = BT_CLOSED;
Dave Young1905f6c2008-04-01 23:59:06 -0700449 d->state_change(d, err);
Arjan van de Ven4c8411f2008-05-29 01:32:47 -0700450 rfcomm_dlc_unlock(d);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700451
452 skb_queue_purge(&d->tx_queue);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700453 rfcomm_dlc_unlink(d);
454 }
455
456 return 0;
457}
458
459int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
460{
461 int r;
462
463 rfcomm_lock();
464
465 r = __rfcomm_dlc_close(d, err);
466
467 rfcomm_unlock();
468 return r;
469}
470
471int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
472{
473 int len = skb->len;
474
475 if (d->state != BT_CONNECTED)
476 return -ENOTCONN;
477
478 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
479
480 if (len > d->mtu)
481 return -EINVAL;
482
483 rfcomm_make_uih(skb, d->addr);
484 skb_queue_tail(&d->tx_queue, skb);
485
486 if (!test_bit(RFCOMM_TX_THROTTLED, &d->flags))
487 rfcomm_schedule(RFCOMM_SCHED_TX);
488 return len;
489}
490
Harvey Harrisonb5606c22008-02-13 15:03:16 -0800491void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700492{
493 BT_DBG("dlc %p state %ld", d, d->state);
494
495 if (!d->cfc) {
496 d->v24_sig |= RFCOMM_V24_FC;
497 set_bit(RFCOMM_MSC_PENDING, &d->flags);
498 }
499 rfcomm_schedule(RFCOMM_SCHED_TX);
500}
501
Harvey Harrisonb5606c22008-02-13 15:03:16 -0800502void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700503{
504 BT_DBG("dlc %p state %ld", d, d->state);
505
506 if (!d->cfc) {
507 d->v24_sig &= ~RFCOMM_V24_FC;
508 set_bit(RFCOMM_MSC_PENDING, &d->flags);
509 }
510 rfcomm_schedule(RFCOMM_SCHED_TX);
511}
512
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900513/*
Linus Torvalds1da177e2005-04-16 15:20:36 -0700514 Set/get modem status functions use _local_ status i.e. what we report
515 to the other side.
516 Remote status is provided by dlc->modem_status() callback.
517 */
518int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
519{
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900520 BT_DBG("dlc %p state %ld v24_sig 0x%x",
Linus Torvalds1da177e2005-04-16 15:20:36 -0700521 d, d->state, v24_sig);
522
523 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
524 v24_sig |= RFCOMM_V24_FC;
525 else
526 v24_sig &= ~RFCOMM_V24_FC;
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900527
Linus Torvalds1da177e2005-04-16 15:20:36 -0700528 d->v24_sig = v24_sig;
529
530 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
531 rfcomm_schedule(RFCOMM_SCHED_TX);
532
533 return 0;
534}
535
536int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
537{
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900538 BT_DBG("dlc %p state %ld v24_sig 0x%x",
Linus Torvalds1da177e2005-04-16 15:20:36 -0700539 d, d->state, d->v24_sig);
540
541 *v24_sig = d->v24_sig;
542 return 0;
543}
544
545/* ---- RFCOMM sessions ---- */
546static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
547{
Marcel Holtmann25ea6db2006-07-06 15:40:09 +0200548 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
549
Linus Torvalds1da177e2005-04-16 15:20:36 -0700550 if (!s)
551 return NULL;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700552
553 BT_DBG("session %p sock %p", s, sock);
554
555 INIT_LIST_HEAD(&s->dlcs);
556 s->state = state;
557 s->sock = sock;
558
559 s->mtu = RFCOMM_DEFAULT_MTU;
Marcel Holtmann7c2660b2006-07-03 10:02:51 +0200560 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700561
562 /* Do not increment module usage count for listening sessions.
563 * Otherwise we won't be able to unload the module. */
564 if (state != BT_LISTEN)
565 if (!try_module_get(THIS_MODULE)) {
566 kfree(s);
567 return NULL;
568 }
569
570 list_add(&s->list, &session_list);
571
572 return s;
573}
574
575static void rfcomm_session_del(struct rfcomm_session *s)
576{
577 int state = s->state;
578
579 BT_DBG("session %p state %ld", s, s->state);
580
581 list_del(&s->list);
582
583 if (state == BT_CONNECTED)
584 rfcomm_send_disc(s, 0);
585
586 sock_release(s->sock);
587 kfree(s);
588
589 if (state != BT_LISTEN)
590 module_put(THIS_MODULE);
591}
592
593static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
594{
595 struct rfcomm_session *s;
596 struct list_head *p, *n;
597 struct bt_sock *sk;
598 list_for_each_safe(p, n, &session_list) {
599 s = list_entry(p, struct rfcomm_session, list);
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900600 sk = bt_sk(s->sock->sk);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700601
602 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&sk->src, src)) &&
603 !bacmp(&sk->dst, dst))
604 return s;
605 }
606 return NULL;
607}
608
609static void rfcomm_session_close(struct rfcomm_session *s, int err)
610{
611 struct rfcomm_dlc *d;
612 struct list_head *p, *n;
613
614 BT_DBG("session %p state %ld err %d", s, s->state, err);
615
616 rfcomm_session_hold(s);
617
618 s->state = BT_CLOSED;
619
620 /* Close all dlcs */
621 list_for_each_safe(p, n, &s->dlcs) {
622 d = list_entry(p, struct rfcomm_dlc, list);
623 d->state = BT_CLOSED;
624 __rfcomm_dlc_close(d, err);
625 }
626
627 rfcomm_session_put(s);
628}
629
630static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src, bdaddr_t *dst, int *err)
631{
632 struct rfcomm_session *s = NULL;
633 struct sockaddr_l2 addr;
634 struct socket *sock;
635 struct sock *sk;
636
637 BT_DBG("%s %s", batostr(src), batostr(dst));
638
639 *err = rfcomm_l2sock_create(&sock);
640 if (*err < 0)
641 return NULL;
642
643 bacpy(&addr.l2_bdaddr, src);
644 addr.l2_family = AF_BLUETOOTH;
645 addr.l2_psm = 0;
Marcel Holtmann48db9ca2007-05-05 00:36:06 +0200646 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
Linus Torvalds1da177e2005-04-16 15:20:36 -0700647 if (*err < 0)
648 goto failed;
649
650 /* Set L2CAP options */
651 sk = sock->sk;
652 lock_sock(sk);
Marcel Holtmann56f3a402006-02-13 11:39:57 +0100653 l2cap_pi(sk)->imtu = l2cap_mtu;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700654 release_sock(sk);
655
656 s = rfcomm_session_add(sock, BT_BOUND);
657 if (!s) {
658 *err = -ENOMEM;
659 goto failed;
660 }
661
Linus Torvalds1da177e2005-04-16 15:20:36 -0700662 s->initiator = 1;
