0001
0002
0003
0004
0005
0006
0007
0008
0009
0010
0011
0012
0013
0014
0015
0016
0017
0018
0019
0020
0021
0022
0023
0024
0025
0026
0027
0028 #include <linux/module.h>
0029 #include <linux/debugfs.h>
0030 #include <linux/kthread.h>
0031 #include <asm/unaligned.h>
0032
0033 #include <net/bluetooth/bluetooth.h>
0034 #include <net/bluetooth/hci_core.h>
0035 #include <net/bluetooth/l2cap.h>
0036 #include <net/bluetooth/rfcomm.h>
0037
0038 #define VERSION "1.11"
0039
0040 static bool disable_cfc;
0041 static bool l2cap_ertm;
0042 static int channel_mtu = -1;
0043
0044 static struct task_struct *rfcomm_thread;
0045
0046 static DEFINE_MUTEX(rfcomm_mutex);
0047 #define rfcomm_lock() mutex_lock(&rfcomm_mutex)
0048 #define rfcomm_unlock() mutex_unlock(&rfcomm_mutex)
0049
0050
0051 static LIST_HEAD(session_list);
0052
0053 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len);
0054 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci);
0055 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci);
0056 static int rfcomm_queue_disc(struct rfcomm_dlc *d);
0057 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type);
0058 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d);
0059 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig);
0060 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len);
0061 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits);
0062 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr);
0063
0064 static void rfcomm_process_connect(struct rfcomm_session *s);
0065
0066 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
0067 bdaddr_t *dst,
0068 u8 sec_level,
0069 int *err);
0070 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst);
0071 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s);
0072
0073
0074 #define __get_dlci(b) ((b & 0xfc) >> 2)
0075 #define __get_type(b) ((b & 0xef))
0076
0077 #define __test_ea(b) ((b & 0x01))
0078 #define __test_cr(b) (!!(b & 0x02))
0079 #define __test_pf(b) (!!(b & 0x10))
0080
0081 #define __session_dir(s) ((s)->initiator ? 0x00 : 0x01)
0082
0083 #define __addr(cr, dlci) (((dlci & 0x3f) << 2) | (cr << 1) | 0x01)
0084 #define __ctrl(type, pf) (((type & 0xef) | (pf << 4)))
0085 #define __dlci(dir, chn) (((chn & 0x1f) << 1) | dir)
0086 #define __srv_channel(dlci) (dlci >> 1)
0087
0088 #define __len8(len) (((len) << 1) | 1)
0089 #define __len16(len) ((len) << 1)
0090
0091
0092 #define __mcc_type(cr, type) (((type << 2) | (cr << 1) | 0x01))
0093 #define __get_mcc_type(b) ((b & 0xfc) >> 2)
0094 #define __get_mcc_len(b) ((b & 0xfe) >> 1)
0095
0096
0097 #define __rpn_line_settings(data, stop, parity) ((data & 0x3) | ((stop & 0x1) << 2) | ((parity & 0x7) << 3))
0098 #define __get_rpn_data_bits(line) ((line) & 0x3)
0099 #define __get_rpn_stop_bits(line) (((line) >> 2) & 0x1)
0100 #define __get_rpn_parity(line) (((line) >> 3) & 0x7)
0101
0102 static DECLARE_WAIT_QUEUE_HEAD(rfcomm_wq);
0103
0104 static void rfcomm_schedule(void)
0105 {
0106 wake_up_all(&rfcomm_wq);
0107 }
0108
0109
0110
0111
0112 static unsigned char rfcomm_crc_table[256] = {
0113 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
0114 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
0115 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
0116 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
0117
0118 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
0119 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
0120 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
0121 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
0122
0123 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
0124 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
0125 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
0126 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
0127
0128 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
0129 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
0130 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
0131 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
0132
0133 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
0134 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
0135 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
0136 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
0137
0138 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
0139 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
0140 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
0141 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
0142
0143 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
0144 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
0145 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
0146 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
0147
0148 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
0149 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
0150 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
0151 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
0152 };
0153
0154
0155 #define __crc(data) (rfcomm_crc_table[rfcomm_crc_table[0xff ^ data[0]] ^ data[1]])
0156
0157
0158 static inline u8 __fcs(u8 *data)
0159 {
0160 return 0xff - __crc(data);
0161 }
0162
0163
0164 static inline u8 __fcs2(u8 *data)
0165 {
0166 return 0xff - rfcomm_crc_table[__crc(data) ^ data[2]];
0167 }
0168
0169
0170 static inline int __check_fcs(u8 *data, int type, u8 fcs)
0171 {
0172 u8 f = __crc(data);
0173
0174 if (type != RFCOMM_UIH)
0175 f = rfcomm_crc_table[f ^ data[2]];
0176
0177 return rfcomm_crc_table[f ^ fcs] != 0xcf;
0178 }
0179
0180
0181 static void rfcomm_l2state_change(struct sock *sk)
0182 {
0183 BT_DBG("%p state %d", sk, sk->sk_state);
0184 rfcomm_schedule();
0185 }
0186
0187 static void rfcomm_l2data_ready(struct sock *sk)
0188 {
0189 BT_DBG("%p", sk);
0190 rfcomm_schedule();
0191 }
0192
0193 static int rfcomm_l2sock_create(struct socket **sock)
0194 {
0195 int err;
0196
0197 BT_DBG("");
0198
0199 err = sock_create_kern(&init_net, PF_BLUETOOTH, SOCK_SEQPACKET, BTPROTO_L2CAP, sock);
0200 if (!err) {
0201 struct sock *sk = (*sock)->sk;
0202 sk->sk_data_ready = rfcomm_l2data_ready;
0203 sk->sk_state_change = rfcomm_l2state_change;
0204 }
0205 return err;
0206 }
0207
0208 static int rfcomm_check_security(struct rfcomm_dlc *d)
0209 {
0210 struct sock *sk = d->session->sock->sk;
0211 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
0212
0213 __u8 auth_type;
0214
0215 switch (d->sec_level) {
0216 case BT_SECURITY_HIGH:
0217 case BT_SECURITY_FIPS:
0218 auth_type = HCI_AT_GENERAL_BONDING_MITM;
0219 break;
0220 case BT_SECURITY_MEDIUM:
0221 auth_type = HCI_AT_GENERAL_BONDING;
0222 break;
0223 default:
0224 auth_type = HCI_AT_NO_BONDING;
0225 break;
0226 }
0227
0228 return hci_conn_security(conn->hcon, d->sec_level, auth_type,
0229 d->out);
0230 }
0231
0232 static void rfcomm_session_timeout(struct timer_list *t)
0233 {
0234 struct rfcomm_session *s = from_timer(s, t, timer);
0235
0236 BT_DBG("session %p state %ld", s, s->state);
0237
0238 set_bit(RFCOMM_TIMED_OUT, &s->flags);
0239 rfcomm_schedule();