663
664 bacpy(&addr.l2_bdaddr, dst);
665 addr.l2_family = AF_BLUETOOTH;
666 addr.l2_psm = htobs(RFCOMM_PSM);
Marcel Holtmann48db9ca2007-05-05 00:36:06 +0200667 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
Marcel Holtmannb4c612a2006-09-23 09:54:38 +0200668 if (*err == 0 || *err == -EINPROGRESS)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700669 return s;
670
671 rfcomm_session_del(s);
672 return NULL;
673
674failed:
675 sock_release(sock);
676 return NULL;
677}
678
679void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
680{
681 struct sock *sk = s->sock->sk;
682 if (src)
683 bacpy(src, &bt_sk(sk)->src);
684 if (dst)
685 bacpy(dst, &bt_sk(sk)->dst);
686}
687
688/* ---- RFCOMM frame sending ---- */
689static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
690{
691 struct socket *sock = s->sock;
692 struct kvec iv = { data, len };
693 struct msghdr msg;
694
695 BT_DBG("session %p len %d", s, len);
696
697 memset(&msg, 0, sizeof(msg));
698
699 return kernel_sendmsg(sock, &msg, &iv, 1, len);
700}
701
702static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
703{
704 struct rfcomm_cmd cmd;
705
706 BT_DBG("%p dlci %d", s, dlci);
707
708 cmd.addr = __addr(s->initiator, dlci);
709 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
710 cmd.len = __len8(0);
711 cmd.fcs = __fcs2((u8 *) &cmd);
712
713 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
714}
715
716static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
717{
718 struct rfcomm_cmd cmd;
719
720 BT_DBG("%p dlci %d", s, dlci);
721
722 cmd.addr = __addr(!s->initiator, dlci);
723 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
724 cmd.len = __len8(0);
725 cmd.fcs = __fcs2((u8 *) &cmd);
726
727 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
728}
729
730static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
731{
732 struct rfcomm_cmd cmd;
733
734 BT_DBG("%p dlci %d", s, dlci);
735
736 cmd.addr = __addr(s->initiator, dlci);
737 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
738 cmd.len = __len8(0);
739 cmd.fcs = __fcs2((u8 *) &cmd);
740
741 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
742}
743
744static int rfcomm_queue_disc(struct rfcomm_dlc *d)
745{
746 struct rfcomm_cmd *cmd;
747 struct sk_buff *skb;
748
749 BT_DBG("dlc %p dlci %d", d, d->dlci);
750
751 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
752 if (!skb)
753 return -ENOMEM;
754
755 cmd = (void *) __skb_put(skb, sizeof(*cmd));
756 cmd->addr = d->addr;
757 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
758 cmd->len = __len8(0);
759 cmd->fcs = __fcs2((u8 *) cmd);
760
761 skb_queue_tail(&d->tx_queue, skb);
762 rfcomm_schedule(RFCOMM_SCHED_TX);
763 return 0;
764}
765
766static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
767{
768 struct rfcomm_cmd cmd;
769
770 BT_DBG("%p dlci %d", s, dlci);
771
772 cmd.addr = __addr(!s->initiator, dlci);
773 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
774 cmd.len = __len8(0);
775 cmd.fcs = __fcs2((u8 *) &cmd);
776
777 return rfcomm_send_frame(s, (void *) &cmd, sizeof(cmd));
778}
779
780static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
781{
782 struct rfcomm_hdr *hdr;
783 struct rfcomm_mcc *mcc;
784 u8 buf[16], *ptr = buf;
785
786 BT_DBG("%p cr %d type %d", s, cr, type);
787
788 hdr = (void *) ptr; ptr += sizeof(*hdr);
789 hdr->addr = __addr(s->initiator, 0);
790 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
791 hdr->len = __len8(sizeof(*mcc) + 1);
792
793 mcc = (void *) ptr; ptr += sizeof(*mcc);
794 mcc->type = __mcc_type(cr, RFCOMM_NSC);
795 mcc->len = __len8(1);
796
797 /* Type that we didn't like */
798 *ptr = __mcc_type(cr, type); ptr++;
799
800 *ptr = __fcs(buf); ptr++;
801
802 return rfcomm_send_frame(s, buf, ptr - buf);
803}
804
805static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
806{
807 struct rfcomm_hdr *hdr;
808 struct rfcomm_mcc *mcc;
809 struct rfcomm_pn *pn;
810 u8 buf[16], *ptr = buf;
811
812 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
813
814 hdr = (void *) ptr; ptr += sizeof(*hdr);
815 hdr->addr = __addr(s->initiator, 0);
816 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
817 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
818
819 mcc = (void *) ptr; ptr += sizeof(*mcc);
820 mcc->type = __mcc_type(cr, RFCOMM_PN);
821 mcc->len = __len8(sizeof(*pn));
822
823 pn = (void *) ptr; ptr += sizeof(*pn);
824 pn->dlci = d->dlci;
825 pn->priority = d->priority;
826 pn->ack_timer = 0;
827 pn->max_retrans = 0;
828
829 if (s->cfc) {
830 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
831 pn->credits = RFCOMM_DEFAULT_CREDITS;
832 } else {
833 pn->flow_ctrl = 0;
834 pn->credits = 0;
835 }
836
Marcel Holtmann98bcd082006-07-14 11:42:12 +0200837 if (cr && channel_mtu >= 0)
838 pn->mtu = htobs(channel_mtu);
839 else
840 pn->mtu = htobs(d->mtu);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700841
842 *ptr = __fcs(buf); ptr++;
843
844 return rfcomm_send_frame(s, buf, ptr - buf);
845}
846
J. Suter3a5e9032005-08-09 20:28:46 -0700847int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
848 u8 bit_rate, u8 data_bits, u8 stop_bits,
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900849 u8 parity, u8 flow_ctrl_settings,
J. Suter3a5e9032005-08-09 20:28:46 -0700850 u8 xon_char, u8 xoff_char, u16 param_mask)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700851{
852 struct rfcomm_hdr *hdr;
853 struct rfcomm_mcc *mcc;
854 struct rfcomm_rpn *rpn;
855 u8 buf[16], *ptr = buf;
856
857 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +0900858 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
859 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
J. Suter3a5e9032005-08-09 20:28:46 -0700860 flow_ctrl_settings, xon_char, xoff_char, param_mask);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700861
862 hdr = (void *) ptr; ptr += sizeof(*hdr);
863 hdr->addr = __addr(s->initiator, 0);
864 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
865 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
866
867 mcc = (void *) ptr; ptr += sizeof(*mcc);
868 mcc->type = __mcc_type(cr, RFCOMM_RPN);
869 mcc->len = __len8(sizeof(*rpn));
870
871 rpn = (void *) ptr; ptr += sizeof(*rpn);
872 rpn->dlci = __addr(1, dlci);
873 rpn->bit_rate = bit_rate;
874 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
875 rpn->flow_ctrl = flow_ctrl_settings;
876 rpn->xon_char = xon_char;
877 rpn->xoff_char = xoff_char;
Al Viroe8db8c92006-11-08 00:28:44 -0800878 rpn->param_mask = cpu_to_le16(param_mask);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700879
880 *ptr = __fcs(buf); ptr++;
881
882 return rfcomm_send_frame(s, buf, ptr - buf);
883}
884
885static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
886{
887 struct rfcomm_hdr *hdr;
888 struct rfcomm_mcc *mcc;
889 struct rfcomm_rls *rls;
890 u8 buf[16], *ptr = buf;
891
892 BT_DBG("%p cr %d status 0x%x", s, cr, status);
893
894 hdr = (void *) ptr; ptr += sizeof(*hdr);
895 hdr->addr = __addr(s->initiator, 0);
896 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
897 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
898
899 mcc = (void *) ptr; ptr += sizeof(*mcc);
900 mcc->type = __mcc_type(cr, RFCOMM_RLS);
901 mcc->len = __len8(sizeof(*rls));
902
903 rls = (void *) ptr; ptr += sizeof(*rls);
904 rls->dlci = __addr(1, dlci);
905 rls->status = status;
906
907 *ptr = __fcs(buf); ptr++;
908
909 return rfcomm_send_frame(s, buf, ptr - buf);
910}
911
912static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
913{
914 struct rfcomm_hdr *hdr;
915 struct rfcomm_mcc *mcc;
916 struct rfcomm_msc *msc;
917 u8 buf[16], *ptr = buf;
918
919 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
920
921 hdr = (void *) ptr; ptr += sizeof(*hdr);
922 hdr->addr = __addr(s->initiator, 0);
923 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
924 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
925
926 mcc = (void *) ptr; ptr += sizeof(*mcc);
927 mcc->type = __mcc_type(cr, RFCOMM_MSC);
928 mcc->len = __len8(sizeof(*msc));
929
930 msc = (void *) ptr; ptr += sizeof(*msc);
931 msc->dlci = __addr(1, dlci);
932 msc->v24_sig = v24_sig | 0x01;
933
934 *ptr = __fcs(buf); ptr++;
935
936 return rfcomm_send_frame(s, buf, ptr - buf);
937}
938
939static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
940{
941 struct rfcomm_hdr *hdr;
942 struct rfcomm_mcc *mcc;
943 u8 buf[16], *ptr = buf;
944
945 BT_DBG("%p cr %d", s, cr);
946
947 hdr = (void *) ptr; ptr += sizeof(*hdr);
948 hdr->addr = __addr(s->initiator, 0);
949 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
950 hdr->len = __len8(sizeof(*mcc));
951
952 mcc = (void *) ptr; ptr += sizeof(*mcc);
953 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
954 mcc->len = __len8(0);
955
956 *ptr = __fcs(buf); ptr++;
957
958 return rfcomm_send_frame(s, buf, ptr - buf);
959}
960
961static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
962{
963 struct rfcomm_hdr *hdr;
964 struct rfcomm_mcc *mcc;
965 u8 buf[16], *ptr = buf;
966
967 BT_DBG("%p cr %d", s, cr);
968
969 hdr = (void *) ptr; ptr += sizeof(*hdr);
970 hdr->addr = __addr(s->initiator, 0);
971 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
972 hdr->len = __len8(sizeof(*mcc));
973
974 mcc = (void *) ptr; ptr += sizeof(*mcc);
975 mcc->type = __mcc_type(cr, RFCOMM_FCON);
976 mcc->len = __len8(0);
977
978 *ptr = __fcs(buf); ptr++;
979
980 return rfcomm_send_frame(s, buf, ptr - buf);
981}
982
983static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
984{
985 struct socket *sock = s->sock;
986 struct kvec iv[3];
987 struct msghdr msg;
988 unsigned char hdr[5], crc[1];
989
990 if (len > 125)
991 return -EINVAL;
992
993 BT_DBG("%p cr %d", s, cr);
994
995 hdr[0] = __addr(s->initiator, 0);
996 hdr[1] = __ctrl(RFCOMM_UIH, 0);
997 hdr[2] = 0x01 | ((len + 2) << 1);
998 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
999 hdr[4] = 0x01 | (len << 1);
1000
1001 crc[0] = __fcs(hdr);
1002
1003 iv[0].iov_base = hdr;
1004 iv[0].iov_len = 5;
1005 iv[1].iov_base = pattern;
1006 iv[1].iov_len = len;
1007 iv[2].iov_base = crc;
1008 iv[2].iov_len = 1;
1009
1010 memset(&msg, 0, sizeof(msg));
1011
1012 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1013}
1014
1015static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1016{
1017 struct rfcomm_hdr *hdr;
1018 u8 buf[16], *ptr = buf;
1019
1020 BT_DBG("%p addr %d credits %d", s, addr, credits);
1021
1022 hdr = (void *) ptr; ptr += sizeof(*hdr);
1023 hdr->addr = addr;
1024 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1025 hdr->len = __len8(0);
1026
1027 *ptr = credits; ptr++;
1028
1029 *ptr = __fcs(buf); ptr++;
1030
1031 return rfcomm_send_frame(s, buf, ptr - buf);
1032}
1033
1034static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1035{
1036 struct rfcomm_hdr *hdr;
1037 int len = skb->len;
1038 u8 *crc;
1039
1040 if (len > 127) {
1041 hdr = (void *) skb_push(skb, 4);
Al Viro6ba9c752006-11-08 00:28:19 -08001042 put_unaligned(htobs(__len16(len)), (__le16 *) &hdr->len);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001043 } else {
1044 hdr = (void *) skb_push(skb, 3);
1045 hdr->len = __len8(len);
1046 }
1047 hdr->addr = addr;
1048 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1049
1050 crc = skb_put(skb, 1);
1051 *crc = __fcs((void *) hdr);
1052}
1053
1054/* ---- RFCOMM frame reception ---- */
1055static int rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1056{
1057 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1058
1059 if (dlci) {
1060 /* Data channel */
1061 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1062 if (!d) {
1063 rfcomm_send_dm(s, dlci);
1064 return 0;
1065 }
1066
1067 switch (d->state) {
1068 case BT_CONNECT:
1069 rfcomm_dlc_clear_timer(d);
1070
1071 rfcomm_dlc_lock(d);
1072 d->state = BT_CONNECTED;
1073 d->state_change(d, 0);
1074 rfcomm_dlc_unlock(d);
1075
1076 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1077 break;
1078
1079 case BT_DISCONN:
1080 d->state = BT_CLOSED;
1081 __rfcomm_dlc_close(d, 0);
Marcel Holtmann9cf5b0e2007-05-05 00:36:13 +02001082
1083 if (list_empty(&s->dlcs)) {
1084 s->state = BT_DISCONN;
1085 rfcomm_send_disc(s, 0);
1086 }
1087
Linus Torvalds1da177e2005-04-16 15:20:36 -07001088 break;
1089 }
1090 } else {
1091 /* Control channel */
1092 switch (s->state) {