0240 }
0241
0242 static void rfcomm_session_set_timer(struct rfcomm_session *s, long timeout)
0243 {
0244 BT_DBG("session %p state %ld timeout %ld", s, s->state, timeout);
0245
0246 mod_timer(&s->timer, jiffies + timeout);
0247 }
0248
0249 static void rfcomm_session_clear_timer(struct rfcomm_session *s)
0250 {
0251 BT_DBG("session %p state %ld", s, s->state);
0252
0253 del_timer_sync(&s->timer);
0254 }
0255
0256
0257 static void rfcomm_dlc_timeout(struct timer_list *t)
0258 {
0259 struct rfcomm_dlc *d = from_timer(d, t, timer);
0260
0261 BT_DBG("dlc %p state %ld", d, d->state);
0262
0263 set_bit(RFCOMM_TIMED_OUT, &d->flags);
0264 rfcomm_dlc_put(d);
0265 rfcomm_schedule();
0266 }
0267
0268 static void rfcomm_dlc_set_timer(struct rfcomm_dlc *d, long timeout)
0269 {
0270 BT_DBG("dlc %p state %ld timeout %ld", d, d->state, timeout);
0271
0272 if (!mod_timer(&d->timer, jiffies + timeout))
0273 rfcomm_dlc_hold(d);
0274 }
0275
0276 static void rfcomm_dlc_clear_timer(struct rfcomm_dlc *d)
0277 {
0278 BT_DBG("dlc %p state %ld", d, d->state);
0279
0280 if (del_timer(&d->timer))
0281 rfcomm_dlc_put(d);
0282 }
0283
0284 static void rfcomm_dlc_clear_state(struct rfcomm_dlc *d)
0285 {
0286 BT_DBG("%p", d);
0287
0288 d->state = BT_OPEN;
0289 d->flags = 0;
0290 d->mscex = 0;
0291 d->sec_level = BT_SECURITY_LOW;
0292 d->mtu = RFCOMM_DEFAULT_MTU;
0293 d->v24_sig = RFCOMM_V24_RTC | RFCOMM_V24_RTR | RFCOMM_V24_DV;
0294
0295 d->cfc = RFCOMM_CFC_DISABLED;
0296 d->rx_credits = RFCOMM_DEFAULT_CREDITS;
0297 }
0298
0299 struct rfcomm_dlc *rfcomm_dlc_alloc(gfp_t prio)
0300 {
0301 struct rfcomm_dlc *d = kzalloc(sizeof(*d), prio);
0302
0303 if (!d)
0304 return NULL;
0305
0306 timer_setup(&d->timer, rfcomm_dlc_timeout, 0);
0307
0308 skb_queue_head_init(&d->tx_queue);
0309 mutex_init(&d->lock);
0310 refcount_set(&d->refcnt, 1);
0311
0312 rfcomm_dlc_clear_state(d);
0313
0314 BT_DBG("%p", d);
0315
0316 return d;
0317 }
0318
0319 void rfcomm_dlc_free(struct rfcomm_dlc *d)
0320 {
0321 BT_DBG("%p", d);
0322
0323 skb_queue_purge(&d->tx_queue);
0324 kfree(d);
0325 }
0326
0327 static void rfcomm_dlc_link(struct rfcomm_session *s, struct rfcomm_dlc *d)
0328 {
0329 BT_DBG("dlc %p session %p", d, s);
0330
0331 rfcomm_session_clear_timer(s);
0332 rfcomm_dlc_hold(d);
0333 list_add(&d->list, &s->dlcs);
0334 d->session = s;
0335 }
0336
0337 static void rfcomm_dlc_unlink(struct rfcomm_dlc *d)
0338 {
0339 struct rfcomm_session *s = d->session;
0340
0341 BT_DBG("dlc %p refcnt %d session %p", d, refcount_read(&d->refcnt), s);
0342
0343 list_del(&d->list);
0344 d->session = NULL;
0345 rfcomm_dlc_put(d);
0346
0347 if (list_empty(&s->dlcs))
0348 rfcomm_session_set_timer(s, RFCOMM_IDLE_TIMEOUT);
0349 }
0350
0351 static struct rfcomm_dlc *rfcomm_dlc_get(struct rfcomm_session *s, u8 dlci)
0352 {
0353 struct rfcomm_dlc *d;
0354
0355 list_for_each_entry(d, &s->dlcs, list)
0356 if (d->dlci == dlci)
0357 return d;
0358
0359 return NULL;
0360 }
0361
0362 static int rfcomm_check_channel(u8 channel)
0363 {
0364 return channel < 1 || channel > 30;
0365 }
0366
0367 static int __rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
0368 {
0369 struct rfcomm_session *s;
0370 int err = 0;
0371 u8 dlci;
0372
0373 BT_DBG("dlc %p state %ld %pMR -> %pMR channel %d",
0374 d, d->state, src, dst, channel);
0375
0376 if (rfcomm_check_channel(channel))
0377 return -EINVAL;
0378
0379 if (d->state != BT_OPEN && d->state != BT_CLOSED)
0380 return 0;
0381
0382 s = rfcomm_session_get(src, dst);
0383 if (!s) {
0384 s = rfcomm_session_create(src, dst, d->sec_level, &err);
0385 if (!s)
0386 return err;
0387 }
0388
0389 dlci = __dlci(__session_dir(s), channel);
0390
0391
0392 if (rfcomm_dlc_get(s, dlci))
0393 return -EBUSY;
0394
0395 rfcomm_dlc_clear_state(d);
0396
0397 d->dlci = dlci;
0398 d->addr = __addr(s->initiator, dlci);
0399 d->priority = 7;
0400
0401 d->state = BT_CONFIG;
0402 rfcomm_dlc_link(s, d);
0403
0404 d->out = 1;
0405
0406 d->mtu = s->mtu;
0407 d->cfc = (s->cfc == RFCOMM_CFC_UNKNOWN) ? 0 : s->cfc;
0408
0409 if (s->state == BT_CONNECTED) {
0410 if (rfcomm_check_security(d))
0411 rfcomm_send_pn(s, 1, d);
0412 else
0413 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
0414 }
0415
0416 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
0417
0418 return 0;
0419 }
0420
0421 int rfcomm_dlc_open(struct rfcomm_dlc *d, bdaddr_t *src, bdaddr_t *dst, u8 channel)
0422 {
0423 int r;
0424
0425 rfcomm_lock();
0426
0427 r = __rfcomm_dlc_open(d, src, dst, channel);
0428
0429 rfcomm_unlock();
0430 return r;
0431 }
0432
0433 static void __rfcomm_dlc_disconn(struct rfcomm_dlc *d)
0434 {
0435 struct rfcomm_session *s = d->session;
0436
0437 d->state = BT_DISCONN;
0438 if (skb_queue_empty(&d->tx_queue)) {
0439 rfcomm_send_disc(s, d->dlci);
0440 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT);
0441 } else {
0442 rfcomm_queue_disc(d);
0443 rfcomm_dlc_set_timer(d, RFCOMM_DISC_TIMEOUT * 2);
0444 }
0445 }
0446
0447 static int __rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
0448 {
0449 struct rfcomm_session *s = d->session;
0450 if (!s)
0451 return 0;
0452
0453 BT_DBG("dlc %p state %ld dlci %d err %d session %p",
0454 d, d->state, d->dlci, err, s);
0455
0456 switch (d->state) {
0457 case BT_CONNECT:
0458 case BT_CONFIG:
0459 case BT_OPEN:
0460 case BT_CONNECT2:
0461 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
0462 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
0463 rfcomm_schedule();
0464 return 0;
0465 }
0466 }
0467
0468 switch (d->state) {
0469 case BT_CONNECT:
0470 case BT_CONNECTED:
0471 __rfcomm_dlc_disconn(d);
0472 break;
0473
0474 case BT_CONFIG:
0475 if (s->state != BT_BOUND) {
0476 __rfcomm_dlc_disconn(d);
0477 break;
0478 }
0479
0480
0481
0482 fallthrough;
0483
0484 default:
0485 rfcomm_dlc_clear_timer(d);
0486
0487 rfcomm_dlc_lock(d);
0488 d->state = BT_CLOSED;
0489 d->state_change(d, err);
0490 rfcomm_dlc_unlock(d);
0491
0492 skb_queue_purge(&d->tx_queue);
0493 rfcomm_dlc_unlink(d);
0494 }
0495
0496 return 0;
0497 }
0498
0499 int rfcomm_dlc_close(struct rfcomm_dlc *d, int err)
0500 {
0501 int r = 0;
0502 struct rfcomm_dlc *d_list;
0503 struct rfcomm_session *s, *s_list;
0504
0505 BT_DBG("dlc %p state %ld dlci %d err %d", d, d->state, d->dlci, err);
0506
0507 rfcomm_lock();
0508
0509 s = d->session;
0510 if (!s)
0511 goto no_session;
0512
0513
0514
0515
0516 list_for_each_entry(s_list, &session_list, list) {
0517 if (s_list == s) {
0518 list_for_each_entry(d_list, &s->dlcs, list) {
0519 if (d_list == d) {
0520 r = __rfcomm_dlc_close(d, err);
0521 break;
0522 }
0523 }
0524 break;
0525 }
0526 }
0527
0528 no_session:
0529 rfcomm_unlock();
0530 return r;
0531 }
0532
0533 struct rfcomm_dlc *rfcomm_dlc_exists(bdaddr_t *src, bdaddr_t *dst, u8 channel)
0534 {
0535 struct rfcomm_session *s;
0536 struct rfcomm_dlc *dlc = NULL;
0537 u8 dlci;
0538
0539 if (rfcomm_check_channel(channel))
0540 return ERR_PTR(-EINVAL);
0541
0542 rfcomm_lock();
0543 s = rfcomm_session_get(src, dst);
0544 if (s) {
0545 dlci = __dlci(__session_dir(s), channel);
0546 dlc = rfcomm_dlc_get(s, dlci);
0547 }
0548 rfcomm_unlock();
0549 return dlc;
0550 }
0551
0552 static int rfcomm_dlc_send_frag(struct rfcomm_dlc *d, struct sk_buff *frag)
0553 {
0554 int len = frag->len;
0555
0556 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
0557
0558 if (len > d->mtu)
0559 return -EINVAL;
0560
0561 rfcomm_make_uih(frag, d->addr);
0562 __skb_queue_tail(&d->tx_queue, frag);
0563
0564 return len;
0565 }
0566
0567 int rfcomm_dlc_send(struct rfcomm_dlc *d, struct sk_buff *skb)
0568 {
0569 unsigned long flags;
0570 struct sk_buff *frag, *next;
0571 int len;
0572
0573 if (d->state != BT_CONNECTED)
0574 return -ENOTCONN;
0575
0576 frag = skb_shinfo(skb)->frag_list;
0577 skb_shinfo(skb)->frag_list = NULL;
0578
0579
0580 spin_lock_irqsave(&d->tx_queue.lock, flags);
0581
0582 len = rfcomm_dlc_send_frag(d, skb);
0583 if (len < 0 || !frag)
0584 goto unlock;
0585
0586 for (; frag; frag = next) {
0587 int ret;
0588
0589 next = frag->next;
0590
0591 ret = rfcomm_dlc_send_frag(d, frag);
0592 if (ret < 0) {
0593 kfree_skb(frag);
0594 goto unlock;
0595 }
0596
0597 len += ret;
0598 }
0599
0600 unlock:
0601 spin_unlock_irqrestore(&d->tx_queue.lock, flags);
0602
0603 if (len > 0 && !test_bit(RFCOMM_TX_THROTTLED, &d->flags))
0604 rfcomm_schedule();
0605 return len;
0606 }
0607
0608 void rfcomm_dlc_send_noerror(struct rfcomm_dlc *d, struct sk_buff *skb)
0609 {
0610 int len = skb->len;
0611
0612 BT_DBG("dlc %p mtu %d len %d", d, d->mtu, len);
0613
0614 rfcomm_make_uih(skb, d->addr);
0615 skb_queue_tail(&d->tx_queue, skb);
0616
0617 if (d->state == BT_CONNECTED &&
0618 !test_bit(RFCOMM_TX_THROTTLED, &d->flags))
0619 rfcomm_schedule();
0620 }
0621
0622 void __rfcomm_dlc_throttle(struct rfcomm_dlc *d)
0623 {
0624 BT_DBG("dlc %p state %ld", d, d->state);
0625
0626 if (!d->cfc) {
0627 d->v24_sig |= RFCOMM_V24_FC;
0628 set_bit(RFCOMM_MSC_PENDING, &d->flags);
0629 }
0630 rfcomm_schedule();
0631 }
0632
0633 void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d)
0634 {
0635 BT_DBG("dlc %p state %ld", d, d->state);
0636
0637 if (!d->cfc) {
0638 d->v24_sig &= ~RFCOMM_V24_FC;
0639 set_bit(RFCOMM_MSC_PENDING, &d->flags);
0640 }
0641 rfcomm_schedule();
0642 }
0643
0644
0645
0646
0647
0648
0649 int rfcomm_dlc_set_modem_status(struct rfcomm_dlc *d, u8 v24_sig)
0650 {
0651 BT_DBG("dlc %p state %ld v24_sig 0x%x",
0652 d, d->state, v24_sig);
0653
0654 if (test_bit(RFCOMM_RX_THROTTLED, &d->flags))
0655 v24_sig |= RFCOMM_V24_FC;
0656 else
0657 v24_sig &= ~RFCOMM_V24_FC;
0658
0659 d->v24_sig = v24_sig;
0660
0661 if (!test_and_set_bit(RFCOMM_MSC_PENDING, &d->flags))
0662 rfcomm_schedule();
0663
0664 return 0;
0665 }
0666
0667 int rfcomm_dlc_get_modem_status(struct rfcomm_dlc *d, u8 *v24_sig)
0668 {
0669 BT_DBG("dlc %p state %ld v24_sig 0x%x",
0670 d, d->state, d->v24_sig);
0671
0672 *v24_sig = d->v24_sig;
0673 return 0;
0674 }
0675
0676
0677 static struct rfcomm_session *rfcomm_session_add(struct socket *sock, int state)
0678 {
0679 struct rfcomm_session *s = kzalloc(sizeof(*s), GFP_KERNEL);
0680
0681 if (!s)
0682 return NULL;
0683
0684 BT_DBG("session %p sock %p", s, sock);
0685
0686 timer_setup(&s->timer, rfcomm_session_timeout, 0);
0687
0688 INIT_LIST_HEAD(&s->dlcs);
0689 s->state = state;
0690 s->sock = sock;
0691
0692 s->mtu = RFCOMM_DEFAULT_MTU;
0693 s->cfc = disable_cfc ? RFCOMM_CFC_DISABLED : RFCOMM_CFC_UNKNOWN;
0694
0695
0696
0697 if (state != BT_LISTEN)
0698 if (!try_module_get(THIS_MODULE)) {
0699 kfree(s);
0700 return NULL;
0701 }
0702
0703 list_add(&s->list, &session_list);
0704
0705 return s;
0706 }
0707
0708 static struct rfcomm_session *rfcomm_session_del(struct rfcomm_session *s)
0709 {
0710 int state = s->state;
0711
0712 BT_DBG("session %p state %ld", s, s->state);
0713
0714 list_del(&s->list);
0715
0716 rfcomm_session_clear_timer(s);
0717 sock_release(s->sock);
0718 kfree(s);
0719
0720 if (state != BT_LISTEN)
0721 module_put(THIS_MODULE);
0722
0723 return NULL;
0724 }
0725
0726 static struct rfcomm_session *rfcomm_session_get(bdaddr_t *src, bdaddr_t *dst)
0727 {
0728 struct rfcomm_session *s, *n;
0729 struct l2cap_chan *chan;
0730 list_for_each_entry_safe(s, n, &session_list, list) {
0731 chan = l2cap_pi(s->sock->sk)->chan;
0732
0733 if ((!bacmp(src, BDADDR_ANY) || !bacmp(&chan->src, src)) &&
0734 !bacmp(&chan->dst, dst))
0735 return s;
0736 }
0737 return NULL;
0738 }
0739
0740 static struct rfcomm_session *rfcomm_session_close(struct rfcomm_session *s,
0741 int err)
0742 {
0743 struct rfcomm_dlc *d, *n;
0744
0745 s->state = BT_CLOSED;
0746
0747 BT_DBG("session %p state %ld err %d", s, s->state, err);
0748
0749
0750 list_for_each_entry_safe(d, n, &s->dlcs, list) {
0751 d->state = BT_CLOSED;
0752 __rfcomm_dlc_close(d, err);
0753 }
0754
0755 rfcomm_session_clear_timer(s);
0756 return rfcomm_session_del(s);
0757 }
0758
0759 static struct rfcomm_session *rfcomm_session_create(bdaddr_t *src,
0760 bdaddr_t *dst,
0761 u8 sec_level,
0762 int *err)
0763 {
0764 struct rfcomm_session *s = NULL;
0765 struct sockaddr_l2 addr;
0766 struct socket *sock;
0767 struct sock *sk;
0768
0769 BT_DBG("%pMR -> %pMR", src, dst);
0770
0771 *err = rfcomm_l2sock_create(&sock);
0772 if (*err < 0)
0773 return NULL;
0774
0775 bacpy(&addr.l2_bdaddr, src);
0776 addr.l2_family = AF_BLUETOOTH;
0777 addr.l2_psm = 0;
0778 addr.l2_cid = 0;
0779 addr.l2_bdaddr_type = BDADDR_BREDR;
0780 *err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
0781 if (*err < 0)
0782 goto failed;
0783
0784
0785 sk = sock->sk;
0786 lock_sock(sk);
0787
0788 l2cap_pi(sk)->chan->imtu = 0;
0789 l2cap_pi(sk)->chan->sec_level = sec_level;
0790 if (l2cap_ertm)
0791 l2cap_pi(sk)->chan->mode = L2CAP_MODE_ERTM;
0792 release_sock(sk);
0793
0794 s = rfcomm_session_add(sock, BT_BOUND);
0795 if (!s) {
0796 *err = -ENOMEM;
0797 goto failed;
0798 }
0799
0800 s->initiator = 1;
0801
0802 bacpy(&addr.l2_bdaddr, dst);
0803 addr.l2_family = AF_BLUETOOTH;
0804 addr.l2_psm = cpu_to_le16(L2CAP_PSM_RFCOMM);
0805 addr.l2_cid = 0;
0806 addr.l2_bdaddr_type = BDADDR_BREDR;
0807 *err = kernel_connect(sock, (struct sockaddr *) &addr, sizeof(addr), O_NONBLOCK);
0808 if (*err == 0 || *err == -EINPROGRESS)
0809 return s;
0810
0811 return rfcomm_session_del(s);
0812
0813 failed:
0814 sock_release(sock);
0815 return NULL;
0816 }
0817
0818 void rfcomm_session_getaddr(struct rfcomm_session *s, bdaddr_t *src, bdaddr_t *dst)
0819 {
0820 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
0821 if (src)
0822 bacpy(src, &chan->src);
0823 if (dst)
0824 bacpy(dst, &chan->dst);
0825 }
0826
0827
0828 static int rfcomm_send_frame(struct rfcomm_session *s, u8 *data, int len)
0829 {
0830 struct kvec iv = { data, len };
0831 struct msghdr msg;
0832
0833 BT_DBG("session %p len %d", s, len);
0834
0835 memset(&msg, 0, sizeof(msg));
0836
0837 return kernel_sendmsg(s->sock, &msg, &iv, 1, len);
0838 }
0839
0840 static int rfcomm_send_cmd(struct rfcomm_session *s, struct rfcomm_cmd *cmd)
0841 {
0842 BT_DBG("%p cmd %u", s, cmd->ctrl);
0843
0844 return rfcomm_send_frame(s, (void *) cmd, sizeof(*cmd));
0845 }
0846
0847 static int rfcomm_send_sabm(struct rfcomm_session *s, u8 dlci)