1093 case BT_CONNECT:
1094 s->state = BT_CONNECTED;
1095 rfcomm_process_connect(s);
1096 break;
Marcel Holtmann9cf5b0e2007-05-05 00:36:13 +02001097
1098 case BT_DISCONN:
1099 rfcomm_session_put(s);
1100 break;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001101 }
1102 }
1103 return 0;
1104}
1105
1106static int rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1107{
1108 int err = 0;
1109
1110 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1111
1112 if (dlci) {
1113 /* Data DLC */
1114 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1115 if (d) {
1116 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1117 err = ECONNREFUSED;
1118 else
1119 err = ECONNRESET;
1120
1121 d->state = BT_CLOSED;
1122 __rfcomm_dlc_close(d, err);
1123 }
1124 } else {
1125 if (s->state == BT_CONNECT)
1126 err = ECONNREFUSED;
1127 else
1128 err = ECONNRESET;
1129
1130 s->state = BT_CLOSED;
1131 rfcomm_session_close(s, err);
1132 }
1133 return 0;
1134}
1135
1136static int rfcomm_recv_disc(struct rfcomm_session *s, u8 dlci)
1137{
1138 int err = 0;
1139
1140 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1141
1142 if (dlci) {
1143 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1144 if (d) {
1145 rfcomm_send_ua(s, dlci);
1146
1147 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1148 err = ECONNREFUSED;
1149 else
1150 err = ECONNRESET;
1151
1152 d->state = BT_CLOSED;
1153 __rfcomm_dlc_close(d, err);
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001154 } else
Linus Torvalds1da177e2005-04-16 15:20:36 -07001155 rfcomm_send_dm(s, dlci);
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001156
Linus Torvalds1da177e2005-04-16 15:20:36 -07001157 } else {
1158 rfcomm_send_ua(s, 0);
1159
1160 if (s->state == BT_CONNECT)
1161 err = ECONNREFUSED;
1162 else
1163 err = ECONNRESET;
1164
1165 s->state = BT_CLOSED;
1166 rfcomm_session_close(s, err);
1167 }
1168
1169 return 0;
1170}
1171
Linus Torvalds1da177e2005-04-16 15:20:36 -07001172static void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1173{
Marcel Holtmann300b9392006-07-03 10:37:55 +02001174 struct sock *sk = d->session->sock->sk;
1175
Linus Torvalds1da177e2005-04-16 15:20:36 -07001176 BT_DBG("dlc %p", d);
1177
1178 rfcomm_send_ua(d->session, d->dlci);
1179
1180 rfcomm_dlc_lock(d);
1181 d->state = BT_CONNECTED;
1182 d->state_change(d, 0);
1183 rfcomm_dlc_unlock(d);
1184
Marcel Holtmann300b9392006-07-03 10:37:55 +02001185 if (d->link_mode & RFCOMM_LM_MASTER)
1186 hci_conn_switch_role(l2cap_pi(sk)->conn->hcon, 0x00);
1187
Linus Torvalds1da177e2005-04-16 15:20:36 -07001188 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1189}
1190
1191static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1192{
1193 struct rfcomm_dlc *d;
1194 u8 channel;
1195
1196 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1197
1198 if (!dlci) {
1199 rfcomm_send_ua(s, 0);
1200
1201 if (s->state == BT_OPEN) {
1202 s->state = BT_CONNECTED;
1203 rfcomm_process_connect(s);
1204 }
1205 return 0;
1206 }
1207
1208 /* Check if DLC exists */
1209 d = rfcomm_dlc_get(s, dlci);
1210 if (d) {
1211 if (d->state == BT_OPEN) {
1212 /* DLC was previously opened by PN request */
1213 if (rfcomm_check_link_mode(d)) {
1214 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1215 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
Marcel Holtmann77db1982008-07-14 20:13:45 +02001216 } else
1217 rfcomm_dlc_accept(d);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001218 }
1219 return 0;
1220 }
1221
1222 /* Notify socket layer about incoming connection */
1223 channel = __srv_channel(dlci);
1224 if (rfcomm_connect_ind(s, channel, &d)) {
1225 d->dlci = dlci;
1226 d->addr = __addr(s->initiator, dlci);
1227 rfcomm_dlc_link(s, d);
1228
1229 if (rfcomm_check_link_mode(d)) {
1230 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1231 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
Marcel Holtmann77db1982008-07-14 20:13:45 +02001232 } else
1233 rfcomm_dlc_accept(d);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001234 } else {
1235 rfcomm_send_dm(s, dlci);
1236 }
1237
1238 return 0;
1239}
1240
1241static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1242{
1243 struct rfcomm_session *s = d->session;
1244
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001245 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
Linus Torvalds1da177e2005-04-16 15:20:36 -07001246 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1247
Marcel Holtmann7c2660b2006-07-03 10:02:51 +02001248 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1249 pn->flow_ctrl == 0xe0) {
1250 d->cfc = RFCOMM_CFC_ENABLED;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001251 d->tx_credits = pn->credits;
1252 } else {
Marcel Holtmann7c2660b2006-07-03 10:02:51 +02001253 d->cfc = RFCOMM_CFC_DISABLED;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001254 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1255 }
1256
Marcel Holtmann7c2660b2006-07-03 10:02:51 +02001257 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1258 s->cfc = d->cfc;
1259
Linus Torvalds1da177e2005-04-16 15:20:36 -07001260 d->priority = pn->priority;
1261
Marcel Holtmann98bcd082006-07-14 11:42:12 +02001262 d->mtu = btohs(pn->mtu);
1263
1264 if (cr && d->mtu > s->mtu)
1265 d->mtu = s->mtu;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001266
1267 return 0;
1268}
1269
1270static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1271{
1272 struct rfcomm_pn *pn = (void *) skb->data;
1273 struct rfcomm_dlc *d;
1274 u8 dlci = pn->dlci;
1275
1276 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1277
1278 if (!dlci)
1279 return 0;
1280
1281 d = rfcomm_dlc_get(s, dlci);
1282 if (d) {
1283 if (cr) {
1284 /* PN request */
1285 rfcomm_apply_pn(d, cr, pn);
1286 rfcomm_send_pn(s, 0, d);
1287 } else {
1288 /* PN response */
1289 switch (d->state) {
1290 case BT_CONFIG:
1291 rfcomm_apply_pn(d, cr, pn);
1292
1293 d->state = BT_CONNECT;
1294 rfcomm_send_sabm(s, d->dlci);
1295 break;
1296 }
1297 }
1298 } else {
1299 u8 channel = __srv_channel(dlci);
1300
1301 if (!cr)
1302 return 0;
1303
1304 /* PN request for non existing DLC.
1305 * Assume incoming connection. */
1306 if (rfcomm_connect_ind(s, channel, &d)) {
1307 d->dlci = dlci;
1308 d->addr = __addr(s->initiator, dlci);
1309 rfcomm_dlc_link(s, d);
1310
1311 rfcomm_apply_pn(d, cr, pn);
1312
1313 d->state = BT_OPEN;
1314 rfcomm_send_pn(s, 0, d);
1315 } else {
1316 rfcomm_send_dm(s, dlci);
1317 }
1318 }
1319 return 0;
1320}
1321
1322static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1323{
1324 struct rfcomm_rpn *rpn = (void *) skb->data;
1325 u8 dlci = __get_dlci(rpn->dlci);
1326
1327 u8 bit_rate = 0;
1328 u8 data_bits = 0;
1329 u8 stop_bits = 0;
1330 u8 parity = 0;
1331 u8 flow_ctrl = 0;
1332 u8 xon_char = 0;
1333 u8 xoff_char = 0;
1334 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
J. Suter3a5e9032005-08-09 20:28:46 -07001335
1336 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1337 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1338 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1339
1340 if (!cr)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001341 return 0;
J. Suter3a5e9032005-08-09 20:28:46 -07001342
Linus Torvalds1da177e2005-04-16 15:20:36 -07001343 if (len == 1) {
J. Suter3a5e9032005-08-09 20:28:46 -07001344 /* This is a request, return default settings */
Linus Torvalds1da177e2005-04-16 15:20:36 -07001345 bit_rate = RFCOMM_RPN_BR_115200;
1346 data_bits = RFCOMM_RPN_DATA_8;
1347 stop_bits = RFCOMM_RPN_STOP_1;
1348 parity = RFCOMM_RPN_PARITY_NONE;
1349 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1350 xon_char = RFCOMM_RPN_XON_CHAR;
1351 xoff_char = RFCOMM_RPN_XOFF_CHAR;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001352 goto rpn_out;
1353 }
J. Suter3a5e9032005-08-09 20:28:46 -07001354
1355 /* Check for sane values, ignore/accept bit_rate, 8 bits, 1 stop bit,
1356 * no parity, no flow control lines, normal XON/XOFF chars */
1357
Al Viroe8db8c92006-11-08 00:28:44 -08001358 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07001359 bit_rate = rpn->bit_rate;
1360 if (bit_rate != RFCOMM_RPN_BR_115200) {
1361 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1362 bit_rate = RFCOMM_RPN_BR_115200;
1363 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1364 }
1365 }
J. Suter3a5e9032005-08-09 20:28:46 -07001366
Al Viroe8db8c92006-11-08 00:28:44 -08001367 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07001368 data_bits = __get_rpn_data_bits(rpn->line_settings);
1369 if (data_bits != RFCOMM_RPN_DATA_8) {
1370 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1371 data_bits = RFCOMM_RPN_DATA_8;
1372 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1373 }
1374 }
J. Suter3a5e9032005-08-09 20:28:46 -07001375
Al Viroe8db8c92006-11-08 00:28:44 -08001376 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07001377 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1378 if (stop_bits != RFCOMM_RPN_STOP_1) {
1379 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1380 stop_bits = RFCOMM_RPN_STOP_1;
1381 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1382 }
1383 }
J. Suter3a5e9032005-08-09 20:28:46 -07001384
Al Viroe8db8c92006-11-08 00:28:44 -08001385 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07001386 parity = __get_rpn_parity(rpn->line_settings);
1387 if (parity != RFCOMM_RPN_PARITY_NONE) {
1388 BT_DBG("RPN parity mismatch 0x%x", parity);
1389 parity = RFCOMM_RPN_PARITY_NONE;
1390 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1391 }
1392 }
J. Suter3a5e9032005-08-09 20:28:46 -07001393
Al Viroe8db8c92006-11-08 00:28:44 -08001394 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07001395 flow_ctrl = rpn->flow_ctrl;
1396 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1397 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1398 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1399 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1400 }
1401 }
J. Suter3a5e9032005-08-09 20:28:46 -07001402
Al Viroe8db8c92006-11-08 00:28:44 -08001403 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07001404 xon_char = rpn->xon_char;
1405 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1406 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1407 xon_char = RFCOMM_RPN_XON_CHAR;
1408 rpn_mask ^= RFCOMM_RPN_PM_XON;
1409 }
1410 }
J. Suter3a5e9032005-08-09 20:28:46 -07001411
Al Viroe8db8c92006-11-08 00:28:44 -08001412 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07001413 xoff_char = rpn->xoff_char;
1414 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1415 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1416 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1417 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1418 }
1419 }
1420
1421rpn_out:
J. Suter3a5e9032005-08-09 20:28:46 -07001422 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1423 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001424
1425 return 0;
1426}
1427
1428static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1429{
1430 struct rfcomm_rls *rls = (void *) skb->data;
1431 u8 dlci = __get_dlci(rls->dlci);
1432
1433 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
J. Suter3a5e9032005-08-09 20:28:46 -07001434
Linus Torvalds1da177e2005-04-16 15:20:36 -07001435 if (!cr)
1436 return 0;
1437
J. Suter3a5e9032005-08-09 20:28:46 -07001438 /* We should probably do something with this information here. But
1439 * for now it's sufficient just to reply -- Bluetooth 1.1 says it's
1440 * mandatory to recognise and respond to RLS */
Linus Torvalds1da177e2005-04-16 15:20:36 -07001441
1442 rfcomm_send_rls(s, 0, dlci, rls->status);
1443
1444 return 0;
1445}
1446
1447static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1448{
1449 struct rfcomm_msc *msc = (void *) skb->data;
1450 struct rfcomm_dlc *d;
1451 u8 dlci = __get_dlci(msc->dlci);
1452
1453 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1454
1455 d = rfcomm_dlc_get(s, dlci);
J. Suter3a5e9032005-08-09 20:28:46 -07001456 if (!d)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001457 return 0;
1458
1459 if (cr) {
1460 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1461 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1462 else
1463 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
J. Suter3a5e9032005-08-09 20:28:46 -07001464
Linus Torvalds1da177e2005-04-16 15:20:36 -07001465 rfcomm_dlc_lock(d);
1466 if (d->modem_status)
1467 d->modem_status(d, msc->v24_sig);
1468 rfcomm_dlc_unlock(d);
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001469
Linus Torvalds1da177e2005-04-16 15:20:36 -07001470 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1471
1472 d->mscex |= RFCOMM_MSCEX_RX;
J. Suter3a5e9032005-08-09 20:28:46 -07001473 } else
Linus Torvalds1da177e2005-04-16 15:20:36 -07001474 d->mscex |= RFCOMM_MSCEX_TX;
1475
1476 return 0;
1477}
1478
1479static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1480{
1481 struct rfcomm_mcc *mcc = (void *) skb->data;
1482 u8 type, cr, len;
1483
1484 cr = __test_cr(mcc->type);
1485 type = __get_mcc_type(mcc->type);
1486 len = __get_mcc_len(mcc->len);
1487
1488 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1489
1490 skb_pull(skb, 2);
1491
1492 switch (type) {
1493 case RFCOMM_PN:
1494 rfcomm_recv_pn(s, cr, skb);
1495 break;
1496
1497 case RFCOMM_RPN:
1498 rfcomm_recv_rpn(s, cr, len, skb);
1499 break;
1500
1501 case RFCOMM_RLS:
1502 rfcomm_recv_rls(s, cr, skb);
1503 break;
1504
1505 case RFCOMM_MSC:
1506 rfcomm_recv_msc(s, cr, skb);
1507 break;
1508
1509 case RFCOMM_FCOFF:
1510 if (cr) {
1511 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1512 rfcomm_send_fcoff(s, 0);
1513 }
1514 break;
1515
1516 case RFCOMM_FCON:
1517 if (cr) {
1518 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1519 rfcomm_send_fcon(s, 0);
1520 }
1521 break;
1522
1523 case RFCOMM_TEST:
1524 if (cr)
1525 rfcomm_send_test(s, 0, skb->data, skb->len);
1526 break;
1527
1528 case RFCOMM_NSC:
1529 break;
1530
1531 default:
1532 BT_ERR("Unknown control type 0x%02x", type);
1533 rfcomm_send_nsc(s, cr, type);
1534 break;
1535 }
1536 return 0;
1537}
1538
1539static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1540{
1541 struct rfcomm_dlc *d;
1542
1543 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1544
1545 d = rfcomm_dlc_get(s, dlci);
1546 if (!d) {
1547 rfcomm_send_dm(s, dlci);
1548 goto drop;
1549 }
1550
1551 if (pf && d->cfc) {
1552 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1553
1554 d->tx_credits += credits;
1555 if (d->tx_credits)
1556 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1557 }
1558
1559 if (skb->len && d->state == BT_CONNECTED) {
1560 rfcomm_dlc_lock(d);
1561 d->rx_credits--;
1562 d->data_ready(d, skb);
1563 rfcomm_dlc_unlock(d);
1564 return 0;
1565 }
1566
1567drop:
1568 kfree_skb(skb);
1569 return 0;
1570}
1571
1572static int rfcomm_recv_frame(struct rfcomm_session *s, struct sk_buff *skb)
1573{
1574 struct rfcomm_hdr *hdr = (void *) skb->data;
1575 u8 type, dlci, fcs;
1576
1577 dlci = __get_dlci(hdr->addr);
1578 type = __get_type(hdr->ctrl);
1579
1580 /* Trim FCS */
1581 skb->len--; skb->tail--;
Arnaldo Carvalho de Melo27a884d2007-04-19 20:29:13 -07001582 fcs = *(u8 *)skb_tail_pointer(skb);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001583
1584 if (__check_fcs(skb->data, type, fcs)) {
1585 BT_ERR("bad checksum in packet");
1586 kfree_skb(skb);
1587 return -EILSEQ;
1588 }
1589
1590 if (__test_ea(hdr->len))
1591 skb_pull(skb, 3);
1592 else
1593 skb_pull(skb, 4);
1594
1595 switch (type) {
1596 case RFCOMM_SABM:
1597 if (__test_pf(hdr->ctrl))
1598 rfcomm_recv_sabm(s, dlci);
1599 break;
1600
1601 case RFCOMM_DISC:
1602 if (__test_pf(hdr->ctrl))
1603 rfcomm_recv_disc(s, dlci);
1604 break;
1605
1606 case RFCOMM_UA:
1607 if (__test_pf(hdr->ctrl))
1608 rfcomm_recv_ua(s, dlci);
1609 break;
1610
1611 case RFCOMM_DM:
1612 rfcomm_recv_dm(s, dlci);
1613 break;
1614
1615 case RFCOMM_UIH:
1616 if (dlci)
1617 return rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1618
1619 rfcomm_recv_mcc(s, skb);
1620 break;
1621
1622 default:
1623 BT_ERR("Unknown packet type 0x%02x\n", type);
1624 break;
1625 }
1626 kfree_skb(skb);
1627 return 0;
1628}
1629
1630/* ---- Connection and data processing ---- */
1631
1632static void rfcomm_process_connect(struct rfcomm_session *s)
1633{
1634 struct rfcomm_dlc *d;
1635 struct list_head *p, *n;
1636
1637 BT_DBG("session %p state %ld", s, s->state);
1638
1639 list_for_each_safe(p, n, &s->dlcs) {
1640 d = list_entry(p, struct rfcomm_dlc, list);
1641 if (d->state == BT_CONFIG) {
1642 d->mtu = s->mtu;
Marcel Holtmann77db1982008-07-14 20:13:45 +02001643 if (rfcomm_check_link_mode(d)) {
1644 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1645 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1646 } else
1647 rfcomm_send_pn(s, 1, d);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001648 }
1649 }
1650}
1651
1652/* Send data queued for the DLC.
1653 * Return number of frames left in the queue.
1654 */
1655static inline int rfcomm_process_tx(struct rfcomm_dlc *d)
1656{
1657 struct sk_buff *skb;
1658 int err;
1659
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001660 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
Linus Torvalds1da177e2005-04-16 15:20:36 -07001661 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1662
1663 /* Send pending MSC */
1664 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001665 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001666
1667 if (d->cfc) {
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001668 /* CFC enabled.
Linus Torvalds1da177e2005-04-16 15:20:36 -07001669 * Give them some credits */
1670 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001671 d->rx_credits <= (d->cfc >> 2)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07001672 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1673 d->rx_credits = d->cfc;
1674 }
1675 } else {
1676 /* CFC disabled.
1677 * Give ourselves some credits */
1678 d->tx_credits = 5;
1679 }
1680
1681 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1682 return skb_queue_len(&d->tx_queue);
1683
1684 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1685 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1686 if (err < 0) {
1687 skb_queue_head(&d->tx_queue, skb);
1688 break;
1689 }
1690 kfree_skb(skb);
1691 d->tx_credits--;
1692 }
1693
1694 if (d->cfc && !d->tx_credits) {
1695 /* We're out of TX credits.
1696 * Set TX_THROTTLED flag to avoid unnesary wakeups by dlc_send. */
1697 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1698 }
1699
1700 return skb_queue_len(&d->tx_queue);
1701}
1702
1703static inline void rfcomm_process_dlcs(struct rfcomm_session *s)
1704{
1705 struct rfcomm_dlc *d;
1706 struct list_head *p, *n;
1707
1708 BT_DBG("session %p state %ld", s, s->state);
1709
1710 list_for_each_safe(p, n, &s->dlcs) {
1711 d = list_entry(p, struct rfcomm_dlc, list);
1712
1713 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1714 __rfcomm_dlc_close(d, ETIMEDOUT);
1715 continue;
1716 }
1717
1718 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1719 rfcomm_dlc_clear_timer(d);
Marcel Holtmann77db1982008-07-14 20:13:45 +02001720 if (d->out) {
1721 rfcomm_send_pn(s, 1, d);
1722 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1723 } else
1724 rfcomm_dlc_accept(d);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001725 if (d->link_mode & RFCOMM_LM_SECURE) {
1726 struct sock *sk = s->sock->sk;
1727 hci_conn_change_link_key(l2cap_pi(sk)->conn->hcon);
1728 }
1729 continue;
1730 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1731 rfcomm_dlc_clear_timer(d);
Marcel Holtmann77db1982008-07-14 20:13:45 +02001732 if (!d->out)
1733 rfcomm_send_dm(s, d->dlci);
1734 else
1735 d->state = BT_CLOSED;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001736 __rfcomm_dlc_close(d, ECONNREFUSED);
1737 continue;
1738 }
1739
1740 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1741 continue;
1742
1743 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
Marcel Holtmann77db1982008-07-14 20:13:45 +02001744 d->mscex == RFCOMM_MSCEX_OK)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001745 rfcomm_process_tx(d);
1746 }
1747}
1748
1749static inline void rfcomm_process_rx(struct rfcomm_session *s)
1750{
1751 struct socket *sock = s->sock;
1752 struct sock *sk = sock->sk;
1753 struct sk_buff *skb;
1754
1755 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1756
1757 /* Get data directly from socket receive queue without copying it. */
1758 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1759 skb_orphan(skb);
1760 rfcomm_recv_frame(s, skb);
1761 }
1762
1763 if (sk->sk_state == BT_CLOSED) {
1764 if (!s->initiator)
1765 rfcomm_session_put(s);
1766
1767 rfcomm_session_close(s, sk->sk_err);
1768 }
1769}
1770
1771static inline void rfcomm_accept_connection(struct rfcomm_session *s)
1772{
1773 struct socket *sock = s->sock, *nsock;
1774 int err;
1775
1776 /* Fast check for a new connection.