0848 {
0849 struct rfcomm_cmd cmd;
0850
0851 BT_DBG("%p dlci %d", s, dlci);
0852
0853 cmd.addr = __addr(s->initiator, dlci);
0854 cmd.ctrl = __ctrl(RFCOMM_SABM, 1);
0855 cmd.len = __len8(0);
0856 cmd.fcs = __fcs2((u8 *) &cmd);
0857
0858 return rfcomm_send_cmd(s, &cmd);
0859 }
0860
0861 static int rfcomm_send_ua(struct rfcomm_session *s, u8 dlci)
0862 {
0863 struct rfcomm_cmd cmd;
0864
0865 BT_DBG("%p dlci %d", s, dlci);
0866
0867 cmd.addr = __addr(!s->initiator, dlci);
0868 cmd.ctrl = __ctrl(RFCOMM_UA, 1);
0869 cmd.len = __len8(0);
0870 cmd.fcs = __fcs2((u8 *) &cmd);
0871
0872 return rfcomm_send_cmd(s, &cmd);
0873 }
0874
0875 static int rfcomm_send_disc(struct rfcomm_session *s, u8 dlci)
0876 {
0877 struct rfcomm_cmd cmd;
0878
0879 BT_DBG("%p dlci %d", s, dlci);
0880
0881 cmd.addr = __addr(s->initiator, dlci);
0882 cmd.ctrl = __ctrl(RFCOMM_DISC, 1);
0883 cmd.len = __len8(0);
0884 cmd.fcs = __fcs2((u8 *) &cmd);
0885
0886 return rfcomm_send_cmd(s, &cmd);
0887 }
0888
0889 static int rfcomm_queue_disc(struct rfcomm_dlc *d)
0890 {
0891 struct rfcomm_cmd *cmd;
0892 struct sk_buff *skb;
0893
0894 BT_DBG("dlc %p dlci %d", d, d->dlci);
0895
0896 skb = alloc_skb(sizeof(*cmd), GFP_KERNEL);
0897 if (!skb)
0898 return -ENOMEM;
0899
0900 cmd = __skb_put(skb, sizeof(*cmd));
0901 cmd->addr = d->addr;
0902 cmd->ctrl = __ctrl(RFCOMM_DISC, 1);
0903 cmd->len = __len8(0);
0904 cmd->fcs = __fcs2((u8 *) cmd);
0905
0906 skb_queue_tail(&d->tx_queue, skb);
0907 rfcomm_schedule();
0908 return 0;
0909 }
0910
0911 static int rfcomm_send_dm(struct rfcomm_session *s, u8 dlci)
0912 {
0913 struct rfcomm_cmd cmd;
0914
0915 BT_DBG("%p dlci %d", s, dlci);
0916
0917 cmd.addr = __addr(!s->initiator, dlci);
0918 cmd.ctrl = __ctrl(RFCOMM_DM, 1);
0919 cmd.len = __len8(0);
0920 cmd.fcs = __fcs2((u8 *) &cmd);
0921
0922 return rfcomm_send_cmd(s, &cmd);
0923 }
0924
0925 static int rfcomm_send_nsc(struct rfcomm_session *s, int cr, u8 type)
0926 {
0927 struct rfcomm_hdr *hdr;
0928 struct rfcomm_mcc *mcc;
0929 u8 buf[16], *ptr = buf;
0930
0931 BT_DBG("%p cr %d type %d", s, cr, type);
0932
0933 hdr = (void *) ptr; ptr += sizeof(*hdr);
0934 hdr->addr = __addr(s->initiator, 0);
0935 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
0936 hdr->len = __len8(sizeof(*mcc) + 1);
0937
0938 mcc = (void *) ptr; ptr += sizeof(*mcc);
0939 mcc->type = __mcc_type(0, RFCOMM_NSC);
0940 mcc->len = __len8(1);
0941
0942
0943 *ptr = __mcc_type(cr, type); ptr++;
0944
0945 *ptr = __fcs(buf); ptr++;
0946
0947 return rfcomm_send_frame(s, buf, ptr - buf);
0948 }
0949
0950 static int rfcomm_send_pn(struct rfcomm_session *s, int cr, struct rfcomm_dlc *d)
0951 {
0952 struct rfcomm_hdr *hdr;
0953 struct rfcomm_mcc *mcc;
0954 struct rfcomm_pn *pn;
0955 u8 buf[16], *ptr = buf;
0956
0957 BT_DBG("%p cr %d dlci %d mtu %d", s, cr, d->dlci, d->mtu);
0958
0959 hdr = (void *) ptr; ptr += sizeof(*hdr);
0960 hdr->addr = __addr(s->initiator, 0);
0961 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
0962 hdr->len = __len8(sizeof(*mcc) + sizeof(*pn));
0963
0964 mcc = (void *) ptr; ptr += sizeof(*mcc);
0965 mcc->type = __mcc_type(cr, RFCOMM_PN);
0966 mcc->len = __len8(sizeof(*pn));
0967
0968 pn = (void *) ptr; ptr += sizeof(*pn);
0969 pn->dlci = d->dlci;
0970 pn->priority = d->priority;
0971 pn->ack_timer = 0;
0972 pn->max_retrans = 0;
0973
0974 if (s->cfc) {
0975 pn->flow_ctrl = cr ? 0xf0 : 0xe0;
0976 pn->credits = RFCOMM_DEFAULT_CREDITS;
0977 } else {
0978 pn->flow_ctrl = 0;
0979 pn->credits = 0;
0980 }
0981
0982 if (cr && channel_mtu >= 0)
0983 pn->mtu = cpu_to_le16(channel_mtu);
0984 else
0985 pn->mtu = cpu_to_le16(d->mtu);
0986
0987 *ptr = __fcs(buf); ptr++;
0988
0989 return rfcomm_send_frame(s, buf, ptr - buf);
0990 }
0991
0992 int rfcomm_send_rpn(struct rfcomm_session *s, int cr, u8 dlci,
0993 u8 bit_rate, u8 data_bits, u8 stop_bits,
0994 u8 parity, u8 flow_ctrl_settings,
0995 u8 xon_char, u8 xoff_char, u16 param_mask)
0996 {
0997 struct rfcomm_hdr *hdr;
0998 struct rfcomm_mcc *mcc;
0999 struct rfcomm_rpn *rpn;
1000 u8 buf[16], *ptr = buf;
1001
1002 BT_DBG("%p cr %d dlci %d bit_r 0x%x data_b 0x%x stop_b 0x%x parity 0x%x"
1003 " flwc_s 0x%x xon_c 0x%x xoff_c 0x%x p_mask 0x%x",
1004 s, cr, dlci, bit_rate, data_bits, stop_bits, parity,
1005 flow_ctrl_settings, xon_char, xoff_char, param_mask);
1006
1007 hdr = (void *) ptr; ptr += sizeof(*hdr);
1008 hdr->addr = __addr(s->initiator, 0);
1009 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1010 hdr->len = __len8(sizeof(*mcc) + sizeof(*rpn));
1011
1012 mcc = (void *) ptr; ptr += sizeof(*mcc);
1013 mcc->type = __mcc_type(cr, RFCOMM_RPN);
1014 mcc->len = __len8(sizeof(*rpn));
1015
1016 rpn = (void *) ptr; ptr += sizeof(*rpn);
1017 rpn->dlci = __addr(1, dlci);
1018 rpn->bit_rate = bit_rate;
1019 rpn->line_settings = __rpn_line_settings(data_bits, stop_bits, parity);
1020 rpn->flow_ctrl = flow_ctrl_settings;
1021 rpn->xon_char = xon_char;
1022 rpn->xoff_char = xoff_char;
1023 rpn->param_mask = cpu_to_le16(param_mask);
1024
1025 *ptr = __fcs(buf); ptr++;
1026
1027 return rfcomm_send_frame(s, buf, ptr - buf);
1028 }
1029
1030 static int rfcomm_send_rls(struct rfcomm_session *s, int cr, u8 dlci, u8 status)
1031 {
1032 struct rfcomm_hdr *hdr;
1033 struct rfcomm_mcc *mcc;
1034 struct rfcomm_rls *rls;
1035 u8 buf[16], *ptr = buf;
1036
1037 BT_DBG("%p cr %d status 0x%x", s, cr, status);
1038
1039 hdr = (void *) ptr; ptr += sizeof(*hdr);
1040 hdr->addr = __addr(s->initiator, 0);
1041 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1042 hdr->len = __len8(sizeof(*mcc) + sizeof(*rls));
1043
1044 mcc = (void *) ptr; ptr += sizeof(*mcc);
1045 mcc->type = __mcc_type(cr, RFCOMM_RLS);
1046 mcc->len = __len8(sizeof(*rls));
1047
1048 rls = (void *) ptr; ptr += sizeof(*rls);
1049 rls->dlci = __addr(1, dlci);
1050 rls->status = status;
1051
1052 *ptr = __fcs(buf); ptr++;
1053
1054 return rfcomm_send_frame(s, buf, ptr - buf);
1055 }
1056
1057 static int rfcomm_send_msc(struct rfcomm_session *s, int cr, u8 dlci, u8 v24_sig)
1058 {
1059 struct rfcomm_hdr *hdr;
1060 struct rfcomm_mcc *mcc;
1061 struct rfcomm_msc *msc;
1062 u8 buf[16], *ptr = buf;
1063
1064 BT_DBG("%p cr %d v24 0x%x", s, cr, v24_sig);
1065
1066 hdr = (void *) ptr; ptr += sizeof(*hdr);
1067 hdr->addr = __addr(s->initiator, 0);
1068 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1069 hdr->len = __len8(sizeof(*mcc) + sizeof(*msc));
1070
1071 mcc = (void *) ptr; ptr += sizeof(*mcc);
1072 mcc->type = __mcc_type(cr, RFCOMM_MSC);
1073 mcc->len = __len8(sizeof(*msc));
1074
1075 msc = (void *) ptr; ptr += sizeof(*msc);
1076 msc->dlci = __addr(1, dlci);
1077 msc->v24_sig = v24_sig | 0x01;
1078
1079 *ptr = __fcs(buf); ptr++;
1080
1081 return rfcomm_send_frame(s, buf, ptr - buf);
1082 }
1083
1084 static int rfcomm_send_fcoff(struct rfcomm_session *s, int cr)
1085 {
1086 struct rfcomm_hdr *hdr;
1087 struct rfcomm_mcc *mcc;
1088 u8 buf[16], *ptr = buf;
1089
1090 BT_DBG("%p cr %d", s, cr);
1091
1092 hdr = (void *) ptr; ptr += sizeof(*hdr);
1093 hdr->addr = __addr(s->initiator, 0);
1094 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1095 hdr->len = __len8(sizeof(*mcc));
1096
1097 mcc = (void *) ptr; ptr += sizeof(*mcc);
1098 mcc->type = __mcc_type(cr, RFCOMM_FCOFF);
1099 mcc->len = __len8(0);
1100
1101 *ptr = __fcs(buf); ptr++;
1102
1103 return rfcomm_send_frame(s, buf, ptr - buf);
1104 }
1105
1106 static int rfcomm_send_fcon(struct rfcomm_session *s, int cr)
1107 {
1108 struct rfcomm_hdr *hdr;
1109 struct rfcomm_mcc *mcc;
1110 u8 buf[16], *ptr = buf;
1111
1112 BT_DBG("%p cr %d", s, cr);
1113
1114 hdr = (void *) ptr; ptr += sizeof(*hdr);
1115 hdr->addr = __addr(s->initiator, 0);
1116 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1117 hdr->len = __len8(sizeof(*mcc));
1118
1119 mcc = (void *) ptr; ptr += sizeof(*mcc);
1120 mcc->type = __mcc_type(cr, RFCOMM_FCON);
1121 mcc->len = __len8(0);
1122
1123 *ptr = __fcs(buf); ptr++;
1124
1125 return rfcomm_send_frame(s, buf, ptr - buf);
1126 }
1127
1128 static int rfcomm_send_test(struct rfcomm_session *s, int cr, u8 *pattern, int len)
1129 {
1130 struct socket *sock = s->sock;
1131 struct kvec iv[3];
1132 struct msghdr msg;
1133 unsigned char hdr[5], crc[1];
1134
1135 if (len > 125)
1136 return -EINVAL;
1137
1138 BT_DBG("%p cr %d", s, cr);
1139
1140 hdr[0] = __addr(s->initiator, 0);
1141 hdr[1] = __ctrl(RFCOMM_UIH, 0);
1142 hdr[2] = 0x01 | ((len + 2) << 1);
1143 hdr[3] = 0x01 | ((cr & 0x01) << 1) | (RFCOMM_TEST << 2);
1144 hdr[4] = 0x01 | (len << 1);
1145
1146 crc[0] = __fcs(hdr);
1147
1148 iv[0].iov_base = hdr;
1149 iv[0].iov_len = 5;
1150 iv[1].iov_base = pattern;
1151 iv[1].iov_len = len;
1152 iv[2].iov_base = crc;
1153 iv[2].iov_len = 1;
1154
1155 memset(&msg, 0, sizeof(msg));
1156
1157 return kernel_sendmsg(sock, &msg, iv, 3, 6 + len);
1158 }
1159
1160 static int rfcomm_send_credits(struct rfcomm_session *s, u8 addr, u8 credits)
1161 {
1162 struct rfcomm_hdr *hdr;
1163 u8 buf[16], *ptr = buf;
1164
1165 BT_DBG("%p addr %d credits %d", s, addr, credits);
1166
1167 hdr = (void *) ptr; ptr += sizeof(*hdr);
1168 hdr->addr = addr;
1169 hdr->ctrl = __ctrl(RFCOMM_UIH, 1);
1170 hdr->len = __len8(0);
1171
1172 *ptr = credits; ptr++;
1173
1174 *ptr = __fcs(buf); ptr++;
1175
1176 return rfcomm_send_frame(s, buf, ptr - buf);
1177 }
1178
1179 static void rfcomm_make_uih(struct sk_buff *skb, u8 addr)
1180 {
1181 struct rfcomm_hdr *hdr;
1182 int len = skb->len;
1183 u8 *crc;
1184
1185 if (len > 127) {
1186 hdr = skb_push(skb, 4);
1187 put_unaligned(cpu_to_le16(__len16(len)), (__le16 *) &hdr->len);
1188 } else {
1189 hdr = skb_push(skb, 3);
1190 hdr->len = __len8(len);
1191 }
1192 hdr->addr = addr;
1193 hdr->ctrl = __ctrl(RFCOMM_UIH, 0);
1194
1195 crc = skb_put(skb, 1);
1196 *crc = __fcs((void *) hdr);
1197 }
1198
1199
1200 static struct rfcomm_session *rfcomm_recv_ua(struct rfcomm_session *s, u8 dlci)
1201 {
1202 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1203
1204 if (dlci) {
1205
1206 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1207 if (!d) {
1208 rfcomm_send_dm(s, dlci);
1209 return s;
1210 }
1211
1212 switch (d->state) {
1213 case BT_CONNECT:
1214 rfcomm_dlc_clear_timer(d);
1215
1216 rfcomm_dlc_lock(d);
1217 d->state = BT_CONNECTED;
1218 d->state_change(d, 0);
1219 rfcomm_dlc_unlock(d);
1220
1221 rfcomm_send_msc(s, 1, dlci, d->v24_sig);
1222 break;
1223
1224 case BT_DISCONN:
1225 d->state = BT_CLOSED;
1226 __rfcomm_dlc_close(d, 0);
1227
1228 if (list_empty(&s->dlcs)) {
1229 s->state = BT_DISCONN;
1230 rfcomm_send_disc(s, 0);
1231 rfcomm_session_clear_timer(s);
1232 }
1233
1234 break;
1235 }
1236 } else {
1237
1238 switch (s->state) {
1239 case BT_CONNECT:
1240 s->state = BT_CONNECTED;
1241 rfcomm_process_connect(s);
1242 break;
1243
1244 case BT_DISCONN:
1245 s = rfcomm_session_close(s, ECONNRESET);
1246 break;
1247 }
1248 }
1249 return s;
1250 }
1251
1252 static struct rfcomm_session *rfcomm_recv_dm(struct rfcomm_session *s, u8 dlci)
1253 {
1254 int err = 0;
1255
1256 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1257
1258 if (dlci) {
1259
1260 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1261 if (d) {
1262 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1263 err = ECONNREFUSED;
1264 else
1265 err = ECONNRESET;
1266
1267 d->state = BT_CLOSED;
1268 __rfcomm_dlc_close(d, err);
1269 }
1270 } else {
1271 if (s->state == BT_CONNECT)
1272 err = ECONNREFUSED;
1273 else
1274 err = ECONNRESET;
1275
1276 s = rfcomm_session_close(s, err);
1277 }
1278 return s;
1279 }
1280
1281 static struct rfcomm_session *rfcomm_recv_disc(struct rfcomm_session *s,
1282 u8 dlci)
1283 {
1284 int err = 0;
1285
1286 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1287
1288 if (dlci) {
1289 struct rfcomm_dlc *d = rfcomm_dlc_get(s, dlci);
1290 if (d) {
1291 rfcomm_send_ua(s, dlci);
1292
1293 if (d->state == BT_CONNECT || d->state == BT_CONFIG)
1294 err = ECONNREFUSED;
1295 else
1296 err = ECONNRESET;
1297
1298 d->state = BT_CLOSED;
1299 __rfcomm_dlc_close(d, err);
1300 } else
1301 rfcomm_send_dm(s, dlci);
1302
1303 } else {
1304 rfcomm_send_ua(s, 0);
1305
1306 if (s->state == BT_CONNECT)
1307 err = ECONNREFUSED;
1308 else
1309 err = ECONNRESET;
1310
1311 s = rfcomm_session_close(s, err);
1312 }
1313 return s;
1314 }
1315
1316 void rfcomm_dlc_accept(struct rfcomm_dlc *d)
1317 {
1318 struct sock *sk = d->session->sock->sk;
1319 struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;
1320
1321 BT_DBG("dlc %p", d);
1322
1323 rfcomm_send_ua(d->session, d->dlci);
1324
1325 rfcomm_dlc_clear_timer(d);
1326
1327 rfcomm_dlc_lock(d);
1328 d->state = BT_CONNECTED;
1329 d->state_change(d, 0);
1330 rfcomm_dlc_unlock(d);
1331
1332 if (d->role_switch)
1333 hci_conn_switch_role(conn->hcon, 0x00);
1334
1335 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1336 }
1337
1338 static void rfcomm_check_accept(struct rfcomm_dlc *d)
1339 {
1340 if (rfcomm_check_security(d)) {
1341 if (d->defer_setup) {
1342 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1343 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1344
1345 rfcomm_dlc_lock(d);
1346 d->state = BT_CONNECT2;
1347 d->state_change(d, 0);
1348 rfcomm_dlc_unlock(d);
1349 } else
1350 rfcomm_dlc_accept(d);
1351 } else {
1352 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1353 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1354 }
1355 }
1356
1357 static int rfcomm_recv_sabm(struct rfcomm_session *s, u8 dlci)
1358 {
1359 struct rfcomm_dlc *d;
1360 u8 channel;
1361
1362 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1363
1364 if (!dlci) {
1365 rfcomm_send_ua(s, 0);
1366
1367 if (s->state == BT_OPEN) {
1368 s->state = BT_CONNECTED;
1369 rfcomm_process_connect(s);
1370 }
1371 return 0;
1372 }
1373
1374
1375 d = rfcomm_dlc_get(s, dlci);
1376 if (d) {
1377 if (d->state == BT_OPEN) {
1378
1379 rfcomm_check_accept(d);
1380 }
1381 return 0;
1382 }
1383
1384
1385 channel = __srv_channel(dlci);
1386 if (rfcomm_connect_ind(s, channel, &d)) {
1387 d->dlci = dlci;
1388 d->addr = __addr(s->initiator, dlci);
1389 rfcomm_dlc_link(s, d);
1390
1391 rfcomm_check_accept(d);
1392 } else {