1777 * Avoids unnesesary socket allocations. */
1778 if (list_empty(&bt_sk(sock->sk)->accept_q))
1779 return;
1780
1781 BT_DBG("session %p", s);
1782
Marcel Holtmann48db9ca2007-05-05 00:36:06 +02001783 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1784 if (err < 0)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001785 return;
1786
Linus Torvalds1da177e2005-04-16 15:20:36 -07001787 __module_get(nsock->ops->owner);
1788
Linus Torvalds1da177e2005-04-16 15:20:36 -07001789 /* Set our callbacks */
1790 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1791 nsock->sk->sk_state_change = rfcomm_l2state_change;
1792
1793 s = rfcomm_session_add(nsock, BT_OPEN);
1794 if (s) {
1795 rfcomm_session_hold(s);
Marcel Holtmann98bcd082006-07-14 11:42:12 +02001796
1797 /* We should adjust MTU on incoming sessions.
1798 * L2CAP MTU minus UIH header and FCS. */
1799 s->mtu = min(l2cap_pi(nsock->sk)->omtu, l2cap_pi(nsock->sk)->imtu) - 5;
1800
Linus Torvalds1da177e2005-04-16 15:20:36 -07001801 rfcomm_schedule(RFCOMM_SCHED_RX);
1802 } else
1803 sock_release(nsock);
1804}
1805
1806static inline void rfcomm_check_connection(struct rfcomm_session *s)
1807{
1808 struct sock *sk = s->sock->sk;
1809
1810 BT_DBG("%p state %ld", s, s->state);
1811
1812 switch(sk->sk_state) {
1813 case BT_CONNECTED:
1814 s->state = BT_CONNECT;
1815
1816 /* We can adjust MTU on outgoing sessions.
1817 * L2CAP MTU minus UIH header and FCS. */
1818 s->mtu = min(l2cap_pi(sk)->omtu, l2cap_pi(sk)->imtu) - 5;
1819
1820 rfcomm_send_sabm(s, 0);
1821 break;
1822
1823 case BT_CLOSED:
1824 s->state = BT_CLOSED;
1825 rfcomm_session_close(s, sk->sk_err);
1826 break;
1827 }
1828}
1829
1830static inline void rfcomm_process_sessions(void)
1831{
1832 struct list_head *p, *n;
1833
1834 rfcomm_lock();
1835
1836 list_for_each_safe(p, n, &session_list) {
1837 struct rfcomm_session *s;
1838 s = list_entry(p, struct rfcomm_session, list);
1839
1840 if (s->state == BT_LISTEN) {
1841 rfcomm_accept_connection(s);
1842 continue;
1843 }
1844
1845 rfcomm_session_hold(s);
1846
1847 switch (s->state) {
1848 case BT_BOUND:
1849 rfcomm_check_connection(s);
1850 break;
1851
1852 default:
1853 rfcomm_process_rx(s);
1854 break;
1855 }
1856
1857 rfcomm_process_dlcs(s);
1858
1859 rfcomm_session_put(s);
1860 }
1861
1862 rfcomm_unlock();
1863}
1864
Linus Torvalds1da177e2005-04-16 15:20:36 -07001865static int rfcomm_add_listener(bdaddr_t *ba)
1866{
1867 struct sockaddr_l2 addr;
1868 struct socket *sock;
1869 struct sock *sk;
1870 struct rfcomm_session *s;
1871 int err = 0;
1872
1873 /* Create socket */
1874 err = rfcomm_l2sock_create(&sock);
YOSHIFUJI Hideaki8e87d142007-02-09 23:24:33 +09001875 if (err < 0) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07001876 BT_ERR("Create socket failed %d", err);
1877 return err;
1878 }
1879
1880 /* Bind socket */
1881 bacpy(&addr.l2_bdaddr, ba);
1882 addr.l2_family = AF_BLUETOOTH;
1883 addr.l2_psm = htobs(RFCOMM_PSM);
Marcel Holtmann48db9ca2007-05-05 00:36:06 +02001884 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
Linus Torvalds1da177e2005-04-16 15:20:36 -07001885 if (err < 0) {
1886 BT_ERR("Bind failed %d", err);
1887 goto failed;
1888 }
1889
1890 /* Set L2CAP options */
1891 sk = sock->sk;
1892 lock_sock(sk);
Marcel Holtmann56f3a402006-02-13 11:39:57 +01001893 l2cap_pi(sk)->imtu = l2cap_mtu;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001894 release_sock(sk);
1895
1896 /* Start listening on the socket */
Marcel Holtmann48db9ca2007-05-05 00:36:06 +02001897 err = kernel_listen(sock, 10);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001898 if (err) {
1899 BT_ERR("Listen failed %d", err);
1900 goto failed;
1901 }
1902
1903 /* Add listening session */
1904 s = rfcomm_session_add(sock, BT_LISTEN);
1905 if (!s)
1906 goto failed;
1907
1908 rfcomm_session_hold(s);
1909 return 0;
1910failed:
1911 sock_release(sock);
1912 return err;
1913}
1914
1915static void rfcomm_kill_listener(void)
1916{
1917 struct rfcomm_session *s;
1918 struct list_head *p, *n;
1919
1920 BT_DBG("");
1921
1922 list_for_each_safe(p, n, &session_list) {
1923 s = list_entry(p, struct rfcomm_session, list);
1924 rfcomm_session_del(s);
1925 }
1926}
1927
1928static int rfcomm_run(void *unused)
1929{
Linus Torvalds1da177e2005-04-16 15:20:36 -07001930 BT_DBG("");
1931
Marcel Holtmanna524ecc2007-10-20 21:37:20 +02001932 set_user_nice(current, -10);
1933
Linus Torvalds1da177e2005-04-16 15:20:36 -07001934 rfcomm_add_listener(BDADDR_ANY);
1935
Marcel Holtmanna524ecc2007-10-20 21:37:20 +02001936 while (!kthread_should_stop()) {
1937 set_current_state(TASK_INTERRUPTIBLE);
1938 if (!test_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event)) {
1939 /* No pending events. Let's sleep.