1393 rfcomm_send_dm(s, dlci);
1394 }
1395
1396 return 0;
1397 }
1398
1399 static int rfcomm_apply_pn(struct rfcomm_dlc *d, int cr, struct rfcomm_pn *pn)
1400 {
1401 struct rfcomm_session *s = d->session;
1402
1403 BT_DBG("dlc %p state %ld dlci %d mtu %d fc 0x%x credits %d",
1404 d, d->state, d->dlci, pn->mtu, pn->flow_ctrl, pn->credits);
1405
1406 if ((pn->flow_ctrl == 0xf0 && s->cfc != RFCOMM_CFC_DISABLED) ||
1407 pn->flow_ctrl == 0xe0) {
1408 d->cfc = RFCOMM_CFC_ENABLED;
1409 d->tx_credits = pn->credits;
1410 } else {
1411 d->cfc = RFCOMM_CFC_DISABLED;
1412 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1413 }
1414
1415 if (s->cfc == RFCOMM_CFC_UNKNOWN)
1416 s->cfc = d->cfc;
1417
1418 d->priority = pn->priority;
1419
1420 d->mtu = __le16_to_cpu(pn->mtu);
1421
1422 if (cr && d->mtu > s->mtu)
1423 d->mtu = s->mtu;
1424
1425 return 0;
1426 }
1427
1428 static int rfcomm_recv_pn(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1429 {
1430 struct rfcomm_pn *pn = (void *) skb->data;
1431 struct rfcomm_dlc *d;
1432 u8 dlci = pn->dlci;
1433
1434 BT_DBG("session %p state %ld dlci %d", s, s->state, dlci);
1435
1436 if (!dlci)
1437 return 0;
1438
1439 d = rfcomm_dlc_get(s, dlci);
1440 if (d) {
1441 if (cr) {
1442
1443 rfcomm_apply_pn(d, cr, pn);
1444 rfcomm_send_pn(s, 0, d);
1445 } else {
1446
1447 switch (d->state) {
1448 case BT_CONFIG:
1449 rfcomm_apply_pn(d, cr, pn);
1450
1451 d->state = BT_CONNECT;
1452 rfcomm_send_sabm(s, d->dlci);
1453 break;
1454 }
1455 }
1456 } else {
1457 u8 channel = __srv_channel(dlci);
1458
1459 if (!cr)
1460 return 0;
1461
1462
1463
1464 if (rfcomm_connect_ind(s, channel, &d)) {
1465 d->dlci = dlci;
1466 d->addr = __addr(s->initiator, dlci);
1467 rfcomm_dlc_link(s, d);
1468
1469 rfcomm_apply_pn(d, cr, pn);
1470
1471 d->state = BT_OPEN;
1472 rfcomm_send_pn(s, 0, d);
1473 } else {
1474 rfcomm_send_dm(s, dlci);
1475 }
1476 }
1477 return 0;
1478 }
1479
1480 static int rfcomm_recv_rpn(struct rfcomm_session *s, int cr, int len, struct sk_buff *skb)
1481 {
1482 struct rfcomm_rpn *rpn = (void *) skb->data;
1483 u8 dlci = __get_dlci(rpn->dlci);
1484
1485 u8 bit_rate = 0;
1486 u8 data_bits = 0;
1487 u8 stop_bits = 0;
1488 u8 parity = 0;
1489 u8 flow_ctrl = 0;
1490 u8 xon_char = 0;
1491 u8 xoff_char = 0;
1492 u16 rpn_mask = RFCOMM_RPN_PM_ALL;
1493
1494 BT_DBG("dlci %d cr %d len 0x%x bitr 0x%x line 0x%x flow 0x%x xonc 0x%x xoffc 0x%x pm 0x%x",
1495 dlci, cr, len, rpn->bit_rate, rpn->line_settings, rpn->flow_ctrl,
1496 rpn->xon_char, rpn->xoff_char, rpn->param_mask);
1497
1498 if (!cr)
1499 return 0;
1500
1501 if (len == 1) {
1502
1503 bit_rate = RFCOMM_RPN_BR_9600;
1504 data_bits = RFCOMM_RPN_DATA_8;
1505 stop_bits = RFCOMM_RPN_STOP_1;
1506 parity = RFCOMM_RPN_PARITY_NONE;
1507 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1508 xon_char = RFCOMM_RPN_XON_CHAR;
1509 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1510 goto rpn_out;
1511 }
1512
1513
1514
1515
1516 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_BITRATE)) {
1517 bit_rate = rpn->bit_rate;
1518 if (bit_rate > RFCOMM_RPN_BR_230400) {
1519 BT_DBG("RPN bit rate mismatch 0x%x", bit_rate);
1520 bit_rate = RFCOMM_RPN_BR_9600;
1521 rpn_mask ^= RFCOMM_RPN_PM_BITRATE;
1522 }
1523 }
1524
1525 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_DATA)) {
1526 data_bits = __get_rpn_data_bits(rpn->line_settings);
1527 if (data_bits != RFCOMM_RPN_DATA_8) {
1528 BT_DBG("RPN data bits mismatch 0x%x", data_bits);
1529 data_bits = RFCOMM_RPN_DATA_8;
1530 rpn_mask ^= RFCOMM_RPN_PM_DATA;
1531 }
1532 }
1533
1534 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_STOP)) {
1535 stop_bits = __get_rpn_stop_bits(rpn->line_settings);
1536 if (stop_bits != RFCOMM_RPN_STOP_1) {
1537 BT_DBG("RPN stop bits mismatch 0x%x", stop_bits);
1538 stop_bits = RFCOMM_RPN_STOP_1;
1539 rpn_mask ^= RFCOMM_RPN_PM_STOP;
1540 }
1541 }
1542
1543 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_PARITY)) {
1544 parity = __get_rpn_parity(rpn->line_settings);
1545 if (parity != RFCOMM_RPN_PARITY_NONE) {
1546 BT_DBG("RPN parity mismatch 0x%x", parity);
1547 parity = RFCOMM_RPN_PARITY_NONE;
1548 rpn_mask ^= RFCOMM_RPN_PM_PARITY;
1549 }
1550 }
1551
1552 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_FLOW)) {
1553 flow_ctrl = rpn->flow_ctrl;
1554 if (flow_ctrl != RFCOMM_RPN_FLOW_NONE) {
1555 BT_DBG("RPN flow ctrl mismatch 0x%x", flow_ctrl);
1556 flow_ctrl = RFCOMM_RPN_FLOW_NONE;
1557 rpn_mask ^= RFCOMM_RPN_PM_FLOW;
1558 }
1559 }
1560
1561 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XON)) {
1562 xon_char = rpn->xon_char;
1563 if (xon_char != RFCOMM_RPN_XON_CHAR) {
1564 BT_DBG("RPN XON char mismatch 0x%x", xon_char);
1565 xon_char = RFCOMM_RPN_XON_CHAR;
1566 rpn_mask ^= RFCOMM_RPN_PM_XON;
1567 }
1568 }
1569
1570 if (rpn->param_mask & cpu_to_le16(RFCOMM_RPN_PM_XOFF)) {
1571 xoff_char = rpn->xoff_char;
1572 if (xoff_char != RFCOMM_RPN_XOFF_CHAR) {
1573 BT_DBG("RPN XOFF char mismatch 0x%x", xoff_char);
1574 xoff_char = RFCOMM_RPN_XOFF_CHAR;
1575 rpn_mask ^= RFCOMM_RPN_PM_XOFF;
1576 }
1577 }
1578
1579 rpn_out:
1580 rfcomm_send_rpn(s, 0, dlci, bit_rate, data_bits, stop_bits,
1581 parity, flow_ctrl, xon_char, xoff_char, rpn_mask);
1582
1583 return 0;
1584 }
1585
1586 static int rfcomm_recv_rls(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1587 {
1588 struct rfcomm_rls *rls = (void *) skb->data;
1589 u8 dlci = __get_dlci(rls->dlci);
1590
1591 BT_DBG("dlci %d cr %d status 0x%x", dlci, cr, rls->status);
1592
1593 if (!cr)
1594 return 0;
1595
1596
1597
1598
1599
1600 rfcomm_send_rls(s, 0, dlci, rls->status);
1601
1602 return 0;
1603 }
1604
1605 static int rfcomm_recv_msc(struct rfcomm_session *s, int cr, struct sk_buff *skb)
1606 {
1607 struct rfcomm_msc *msc = (void *) skb->data;
1608 struct rfcomm_dlc *d;
1609 u8 dlci = __get_dlci(msc->dlci);
1610
1611 BT_DBG("dlci %d cr %d v24 0x%x", dlci, cr, msc->v24_sig);
1612
1613 d = rfcomm_dlc_get(s, dlci);
1614 if (!d)
1615 return 0;
1616
1617 if (cr) {
1618 if (msc->v24_sig & RFCOMM_V24_FC && !d->cfc)
1619 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1620 else
1621 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1622
1623 rfcomm_dlc_lock(d);
1624
1625 d->remote_v24_sig = msc->v24_sig;
1626
1627 if (d->modem_status)
1628 d->modem_status(d, msc->v24_sig);
1629
1630 rfcomm_dlc_unlock(d);
1631
1632 rfcomm_send_msc(s, 0, dlci, msc->v24_sig);
1633
1634 d->mscex |= RFCOMM_MSCEX_RX;
1635 } else
1636 d->mscex |= RFCOMM_MSCEX_TX;
1637
1638 return 0;
1639 }
1640
1641 static int rfcomm_recv_mcc(struct rfcomm_session *s, struct sk_buff *skb)
1642 {
1643 struct rfcomm_mcc *mcc = (void *) skb->data;
1644 u8 type, cr, len;
1645
1646 cr = __test_cr(mcc->type);
1647 type = __get_mcc_type(mcc->type);
1648 len = __get_mcc_len(mcc->len);
1649
1650 BT_DBG("%p type 0x%x cr %d", s, type, cr);
1651
1652 skb_pull(skb, 2);
1653
1654 switch (type) {
1655 case RFCOMM_PN:
1656 rfcomm_recv_pn(s, cr, skb);
1657 break;
1658
1659 case RFCOMM_RPN:
1660 rfcomm_recv_rpn(s, cr, len, skb);
1661 break;
1662
1663 case RFCOMM_RLS:
1664 rfcomm_recv_rls(s, cr, skb);
1665 break;
1666
1667 case RFCOMM_MSC:
1668 rfcomm_recv_msc(s, cr, skb);
1669 break;
1670
1671 case RFCOMM_FCOFF:
1672 if (cr) {
1673 set_bit(RFCOMM_TX_THROTTLED, &s->flags);
1674 rfcomm_send_fcoff(s, 0);
1675 }
1676 break;
1677
1678 case RFCOMM_FCON:
1679 if (cr) {
1680 clear_bit(RFCOMM_TX_THROTTLED, &s->flags);
1681 rfcomm_send_fcon(s, 0);
1682 }
1683 break;
1684
1685 case RFCOMM_TEST:
1686 if (cr)
1687 rfcomm_send_test(s, 0, skb->data, skb->len);
1688 break;
1689
1690 case RFCOMM_NSC:
1691 break;
1692
1693 default:
1694 BT_ERR("Unknown control type 0x%02x", type);
1695 rfcomm_send_nsc(s, cr, type);
1696 break;
1697 }
1698 return 0;
1699 }
1700
1701 static int rfcomm_recv_data(struct rfcomm_session *s, u8 dlci, int pf, struct sk_buff *skb)
1702 {
1703 struct rfcomm_dlc *d;
1704
1705 BT_DBG("session %p state %ld dlci %d pf %d", s, s->state, dlci, pf);
1706
1707 d = rfcomm_dlc_get(s, dlci);
1708 if (!d) {
1709 rfcomm_send_dm(s, dlci);
1710 goto drop;
1711 }
1712
1713 if (pf && d->cfc) {
1714 u8 credits = *(u8 *) skb->data; skb_pull(skb, 1);
1715
1716 d->tx_credits += credits;
1717 if (d->tx_credits)
1718 clear_bit(RFCOMM_TX_THROTTLED, &d->flags);
1719 }
1720
1721 if (skb->len && d->state == BT_CONNECTED) {
1722 rfcomm_dlc_lock(d);
1723 d->rx_credits--;
1724 d->data_ready(d, skb);
1725 rfcomm_dlc_unlock(d);
1726 return 0;
1727 }
1728
1729 drop:
1730 kfree_skb(skb);
1731 return 0;
1732 }
1733
1734 static struct rfcomm_session *rfcomm_recv_frame(struct rfcomm_session *s,
1735 struct sk_buff *skb)
1736 {
1737 struct rfcomm_hdr *hdr = (void *) skb->data;
1738 u8 type, dlci, fcs;
1739
1740 if (!s) {
1741
1742 kfree_skb(skb);
1743 return s;
1744 }
1745
1746 dlci = __get_dlci(hdr->addr);
1747 type = __get_type(hdr->ctrl);
1748
1749
1750 skb->len--; skb->tail--;
1751 fcs = *(u8 *)skb_tail_pointer(skb);
1752
1753 if (__check_fcs(skb->data, type, fcs)) {
1754 BT_ERR("bad checksum in packet");
1755 kfree_skb(skb);
1756 return s;
1757 }
1758
1759 if (__test_ea(hdr->len))
1760 skb_pull(skb, 3);
1761 else
1762 skb_pull(skb, 4);
1763
1764 switch (type) {
1765 case RFCOMM_SABM:
1766 if (__test_pf(hdr->ctrl))
1767 rfcomm_recv_sabm(s, dlci);
1768 break;
1769
1770 case RFCOMM_DISC:
1771 if (__test_pf(hdr->ctrl))
1772 s = rfcomm_recv_disc(s, dlci);
1773 break;
1774
1775 case RFCOMM_UA:
1776 if (__test_pf(hdr->ctrl))
1777 s = rfcomm_recv_ua(s, dlci);
1778 break;
1779
1780 case RFCOMM_DM:
1781 s = rfcomm_recv_dm(s, dlci);
1782 break;
1783
1784 case RFCOMM_UIH:
1785 if (dlci) {
1786 rfcomm_recv_data(s, dlci, __test_pf(hdr->ctrl), skb);
1787 return s;
1788 }
1789 rfcomm_recv_mcc(s, skb);
1790 break;
1791
1792 default:
1793 BT_ERR("Unknown packet type 0x%02x", type);
1794 break;
1795 }
1796 kfree_skb(skb);
1797 return s;
1798 }
1799
1800
1801
1802 static void rfcomm_process_connect(struct rfcomm_session *s)
1803 {
1804 struct rfcomm_dlc *d, *n;
1805
1806 BT_DBG("session %p state %ld", s, s->state);
1807
1808 list_for_each_entry_safe(d, n, &s->dlcs, list) {
1809 if (d->state == BT_CONFIG) {
1810 d->mtu = s->mtu;
1811 if (rfcomm_check_security(d)) {
1812 rfcomm_send_pn(s, 1, d);
1813 } else {
1814 set_bit(RFCOMM_AUTH_PENDING, &d->flags);
1815 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1816 }
1817 }
1818 }
1819 }
1820
1821
1822
1823
1824 static int rfcomm_process_tx(struct rfcomm_dlc *d)
1825 {
1826 struct sk_buff *skb;
1827 int err;
1828
1829 BT_DBG("dlc %p state %ld cfc %d rx_credits %d tx_credits %d",
1830 d, d->state, d->cfc, d->rx_credits, d->tx_credits);
1831
1832
1833 if (test_and_clear_bit(RFCOMM_MSC_PENDING, &d->flags))
1834 rfcomm_send_msc(d->session, 1, d->dlci, d->v24_sig);
1835
1836 if (d->cfc) {
1837
1838
1839 if (!test_bit(RFCOMM_RX_THROTTLED, &d->flags) &&
1840 d->rx_credits <= (d->cfc >> 2)) {
1841 rfcomm_send_credits(d->session, d->addr, d->cfc - d->rx_credits);
1842 d->rx_credits = d->cfc;
1843 }
1844 } else {
1845
1846
1847 d->tx_credits = 5;
1848 }
1849
1850 if (test_bit(RFCOMM_TX_THROTTLED, &d->flags))
1851 return skb_queue_len(&d->tx_queue);
1852
1853 while (d->tx_credits && (skb = skb_dequeue(&d->tx_queue))) {
1854 err = rfcomm_send_frame(d->session, skb->data, skb->len);
1855 if (err < 0) {
1856 skb_queue_head(&d->tx_queue, skb);
1857 break;
1858 }
1859 kfree_skb(skb);
1860 d->tx_credits--;
1861 }
1862
1863 if (d->cfc && !d->tx_credits) {
1864
1865
1866 set_bit(RFCOMM_TX_THROTTLED, &d->flags);
1867 }
1868
1869 return skb_queue_len(&d->tx_queue);
1870 }
1871
1872 static void rfcomm_process_dlcs(struct rfcomm_session *s)
1873 {
1874 struct rfcomm_dlc *d, *n;
1875
1876 BT_DBG("session %p state %ld", s, s->state);
1877
1878 list_for_each_entry_safe(d, n, &s->dlcs, list) {
1879 if (test_bit(RFCOMM_TIMED_OUT, &d->flags)) {
1880 __rfcomm_dlc_close(d, ETIMEDOUT);
1881 continue;
1882 }
1883
1884 if (test_bit(RFCOMM_ENC_DROP, &d->flags)) {
1885 __rfcomm_dlc_close(d, ECONNREFUSED);
1886 continue;
1887 }
1888
1889 if (test_and_clear_bit(RFCOMM_AUTH_ACCEPT, &d->flags)) {
1890 rfcomm_dlc_clear_timer(d);
1891 if (d->out) {
1892 rfcomm_send_pn(s, 1, d);
1893 rfcomm_dlc_set_timer(d, RFCOMM_CONN_TIMEOUT);
1894 } else {
1895 if (d->defer_setup) {
1896 set_bit(RFCOMM_DEFER_SETUP, &d->flags);
1897 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
1898
1899 rfcomm_dlc_lock(d);
1900 d->state = BT_CONNECT2;
1901 d->state_change(d, 0);
1902 rfcomm_dlc_unlock(d);
1903 } else
1904 rfcomm_dlc_accept(d);
1905 }
1906 continue;
1907 } else if (test_and_clear_bit(RFCOMM_AUTH_REJECT, &d->flags)) {
1908 rfcomm_dlc_clear_timer(d);
1909 if (!d->out)
1910 rfcomm_send_dm(s, d->dlci);
1911 else
1912 d->state = BT_CLOSED;
1913 __rfcomm_dlc_close(d, ECONNREFUSED);
1914 continue;
1915 }
1916
1917 if (test_bit(RFCOMM_SEC_PENDING, &d->flags))
1918 continue;
1919
1920 if (test_bit(RFCOMM_TX_THROTTLED, &s->flags))
1921 continue;
1922
1923 if ((d->state == BT_CONNECTED || d->state == BT_DISCONN) &&
1924 d->mscex == RFCOMM_MSCEX_OK)
1925 rfcomm_process_tx(d);
1926 }
1927 }
1928
1929 static struct rfcomm_session *rfcomm_process_rx(struct rfcomm_session *s)
1930 {
1931 struct socket *sock = s->sock;
1932 struct sock *sk = sock->sk;
1933 struct sk_buff *skb;
1934
1935 BT_DBG("session %p state %ld qlen %d", s, s->state, skb_queue_len(&sk->sk_receive_queue));
1936
1937
1938 while ((skb = skb_dequeue(&sk->sk_receive_queue))) {
1939 skb_orphan(skb);
1940 if (!skb_linearize(skb)) {
1941 s = rfcomm_recv_frame(s, skb);
1942 if (!s)
1943 break;
1944 } else {
1945 kfree_skb(skb);
1946 }
1947 }
1948
1949 if (s && (sk->sk_state == BT_CLOSED))
1950 s = rfcomm_session_close(s, sk->sk_err);
1951
1952 return s;
1953 }
1954
1955 static void rfcomm_accept_connection(struct rfcomm_session *s)
1956 {
1957 struct socket *sock = s->sock, *nsock;
1958 int err;
1959
1960
1961
1962 if (list_empty(&bt_sk(sock->sk)->accept_q))
1963 return;
1964
1965 BT_DBG("session %p", s);
1966
1967 err = kernel_accept(sock, &nsock, O_NONBLOCK);
1968 if (err < 0)
1969 return;
1970
1971
1972 nsock->sk->sk_data_ready = rfcomm_l2data_ready;
1973 nsock->sk->sk_state_change = rfcomm_l2state_change;