1940 * Incoming connections and data will wake us up. */
1941 schedule();
1942 }
1943 set_current_state(TASK_RUNNING);
1944
1945 /* Process stuff */
1946 clear_bit(RFCOMM_SCHED_WAKEUP, &rfcomm_event);
1947 rfcomm_process_sessions();
1948 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07001949
1950 rfcomm_kill_listener();
1951
Linus Torvalds1da177e2005-04-16 15:20:36 -07001952 return 0;
1953}
1954
1955static void rfcomm_auth_cfm(struct hci_conn *conn, u8 status)
1956{
1957 struct rfcomm_session *s;
1958 struct rfcomm_dlc *d;
1959 struct list_head *p, *n;
1960
1961 BT_DBG("conn %p status 0x%02x", conn, status);
1962
1963 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1964 if (!s)
1965 return;
1966
1967 rfcomm_session_hold(s);
1968
1969 list_for_each_safe(p, n, &s->dlcs) {
1970 d = list_entry(p, struct rfcomm_dlc, list);
1971
1972 if (d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE))
1973 continue;
1974
1975 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
1976 continue;
1977
1978 if (!status)
1979 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
1980 else
1981 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
1982 }
1983
1984 rfcomm_session_put(s);
1985
1986 rfcomm_schedule(RFCOMM_SCHED_AUTH);
1987}
1988
1989static void rfcomm_encrypt_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
1990{
1991 struct rfcomm_session *s;
1992 struct rfcomm_dlc *d;
1993 struct list_head *p, *n;
1994
1995 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
1996
1997 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
1998 if (!s)
1999 return;
2000
2001 rfcomm_session_hold(s);
2002
2003 list_for_each_safe(p, n, &s->dlcs) {
2004 d = list_entry(p, struct rfcomm_dlc, list);
2005
Marcel Holtmann9719f8a2008-07-14 20:13:45 +02002006 if ((d->link_mode & (RFCOMM_LM_ENCRYPT | RFCOMM_LM_SECURE)) &&
2007 (d->state == BT_CONNECTED ||
2008 d->state == BT_CONFIG) &&
2009 !status && encrypt == 0x00) {
2010 __rfcomm_dlc_close(d, ECONNREFUSED);
2011 continue;
2012 }
2013
Linus Torvalds1da177e2005-04-16 15:20:36 -07002014 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2015 continue;
2016
2017 if (!status && encrypt)
2018 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2019 else
2020 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2021 }
2022
2023 rfcomm_session_put(s);
2024
2025 rfcomm_schedule(RFCOMM_SCHED_AUTH);
2026}
2027
2028static struct hci_cb rfcomm_cb = {
2029 .name = "RFCOMM",
2030 .auth_cfm = rfcomm_auth_cfm,
2031 .encrypt_cfm = rfcomm_encrypt_cfm
2032};
2033
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002034static ssize_t rfcomm_dlc_sysfs_show(struct class *dev, char *buf)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002035{
2036 struct rfcomm_session *s;
2037 struct list_head *pp, *p;
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002038 char *str = buf;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002039
2040 rfcomm_lock();
2041
2042 list_for_each(p, &session_list) {
2043 s = list_entry(p, struct rfcomm_session, list);
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002044 list_for_each(pp, &s->dlcs) {
2045 struct sock *sk = s->sock->sk;
2046 struct rfcomm_dlc *d = list_entry(pp, struct rfcomm_dlc, list);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002047
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002048 str += sprintf(str, "%s %s %ld %d %d %d %d\n",
2049 batostr(&bt_sk(sk)->src), batostr(&bt_sk(sk)->dst),
2050 d->state, d->dlci, d->mtu, d->rx_credits, d->tx_credits);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002051 }
2052 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07002053
Linus Torvalds1da177e2005-04-16 15:20:36 -07002054 rfcomm_unlock();
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002055
2056 return (str - buf);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002057}
2058
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002059static CLASS_ATTR(rfcomm_dlc, S_IRUGO, rfcomm_dlc_sysfs_show, NULL);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002060
2061/* ---- Initialization ---- */
2062static int __init rfcomm_init(void)
2063{
2064 l2cap_load();
2065
2066 hci_register_cb(&rfcomm_cb);
2067
Marcel Holtmanna524ecc2007-10-20 21:37:20 +02002068 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2069 if (IS_ERR(rfcomm_thread)) {
2070 hci_unregister_cb(&rfcomm_cb);
2071 return PTR_ERR(rfcomm_thread);
2072 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07002073
Marcel Holtmanndf5c37e2006-10-15 17:30:45 +02002074 if (class_create_file(bt_class, &class_attr_rfcomm_dlc) < 0)
2075 BT_ERR("Failed to create RFCOMM info file");
Linus Torvalds1da177e2005-04-16 15:20:36 -07002076
2077 rfcomm_init_sockets();
2078
2079#ifdef CONFIG_BT_RFCOMM_TTY
2080 rfcomm_init_ttys();
2081#endif
2082
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002083 BT_INFO("RFCOMM ver %s", VERSION);
2084
Linus Torvalds1da177e2005-04-16 15:20:36 -07002085 return 0;
2086}
2087
2088static void __exit rfcomm_exit(void)
2089{
Marcel Holtmanna91f2e32006-07-03 10:02:41 +02002090 class_remove_file(bt_class, &class_attr_rfcomm_dlc);
Marcel Holtmannbe9d1222005-11-08 09:57:38 -08002091
Linus Torvalds1da177e2005-04-16 15:20:36 -07002092 hci_unregister_cb(&rfcomm_cb);
2093
Marcel Holtmanna524ecc2007-10-20 21:37:20 +02002094 kthread_stop(rfcomm_thread);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002095
2096#ifdef CONFIG_BT_RFCOMM_TTY
2097 rfcomm_cleanup_ttys();
2098#endif
2099
2100 rfcomm_cleanup_sockets();
Linus Torvalds1da177e2005-04-16 15:20:36 -07002101}
2102
2103module_init(rfcomm_init);
2104module_exit(rfcomm_exit);
2105
Marcel Holtmann7c2660b2006-07-03 10:02:51 +02002106module_param(disable_cfc, bool, 0644);
2107MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2108
Marcel Holtmann98bcd082006-07-14 11:42:12 +02002109module_param(channel_mtu, int, 0644);
2110MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2111
Marcel Holtmann56f3a402006-02-13 11:39:57 +01002112module_param(l2cap_mtu, uint, 0644);
2113MODULE_PARM_DESC(l2cap_mtu, "Default MTU for the L2CAP connection");
2114
Linus Torvalds1da177e2005-04-16 15:20:36 -07002115MODULE_AUTHOR("Maxim Krasnyansky <maxk@qualcomm.com>, Marcel Holtmann <marcel@holtmann.org>");
2116MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2117MODULE_VERSION(VERSION);
2118MODULE_LICENSE("GPL");
2119MODULE_ALIAS("bt-proto-3");