1974
1975 s = rfcomm_session_add(nsock, BT_OPEN);
1976 if (s) {
1977
1978
1979 s->mtu = min(l2cap_pi(nsock->sk)->chan->omtu,
1980 l2cap_pi(nsock->sk)->chan->imtu) - 5;
1981
1982 rfcomm_schedule();
1983 } else
1984 sock_release(nsock);
1985 }
1986
1987 static struct rfcomm_session *rfcomm_check_connection(struct rfcomm_session *s)
1988 {
1989 struct sock *sk = s->sock->sk;
1990
1991 BT_DBG("%p state %ld", s, s->state);
1992
1993 switch (sk->sk_state) {
1994 case BT_CONNECTED:
1995 s->state = BT_CONNECT;
1996
1997
1998
1999 s->mtu = min(l2cap_pi(sk)->chan->omtu, l2cap_pi(sk)->chan->imtu) - 5;
2000
2001 rfcomm_send_sabm(s, 0);
2002 break;
2003
2004 case BT_CLOSED:
2005 s = rfcomm_session_close(s, sk->sk_err);
2006 break;
2007 }
2008 return s;
2009 }
2010
2011 static void rfcomm_process_sessions(void)
2012 {
2013 struct rfcomm_session *s, *n;
2014
2015 rfcomm_lock();
2016
2017 list_for_each_entry_safe(s, n, &session_list, list) {
2018 if (test_and_clear_bit(RFCOMM_TIMED_OUT, &s->flags)) {
2019 s->state = BT_DISCONN;
2020 rfcomm_send_disc(s, 0);
2021 continue;
2022 }
2023
2024 switch (s->state) {
2025 case BT_LISTEN:
2026 rfcomm_accept_connection(s);
2027 continue;
2028
2029 case BT_BOUND:
2030 s = rfcomm_check_connection(s);
2031 break;
2032
2033 default:
2034 s = rfcomm_process_rx(s);
2035 break;
2036 }
2037
2038 if (s)
2039 rfcomm_process_dlcs(s);
2040 }
2041
2042 rfcomm_unlock();
2043 }
2044
2045 static int rfcomm_add_listener(bdaddr_t *ba)
2046 {
2047 struct sockaddr_l2 addr;
2048 struct socket *sock;
2049 struct sock *sk;
2050 struct rfcomm_session *s;
2051 int err = 0;
2052
2053
2054 err = rfcomm_l2sock_create(&sock);
2055 if (err < 0) {
2056 BT_ERR("Create socket failed %d", err);
2057 return err;
2058 }
2059
2060
2061 bacpy(&addr.l2_bdaddr, ba);
2062 addr.l2_family = AF_BLUETOOTH;
2063 addr.l2_psm = cpu_to_le16(L2CAP_PSM_RFCOMM);
2064 addr.l2_cid = 0;
2065 addr.l2_bdaddr_type = BDADDR_BREDR;
2066 err = kernel_bind(sock, (struct sockaddr *) &addr, sizeof(addr));
2067 if (err < 0) {
2068 BT_ERR("Bind failed %d", err);
2069 goto failed;
2070 }
2071
2072
2073 sk = sock->sk;
2074 lock_sock(sk);
2075
2076 l2cap_pi(sk)->chan->imtu = 0;
2077 release_sock(sk);
2078
2079
2080 err = kernel_listen(sock, 10);
2081 if (err) {
2082 BT_ERR("Listen failed %d", err);
2083 goto failed;
2084 }
2085
2086
2087 s = rfcomm_session_add(sock, BT_LISTEN);
2088 if (!s) {
2089 err = -ENOMEM;
2090 goto failed;
2091 }
2092
2093 return 0;
2094 failed:
2095 sock_release(sock);
2096 return err;
2097 }
2098
2099 static void rfcomm_kill_listener(void)
2100 {
2101 struct rfcomm_session *s, *n;
2102
2103 BT_DBG("");
2104
2105 list_for_each_entry_safe(s, n, &session_list, list)
2106 rfcomm_session_del(s);
2107 }
2108
2109 static int rfcomm_run(void *unused)
2110 {
2111 DEFINE_WAIT_FUNC(wait, woken_wake_function);
2112 BT_DBG("");
2113
2114 set_user_nice(current, -10);
2115
2116 rfcomm_add_listener(BDADDR_ANY);
2117
2118 add_wait_queue(&rfcomm_wq, &wait);
2119 while (!kthread_should_stop()) {
2120
2121
2122 rfcomm_process_sessions();
2123
2124 wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
2125 }
2126 remove_wait_queue(&rfcomm_wq, &wait);
2127
2128 rfcomm_kill_listener();
2129
2130 return 0;
2131 }
2132
2133 static void rfcomm_security_cfm(struct hci_conn *conn, u8 status, u8 encrypt)
2134 {
2135 struct rfcomm_session *s;
2136 struct rfcomm_dlc *d, *n;
2137
2138 BT_DBG("conn %p status 0x%02x encrypt 0x%02x", conn, status, encrypt);
2139
2140 s = rfcomm_session_get(&conn->hdev->bdaddr, &conn->dst);
2141 if (!s)
2142 return;
2143
2144 list_for_each_entry_safe(d, n, &s->dlcs, list) {
2145 if (test_and_clear_bit(RFCOMM_SEC_PENDING, &d->flags)) {
2146 rfcomm_dlc_clear_timer(d);
2147 if (status || encrypt == 0x00) {
2148 set_bit(RFCOMM_ENC_DROP, &d->flags);
2149 continue;
2150 }
2151 }
2152
2153 if (d->state == BT_CONNECTED && !status && encrypt == 0x00) {
2154 if (d->sec_level == BT_SECURITY_MEDIUM) {
2155 set_bit(RFCOMM_SEC_PENDING, &d->flags);
2156 rfcomm_dlc_set_timer(d, RFCOMM_AUTH_TIMEOUT);
2157 continue;
2158 } else if (d->sec_level == BT_SECURITY_HIGH ||
2159 d->sec_level == BT_SECURITY_FIPS) {
2160 set_bit(RFCOMM_ENC_DROP, &d->flags);
2161 continue;
2162 }
2163 }
2164
2165 if (!test_and_clear_bit(RFCOMM_AUTH_PENDING, &d->flags))
2166 continue;
2167
2168 if (!status && hci_conn_check_secure(conn, d->sec_level))
2169 set_bit(RFCOMM_AUTH_ACCEPT, &d->flags);
2170 else
2171 set_bit(RFCOMM_AUTH_REJECT, &d->flags);
2172 }
2173
2174 rfcomm_schedule();
2175 }
2176
2177 static struct hci_cb rfcomm_cb = {
2178 .name = "RFCOMM",
2179 .security_cfm = rfcomm_security_cfm
2180 };
2181
2182 static int rfcomm_dlc_debugfs_show(struct seq_file *f, void *x)
2183 {
2184 struct rfcomm_session *s;
2185
2186 rfcomm_lock();
2187
2188 list_for_each_entry(s, &session_list, list) {
2189 struct l2cap_chan *chan = l2cap_pi(s->sock->sk)->chan;
2190 struct rfcomm_dlc *d;
2191 list_for_each_entry(d, &s->dlcs, list) {
2192 seq_printf(f, "%pMR %pMR %ld %d %d %d %d\n",
2193 &chan->src, &chan->dst,
2194 d->state, d->dlci, d->mtu,
2195 d->rx_credits, d->tx_credits);
2196 }
2197 }
2198
2199 rfcomm_unlock();
2200
2201 return 0;
2202 }
2203
2204 DEFINE_SHOW_ATTRIBUTE(rfcomm_dlc_debugfs);
2205
2206 static struct dentry *rfcomm_dlc_debugfs;
2207
2208
2209 static int __init rfcomm_init(void)
2210 {
2211 int err;
2212
2213 hci_register_cb(&rfcomm_cb);
2214
2215 rfcomm_thread = kthread_run(rfcomm_run, NULL, "krfcommd");
2216 if (IS_ERR(rfcomm_thread)) {
2217 err = PTR_ERR(rfcomm_thread);
2218 goto unregister;
2219 }
2220
2221 err = rfcomm_init_ttys();
2222 if (err < 0)
2223 goto stop;
2224
2225 err = rfcomm_init_sockets();
2226 if (err < 0)
2227 goto cleanup;
2228
2229 BT_INFO("RFCOMM ver %s", VERSION);
2230
2231 if (IS_ERR_OR_NULL(bt_debugfs))
2232 return 0;
2233
2234 rfcomm_dlc_debugfs = debugfs_create_file("rfcomm_dlc", 0444,
2235 bt_debugfs, NULL,
2236 &rfcomm_dlc_debugfs_fops);
2237
2238 return 0;
2239
2240 cleanup:
2241 rfcomm_cleanup_ttys();
2242
2243 stop:
2244 kthread_stop(rfcomm_thread);
2245
2246 unregister:
2247 hci_unregister_cb(&rfcomm_cb);
2248
2249 return err;
2250 }
2251
2252 static void __exit rfcomm_exit(void)
2253 {
2254 debugfs_remove(rfcomm_dlc_debugfs);
2255
2256 hci_unregister_cb(&rfcomm_cb);
2257
2258 kthread_stop(rfcomm_thread);
2259
2260 rfcomm_cleanup_ttys();
2261
2262 rfcomm_cleanup_sockets();
2263 }
2264
2265 module_init(rfcomm_init);
2266 module_exit(rfcomm_exit);
2267
2268 module_param(disable_cfc, bool, 0644);
2269 MODULE_PARM_DESC(disable_cfc, "Disable credit based flow control");
2270
2271 module_param(channel_mtu, int, 0644);
2272 MODULE_PARM_DESC(channel_mtu, "Default MTU for the RFCOMM channel");
2273
2274 module_param(l2cap_ertm, bool, 0644);
2275 MODULE_PARM_DESC(l2cap_ertm, "Use L2CAP ERTM mode for connection");
2276
2277 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
2278 MODULE_DESCRIPTION("Bluetooth RFCOMM ver " VERSION);
2279 MODULE_VERSION(VERSION);
2280 MODULE_LICENSE("GPL");
2281 MODULE_ALIAS("bt-proto-3");
